Evan Mattson

This commit performs a **maintenance update** by **bumping the version** of the **Python `semantic_kernel` package** from `1.41.0` to `1.41.1`. This change primarily affects the **Python SDK's metadata** within `python/semantic_kernel/__init__.py`, signaling a new release. The update ensures that users installing the package will receive the latest stable version, reflecting recent improvements or fixes.

This commit implements a **security enhancement** for the **Python Dapr runtime integration** by changing the default behavior of the `allowed_module_prefixes` parameter from `None` to `("semantic_kernel.",)`. This **configuration change** ensures that only step classes within the `semantic_kernel` module prefix are loaded by default, enforcing a **secure-by-default** posture for the experimental Dapr runtime. The core logic for this is updated in `get_step_class_from_qualified_name` within `step_utils.py`, with corresponding parameter updates across `dapr_runtime` classes like `StepActor` and `DaprKernelProcessContext`. Developers using custom step classes outside this prefix will now need to explicitly configure the `allowed_module_prefixes` parameter, impacting how external modules are integrated into **Semantic Kernel** processes. This **refactoring** of default parameters improves the overall security stance of the system.

This commit **refactors** the **automated PR review workflow** defined in `.github/workflows/devflow-pr-review.yml` to **simplify PR parsing**. The workflow now directly accepts a PR number as input, eliminating the previous requirement for a full URL. This **maintenance improvement** streamlines the input handling for the review process, making it more robust and easier to integrate.

This commit introduces a **new automated pull request review workflow** to streamline the project's **development process**. It adds a new **GitHub Actions workflow**, `devflow-pr-review.yml`, which is designed to be triggered by pull request events or can be dispatched manually. This **new capability** enhances the project's CI/CD and code quality efforts by automating aspects of the PR review cycle. The workflow aims to improve efficiency and consistency in code contributions.

This commit implements a **maintenance adjustment** to the project's **CI/CD pipeline** to address **resource capacity constraints**. It **reduces the macOS runner coverage** for **Python unit tests** by **excluding Python versions 3.10 and 3.11** from the test matrix. Specifically, the `.github/workflows/python-unit-tests.yml` workflow is updated to no longer run tests for these Python versions on macOS. This change aims to optimize CI/CD resource usage, leading to potentially faster pipeline execution, but with a temporary reduction in test coverage for the specified Python environments.

This commit **fixes failing Python image integration tests** and a related sample by updating problematic image URLs. Previously, tests and the `simple_chatbot_with_image.py` sample were blocked by bot policies when trying to access Wikimedia images. The change replaces these unreliable links with stable GitHub raw content or asset URLs, ensuring the **reliability of image input functionalities**. This **maintenance** task restores the integrity of the **Python test suite** and makes the image chatbot sample functional again.

This commit performs a **maintenance** update by **bumping the version number** of the **Python `semantic_kernel` package** from `1.40.0` to `1.41.0`. Specifically, the `__init__.py` file within the `python/semantic_kernel` module is updated to reflect this new version. This change prepares the Python library for an upcoming release, indicating new features, bug fixes, or improvements are available in version `1.41.0`. It directly impacts all users and projects that consume the `semantic_kernel` Python package, signaling a new official release.

This commit performs a **maintenance and cleanup task** by **removing an obsolete GitHub Actions workflow** from the repository's automation configuration. It specifically targets the **CI/CD infrastructure**, eliminating a workflow that is no longer in use. This action **reduces repository clutter** and **improves overall project hygiene** without impacting any functional features or the build process.

This commit performs a **maintenance update** by **bumping the version number** of the **Python `semantic_kernel` package**. Specifically, it updates the version string in `python/semantic_kernel/__init__.py` from `1.39.2` to `1.39.3`. This change is in preparation for a new release, ensuring that the package correctly reflects its current version. The update primarily affects package metadata and does not introduce functional changes to the library's core capabilities.

This commit introduces **robust validation and control** for dynamically loading step classes within the **Dapr Runtime** in Python. It ensures that only valid `KernelProcessStep` subclasses can be instantiated, significantly improving **type safety** and providing clearer error messages during misconfiguration. A new utility function, `get_step_class_from_qualified_name`, centralizes this logic and allows users to restrict module loading via an `allowed_module_prefixes` parameter, enhancing **security and reliability**. This change involves **refactoring** existing class loading mechanisms in `step_actor.py` and `dapr_step_info.py`, and updating `dapr_process_info.py` to support the new configuration.

This commit introduces a **new security capability** to the **`SessionsPythonTool`** in the Python SDK by adding **directory allowlisting** for **file upload and download operations**. Developers can now configure `allowed_upload_directories` and `allowed_download_directories` to specify explicit filesystem boundaries, providing **fine-grained control** over where the plugin can access or store files. This **enhancement** prevents unauthorized filesystem access when `SessionsPythonTool` is used with AI models, improving overall system security. The `upload_file` function now requires an allowlist (deny-by-default), while `download_file` supports an optional allowlist (permissive-by-default), with all paths undergoing canonicalization. This change affects the `sessions_python_plugin.py` module and includes updated samples and comprehensive unit tests.

This commit performs a **maintenance** update by **bumping the version number** of the **Python SDK** to `1.39.2`. Specifically, it modifies the `__init__.py` file within the `semantic_kernel` package to reflect this new version. This change is crucial for **release preparation**, ensuring that the installed Python package accurately reports its current version. It provides clarity for users and systems regarding the specific iteration of the SDK being utilized.

This commit **bumps the Python package version** of `semantic_kernel` to `v1.39.1`, preparing the **Python SDK** for a new release. As part of this **maintenance** update, the `__init__.py` file is modified to reflect the new version number. Additionally, a **test infrastructure improvement** is included, marking the `test_summarize_conversation` unit test within the `ConversationSummaryPlugin` as asynchronous using `@pytest.mark.asyncio` to ensure correct execution. This ensures the package is accurately versioned and its asynchronous tests are properly configured for the release.

This commit **updates the version number** for the **Python `semantic_kernel` package** from `1.38.0` to `1.39.0`. This is a **maintenance** task, specifically a **version bump** within the `python/semantic_kernel/__init__.py` file, signifying the preparation for a new official release. This change ensures that users installing the package will now receive the latest `1.39.0` version, reflecting recent developments and improvements within the library.

This commit performs a **version bump** for the **Python `semantic_kernel` package**, updating its internal version string from `1.37.1` to `1.38.0` within the `python/semantic_kernel/__init__.py` file. This **maintenance** change is a preparatory step for an upcoming release, ensuring the package correctly identifies its new version. It primarily affects the **Python SDK**, signaling to users and systems that a new version of the library is available.

This commit performs a **maintenance update** by **bumping the version** of the **Python `semantic_kernel` package**. Specifically, it updates the package version from `1.37.0` to `1.37.1` within the `python/semantic_kernel/__init__.py` file. This change is part of **release preparation**, ensuring the package metadata accurately reflects the current release state. It primarily affects the **versioning and release cycle** of the Python SDK, indicating a minor update or patch.

This commit delivers a **bug fix** for the **Python template engine**, addressing an issue where non-string `KernelArguments` were inadvertently converted to strings when passed to functions within prompt templates. The **`render_code`** method in `code_block.py` has been modified, and a new `get_value` method added to `var_block.py`, to ensure that the original type of `VarBlock` and `NamedArgBlock` arguments is **preserved**. This enhancement prevents data loss and incorrect type handling, significantly improving the reliability and flexibility of **prompt template function calls** within the **Semantic Kernel's Python implementation**. New unit tests have been added to validate this correct type preservation.

This commit performs a **maintenance update** by **bumping the Weaviate Docker image version** used within the **Python integration tests workflow**. Specifically, the `weaviate/weaviate` image is upgraded from `1.26.6` to `1.33.3` in the `.github/workflows/python-integration-tests.yml` configuration. This ensures that the **Python integration tests** for the **Weaviate vector database integration** are executed against a more recent and potentially more stable or feature-rich version of the Weaviate server, improving test reliability and compatibility.

This commit **fixes broken links** within the `README.md` file for the **AzureAIAgent** in the **Python samples**. Specifically, it updates the numerical prefixes of example file paths in the **getting started with agents documentation**. This **documentation fix** ensures users can correctly navigate to the relevant Azure AI Agent example files, significantly improving the onboarding experience for the **Python SDK**.

This commit performs a **maintenance** update by **bumping the version** of the **Python SDK** to `1.37.0`. Specifically, it updates the package version string within the `python/semantic_kernel/__init__.py` file. This change signifies a new official release of the Python package, making the updated version available to all users and reflecting the latest development state.