Skip to content

upgraded tornado #462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
KingaMas merged 1 commit into from
Nov 11, 2025
Merged

upgraded tornado #462

KingaMas merged 1 commit into from
Nov 11, 2025

Conversation

@KingaMas
Copy link
Member

@KingaMas KingaMas commented Nov 11, 2025
edited by coderabbitai bot
Loading

Pull Request Template

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

  • [ x ] Bug fix (non-breaking change which fixes an issue)

Checklist

  • [ x ] My code follows the style guidelines of this project
  • [ x ] I have performed a self-review of my own code
  • [ x ] I have commented my code, particularly in hard-to-understand areas
  • [ x ] I have made corresponding changes to the documentation
  • [ x ] My changes generate no new warnings
  • [ x ] I have added tests that prove my fix is effective or that my feature works
  • [ x ] New and existing unit tests pass locally with my changes
  • [ x ] Any dependent changes have been merged and published in downstream modules
  • [ x ] I have checked my code and corrected any misspellings

Summary by CodeRabbit

Chores

  • Updated project dependencies to improve compatibility across different operating systems and platforms.
  • Added new analysis and data processing capabilities through expanded library support.
  • Removed redundant dependency entries to streamline package management.
  • Refined platform-specific dependency conditions for improved environment detection and compatibility.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 11, 2025
edited
Loading

Walkthrough

Dependency manifest files updated with platform condition normalizations and package roster changes. pyproject.toml adds tornado to documentation and development dependencies whilst removing a duplicate constraint. requirements.txt undergoes substantial refactoring including platform syntax standardization, removal of deprecated dash components, introduction of new dependencies (bibtexparser, pandarallel, matplotlib-venn, shapely), and comprehensive comment reorganisation across dependency linkage references.

Changes

Cohort / File(s) Summary
pyproject.toml dependency updates
pyproject.toml		 Added tornado>=6.5 to both docs and dev dependency arrays; removed duplicate mp-api==0.45.5 from strict constraint list.
requirements.txt platform conditions and package roster
requirements.txt		 Normalised platform condition syntax (appnope, colorama, nvidia-nccl-cu12); removed dash-core-components, dash-html-components, dash-table, and exceptiongroup entries; added bibtexparser==1.4.3, pandarallel==1.6.5, matplotlib-venn==1.1.2, shapely==2.1.2; consolidated and reorganised via-dependency comments throughout.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

  • Verify tornado version constraint compatibility with existing documentation and development toolchains
  • Confirm all platform condition syntax changes (Darwin → darwin, sys_platform standardization) are applied consistently
  • Validate new dependency versions and their transitive dependency implications
  • Cross-check dash component removal doesn't break any documentation or build workflows

Poem

🐰 Our carrot patch grows cleaner still,
With platforms standardised with careful will,
Dash components tidied, new tools arrive—
matplotlib-venn helps visualisations thrive!
Conditions normalised, dependencies arranged,
Our manifest garden thoughtfully changed.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Description check ⚠️ Warning The pull request description is incomplete; it is primarily the template with most sections unfilled, including the summary, issue reference, testing details, reviewers, and context. Complete the description template with specific information: what changed and why, which issue is fixed (or remove the placeholder), testing approach, and relevant context for reviewers.
Title check ❓ Inconclusive The title 'upgraded tornado' is vague and does not clearly convey what specific aspect of the tornado dependency was upgraded or why. Provide a more descriptive title that specifies the version upgrade, e.g., 'Upgrade tornado to version 6.5 for security fixes' or clarify the primary motivation for the upgrade.
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch hotfix/security_fixes
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5854659 and fed704c.

📒 Files selected for processing (2)
  • pyproject.toml (2 hunks)
  • requirements.txt (13 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
  • GitHub Check: test (3.13, ubuntu-latest)
  • GitHub Check: test (3.12, ubuntu-latest)
  • GitHub Check: test (3.12, macos-latest)
  • GitHub Check: test (3.11, windows-latest)
  • GitHub Check: test (3.13, macos-latest)
  • GitHub Check: test (3.10, ubuntu-latest)
  • GitHub Check: test (3.10, macos-latest)
  • GitHub Check: test (3.12, windows-latest)
  • GitHub Check: test (3.10, windows-latest)
  • GitHub Check: test (3.11, macos-latest)
  • GitHub Check: test (3.11, ubuntu-latest)
🔇 Additional comments (4)
pyproject.toml (2)

72-79: Confirm tornado is not already a transitive dependency via myst-nb or sphinx.

Line 78 adds tornado>=6.5 to the docs section. However, Tornado is typically pulled in transitively by Jupyter/IPython tools (e.g., myst-nb at line 77, or ipykernel). Verify that this explicit addition is necessary and not redundant.

Also confirm whether version >=6.5 specifically addresses a documented security issue (given the PR is on the hotfix/security_fixes branch).

366-366: Tornado added to both docs optional-dependencies and dev dependency-groups.

Line 366 adds tornado>=6.5 to the [dependency-groups] dev section, and line 78 adds it to [project.optional-dependencies] docs. Verify whether both are necessary or if one location is redundant. If Tornado is only needed when building docs, keep it in docs only; if needed throughout dev workflows, place it in dev only (or both if there is a specific rationale).

requirements.txt (2)

291-292: Verify nvidia-nccl-cu12 platform condition excludes aarch64 intentionally.

Line 291 changes the platform condition for nvidia-nccl-cu12 to platform_machine != 'aarch64' and sys_platform == 'linux', explicitly excluding ARM64 Linux systems. Confirm this reflects a genuine constraint (NVIDIA CUDA may not support aarch64 on Linux) and is not an unintended regression for ARM64 users.

33-34: Scope mismatch: PR title suggests tornado upgrade, but multiple new packages added.

This PR is titled "upgraded tornado" and labelled a security hotfix, yet requires.txt now includes new dependencies: bibtexparser (transitive via pymatgen), pandarallel, matplotlib-venn, and shapely. These are not directly related to tornado security updates.

Clarify the PR scope:

  • Are pandarallel, matplotlib-venn, and shapely intentional additions, or accidental lock-file regeneration artefacts?
  • If intentional, update the PR description to reflect these additions and their security/functional rationale.
  • If unintended, revert to a minimal lock-file update (tornado only).

Also applies to: 209-210, 309-310, 507-508

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link

codecov bot commented Nov 11, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.54%. Comparing base (5854659) to head (fed704c).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #462   +/-   ##
=======================================
  Coverage   80.54%   80.54%           
=======================================
  Files          33       33           
  Lines        2873     2873           
=======================================
  Hits         2314     2314           
  Misses        559      559

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@KingaMas KingaMas enabled auto-merge November 11, 2025 15:46
@KingaMas KingaMas disabled auto-merge November 11, 2025 15:49
@KingaMas KingaMas merged commit d5c16e5 into master Nov 11, 2025
16 checks passed
@KingaMas KingaMas deleted the hotfix/security_fixes branch November 11, 2025 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@KingaMas