Skip to content

RHOAIENG-21842: bump JupyterLab-related dependencies in all Python 3.11 and 3.12 Pipfiles #1218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Aug 8, 2025

Conversation

jiridanek
Copy link
Member

@jiridanek jiridanek commented Jun 28, 2025

https://issues.redhat.com/browse/RHOAIENG-21842

Description

This change pulls in the Trash updates in JupyterLab UI

Pipfile.lock action

How Has This Been Tested?

podman run -p 8888:8888 --rm -it ghcr.io/jiridanek/notebooks/workbench-images:jupyter-minimal-ubi9-python-3.11-_6b57a34fa58829a45d68fbc5f603410acb3ba076
Screenshot 2025-08-08 at 12 24 19 AM

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

Summary by CodeRabbit

Summary by CodeRabbit

  • Chores
    • Upgraded JupyterLab to version 4.4.x and Jupyter Server to 2.16.0 across all notebook images.
    • Updated related Jupyter ecosystem packages (e.g., jupyterlab-lsp, jupyterlab-widgets, jupyterlab-git) to minor newer versions.
    • Raised minimum Python version requirements for JupyterLab from 3.8 to 3.9 where applicable.
    • Updated image metadata and annotations to reflect the new package versions for consistency and improved stability.

@jiridanek jiridanek added do-not-merge/hold tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. trivy-scan This label that allows trivy to create a security report on the pull requests labels Jun 28, 2025
@openshift-ci openshift-ci bot requested review from andyatmiami and paulovmr June 28, 2025 14:05
Copy link
Contributor

openshift-ci bot commented Jun 28, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign andyatmiami for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the size/m label Jun 28, 2025
Copy link
Contributor

coderabbitai bot commented Jun 28, 2025

Walkthrough

This update raises the version of JupyterLab and related packages across multiple Pipfiles and requirements.txt files, and updates corresponding version annotations in several image stream YAML manifests. No package names, dependencies, or code structures were changed—only minor and patch version bumps for Jupyter ecosystem components.

Changes

Cohort / File(s) Change Summary
Jupyter Pipfile Updates (Python 3.11)
jupyter/datascience/ubi9-python-3.11/Pipfile, jupyter/pytorch/ubi9-python-3.11/Pipfile, jupyter/rocm/pytorch/ubi9-python-3.11/Pipfile, jupyter/rocm/tensorflow/ubi9-python-3.11/Pipfile, jupyter/tensorflow/ubi9-python-3.11/Pipfile, jupyter/trustyai/ubi9-python-3.11/Pipfile
Upgraded jupyterlab to 4.4.4, jupyter-server to 2.16.0, jupyterlab-lsp to 5.1.1, and jupyterlab-widgets to 3.0.15.
Minimal Jupyter Pipfile Updates (Python 3.11 & 3.12)
jupyter/minimal/ubi9-python-3.11/Pipfile, jupyter/minimal/ubi9-python-3.12/Pipfile
Upgraded jupyterlab to 4.4.4 and jupyter-server to 2.16.0.
Jupyter Pipfile Updates (Python 3.12)
jupyter/datascience/ubi9-python-3.12/Pipfile, jupyter/pytorch/ubi9-python-3.12/Pipfile, jupyter/rocm/pytorch/ubi9-python-3.12/Pipfile, jupyter/tensorflow/ubi9-python-3.12/Pipfile, jupyter/trustyai/ubi9-python-3.12/Pipfile
Upgraded jupyterlab to 4.4.4, jupyter-server to 2.16.0, jupyterlab-lsp to 5.1.1, and jupyterlab-widgets to 3.0.15.
Pipfile LLM Compressor (Python 3.11)
jupyter/pytorch+llmcompressor/ubi9-python-3.11/Pipfile
Upgraded odh-elyra to 4.2.3, jupyterlab to 4.4.4, jupyter-server to 2.16.0, and jupyterlab-git to 0.51.1.
Jupyter Resource Usage Update (Python 3.11)
jupyter/rocm/tensorflow/ubi9-python-3.11/Pipfile
Also upgraded jupyter-resource-usage to 1.1.1 in addition to other JupyterLab ecosystem packages.
Image Stream Manifest Updates (Python 3.12)
manifests/overlays/additional/jupyter-datascience-cpu-py312-ubi9-imagestream.yaml, manifests/overlays/additional/jupyter-minimal-cpu-py312-ubi9-imagestream.yaml, manifests/overlays/additional/jupyter-minimal-cuda-py312-ubi9-imagestream.yaml, manifests/overlays/additional/jupyter-minimal-rocm-py312-ubi9-imagestream.yaml, manifests/overlays/additional/jupyter-pytorch-cuda-py312-ubi9-imagestream.yaml, manifests/overlays/additional/jupyter-pytorch-rocm-py312-ubi9-imagestream.yaml, manifests/overlays/additional/jupyter-tensorflow-cuda-py312-ubi9-imagestream.yaml, manifests/overlays/additional/jupyter-trustyai-cpu-py312-ubi9-imagestream.yaml
Updated JupyterLab version annotation from 4.2 to 4.4 in image stream YAMLs.
Image Stream Manifest Updates (Python 3.11)
manifests/base/jupyter-datascience-notebook-imagestream.yaml, manifests/base/jupyter-minimal-gpu-notebook-imagestream.yaml, manifests/base/jupyter-minimal-notebook-imagestream.yaml, manifests/base/jupyter-pytorch-notebook-imagestream.yaml, manifests/base/jupyter-rocm-minimal-notebook-imagestream.yaml, manifests/base/jupyter-rocm-pytorch-notebook-imagestream.yaml, manifests/base/jupyter-rocm-tensorflow-notebook-imagestream.yaml, manifests/base/jupyter-tensorflow-notebook-imagestream.yaml, manifests/base/jupyter-trustyai-notebook-imagestream.yaml
Updated JupyterLab version annotation from 4.2 to 4.4 in base image stream YAML manifests.
Requirements.txt Updates (Python 3.11 & 3.12)
jupyter/datascience/ubi9-python-3.11/requirements.txt, jupyter/minimal/ubi9-python-3.11/requirements.txt, jupyter/pytorch/ubi9-python-3.11/requirements.txt, jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt, jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt, jupyter/tensorflow/ubi9-python-3.11/requirements.txt, jupyter/trustyai/ubi9-python-3.11/requirements.txt, jupyter/datascience/ubi9-python-3.12/requirements.txt, jupyter/minimal/ubi9-python-3.12/requirements.txt, jupyter/pytorch/ubi9-python-3.12/requirements.txt, jupyter/rocm/pytorch/ubi9-python-3.12/requirements.txt, jupyter/tensorflow/ubi9-python-3.12/requirements.txt, jupyter/trustyai/ubi9-python-3.12/requirements.txt, jupyter/pytorch+llmcompressor/ubi9-python-3.11/requirements.txt
Bumped jupyterlab to 4.4.4 and jupyter-server to 2.16.0 with updated SHA256 hashes; raised Python minimum version requirement for jupyterlab from 3.8 to 3.9; adjusted some other package versions and hashes in LLM compressor environment.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Suggested labels

size/m

Suggested reviewers

  • atheo89
✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai generate unit tests to generate unit tests for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@openshift-ci openshift-ci bot added size/m and removed size/m labels Jun 28, 2025
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
jupyter/datascience/ubi9-python-3.11/Pipfile (1)

34-41: Pin jupyter-server for reproducibility

For the same reasons already mentioned, consider an exact pin here as well:

-jupyter-server = "~=2.16.0"
+jupyter-server = "==2.16.0"

Ensures image rebuilds remain deterministic across all notebook flavours.

jupyter/tensorflow/ubi9-python-3.11/Pipfile (1)

39-46: Consistency with other images

All other updated Pipfiles now pin jupyterlab exactly but allow jupyter-server to float. Please decide on one policy (exact pin vs compatible release) and apply it everywhere to avoid divergence between images built at different times.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d52bd1d and a35a79b.

📒 Files selected for processing (7)
  • jupyter/datascience/ubi9-python-3.11/Pipfile (1 hunks)
  • jupyter/minimal/ubi9-python-3.11/Pipfile (1 hunks)
  • jupyter/pytorch/ubi9-python-3.11/Pipfile (1 hunks)
  • jupyter/rocm/pytorch/ubi9-python-3.11/Pipfile (1 hunks)
  • jupyter/rocm/tensorflow/ubi9-python-3.11/Pipfile (1 hunks)
  • jupyter/tensorflow/ubi9-python-3.11/Pipfile (1 hunks)
  • jupyter/trustyai/ubi9-python-3.11/Pipfile (1 hunks)
🧰 Additional context used
🧠 Learnings (8)
📓 Common learnings
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-16T11:32:09.203Z
Learning: In the opendatahub-io/notebooks repository, there is a known issue with missing `runtimes/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml` file that causes rocm runtime tests to fail with "no such file or directory" error. This is tracked in JIRA RHOAIENG-22044 and was intended to be fixed in PR #1015.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-20T11:51:59.716Z
Learning: This project follows the practice of associating PRs with Jira tickets from https://issues.redhat.com for traceability between requirements, release process, and product documentation. This is critical for enterprise software development compliance and cross-team coordination.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
jupyter/minimal/ubi9-python-3.11/Pipfile (2)
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1127
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:20-20
Timestamp: 2025-06-27T07:49:01.198Z
Learning: jiridanek reviewed the transformers v4.50.0 release notes and assessed that the changes are minimal and unlikely to cause TrustyAI integration problems, indicating the actual changelog contained mostly bug fixes and minor additions rather than breaking changes.
jupyter/rocm/pytorch/ubi9-python-3.11/Pipfile (2)
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-16T11:32:09.203Z
Learning: In the opendatahub-io/notebooks repository, there is a known issue with missing `runtimes/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml` file that causes rocm runtime tests to fail with "no such file or directory" error. This is tracked in JIRA RHOAIENG-22044 and was intended to be fixed in PR #1015.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
jupyter/pytorch/ubi9-python-3.11/Pipfile (2)
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1127
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:20-20
Timestamp: 2025-06-27T07:49:01.198Z
Learning: jiridanek reviewed the transformers v4.50.0 release notes and assessed that the changes are minimal and unlikely to cause TrustyAI integration problems, indicating the actual changelog contained mostly bug fixes and minor additions rather than breaking changes.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
jupyter/datascience/ubi9-python-3.11/Pipfile (1)
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
jupyter/trustyai/ubi9-python-3.11/Pipfile (3)
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1127
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:20-20
Timestamp: 2025-06-27T07:49:01.198Z
Learning: jiridanek reviewed the transformers v4.50.0 release notes and assessed that the changes are minimal and unlikely to cause TrustyAI integration problems, indicating the actual changelog contained mostly bug fixes and minor additions rather than breaking changes.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1127
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:20-20
Timestamp: 2025-06-27T07:49:01.198Z
Learning: Transformers v4.50.0 contains only non-breaking changes including documentation redesign, repository maintenance, performance enhancements, and bug fixes, with no API changes that would affect TrustyAI integration.
jupyter/tensorflow/ubi9-python-3.11/Pipfile (2)
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1127
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:20-20
Timestamp: 2025-06-27T07:49:01.198Z
Learning: jiridanek reviewed the transformers v4.50.0 release notes and assessed that the changes are minimal and unlikely to cause TrustyAI integration problems, indicating the actual changelog contained mostly bug fixes and minor additions rather than breaking changes.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
jupyter/rocm/tensorflow/ubi9-python-3.11/Pipfile (2)
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-16T11:32:09.203Z
Learning: In the opendatahub-io/notebooks repository, there is a known issue with missing `runtimes/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml` file that causes rocm runtime tests to fail with "no such file or directory" error. This is tracked in JIRA RHOAIENG-22044 and was intended to be fixed in PR #1015.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: Generate list of images for release notes
🔇 Additional comments (3)
jupyter/trustyai/ubi9-python-3.11/Pipfile (1)

45-56: Double-check Elyra ↔ JupyterLab compatibility

odh-elyra is still at 4.2.1 while jupyterlab jumped to 4.4.4.
Upstream Elyra 4.2.x was released against the 4.2 JupyterLab line; it hasn’t been officially tested on 4.4.x yet. Runtime UI extensions may silently fail to load.

Before merging, open one of the TrustyAI images, launch JupyterLab and confirm that:

  1. The Elyra panel appears with no JS console errors.
  2. Elyra pipelines can be created & saved.

If issues appear, bump Elyra to ≥ 4.4 or keep JupyterLab at 4.2.* for this image.

jupyter/pytorch/ubi9-python-3.11/Pipfile (1)

44-51: ✅ All Pipfiles now pin JupyterLab 4.4.x – verify front-end plugin compatibility

Ran:

rg -n --no-heading 'jupyterlab\s*=\s*"==4\.[0-3]\.' || echo "✅ All Pipfiles aligned on 4.4.x"

Output: ✅ All Pipfiles aligned on 4.4.x

Next steps:

  • Confirm any prebuilt extensions (e.g. odh-elyra==4.2.1) declare "engines": { "jupyterlab": ">=4.4.0" } in their package.json, so they load under 4.4.4.
  • Verify upstream peerDependency ranges for jupyterlab-git and jupyterlab-lsp cover 4.4.x to avoid silent breakage.
jupyter/rocm/tensorflow/ubi9-python-3.11/Pipfile (1)

41-49: Keep an eye on jupyter-resource-usage & Lab 4.4 integration

Good to see the coordinated bump (jupyterlab 4.4.4, jupyterlab-lsp 5.1.1, jupyter-resource-usage 1.1.1).
jupyter-resource-usage bundles a server extension that imports internal JupyterLab utilities; mismatched versions previously caused 500s on notebook start-up.

No requested changes — just flagging it for post-build smoke-testing (open a notebook, check the resource meter loads).
Tagging for visibility.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between accf2f8 and 224f423.

⛔ Files ignored due to path filters (12)
  • jupyter/datascience/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • jupyter/minimal/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • jupyter/pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • jupyter/rocm/pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • jupyter/rocm/tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • jupyter/tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • jupyter/trustyai/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • runtimes/datascience/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • runtimes/pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • runtimes/rocm-pytorch/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • runtimes/rocm-tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
  • runtimes/tensorflow/ubi9-python-3.11/Pipfile.lock is excluded by !**/*.lock
📒 Files selected for processing (12)
  • jupyter/datascience/ubi9-python-3.11/requirements.txt (3 hunks)
  • jupyter/minimal/ubi9-python-3.11/requirements.txt (3 hunks)
  • jupyter/pytorch/ubi9-python-3.11/requirements.txt (3 hunks)
  • jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt (3 hunks)
  • jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt (3 hunks)
  • jupyter/tensorflow/ubi9-python-3.11/requirements.txt (3 hunks)
  • jupyter/trustyai/ubi9-python-3.11/requirements.txt (3 hunks)
  • runtimes/datascience/ubi9-python-3.11/requirements.txt (1 hunks)
  • runtimes/pytorch/ubi9-python-3.11/requirements.txt (1 hunks)
  • runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt (1 hunks)
  • runtimes/rocm-tensorflow/ubi9-python-3.11/requirements.txt (1 hunks)
  • runtimes/tensorflow/ubi9-python-3.11/requirements.txt (1 hunks)
✅ Files skipped from review due to trivial changes (6)
  • runtimes/rocm-tensorflow/ubi9-python-3.11/requirements.txt
  • jupyter/datascience/ubi9-python-3.11/requirements.txt
  • jupyter/tensorflow/ubi9-python-3.11/requirements.txt
  • runtimes/tensorflow/ubi9-python-3.11/requirements.txt
  • runtimes/rocm-pytorch/ubi9-python-3.11/requirements.txt
  • jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt
🧰 Additional context used
🧠 Learnings (7)
📓 Common learnings
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-16T11:32:09.203Z
Learning: In the opendatahub-io/notebooks repository, there is a known issue with missing `runtimes/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml` file that causes rocm runtime tests to fail with "no such file or directory" error. This is tracked in JIRA RHOAIENG-22044 and was intended to be fixed in PR #1015.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: TrustyAI's jupyter-bokeh was pinned to 3.0.5 due to compatibility requirements with TrustyAI's visualization components, but the actual deployed version in requirements.txt shows 3.0.7, indicating incremental testing. The upgrade to 4.0.5 in this PR represents the completion of a gradual migration strategy from the 3.x series after confirming compatibility with Bokeh 3.7.3.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-20T11:51:59.716Z
Learning: This project follows the practice of associating PRs with Jira tickets from https://issues.redhat.com for traceability between requirements, release process, and product documentation. This is critical for enterprise software development compliance and cross-team coordination.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/datascience/ubi9-python-3.11/Pipfile:34-36
Timestamp: 2025-06-28T14:13:27.869Z
Learning: In the opendatahub-io/notebooks repository, the dependency pinning strategy follows a deliberate pattern: core `jupyterlab` package uses exact pinning (==) across all notebook images to ensure UI consistency, while JupyterLab extensions and all server components (jupyter-server, jupyter-server-proxy, jupyter-server-terminals) use compatible release (~=) pinning to allow automatic security updates and bug fixes while maintaining API compatibility.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: TrustyAI explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency in both their requirements.txt and pyproject.toml files, with no open issues tracking jupyter-bokeh 4.x compatibility. This creates an unresolvable pip dependency conflict when trying to upgrade jupyter-bokeh to 4.x in notebook images that include TrustyAI.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: The jupyter-bokeh package was previously pinned to version 3.0.5 in the TrustyAI notebook image due to compatibility requirements with TrustyAI components, as indicated by the comment "Should be pinned down to this version in order to be compatible with trustyai" that was removed in this update.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: The jupyter-bokeh pinning to 3.0.5 in TrustyAI notebook image was not due to TrustyAI code compatibility issues, but because the trustyai package itself explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency, causing pip dependency resolution conflicts when trying to upgrade to jupyter-bokeh 4.x.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: TrustyAI 0.6.1 (latest version as of June 2025) has a hard dependency constraint on jupyter-bokeh~=3.0.5, preventing upgrades to jupyter-bokeh 4.x in notebook images that include TrustyAI. This requires either waiting for TrustyAI to update their dependency or excluding TrustyAI from jupyter-bokeh upgrades.
runtimes/datascience/ubi9-python-3.11/requirements.txt (2)

undefined

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: TrustyAI's jupyter-bokeh was pinned to 3.0.5 due to compatibility requirements with TrustyAI's visualization components, but the actual deployed version in requirements.txt shows 3.0.7, indicating incremental testing. The upgrade to 4.0.5 in this PR represents the completion of a gradual migration strategy from the 3.x series after confirming compatibility with Bokeh 3.7.3.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
</retrieved_learning>

runtimes/pytorch/ubi9-python-3.11/requirements.txt (1)

undefined

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: TrustyAI's jupyter-bokeh was pinned to 3.0.5 due to compatibility requirements with TrustyAI's visualization components, but the actual deployed version in requirements.txt shows 3.0.7, indicating incremental testing. The upgrade to 4.0.5 in this PR represents the completion of a gradual migration strategy from the 3.x series after confirming compatibility with Bokeh 3.7.3.
</retrieved_learning>

jupyter/minimal/ubi9-python-3.11/requirements.txt (7)
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: TrustyAI's jupyter-bokeh was pinned to 3.0.5 due to compatibility requirements with TrustyAI's visualization components, but the actual deployed version in requirements.txt shows 3.0.7, indicating incremental testing. The upgrade to 4.0.5 in this PR represents the completion of a gradual migration strategy from the 3.x series after confirming compatibility with Bokeh 3.7.3.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: The jupyter-bokeh package was previously pinned to version 3.0.5 in the TrustyAI notebook image due to compatibility requirements with TrustyAI components, as indicated by the comment "Should be pinned down to this version in order to be compatible with trustyai" that was removed in this update.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: TrustyAI explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency in both their requirements.txt and pyproject.toml files, with no open issues tracking jupyter-bokeh 4.x compatibility. This creates an unresolvable pip dependency conflict when trying to upgrade jupyter-bokeh to 4.x in notebook images that include TrustyAI.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/datascience/ubi9-python-3.11/Pipfile:34-36
Timestamp: 2025-06-28T14:13:27.869Z
Learning: In the opendatahub-io/notebooks repository, the dependency pinning strategy follows a deliberate pattern: core `jupyterlab` package uses exact pinning (==) across all notebook images to ensure UI consistency, while JupyterLab extensions and all server components (jupyter-server, jupyter-server-proxy, jupyter-server-terminals) use compatible release (~=) pinning to allow automatic security updates and bug fixes while maintaining API compatibility.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: TrustyAI 0.6.1 (latest version as of June 2025) has a hard dependency constraint on jupyter-bokeh~=3.0.5, preventing upgrades to jupyter-bokeh 4.x in notebook images that include TrustyAI. This requires either waiting for TrustyAI to update their dependency or excluding TrustyAI from jupyter-bokeh upgrades.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: The jupyter-bokeh pinning to 3.0.5 in TrustyAI notebook image was not due to TrustyAI code compatibility issues, but because the trustyai package itself explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency, causing pip dependency resolution conflicts when trying to upgrade to jupyter-bokeh 4.x.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
jupyter/pytorch/ubi9-python-3.11/requirements.txt (7)

undefined

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: TrustyAI explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency in both their requirements.txt and pyproject.toml files, with no open issues tracking jupyter-bokeh 4.x compatibility. This creates an unresolvable pip dependency conflict when trying to upgrade jupyter-bokeh to 4.x in notebook images that include TrustyAI.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: TrustyAI's jupyter-bokeh was pinned to 3.0.5 due to compatibility requirements with TrustyAI's visualization components, but the actual deployed version in requirements.txt shows 3.0.7, indicating incremental testing. The upgrade to 4.0.5 in this PR represents the completion of a gradual migration strategy from the 3.x series after confirming compatibility with Bokeh 3.7.3.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: The jupyter-bokeh package was previously pinned to version 3.0.5 in the TrustyAI notebook image due to compatibility requirements with TrustyAI components, as indicated by the comment "Should be pinned down to this version in order to be compatible with trustyai" that was removed in this update.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: TrustyAI 0.6.1 (latest version as of June 2025) has a hard dependency constraint on jupyter-bokeh~=3.0.5, preventing upgrades to jupyter-bokeh 4.x in notebook images that include TrustyAI. This requires either waiting for TrustyAI to update their dependency or excluding TrustyAI from jupyter-bokeh upgrades.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/datascience/ubi9-python-3.11/Pipfile:34-36
Timestamp: 2025-06-28T14:13:27.869Z
Learning: In the opendatahub-io/notebooks repository, the dependency pinning strategy follows a deliberate pattern: core jupyterlab package uses exact pinning (==) across all notebook images to ensure UI consistency, while JupyterLab extensions and all server components (jupyter-server, jupyter-server-proxy, jupyter-server-terminals) use compatible release (~=) pinning to allow automatic security updates and bug fixes while maintaining API compatibility.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: The jupyter-bokeh pinning to 3.0.5 in TrustyAI notebook image was not due to TrustyAI code compatibility issues, but because the trustyai package itself explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency, causing pip dependency resolution conflicts when trying to upgrade to jupyter-bokeh 4.x.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
</retrieved_learning>

jupyter/trustyai/ubi9-python-3.11/requirements.txt (7)

undefined

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: TrustyAI 0.6.1 (latest version as of June 2025) has a hard dependency constraint on jupyter-bokeh~=3.0.5, preventing upgrades to jupyter-bokeh 4.x in notebook images that include TrustyAI. This requires either waiting for TrustyAI to update their dependency or excluding TrustyAI from jupyter-bokeh upgrades.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: TrustyAI explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency in both their requirements.txt and pyproject.toml files, with no open issues tracking jupyter-bokeh 4.x compatibility. This creates an unresolvable pip dependency conflict when trying to upgrade jupyter-bokeh to 4.x in notebook images that include TrustyAI.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: The jupyter-bokeh package was previously pinned to version 3.0.5 in the TrustyAI notebook image due to compatibility requirements with TrustyAI components, as indicated by the comment "Should be pinned down to this version in order to be compatible with trustyai" that was removed in this update.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: TrustyAI's jupyter-bokeh was pinned to 3.0.5 due to compatibility requirements with TrustyAI's visualization components, but the actual deployed version in requirements.txt shows 3.0.7, indicating incremental testing. The upgrade to 4.0.5 in this PR represents the completion of a gradual migration strategy from the 3.x series after confirming compatibility with Bokeh 3.7.3.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: The jupyter-bokeh pinning to 3.0.5 in TrustyAI notebook image was not due to TrustyAI code compatibility issues, but because the trustyai package itself explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency, causing pip dependency resolution conflicts when trying to upgrade to jupyter-bokeh 4.x.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/datascience/ubi9-python-3.11/Pipfile:34-36
Timestamp: 2025-06-28T14:13:27.869Z
Learning: In the opendatahub-io/notebooks repository, the dependency pinning strategy follows a deliberate pattern: core jupyterlab package uses exact pinning (==) across all notebook images to ensure UI consistency, while JupyterLab extensions and all server components (jupyter-server, jupyter-server-proxy, jupyter-server-terminals) use compatible release (~=) pinning to allow automatic security updates and bug fixes while maintaining API compatibility.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
</retrieved_learning>

jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt (8)

undefined

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: TrustyAI's jupyter-bokeh was pinned to 3.0.5 due to compatibility requirements with TrustyAI's visualization components, but the actual deployed version in requirements.txt shows 3.0.7, indicating incremental testing. The upgrade to 4.0.5 in this PR represents the completion of a gradual migration strategy from the 3.x series after confirming compatibility with Bokeh 3.7.3.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: TrustyAI explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency in both their requirements.txt and pyproject.toml files, with no open issues tracking jupyter-bokeh 4.x compatibility. This creates an unresolvable pip dependency conflict when trying to upgrade jupyter-bokeh to 4.x in notebook images that include TrustyAI.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-16T11:32:09.203Z
Learning: In the opendatahub-io/notebooks repository, there is a known issue with missing runtimes/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml file that causes rocm runtime tests to fail with "no such file or directory" error. This is tracked in JIRA RHOAIENG-22044 and was intended to be fixed in PR #1015.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:15:41.149Z
Learning: The jupyter-bokeh package was previously pinned to version 3.0.5 in the TrustyAI notebook image due to compatibility requirements with TrustyAI components, as indicated by the comment "Should be pinned down to this version in order to be compatible with trustyai" that was removed in this update.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: TrustyAI 0.6.1 (latest version as of June 2025) has a hard dependency constraint on jupyter-bokeh~=3.0.5, preventing upgrades to jupyter-bokeh 4.x in notebook images that include TrustyAI. This requires either waiting for TrustyAI to update their dependency or excluding TrustyAI from jupyter-bokeh upgrades.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/trustyai/ubi9-python-3.11/Pipfile:49-49
Timestamp: 2025-06-28T14:21:09.406Z
Learning: The jupyter-bokeh pinning to 3.0.5 in TrustyAI notebook image was not due to TrustyAI code compatibility issues, but because the trustyai package itself explicitly declares jupyter-bokeh~=3.0.5 as a hard dependency, causing pip dependency resolution conflicts when trying to upgrade to jupyter-bokeh 4.x.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1218
File: jupyter/datascience/ubi9-python-3.11/Pipfile:34-36
Timestamp: 2025-06-28T14:13:27.869Z
Learning: In the opendatahub-io/notebooks repository, the dependency pinning strategy follows a deliberate pattern: core jupyterlab package uses exact pinning (==) across all notebook images to ensure UI consistency, while JupyterLab extensions and all server components (jupyter-server, jupyter-server-proxy, jupyter-server-terminals) use compatible release (~=) pinning to allow automatic security updates and bug fixes while maintaining API compatibility.
</retrieved_learning>

<retrieved_learning>
Learnt from: jiridanek
PR: #1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
</retrieved_learning>

⏰ Context from checks skipped due to timeout of 90000ms (14)
  • GitHub Check: build (jupyter-minimal-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (cuda-jupyter-tensorflow-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (rocm-runtime-tensorflow-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (runtime-cuda-tensorflow-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (rocm-runtime-pytorch-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (rocm-jupyter-tensorflow-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (jupyter-trustyai-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (cuda-jupyter-pytorch-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (cuda-jupyter-minimal-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (jupyter-datascience-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (rocm-jupyter-minimal-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (rocm-jupyter-pytorch-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (runtime-datascience-ubi9-python-3.11, linux/amd64, false) / build
  • GitHub Check: build (runtime-cuda-pytorch-ubi9-python-3.11, linux/amd64, false) / build
🔇 Additional comments (10)
jupyter/trustyai/ubi9-python-3.11/requirements.txt (2)

1014-1016: Jupyter-Server bump looks good – double-check cross-image alignment

jupyter-server==2.16.0 is still within the 2.x stream used across the repo and keeps API compatibility with JupyterLab ≥4.2. No functional concerns here.
Please just verify the other notebook images in the PR consume the same server version so we don’t end up with a mixed fleet.


1026-1028: JupyterLab 4.4.4 upgrade – watch extension compatibility

The jump to 4.4.4 is safe for core usage and matches the pinning strategy (exact ==).
Upstream extensions (jupyterlab-lsp, Elyra, custom widgets, etc.) must all be tested against 4.4.x. From the lockfile they look current, but please run the smoke/UI tests before releasing.

runtimes/pytorch/ubi9-python-3.11/requirements.txt (1)

1052-1150: All images consistently pin multidict==6.5.1 with no known vulnerabilities

  • rg check confirms every notebook and runtime requirements file now uniformly uses multidict==6.5.1—no version skew.
  • GitHub Advisory Database query returned no security vulnerabilities for any multidict version, including 6.5.1.

No further action required.

runtimes/datascience/ubi9-python-3.11/requirements.txt (1)

1042-1139: multidict pin consistency verified – no vulnerabilities detected

  • Every Jupyter and runtime image is already pinned to multidict==6.5.1
  • pip-audit reports no known CVEs for version 6.5.1

No further action needed.

jupyter/pytorch/ubi9-python-3.11/requirements.txt (3)

987-989: jupyterlab jump to 4.4.x looks fine – just make sure 3rd-party lab extensions still load.

jupyterlab 4.4.4 raises the minimum Python to 3.9 (our base image is 3.11 – OK) and tightens the peer-dep to jupyter-server>=2.8.1,<3.
Nothing actionable here, just flagging that smoke-testing the notebook UI (opening, saving, running a simple cell) after the build is a must.


975-977: Consistent jupyter-server==2.16.0 across all images

All occurrences of the jupyter-server pin have been updated to 2.16.0; no image is on an older version. You can now proceed with your downstream extension or UI smoke tests to catch any silent API breaks.

Files and lines checked:

  • jupyter/datascience/ubi9-python-3.11/requirements.txt:971
  • jupyter/minimal/ubi9-python-3.11/requirements.txt:526
  • jupyter/pytorch/ubi9-python-3.11/requirements.txt:975
  • jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt:975
  • jupyter/rocm/tensorflow/ubi9-python-3.11/requirements.txt:993
  • jupyter/tensorflow/ubi9-python-3.11/requirements.txt:990
  • jupyter/trustyai/ubi9-python-3.11/requirements.txt:1014

1290-1388: Verify CVE-2024-27305 fix in multidict
The PyPA advisory-db lookup didn’t surface any entry for CVE-2024-27305. Please confirm the patched version by checking:

  • multidict’s upstream CHANGELOG or GitHub Security Advisories for CVE-2024-27305
  • the first release that includes the fix (e.g. 6.6.0)

If the fix indeed landed in 6.6.0 (or later), revert to multidict==6.6.0 and address the original dependency conflict another way (for example, upper-pin aiohttp<3.13). Let me know if you need help crafting a safe pin set.

jupyter/minimal/ubi9-python-3.11/requirements.txt (2)

526-528: No conflicting jupyter-server pins detected

I ran a repo-wide search for any jupyter-server constraints other than ==2.16.0 and found none. All requirements and Pipfiles are already aligned with the new pin—no further changes needed.


538-540: Verify JupyterLab 4.4.x Front-end Extension Compatibility

Since this repo doesn’t include any package.json files to programmatically confirm extension pins, please manually smoke-test the Lab upgrade:

• Open JupyterLab and confirm the Trash icon/UI appears
• Load and exercise your primary server-side extensions (Git, LSP, Elyra) and ensure they initialize without frontend errors

jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt (1)

975-977: No jupyter-server-proxy dependency detected — merge OK

A search of jupyter/rocm/pytorch/ubi9-python-3.11/requirements.txt found no jupyter-server-proxy entry. Since this image doesn’t include the proxy extension, bumping to jupyter-server==2.16.0 poses no downstream proxy compatibility risk.

jiridanek and others added 4 commits August 7, 2025 23:15
…11 / 3.12 Pipfiles

- fixup: align `jupyter-bokeh` version to `~3.0.5` for TrustyAI 0.6.1 compatibility

This update pulls in the Trash updates in JupyterLab UI
@openshift-ci openshift-ci bot added size/xl and removed size/xl labels Aug 7, 2025
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🔭 Outside diff range comments (1)
manifests/base/jupyter-tensorflow-notebook-imagestream.yaml (1)

28-34: Bump Odh-Elyra to 4.4 to align with JupyterLab 4.4
JupyterLab was updated from 4.2→4.4 (2025.1 tag) but Odh-Elyra remains pinned at 4.2 across multiple images. Upstream Elyra 4.2 only supports JL 4.2; JL 4.4 support landed in Elyra 4.4, so please update Odh-Elyra to a 4.4.x release to avoid extension-loader warnings at startup.

Please update these occurrences (and any others) to Odh-Elyra 4.4:
• manifests/overlays/additional/jupyter-trustyai-cpu-py312-ubi9-imagestream.yaml:40
• manifests/base/jupyter-rocm-pytorch-notebook-imagestream.yaml:38,76
• manifests/base/jupyter-pytorch-notebook-imagestream.yaml:41,82
• manifests/overlays/additional/jupyter-tensorflow-cuda-py312-ubi9-imagestream.yaml:41
• manifests/overlays/additional/jupyter-pytorch-cuda-py312-ubi9-imagestream.yaml:40
• manifests/base/jupyter-tensorflow-notebook-imagestream.yaml:42,83
• manifests/base/jupyter-datascience-notebook-imagestream.yaml:36,73
• manifests/overlays/additional/jupyter-pytorch-rocm-py312-ubi9-imagestream.yaml:37
• manifests/base/jupyter-rocm-tensorflow-notebook-imagestream.yaml:38,75
• manifests/base/jupyter-trustyai-notebook-imagestream.yaml:41,83
• manifests/overlays/additional/jupyter-datascience-cpu-py312-ubi9-imagestream.yaml:35

…and in all Pipfile entries currently pegged at 4.2.3 under jupyter//Pipfile:
• e.g. jupyter/rocm/tensorflow/ubi9-python-3.11/Pipfile:39
• jupyter/pytorch/ubi9-python-3.12/Pipfile:42
• jupyter/trustyai/
/Pipfile:46
(etc. – see full search output)

🧹 Nitpick comments (1)
jupyter/pytorch+llmcompressor/ubi9-python-3.11/requirements.txt (1)

986-988: JupyterLab bumped to 4.4.4 (Python >= 3.9) — LGTM; add basic UI smoke tests for Trash

Pin looks correct and matches the PR goal (Trash improvements). Recommend adding simple validation steps to unblock the PR hold:

  • Launch the py311 image.
  • Create a file, delete it, verify it appears under “Trash.”
  • Restore the file, verify it returns to its original path.
  • Empty Trash and verify directory is cleaned without errors.

I can help draft these as scripted steps for your test guide if useful.

Comment on lines +1003 to +1005
jupyterlab==4.4.4; python_version >= '3.9' \
--hash=sha256:163fee1ef702e0a057f75d2eed3ed1da8a986d59eb002cbeb6f0c2779e6cd153 \
--hash=sha256:711611e4f59851152eb93316c3547c3ec6291f16bb455f1f4fa380d25637e0dd
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Double-check extension compatibility after moving to jupyterlab 4.4.4

Jumping two minor releases is usually safe, but a few ecosystem packages sometimes lag (e.g. jupyter-lab-lsp, widgets). Recommend a quick scan for hard upper bounds in the repo to avoid runtime surprises.


🏁 Script executed:

#!/bin/bash
# Detect packages that cap JupyterLab below 4.4
rg --no-heading --line-number -e 'jupyterlab[ <>=~]*[0-9]+\.[0-9]+\.[0-9]+' |
  grep -v '4\.4\.4' || echo "No pinned older versions found."

Length of output: 160


Address hard‐pinned JupyterLab version in example

Our scan uncovered a conflicting pin at examples/jupyterlab-with-elyra/Dockerfile:48:

  • examples/jupyterlab-with-elyra/Dockerfile:48
    jupyterlab==4.2.7
    Please update this to align with jupyterlab==4.4.4 (e.g. jupyterlab==4.4.4 or jupyterlab>=4.4.4) to avoid version conflicts in your example.
🤖 Prompt for AI Agents
In jupyter/datascience/ubi9-python-3.11/requirements.txt around lines 1003 to
1005, the JupyterLab version is hard-pinned to 4.4.4, but the example Dockerfile
at examples/jupyterlab-with-elyra/Dockerfile line 48 uses version 4.2.7, causing
a version conflict. Update the Dockerfile line 48 to match this file by changing
the JupyterLab version to 4.4.4 or a compatible range like >=4.4.4 to ensure
consistency and avoid conflicts.

Comment on lines +1046 to +1048
jupyterlab==4.4.4; python_version >= '3.9' \
--hash=sha256:163fee1ef702e0a057f75d2eed3ed1da8a986d59eb002cbeb6f0c2779e6cd153 \
--hash=sha256:711611e4f59851152eb93316c3547c3ec6291f16bb455f1f4fa380d25637e0dd
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

jupyterlab 4.4.4 bump: good; ensure extension compatibility and validate Trash UI

  • Python constraint raised to >=3.9 matches upstream; OK for py311 images.
  • Pinned extensions around it look compatible at a glance (e.g., jupyterlab-server==2.27.3, jupyterlab-git==0.51.2, jupyterlab-lsp==5.1.1). Please validate in CI/manual tests that these extensions load under 4.4.4.
  • Given the PR objective (Trash feature), include a short manual check in testing notes (e.g., delete file -> appears in Trash, restore/remove actions, “Empty Trash” behavior).

Script to sanity-check repository-wide alignment on JupyterLab:


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Verify jupyterlab==4.4.4 across requirements.txt and Pipfiles"
fd -t f -a requirements.txt Pipfile | while read -r f; do
  if rg -n "jupyterlab\s*==\s*4\.4\.4" "$f" > /dev/null; then
    printf "OK   %s\n" "$f"
  else
    printf "MISS %s\n" "$f"
  fi
done | sort

echo
echo "Locate any jupyterlab references with mismatched versions:"
rg -n "jupyterlab\s*=="

Length of output: 304


To accurately verify the JupyterLab version pinning across both requirements and Pipfile manifests, let’s re-run with a find+grep approach:


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Scanning for jupyterlab==4.4.4 in requirements.txt and Pipfile"
find . -type f \( -name 'requirements.txt' -o -name 'Pipfile' \) -print0 \
  | xargs -0 grep -Hn "jupyterlab\s*==\s*4\.4\.4" || true

echo
echo "All occurrences of jupyterlab pins:"
grep -RIn "jupyterlab\s*==" .

Length of output: 3407


jupyterlab 4.4.4 bump: consistency check & example mismatch

  • All notebook image requirements.txt files now consistently pin
    jupyterlab==4.4.4 (python_version ≥ 3.9).
  • One outlier remains in an example:
    • examples/jupyterlab-with-elyra/Dockerfile:48 is still pinned to jupyterlab==4.2.7.
    Please update this to 4.4.4 or confirm it must stay at 4.2.7 for elyra compatibility.
  • As before, ensure your CI/manual smoke tests load all extensions under 4.4.4 (e.g., jupyterlab-server, jupyterlab-git, jupyterlab-lsp).
  • Add a brief manual verification step for the Trash UI in your testing notes:
    • delete → appears in Trash
    • restore/remove actions
    • “Empty Trash” behavior
🤖 Prompt for AI Agents
In jupyter/tensorflow/ubi9-python-3.11/requirements.txt around lines 1046 to
1048, update the example file examples/jupyterlab-with-elyra/Dockerfile at line
48 to pin jupyterlab to version 4.4.4 instead of 4.2.7 to maintain consistency.
After updating, run CI or manual smoke tests to verify all extensions like
jupyterlab-server, jupyterlab-git, and jupyterlab-lsp load correctly under
version 4.4.4. Also, add a manual verification step in your testing notes to
check the Trash UI functionality including delete, restore/remove actions, and
the “Empty Trash” behavior.

Copy link
Contributor

openshift-ci bot commented Aug 7, 2025

@jiridanek: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/rocm-runtime-pt-ubi9-python-3-11-pr-image-mirror 3b39f8a link true /test rocm-runtime-pt-ubi9-python-3-11-pr-image-mirror
ci/prow/rocm-runtime-tf-ubi9-python-3-11-pr-image-mirror 3b39f8a link true /test rocm-runtime-tf-ubi9-python-3-11-pr-image-mirror
ci/prow/runtime-cuda-tf-ubi9-python-3-11-pr-image-mirror 3b39f8a link true /test runtime-cuda-tf-ubi9-python-3-11-pr-image-mirror
ci/prow/runtime-cuda-pt-ubi9-python-3-11-pr-image-mirror 3b39f8a link true /test runtime-cuda-pt-ubi9-python-3-11-pr-image-mirror
ci/prow/runtime-ds-ubi9-python-3-11-pr-image-mirror 3b39f8a link true /test runtime-ds-ubi9-python-3-11-pr-image-mirror
ci/prow/runtime-ubi9-python-3-11-pr-image-mirror 3b39f8a link true /test runtime-ubi9-python-3-11-pr-image-mirror
ci/prow/codeserver-ubi9-python-3-11-pr-image-mirror 3b39f8a link true /test codeserver-ubi9-python-3-11-pr-image-mirror
ci/prow/rocm-runtimes-ubi9-e2e-tests 3b39f8a link true /test rocm-runtimes-ubi9-e2e-tests
ci/prow/runtimes-ubi9-e2e-tests 3b39f8a link true /test runtimes-ubi9-e2e-tests
ci/prow/codeserver-notebook-e2e-tests 3b39f8a link true /test codeserver-notebook-e2e-tests
ci/prow/notebooks-py312-ubi9-e2e-tests a4a5bbb link true /test notebooks-py312-ubi9-e2e-tests

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@jiridanek
Copy link
Member Author

/kfbuild odh-workbench-jupyter-minimal-cpu-py312-ubi9-on-pull-request

@jiridanek
Copy link
Member Author

/kfbuild odh-workbench-jupyter-pytorch-cuda-py312-ubi9-on-pull-request

@jiridanek jiridanek merged commit 20d7c9d into opendatahub-io:main Aug 8, 2025
62 of 72 checks passed
@jiridanek jiridanek deleted the jd_jupyterlab_444 branch August 8, 2025 07:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
size/xl tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. trivy-scan This label that allows trivy to create a security report on the pull requests
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants