llamaIndex - 💡(How to fix) Fix chore(deps): periodic Python dependency hygiene (uv locks + integration packages)

Scheduled dependency maintenance for the LlamaIndex monorepo: keep root and per-package uv metadata and lockfiles consistent, reduce drift with weekly Dependabot uv grouped updates, and validate changes using the same workflow contributors are expected to follow in CONTRIBUTING.md.

Fix / Workaround

Issue body (copy from below)

Summary

Scheduled dependency maintenance for the LlamaIndex monorepo: keep root and per-package uv metadata and lockfiles consistent, reduce drift with weekly Dependabot uv grouped updates, and validate changes using the same workflow contributors are expected to follow in CONTRIBUTING.md.

Context

• The repo is a monorepo (llama-index-core, llama-index-integrations, etc.) with many pyproject.toml files and per-package uv.lock files under integration paths, plus a root pyproject.toml / uv.lock used for the global dev environment (pre-commit, linters).
• .github/dependabot.yml runs weekly package-ecosystem: uv updates at / with a single grouped pattern (**), which tends to produce broad “bump the uv group across N directories” PRs (see recent changelog entries).
• Some integration areas still ship requirements.txt alongside pyproject.toml; call out any intentional duplicates vs. stale files when touching those packages.

Scope (proposed)

• Root dev toolchain: review pinned dev dependencies in [dependency-groups] dev (e.g. ruff, mypy, pre-commit, pytest) for safe upgrades; regenerate root uv.lock as needed.
• Integration packages: for any packages intentionally updated, ensure their local uv.lock matches pyproject.toml and that runtime/extra deps stay compatible with requires-python constraints.
• Consistency: where a change affects a published subpackage, follow normal versioning expectations from the PR template (bump package version when required—deps-only bumps often still warrant a patch release per team practice).
• Non-goals: no new integration packages; avoid drive-by refactors unrelated to dependency resolution.

Acceptance criteria

• Updated dependency declarations and lockfiles are internally consistent (uv sync succeeds at repo root; uv sync / uv lock succeeds for touched integration directories as applicable).
• Lint passes per contributing docs: uv run make lint (and uv run make format if formatters move).
• Tests: for each modified package, run targeted tests with the documented pattern, e.g. cd <package-dir> && uv run -- pytest (or the repo’s standard Pants/CI path for the same change set—match what CI will exercise for the touched paths).
• PR description references this issue and summarizes which packages were intentionally bumped vs. lockfile-only churn.

Verification checklist (from contributor workflow)

• uv sync at repository root
• uv run pre-commit install (if hook config changed)
• uv run make lint (and format if needed)
• uv run -- pytest in each modified package directory (or equivalent CI-local test command for those paths)

Notes

• If this work overlaps an open Dependabot PR, prefer rebasing/merging that PR or closing it in favor of a single consolidated chore(deps) change to limit reviewer load.
• Watch for upper bounds in `pyproject.t