Bump-deps-20250130

[jc-harrison]

I have:

• Formatted any Python files with black
• Brought the branch up to date with master
• Added any relevant Github labels
• Added tests for any new additions
• Added or updated any relevant documentation
• Added an Architectural Decision Record (ADR), if appropriate
• Added an MPLv2 License Header if appropriate
• Updated the Changelog

Description

• Bumps Airflow version to 2.10.4 in FlowETL
• Re-locks all Python dependencies
• Bumps docker base images

Summary by CodeRabbit

Release Notes

• Chores
  • Updated base Docker images for multiple components:
    • Jupyter notebook image in examples Dockerfile
    • Python Alpine image in flowapi Dockerfile
    • Apache Airflow image in flowetl Dockerfile
    • Python Bullseye image in flowmachine Dockerfile
  • Upgraded Airflow version from 2.10.1 to 2.10.4
  • Updated apispec package version constraint in flowapi Pipfile and setup.py
• New Features
  • Enhanced schema flexibility by adding additionalProperties field to labels in multiple schemas, allowing for dynamic key-value pairs.

These updates ensure the latest base images are used, improve package compatibility, and enhance the flexibility of data representation across our schemas.

[coderabbitai]

Walkthrough

This pull request focuses on updating base Docker images and the Airflow version across multiple Dockerfiles. The changes involve upgrading base images for various components, including Jupyter SciPy notebook, Python Alpine, Apache Airflow, and Python Bullseye images. Additionally, the version constraints for the apispec package have been modified in both the Pipfile and setup.py. The modifications are primarily version bumps, ensuring the latest stable versions are used in the project's containerised environments.

Changes

File	Change Summary
examples.Dockerfile	Updated base image to a new Jupyter SciPy notebook version
flowapi.Dockerfile	Updated Python Alpine base image to a new digest
flowetl.Dockerfile	Upgraded Apache Airflow from version 2.9.3 to 2.10.4
flowetl/.airflow-version	Updated Airflow version from 2.10.1 to 2.10.4
flowmachine.Dockerfile	Updated Python Bullseye base image to a new digest
flowapi/Pipfile	Updated apispec version constraint to <6.7.1
flowapi/setup.py	Updated apispec[yaml] dependency version constraint to <6.7.1
integration_tests/tests/flowapi_tests/test_api_spec.test_generated_openapi_json_spec.approved.txt	Updated labels property to include additionalProperties: {} in multiple schemas
integration_tests/tests/flowapi_tests/test_api_spec.test_generated_openapi_yaml_spec.approved.txt	Updated labels property to include additionalProperties: {} in multiple schemas
integration_tests/tests/flowmachine_server_tests/test_server.test_api_spec_of_flowmachine_query_schemas.approved.txt	Updated labels property to include additionalProperties: {} in multiple schemas

Suggested labels

enhancement, FlowETL, FlowMachine

Poem

🐰 Dockerfiles dancing, versions anew,
Base images hopping with updates so true,
From Alpine to Airflow, each container gleams,
A rabbit's delight in technological dreams!
Upgrade complete, containers now shine! 🚀

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4cb70e3 and 41bc5bb.

⛔ Files ignored due to path filters (12)

• deployment/Pipfile.lock is excluded by !**/*.lock
• docs/Pipfile.lock is excluded by !**/*.lock
• flowapi/Pipfile.lock is excluded by !**/*.lock
• flowauth/Pipfile.lock is excluded by !**/*.lock
• flowclient/Pipfile.lock is excluded by !**/*.lock
• flowdb/Pipfile.lock is excluded by !**/*.lock
• flowdb/testdata/synthetic_data/Pipfile.lock is excluded by !**/*.lock
• flowdb/testdata/test_data/Pipfile.lock is excluded by !**/*.lock
• flowdb/tests/Pipfile.lock is excluded by !**/*.lock
• flowkit_jwt_generator/Pipfile.lock is excluded by !**/*.lock
• flowmachine/Pipfile.lock is excluded by !**/*.lock
• integration_tests/Pipfile.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• integration_tests/tests/flowapi_tests/test_api_spec.test_generated_openapi_json_spec.approved.txt (3 hunks)
• integration_tests/tests/flowapi_tests/test_api_spec.test_generated_openapi_yaml_spec.approved.txt (3 hunks)
• integration_tests/tests/flowmachine_server_tests/test_server.test_api_spec_of_flowmachine_query_schemas.approved.txt (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: run_build_pipeline
• GitHub Check: CodeQL-Build
• GitHub Check: Summary

🔇 Additional comments (7)

integration_tests/tests/flowmachine_server_tests/test_server.test_api_spec_of_flowmachine_query_schemas.approved.txt (3)

1793-1793: Schema change: Added additionalProperties to MeaningfulLocationsBetweenDatesODMatrix labels.

Similar change applied to maintain consistency across related schemas. This aligns with the changes in MeaningfulLocationsAggregate.

---

1908-1908: Schema change: Added additionalProperties to MeaningfulLocationsBetweenLabelODMatrix labels.

Consistent schema update applied to the third related schema. This maintains a uniform approach to label handling across all meaningful location queries.

---

1683-1683: Schema change: Added additionalProperties to MeaningfulLocationsAggregate labels.

The change makes the schema more flexible by allowing arbitrary key-value pairs in the labels object. While this provides more flexibility, consider documenting any expected label formats to maintain consistency.

Run this script to check for existing label usage patterns:

✅ Verification successful

Schema change is appropriate and well-supported

The addition of additionalProperties to the labels schema is a deliberate design choice that:

• Allows for future label types without breaking changes
• Maintains compatibility with existing implementations
• Is properly tested and validated

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Search for MeaningfulLocationsAggregate query usage to understand current label patterns
rg -A 5 "meaningful_locations_aggregate.*labels" 

Length of output: 50

---

Script:

#!/bin/bash
# Search for MeaningfulLocationsAggregate usage and schema definitions
rg -i "meaningfullocationsaggregate" -A 5

# Also check for any test files containing this query type
fd "test.*\.py|test.*\.json" --exec grep -l "MeaningfulLocationsAggregate" {} \;

# Look for schema definitions
ast-grep --pattern 'MeaningfulLocationsAggregate = {
  $$$
}'

Length of output: 27931

integration_tests/tests/flowapi_tests/test_api_spec.test_generated_openapi_yaml_spec.approved.txt (3)

1685-1685: Schema change: Added additionalProperties to MeaningfulLocationsAggregate labels.

Consistent schema update in the OpenAPI YAML spec. This matches the changes in the JSON schema definition.

---

1795-1795: Schema change: Added additionalProperties to MeaningfulLocationsBetweenDatesODMatrix labels.

Parallel schema update in the OpenAPI YAML spec, maintaining consistency with the JSON schema.

---

1910-1910: Schema change: Added additionalProperties to MeaningfulLocationsBetweenLabelODMatrix labels.

Matching schema update in the OpenAPI YAML spec, ensuring alignment across all schema representations.

integration_tests/tests/flowapi_tests/test_api_spec.test_generated_openapi_json_spec.approved.txt (1)

1685-1685: Schema relaxation: Verify if this is an intentional change.

The addition of additionalProperties: {} to the labels property in the meaningful locations schemas allows for more flexible label structures by permitting arbitrary key-value pairs. While this change improves flexibility, please confirm if this schema relaxation is intentional and not an unintended side effect of the dependency updates.

Run the following script to check if this change is consistent with other OpenAPI specs and if it was introduced by the dependency updates:

Also applies to: 1795-1795, 1910-1910

✅ Verification successful

Schema change follows established pattern

The addition of additionalProperties: {} to the labels property is consistent with existing patterns in the codebase, as evidenced by similar implementations in both demo_scopes.json and api_spec.json. This change standardises the schema structure across meaningful locations endpoints.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for similar changes in other OpenAPI specs and recent commits
# that might have introduced this change.

# Check other OpenAPI specs for consistency
echo "Checking other OpenAPI specs for additionalProperties in labels..."
rg -A 2 '"labels":\s*{' --type yaml --type json

# Check recent commits that modified the OpenAPI specs
echo "Checking recent commits that modified the OpenAPI specs..."
git log -p -- '*.yaml' '*.json' | rg -A 5 -B 5 'additionalProperties'

Length of output: 409

---

Script:

#!/bin/bash
# Search for labels and additionalProperties patterns in JSON and YAML files
echo "Searching for labels property patterns..."
rg -U '"labels"\s*:\s*\{' --type json --type yaml -B 2 -A 5

echo -e "\nSearching for additionalProperties usage..."
rg -U '"additionalProperties"\s*:' --type json --type yaml -B 2 -A 2

echo -e "\nChecking for schema definitions..."
fd -e json -e yaml -e yml | xargs grep -l "openapi\|swagger" 2>/dev/null

Length of output: 6162

---

Script:

#!/bin/bash
# Check the contents of the other API spec file
echo "Checking api_spec.json for labels and additionalProperties..."
cat flowauth/frontend/cypress/fixtures/api_spec.json | grep -A 5 -B 2 '"labels"'

Length of output: 2274

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[llamapreview]

Auto Pull Request Review from LlamaPReview

Large PR Notification

Dear contributor,

Thank you for your substantial contribution to this project. LlamaPReview has detected that this Pull Request contains a large volume of changes, which exceeds our current processing capacity.

Details:

• PR and related contents total size: Approximately 607,111 characters
• Current limit: 50,000 characters

Next steps:

1. Consider breaking this PR into smaller, more focused changes if possible.
2. For manual review, please reach out to your team members or maintainers.

We appreciate your understanding and commitment to improving this project. Your contributions are valuable, and we want to ensure they receive the attention they deserve.

LlamaPReview is continuously evolving to better serve the community. Share your thoughts on handling large PRs in our GitHub Discussions - your feedback helps us improve and expand our capabilities.

If you have any questions or need assistance, our community and support team are here to help.

Best regards,
LlamaPReview Team

[cypress]

FlowAuth    Run #24378

Run Properties:   Passed #24378  •  41bc5bb6eb: Update approved API specs

Project	FlowAuth
Branch Review	bump-deps-20250130
Run status	Passed #24378
Run duration	00m 45s
Commit	41bc5bb6eb: Update approved API specs
Committer	James Harrison
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	4
View all changes introduced in this branch ↗︎

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.90%. Comparing base (e1ef9e0) to head (41bc5bb).
Report is 9 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6943      +/-   ##
==========================================
- Coverage   92.13%   91.90%   -0.23%     
==========================================
  Files         253      276      +23     
  Lines       10535    10761     +226     
  Branches     1276      695     -581     
==========================================
+ Hits         9706     9890     +184     
- Misses        679      726      +47     
+ Partials      150      145       -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.