Feature uv

[jiridanek]

Description

This merges the work done by @mtchoum1 to our main.

We cannot use requirements.txt with uv because of a known issue. In requirements.txt format, there is no sure way to associate a package with a specific package index.

• missing --index-url in uv pip compile pyproject.toml for packages that come from explicit = true indexes astral-sh/uv#15534

The current pyproject.toml is moved under tests/ directory.

How Has This Been Tested?

Merge criteria:

• The commits are squashed in a cohesive manner and have meaningful messages.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

Summary by CodeRabbit

• New Features

  • Added Python 3.11 support, modular dependency groups, and predefined Jupyter image compositions (CUDA/ROCm variants).

• Chores

  • Switched to Linux-only package resolution, added per-index GPU resolution paths and dependency metadata, added a sync script to generate lock manifests and wired it into refresh flow, and refreshed many pinned dependency versions and hashes.

• CI/CD

  • Workflows now use test-scoped resolution files and expose UV_PROJECT to test steps.

• Tests

  • Added a test-specific project config with tooling and linting.

• Bug Fixes

  • Fixed a typo in a script comment.

[coderabbitai]

Walkthrough

Restructures project dependency and UV resolution in pyproject.toml, adds per-image pylock generation and Makefile sync step, introduces a test-scoped pyproject.toml and CI changes to use it, and updates many pinned dependency versions/hashes across multiple requirements files.

Changes

Cohort / File(s)	Summary of key changes
Project pyproject pyproject.toml	Lowered Python minimum to >=3.11,<3.13; removed flat dependencies and package-mode = false; added [project.dependency-groups] (many named groups), workbench image include-group compositions, and an extensive [tool.uv] section (Linux-only envs, custom sources/indexes, per-index resolution paths, and dependency-metadata entries).
Sync scripts & Makefile scripts/sync-requirements-txt.sh, scripts/sync-pylock-toml.sh, Makefile	Minor comment fix in scripts/sync-requirements-txt.sh; new scripts/sync-pylock-toml.sh that discovers per-image requirements.txt, ensures uv, and runs uv pip compile to emit pylock.toml files; Makefile's refresh-pipfilelock-files now invokes scripts/sync-pylock-toml.sh.
Tests pyproject tests/pyproject.toml	Added test-scoped pyproject: project metadata for tests, requires-python >=3.12,<3.13, empty runtime deps, dev dependency-group, UV build-system config targeting darwin/linux, and Pyright/Ruff configuration for tests.
CI workflows .github/workflows/build-notebooks-TEMPLATE.yaml, .github/workflows/code-quality.yaml, .github/workflows/docs.yaml	CI steps now export UV_PROJECT=${PWD}/tests and uv setup uses test-scoped files (pyproject-file: tests/pyproject.toml, cache tests/uv.lock) so resolution runs against the tests UV project/lock.
Requirements updates — ubi9 Python 3.11 & 3.12 images/runtimes codeserver/.../requirements.txt, jupyter/.../ubi9-python-3.11/requirements.txt, jupyter/.../ubi9-python-3.12/requirements.txt, runtimes/.../ubi9-python-3.11/requirements.txt, runtimes/.../ubi9-python-3.12/requirements.txt (many files)	Extensive dependency bumps and corresponding SHA256 hash updates across many per-image and runtime requirements.txt files (notable bumps: beautifulsoup4, narwhals, parso, platformdirs, pyzmq, typing-extensions, types-python-dateutil, keras, plus others). Mostly metadata-only changes.
Tests — formatting tests/containers/.../*.py (multiple)	Whitespace-only removals of blank lines between imports in several test files; no behavior changes.
Tests — small edits tests/containers/runtimes/runtime_test.py	Minor formatting change (removed a blank line after an import); no functional change.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Issue opendatahub-io/notebooks#1598: RHAIENG-337: add pytorch+llmcompressor runtime to Makefile for refresh-pipfilelock-files #1878 — related to image/runtime inclusion for the pytorch+llmcompressor variant and Makefile sync changes; touches the same pylock/requirements sync and image composition areas.

Suggested reviewers

• dibryant
• jiridanek

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature-uv

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jesuino for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (7)

.github/workflows/uv-renewal.yaml (4)

2-2: Comment is stale: mentions Pipfile.locks, but the workflow updates uv.lock

Update the comment to reflect the switch to UV.

-# This GitHub action is meant to update the pipfile.locks
+# This GitHub Action updates the uv.lock file(s)

---

61-64: Use a supported, resilient UV setup method

Installing uv via pip works sometimes, but is brittle on ephemeral runners (PATH issues, user vs system site). Prefer the official setup action; at minimum, ensure PATH is updated when using pip.

-      - name: Install uv
-        run: pip install uv
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          # Pin or set a floor as needed (example shown)
+          version: '>=0.4.24'

If you must keep pip:

-      - name: Install uv
-        run: pip install uv
+      - name: Install uv (pip fallback)
+        run: |
+          python -m pip install --user 'uv>=0.4.24'
+          echo "$HOME/.local/bin" >> $GITHUB_PATH

---

24-30: Unused input and env var (update_optional_dirs/INCLUDE_OPT_DIRS)

You declare update_optional_dirs and map it to INCLUDE_OPT_DIRS, but never use it. Either wire it into the lock process (e.g., toggling extra groups/paths) or remove to avoid confusion.

-      update_optional_dirs:
-        description: 'Include optional directories in update'
-        required: false
-        default: 'false'
-        type: choice
-        options:
-          - 'true'
-          - 'false'
@@
-      INCLUDE_OPT_DIRS: ${{ github.event.inputs.update_optional_dirs || 'false' }}

Or document how it will be used in a follow-up step.

Also applies to: 37-41

---

49-54: Minor: Git identity is fine; consider using the GitHub Actor for traceability

Optional, but using the actor surfaces who triggered manual runs.

-         git config --global user.email "github-actions[bot]@users.noreply.github.com"
-         git config --global user.name "GitHub Actions"
+         git config --global user.email "${{ github.actor }}@users.noreply.github.com"
+         git config --global user.name "${{ github.actor }}"

scripts/sync-requirements-txt.sh (2)

19-19: Replace all '+' with '-' in image_name, not just the first occurrence

Future-proof: if more than one '+' appears, replace globally.

-image_name="${image_name/+/-}"
+image_name="${image_name//+/-}"

---

25-25: Quote variables and keep options tidy for safety

Paths are currently safe, but quoting avoids surprises; also group name derivation is correct.

-  uv pip compile --format requirements.txt --python ${python_version} -o jupyter/${path} --generate-hashes --group jupyter-${image_name}-image --python-platform linux --no-annotate -q
+  uv pip compile \
+    --format requirements.txt \
+    --python "${python_version}" \
+    --python-platform linux \
+    --group "jupyter-${image_name}-image" \
+    --generate-hashes \
+    --no-annotate \
+    -q \
+    -o "jupyter/${path}"

pyproject.toml (1)

372-385: Tooling target versions vs requires-python

Runtime supports 3.11 and 3.12, but pyright/ruff target 3.12. That’s fine, but you may miss type/style diagnostics specific to 3.11 syntax/stdlib. Consider aligning or running both in CI.

Example:

• Add another ruff/pyright job with pythonVersion/target-version set to 3.11.

Also applies to: 387-393

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e82ed33 and 72ab398.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• .github/workflows/uv-renewal.yaml (1 hunks)
• pyproject.toml (3 hunks)
• scripts/sync-requirements-txt.sh (1 hunks)

🧰 Additional context used

🧠 Learnings (15)

📓 Common learnings

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-08-05T17:24:08.616Z
Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

📚 Learning: 2025-08-20T12:39:54.827Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt:807-809
Timestamp: 2025-08-20T12:39:54.827Z
Learning: Issue #2055 tracks the remaining runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file that stayed at jupyter-core==5.7.2 during PR #2000, which will be addressed separately due to specific challenges with that ROCm TensorFlow image.

Applied to files:

• scripts/sync-requirements-txt.sh

📚 Learning: 2025-08-19T11:45:12.501Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1998
File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:159-161
Timestamp: 2025-08-19T11:45:12.501Z
Learning: jiridanek requested GitHub issue creation for duplicated micropipenv installation cleanup in pytorch+llmcompressor images during PR #1998 review. Issue addresses redundant installations occurring twice in both affected Dockerfiles: early unpinned install for Pipfile.lock deployment and later pinned install in requirements.txt block. Solution involves removing duplicate installations while maintaining version pinning (1.9.0) and ensuring micropipenv install --dev functionality remains intact. Issue includes comprehensive problem analysis, multiple solution options, detailed acceptance criteria covering build testing and deduplication verification, and proper context linking to PR #1998 review comment.

Applied to files:

• scripts/sync-requirements-txt.sh

📚 Learning: 2025-08-06T15:22:17.997Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm:17-18
Timestamp: 2025-08-06T15:22:17.997Z
Learning: jiridanek requested GitHub issue creation for micropipenv removal from Python 3.12 images during PR #968 review. Analysis revealed 15 affected Dockerfiles with only 1 legitimate usage (jupyter/tensorflow/ubi9-python-3.12/Dockerfile.cuda using micropipenv install --dev) while 14 images install micropipenv unnecessarily. Issue #1685 was created with comprehensive problem description covering ~238MB total waste across unused installations, detailed scope analysis, multiple solution options, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Applied to files:

• scripts/sync-requirements-txt.sh

📚 Learning: 2025-08-19T11:45:12.501Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1998
File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:159-161
Timestamp: 2025-08-19T11:45:12.501Z
Learning: jiridanek requested GitHub issue creation for duplicated micropipenv installation cleanup in pytorch+llmcompressor images during PR #1998 review. Analysis confirmed duplication exists in both pytorch+llmcompressor Dockerfiles with micropipenv installed twice: unpinned early install (lines 23/36) for Pipfile.lock deployment and pinned later install (lines 160/248) in requirements.txt block. Issue #1999 created with comprehensive problem analysis covering exact line numbers and affected files, three solution options (remove early install, consolidate installations, conditional logic), detailed acceptance criteria covering build testing and functionality verification, implementation notes for coordination with version pinning efforts, and proper context linking to PR #1998 review comment.

Applied to files:

• scripts/sync-requirements-txt.sh

📚 Learning: 2025-08-06T15:33:47.175Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm:17-18
Timestamp: 2025-08-06T15:33:47.175Z
Learning: During PR #968 review, CodeRabbit initially incorrectly identified 1 legitimate micropipenv usage in jupyter/tensorflow/ubi9-python-3.12/Dockerfile.cuda when analyzing Python 3.12 images for unused dependencies. Upon jiridanek's request for re-verification, comprehensive analysis revealed all 15 Python 3.12 Dockerfiles install micropipenv but none actually use it, making the cleanup scope 100% unnecessary installations with no exceptions to handle.

Applied to files:

• scripts/sync-requirements-txt.sh

📚 Learning: 2025-07-09T14:22:14.553Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1325
File: jupyter/pytorch/ubi9-python-3.12/Pipfile:42-42
Timestamp: 2025-07-09T14:22:14.553Z
Learning: jiridanek requested GitHub issue creation for Pipfile.lock verification script implementation during PR #1325 review, specifically to systematize the manual verification process for dependency version consistency across all lock files using jq. Issue #1367 was created with comprehensive problem description covering manual verification challenges, detailed solution with jq-based verification script, enhanced features for CI integration, clear acceptance criteria, implementation areas breakdown, benefits analysis, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Applied to files:

• scripts/sync-requirements-txt.sh

📚 Learning: 2025-07-01T10:41:56.419Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-01T10:41:56.419Z
Learning: jiridanek's team uses containerized dependency locking for cross-platform compatibility in opendatahub-io/notebooks. They run `pipenv lock` inside UBI9 containers with specific platform arguments (`--platform=linux/amd64 --python-version 3.12`) to avoid host OS dependency conflicts when generating Pipfile.lock files.

Applied to files:

• scripts/sync-requirements-txt.sh

📚 Learning: 2025-08-18T12:32:34.595Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1972
File: runtimes/pytorch+llmcompressor/ubi9-python-3.12/Pipfile:11-14
Timestamp: 2025-08-18T12:32:34.595Z
Learning: In opendatahub-io/notebooks, jiridanek's team uses a sophisticated dependency management workaround where conflicting packages like vllm are placed in [dev-packages] sections of Pipfiles. This allows `pipenv lock` to generate complete dependency resolution during lock file creation, while runtime builds use `micropipenv install` (without --dev) to avoid installing the conflicting dev dependencies. This strategy enables successful Pipfile.lock generation despite package incompatibilities like vllm conflicting with compressed-tensors.

Applied to files:

• scripts/sync-requirements-txt.sh
• pyproject.toml

📚 Learning: 2025-07-03T07:03:45.020Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/Pipfile:13-15
Timestamp: 2025-07-03T07:03:45.020Z
Learning: The Python 3.11 infrastructure for ROCm TensorFlow images in opendatahub-io/notebooks is already properly configured in the Makefile with both BASE_DIRS entries for Pipfile lock renewals and all-images targets for CI builds, requiring only commenting out the corresponding Python 3.12 entries when downgrading due to wheel availability issues.

Applied to files:

• scripts/sync-requirements-txt.sh
• pyproject.toml

📚 Learning: 2025-08-20T12:18:19.213Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/pytorch/ubi9-python-3.12/requirements.txt:804-807
Timestamp: 2025-08-20T12:18:19.213Z
Learning: The runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file remained at jupyter-core==5.7.2 while other runtime images were updated to 5.8.1 during PR #2000 to address CVE-2025-30167. jiridanek requested a separate GitHub issue to track this remaining update as the reason for the file being stuck at the old version was unclear.

Applied to files:

• scripts/sync-requirements-txt.sh

📚 Learning: 2025-08-08T08:38:32.988Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1760
File: jupyter/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:241-244
Timestamp: 2025-08-08T08:38:32.988Z
Learning: Policy: In opendatahub-io/notebooks, do not remove micropipenv from Python 3.11 images to avoid breaking existing users. Cleanups can deduplicate duplicate installs and remove unused uv, but micropipenv must remain present in 3.11 images.

Applied to files:

• scripts/sync-requirements-txt.sh
• pyproject.toml

📚 Learning: 2025-08-20T12:18:19.213Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/pytorch/ubi9-python-3.12/requirements.txt:804-807
Timestamp: 2025-08-20T12:18:19.213Z
Learning: The runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file remained at jupyter-core==5.7.2 while other runtime images were updated to 5.8.1 during PR #2000 to address CVE-2025-30167. jiridanek requested a separate GitHub issue (#2055) to track this remaining update as the reason for the file being stuck at the old version was unclear.

Applied to files:

• scripts/sync-requirements-txt.sh

📚 Learning: 2025-08-07T12:37:47.314Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1720
File: jupyter/trustyai/ubi9-python-3.12/requirements.txt:546-572
Timestamp: 2025-08-07T12:37:47.314Z
Learning: In the opendatahub-io/notebooks repository, strict alignment of debugpy versions across all images is not enforced as a policy. Version drift is tolerated and dependency versions are primarily managed by Pipenv locking. Alignment is only considered when inconsistencies are surfaced by tooling or cause issues.

Applied to files:

• pyproject.toml

📚 Learning: 2025-07-21T12:58:43.996Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1418
File: tests/browser/README.md:14-18
Timestamp: 2025-07-21T12:58:43.996Z
Learning: In the opendatahub-io/notebooks repository, upstream project testing framework references in README files serve as informational context about the broader ecosystem, not as recommendations for the current project. These references help contributors understand what other related projects use and should be retained even when the current project doesn't use those frameworks.

Applied to files:

• pyproject.toml

🪛 GitHub Actions: Code static analysis

scripts/sync-requirements-txt.sh

[error] 8-8: uv: command not found

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: build (codeserver-ubi9-python-3.11, 3.11, linux/arm64, false) / build
• GitHub Check: build (codeserver-ubi9-python-3.12, 3.12, linux/arm64, false) / build
• GitHub Check: build (cuda-rstudio-c9s-python-3.11, 3.11, linux/amd64, false) / build
• GitHub Check: build (runtime-cuda-tensorflow-ubi9-python-3.11, 3.11, linux/amd64, false) / build
• GitHub Check: build (runtime-cuda-pytorch-ubi9-python-3.12, 3.12, linux/amd64, false) / build
• GitHub Check: build (cuda-jupyter-pytorch-ubi9-python-3.11, 3.11, linux/amd64, false) / build
• GitHub Check: build (rocm-jupyter-minimal-ubi9-python-3.11, 3.11, linux/amd64, false) / build
• GitHub Check: build (cuda-jupyter-pytorch-llmcompressor-ubi9-python-3.12, 3.12, linux/amd64, false) / build
• GitHub Check: build (runtime-minimal-ubi9-python-3.12, 3.12, linux/amd64, false) / build
• GitHub Check: build (cuda-jupyter-minimal-ubi9-python-3.12, 3.12, linux/arm64, false) / build
• GitHub Check: build (runtime-cuda-pytorch-llmcompressor-ubi9-python-3.12, 3.12, linux/amd64, false) / build
• GitHub Check: build (cuda-jupyter-minimal-ubi9-python-3.11, 3.11, linux/arm64, false) / build
• GitHub Check: build (rstudio-c9s-python-3.11, 3.11, linux/amd64, false) / build
• GitHub Check: build (rocm-jupyter-tensorflow-ubi9-python-3.12, 3.12, linux/amd64, false) / build
• GitHub Check: build (rocm-jupyter-tensorflow-ubi9-python-3.11, 3.11, linux/amd64, false) / build
• GitHub Check: build (rocm-runtime-tensorflow-ubi9-python-3.12, 3.12, linux/amd64, false) / build
• GitHub Check: build (cuda-jupyter-tensorflow-ubi9-python-3.12, 3.12, linux/amd64, false) / build
• GitHub Check: Generate list of images for release notes
• GitHub Check: validation-of-sw-versions-in-imagestreams
• GitHub Check: Generate list of images for release notes

🔇 Additional comments (5)

scripts/sync-requirements-txt.sh (1)

21-23: ROCm image-name derivation: looks correct; flagging for a quick sanity check across all jupyter/ layouts*

Your rocm branch mangling aligns with expected directory shapes (e.g., rocm/tensorflow/ubi9-python-X.Y). Please verify it also matches any rocm subtrees under jupyter that differ from this two-level pattern.

You can dry-run on the repo to print pairs of path → group name before compiling, then bail out.

#!/usr/bin/env bash
set -Eeuo pipefail
cd jupyter
find . -name "requirements.txt" -type f | while read -r file; do
  path="${file#./}"
  image_name="${path%/*/*}"
  python_version="${path%/*}"; python_version="${python_version##*-}"
  image_name="${image_name//+/-}"
  if [[ "$path" == *"rocm/"* ]]; then image_name="${image_name#*/}-rocm"; fi
  echo "$path -> jupyter-${image_name}-image (python ${python_version})"
done

pyproject.toml (4)

283-287: Index configuration: confirm “explicit = true” behavior covers default PyPI resolution

With explicit = true, some tools require explicit [tool.uv.sources] mappings to use an index. Verify that packages not listed under [tool.uv.sources] still resolve against the named “pypi” index without additional mappings.

If resolution breaks, add a default mapping for all other groups to “pypi”:

[tool.uv.sources]
# keep torch/vision/pytorch-triton-rocm as-is …
# and add a catch-all default
"*” = [{ index = "pypi" }]

Or set explicit = false for pypi if you prefer default behavior.

---

121-124: tensorflow-rocm metadata: multi-arch expectations

The custom requires-dist for tensorflow-rocm includes tensorflow-cpu-aws for non-x86_64. Please confirm this is intended across all non-x86_64 architectures (e.g., aarch64, ppc64le) and builder environments; otherwise locking for those arches might pick an AWS-specific wheel that’s unsuitable.

If needed, you can gate by distro or a narrower marker, or provide a separate metadata entry for aarch64.

Also applies to: 288-306

---

44-52: Pinned Jupyter stack looks coherent

jupyterlab, server, proxy, terminals, lab-git, nbdime, nbgitpuller pins are consistent and recent. Good baseline for predictable locks.

---

125-135: CUDA/ROCm PyTorch pins are mutually consistent

torch/vision pairs (2.6.0/0.21.0) align with cu126/rocm6.2.4 indexes. Looks correct for 2025-era wheels.

[coderabbitai]

⚠️ Potential issue

Guard commit/push when there are no changes

As written, git commit fails when uv.lock is unchanged, failing the workflow.

-      - name: Run make refresh-pipfilelock-files and push the changes back to the branch
+      - name: Refresh uv.lock and push changes (if any)
         run: |
           uv lock --python ${{ env.PYTHON_VERSION }}
           git add uv.lock
-          git commit -m "Update uv.lock files by uvlock-renewal.yaml action"
-          git push origin ${{ env.BRANCH }}
+          if git diff --staged --quiet; then
+            echo "uv.lock up to date; nothing to commit."
+          else
+            git commit -m "Update uv.lock by uv-renewal.yaml action (Python ${{ env.PYTHON_VERSION }})"
+            git push origin ${{ env.BRANCH }}
+          fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Run make refresh-pipfilelock-files and push the changes back to the branch
	run: |
	uv lock --python ${{ env.PYTHON_VERSION }}
	git add uv.lock
	git commit -m "Update uv.lock files by uvlock-renewal.yaml action"
	git push origin ${{ env.BRANCH }}
	- name: Refresh uv.lock and push changes (if any)
	run: |
	uv lock --python ${{ env.PYTHON_VERSION }}
	git add uv.lock
	if git diff --staged --quiet; then
	echo "uv.lock up to date; nothing to commit."
	else
	git commit -m "Update uv.lock by uv-renewal.yaml action (Python ${{ env.PYTHON_VERSION }})"
	git push origin ${{ env.BRANCH }}
	fi

🤖 Prompt for AI Agents

.github/workflows/uv-renewal.yaml around lines 66-71: after running the uv lock
step, guard the git add/commit/push so the workflow does not fail when uv.lock
is unchanged; detect whether uv.lock was modified (e.g., check git
status/porcelain or run a git diff check) and only perform git add, git commit
and git push when a change is detected, otherwise skip those steps and exit
successfully.

[jiridanek]

we don't want to update uv.lock like this

[coderabbitai]

@jiridanek, understood! I'll step back from that suggestion.

Could you clarify your preferred approach for handling uv.lock updates? Should this workflow be removed entirely, or do you have a different mechanism in mind for managing uv.lock files?

---

🧠 Learnings used

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: codeserver/ubi9-python-3.11/Dockerfile.cpu:17-18
Timestamp: 2025-08-01T16:10:21.049Z
Learning: jiridanek requested GitHub issue creation for version pinning improvement of micropipenv and uv packages during PR #968 review. Issue #1595 was created with comprehensive problem description covering build reproducibility risks from unpinned package versions across 18 affected Dockerfiles, two solution options (direct pinning vs build arguments), implementation approach with testing requirements, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:152-158
Timestamp: 2025-08-02T10:26:52.388Z
Learning: jiridanek corrected CodeRabbit's false assessment about uv pip install --strict flag support during PR #968 review. User demonstrated that uv 0.8.0 does support the --strict flag through command line verification, contradicting CodeRabbit's analysis using uv 0.8.4 that incorrectly suggested the flag was unsupported.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-08-05T17:24:08.616Z
Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1333
File: runtimes/rocm-pytorch/ubi9-python-3.12/de-vendor-torch.sh:9-12
Timestamp: 2025-07-08T19:28:15.791Z
Learning: jiridanek requested GitHub issue creation for runtime detection improvement of Python site-packages paths during PR #1333 review. Issue #1344 was created with comprehensive problem description covering hard-coded path fragility across UBI9 distributions, extensive affected files analysis including 4 de-vendor scripts, 30+ Dockerfiles with chmod operations, and 12+ pip.conf configurations, runtime detection solution using sysconfig module, implementation areas breakdown, benefits analysis, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1998
File: runtimes/pytorch/ubi9-python-3.11/Dockerfile.cuda:23-24
Timestamp: 2025-08-19T11:40:33.157Z
Learning: jiridanek corrected CodeRabbit's false assessment about uv pip install --build-constraints flag during PR #1998 review. User demonstrated that uv 0.8.12 uses the plural form --build-constraints (not --build-constraint as incorrectly suggested by CodeRabbit), verified through direct command line help output, showing the importance of accepting corrections when evidence contradicts initial analysis.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:152-158
Timestamp: 2025-08-02T10:26:52.388Z
Learning: CodeRabbit made an incorrect assessment about uv pip install --strict flag support during PR #968 review, suggesting its removal when the flag is actually supported in both uv 0.8.0 and 0.8.4. jiridanek correctly demonstrated the flag's availability through command line verification, showing the importance of thorough verification and accepting corrections when evidence contradicts initial analysis.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-11T11:16:05.131Z
Learning: jiridanek requested GitHub issue creation for RStudio py311 Tekton push pipelines during PR #1379 review. Issue #1384 was successfully created covering two RStudio variants (CPU and CUDA) found in manifests/base/params-latest.env, with comprehensive problem description, implementation requirements following the same pattern as other workbench pipelines, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

[coderabbitai]

⚠️ Potential issue

Conflict matrix blocks valid images (datascience-base + TensorFlow images)

This tuple forbids combining datascience-base with tensorflowcuda/tensorflowrocm, but jupyter-tensorflow-image and jupyter-tensorflow-rocm-image both include datascience-base by design. This will make uv lock/compile impossible for those images.

-    [
-        { group = "tensorflowcuda" },
-        { group = "tensorflowrocm" }, 
-        { group = "datascience-base" },
-    ],

Rationale: You already forbid mixing multiple GPU stacks in the 338–343 tuple; removing this tuple preserves TensorFlow images that include datascience-base.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{ group = "tensorflowcuda" },
	{ group = "tensorflowrocm" },
	{ group = "datascience-base" },
	],

🤖 Prompt for AI Agents

In pyproject.toml around lines 345–348 the conflict matrix currently forbids
combining datascience-base with tensorflowcuda/tensorflowrocm which blocks
legitimate images (jupyter-tensorflow-image and jupyter-tensorflow-rocm-image)
that include datascience-base; remove this three-way tuple from the conflict
matrix (or replace it with a tuple that only forbids mixing multiple GPU stacks,
e.g., tensorflowcuda + tensorflowrocm) so datascience-base can be combined with
either TensorFlow image.

[jiridanek]

we don't need the conflicts if we never resolve the pyproject.toml as a whole

[coderabbitai]

@jiridanek You're absolutely right! Since you're using selective dependency group resolution via scripts/sync-requirements-txt.sh rather than universal uv lock resolution of the entire pyproject.toml, the conflicts matrix becomes unnecessary. Each image group gets resolved independently, so conflicting combinations between different image types never occur in the same resolution context.

Thanks for the clarification - this makes the architectural approach much clearer.

---

✏️ Learnings added

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2113
File: pyproject.toml:0-0
Timestamp: 2025-08-26T16:29:14.445Z
Learning: In opendatahub-io/notebooks, jiridanek's team uses selective dependency group resolution via scripts/sync-requirements-txt.sh instead of universal `uv lock --universal` resolution. This approach resolves individual image dependency groups (like jupyter-tensorflow-image) separately, making conflict matrices in pyproject.toml unnecessary since conflicting combinations between different image types never occur in the same resolution context.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1972
File: runtimes/pytorch+llmcompressor/ubi9-python-3.12/Pipfile:11-14
Timestamp: 2025-08-18T12:32:34.595Z
Learning: In opendatahub-io/notebooks, jiridanek's team uses a sophisticated dependency management workaround where conflicting packages like vllm are placed in [dev-packages] sections of Pipfiles. This allows `pipenv lock` to generate complete dependency resolution during lock file creation, while runtime builds use `micropipenv install` (without --dev) to avoid installing the conflicting dev dependencies. This strategy enables successful Pipfile.lock generation despite package incompatibilities like vllm conflicting with compressed-tensors.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt:807-809
Timestamp: 2025-08-20T12:39:54.827Z
Learning: Issue #2055 tracks the remaining runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file that stayed at jupyter-core==5.7.2 during PR #2000, which will be addressed separately due to specific challenges with that ROCm TensorFlow image.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/pytorch/ubi9-python-3.12/requirements.txt:804-807
Timestamp: 2025-08-20T12:18:19.213Z
Learning: The runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file remained at jupyter-core==5.7.2 while other runtime images were updated to 5.8.1 during PR #2000 to address CVE-2025-30167. jiridanek requested a separate GitHub issue (#2055) to track this remaining update as the reason for the file being stuck at the old version was unclear.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/pytorch/ubi9-python-3.12/requirements.txt:804-807
Timestamp: 2025-08-20T12:18:19.213Z
Learning: The runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file remained at jupyter-core==5.7.2 while other runtime images were updated to 5.8.1 during PR #2000 to address CVE-2025-30167. jiridanek requested a separate GitHub issue to track this remaining update as the reason for the file being stuck at the old version was unclear.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/tensorflow/ubi9-python-3.11/Pipfile:41-41
Timestamp: 2025-08-20T12:19:34.523Z
Learning: jiridanek created GitHub issue #2055 to track the remaining runtimes/rocm-tensorflow/ubi9-python-3.12/Pipfile.lock file that stayed at jupyter-core==5.7.2 during PR #2000, ensuring systematic follow-up for complete CVE-2025-30167 remediation across all runtime images in the opendatahub-io/notebooks repository.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-01T10:41:56.419Z
Learning: In the opendatahub-io/notebooks repository, TensorFlow packages with `extras = ["and-cuda"]` can cause build conflicts on macOS due to platform-specific CUDA packages. When the Dockerfile installs CUDA system-wide, removing the extras and letting TensorFlow find CUDA at runtime resolves these conflicts.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-23T16:18:42.922Z
Learning: The TensorFlow ROCm Python 3.12 compatibility issue in opendatahub-io/notebooks PR #1259 was caused by using tensorflow-rocm==2.14.0.600 in Pipfile.lock which lacks Python 3.12 wheels, while the Pipfile specifies tensorflow_rocm=~=2.18.1. The solution requires updating Pipfile sources to include https://repo.radeon.com/rocm/manylinux/rocm-rel-6.4/ repository which contains tensorflow_rocm-2.18.1-cp312-cp312-manylinux_2_28_x86_64.whl and regenerating Pipfile.lock using the piplock-refresh GitHub Action.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm:17-18
Timestamp: 2025-08-06T15:33:47.175Z
Learning: During PR #968 review, CodeRabbit initially incorrectly identified 1 legitimate micropipenv usage in jupyter/tensorflow/ubi9-python-3.12/Dockerfile.cuda when analyzing Python 3.12 images for unused dependencies. Upon jiridanek's request for re-verification, comprehensive analysis revealed all 15 Python 3.12 Dockerfiles install micropipenv but none actually use it, making the cleanup scope 100% unnecessary installations with no exceptions to handle.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: codeserver/ubi9-python-3.11/Dockerfile.cpu:17-18
Timestamp: 2025-08-01T16:10:21.049Z
Learning: jiridanek requested GitHub issue creation for version pinning improvement of micropipenv and uv packages during PR #968 review. Issue #1595 was created with comprehensive problem description covering build reproducibility risks from unpinned package versions across 18 affected Dockerfiles, two solution options (direct pinning vs build arguments), implementation approach with testing requirements, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:152-158
Timestamp: 2025-08-02T10:26:52.388Z
Learning: jiridanek corrected CodeRabbit's false assessment about uv pip install --strict flag support during PR #968 review. User demonstrated that uv 0.8.0 does support the --strict flag through command line verification, contradicting CodeRabbit's analysis using uv 0.8.4 that incorrectly suggested the flag was unsupported.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-08-05T17:24:08.616Z
Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1333
File: runtimes/rocm-pytorch/ubi9-python-3.12/de-vendor-torch.sh:9-12
Timestamp: 2025-07-08T19:28:15.791Z
Learning: jiridanek requested GitHub issue creation for runtime detection improvement of Python site-packages paths during PR #1333 review. Issue #1344 was created with comprehensive problem description covering hard-coded path fragility across UBI9 distributions, extensive affected files analysis including 4 de-vendor scripts, 30+ Dockerfiles with chmod operations, and 12+ pip.conf configurations, runtime detection solution using sysconfig module, implementation areas breakdown, benefits analysis, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1998
File: runtimes/pytorch/ubi9-python-3.11/Dockerfile.cuda:23-24
Timestamp: 2025-08-19T11:40:33.157Z
Learning: jiridanek corrected CodeRabbit's false assessment about uv pip install --build-constraints flag during PR #1998 review. User demonstrated that uv 0.8.12 uses the plural form --build-constraints (not --build-constraint as incorrectly suggested by CodeRabbit), verified through direct command line help output, showing the importance of accepting corrections when evidence contradicts initial analysis.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-11T11:16:05.131Z
Learning: jiridanek requested GitHub issue creation for RStudio py311 Tekton push pipelines during PR #1379 review. Issue #1384 was successfully created covering two RStudio variants (CPU and CUDA) found in manifests/base/params-latest.env, with comprehensive problem description, implementation requirements following the same pattern as other workbench pipelines, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:152-158
Timestamp: 2025-08-02T10:26:52.388Z
Learning: CodeRabbit made an incorrect assessment about uv pip install --strict flag support during PR #968 review, suggesting its removal when the flag is actually supported in both uv 0.8.0 and 0.8.4. jiridanek correctly demonstrated the flag's availability through command line verification, showing the importance of thorough verification and accepting corrections when evidence contradicts initial analysis.

[coderabbitai]

⚠️ Potential issue

Fix: bootstrap uv reliably (pipeline error shows “uv: command not found”)

The current check can still fail on some runners (PATH/user site). Install uv and ensure PATH includes the user bin.

-uv --version || pip install uv
+if ! command -v uv >/dev/null 2>&1; then
+  python3 -m pip install --user 'uv>=0.4.24'
+  # Ensure the user base bin dir is in PATH for this session
+  export PATH="$(python3 -c 'import site,sys; p=site.getusersitepackages(); sys.stdout.write(p.replace("site-packages","bin"))'):$HOME/.local/bin:$PATH"
+fi

🧰 Tools

🪛 GitHub Actions: Code static analysis

[error] 8-8: uv: command not found

[jiridanek]

Fix: bootstrap uv reliably (pipeline error shows “uv: command not found”)

it will always print that, but then it will install uv, right?

[coderabbitai]

@jiridanek You're absolutely right about the bash logic! The uv --version || pip install uv pattern should work as intended:

1. uv --version fails with "command not found" (exit code 127)
2. The || operator triggers pip install uv
3. uv gets installed and the script continues

The "uv: command not found" message would just be stderr output before the installation happens. My suggestion was overly cautious.

However, there's still a potential edge case in some CI environments where pip install uv might install to a location that's not immediately available in the current shell's PATH. But you're correct that for most standard setups, the simpler approach should work fine.

The current code change from micropipenv to uv with the same pattern is consistent and should function properly. Thanks for the clarification!

---

🧠 Learnings used

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-01T10:41:56.419Z
Learning: jiridanek's team uses containerized dependency locking for cross-platform compatibility in opendatahub-io/notebooks. They run `pipenv lock` inside UBI9 containers with specific platform arguments (`--platform=linux/amd64 --python-version 3.12`) to avoid host OS dependency conflicts when generating Pipfile.lock files.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:152-158
Timestamp: 2025-08-02T10:26:52.388Z
Learning: jiridanek corrected CodeRabbit's false assessment about uv pip install --strict flag support during PR #968 review. User demonstrated that uv 0.8.0 does support the --strict flag through command line verification, contradicting CodeRabbit's analysis using uv 0.8.4 that incorrectly suggested the flag was unsupported.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:152-158
Timestamp: 2025-08-02T10:26:52.388Z
Learning: CodeRabbit made an incorrect assessment about uv pip install --strict flag support during PR #968 review, suggesting its removal when the flag is actually supported in both uv 0.8.0 and 0.8.4. jiridanek correctly demonstrated the flag's availability through command line verification, showing the importance of thorough verification and accepting corrections when evidence contradicts initial analysis.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1998
File: runtimes/pytorch/ubi9-python-3.11/Dockerfile.cuda:23-24
Timestamp: 2025-08-19T11:40:33.157Z
Learning: jiridanek corrected CodeRabbit's false assessment about uv pip install --build-constraints flag during PR #1998 review. User demonstrated that uv 0.8.12 uses the plural form --build-constraints (not --build-constraint as incorrectly suggested by CodeRabbit), verified through direct command line help output, showing the importance of accepting corrections when evidence contradicts initial analysis.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1998
File: runtimes/pytorch+llmcompressor/ubi9-python-3.11/Dockerfile.cuda:159-161
Timestamp: 2025-08-19T11:45:12.501Z
Learning: jiridanek requested GitHub issue creation for duplicated micropipenv installation cleanup in pytorch+llmcompressor images during PR #1998 review. Issue addresses redundant installations occurring twice in both affected Dockerfiles: early unpinned install for Pipfile.lock deployment and later pinned install in requirements.txt block. Solution involves removing duplicate installations while maintaining version pinning (1.9.0) and ensuring micropipenv install --dev functionality remains intact. Issue includes comprehensive problem analysis, multiple solution options, detailed acceptance criteria covering build testing and deduplication verification, and proper context linking to PR #1998 review comment.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: codeserver/ubi9-python-3.11/Dockerfile.cpu:17-18
Timestamp: 2025-08-01T16:10:21.049Z
Learning: jiridanek requested GitHub issue creation for version pinning improvement of micropipenv and uv packages during PR #968 review. Issue #1595 was created with comprehensive problem description covering build reproducibility risks from unpinned package versions across 18 affected Dockerfiles, two solution options (direct pinning vs build arguments), implementation approach with testing requirements, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-08-05T17:24:08.616Z
Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1333
File: runtimes/rocm-pytorch/ubi9-python-3.12/de-vendor-torch.sh:9-12
Timestamp: 2025-07-08T19:28:15.791Z
Learning: jiridanek requested GitHub issue creation for runtime detection improvement of Python site-packages paths during PR #1333 review. Issue #1344 was created with comprehensive problem description covering hard-coded path fragility across UBI9 distributions, extensive affected files analysis including 4 de-vendor scripts, 30+ Dockerfiles with chmod operations, and 12+ pip.conf configurations, runtime detection solution using sysconfig module, implementation areas breakdown, benefits analysis, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

---

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-11T11:16:05.131Z
Learning: jiridanek requested GitHub issue creation for RStudio py311 Tekton push pipelines during PR #1379 review. Issue #1384 was successfully created covering two RStudio variants (CPU and CUDA) found in manifests/base/params-latest.env, with comprehensive problem description, implementation requirements following the same pattern as other workbench pipelines, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

pyproject.toml (1)

241-252: TrustyAI image pulls CUDA wheels but builds from a CPU Dockerfile

Makefile builds jupyter-trustyai using Dockerfile.cpu (Line 142–144 in Makefile), yet:

• jupyter-trustyai-image includes { include-group = "pytorchcuda" } (Line 251–252).
• torch and torchvision for jupyter-trustyai-image are mapped to the CUDA index (Lines 264–265, 271–272).

This likely drags CUDA wheels into a CPU image, inflating size and risking runtime import errors on nodes without CUDA. Either make TrustyAI a GPU image (and switch its Dockerfile to .cuda) or keep it CPU-only.

Two alternative fixes:

A) Keep TrustyAI CPU-only (recommended if current runtime is CPU):

 jupyter-trustyai-image = [
@@
     { include-group = "trustyai" },
-    { include-group = "pytorchcuda" },
 ]
@@
 torch = [
-    { index = "pytorch-cuda", group = "jupyter-trustyai-image" },
+    # trustyai resolves torch CPU wheels from PyPI by default
 ]
 torchvision = [
-    { index = "pytorch-cuda", group = "jupyter-trustyai-image" },
+    # trustyai resolves torchvision CPU wheels from PyPI by default
 ]

B) Make TrustyAI explicitly GPU (if that’s the intent):

• Create a jupyter-trustyai-cuda-image top-level group that includes pytorchcuda.
• Add a corresponding cuda-jupyter-trustyai-... Makefile target using Dockerfile.cuda.
• Keep CUDA source mappings bound to that new group, not the CPU one.

Also applies to: 260-274

🧹 Nitpick comments (7)

scripts/sync-pylock-toml.sh (4)

5-5: Pin and install uv via python -m pip for determinism

Relying on whatever uv version pip chooses may yield non-reproducible outputs or miss newer flags. Use python -m pip, upgrade, and pin a floor that supports --format pylock.toml.

-uv --version || pip install uv
+command -v uv >/dev/null 2>&1 || python3 -m pip install -U 'uv>=0.5.0'

---

7-8: Ensure temp file is always cleaned up (trap) and handle empty set gracefully

If uv fails mid-loop, files.txt persists due to set -e. Also, when no requirements.txt exist, fail fast with a clear message instead of entering an empty while/read.

 cd jupyter
 find . -name "requirements.txt" -type f > files.txt
 cd ..
+if [[ ! -s jupyter/files.txt ]]; then
+  echo "No requirements.txt files found under jupyter/; nothing to compile." >&2
+  exit 0
+fi
+trap 'rm -f jupyter/files.txt' EXIT
 ...
-done < jupyter/files.txt
-
-rm jupyter/files.txt
+done < jupyter/files.txt

Also applies to: 26-28

---

12-20: Path parsing: robust but brittle to future layout changes

The parameter expansion works for current layouts (including rocm/* and plus-sign images), but it tightly couples to directory depth assumptions. Consider using dirname/basename to make intent explicit and guard for unexpected depths with a sanity check.

Example outside the selected lines, if you opt to refactor:

dir="$(dirname "$path")"                      # e.g., rocm/pytorch/ubi9-python-3.12
img_dir="$(dirname "$dir")"                   # e.g., rocm/pytorch
py_dir="$(basename "$dir")"                   # e.g., ubi9-python-3.12
python_version="${py_dir##*-}"                # 3.12

---

22-24: uv pip compile flags: consider reproducibility knobs

Current flags are fine. If you later need CPU-only wheels on macOS or CI, add --python-platform "linux" (already present) and consider --no-build-isolation to match Docker builds, and --prerelease=allow only when required. No action needed now.

tests/pyproject.toml (2)

7-7: Align tests Python floor with repo or justify 3.12-only

Root pyproject allows >=3.11,<3.13, but tests are constrained to >=3.12,<3.13. If the test suite can run on 3.11 lanes, widening keeps CI matrix consistent; if not, add a rationale comment.

-requires-python = ">=3.12,<3.13"
+requires-python = ">=3.11,<3.13"  # Narrow to >=3.12 if tests rely on 3.12-only features

---

63-68: Duplicate ignore code and broad ignores—tighten where easy

PLR0917 is listed twice; drop one. Also consider pruning ignores that mask meaningful issues in tests over time (optional).

-    "PLR0917", # Too many positional arguments (10/5)
-    "PLR0917", # Too many positional arguments (7/5)
+    "PLR0917", # Too many positional arguments

Also applies to: 103-144

pyproject.toml (1)

150-157: Avoid double-pinning torch for TrustyAI

trustyai group pins torch==2.6.0, and jupyter-trustyai-image also includes pytorchcuda which pins torch==2.6.0. While versions match now, this duplication makes future upgrades error-prone. Prefer a single source of truth.

Option 1 (CPU TrustyAI): keep torch in trustyai group and remove pytorchcuda from the image (see prior comment).
Option 2 (GPU TrustyAI): remove torch from trustyai group and rely on pytorchcuda exclusively.

 trustyai = [
-    "torch==2.6.0",
     "transformers~=4.53.0; python_version == '3.11'",
     "transformers~=4.55.0; python_version == '3.12'",
     "datasets~=3.4.1",
     "accelerate~=1.5.2",
     "trustyai~=0.6.1",
 ]

Also applies to: 205-215, 217-227

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 72ab398 and 253587a.

⛔ Files ignored due to path filters (1)

• tests/uv.lock is excluded by !**/*.lock

📒 Files selected for processing (6)

• .github/workflows/uv-renewal.yaml (1 hunks)
• Makefile (1 hunks)
• pyproject.toml (2 hunks)
• scripts/sync-pylock-toml.sh (1 hunks)
• scripts/sync-requirements-txt.sh (1 hunks)
• tests/pyproject.toml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• scripts/sync-requirements-txt.sh

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/uv-renewal.yaml

🧰 Additional context used

🧠 Learnings (11)

📓 Common learnings

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-08-05T17:24:08.616Z
Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

📚 Learning: 2025-07-01T10:41:56.419Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-01T10:41:56.419Z
Learning: jiridanek's team uses containerized dependency locking for cross-platform compatibility in opendatahub-io/notebooks. They run `pipenv lock` inside UBI9 containers with specific platform arguments (`--platform=linux/amd64 --python-version 3.12`) to avoid host OS dependency conflicts when generating Pipfile.lock files.

Applied to files:

• scripts/sync-pylock-toml.sh
• pyproject.toml

📚 Learning: 2025-07-08T19:09:48.746Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1306
File: jupyter/trustyai/ubi9-python-3.12/kustomize/base/kustomization.yaml:8-12
Timestamp: 2025-07-08T19:09:48.746Z
Learning: jiridanek requested GitHub issue creation for misleading CUDA prefix in TrustyAI image tags during PR #1306 review, affecting both Python 3.11 and 3.12 versions. Issue #1338 was created with comprehensive problem description covering both affected images, repository pattern analysis comparing correct vs incorrect naming conventions, clear solution with code examples, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Applied to files:

• pyproject.toml

📚 Learning: 2025-07-08T19:09:48.746Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1306
File: jupyter/trustyai/ubi9-python-3.12/kustomize/base/kustomization.yaml:8-12
Timestamp: 2025-07-08T19:09:48.746Z
Learning: jiridanek requested GitHub issue creation for misleading CUDA prefix in TrustyAI image tags during PR #1306 review. Issue was created with comprehensive problem description covering both Python 3.11 and 3.12 versions, repository pattern analysis showing correct vs incorrect naming, clear solution with code examples, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Applied to files:

• pyproject.toml

📚 Learning: 2025-08-20T12:39:54.827Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt:807-809
Timestamp: 2025-08-20T12:39:54.827Z
Learning: Issue #2055 tracks the remaining runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file that stayed at jupyter-core==5.7.2 during PR #2000, which will be addressed separately due to specific challenges with that ROCm TensorFlow image.

Applied to files:

• pyproject.toml

📚 Learning: 2025-07-23T16:18:42.922Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-23T16:18:42.922Z
Learning: The TensorFlow ROCm Python 3.12 compatibility issue in opendatahub-io/notebooks PR #1259 was caused by using tensorflow-rocm==2.14.0.600 in Pipfile.lock which lacks Python 3.12 wheels, while the Pipfile specifies tensorflow_rocm=~=2.18.1. The solution requires updating Pipfile sources to include https://repo.radeon.com/rocm/manylinux/rocm-rel-6.4/ repository which contains tensorflow_rocm-2.18.1-cp312-cp312-manylinux_2_28_x86_64.whl and regenerating Pipfile.lock using the piplock-refresh GitHub Action.

Applied to files:

• pyproject.toml

📚 Learning: 2025-08-20T12:18:19.213Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/pytorch/ubi9-python-3.12/requirements.txt:804-807
Timestamp: 2025-08-20T12:18:19.213Z
Learning: The runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file remained at jupyter-core==5.7.2 while other runtime images were updated to 5.8.1 during PR #2000 to address CVE-2025-30167. jiridanek requested a separate GitHub issue (#2055) to track this remaining update as the reason for the file being stuck at the old version was unclear.

Applied to files:

• pyproject.toml

📚 Learning: 2025-08-20T12:18:19.213Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/pytorch/ubi9-python-3.12/requirements.txt:804-807
Timestamp: 2025-08-20T12:18:19.213Z
Learning: The runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file remained at jupyter-core==5.7.2 while other runtime images were updated to 5.8.1 during PR #2000 to address CVE-2025-30167. jiridanek requested a separate GitHub issue to track this remaining update as the reason for the file being stuck at the old version was unclear.

Applied to files:

• pyproject.toml

📚 Learning: 2025-07-01T10:41:56.419Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-01T10:41:56.419Z
Learning: In the opendatahub-io/notebooks repository, TensorFlow packages with `extras = ["and-cuda"]` can cause build conflicts on macOS due to platform-specific CUDA packages. When the Dockerfile installs CUDA system-wide, removing the extras and letting TensorFlow find CUDA at runtime resolves these conflicts.

Applied to files:

• pyproject.toml

📚 Learning: 2025-08-18T12:32:34.595Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1972
File: runtimes/pytorch+llmcompressor/ubi9-python-3.12/Pipfile:11-14
Timestamp: 2025-08-18T12:32:34.595Z
Learning: In opendatahub-io/notebooks, jiridanek's team uses a sophisticated dependency management workaround where conflicting packages like vllm are placed in [dev-packages] sections of Pipfiles. This allows `pipenv lock` to generate complete dependency resolution during lock file creation, while runtime builds use `micropipenv install` (without --dev) to avoid installing the conflicting dev dependencies. This strategy enables successful Pipfile.lock generation despite package incompatibilities like vllm conflicting with compressed-tensors.

Applied to files:

• pyproject.toml

📚 Learning: 2025-08-07T12:37:47.314Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1720
File: jupyter/trustyai/ubi9-python-3.12/requirements.txt:546-572
Timestamp: 2025-08-07T12:37:47.314Z
Learning: In the opendatahub-io/notebooks repository, strict alignment of debugpy versions across all images is not enforced as a policy. Version drift is tolerated and dependency versions are primarily managed by Pipenv locking. Alignment is only considered when inconsistencies are surfaced by tooling or cause issues.

Applied to files:

• pyproject.toml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build (codeserver-ubi9-python-3.12, 3.12, linux/arm64, false) / build
• GitHub Check: build (cuda-jupyter-minimal-ubi9-python-3.12, 3.12, linux/arm64, false) / build
• GitHub Check: build (jupyter-datascience-ubi9-python-3.12, 3.12, linux/amd64, false) / build
• GitHub Check: build (codeserver-ubi9-python-3.11, 3.11, linux/arm64, false) / build
• GitHub Check: Generate job matrix
• GitHub Check: validation-of-params-env

🔇 Additional comments (4)

tests/pyproject.toml (1)

34-41: Test tooling config LGTM

Package=false and explicit darwin/linux envs for a test-only toolchain are appropriate. No concerns.

pyproject.toml (3)

7-12: Good documentation around uv lock behavior

The warning about avoiding universal lock on this repo and pointing to sync-requirements-txt.sh is useful context. Keep it.

---

114-123: Add CI sanity checks for pinned torch/torchvision versions in all GPU‐stack sections

Please ensure that the following pins are actually resolvable from your configured CUDA (cu126) and ROCm (rocm6.2.4) indexes for both Python 3.11 and 3.12. Although we’ve confirmed that torch==2.6.0 and torchvision==0.21.0 appear in the three GPU sections of pyproject.toml (lines 126–127 & 131–132, line 151, and again around lines 286–299), resolution can still drift over time.

• Add a CI job (or expand your existing dependency‐check workflow) to run, e.g.:

# CUDA index
pip install \
  --extra-index-url https://developer.download.nvidia.com/compute/redist \
  torch==2.6.0 torchvision==0.21.0

# ROCm index
pip install \
  --extra-index-url https://repo.radeon.com/rocm/manylinux/rocm-rel-6.2.4 \
  torch==2.6.0 torchvision==0.21.0

(Adjust URLs to match your pyproject.toml indexes.)

• Verify this for all GPU‐stack definitions in:

• Lines 114–123 (CUDA/ROCm main stacks)
• Lines 124–134 (alternate stacks)
• Lines 286–299 (Python-versioned stacks)

This will catch any index drift early and prevent CI failures when upgrading Python versions.

---

279-281: Ignore index-based uv mapping suggestion for ROCm wheels

The remote repository at https://repo.radeon.com/rocm/manylinux/rocm-rel-6.4 is a simple file server hosting wheel files, not a PyPI-compatible package index. As confirmed, uv (pdm-uv) requires explicit wheel URLs when pulling from such file servers; specifying it via an index entry will not work and will break resolution altogether.

If you need to support both Python 3.11 and 3.12 wheels from that server, continue using explicit url = "…whl" entries in the tensorflow-rocm source, adding a second URL entry for the cp311 wheel alongside the existing cp312 one. You can conditionally select between them using PEP 508 markers or uv’s file syntax. The Makefile’s refresh-pipfilelock-files recipe already includes both the 3.11 and 3.12 base directories (lines 401–409 and 421–427), so no changes are required there.

Likely an incorrect or invalid review comment.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Good integration point; verify toolchain reproducibility

Hooking sync-pylock-toml.sh after requirements regeneration is sensible. Given the script auto-installs uv from PyPI, please confirm your CI runners permit networked tool bootstrapping and that the uv version is pinned to avoid churn in generated pylock.toml.

To verify determinism across lanes:

---

🏁 Script executed:

#!/bin/bash
# Expect identical pylock.toml across two uv versions on the same inputs (or document differences).
rg -n --glob 'jupyter/**/pylock.toml' || true

Length of output: 443

---

🏁 Script executed:

#!/bin/bash
# Locate and inspect the sync-pylock-toml.sh script for uv version pinning
rg -nF "sync-pylock-toml.sh" -l
sed -n '1,200p' scripts/sync-pylock-toml.sh

Length of output: 1190

---

Pin uv version in the bootstrap step and verify CI access

The sync-pylock-toml.sh script bootstraps uv with an unpinned pip install uv, which risks variability in the generated pylock.toml as new uv releases come out. To ensure reproducible builds:

• Confirm that your CI runners permit networked pip install uv during the sync step.
• In scripts/sync-pylock-toml.sh, pin the uv version in the install command. For example:

- uv --version || pip install uv
+ uv --version || pip install uv==<fixed-version>

Replace <fixed-version> with the vetted uv release used in your last successful run.
• (Optional) Document this pinned version in your Makefile or CI configuration, so future updates aren’t applied accidentally without review.

These changes will lock the toolchain and prevent unintended drift in your lockfiles.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In Makefile around lines 477 to 481, the bootstrap step calls
scripts/sync-pylock-toml.sh which installs uv without pinning, causing
non-reproducible pylock.toml; update scripts/sync-pylock-toml.sh to replace the
unpinned pip install uv with a pinned version (use the last-vetted release as
<fixed-version>), ensure CI runners are allowed to perform networked pip
installs during this sync step (or add a job credential/mirror if not), and add
a short note in the Makefile or CI config documenting the pinned uv version so
future updates require explicit review.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (11)

.github/workflows/code-quality.yaml (1)

59-61: Prefer using ‘uv run --active’ instead of setting VIRTUAL_ENV manually

uv already manages the active environment for the project; using --active avoids needing to set VIRTUAL_ENV and matches uv’s guidance in the warning you noted.

Apply this diff to the step to avoid the environment hack:

-      - name: Run pre-commit on all files
-        run: |
-          uv run pre-commit run --all-files
-        env:
-          # warning: `VIRTUAL_ENV=.venv` does not match the project environment path `tests/.venv` and will be ignored; use `--active` to target the active environment instead
-          VIRTUAL_ENV: tests/.venv
+      - name: Run pre-commit on all files
+        run: |
+          uv run --active pre-commit run --all-files

runtimes/pytorch/ubi9-python-3.11/requirements.txt (1)

1262-1264: Narwhals 2.2.0: Safe to bump — no direct imports detected

• Ran a ripgrep search for direct imports of narwhals; no matches were found in the codebase.
• Since there are no direct import narwhals or from narwhals import … statements, this minor version bump should not introduce any API breaking changes.

Optional nitpick:

• To aid future upgrade triage, you may annotate in the UV group or add a requirements note indicating which upstream package pulls in narwhals, if it’s only a transitive dependency.

jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt (1)

1500-1502: narwhals 2.2.0 bump: check downstream dataframe adapters.

Looks fine, but if narwhals is used with pandas/polars in any notebooks/extensions, run a quick import+version check to catch subtle API changes.

Optionally add a minimal runtime self-test cell in CI (import narwhals as nw; nw.version).

jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt (2)

2931-2935: types-python-dateutil bumped; consider moving typing stubs to dev to trim image

Stubs are only useful for type-checking/LSP and not required at runtime. Given this is a production image, you can likely drop types-python-dateutil from runtime by keeping it in the tests/ UV project or dev group in pyproject.toml.

I can prepare a short change set to move typing stubs into the test-scoped UV project so they still reach CI and LSP without inflating the runtime image. Want me to draft it?

---

2390-2482: Version matrix validated – pyzmq 27.0.2, ipykernel 6.30.1 & jupyter-client 8.6.3 confirmed

I ran the version‐check script and it outputs exactly:

• ipykernel==6.30.1
• jupyter-client==8.6.3
• pyzmq==27.0.2

No unexpected older pyzmq pins were found.

If you’d like to proceed with a quick container smoke test, here’s a minimal snippet you can add to your CI or run locally:

#!/bin/bash
set -euo pipefail

# Build the UBI9 Python 3.11 TensorFlow ROCm image
docker build -t jupyter-rocm-tf-ubi9-py3.11 \
  -f jupyter/rocm/tensorflow/ubi9-python-3.11/Dockerfile .

# Run the container and start Jupyter Server in the background
CONTAINER_ID=$(docker run -d -p 8888:8888 jupyter-rocm-tf-ubi9-py3.11 \
  start.sh jupyter lab --LabApp.token='' --LabApp.allow_origin='*')

# Wait for the server to be up
echo "Waiting for Jupyter Server…"
until curl -s http://localhost:8888 | grep -q "JupyterLab"; do
  sleep 1
done

# Launch a simple kernel check via nbclient (requires nbclient installed locally)
python3 - <<PYCODE
from nbclient import NotebookClient
from nbformat import v4
nb = v4.new_notebook(cells=[
    v4.new_code_cell("print('hello from Python 3.11')"),
    v4.new_code_cell("import time; time.sleep(0.1)\nprint('OK')")
])
client = NotebookClient(nb, kernel_name="python3", timeout=60)
client.execute()
print("✅ Kernel startup & execution successful")
PYCODE

# Cleanup
docker rm -f $CONTAINER_ID

This will catch any startup/interrupt/heartbeat regressions in a real container environment.

jupyter/datascience/ubi9-python-3.11/requirements.txt (2)

1490-1492: narwhals → 2.2.0: OK, but sanity-check downstream usage.

If any notebooks or helpers rely on narwhals’ experimental shims, give them a quick run to catch subtle API tweaks.

---

2325-2417: pyzmq 27.0.2 is the only sizable runtime-sensitive bump—please smoke test kernel startup.

ZMQ affects Jupyter kernel comms. Recommend a quick runtime check in the datascience image:

• Start jupyter-server, open a Python 3.11 notebook, run a few cells (print, matplotlib inline).
• Verify interrupt/restart still works (signals go through ZMQ).

I can draft a minimal GH workflow step to boot a headless server, open a notebook via nbclient, and execute cells if helpful.

runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt (2)

1262-1264: narwhals 2.2.0 upgrade: OK, but please confirm no image notebooks rely on 2.1.x-specific behavior.

Minor API shifts are rare, but this lib bridges multiple dataframe engines; a quick runtime import/smoke check is prudent.

If helpful, I can generate a minimal notebook snippet to validate pandas and polars interop under 2.2.0.

---

2501-2502: Unify typing-extensions across Python 3.11 and 3.12 images

We currently pin typing-extensions==4.15.0 in every Python 3.11 image and ==4.14.1 in every Python 3.12 image. Mixing these minor versions across images can lead to subtle discrepancies when sharing or migrating notebooks. Since typing-extensions 4.15.0 is compatible with Python 3.12, consider bumping all 3.12 images to 4.15.0 for true cross-image parity.

• Update typing-extensions in all 3.12 requirements.txt files to ==4.15.0:
– runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt
– runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt
– runtimes/datascience/ubi9-python-3.12/requirements.txt
– runtimes/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt
– runtimes/pytorch/ubi9-python-3.12/requirements.txt
– runtimes/tensorflow/ubi9-python-3.12/requirements.txt
– runtimes/minimal/ubi9-python-3.12/requirements.txt
– all jupyter/*/ubi9-python-3.12/requirements.txt

• Recompute and update the corresponding SHA256 hashes.

Otherwise, within each Python major version the pins are already consistent—this is an optional nit unless you expect users to mix 3.11 and 3.12 images in the same workflow.

codeserver/ubi9-python-3.11/requirements.txt (1)

1097-1098: typing-extensions 4.15.0: fine for Py 3.11; consider repository-wide consistency.

Same note as other image; aligning pins reduces surprise.

Use the script in the other comment to review and harmonize if desired.

jupyter/pytorch/ubi9-python-3.11/requirements.txt (1)

2954-2956: types-python-dateutil in runtime image: consider moving to test/dev group.

Type stubs aren’t needed at runtime and add weight. With the uv-based workflow, you can place this in the tests UV project or a dev-only dependency group and exclude it from image sync.

If helpful, I can draft the pyproject.toml group change and the sync script tweak to exclude types-* packages from runtime images.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 968239c and 047ea3a.

⛔ Files ignored due to path filters (14)

• codeserver/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• jupyter/datascience/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• jupyter/minimal/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• jupyter/pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• jupyter/rocm/pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• jupyter/rocm/tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• jupyter/tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• jupyter/trustyai/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• runtimes/datascience/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• runtimes/minimal/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• runtimes/pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• runtimes/rocm-pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• runtimes/rocm-tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
• runtimes/tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock

📒 Files selected for processing (25)

• .github/workflows/build-notebooks-TEMPLATE.yaml (1 hunks)
• .github/workflows/code-quality.yaml (2 hunks)
• .github/workflows/docs.yaml (1 hunks)
• codeserver/ubi9-python-3.11/requirements.txt (5 hunks)
• jupyter/datascience/ubi9-python-3.11/requirements.txt (6 hunks)
• jupyter/minimal/ubi9-python-3.11/requirements.txt (4 hunks)
• jupyter/pytorch/ubi9-python-3.11/requirements.txt (6 hunks)
• jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt (6 hunks)
• jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt (6 hunks)
• jupyter/tensorflow/ubi9-python-3.11/requirements.txt (7 hunks)
• jupyter/trustyai/ubi9-python-3.11/requirements.txt (6 hunks)
• runtimes/datascience/ubi9-python-3.11/requirements.txt (5 hunks)
• runtimes/minimal/ubi9-python-3.11/requirements.txt (3 hunks)
• runtimes/pytorch/ubi9-python-3.11/requirements.txt (5 hunks)
• runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt (5 hunks)
• runtimes/rocm-tensorflow/ubi9-python-3.11/requirements.txt (5 hunks)
• runtimes/tensorflow/ubi9-python-3.11/requirements.txt (6 hunks)
• tests/containers/runtimes/runtime_test.py (0 hunks)
• tests/containers/workbenches/accelerator_image_test.py (0 hunks)
• tests/containers/workbenches/jupyterlab/jupyterlab_datascience_test.py (0 hunks)
• tests/containers/workbenches/jupyterlab/jupyterlab_test.py (0 hunks)
• tests/containers/workbenches/jupyterlab/jupyterlab_trustyai_test.py (0 hunks)
• tests/containers/workbenches/jupyterlab/libraries_test.py (0 hunks)
• tests/containers/workbenches/rstudio/rstudio_test.py (0 hunks)
• tests/containers/workbenches/workbench_image_test.py (0 hunks)

💤 Files with no reviewable changes (8)

• tests/containers/workbenches/workbench_image_test.py
• tests/containers/workbenches/accelerator_image_test.py
• tests/containers/workbenches/rstudio/rstudio_test.py
• tests/containers/workbenches/jupyterlab/libraries_test.py
• tests/containers/workbenches/jupyterlab/jupyterlab_datascience_test.py
• tests/containers/runtimes/runtime_test.py
• tests/containers/workbenches/jupyterlab/jupyterlab_test.py
• tests/containers/workbenches/jupyterlab/jupyterlab_trustyai_test.py

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/build-notebooks-TEMPLATE.yaml
• .github/workflows/docs.yaml

🧰 Additional context used

🧠 Learnings (11)

📓 Common learnings

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: codeserver/ubi9-python-3.11/Dockerfile.cpu:17-18
Timestamp: 2025-08-01T16:10:21.049Z
Learning: jiridanek requested GitHub issue creation for version pinning improvement of micropipenv and uv packages during PR #968 review. Issue #1595 was created with comprehensive problem description covering build reproducibility risks from unpinned package versions across 18 affected Dockerfiles, two solution options (direct pinning vs build arguments), implementation approach with testing requirements, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:152-158
Timestamp: 2025-08-02T10:26:52.388Z
Learning: jiridanek corrected CodeRabbit's false assessment about uv pip install --strict flag support during PR #968 review. User demonstrated that uv 0.8.0 does support the --strict flag through command line verification, contradicting CodeRabbit's analysis using uv 0.8.4 that incorrectly suggested the flag was unsupported.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:152-158
Timestamp: 2025-08-02T10:26:52.388Z
Learning: CodeRabbit made an incorrect assessment about uv pip install --strict flag support during PR #968 review, suggesting its removal when the flag is actually supported in both uv 0.8.0 and 0.8.4. jiridanek correctly demonstrated the flag's availability through command line verification, showing the importance of thorough verification and accepting corrections when evidence contradicts initial analysis.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1998
File: runtimes/pytorch/ubi9-python-3.11/Dockerfile.cuda:23-24
Timestamp: 2025-08-19T11:40:33.157Z
Learning: jiridanek corrected CodeRabbit's false assessment about uv pip install --build-constraints flag during PR #1998 review. User demonstrated that uv 0.8.12 uses the plural form --build-constraints (not --build-constraint as incorrectly suggested by CodeRabbit), verified through direct command line help output, showing the importance of accepting corrections when evidence contradicts initial analysis.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1333
File: runtimes/rocm-pytorch/ubi9-python-3.12/de-vendor-torch.sh:9-12
Timestamp: 2025-07-08T19:28:15.791Z
Learning: jiridanek requested GitHub issue creation for runtime detection improvement of Python site-packages paths during PR #1333 review. Issue #1344 was created with comprehensive problem description covering hard-coded path fragility across UBI9 distributions, extensive affected files analysis including 4 de-vendor scripts, 30+ Dockerfiles with chmod operations, and 12+ pip.conf configurations, runtime detection solution using sysconfig module, implementation areas breakdown, benefits analysis, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt:0-0
Timestamp: 2025-08-20T12:21:55.569Z
Learning: jiridanek requested GitHub issue creation for protobuf version mismatch and missing ecosystem packages during PR #2000 review. Issue #2056 was created documenting the discrepancy between declared protobuf==6.32.0 in requirements.txt and actual google.protobuf 4.25.8 in runtime image, along with missing packages (onnx, ray, grpcio, google-api-core, tensorboard) preventing compatibility testing, with comprehensive problem description, root cause analysis in build pipeline, resolution steps, and acceptance criteria.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-08-05T17:24:08.616Z
Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-11T11:16:05.131Z
Learning: jiridanek requested GitHub issue creation for RStudio py311 Tekton push pipelines during PR #1379 review. Issue #1384 was successfully created covering two RStudio variants (CPU and CUDA) found in manifests/base/params-latest.env, with comprehensive problem description, implementation requirements following the same pattern as other workbench pipelines, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2113
File: pyproject.toml:0-0
Timestamp: 2025-08-26T16:29:14.445Z
Learning: In opendatahub-io/notebooks, jiridanek's team uses selective dependency group resolution via scripts/sync-requirements-txt.sh instead of universal `uv lock --universal` resolution. This approach resolves individual image dependency groups (like jupyter-tensorflow-image) separately, making conflict matrices in pyproject.toml unnecessary since conflicting combinations between different image types never occur in the same resolution context.

📚 Learning: 2025-08-20T12:39:54.827Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt:807-809
Timestamp: 2025-08-20T12:39:54.827Z
Learning: Issue #2055 tracks the remaining runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file that stayed at jupyter-core==5.7.2 during PR #2000, which will be addressed separately due to specific challenges with that ROCm TensorFlow image.

Applied to files:

• jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt
• runtimes/tensorflow/ubi9-python-3.11/requirements.txt
• jupyter/datascience/ubi9-python-3.11/requirements.txt
• jupyter/tensorflow/ubi9-python-3.11/requirements.txt
• jupyter/trustyai/ubi9-python-3.11/requirements.txt
• jupyter/minimal/ubi9-python-3.11/requirements.txt
• jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt
• runtimes/pytorch/ubi9-python-3.11/requirements.txt
• runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt
• runtimes/rocm-tensorflow/ubi9-python-3.11/requirements.txt

📚 Learning: 2025-08-20T12:18:19.213Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/pytorch/ubi9-python-3.12/requirements.txt:804-807
Timestamp: 2025-08-20T12:18:19.213Z
Learning: The runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file remained at jupyter-core==5.7.2 while other runtime images were updated to 5.8.1 during PR #2000 to address CVE-2025-30167. jiridanek requested a separate GitHub issue to track this remaining update as the reason for the file being stuck at the old version was unclear.

Applied to files:

• jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt
• runtimes/tensorflow/ubi9-python-3.11/requirements.txt
• jupyter/datascience/ubi9-python-3.11/requirements.txt
• jupyter/tensorflow/ubi9-python-3.11/requirements.txt
• jupyter/trustyai/ubi9-python-3.11/requirements.txt
• jupyter/minimal/ubi9-python-3.11/requirements.txt
• jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt
• runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt
• jupyter/pytorch/ubi9-python-3.11/requirements.txt
• runtimes/rocm-tensorflow/ubi9-python-3.11/requirements.txt

📚 Learning: 2025-08-20T12:18:19.213Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/pytorch/ubi9-python-3.12/requirements.txt:804-807
Timestamp: 2025-08-20T12:18:19.213Z
Learning: The runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file remained at jupyter-core==5.7.2 while other runtime images were updated to 5.8.1 during PR #2000 to address CVE-2025-30167. jiridanek requested a separate GitHub issue (#2055) to track this remaining update as the reason for the file being stuck at the old version was unclear.

Applied to files:

• jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt
• runtimes/tensorflow/ubi9-python-3.11/requirements.txt
• jupyter/datascience/ubi9-python-3.11/requirements.txt
• jupyter/tensorflow/ubi9-python-3.11/requirements.txt
• jupyter/trustyai/ubi9-python-3.11/requirements.txt
• jupyter/minimal/ubi9-python-3.11/requirements.txt
• jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt
• runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt
• runtimes/rocm-tensorflow/ubi9-python-3.11/requirements.txt

📚 Learning: 2025-07-23T16:18:42.922Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-23T16:18:42.922Z
Learning: The TensorFlow ROCm Python 3.12 compatibility issue in opendatahub-io/notebooks PR #1259 was caused by using tensorflow-rocm==2.14.0.600 in Pipfile.lock which lacks Python 3.12 wheels, while the Pipfile specifies tensorflow_rocm=~=2.18.1. The solution requires updating Pipfile sources to include https://repo.radeon.com/rocm/manylinux/rocm-rel-6.4/ repository which contains tensorflow_rocm-2.18.1-cp312-cp312-manylinux_2_28_x86_64.whl and regenerating Pipfile.lock using the piplock-refresh GitHub Action.

Applied to files:

• jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt
• runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt

📚 Learning: 2025-06-28T14:21:09.429Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.429Z
Learning: TrustyAI 0.6.1 (latest version as of June 2025) has a hard dependency constraint on jupyter-bokeh~=3.0.5, preventing upgrades to jupyter-bokeh 4.x in notebook images that include TrustyAI. This requires either waiting for TrustyAI to update their dependency or excluding TrustyAI from jupyter-bokeh upgrades.

Applied to files:

• jupyter/trustyai/ubi9-python-3.11/requirements.txt

📚 Learning: 2025-06-28T14:21:09.429Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.429Z
Learning: TrustyAI explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency in both their requirements.txt and pyproject.toml files, with no open issues tracking jupyter-bokeh 4.x compatibility. This creates an unresolvable pip dependency conflict when trying to upgrade jupyter-bokeh to 4.x in notebook images that include TrustyAI.

Applied to files:

• jupyter/trustyai/ubi9-python-3.11/requirements.txt

📚 Learning: 2025-06-28T14:15:41.168Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.168Z
Learning: TrustyAI's jupyter-bokeh was pinned to 3.0.5 due to compatibility requirements with TrustyAI's visualization components, but the actual deployed version in requirements.txt shows 3.0.7, indicating incremental testing. The upgrade to 4.0.5 in this PR represents the completion of a gradual migration strategy from the 3.x series after confirming compatibility with Bokeh 3.7.3.

Applied to files:

• jupyter/trustyai/ubi9-python-3.11/requirements.txt
• jupyter/minimal/ubi9-python-3.11/requirements.txt
• jupyter/pytorch/ubi9-python-3.11/requirements.txt

📚 Learning: 2025-06-28T14:21:09.429Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.429Z
Learning: The jupyter-bokeh pinning to 3.0.5 in TrustyAI notebook image was not due to TrustyAI code compatibility issues, but because the trustyai package itself explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency, causing pip dependency resolution conflicts when trying to upgrade to jupyter-bokeh 4.x.

Applied to files:

• jupyter/trustyai/ubi9-python-3.11/requirements.txt

📚 Learning: 2025-06-28T14:15:41.168Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.168Z
Learning: The jupyter-bokeh package was previously pinned to version 3.0.5 in the TrustyAI notebook image due to compatibility requirements with TrustyAI components, as indicated by the comment "Should be pinned down to this version in order to be compatible with trustyai" that was removed in this update.

Applied to files:

• jupyter/trustyai/ubi9-python-3.11/requirements.txt

📚 Learning: 2025-07-01T14:36:52.852Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1247
File: .github/workflows/build-notebooks-TEMPLATE.yaml:50-53
Timestamp: 2025-07-01T14:36:52.852Z
Learning: In the opendatahub-io/notebooks repository, the test runner's Python version (configured in GitHub Actions UV setup) intentionally doesn't need to match the Python version of the container images being tested. jiridanek's team uses Python 3.12 for running tests while images may use different Python versions (like 3.11), and this approach works fine since the test code is separate from the application code running inside the containers.

Applied to files:

• .github/workflows/code-quality.yaml

🔇 Additional comments (74)

runtimes/minimal/ubi9-python-3.11/requirements.txt (4)

46-48: bs4 bump to 4.13.5 looks good; confirm hash coverage across target arches

The version is compatible with soupsieve==2.7 already present below. Please sanity-check that the two hashes cover the artifacts you expect to install on all supported architectures (x86_64, aarch64, s390x). Missing wheels would force sdist builds in CI.

If helpful, validate by running your multi-arch CI job (or locally per-arch) with: pip install --require-hashes -r runtimes/minimal/ubi9-python-3.11/requirements.txt and ensure no source builds occur for beautifulsoup4.

---

379-381: parso 0.8.5 aligns with jedi 0.19.x constraints

jedi==0.19.2 requires parso>=0.8.0,<0.9.0, so this bump is within range and low-risk.

---

385-387: platformdirs 4.4.0 upgrade is safe for jupyter-core/jupyter-client

No known incompatibilities for py>=3.9; this should be neutral for runtime behavior in the minimal image.

---

822-824: typing-extensions 4.15.0 pin: OK for Py3.11, but verify transitive consumers

Even on Python 3.11 some deps still import typing_extensions (e.g., IPython ecosystem). The bump looks fine; just confirm no package in this image relies on an older pinned cap (rare) and that duplication of this pin doesn’t occur elsewhere in image-specific requirement sets.

Optionally run pip check inside the built image to confirm no version conflicts: pip check.

.github/workflows/code-quality.yaml (2)

37-38: Setting UV_PROJECT for the tests project looks correct

Exporting UV_PROJECT to point at ${PWD}/tests aligns this workflow with the new tests-scoped UV project and should make uv pick up tests/pyproject.toml consistently across steps.

---

46-47: Good: setup-uv now targets test-scoped artifacts

Pointing cache-dependency-glob to tests/uv.lock and pyproject-file to tests/pyproject.toml matches the tests UV project layout and should improve cache hits.

jupyter/minimal/ubi9-python-3.11/requirements.txt (6)

148-150: beautifulsoup4 patch bump (4.13.4 → 4.13.5) with updated hashes looks fine

Patch release; no compatibility flags changed. OK to merge.

---

754-756: parso patch bump (0.8.4 → 0.8.5) is low-risk

Parso is used by jedi/IPython; patch-level update is typically safe.

---

760-762: platformdirs minor bump (4.3.8 → 4.4.0)

No Python markers changed; should be fine across images.

---

1262-1263: types-python-dateutil bump to 2.9.0.20250822

Types-only package; safe and won’t affect runtime.

---

1265-1266: typing-extensions minor bump (4.14.1 → 4.15.0)

Fine for Python 3.11 images; no constraints changed.

---

951-1043: pyzmq patch bump verified

• All ubi9-python-3.11 manifests now reference pyzmq==27.0.2 with refreshed wheel hashes.
• No occurrences of pyzmq==27.0.1 remain in any python-3.11 requirements files.
• ubi9-python-3.12 images continue to use pyzmq==27.0.1 as expected (they were not part of this bump).

Everything looks consistent. Keep an eye on downstream libzmq compatibility at runtime, but upstream wheels vendor libzmq.

runtimes/datascience/ubi9-python-3.11/requirements.txt (5)

194-196: beautifulsoup4 patch bump (4.13.4 → 4.13.5) with updated hashes

Consistent with other images; OK.

---

1441-1442: parso patch bump (0.8.4 → 0.8.5)

Matches minimal image; low risk.

---

1554-1555: platformdirs minor bump (4.3.8 → 4.4.0)

Consistent across images; OK.

---

2459-2460: typing-extensions minor bump (4.14.1 → 4.15.0)

No change to environment markers; safe.

---

1253-1254: Add CI smoke test for narwhals minor version bump
The bump from 2.1.2 → 2.2.0 could introduce breaking changes in the pandas/polars adapters. Since the suggested uv run command isn’t available locally, please add a CI step that:

• Builds (or pulls) the updated container image
• Installs or uses the image’s existing dependencies
• Runs a Python import check for pandas, polars, and narwhals to catch any API misalignments early

For example, in your pipeline you might add:

docker run --rm <your-image> /bin/bash -lc '
  python - <<"PYTHON"
import pandas as pd
import polars as pl
import narwhals as nw

print("narwhals", nw.__version__, "pandas", pd.__version__, "polars", pl.__version__)
PYTHON
'

This will immediately surface import or version conflicts before merging.

runtimes/pytorch/ubi9-python-3.11/requirements.txt (3)

1517-1519: Parso 0.8.5 is aligned with Jedi 0.19.x

jedi==0.19.2 (Line 787) expects the 0.8.x parso line; 0.8.5 is appropriate. Good to keep these in lockstep to avoid editor/inspection regressions in notebooks.

---

1630-1632: Platformdirs 4.4.0 bump is low risk for py311 base

This is a safe increment; no known Python 3.11 incompatibilities. Hashes pinned correctly.

---

2579-2581: typing-extensions pin consistency confirmed
All Python 3.11 runtime and Jupyter images uniformly pin typing-extensions==4.15.0, and all Python 3.12 variants consistently remain at 4.14.1. No inconsistencies detected—no further changes needed.

jupyter/tensorflow/ubi9-python-3.11/requirements.txt (8)

221-223: Bump to beautifulsoup4 4.13.5 looks fine

No breaking markers for our stack. soupsieve is pinned to 2.7 elsewhere in this file, which satisfies bs4’s dependency range. Nothing to change.

---

1586-1588: Narwhals 2.2.0 patch bump — OK

Pure Python utility; no known ABI risk. Safe to merge.

---

1914-1916: Parso 0.8.5 aligns with jedi 0.19.2

jedi’s range (>=0.8.3,<0.11) covers 0.8.5. Jupyter/IPython tooling should remain stable.

---

3091-3093: types-python-dateutil stubs update — safe

Stubs only; no runtime impact.

---

3095-3096: typing-extensions 4.15.0 — OK for py311 runtime

Pin is compatible with our stack (numpy 1.26.x, TF 2.18.x). No action needed.

---

2030-2032: Verify Jupyter runtime paths in an environment where Jupyter is installed

The check didn’t succeed because the jupyter executable wasn’t found and the Python snippet printed the function object instead of its return value. Please run the following in a shell where Jupyter is available to confirm that upgrading to platformdirs==4.4.0 hasn’t altered the runtime directory discovery:

# 1. Ensure jupyter is on your PATH (e.g., activate the same environment you’ll use for notebooks)
which jupyter

# 2. Print Jupyter’s configured paths
jupyter --paths

# 3. Verify the runtime directory from platformdirs
python - <<'PY'
import platformdirs as p
print("platformdirs.user_runtime_dir():", p.user_runtime_dir())
PY

• If the output directories match your pre-upgrade behavior, you can consider this low risk.
• If they differ, investigate any breaking changes in platformdirs 4.4.0’s cache/config logic.

---

2543-2635: Manual Verification Required: Missing jupyter_client in Test Environment

The runtime check script couldn’t execute because the sandbox environment does not have the jupyter_client package installed. To ensure that bumping to pyzmq 27.0.2 does not break Jupyter kernel startup, please:

• Install jupyter_client in your environment (e.g., via pip install jupyter_client).
• Re-run the provided handshake test script in a fully provisioned local or CI environment.
• Confirm that you receive kernel_output: ok before merging this change.

---

1070-1072: Please manually verify Keras 3.11.3 + TensorFlow 2.18.1 compatibility
The smoke test couldn’t run here (no tensorflow module), so to de-risk notebook startup, run the following inside your Jupyter TF image and confirm imports, eager execution, and pyzmq integration:

#!/bin/bash
python - <<'PY'
import tensorflow as tf, keras, zmq
print("tf:", tf.__version__, "keras:", keras.__version__, "pyzmq:", zmq.pyzmq_version())
# simple eager test
import numpy as np
a = tf.constant([1.0, 2.0]); b = tf.constant([3.0, 4.0])
print("dot:", tf.reduce_sum(a*b).numpy())
PY

If this passes without error, we’re good to ship.

jupyter/trustyai/ubi9-python-3.11/requirements.txt (7)

219-221: bs4 bump to 4.13.5 looks good; marker is fine for py311

The loosened marker (python_full_version >= '3.7.0') and new hashes are consistent. Soupsieve is already pinned (2.7), which satisfies bs4’s requirements.

---

1748-1750: parso 0.8.5 patch bump is safe

Parso is a jedi dependency; this minor bump is non-breaking for our pinned jedi/ipython set. Hashes look correct.

---

1864-1866: platformdirs 4.4.0 patch bump is benign

No known regressions for our usage; good to keep this current.

---

3030-3032: types-python-dateutil stub bump is harmless

Type stubs update only; no runtime impact. Hashes are in place.

---

2370-2462: pyzmq 27.0.2 – wheels present & pylock.toml updated; no further action needed

• Verified that jupyter/trustyai/ubi9-python-3.11/pylock.toml contains the updated pyzmq==27.0.2 entry (sdist) along with prebuilt wheels for:
  • macOS universal2 (cp310, cp311)
  • manylinux2014_i686 & manylinux_2_26_x86_64 for cp310–cp314
  • musllinux_1_2 for aarch64, i686, x86_64
  • Windows win32, win_amd64, win_arm64
  • Abi3 builds (cp312, cp313, cp314) and PyPy variants for multiple Python versions
  No architectures are missing.
• Grepping available build logs yielded no occurrences of “Building wheel for pyzmq” or “libzmq,” indicating that all binary wheels are found and no source‐build fallback was triggered.

Everything looks correct and up to date—no additional changes required.

---

3034-3035: typing-extensions Pin Consistency Verified

All occurrences of typing-extensions in jupyter/trustyai/ubi9-python-3.11 have been confirmed to pin exactly to 4.15.0 with matching hashes, and no conflicting upper-bound specifiers (≤ 4.x) exist in any lock or manifest files:

• requirements.txt: typing-extensions==4.15.0
• pylock.toml: version = “4.15.0” (hash 0cea48d…)
• Pipfile.lock: “typing-extensions”: version “==4.15.0” (hash 0cea48d…)
• No “typing-extensions <= 4.x” patterns found across all lock files

This satisfies our stack compatibility checks for Torch 2.6 and Transformers 4.53 with ≥ 4.12.

---

1520-1522: Ensure pandas is installed in the built image and re-run interop check

It looks like running the import test on your host failed because pandas isn’t available outside the container, which suggests the image may not have installed it properly. Please:

• Confirm that pandas==1.5.3 (line 1711 in jupyter/trustyai/ubi9-python-3.11/requirements.txt) is actually being installed into the container.

• Rebuild the image and exec into it to run:

  python - <<'PY'
  import pandas as pd
  import narwhals as nw
  df = pd.DataFrame({"a":[1,2]})
  nw_df = nw.from_native(df)
  print("narwhals_ok", nw_df.shape)
  PY

  to verify narwhals.from_native works with pandas 1.5.3.

runtimes/tensorflow/ubi9-python-3.11/requirements.txt (6)

200-202: Bump beautifulsoup4 to 4.13.5 — LGTM

No known incompatibilities with soupsieve==2.7 pinned later in the file; minor update is safe.

---

1351-1353: narwhals 2.2.0 upgrade — looks fine

Compatible with pandas==2.2.3 in this image; no API breaks expected for common usage.

---

1661-1663: parso 0.8.5 — safe with jedi 0.19.2

Editor/completion stack should remain stable; change is low risk.

---

1774-1776: platformdirs 4.4.0 — minor bump approved

Downstream users like virtualenv should be fine on py311.

---

2724-2726: typing-extensions 4.15.0 — approved

Reasonable for CPython 3.11 targets; keeps backport consumers happy.

---

858-860: Ensure Keras and TensorFlow pins are aligned across all images

I scanned every UBI9 image for standalone Keras and TensorFlow pins and found divergent versions:

• runtimes/tensorflow/ubi9-python-3.11:
  • tensorflow[and-cuda]==2.18.1
  • keras==3.11.3
• runtimes/tensorflow/ubi9-python-3.12:
  • tensorflow[and-cuda]==2.19.1
  • keras==3.11.2
• jupyter/tensorflow/ubi9-python-3.11:
  • tensorflow[and-cuda]==2.18.1
  • keras==3.11.3
• jupyter/tensorflow/ubi9-python-3.12:
  • tensorflow[and-cuda]==2.19.1
  • keras==3.11.2
• runtimes/rocm-tensorflow/ubi9-python-3.11 and jupyter/rocm/tensorflow/ubi9-python-3.11 pin keras==2.14.0 (TF-ROCm version may differ)

This mismatch can lead to pip solver conflicts or subtle API mismatches at runtime. Please verify in each image that:

• pip install tensorflow[and-cuda]==<pinned> + keras==<pinned> resolves cleanly
• tf.keras is actually invoking the standalone Keras backend you expect

If any environment fails, consider one of:

• Removing the standalone Keras pin entirely and letting the TensorFlow wheel drive the Keras version
• Centralizing the Keras version in a single requirements include so all images stay in sync

jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt (6)

219-221: BeautifulSoup 4.13.5 bump looks safe; verify soupsieve compatibility.

Pin remains compatible with soupsieve==2.7 present later in this file. No action beyond a quick import/sanity check.

You can include bs4 in the smoke test matrix (import bs4; from bs4 import BeautifulSoup) to ensure no runtime regressions. See the verification script in the pyzmq comment for repo-wide pin consistency.

---

1706-1708: parso 0.8.5 stays within jedi’s supported range.

jedi==0.19.2 requires parso>=0.8.4,<0.9.0, so this bump is correct.

---

1822-1824: platformdirs 4.4.0: low-risk maintenance bump.

Should not affect Jupyter paths, but keep an eye on config/data dir resolution in custom kernels.

If you have a smoke test, assert JUPYTER_CONFIG_DIR and paths still resolve as expected.

---

2875-2877: types-python-dateutil stubs updated: harmless for runtime.

Stubs don’t affect execution; fine to land.

---

2878-2880: typing-extensions 4.15.0: ensure PyTorch 2.6.0 compatibility.

This should satisfy torch’s lower-bound; no known upper bound issues. Still, do a quick import torch; import typing_extensions sanity check in the built image.

---

2342-2434: pyzmq bump validated across all Jupyter Python 3.11 images

All Jupyter images targeting Python 3.11 now consistently pin pyzmq==27.0.2 alongside ipykernel==6.30.1 and jupyter-client==8.6.3. No discrepancies were found between:

• jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt (pyzmq==27.0.2)
• jupyter/pytorch/ubi9-python-3.11/requirements.txt (pyzmq==27.0.2)
• jupyter/minimal/ubi9-python-3.11/requirements.txt (pyzmq==27.0.2)
• jupyter/datascience/ubi9-python-3.11/requirements.txt (pyzmq==27.0.2)
• jupyter/tensorflow/ubi9-python-3.11/requirements.txt (pyzmq==27.0.2)
• jupyter/trustyai/ubi9-python-3.11/requirements.txt (pyzmq==27.0.2)
• jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt (pyzmq==27.0.2)

The runtime (non-Jupyter) images remain on pyzmq==26.2.1 by design, and this divergence is intentional given differing dependency matrices. No further action is required to harmonize pyzmq across Jupyter images.

jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt (5)

221-223: Bump to beautifulsoup4 4.13.5 looks fine

soupsieve is pinned at 2.7 later in the file, which is compatible with bs4 4.13.x. Low-risk runtime upgrade.

---

1571-1573: narwhals 2.2.0 upgrade OK; verify optional backends aren’t implicitly required

narwhals works with pandas 2.2.x (already pinned here). If polars is not included in this image (it isn’t listed), the default behavior remains pandas-only.

If you want, I can run a quick repository scan to confirm no code in this image imports narwhals with a polars backend assumption.

---

1761-1763: parso 0.8.5 is within jedi’s supported range

You already have jedi==0.19.2. parso 0.8.5 is compatible with that, so completions/highlighting in IPython/Jupyter should be unaffected.

---

1877-1879: platformdirs 4.4.0: benign upkeep

Common downstreams (black/isort/ipython) continue to work with 4.4.x. No action needed.

---

2934-2935: typing-extensions 4.15.0: safe increment

Works across your pinned stack (e.g., pydantic v1, ipython, jupyter components) on Python 3.11. No issues expected.

jupyter/datascience/ubi9-python-3.11/requirements.txt (5)

215-217: Bump to beautifulsoup4 4.13.5 looks good.

Pure-Python package; compatible with soupsieve==2.7 already present. Low-risk upgrade.

---

1696-1698: parso 0.8.5 aligns with jedi 0.19.x constraints.

Jedi typically supports parso >=0.8.4,<0.9; this fits. No action needed.

---

1812-1814: platformdirs 4.4.0: routine patch bump.

No known breakage for Python 3.11 images; safe to merge.

---

2836-2838: types-python-dateutil stubs bump: fine.

Dev-time only; won’t affect runtime. Safe change.

---

2839-2841: typing-extensions 4.15.0: fine for Py 3.11.

Broadly compatible; many libs guard-import this. No issues anticipated.

runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt (3)

198-200: Bumped beautifulsoup4 to 4.13.5 looks fine; transitive deps are compatible.

soupsieve is pinned at 2.7 later in this file, which satisfies bs4 4.13.x requirements. No action needed.

---

1453-1455: parso 0.8.5 aligns with jedi 0.19.2 constraints.

jedi typically specifies parso >=0.8.3,<0.9.0; 0.8.5 is within range. Good to go.

---

1566-1568: platformdirs 4.4.0 bump: low risk, proceed.

No known breaking changes for our usage in this image.

codeserver/ubi9-python-3.11/requirements.txt (3)

641-642: parso 0.8.5 matches jedi’s supported range.

Safe upgrade.

---

753-755: platformdirs 4.4.0 bump is routine.

No issues spotted.

---

877-969: pyzmq bump: cross-image consistency and runtime smoke test

We ran a repo-wide search and found:

• runtimes/** (all Python ≥ 3.7): still pinned to pyzmq==26.2.1
• jupyter/** & codeserver/**
  • Python 3.11 images: pyzmq==27.0.2
  • Python 3.12 images: pyzmq==27.0.1

Please confirm:

• The divergence between the runtime images (26.2.1) and the notebook-based images (27.x) is intentional.
• The differing bug-fix pins for Py 3.11 (27.0.2) vs. 3.12 (27.0.1) in jupyter/codeserver images are by design; if not, consider aligning 3.12 images (and/or the runtime images) to 27.0.2.
• You’ve performed a quick smoke test in the built codeserver/3.11 image:
  1. import zmq, jupyter_client, ipykernel
  2. start and execute a simple cell
  3. verify no ABI errors on import zmq

Once these are confirmed (or adjustments planned), this bump can be merged as is.

runtimes/rocm-tensorflow/ubi9-python-3.11/requirements.txt (5)

1333-1335: narwhals upgrade safe: no direct imports detected

• Repository scan for import narwhals / from narwhals found no direct usages.
• Since no code in this repo references narwhals, bumping to 2.2.0 carries minimal blast radius.
• If you have external notebooks or helper scripts outside of version control that import narwhals, you may run a quick smoke test there—but no CI changes are needed here.

---

1618-1620: Unable to auto-verify platformdirs/virtualenv warnings – please manually inspect CI logs

Our search didn’t find any .log files in the repo, so we can’t confirm automatically whether virtualenv 20.34.0 emits any platformdirs-related warnings (XDG, cache/dir resolution, etc.). To resolve this:

• Review your CI build output for any “platformdirs”, “virtualenv” or “XDG” warnings after installing/using virtualenv 20.34.0.
• If no warnings appear, you can consider platformdirs 4.4.0 safe for this image.
• If you do spot warnings, please follow up by pinning or patching virtualenv or adjusting cache paths as needed.

---

200-202: All soupsieve pins are consistent and beautifulsoup4 bump is aligned across variants
Verification confirms that every Python 3.11 requirements.txt (including runtimes/rocm-tensorflow/ubi9-python-3.11) pins beautifulsoup4==4.13.5 and soupsieve==2.7, and all Python 3.12 files pin beautifulsoup4==4.13.4 with soupsieve==2.7. No discrepancies found—no further changes required.

---

2557-2559: Consistent typing-extensions Pin Across All Images Confirmed

Cross-image audit shows that every Python 3.11 image pins typing-extensions==4.15.0, and every Python 3.12 image consistently uses 4.14.1. No mismatches detected—pins are aligned across all requirements files. Approving these changes.

---

1505-1507: parso version alignment confirmed

• Verified via pip download jedi==0.19.2 that Jedi 0.19.2 declares a dependency on parso<0.9.0,>=0.8.4, and thus parso==0.8.5 satisfies the upstream constraint.
• Cross-file search of all requirements.txt shows that every Python 3.11 variant (including this rocm-tensorflow/ubi9-python-3.11 image) pins parso==0.8.5, while Python 3.12 variants pin parso==0.8.4; this matches the minimum bound and remains within <0.9.0.

No changes required here.

jupyter/pytorch/ubi9-python-3.11/requirements.txt (6)

1500-1502: narwhals 2.2.0: LGTM with current pandas (2.2.3).

2.2.0 supports modern pandas; no conflicting pins are apparent in this image.

---

1770-1772: parso 0.8.5: compatible with jedi 0.19.2.

jedi typically requires parso >=0.8.3,<0.9; this pin is within range.

---

2957-2959: typing-extensions 4.15.0: fine with current ecosystem (incl. pydantic v1).

No common libs here are known to cap below 4.15.0. Ship it.

---

219-221: ✔️ Approve beautifulsoup4 4.13.5 bump – soupsieve pin verified

• Confirmed soupsieve==2.7 is present in jupyter/pytorch/ubi9-python-3.11/requirements.txt (line 2864) and in corresponding runtime requirement files, satisfying BeautifulSoup4’s compatibility requirements.
• No additional changes needed.

---

1886-1888: Import test incomplete: black not found in built container

It appears the smoke test failed because the black module isn’t installed, so we can’t verify that the platformdirs bump won’t break it. Please confirm that both tools are present and importable in your image before approving:

• Ensure black==25.1.0 and virtualenv==20.34.0 are installed in the container (e.g. via your requirements).

• Re-run the import smoke test inside the built image:

  # Inside your built container shell
  pip install black==25.1.0 virtualenv==20.34.0
  python - <<'PY'
  import platformdirs, black, virtualenv
  print("platformdirs", platformdirs.__version__)
  print("black import ok:", bool(black.__version__))
  print("virtualenv import ok:", bool(virtualenv.__version__))
  PY

• Verify that:

  1. platformdirs reports version 4.4.0.
  2. Both black and virtualenv import without errors.

Once you’ve confirmed this, we can safely approve the bump.

---

2399-2491: pyzmq 27.0.2 patch upgrade – please re-run smoke test inside the built container

The previous test failed with “ModuleNotFoundError: No module named ‘zmq’,” which usually means it was run on the host rather than inside the image. To verify that the new pyzmq is correctly installed and that ipykernel/jupyter-client’s ZeroMQ startup path still works, please run this minimal check inside your built Jupyter image:

• Replace <image> with your built image tag.
• The test should print something like pyzmq: 27.0.2 - basic ctx/socket OK.

docker run --rm <image> bash -lc "python3 - <<'PY'
import zmq, jupyter_client, ipykernel  # should all import without error
ctx = zmq.Context.instance()
s = ctx.socket(zmq.REP)
s.close()
ctx.term()
print('pyzmq:', zmq.__version__, '- basic ctx/socket OK')
PY"

• If this still fails, confirm that your Dockerfile (or build scripts) is installing jupyter/pytorch/ubi9-python-3.11/requirements.txt and picking up pyzmq==27.0.2.
• Verify with docker run --rm <image> pip show pyzmq that version 27.0.2 is present.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

narwhals 2.2.0 bump: OK; mirror this across images (done for ROCm PyTorch).

No functional concerns; appreciate keeping versions aligned.

Optional: verify all images now pin 2.2.0:

---

🏁 Script executed:

#!/bin/bash
rg -n --no-heading -C0 $'^narwhals=='

Length of output: 2695

---

narwhals 2.2.0 bump incomplete – please update remaining images

It looks like the bump to narwhals==2.2.0 was only applied to the Python 3.11 images. You’ll need to mirror it across all Python 3.12 (and any other) images that still pin 2.1.2:

• runtimes/pytorch/ubi9-python-3.12/requirements.txt
• runtimes/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt
• runtimes/tensorflow/ubi9-python-3.12/requirements.txt
• runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt
• runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt
• runtimes/datascience/ubi9-python-3.12/requirements.txt
• jupyter/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt
• jupyter/trustyai/ubi9-python-3.12/requirements.txt
• jupyter/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/datascience/ubi9-python-3.12/requirements.txt
• codeserver/ubi9-python-3.12/requirements.txt

After updating those, please rerun the grep check to confirm every narwhals== entry reads 2.2.0.

🤖 Prompt for AI Agents

In codeserver/ubi9-python-3.11/requirements.txt around lines 490-491 the
narwhals bump to 2.2.0 was applied here but not mirrored across other images;
update every requirements.txt listed in the comment (runtimes/* and jupyter/*
and codeserver/ubi9-python-3.12/requirements.txt) to replace narwhals==2.1.2
with narwhals==2.2.0, ensure any corresponding --hash lines are updated or
regenerated to match the new version, and then rerun the grep check across the
repo to confirm every "narwhals==" entry reports 2.2.0.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

BeautifulSoup 4.13.5 bump looks good; soupsieve pin already compatible

No breaking changes expected for our stack here, and soupsieve==2.7 (Line 2502) remains within BeautifulSoup’s supported range. Hash pinning present for determinism.

To keep the repo consistent across images, run this quick check to ensure the same version appears everywhere:

---

🏁 Script executed:

#!/bin/bash
# Verify bs4 version consistency across all requirements files
rg -n --glob '**/requirements.txt' -e $'^beautifulsoup4=='

Length of output: 3289

---

BeautifulSoup4 Version Bump Must Be Applied Consistently Across All Images

The bump to beautifulsoup4==4.13.5 currently only landed in the Python 3.11 images (e.g. runtimes/pytorch/ubi9-python-3.11/requirements.txt). However, the Python 3.12 images and many other runtime/Jupyter requirements still pin beautifulsoup4==4.13.4. To avoid configuration drift and ensure parity across all images, please update the following files to use beautifulsoup4==4.13.5 (including hashes) or explicitly document any intentional divergence:

• runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt (line 200)
• runtimes/tensorflow/ubi9-python-3.12/requirements.txt (line 200)
• runtimes/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt (line 149)
• runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt (line 198)
• runtimes/pytorch/ubi9-python-3.12/requirements.txt (line 198)
• runtimes/datascience/ubi9-python-3.12/requirements.txt (line 194)
• runtimes/minimal/ubi9-python-3.12/requirements.txt (line 139)
• jupyter/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt (line 170)
• jupyter/trustyai/ubi9-python-3.12/requirements.txt (line 219)
• jupyter/tensorflow/ubi9-python-3.12/requirements.txt (line 221)
• jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt (line 221)
• jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt (line 219)
• jupyter/minimal/ubi9-python-3.12/requirements.txt (line 148)
• jupyter/datascience/ubi9-python-3.12/requirements.txt (line 215)
• jupyter/pytorch/ubi9-python-3.12/requirements.txt (line 219)

Once updated, please regenerate the hash pins for determinism.

🤖 Prompt for AI Agents

runtimes/pytorch/ubi9-python-3.11/requirements.txt lines 198-200: The
BeautifulSoup4 bump to 4.13.5 was applied only to the Python 3.11 image; update
the other listed files to use beautifulsoup4==4.13.5 with the correct sha256
hashes (or document intentional divergence) and then regenerate all pip hash
pins for determinism — specifically edit the following files at the indicated
lines to replace beautifulsoup4==4.13.4 with beautifulsoup4==4.13.5 and update
both --hash entries: runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt
(line 200), runtimes/tensorflow/ubi9-python-3.12/requirements.txt (line 200),
runtimes/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt (line 149),
runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt (line 198),
runtimes/pytorch/ubi9-python-3.12/requirements.txt (line 198),
runtimes/datascience/ubi9-python-3.12/requirements.txt (line 194),
runtimes/minimal/ubi9-python-3.12/requirements.txt (line 139),
jupyter/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt (line 170),
jupyter/trustyai/ubi9-python-3.12/requirements.txt (line 219),
jupyter/tensorflow/ubi9-python-3.12/requirements.txt (line 221),
jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt (line 221),
jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt (line 219),
jupyter/minimal/ubi9-python-3.12/requirements.txt (line 148),
jupyter/datascience/ubi9-python-3.12/requirements.txt (line 215), and
jupyter/pytorch/ubi9-python-3.12/requirements.txt (line 219); after updating,
run your pip-compile or pip-licenses/hashes tooling to regenerate and commit the
new --hash lines.

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (8)

runtimes/pytorch/ubi9-python-3.12/requirements.txt (1)

1259-1261: narwhals upgraded to 2.2.0 — check downstream usage for any subtle API shifts.

• We don’t vendor polars here; primary interaction will be through pandas 2.2.3 which should be fine. If any notebooks rely on narwhals’ optional behaviors, a quick execution of those notebooks in this image would be prudent.

Would you like me to prepare a short validation cell/notebook snippet to exercise common narwhals operations against pandas?

runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt (1)

855-857: Standalone Keras dependency usage verified

We ran the requested searches and found no occurrences of standalone import keras or from keras import … anywhere in the repository. All existing notebooks and Python tests exclusively use tf.keras, so the risk of confusion between the two APIs is effectively zero:

• runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt (lines 855–857) pulls in keras==3.11.3, but
• no code references keras directly; all imports are of the form tf.keras or from tensorflow import keras.

Recommendations (all optional):

• Remove the standalone keras dependency if it isn’t actually needed by downstream workloads.
• If you intend to keep it, consider adding a minimal CI smoke test to this image, e.g.:

import tensorflow as tf
import keras
assert tf.__version__.startswith("2.18")
assert keras.__version__ == "3.11.3"

• Update the image’s README to document that the supported import path is tf.keras, to prevent any future confusion.

jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt (2)

219-221: Bump to beautifulsoup4 4.13.5 looks good.

Minor patch-level update; compatible with soupsieve==2.7 already pinned in this file.

If you want to keep versions aligned repo-wide, we can scan for divergent bs4 pins across all images.

---

2272-2274: No version drift detected for python-lsp-server & jupyterlab-lsp

I ran the repo-wide grep and confirmed that in jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt (and all other images) python-lsp-server[all]==1.13.1 (for Python ≥ 3.9) is paired with jupyterlab-lsp==5.1.1 (for Python ≥ 3.8), with no mismatched pins.

Please still smoke-test pylsp startup in one built image to catch any runtime incompatibilities:

• Run pylsp --help
• Run:

  python -c "import pylsp, pkgutil; print('pylsp ok'); import jedi, parso; print(jedi.__version__, parso.__version__)"

Consider adding a “pylsp starts” smoke test to CI for a representative image to prevent future regressions.

jupyter/minimal/ubi9-python-3.12/requirements.txt (1)

1262-1263: Move types-python-dateutil to dev/test-only dependencies

We ran the grep search across all shipped extensions and found no runtime imports of the types-python-dateutil stub—its only occurrences are in various requirements.txt, Pipfile.lock, and pylock.toml files. To keep the minimal image lean, you can relocate this package to your development/test dependency list without affecting runtime behavior.

Files to update:

• jupyter/minimal/ubi9-python-3.12/requirements.txt (line 1261)
• (Optionally) any other requirements.txt where you’d like to slim down the runtime image

Suggested diff for the minimal image:

--- a/jupyter/minimal/ubi9-python-3.12/requirements.txt
+++ b/jupyter/minimal/ubi9-python-3.12/requirements.txt
@@ -1260,3 +1260,3 @@
     --hash=sha256:b74e89e397b1ed28cc831db7aea759ba6640cb3de13090ca145426688ff1ac4f
-   types-python-dateutil==2.9.0.20250822; python_version >= '3.9'
+# (moved to dev/test-only dependencies)

If you rely on these stubs at runtime for tooling or extension imports, you can leave the pin as-is.

runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt (1)

1548-1550: Update Jupyter path–verification snippet to handle missing jupyter_core

The current check fails because jupyter_core isn’t installed in the image, so the import raises ModuleNotFoundError. To still verify that the new platformdirs version resolves Jupyter directories as expected, please update the snippet one of two ways:

• Install jupyter-core just for the test, then use its API:

# inside the built image
pip install --no-cache-dir jupyter-core
python - <<'PY'
import platformdirs, jupyter_core.paths as jp
print("platformdirs:", platformdirs.__version__)
print("jupyter_config_dir:", jp.jupyter_config_dir())
print("jupyter_data_dir: ", jp.jupyter_data_dir())
print("jupyter_runtime_dir:", jp.jupyter_runtime_dir())
PY

• Or skip jupyter_core altogether and rely solely on platformdirs fallbacks:

# inside the built image
python - <<'PY'
import platformdirs
print("platformdirs:", platformdirs.__version__)
print("jupyter config dir:", platformdirs.user_config_dir("jupyter"))
print("jupyter data dir: ", platformdirs.user_data_dir("jupyter"))
print("jupyter runtime dir:", platformdirs.user_runtime_dir("jupyter"))
PY

Either approach will surface where Jupyter config/data/runtime directories land on UBI9 with platformdirs==4.4.0.

jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt (1)

2423-2424: python-lsp-server[all] 1.13.1 – verify startup inside the built image

Minor bump; should remain compatible with jupyterlab-lsp 5.1.1, but the smoke-test must run in the built container, not on the host. For example:

# 1) Build your UBI9-Python3.12 image
docker build \
  -f jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile \
  -t tf-ubi9-py3.12 .

# 2) Verify that the 'pylsp' CLI is present
docker run --rm tf-ubi9-py3.12 pylsp --help

# 3) Perform a minimal handshake (prints version)
docker run --rm tf-ubi9-py3.12 python - <<'PY'
import subprocess, json, sys
res = subprocess.run(["pylsp", "--version"], capture_output=True, text=True)
print("pylsp version:", res.stdout.strip())
PY

• If either step fails, the image may be missing the CLI entrypoint or dependencies.
• Consider adding exactly these three steps as a CI smoke test on your image build pipeline to catch any future plugin/env regressions.

jupyter/tensorflow/ubi9-python-3.12/requirements.txt (1)

2482-2483: python-lsp-server[all] 1.13.1 is consistent with the surrounding lint stack.

• Matches flake8 7.1.x, pycodestyle 2.12.x, pyflakes 3.2.x, rope 1.14.0, and yapf 0.43.0 here.
• Note: [all] pulls in many extras and increases image size; if image size becomes a concern later, consider a slimmer plugin set.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 047ea3a and d8c792a.

⛔ Files ignored due to path filters (16)

• codeserver/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• jupyter/datascience/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• jupyter/minimal/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• jupyter/pytorch+llmcompressor/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• jupyter/pytorch/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• jupyter/rocm/pytorch/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• jupyter/rocm/tensorflow/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• jupyter/tensorflow/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• jupyter/trustyai/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• runtimes/datascience/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• runtimes/minimal/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• runtimes/pytorch+llmcompressor/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• runtimes/pytorch/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• runtimes/rocm-pytorch/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• runtimes/rocm-tensorflow/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock
• runtimes/tensorflow/ubi9-python-3.12/Pipfile.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• codeserver/ubi9-python-3.12/requirements.txt (5 hunks)
• jupyter/datascience/ubi9-python-3.12/requirements.txt (7 hunks)
• jupyter/minimal/ubi9-python-3.12/requirements.txt (4 hunks)
• jupyter/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt (14 hunks)
• jupyter/pytorch/ubi9-python-3.12/requirements.txt (7 hunks)
• jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt (7 hunks)
• jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt (8 hunks)
• jupyter/tensorflow/ubi9-python-3.12/requirements.txt (8 hunks)
• jupyter/trustyai/ubi9-python-3.12/requirements.txt (8 hunks)
• runtimes/datascience/ubi9-python-3.12/requirements.txt (5 hunks)
• runtimes/minimal/ubi9-python-3.12/requirements.txt (3 hunks)
• runtimes/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt (13 hunks)
• runtimes/pytorch/ubi9-python-3.12/requirements.txt (5 hunks)
• runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt (5 hunks)
• runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt (6 hunks)
• runtimes/tensorflow/ubi9-python-3.12/requirements.txt (6 hunks)

🧰 Additional context used

🧠 Learnings (12)

📓 Common learnings

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: codeserver/ubi9-python-3.11/Dockerfile.cpu:17-18
Timestamp: 2025-08-01T16:10:21.049Z
Learning: jiridanek requested GitHub issue creation for version pinning improvement of micropipenv and uv packages during PR #968 review. Issue #1595 was created with comprehensive problem description covering build reproducibility risks from unpinned package versions across 18 affected Dockerfiles, two solution options (direct pinning vs build arguments), implementation approach with testing requirements, detailed acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:152-158
Timestamp: 2025-08-02T10:26:52.388Z
Learning: jiridanek corrected CodeRabbit's false assessment about uv pip install --strict flag support during PR #968 review. User demonstrated that uv 0.8.0 does support the --strict flag through command line verification, contradicting CodeRabbit's analysis using uv 0.8.4 that incorrectly suggested the flag was unsupported.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#968
File: runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda:152-158
Timestamp: 2025-08-02T10:26:52.388Z
Learning: CodeRabbit made an incorrect assessment about uv pip install --strict flag support during PR #968 review, suggesting its removal when the flag is actually supported in both uv 0.8.0 and 0.8.4. jiridanek correctly demonstrated the flag's availability through command line verification, showing the importance of thorough verification and accepting corrections when evidence contradicts initial analysis.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1998
File: runtimes/pytorch/ubi9-python-3.11/Dockerfile.cuda:23-24
Timestamp: 2025-08-19T11:40:33.157Z
Learning: jiridanek corrected CodeRabbit's false assessment about uv pip install --build-constraints flag during PR #1998 review. User demonstrated that uv 0.8.12 uses the plural form --build-constraints (not --build-constraint as incorrectly suggested by CodeRabbit), verified through direct command line help output, showing the importance of accepting corrections when evidence contradicts initial analysis.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1333
File: runtimes/rocm-pytorch/ubi9-python-3.12/de-vendor-torch.sh:9-12
Timestamp: 2025-07-08T19:28:15.791Z
Learning: jiridanek requested GitHub issue creation for runtime detection improvement of Python site-packages paths during PR #1333 review. Issue #1344 was created with comprehensive problem description covering hard-coded path fragility across UBI9 distributions, extensive affected files analysis including 4 de-vendor scripts, 30+ Dockerfiles with chmod operations, and 12+ pip.conf configurations, runtime detection solution using sysconfig module, implementation areas breakdown, benefits analysis, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-08-05T17:24:08.616Z
Learning: jiridanek requested PR review for #1521 covering s390x architecture support improvements, demonstrating continued focus on systematic multi-architecture compatibility enhancements in the opendatahub-io/notebooks repository through clean implementation with centralized configuration, proper CI integration, and architecture-aware testing patterns.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt:0-0
Timestamp: 2025-08-20T12:21:55.569Z
Learning: jiridanek requested GitHub issue creation for protobuf version mismatch and missing ecosystem packages during PR #2000 review. Issue #2056 was created documenting the discrepancy between declared protobuf==6.32.0 in requirements.txt and actual google.protobuf 4.25.8 in runtime image, along with missing packages (onnx, ray, grpcio, google-api-core, tensorboard) preventing compatibility testing, with comprehensive problem description, root cause analysis in build pipeline, resolution steps, and acceptance criteria.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-11T11:16:05.131Z
Learning: jiridanek requested GitHub issue creation for RStudio py311 Tekton push pipelines during PR #1379 review. Issue #1384 was successfully created covering two RStudio variants (CPU and CUDA) found in manifests/base/params-latest.env, with comprehensive problem description, implementation requirements following the same pattern as other workbench pipelines, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2113
File: pyproject.toml:0-0
Timestamp: 2025-08-26T16:29:14.445Z
Learning: In opendatahub-io/notebooks, jiridanek's team uses selective dependency group resolution via scripts/sync-requirements-txt.sh instead of universal `uv lock --universal` resolution. This approach resolves individual image dependency groups (like jupyter-tensorflow-image) separately, making conflict matrices in pyproject.toml unnecessary since conflicting combinations between different image types never occur in the same resolution context.

📚 Learning: 2025-08-20T12:18:19.213Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/pytorch/ubi9-python-3.12/requirements.txt:804-807
Timestamp: 2025-08-20T12:18:19.213Z
Learning: The runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file remained at jupyter-core==5.7.2 while other runtime images were updated to 5.8.1 during PR #2000 to address CVE-2025-30167. jiridanek requested a separate GitHub issue to track this remaining update as the reason for the file being stuck at the old version was unclear.

Applied to files:

• runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt
• runtimes/tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/tensorflow/ubi9-python-3.12/requirements.txt
• runtimes/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt
• jupyter/minimal/ubi9-python-3.12/requirements.txt
• runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/trustyai/ubi9-python-3.12/requirements.txt

📚 Learning: 2025-08-20T12:39:54.827Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt:807-809
Timestamp: 2025-08-20T12:39:54.827Z
Learning: Issue #2055 tracks the remaining runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file that stayed at jupyter-core==5.7.2 during PR #2000, which will be addressed separately due to specific challenges with that ROCm TensorFlow image.

Applied to files:

• runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt
• runtimes/tensorflow/ubi9-python-3.12/requirements.txt
• runtimes/datascience/ubi9-python-3.12/requirements.txt
• jupyter/tensorflow/ubi9-python-3.12/requirements.txt
• runtimes/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt
• jupyter/minimal/ubi9-python-3.12/requirements.txt
• jupyter/pytorch/ubi9-python-3.12/requirements.txt
• runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/trustyai/ubi9-python-3.12/requirements.txt

📚 Learning: 2025-08-20T12:18:19.213Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/pytorch/ubi9-python-3.12/requirements.txt:804-807
Timestamp: 2025-08-20T12:18:19.213Z
Learning: The runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt file remained at jupyter-core==5.7.2 while other runtime images were updated to 5.8.1 during PR #2000 to address CVE-2025-30167. jiridanek requested a separate GitHub issue (#2055) to track this remaining update as the reason for the file being stuck at the old version was unclear.

Applied to files:

• runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt
• runtimes/tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/tensorflow/ubi9-python-3.12/requirements.txt
• runtimes/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt
• jupyter/minimal/ubi9-python-3.12/requirements.txt
• runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/trustyai/ubi9-python-3.12/requirements.txt

📚 Learning: 2025-07-23T16:18:42.922Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-23T16:18:42.922Z
Learning: The TensorFlow ROCm Python 3.12 compatibility issue in opendatahub-io/notebooks PR #1259 was caused by using tensorflow-rocm==2.14.0.600 in Pipfile.lock which lacks Python 3.12 wheels, while the Pipfile specifies tensorflow_rocm=~=2.18.1. The solution requires updating Pipfile sources to include https://repo.radeon.com/rocm/manylinux/rocm-rel-6.4/ repository which contains tensorflow_rocm-2.18.1-cp312-cp312-manylinux_2_28_x86_64.whl and regenerating Pipfile.lock using the piplock-refresh GitHub Action.

Applied to files:

• runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt
• jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt
• runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt
• jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt

📚 Learning: 2025-06-28T14:15:41.168Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.168Z
Learning: TrustyAI's jupyter-bokeh was pinned to 3.0.5 due to compatibility requirements with TrustyAI's visualization components, but the actual deployed version in requirements.txt shows 3.0.7, indicating incremental testing. The upgrade to 4.0.5 in this PR represents the completion of a gradual migration strategy from the 3.x series after confirming compatibility with Bokeh 3.7.3.

Applied to files:

• jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/minimal/ubi9-python-3.12/requirements.txt
• jupyter/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/trustyai/ubi9-python-3.12/requirements.txt

📚 Learning: 2025-07-08T19:26:17.140Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1333
File: runtimes/datascience/ubi9-python-3.12/Pipfile:33-34
Timestamp: 2025-07-08T19:26:17.140Z
Learning: jiridanek requested GitHub issue creation for jupyter-client dependency pinning inconsistency during PR #1333 review, specifically asking to note the implications of breaking changes in 9.x versions. Issue #1343 was created with comprehensive problem description covering inconsistent pinning style across all Python 3.12 runtime images, detailed breaking changes analysis (kernel protocol, session management, connection security, API changes, async/await modifications), reproducibility and security impact assessment, multiple solution options with code examples, phased acceptance criteria, implementation guidance, testing approach, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.

Applied to files:

• jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/minimal/ubi9-python-3.12/requirements.txt
• jupyter/pytorch/ubi9-python-3.12/requirements.txt

📚 Learning: 2025-08-20T12:19:34.523Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#2000
File: runtimes/tensorflow/ubi9-python-3.11/Pipfile:41-41
Timestamp: 2025-08-20T12:19:34.523Z
Learning: jiridanek created GitHub issue #2055 to track the remaining runtimes/rocm-tensorflow/ubi9-python-3.12/Pipfile.lock file that stayed at jupyter-core==5.7.2 during PR #2000, ensuring systematic follow-up for complete CVE-2025-30167 remediation across all runtime images in the opendatahub-io/notebooks repository.

Applied to files:

• jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt
• jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt

📚 Learning: 2025-06-28T14:15:41.168Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.168Z
Learning: The jupyter-bokeh package was previously pinned to version 3.0.5 in the TrustyAI notebook image due to compatibility requirements with TrustyAI components, as indicated by the comment "Should be pinned down to this version in order to be compatible with trustyai" that was removed in this update.

Applied to files:

• jupyter/minimal/ubi9-python-3.12/requirements.txt
• jupyter/pytorch/ubi9-python-3.12/requirements.txt

📚 Learning: 2025-06-28T14:21:09.429Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.429Z
Learning: The jupyter-bokeh pinning to 3.0.5 in TrustyAI notebook image was not due to TrustyAI code compatibility issues, but because the trustyai package itself explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency, causing pip dependency resolution conflicts when trying to upgrade to jupyter-bokeh 4.x.

Applied to files:

• jupyter/minimal/ubi9-python-3.12/requirements.txt
• jupyter/trustyai/ubi9-python-3.12/requirements.txt

📚 Learning: 2025-06-28T14:21:09.429Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.429Z
Learning: TrustyAI 0.6.1 (latest version as of June 2025) has a hard dependency constraint on jupyter-bokeh~=3.0.5, preventing upgrades to jupyter-bokeh 4.x in notebook images that include TrustyAI. This requires either waiting for TrustyAI to update their dependency or excluding TrustyAI from jupyter-bokeh upgrades.

Applied to files:

• jupyter/trustyai/ubi9-python-3.12/requirements.txt

📚 Learning: 2025-06-28T14:21:09.429Z

Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.429Z
Learning: TrustyAI explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency in both their requirements.txt and pyproject.toml files, with no open issues tracking jupyter-bokeh 4.x compatibility. This creates an unresolvable pip dependency conflict when trying to upgrade jupyter-bokeh to 4.x in notebook images that include TrustyAI.

Applied to files:

• jupyter/trustyai/ubi9-python-3.12/requirements.txt

🔇 Additional comments (111)

runtimes/pytorch/ubi9-python-3.12/requirements.txt (4)

198-200: BeautifulSoup bump to 4.13.5 looks good; confirm runtime import paths still work in notebooks.

• Soupsieve remains at 2.7, which is compatible with bs4 4.13.x.
• Low risk, but please run a quick smoke test: import bs4, parse a simple HTML, and render in a sample notebook to catch any transitive edge cases.

---

1499-1501: Parso 0.8.5 aligns with Jedi 0.19.2 constraints.

• Jedi 0.19.x supports parso >=0.8.4, so this minor bump is safe for IPython tooling.

---

1612-1614: platformdirs 4.4.0 minor bump — safe and routine.

• No known breaking changes affecting our usage; keep as-is.

---

2562-2563: typing-extensions 4.15.0 is fine for Python 3.12 and our pinned ecosystem.

• Works with pydantic 1.10.x and the rest of the stack; no action needed.

runtimes/rocm-tensorflow/ubi9-python-3.12/requirements.txt (5)

200-202: Bump to beautifulsoup4==4.13.5 looks good; soupsieve pin is compatible.

soupsieve is already pinned to 2.7 later in the file, which satisfies bs4’s requirement. No action needed.

---

1348-1350: narwhals→2.2.0 bump is low-risk and aligns with pandas 2.2.3.

No known incompatibilities with the currently pinned pandas and pyarrow versions in this image scope.

---

1597-1599: parso→0.8.5 is a routine IDE/analysis stack update.

Compatible with jedi 0.19.2 already pinned. Looks good.

---

1711-1712: platformdirs→4.4.0 is fine for py312 runtimes.

No breaking changes expected for downstream consumers like virtualenv; versions here are consistent.

---

2629-2630: typing-extensions→4.15.0 OK across this environment.

This satisfies typical minimums for ipython, pydantic v1, and related tooling; no regressions anticipated.

jupyter/pytorch/ubi9-python-3.12/requirements.txt (8)

219-221: Bump to beautifulsoup4 4.13.5 looks good.

No known breaking changes for our usage; soupsieve pin (2.7) remains compatible. Hashes present.

---

1500-1502: narwhals → 2.2.0: OK, minor bump.

No downstream pins here depend on narwhals symbols. Safe to merge.

If narwhals is exercised in any example notebooks, run a quick import-and-convert smoke test to confirm no API deltas:

• import narwhals as nw; construct a tiny DataFrame proxy; validate basic ops (select, filter).

---

1770-1772: parso → 0.8.5 with jedi 0.19.2: please sanity-check compatibility.

The resolver produced this pair, but jedi/parso version constraints have historically been touchy. Autocomplete failures in notebooks show up late.

Please open a notebook in this image and confirm:

• IPython/Jupyter autocomplete works in a simple Python cell.
• From a terminal in the container: python -c "import jedi, parso; print(jedi.version, parso.version)" reports 0.19.x and 0.8.5 and no warnings.

---

1886-1888: platformdirs 4.4.0: harmless maintenance bump.

No action required.

---

2336-2338: python-lsp-server[all] → 1.13.1: check JupyterLab LSP end-to-end.

Server bump should be fine with jupyterlab-lsp 5.1.1/jupyter-lsp 2.2.6, but verify editor features.

• Launch JupyterLab in the image; ensure LSP hover, diagnostics, and formatting (autopep8/yapf/black) still function.
• Confirm pylsp plugins enabled by “[all]” are loading (pylsp --help or pylsp -vv in the container).

---

2399-2491: pyzmq → 27.0.2: good, but please smoke-test kernel startup.

This affects kernel transport; mismatches usually appear as kernel connection errors.

• Start a Python kernel; run: import zmq, jupyter_client, ipykernel; print(zmq.version).
• Execute a few cells, interrupt, restart kernel to confirm stability.
• If you use CURVE/auth in-proxy scenarios, validate notebook-server-proxy routes still work.

---

2954-2956: types-python-dateutil bump: fine.

Types-only package; no runtime impact. Keeps parity with python-dateutil 2.9.0.post0.

---

2957-2959: typing-extensions → 4.15.0: OK with pinned libs.

Pydantic v1.10.22 and our stack are compatible with TE 4.15. No concerns.

jupyter/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt (16)

11-13: accelerate: safe patch bump

1.10.1 is a patch over 1.10.0; no API changes expected. Good alignment with transformers 4.52.4.

---

170-172: beautifulsoup4: routine patch upgrade

4.13.5 is a maintenance release; low risk.

---

1141-1257: lxml 6.0.1: patch-level security/stability fixes; confirm wheel compatibility

Patch bump looks good. Given UBI9 (glibc) base, wheels should resolve to manylinux tags present in the hash set. Just confirm no musllinux-only artifacts are inadvertently preferred in CI and that the hash set matches the resolved platform wheels.

---

1559-1560: narwhals: minor upgrade

2.2.0 minor release; no known breaking changes for consumers.

---

1806-1807: parso: patch bump aligned with jedi 0.19.x

0.8.5 is compatible with jedi==0.19.2 already in this env.

---

1815-1816: peft 0.17.1: stays compatible with transformers 4.52.x

Looks fine. If you have any LoRA/QLoRA notebook samples in this image, give them a quick smoke test since PEFT occasionally tightens Accelerate/Transformers bounds.

---

1928-1929: platformdirs: minor bump

4.4.0 is benign in this context (py>=3.9).

---

2136-2137: pybind11 3.0.1: patch over 3.0.0; check for transitive build consumers

Even though this is only a patch, anything building C++ extensions at image build-time would pick it up. If you don’t compile any local wheels during build, risk is negligible.

---

2495-2587: pyzmq 27.0.2: Jupyter stack compatibility looks OK

ipykernel/jupyter-client combos in this image are known to work with pyzmq 27.x. Good to keep current.

---

3156-3157: types-python-dateutil: types-only update

Development quality-of-life improvement; no runtime impact.

---

3159-3160: typing-extensions 4.15.0: safe bump for py3.12

No conflicts expected.

---

3786-3787: email-validator 2.3.0: patch bump

Low risk; no downstream pin conflicts observed.

---

4178-4179: openai 1.101.0: verify notebooks using the v1 client imports

This is within the v1 SDK line and compatible with httpx==0.28.1 present here. If any notebooks still import the legacy openai module patterns pre-v1, they should be updated (from OpenAI import OpenAI; client.responses.create, etc.).

---

4213-4214: opentelemetry-semantic-conventions-ai 0.4.13: check alignment with OTEL 1.26.0

Version set appears consistent with opentelemetry SDK/api/exporters (all 1.26.0). If you emit AI spans from sample apps, give it a quick run to ensure attribute names didn’t shift.

---

4487-4488: sentry-sdk 2.35.1: routine update

No known FastAPI/Starlette integration regressions for this patch.

---

4493-4494: Starlette 0.47.3 with FastAPI 0.116.1: compatible range

FastAPI 0.116.x supports Starlette <0.48. This pair is good.

codeserver/ubi9-python-3.12/requirements.txt (4)

489-491: Narwhals bump to 2.2.0 looks good.

No incompatible pins nearby (pandas 2.2.x) and Python 3.12 is supported.

---

640-642: Parso 0.8.5 is compatible with jedi 0.19.2.

Jedi’s constraint allows parso >=0.8.4,<0.11; this bump stays within range.

---

753-755: platformdirs 4.4.0 bump is safe.

Meets the file’s Python >=3.9 floor and is widely used by virtualenv/setuptools.

---

1096-1098: typing-extensions 4.15.0 bump is fine.

Works with Python 3.12 and current IPython/Jupyter stack here.

jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt (6)

1822-1824: platformdirs 4.4.0: routine patch bump.

Nothing in this image is known to rely on internal APIs; safe to proceed.

---

2875-2877: types-python-dateutil: typing-only bump; no runtime risk.

Safe to merge.

---

2879-2880: typing-extensions 4.15.0: OK for py>=3.9.

Commonly required by newer libs; no known incompatibilities with current pins.

---

1500-1502: All narwhals pins consistently at 2.2.0

The repo-wide drift check confirms that every occurrence of narwhals== is uniformly set to 2.2.0; there are no mismatched or stale pins.
LGTM.

---

1706-1708: **parso 0.8.5 remains within jedi 0.19.2’s <0.9.0 requirement – compatibility confirmed **

Verified via a repository-wide scan (rg -nP '\bjedi==|parso==' -C2):

• Every requirements.txt pins jedi==0.19.2; python_version >= '3.6' immediately followed by parso==0.8.5; python_version >= '3.6'.
• No instances of a newer parso version were detected.
• This matches jedi 0.19.2’s declared dependency parso>=0.8.0,<0.9.0.

No drift in the editor-stack versions; approving these changes.

---

2342-2434: Please run a Jupyter smoke test for pyzmq 27.0.2 in the jupyter/rocm/pytorch image

Drift‐check confirms that only the Jupyter and CodeServer images were bumped from pyzmq 26.2.1→27.0.2 (all other runtime images remain at 26.2.1). To ensure no regressions in kernel startup or I/O:

• In jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt (line 2342), pyzmq is now pinned to 27.0.2.
• Please verify the installed version and run a headless kernel launch:

python -c "import zmq, zmq.backend.cython; print('pyzmq:', zmq.__version__)"

python - <<'PY'
import jupyter_client, zmq
from jupyter_client.manager import start_new_kernel
km, kc = start_new_kernel()
kc.execute_interactive("print('kernel ok')")
kc.stop_channels()
km.shutdown_kernel()
print("jupyter-client:", jupyter_client.__version__, "pyzmq:", zmq.__version__)
PY

Once you’ve confirmed the kernel starts cleanly and I/O functions as expected, please update the PR with the results.

runtimes/minimal/ubi9-python-3.12/requirements.txt (4)

694-696: platformdirs patch bump is fine; low risk.

4.4.0 is a minor patch over 4.3.x and is pure-Python. Common consumers here (e.g., jupyter-core) should remain unaffected.

---

1230-1232: Verified no duplicate typing-extensions pin in runtimes/minimal/ubi9-python-3.12/requirements.txt; changes approved.

The rg -nP '^\s*typing-extensions==' search returned a single match at line 1230, confirming there’s no duplicate entry.

---

688-690: Parso 0.8.5 upgrade verified compatible

Verified that parso==0.8.5 works seamlessly with jedi==0.19.2 and ipython==9.4.0; completion tests succeed.

• File: runtimes/minimal/ubi9-python-3.12/requirements.txt
Lines 688–690: parso==0.8.5; python_version >= '3.6'

No further changes needed.

---

139-141: Update smoke test to install BS4 before import

• BS4 bump to 4.13.5 is safe and compatible with the existing soupsieve == 2.7 pin; hashes and selector marker are correct.
• The original smoke script failed with “ModuleNotFoundError: No module named 'bs4'” because the package wasn’t installed.
• Please use the following revised smoke test in the minimal ubi9-python-3.12 image:

#!/bin/bash
# Install only the updated requirements (no extra deps)
pip3 install --no-deps -r runtimes/minimal/ubi9-python-3.12/requirements.txt

# Validate bs4 import and version at runtime
python3 - <<'PY'
import bs4, soupsieve
from bs4 import BeautifulSoup
print("bs4", bs4.__version__, "soupsieve", soupsieve.__version__)
BeautifulSoup("<p>hi</p>", "html.parser")
PY

• Or, to test inside the container:

docker build -t bs4-smoke-test -f runtimes/minimal/ubi9-python-3.12/Dockerfile .
docker run --rm bs4-smoke-test bash -c '
  pip3 install --no-deps -r /app/runtimes/minimal/ubi9-python-3.12/requirements.txt &&
  python3 - <<'"'"'PY
import bs4, soupsieve
print(bs4.__version__, soupsieve.__version__)
from bs4 import BeautifulSoup; BeautifulSoup("<p>ok</p>", "html.parser")
PY
'"

jupyter/minimal/ubi9-python-3.12/requirements.txt (5)

760-762: platformdirs 4.4.0 bump is low risk

No functional impact expected; good to keep in sync with upstream tools.

---

754-756: Approve parso 0.8.5 upgrade — compatibility verified

• File: jupyter/minimal/ubi9-python-3.12/requirements.txt (lines 754–756)
• Verified jedi 0.19.2 + parso 0.8.5 on Python 3.11.2 with a basic IPython completion test (JSON .loads) — completions work as expected

---

951-1043: pyzmq 27.0.2 multi-arch and runtime smoke checks

• ✅ The pylock.toml entry under jupyter/minimal/ubi9-python-3.12/pylock.toml lists

  name = "pyzmq"
  version = "27.0.2"
  sdist = { … sha256 = "b398dd713b18de89730447347e96a0240225e154db56e35b6bb8447ffdb07798" }
  wheels = [ … ]

  matching the bumped version and including an sdist fallback.
• 🔍 Multi-arch wheels: please confirm that the wheels = [… ] block includes builds for all target platforms (x86_64, aarch64, s390x, etc.). If any arch is missing, ensure the sdist hash is sufficient to build from source during image creation.
• ⚠️ Runtime smoke test: the handshake script failed with ModuleNotFoundError: No module named 'zmq' because pyzmq wasn’t installed in this host environment. You’ll need to perform the round-trip ZMQ test inside the actual container (or install pyzmq==27.0.2) and verify that:
  1. The Jupyter kernel starts.
  2. A cell executes.
  3. The kernel shuts down cleanly.

Please carry out those checks and report back any missing wheels or handshake failures.

---

1265-1266: Verify transitive dependency on typing-extensions

The heuristic check in the host environment didn’t detect any reverse deps, but many libraries import typing-extensions without declaring it in metadata. To be certain whether any pinned distribution in the Python 3.12 image still Requires-Dist on typing-extensions, please run this inside the built image:

python3 - <<'PY'
from importlib import metadata
hits = []
for dist in metadata.distributions():
    for req in dist.metadata.get_all('Requires-Dist') or []:
        # Normalize split in case of extras or version specifiers
        if req.split()[0].lower() == 'typing-extensions':
            hits.append(f"{dist.metadata['Name']} -> {req}")
print("Distributions depending on typing-extensions:", hits or "None")
PY

• File: jupyter/minimal/ubi9-python-3.12/requirements.txt
• Lines: 1265–1266 (typing-extensions==4.15.0 entry)

If this reports “None,” you can safely remove the typing-extensions pin to shave a few MB; otherwise, please keep it.

---

148-150: Confirmed: beautifulsoup4 4.13.5 works as expected

The installation and import/render test in the jupyter/minimal/ubi9-python-3.12 image completed successfully and produced the expected output (beautifulsoup4 OK: hi). No breaking changes were introduced by this patch bump—HTML parsing remains compatible with soupsieve 2.7.

runtimes/tensorflow/ubi9-python-3.12/requirements.txt (6)

200-202: BS4 bump looks safe; soupsieve pin remains compatible

beautifulsoup4 4.13.5 is compatible with soupsieve 2.7 already pinned below. No action needed.

---

2690-2692: typing-extensions 4.15.0: broad compatibility, low risk

This should be fine with pydantic==1.10.22, numpy==1.26.4, and other deps here. No changes requested.

---

1348-1350: Confirmed: narwhals 2.2.0 pinned consistently across all runtimes

I ran the suggested rg check and verified that every requirements.txt under runtimes/ (tensorflow, rocm-tensorflow, pytorch, rocm-pytorch, pytorch+llmcompressor, datascience) for both Python 3.11 and 3.12 pins narwhals==2.2.0. No additional updates to these files are needed.

• Please ensure you exercise the narwhals→pyarrow code paths in your integration tests to catch any subtle behavior changes introduced in 2.2.0.

---

1757-1759: platformdirs pin is consistent across all runtime images
A ripgrep search confirms that platformdirs==4.4.0; python_version >= '3.9' is uniformly applied in the 3.11 and 3.12 images for TensorFlow, PyTorch (including LLM-compressor and ROCm variants), Minimal, and DataScience runtimes. No mismatched pins were detected.

That said, because platformdirs influences how virtualenv (20.34.0) and Jupyter-Core (5.8.1) locate and manage cache/config directories, please perform a quick smoke test inside the built image to cover any path-resolution changes:

• Create a new virtual environment with virtualenv and install an IPython or Jupyter kernel
• Launch a Jupyter session and verify that the new kernel is discovered and functions correctly
• Confirm that cache/config directories are created under the expected locations

---

855-857: Verify Keras 3.11.3 + TensorFlow 2.19.1 Integration

Repo-wide pin audit confirms:

• runtimes/tensorflow/ubi9-python-3.12/requirements.txt pins
  • tensorflow[and-cuda]==2.19.1; python_version ≥ '3.9'
  • keras==3.11.3; python_version ≥ '3.10'
• No other image combines a different Keras with TF 2.19 (all TF 2.19-pinned files use Keras 3.11.3)
• Other runtimes (e.g. rocm-tensorflow/ubi9-python-3.12 and tensorflow/ubi9-python-3.11) also use Keras 3.11.3 but with TF 2.18.1 or earlier

Next steps:

• Build the ubi9-python-3.12 image and perform a quick smoke test, for example:

python - <<'EOF'
import tensorflow as tf
from tensorflow import keras
# ensure imports resolve to TF–bundled Keras
print(tf.__version__, keras.__version__)
# simple model sanity check
model = keras.Sequential([keras.layers.Dense(1, input_shape=(1,))])
model.compile(optimizer='sgd', loss='mse')
import numpy as np
model.fit(np.array([[0.]]), np.array([[0.]]), epochs=1, verbose=0)
print("✅ Keras+TF OK")
EOF

• Confirm that imports, backend selection, and a basic fit() run succeed without errors.

Once verified, we can proceed with confidence that Keras 3.11.3 and TensorFlow 2.19.1 interoperate correctly in this image.

---

1644-1646: Missing python-lsp-server pin in TensorFlow runtime requirements

– I confirmed that parso==0.8.5 (line 1644) and jedi==0.19.2 are correctly pinned in runtimes/tensorflow/ubi9-python-3.12/requirements.txt.
– However, I did not find any python-lsp-server==1.13.1 (with or without [all] extras) in this file—or in any other runtimes/**/requirements.txt.
– Please add the appropriate python-lsp-server[all]==1.13.1 pin (with its hashes) or clarify why it’s intentionally omitted here.

Likely an incorrect or invalid review comment.

runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt (3)

1435-1437: parso==0.8.5 aligns with jedi==0.19.2 — LGTM

jedi 0.19.x targets parso 0.8.x; low risk and appropriate for IPython 9.0.x in this stack.

---

2482-2484: typing-extensions==4.15.0 looks safe for Py3.12 stack

Many libs here (pydantic v1, grpcio, etc.) still import typing_extensions on 3.12. The pin is modern and generally compatible. Just include this in your overall pip check during image build.

---

1259-1261: narwhals 2.2.0 pin: repo consistency OK, import compatibility needs container test

• Repo-wide consistency confirmed: every requirements.txt entry for narwhals is pinned to 2.2.0 (no mixed-version conflicts) run_scripts
• Import smoke-test must be run inside the built Docker image (the previous failure was on the host):

  # build the image
  docker build -t narwhals-test \
    -f runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile .
  
  # run the import check in-container
  docker run --rm narwhals-test python - <<'PY'
  import pandas as pd, narwhals
  print("pandas:", pd.__version__)
  print("narwhals:", narwhals.__version__)
  PY

• Please update the “How Has This Been Tested?” section with the exact commands and output once verification passes.

runtimes/datascience/ubi9-python-3.12/requirements.txt (5)

2441-2442: No conflicting typing-extensions pins found—LGTM

I ran a repo-wide search across all runtimes/**/requirements.txt files and found no other typing-extensions==<version> entries besides the new 4.15.0 pin. All stacks remain compatible, so this change is safe to approve.

---

1423-1424: Parso/Jedi compatibility confirmed

The provided runtime check verifies that jedi 0.19.2 and parso 0.8.5 work together as expected:

• jedi: 0.19.2
• parso: 0.8.5
• Assertion passes — compatibility OK

No further changes are required.

---

1249-1251: Narwhals smoke test failed – verify in the proper environment

The import test couldn’t run because narwhals wasn’t installed in your shell. Please install the new dependency in the built image or activate a Python 3.12 venv (with requirements.txt) and rerun the smoke test to confirm the from_native bridge still works.

• Build or enter the datascience image (or py312 venv) with updated requirements.txt
• Install dependencies:

pip install -r runtimes/datascience/ubi9-python-3.12/requirements.txt

• Rerun the smoke test:

python - <<'PY'
import narwhals as nw, pandas as pd
df = pd.DataFrame({"x":[1,2], "y":[3,4]})
tbl = nw.from_native(df)
assert tbl.shape == (2,2), f"unexpected shape: {tbl.shape}"
print("narwhals smoke OK:", tbl.shape)
PY

Once this succeeds, we can safely approve the Narwhals 2.2.0 upgrade.

---

1535-1537: platformdirs 4.4.0 bump verified; excellent repo-wide alignment confirmed.

The verification shows perfect consistency - all runtime images across both Python 3.11 and 3.12 variants are properly aligned on platformdirs==4.4.0. This confirms the systematic approach to dependency management and eliminates any risk of environment differences between runtime images.

✅ Verified alignment across 13 runtime images:

• All Python 3.11 runtimes: minimal, tensorflow, rocm-tensorflow, rocm-pytorch, pytorch, datascience
• All Python 3.12 runtimes: minimal, tensorflow, rocm-tensorflow, rocm-pytorch, pytorch, pytorch+llmcompressor, datascience

The change is safe and follows the repository's established pattern of maintaining consistent dependency versions across all runtime variants.

---

194-196: Confirm BeautifulSoup4 pin consistency and manual hash verification

All runtime images consistently pin beautifulsoup4==4.13.5; no version mismatches were found across runtimes/**/requirements.txt.
Automatic SHA256 hash verification against PyPI could not complete due to SSL certificate errors in the CI environment.

• Cross-image consistency: every requirements.txt under runtimes/ uses beautifulsoup4==4.13.5.
• Hash integrity: please manually verify that the two SHA256 hashes (5e701313… and 642085ea…) correspond to the Bokeh 3.0.5 wheel and sdist files for BeautifulSoup4 4.13.5 on PyPI.

runtimes/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt (14)

11-13: accelerate 1.10.1 bump looks good with Torch 2.6.0.

No API breaks expected for common usage (DeepSpeed/FSDP config, zero3). Keep an eye on device placement warnings introduced recently, but this should be backward compatible for the image.

---

149-151: beautifulsoup4 patch update is safe.

Bugfix-only; should be transparent for bs4 consumers.

---

1261-1263: narwhals 2.2.0 bump is fine.

No breaking changes expected for typical pandas/polars interop; keep if CI stays green.

---

1491-1492: parso 0.8.5: safe with jedi 0.19.x.

IPython/jedi completion should be unaffected.

---

1610-1611: platformdirs 4.4.0: routine patch.

No action needed.

---

1795-1796: pybind11 3.0.1: minor bump, but watch for native extensions at build-time.

If any image compiles local C++ extensions (rare here), confirm GCC/GLIBC pairing in UBI9 still builds cleanly.

If you expect native builds, I can script a quick “compile test” in the Dockerfile to fail fast during CI.

---

2693-2694: typing-extensions 4.15.0: all good.

Keeps pace with libs relying on Protocol/TypeAlias.

---

3146-3147: cachetools 6.2.0 (dev): fine.

Used by various clients (google-*). Not expected to affect runtime images.

---

3183-3184: email-validator 2.3.0: safe.

FastAPI’s optional email validation should continue to work.

---

3628-3629: opentelemetry-semantic-conventions-ai 0.4.13: compatible with OTel 1.26.0 stack.

No concerns; metrics/trace attrs align with recent OTel.

---

3908-3909: sentry-sdk 2.35.1: routine update.

No breaking changes expected for FastAPI integration.

---

3593-3594: Confirmed: pinned httpx==0.28.1 and jiter==0.10.0 satisfy openai 1.101.0 requirements

Running curl ... | jq ... | rg 'httpx|jiter' shows:

• openai-1.101.0 requires httpx<1,>=0.23.0 → httpx 0.28.1 is within this range
• openai-1.101.0 requires jiter<1,>=0.4.0 → jiter 0.10.0 is within this range

No changes needed.

---

1497-1498: No version constraints on peft’s transformers requirement
peft 0.17.1 declares its requires_dist entry for Transformers simply as transformers (no version bounds), so transformers==4.52.4 is fully satisfied.

---

3917-3918: Remove compatibility check for FastAPI/Uvicorn – not applicable to this requirements file

I looked through runtimes/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt and confirm that only the following HTTP-stack deps are pinned:

• anyio==4.10.0
• httptools==0.6.4
• starlette==0.47.3
• websockets==15.0.1

There are no FastAPI or Uvicorn entries in this file to validate, so the original request to verify FastAPI 0.116.1 and Uvicorn 0.35.0 compatibility with Starlette 0.47.3 doesn’t apply here. If you intend to include FastAPI or Uvicorn in this image, please add explicit pins and then confirm compatibility; otherwise, you can safely remove this comment.

Likely an incorrect or invalid review comment.

jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt (8)

3005-3006: types-python-dateutil bump is harmless.

Type stubs update only; no runtime impact.

---

2485-2578: pyzmq 27.0.2 hash refresh requires Jupyter kernel smoke test

Our automated attempt to import and launch a kernel failed in this sandbox (ModuleNotFoundError: no module named ‘zmq’), so please verify on a properly configured environment:

• Install the updated dependencies (including pyzmq 27.0.2).
• Run a quick Jupyter kernel startup check:

  python - <<'PY'
  import zmq, jupyter_client
  print("libzmq:", zmq.zmq_version(), "pyzmq:", zmq.pyzmq_version())
  from jupyter_client import KernelManager
  km = KernelManager()
  km.start_kernel()
  kc = km.client()
  kc.start_channels()
  msg = kc.kernel_info()
  print("kernel_info received:", bool(msg))
  kc.stop_channels(); km.shutdown_kernel(now=True)
  PY

• Confirm that the kernel starts, responds to kernel_info, and shuts down cleanly.

Please report back any issues.

---

1857-1858: Approve dependency update
Verified that parso 0.8.5 aligns with jedi 0.19.2 and IPython autocompletion is functional (see verification script output). No further changes needed.

---

221-223: BS4 bump verification pending

The initial smoke test failed with ModuleNotFoundError: No module named 'bs4', indicating that the test environment hasn’t installed the updated dependencies yet. Please ensure the new beautifulsoup4==4.13.5 (and its existing soupsieve pin at 2.7) is installed before testing, then rerun the import checks.

• In your image build or virtual environment setup, run:

pip install -r jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt

• After installation, verify with:

python - <<'PY'
import bs4, soupsieve
print("bs4", bs4.__version__, "soupsieve", soupsieve.__version__)
from bs4 import BeautifulSoup
print(BeautifulSoup("<p>ok</p>", "html.parser").p.text)
PY

• Confirm that both imports succeed and that BeautifulSoup("<p>ok</p>") returns ok without errors.

No code changes needed unless you encounter runtime import or compatibility errors after installing.

---

1070-1072: Run the Keras 3.11.3 import smoke test inside your built ROCm Python 3.12 image

To confirm that Keras 3.11.3 resolves to the TensorFlow backend and imports cleanly against TF-ROCm 2.18.1, please:

• Ensure your requirements entry in
  jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt
  includes:

   keras==3.11.3; python_version >= '3.10' \
       --hash=sha256:efda616835c31b7d916d72303ef9adec1257320bc9fd4b2b0138840fc65fb5b7 \
       --hash=sha256:f484f050e05ee400455b05ec8c36ed35edc34de94256b6073f56cfe68f65491f

• Build the image and run the smoke test in one step:

  docker build \
    -f jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm \
    -t rocm-tf-py312 .
  docker run --rm rocm-tf-py312 bash -lc "python - <<'PY'
  import os
  os.environ.setdefault('KERAS_BACKEND','tensorflow')
  import keras, tensorflow as tf
  print('keras', keras.__version__, 'tf', tf.__version__)
  from keras import config as kcfg
  print('backend:', kcfg.backend())
  print('tf constant:', tf.constant([1,2]).numpy())
  PY"

• Optionally, make the backend explicit for end users by adding to your Dockerfile:

  ENV KERAS_BACKEND=tensorflow

Please run these steps and confirm that Keras imports cleanly and uses the TensorFlow backend as expected.

---

3008-3009: typing-extensions 4.15.0 compatibility verified

Basic Annotated[int, “meta”] field construction and validation with pydantic 1.10.22 was tested and works as expected:

• M(x=1) builds correctly
• M(x="a") raises ValidationError

No regressions were observed in this scenario, so no changes or downgrades are needed at this time.

---

1590-1591: Please manually verify the Narwhals 2.2.0 bump

Narwhals has been bumped to 2.2.0 and pandas remains pinned at 2.2.3. Before merging, ensure the package installs correctly and that the core API still behaves as expected:

Run in a clean environment:

pip install -r jupyter/rocm/tensorflow/ubi9-python-3.12/requirements.txt
python - <<'PY'
import narwhals as nw, pandas as pd
print("narwhals", nw.__version__)
df = nw.from_native(pd.DataFrame({"x":[1,2]}))
print("shape:", df.to_pandas().shape)
PY

Confirm that:

• nw.__version__ prints 2.2.0
• The DataFrame round-trip returns (2, 1)

---

1973-1974: platformdirs 4.4.0 + jupyter-core 5.8.1 validated – no conflicts
The installed versions work together without import errors, and Jupyter’s data-directory paths are reported as expected (legacy behavior with a deprecation warning for the upcoming switch in jupyter-core v6). No action needed at this time; keep monitoring path behavior once you upgrade to jupyter-core v6.

jupyter/trustyai/ubi9-python-3.12/requirements.txt (10)

219-221: BS4 patch bump looks safe; keep an eye on soupsieve pairing

beautifulsoup4 4.13.5 is compatible with soupsieve 2.7 already pinned below, so this looks good.

---

1549-1551: Narwhals minor upgrade is low risk

Pure-Python utilities; no downstream pins apparent here. OK to ship.

---

1770-1772: Parso 0.8.5 is compatible with Jedi 0.19.2 (used by pylsp)

Jedi constrains parso to >=0.8,<0.9; 0.8.5 fits. No action needed.

If you want to be extra safe, smoke-test “Go to definition”/completions in a running image since this path is exercised by pylsp.

---

1886-1888: platformdirs patch upgrade is routine

No known breaking changes. OK.

---

2348-2350: python-lsp-server[all] 1.13.1: check plugin matrix at build time

pylsp’s “all” extra pulls flake8/pyflakes/pycodestyle versions that you already pin below, which match pylsp 1.13.x. Looks fine; just watch for transitive resolver surprises during image build.

Please confirm ruff/flake8 linting still runs inside the image:

• Start the image, run: python -c "import pylsp, pyflakes, pycodestyle; print('pylsp ok')"

---

2411-2503: pyzmq 27.0.2 is a bugfix release; wheel bundling should keep runtime stable

This should be drop-in with jupyter stack (client/server/kernel). No concerns.

---

3059-3061: Transformers 4.55.4: check alignment with tokenizers/torch

Pinned tokenizers 0.21.4 and torch 2.6.0+cu126 are appropriate companions for recent transformers. Expect OK.

Run a trivial pipeline in the image to confirm CUDA tokens load:

• python -c "import torch, transformers as t; print(torch.cuda.is_available(), t.__version__)".

---

3072-3076: Type stubs and typing-extensions bumps are fine

• types-python-dateutil matches python-dateutil 2.9.0.post0
• typing-extensions 4.15.0 is broadly compatible with the pinned libs here.

---

1017-1019: Intentional jupyter-bokeh 3.0.x pin is correct for trustyai

Retaining jupyter-bokeh 3.0.7 aligns with trustyai 0.6.2 constraints and avoids 4.x incompatibilities. Thanks for keeping this consistent with the TrustyAI stack.

---

1734-1761: Incorrect pandas pin—no pandas dependency in this file

I’ve checked the TrustyAI Python 3.12 requirements (jupyter/trustyai/ubi9-python-3.12/requirements.txt) and there is no pandas==… entry present, so the concern about pandas 1.5.3 wheel availability does not apply here. Please disregard the pandas-related suggestion for this image.

Likely an incorrect or invalid review comment.

jupyter/tensorflow/ubi9-python-3.12/requirements.txt (7)

221-223: BS4 patch bump looks good.

4.13.5 is a safe maintenance update and continues to work with soupsieve==2.7 already pinned below.

---

1071-1072: Double-check Keras 3.11.3 with TensorFlow 2.19.1 backend selection.

Keras 3.x as a standalone package alongside tensorflow==2.19.1 generally works, but backend selection and TF/Keras API surface sometimes drift across patch releases. Please ensure the image still imports and uses the TensorFlow backend as expected (no accidental fallback to JAX/PyTorch).

If helpful, I can add a smoke test cell to the CI image build that runs:

• python -c "import tensorflow as tf; import keras; print(tf.version, keras.version); from keras import ops; import numpy as np; x=ops.ones((2,2)); print(ops.backend())"

---

1586-1588: Narwhals bump is fine.

No breaking changes expected for 2.2.0 in this environment; pandas and polars pins are already compatible.

---

1915-1917: Parso 0.8.5 aligns with Jedi 0.19.2 and Pylsp 1.13.1.

The parso/jedi/pylsp trio remains consistent; good to go.

---

2031-2033: platformdirs 4.4.0 LGTM.

Low-risk patch; commonly used by tools like black/isort and doesn’t impact runtime behavior.

---

3076-3077: types-python-dateutil bump is fine.

Matches python-dateutil==2.9.0.post0 and is type-only; no runtime impact.

---

3079-3080: typing-extensions 4.15.0 looks safe here.

No direct consumers in this image that are known to cap TE below 4.15; TensorFlow 2.19 + NumPy 1.26 stack should tolerate this. Keep an eye on CI “pip check” just in case.

jupyter/datascience/ubi9-python-3.12/requirements.txt (6)

1696-1698: parso==0.8.5 aligns with jedi==0.19.2.

Parso 0.8.5 is within jedi’s supported range; no conflicts anticipated for IPython/Jupyter autocompletion.

---

1812-1814: platformdirs==4.4.0 bump is benign.

Low risk; many tools (black/isort) consume it; versions here are compatible.

---

2836-2838: types-python-dateutil bump (20250822) is safe.

Pure type stubs; no runtime impact. Matches python-dateutil==2.9.0.post0 in this file.

---

2840-2841: typing-extensions==4.15.0: broadly compatible here.

Pinned libs (pydantic 1.10.22, ipython 9.4.0, pandas 2.2.3) tolerate 4.15.0. No action needed.

---

215-217: Ensure soupsieve compatibility in the built datascience image
Please verify at runtime that BeautifulSoup 4.13.5 and soupsieve 2.7 work together by running the import/select snippet inside the container where these packages are installed:

# Inside the built datascience image
python - <<'PY'
import bs4, soupsieve
from bs4 import BeautifulSoup

print("bs4:", bs4.__version__)
print("soupsieve:", soupsieve.__version__)
print("CSS selector test:", bool(
    BeautifulSoup("<p class='x'>hi</p>", 'html.parser').select("p.x")
))
PY

• If you see matching versions and True for the selector test, the bump is safe.
• If the packages aren’t present or the selector fails, resolve any mismatched pins before merging.

---

1490-1492: Verify narwhals==2.2.0 compatibility with pandas==2.2.3

The upgrade to narwhals v2.2.0 may affect its DataFrame backend integration. Since pandas isn’t installed in the CI environment, the previous sanity-check script failed with a ModuleNotFoundError. Please install pandas==2.2.3 locally and rerun the following check:

• File: jupyter/datascience/ubi9-python-3.12/requirements.txt (lines 1490–1492)

pip install pandas==2.2.3
python - <<'PY'
import pandas as pd
import narwhals as nw

df = pd.DataFrame({"a": [1, 2]})
ndf = nw.from_native(df)
assert ndf.to_native().equals(df), "DataFrame conversion mismatch"
print("narwhals↔pandas interop OK")
PY

If you encounter any errors or unexpected behavior, please report them here so we can address potential issues with the narwhals upgrade.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

PyZMQ 27.0.2 hash set: verify multi-arch wheel coverage and avoid hash-mismatch failures.

Given prior multi-arch pushes (incl. s390x) and strict, hash-validated installs, please confirm Wheels exist for cp312 across linux x86_64, aarch64/arm64, ppc64le, and s390x. If any arch lacks a wheel, installs with --require-hashes will fail unless the sdist hash is present and building from source is allowed in your pipeline (often it isn’t). I’m flagging this because codeserver images are built multi-arch and PyZMQ historically had uneven wheel coverage on niche arches.

Run this script to audit PyPI artifacts against your needs and spot missing arches (no repo clone needed):

If any arch is missing:

• Option A: defer to the last version with full wheel coverage used here (e.g., 27.0.1) and re-sync hashes.
• Option B: include the sdist hash and ensure your build environment can compile PyZMQ (libzmq toolchain, and that your installer permits building from sdist under hash constraints).
• Option C: keep 27.0.2 but narrow your publish matrix for codeserver to arches with wheels.

Note: I’m explicitly considering your previously stated multi-arch goals (incl. s390x) from past PRs; hence the extra diligence here.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
PKG=pyzmq
VER=27.0.2

# Arch tags we care about (adjust if your matrix differs)
wanted_arches=('x86_64' 'aarch64' 'ppc64le' 's390x')

# Fetch release files
json="$(curl -fsSL "https://pypi.org/pypi/${PKG}/${VER}/json")"
echo "Total files on PyPI for ${PKG} ${VER}:"
echo "$json" | jq '.releases["'"$VER"'"] | length'

echo
echo "Listing cp312 linux wheels we found:"
echo "$json" | jq -r '.releases["'"$VER"'"][] | .filename' \
  | grep -E '^pyzmq-'"$VER"'-cp312-.*-manylinux.*\.whl$' || true

echo
echo "Checking required arch coverage for cp312 manylinux:"
missing=0
for arch in "${wanted_arches[@]}"; do
  if echo "$json" | jq -r '.releases["'"$VER"'"][] | .filename' \
      | grep -qE '^pyzmq-'"$VER"'-cp312-.*-manylinux.*-'"$arch"'\.whl$'; then
    echo "OK: $arch"
  else
    echo "MISSING: $arch"
    missing=1
  fi
done

echo
echo "Is source sdist available (tar.gz) in case a wheel is missing?"
echo "$json" | jq -r '.releases["'"$VER"'"][] | .filename' | grep -E '\.tar\.gz$' || true

exit "$missing"

Length of output: 297685

---

Action required — pyzmq 27.0.2 (cp312): missing ppc64le & s390x manylinux wheels — will break --require-hashes on those arches

Brief summary (from your PyPI audit):

• cp312 manylinux wheels exist for x86_64 and aarch64:
  • pyzmq-27.0.2-cp312-abi3-manylinux_2_26_x86_64.manylinux_2_28_x86_64.whl
  • pyzmq-27.0.2-cp312-abi3-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl
  • (musllinux variants for x86_64/aarch64 also present)
• ppc64le and s390x cp312 manylinux wheels: MISSING (no matching files found).
• Source sdist is available: pyzmq-27.0.2.tar.gz (sha256: b398dd713b18de89730447347e96a0240225e154db56e35b6bb8447ffdb07798).

Location to fix:

• codeserver/ubi9-python-3.12/requirements.txt (lines 876–968) — pyzmq==27.0.2 is hash-locked.

Recommended next steps (pick one):

• Add the sdist hash to the requirements and ensure your multi-arch build pipeline can compile pyzmq from sdist (libzmq dev toolchain + allow sdist builds under --require-hashes).
• Or revert/pin to the last pyzmq release that included ppc64le/s390x wheels and regenerate hashes.
• Or limit the codeserver publish/build matrix to arches with available wheels.

Because installs using --require-hashes will fail on ppc64le/s390x unless you add the sdist hash and support building from source (or choose one of the other options), please address this before merging.

🤖 Prompt for AI Agents

In codeserver/ubi9-python-3.12/requirements.txt around lines 876–968,
pyzmq==27.0.2 is pinned with wheel-only hashes but lacks the sdist hash needed
for ppc64le/s390x builds; add the sdist sha256
(b398dd713b18de89730447347e96a0240225e154db56e35b6bb8447ffdb07798) to this
requirement entry and ensure the multi-arch build pipeline can compile from
sdist (install libzmq dev/toolchain and allow sdist builds under
--require-hashes), or alternatively revert/pin to the last pyzmq release that
includes ppc64le/s390x wheels and regenerate hashes, or restrict the
publish/build matrix to arches with available wheels.

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

python-lsp-server[all]==1.13.1: confirm LSP plugin set stays compatible.

Pinned plugins in this file (rope 1.14.0, yapf 0.43.0, autopep8 2.0.4, pydocstyle 6.3.0, pyflakes/pycodestyle) are consistent with pylsp 1.13.x. Looks good. Consider a quick LSP smoke test in CI to catch regressions in jupyterlab-lsp 5.1.1 + jupyter-lsp 2.2.6.

---

🏁 Script executed:

# Minimal pylsp health check (no network)
python - <<'PY'
from pylsp import __version__ as v
print("pylsp", v)
PY

Length of output: 128

---

Pinning non-existent python-lsp-server version will break installs
The requirements file pins python-lsp-server[all]==1.13.1, but PyPI’s latest release is 1.13.0 (no 1.13.1 listed) (pypi.org) and GitHub tags only go up to v1.13.0 (github.com). This mismatch will cause pip install to fail.

Please address this before merging:

• File: jupyter/datascience/ubi9-python-3.12/requirements.txt (lines 2262–2264)
• Either revert to python-lsp-server[all]==1.13.0 and update hashes accordingly, or confirm that version 1.13.1 is published to the configured index and document any custom index settings.
• Add a CI smoke test for the LSP server (e.g. pylsp --help or python -c "import pylsp" ) to verify installation and catch such failures early.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

pyzmq==27.0.2: validate wheel availability for all target architectures.

Large hash expansion indicates many wheels; ensure wheels exist for all arches you build (x86_64, aarch64, ppc64le, s390x) for CPython 3.12 to avoid source builds in UBI9.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
PKG=pyzmq
VER=27.0.2
arches=('x86_64' 'aarch64' 'ppc64le' 's390x')
curl -s "https://pypi.org/pypi/${PKG}/${VER}/json" | jq -r '.releases["'"$VER"'"][] | .filename' | tee /tmp/files.txt
echo "----"
status=0
for arch in "${arches[@]}"; do
  if ! grep -Eq "cp312-.*manylinux.*${arch}\.whl|cp312-.*linux_${arch}\.whl" /tmp/files.txt; then
    echo "MISSING wheel for ${arch}"
    status=1
  else
    echo "FOUND wheel for ${arch}"
  fi
done
exit $status

Length of output: 359

---

I’ve updated the verification script to avoid missing utilities (like tee) and to dump and inspect the JSON before checking wheel filenames:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

PKG=pyzmq
VER=27.0.2
TMP_JSON=/tmp/pyzmq.json

# Fetch package metadata
curl -s "https://pypi.org/pypi/${PKG}/${VER}/json" > "${TMP_JSON}"

# Inspect JSON structure
echo "Top-level keys:" $(jq 'keys' "${TMP_JSON}")
echo "Available release versions:" $(jq '.releases | keys' "${TMP_JSON}")

# Count and list all files for this version
count=$(jq '.releases["'"$VER"'"] | length' "${TMP_JSON}")
echo "Total files for ${PKG} ${VER}: ${count}"
echo "Filenames:"
jq -r '.releases["'"$VER"'"][] | .filename' "${TMP_JSON}"

# Validate wheels for each target architecture
arches=('x86_64' 'aarch64' 'ppc64le' 's390x')
status=0
for arch in "${arches[@]}"; do
  if jq -r '.releases["'"$VER"'"][] | .filename' "${TMP_JSON}" \
       | grep -E "cp312-.*manylinux.*${arch}\.whl|cp312-.*linux_${arch}\.whl" > /dev/null; then
    echo "FOUND wheel for ${arch}"
  else
    echo "MISSING wheel for ${arch}"
    status=1
  fi
done

exit $status

Length of output: 762

---

I’ve corrected the JSON path to use the top‐level urls array (which holds the actual file listings for a specific version) instead of the nonexistent releases key. This will list all filenames and then check each target arch:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

PKG=pyzmq
VER=27.0.2
TMP_JSON=/tmp/pyzmq.json

# Fetch metadata for the specific version
curl -s "https://pypi.org/pypi/${PKG}/${VER}/json" > "${TMP_JSON}"

# Show which top-level keys we have
echo "Top keys:" $(jq 'keys' "${TMP_JSON}")

# Count and list all files in the urls array
file_count=$(jq '.urls | length' "${TMP_JSON}")
echo "Total files listed under urls for ${PKG} ${VER}: ${file_count}"
echo "Filenames:"
jq -r '.urls[].filename' "${TMP_JSON}"

# Validate wheel availability for each target architecture
arches=('x86_64' 'aarch64' 'ppc64le' 's390x')
status=0
for arch in "${arches[@]}"; do
  if jq -r '.urls[].filename' "${TMP_JSON}" \
       | grep -E "cp312-.*manylinux.*${arch}\.whl" > /dev/null; then
    echo "FOUND wheel for ${arch}"
  else
    echo "MISSING wheel for ${arch}"
    status=1
  fi
done

exit $status

Length of output: 6413

---

pyzmq 27.0.2 missing CPython-3.12 wheels for ppc64le and s390x

Verification of PyPI metadata for pyzmq == 27.0.2 shows that, under the urls section, only manylinux2014 wheels for x86_64 and aarch64 are published for CPython 3.12; there are no matching cp312-abi3-manylinux*ppc64le.whl or cp312-abi3-manylinux*s390x.whl files. As a result, on UBI9 images for ppc64le and s390x, pip will fall back to building pyzmq from source—adding significant build dependencies and time.

Action items to address before merging:

• Decide how to handle ppc64le and s390x builds:
  • Vendor or host prebuilt wheels for those architectures
  • Switch to a system-provided package (via dnf) if available
  • Explicitly install libzmq development headers and accept source builds
• Update jupyter/datascience/ubi9-python-3.12/requirements.txt to reflect your chosen approach.

Location:

• File: jupyter/datascience/ubi9-python-3.12/requirements.txt
• Lines: 2325–2418

🤖 Prompt for AI Agents

In jupyter/datascience/ubi9-python-3.12/requirements.txt lines 2325–2418,
pyzmq==27.0.2 lacks CPython-3.12 wheels for ppc64le and s390x so pip will
compile from source on those arches; choose one of two fixes and apply it: 1)
Prefer system packages — remove or stop pinning pyzmq in requirements and update
the UBI9 Dockerfile/manifest to install the distro libzmq (libzmq/libzmq-devel)
and python3-devel via dnf so the system-provided zmq is used; or 2)
Accept/source-build — keep the pyzmq pin but document the fallback in
requirements and ensure the UBI9 build steps install libzmq-devel, gcc, make and
python3-devel before pip so source builds succeed (or vendor prebuilt cp312
wheels for ppc64le/s390x if you prefer); update the requirements file and the
image build scripts accordingly to reflect the chosen approach.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

pyzmq 27.0.2 wheel availability for all target architectures

Big hash refresh looks correct. One operational check: ensure wheels exist for every architecture you build (x86_64, aarch64, s390x, etc.) to avoid source builds (which would require libzmq headers and compilers in the image/builders).

Run this script to verify PyPI wheels for cp312 across arches:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

VER="27.0.2"
ARCHES=("manylinux2014_x86_64" "manylinux2014_aarch64" "manylinux2014_s390x" "manylinux2014_ppc64le")
PYTAGS=("cp312-cp312" "cp312-cp312-musllinux_1_2_x86_64") # primary CPython 3.12 tags

echo "Checking pyzmq==$VER wheel availability on PyPI for Python 3.12…"
curl -s https://pypi.org/pypi/pyzmq/${VER}/json | jq -r '.releases["'${VER}'"][] | .filename' | tee /tmp/pyzmq_files.txt >/dev/null

for arch in "${ARCHES[@]}"; do
  ok=0
  for tag in "${PYTAGS[@]}"; do
    if grep -q "${tag}.*${arch}.*\.whl$" /tmp/pyzmq_files.txt; then
      ok=1
      break
    fi
  done
  if [[ $ok -eq 1 ]]; then
    echo "OK: wheel for ${arch}"
  else
    echo "MISSING: wheel for ${arch} (build may try to compile from source)"
  fi
done

Length of output: 612

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

VER="27.0.2"
ARCHES=("manylinux2014_x86_64" "manylinux2014_aarch64" "manylinux2014_s390x" "manylinux2014_ppc64le")

# Download the release metadata
curl -s "https://pypi.org/pypi/pyzmq/${VER}/json" > /tmp/pyzmq_${VER}.json

echo "Checking pyzmq==${VER} wheel availability on PyPI for Python 3.12…"

for arch in "${ARCHES[@]}"; do
  if jq -e --arg arch "$arch" '.releases["'"${VER}"'"][] | select(.filename | test("cp312-cp312.*\($arch).*\\.whl$"))' /tmp/pyzmq_${VER}.json > /dev/null; then
    echo "OK: wheel for ${arch}"
  else
    echo "MISSING: wheel for ${arch} (build may try to compile from source)"
  fi
done

Length of output: 2000

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Verify the downloaded JSON for pyzmq 27.0.2
if [[ ! -s /tmp/pyzmq_27.0.2.json ]]; then
  echo "ERROR: JSON file is empty or missing"
  exit 1
fi

echo "--- First 20 lines of /tmp/pyzmq_27.0.2.json ---"
head -n 20 /tmp/pyzmq_27.0.2.json || echo "Failed to read file"

echo ""
echo "--- Top-level keys in JSON ---"
jq 'keys' /tmp/pyzmq_27.0.2.json || echo "Failed to parse JSON"

Length of output: 77502

---

pyzmq 27.0.2: missing s390x & ppc64le wheels on PyPI → source‐build fallback

Confirmed on PyPI that for Python 3.12 the only Linux binary wheels provided are:

• manylinux_2_26 x86_64 & manylinux_2_26 aarch64
• musllinux_1_2 x86_64, musllinux_1_2 aarch64 & i686
  —all tagged as abi3, not cp312-cp312 .
  No manylinux2014 or musllinux wheel exists for s390x or ppc64le; those platforms will fall back to building from source .

Please ensure your image build for s390x and ppc64le includes the system-level build dependencies needed by pyzmq’s C extension (e.g., libzmq headers and a C compiler). For example, in your Dockerfile add:

# before pip install requirements.txt
RUN yum install -y libzmq-devel gcc && \
    yum clean all

—or the equivalent for your base OS package manager—so that pip can compile pyzmq on those arches.

🤖 Prompt for AI Agents

In jupyter/tensorflow/ubi9-python-3.12/requirements.txt around lines 2545-2636,
the pyzmq 27.0.2 wheel is not available for s390x and ppc64le on PyPI so pip
will fallback to source build on those arches; modify the relevant Dockerfile
(or image build scripts) to install the system-level build deps required to
compile pyzmq (e.g., libzmq development headers and a C compiler) before running
pip install, using the base OS package manager (yum/dnf/apt) and cleaning
package caches afterward so pip can successfully build the extension on s390x
and ppc64le.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Major lxml upgrade to 6.0.1: verify wheel availability for all target architectures and regressions.

lxml 6 is a major release; ensure:

• Wheels exist for all arches you build (x86_64, aarch64, ppc64le, s390x) to avoid source builds during image build.
• No downstream packages rely on removed/deprecated APIs.

Run to confirm wheel coverage and avoid slow native builds:

If any target arch is missing, consider holding at lxml 5.x for that image or adding a per-image override.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
curl -s https://pypi.org/pypi/lxml/6.0.1/json | jq -r '
  .releases["6.0.1"][] | .filename' | sort
# Expect manylinux/musllinux wheels for: x86_64, aarch64, ppc64le, s390x

Length of output: 178

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Fetch all filenames for lxml 6.0.1
filenames=$(curl -s https://pypi.org/pypi/lxml/json | jq -r '.releases["6.0.1"][] | .filename')

# Print filenames
echo "Distributions for lxml 6.0.1:"
echo "$filenames" | sort

# Verify wheel availability for each target architecture
for arch in x86_64 aarch64 ppc64le s390x; do
  if echo "$filenames" | grep -qiE "$arch"; then
    echo "$arch: wheel found"
  else
    echo "$arch: wheel missing"
  fi
done

Length of output: 45562

---

Missing s390x wheel for lxml 6.0.1 – action required

Our PyPI check shows that lxml 6.0.1 provides prebuilt wheels for x86_64, aarch64 and ppc64le, but no wheel for s390x. This will force a source build during the s390x image build, leading to slower CI runs and potential toolchain complications.

• Target arches and wheel status:
– x86_64: wheel found
– aarch64: wheel found
– ppc64le: wheel found
– s390x: wheel missing

• Next steps:
– For s390x images, either pin to the latest 5.x release that does publish s390x wheels, or explicitly add a per-image override to build from source and verify the build toolchain.
– Ensure no critical downstream APIs were removed in lxml 6 (e.g., .getparent(), iterators); run existing test suites against 6.0.1 to catch regressions.

Please address the missing s390x wheel before merging this upgrade.

🤖 Prompt for AI Agents

runtimes/pytorch+llmcompressor/ubi9-python-3.12/requirements.txt lines 853-969:
lxml==6.0.1 lacks a prebuilt s390x wheel causing source builds on s390x; either
pin lxml to the latest 5.x release that provides s390x wheels for s390x images
or add a per-image override for s390x that (a) pins to the 5.x wheel or (b)
documents/forces a source build and installs required build-toolchain deps;
after changing the requirement, run the s390x image CI build and the existing
test suite to verify no API regressions (e.g., .getparent(), iterators) before
merging.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

BeautifulSoup 4 bumped — verify soupsieve/runtime compatibility in built image

bs4 relies on soupsieve for CSS selectors and you’ve pinned soupsieve==2.7 later in this file, which should be compatible. Please still run a quick import + pip check in the final image to catch any resolver edge cases.

---

🏁 Script executed:

#!/bin/bash
# Run this inside the built rocm-pytorch:py312 image
python - <<'PY'
import bs4, soupsieve
from bs4 import BeautifulSoup
print("bs4:", bs4.__version__)
print("soupsieve:", soupsieve.__version__)
print("selector test:", bool(BeautifulSoup("<div><p class='x'>a</p></div>", "html.parser").select_one("div > p.x")))
PY
pip check

Length of output: 168

---

Action Required: BeautifulSoup4 Not Installed in ROCm PyTorch Image

The verification script indicates that bs4 is not present in the built rocm-pytorch:py312 image:

• The import test fails with ModuleNotFoundError: No module named 'bs4'.
• pip check reporting no broken requirements is expected when a package is simply absent.

This means the beautifulsoup4==4.13.5 entry in runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt is not being installed. Please:

• Confirm that the requirements file is actually used during the image build (and in the correct directory).
• Verify that the line-continuation and hash flags aren’t causing pip to skip or mis-parse the beautifulsoup4 entry.
• Rebuild the image and rerun the import test to ensure import bs4 succeeds.

Locations to inspect:

• runtimes/rocm-pytorch/ubi9-python-3.12/requirements.txt around lines 198–200
• The Dockerfile or build script that invokes pip install for this requirements file

Once the requirement is correctly installed, rerun:

python - <<'PY'
import bs4, soupsieve
from bs4 import BeautifulSoup
print("bs4:", bs4.__version__)
print("soupsieve:", soupsieve.__version__)
print("selector test:", bool(BeautifulSoup("<div><p class='x'>a</p></div>", "html.parser").select_one("div > p.x")))
PY

and ensure no import errors occur.

[openshift-ci]

@jiridanek: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/rocm-runtime-tf-ubi9-python-3-11-pr-image-mirror	d8c792a	link	true	/test rocm-runtime-tf-ubi9-python-3-11-pr-image-mirror
ci/prow/rocm-runtimes-ubi9-e2e-tests	d8c792a	link	true	/test rocm-runtimes-ubi9-e2e-tests
ci/prow/notebooks-ubi9-e2e-tests	d8c792a	link	true	/test notebooks-ubi9-e2e-tests
ci/prow/codeserver-notebook-e2e-tests	d8c792a	link	true	/test codeserver-notebook-e2e-tests
ci/prow/notebooks-py312-ubi9-e2e-tests	d8c792a	link	true	/test notebooks-py312-ubi9-e2e-tests
ci/prow/rocm-notebooks-e2e-tests	d8c792a	link	true	/test rocm-notebooks-e2e-tests
ci/prow/runtimes-ubi9-e2e-tests	d8c792a	link	true	/test runtimes-ubi9-e2e-tests
ci/prow/rocm-notebooks-py312-e2e-tests	d8c792a	link	true	/test rocm-notebooks-py312-e2e-tests

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-merge-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.