perf: autobump conda envs

[johanneskoester]

Automated changes by create-pull-request GitHub action

Summary by CodeRabbit

Release Notes

• New Features

  • Added explicit Linux-64 environment specifications for reproducible and consistent environment setup across deployments.

• Updates

  • Upgraded bioinformatics tools including samtools, bcftools, tabix, arriba, bedtools, vembrane, and varlociraptor to latest stable versions.
  • Updated Python packages (pandas, numpy, pysam) and R ecosystem components for enhanced functionality.
  • Bumped system utilities and runtime dependencies for improved compatibility and performance.

[coderabbitai]

Walkthrough

Adds many new explicit linux-64 Conda pinfiles and bumps versions in numerous workflow/envs/*.yaml files; changes are only environment specifications and dependency version updates, no runtime code or control-flow changes.

Changes

Cohort / File(s)	Summary of changes
Pinned linux-64 env manifests workflow/envs/*.linux-64.pin.txt	Added many @explicit Conda pin files for linux-64 (exact package URLs + hashes) to reproducibly create environments.
Bioinformatics tool YAMLs workflow/envs/arriba.yaml, workflow/envs/awk.yaml, workflow/envs/awk_bedtools.yaml, workflow/envs/bcftools.yaml, workflow/envs/bedtools.yaml, workflow/envs/fgbio.yaml, workflow/envs/htslib.yaml, workflow/envs/jannovar.yaml, workflow/envs/kmc.yaml, workflow/envs/mark_duplicates.yaml, workflow/envs/mosdepth.yaml, workflow/envs/pysam.yaml, workflow/envs/rbt.yaml, workflow/envs/samtools.yaml, workflow/envs/snpsift.yaml, workflow/envs/tabix.yaml, workflow/envs/umi_tools.yaml, workflow/envs/varlociraptor.yaml, workflow/envs/vcf2maf.yaml, workflow/envs/vembrane.yaml	Version bumps for many bioinformatics packages (e.g., arriba→2.5.1, bedtools→2.31.1, bcftools→1.22, htslib→1.22.1, samtools→1.22.1, mosdepth→0.3.11, pysam→0.23.3, jannovar-cli→0.36, kmc→3.2.4, snpsift→5.3.0a, tabix→1.11, umi_tools→1.1.6, varlociraptor→8.8.1, vcf2maf→1.6.22, vembrane→2.4.0).
Python data / analysis YAMLs & pins workflow/envs/excel.yaml, workflow/envs/oncoprint.yaml, workflow/envs/pandas.yaml, workflow/envs/pystats.yaml, workflow/envs/split_call_tables.yaml, workflow/envs/pandas.linux-64.pin.txt, workflow/envs/pystats.linux-64.pin.txt, workflow/envs/split_call_tables.linux-64.pin.txt	Upgrades to Python stack and libraries (pandas→2.3.3, numpy bumps, Python →3.13/3.14 where applicable; biopython, altair, scikit-learn, statsmodels, pysam updates). Pin files added for reproducibility.
Utilities / tooling YAMLs & pins workflow/envs/curl.yaml, workflow/envs/vega.yaml, workflow/envs/vega.linux-64.pin.txt, workflow/envs/curl.linux-64.pin.txt	Tooling bumps (curl, vega-lite-cli) and explicit pin files added.
R environment YAML & pin workflow/envs/siglasso.yaml, workflow/envs/siglasso.linux-64.pin.txt	R stack and R-package version updates (r-base→4.5.1 and related R packages) plus explicit pin file.
Rust/toolchain and build deps workflow/envs/filter_reads.yaml, workflow/envs/filter_reads.linux-64.pin.txt	Rust-related upgrades (rust-script, rust, cryptography, compiler tooling) and explicit pin file.
Other workflow-specific pinned envs workflow/envs/{awk_bedtools,bcftools,bedtools,fgbio,htslib,jannovar,kmc,mark_duplicates,mosdepth,oncoprint,pysam,rbt,samtools,siglasso,snpsift,tabix,umi_tools,varlociraptor,vcf2maf,vega,vembrane}.linux-64.pin.txt	Added explicit pinned manifests for many workflow environments (conda-forge/bioconda URLs + hashes) to enable deterministic environment creation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Potential focus areas for review:

• Ensure critical tool version bumps (samtools/htslib/bcftools/pysam) remain compatible with workflow expectations.
• Verify Python/R major/minor upgrades (Python 3.14 / r-base 4.5.1) don't break downstream scripts.
• Spot-check a few representative .linux-64.pin.txt files for channel/source correctness and intended package builds.

Possibly related PRs

• fix: update to latest datavzrd and vembrane #329 — Related bump to vembrane in the same workflow/envs/vembrane.yaml.
• feat: refactor pangenome mapping #357 — Related kmc updates and pinning for workflow/envs/kmc.yaml.
• fix: fix filtering primerless reads by pinning rust-script #339 — Related changes to workflow/envs/filter_reads.yaml and rust-script handling.

Suggested reviewers

• dlaehnemann

Poem

I pinned each packet, byte by byte—so neat,
A hare in fields of YAML, light on feet.
With pandas, rust, and samtools all in line,
The envs hop in, reproducible and fine.
Thump-thump — the lockfile’s snug, the build’s complete. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "perf: autobump conda envs" is clearly related to the primary changes in the changeset. The PR consists of version bumps across multiple conda environment YAML files (e.g., arriba 2.5→2.5.1, gawk 5.1→5.3.1, bedtools 2.30→2.31.1, pandas 2.1→2.3.3, and numerous others) as well as the addition of explicit Linux-64 pin files (.linux-64.pin.txt) for reproducible environments. The title accurately captures the main action being taken—automatically bumping conda environment specifications. The title is concise, specific, and avoids vague terminology; it clearly conveys that this is an automated version update of conda environments.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch perf/autobump

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

workflow/envs/snpsift.linux-64.pin.txt (1)

22-93: Deduplicate repeated package entries.

This manifest repeats several packages (e.g., libedit/libev/libssh2) later in the file. While conda tolerates duplicates, trimming them keeps the pin file lean and avoids confusion next time we regenerate or diff these pins. Consider re-exporting with conda list --explicit > file from a clean env to ensure each artifact is listed once.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2150170 and 86dc412.

📒 Files selected for processing (57)

• workflow/envs/arriba.linux-64.pin.txt (1 hunks)
• workflow/envs/arriba.yaml (1 hunks)
• workflow/envs/awk.linux-64.pin.txt (1 hunks)
• workflow/envs/awk.yaml (1 hunks)
• workflow/envs/awk_bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/awk_bedtools.yaml (1 hunks)
• workflow/envs/bcftools.linux-64.pin.txt (1 hunks)
• workflow/envs/bcftools.yaml (1 hunks)
• workflow/envs/bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/bedtools.yaml (1 hunks)
• workflow/envs/curl.linux-64.pin.txt (1 hunks)
• workflow/envs/curl.yaml (1 hunks)
• workflow/envs/excel.linux-64.pin.txt (1 hunks)
• workflow/envs/excel.yaml (1 hunks)
• workflow/envs/fgbio.linux-64.pin.txt (1 hunks)
• workflow/envs/fgbio.yaml (1 hunks)
• workflow/envs/filter_reads.linux-64.pin.txt (1 hunks)
• workflow/envs/filter_reads.yaml (1 hunks)
• workflow/envs/htslib.linux-64.pin.txt (1 hunks)
• workflow/envs/htslib.yaml (1 hunks)
• workflow/envs/jannovar.linux-64.pin.txt (1 hunks)
• workflow/envs/jannovar.yaml (1 hunks)
• workflow/envs/kmc.linux-64.pin.txt (1 hunks)
• workflow/envs/kmc.yaml (1 hunks)
• workflow/envs/mark_duplicates.linux-64.pin.txt (1 hunks)
• workflow/envs/mark_duplicates.yaml (1 hunks)
• workflow/envs/mosdepth.linux-64.pin.txt (1 hunks)
• workflow/envs/mosdepth.yaml (1 hunks)
• workflow/envs/oncoprint.linux-64.pin.txt (1 hunks)
• workflow/envs/oncoprint.yaml (1 hunks)
• workflow/envs/pandas.linux-64.pin.txt (1 hunks)
• workflow/envs/pandas.yaml (1 hunks)
• workflow/envs/pysam.linux-64.pin.txt (1 hunks)
• workflow/envs/pysam.yaml (1 hunks)
• workflow/envs/pystats.linux-64.pin.txt (1 hunks)
• workflow/envs/pystats.yaml (1 hunks)
• workflow/envs/rbt.linux-64.pin.txt (1 hunks)
• workflow/envs/rbt.yaml (1 hunks)
• workflow/envs/samtools.linux-64.pin.txt (1 hunks)
• workflow/envs/samtools.yaml (1 hunks)
• workflow/envs/siglasso.linux-64.pin.txt (1 hunks)
• workflow/envs/siglasso.yaml (1 hunks)
• workflow/envs/snpsift.linux-64.pin.txt (1 hunks)
• workflow/envs/snpsift.yaml (1 hunks)
• workflow/envs/split_call_tables.linux-64.pin.txt (1 hunks)
• workflow/envs/split_call_tables.yaml (1 hunks)
• workflow/envs/tabix.linux-64.pin.txt (1 hunks)
• workflow/envs/tabix.yaml (1 hunks)
• workflow/envs/umi_tools.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.yaml (1 hunks)
• workflow/envs/vcf2maf.linux-64.pin.txt (1 hunks)
• workflow/envs/vcf2maf.yaml (1 hunks)
• workflow/envs/vega.linux-64.pin.txt (1 hunks)
• workflow/envs/vega.yaml (1 hunks)
• workflow/envs/vembrane.linux-64.pin.txt (1 hunks)
• workflow/envs/vembrane.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: test target regions, multiple BEDs
• GitHub Check: test sra download
• GitHub Check: test no candidate filtering
• GitHub Check: test testcase generation
• GitHub Check: test primers
• GitHub Check: test target regions
• GitHub Check: test local input

🔇 Additional comments (9)

workflow/envs/pystats.yaml (1)

5-9: Verify Python build availability on conda-forge

The repodata.json query returned no results; please confirm whether python=3.13.7 is published for linux-64 on conda-forge. If not, pin to a valid version (e.g. python=3.13).

workflow/envs/awk.yaml (1)

4-4: Version bump looks good.

gawk =5.3.1 matches the raised toolchain elsewhere; no concerns from my side.

workflow/envs/bedtools.yaml (1)

5-6: Upgrade aligns with ecosystem updates.

Bumping to bedtools =2.31.1 and samtools =1.22.1 keeps this env consistent with the rest of the PR; no issues.

workflow/envs/vcf2maf.yaml (1)

5-5: vcf2maf bump looks good.

vcf2maf =1.6.22 matches the new pin files; nothing further.

workflow/envs/fgbio.yaml (1)

5-5: fgbio-minimal 3.0.0 upgrade accepted.

Version aligns with the explicit pin set; no additional concerns.

workflow/envs/samtools.yaml (1)

5-6: Samtools stack update looks consistent.

samtools =1.22.1 with sed =4.9 aligns with the broader toolchain refresh.

workflow/envs/bcftools.yaml (1)

5-5: bcftools version bump acknowledged.

bcftools =1.22 matches the other environment updates; looks good.

workflow/envs/pandas.yaml (1)

5-6: Python 3.14.0 is available on conda-forge. No further changes needed.

workflow/envs/pysam.yaml (1)

5-6: No action needed: python 3.13.7 and pysam 0.23.3 are available. Verified python 3.13.7 on conda-forge and pysam 0.23.3 includes py313 builds on bioconda.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Python 3.14.0 and scikit-learn 1.7.2 are not on conda-forge

Neither pin exists today, so the solver will fail. Please retarget to published builds (e.g. python =3.13 and scikit-learn =1.5.2, or whatever the latest available versions are).

You can verify the available builds with:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "python versions:"
curl -s https://conda.anaconda.org/conda-forge/linux-64/repodata.json \
  | jq -r '.packages | to_entries[] | select(.value.name=="python") | .value.version' \
  | sort -V | tail

echo "scikit-learn versions:"
curl -s https://conda.anaconda.org/conda-forge/linux-64/repodata.json \
  | jq -r '.packages | to_entries[] | select(.value.name=="scikit-learn") | .value.version' \
  | sort -V | tail

Length of output: 169

---

Python 3.14.0 and scikit-learn 1.7.2 are not on conda-forge
Neither package is available; retarget to published builds (python =3.11.0, scikit-learn =1.1.3).

🤖 Prompt for AI Agents

In workflow/envs/oncoprint.yaml around lines 5 to 8, the environment pins
python=3.14.0 and scikit-learn=1.7.2 which are not available on conda-forge;
update those pins to published builds by setting python=3.11.0 and
scikit-learn=1.1.3 (leave pandas and statsmodels as-is), and verify the
environment resolves against conda-forge after the change.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 86dc412 and 777eb20.

📒 Files selected for processing (57)

• workflow/envs/arriba.linux-64.pin.txt (1 hunks)
• workflow/envs/arriba.yaml (1 hunks)
• workflow/envs/awk.linux-64.pin.txt (1 hunks)
• workflow/envs/awk.yaml (1 hunks)
• workflow/envs/awk_bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/awk_bedtools.yaml (1 hunks)
• workflow/envs/bcftools.linux-64.pin.txt (1 hunks)
• workflow/envs/bcftools.yaml (1 hunks)
• workflow/envs/bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/bedtools.yaml (1 hunks)
• workflow/envs/curl.linux-64.pin.txt (1 hunks)
• workflow/envs/curl.yaml (1 hunks)
• workflow/envs/excel.linux-64.pin.txt (1 hunks)
• workflow/envs/excel.yaml (1 hunks)
• workflow/envs/fgbio.linux-64.pin.txt (1 hunks)
• workflow/envs/fgbio.yaml (1 hunks)
• workflow/envs/filter_reads.linux-64.pin.txt (1 hunks)
• workflow/envs/filter_reads.yaml (1 hunks)
• workflow/envs/htslib.linux-64.pin.txt (1 hunks)
• workflow/envs/htslib.yaml (1 hunks)
• workflow/envs/jannovar.linux-64.pin.txt (1 hunks)
• workflow/envs/jannovar.yaml (1 hunks)
• workflow/envs/kmc.linux-64.pin.txt (1 hunks)
• workflow/envs/kmc.yaml (1 hunks)
• workflow/envs/mark_duplicates.linux-64.pin.txt (1 hunks)
• workflow/envs/mark_duplicates.yaml (1 hunks)
• workflow/envs/mosdepth.linux-64.pin.txt (1 hunks)
• workflow/envs/mosdepth.yaml (1 hunks)
• workflow/envs/oncoprint.linux-64.pin.txt (1 hunks)
• workflow/envs/oncoprint.yaml (1 hunks)
• workflow/envs/pandas.linux-64.pin.txt (1 hunks)
• workflow/envs/pandas.yaml (1 hunks)
• workflow/envs/pysam.linux-64.pin.txt (1 hunks)
• workflow/envs/pysam.yaml (1 hunks)
• workflow/envs/pystats.linux-64.pin.txt (1 hunks)
• workflow/envs/pystats.yaml (1 hunks)
• workflow/envs/rbt.linux-64.pin.txt (1 hunks)
• workflow/envs/rbt.yaml (1 hunks)
• workflow/envs/samtools.linux-64.pin.txt (1 hunks)
• workflow/envs/samtools.yaml (1 hunks)
• workflow/envs/siglasso.linux-64.pin.txt (1 hunks)
• workflow/envs/siglasso.yaml (1 hunks)
• workflow/envs/snpsift.linux-64.pin.txt (1 hunks)
• workflow/envs/snpsift.yaml (1 hunks)
• workflow/envs/split_call_tables.linux-64.pin.txt (1 hunks)
• workflow/envs/split_call_tables.yaml (1 hunks)
• workflow/envs/tabix.linux-64.pin.txt (1 hunks)
• workflow/envs/tabix.yaml (1 hunks)
• workflow/envs/umi_tools.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.yaml (1 hunks)
• workflow/envs/vcf2maf.linux-64.pin.txt (1 hunks)
• workflow/envs/vcf2maf.yaml (1 hunks)
• workflow/envs/vega.linux-64.pin.txt (1 hunks)
• workflow/envs/vega.yaml (1 hunks)
• workflow/envs/vembrane.linux-64.pin.txt (1 hunks)
• workflow/envs/vembrane.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (6)

• workflow/envs/tabix.linux-64.pin.txt
• workflow/envs/curl.yaml
• workflow/envs/bcftools.linux-64.pin.txt
• workflow/envs/varlociraptor.linux-64.pin.txt
• workflow/envs/arriba.yaml
• workflow/envs/htslib.linux-64.pin.txt

🚧 Files skipped from review as they are similar to previous changes (34)

• workflow/envs/kmc.yaml
• workflow/envs/awk.linux-64.pin.txt
• workflow/envs/awk.yaml
• workflow/envs/snpsift.yaml
• workflow/envs/siglasso.yaml
• workflow/envs/mark_duplicates.yaml
• workflow/envs/pystats.linux-64.pin.txt
• workflow/envs/curl.linux-64.pin.txt
• workflow/envs/mosdepth.yaml
• workflow/envs/bcftools.yaml
• workflow/envs/oncoprint.linux-64.pin.txt
• workflow/envs/mark_duplicates.linux-64.pin.txt
• workflow/envs/vcf2maf.linux-64.pin.txt
• workflow/envs/pysam.linux-64.pin.txt
• workflow/envs/split_call_tables.linux-64.pin.txt
• workflow/envs/oncoprint.yaml
• workflow/envs/jannovar.yaml
• workflow/envs/mosdepth.linux-64.pin.txt
• workflow/envs/vega.yaml
• workflow/envs/awk_bedtools.linux-64.pin.txt
• workflow/envs/filter_reads.yaml
• workflow/envs/siglasso.linux-64.pin.txt
• workflow/envs/split_call_tables.yaml
• workflow/envs/pysam.yaml
• workflow/envs/awk_bedtools.yaml
• workflow/envs/vega.linux-64.pin.txt
• workflow/envs/bedtools.yaml
• workflow/envs/fgbio.linux-64.pin.txt
• workflow/envs/filter_reads.linux-64.pin.txt
• workflow/envs/samtools.linux-64.pin.txt
• workflow/envs/umi_tools.linux-64.pin.txt
• workflow/envs/htslib.yaml
• workflow/envs/rbt.yaml
• workflow/envs/excel.linux-64.pin.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: test no candidate filtering
• GitHub Check: test sra download
• GitHub Check: test primers
• GitHub Check: test target regions, multiple BEDs
• GitHub Check: test target regions
• GitHub Check: test testcase generation
• GitHub Check: test local input

🔇 Additional comments (19)

workflow/envs/fgbio.yaml (1)

5-5: Verify that fgbio-minimal 3.0.0 is compatible and tested.

This is a major version bump from 2.2 to 3.0.0. While the exact pin syntax is correct and aids reproducibility, this change introduces potential breaking changes that need verification.

Please confirm:

1. That workflows and tasks using fgbio have been tested against version 3.0.0
2. Whether there are any known breaking changes or API differences between 2.2 and 3.0.0
3. That this is an intentional upgrade (rather than an unvetted automated bump)

workflow/envs/kmc.linux-64.pin.txt (2)

1-5: File format is correct and follows conda explicit specification.

The header and @EXPLICIT marker are properly formatted for a conda reproducible lock file.

---

6-32: Verify this pin file is synchronized with the kmc.yaml environment specification.

This explicit lock file pins kmc-3.2.4 (line 29) and supporting dependencies. Ensure this file is paired with a corresponding update to workflow/envs/kmc.yaml that specifies the same kmc version, and verify that both are consistent throughout the PR.

workflow/envs/jannovar.linux-64.pin.txt (2)

1-5: File format is correct and well-structured.

The file uses the proper @EXPLICIT Conda format with appropriate metadata headers (platform and created-by information). Each package entry includes a full URL with hash, which is the correct structure for explicit environment pin files.

---

6-69: Explicit pin file appropriately captures all transitive dependencies.

The package list includes all direct and transitive dependencies for the jannovar environment, including system libraries, development tools (OpenJDK), and bioinformatics packages. The final entry (line 69) correctly pins jannovar-cli to version 0.36, aligning with the version bump mentioned in the PR objectives.

Note: This is a linux-64-specific pin file; equivalent files would need to be generated for other architectures (e.g., osx-64, win-64) to ensure reproducibility across platforms.

workflow/envs/arriba.linux-64.pin.txt (1)

1-160: Verify Python 3.14.0 compatibility and check for pre-release version pinning.

The conda explicit environment file structure is correct and properly formatted (valid header with platform, @explicit marker, and package URLs with hashes). However, the pinned Python version (line 81) is 3.14.0, which is unusually recent—as of October 2025, Python 3.14 would likely still be in beta or release candidate phase rather than a stable release.

Verify:

1. Whether pinning a pre-release Python version is intentional for this workflow
2. If the automated dependency resolution should have selected a stable Python version instead (e.g., 3.13.x)
3. Whether this aligns with the expected environment stability for the arriba workflow

workflow/envs/snpsift.linux-64.pin.txt (1)

1-93: Conda environment pin file is correct and ready.

The @EXPLICIT format is properly structured with valid package URLs and cryptographic hashes from trusted sources (conda-forge, bioconda). Python 3.14.0 specified at line 69 is available and resolvable in the conda-forge repository—the exact build (python-3.14.0-h5989046_101_cp314.conda) exists. The pinned versions of snpsift-5.3.0a, bcftools-1.22, and htslib-1.22.1 align with the stated version bumps and provide a reproducible environment snapshot.

workflow/envs/tabix.yaml (1)

5-5: Verify tabix 1.11 compatibility with workflows.

The version jump from 0.2 to 1.11 is substantial. Ensure that dependent workflows have been tested with the new tabix version to confirm no breaking changes in CLI or behavior.

workflow/envs/vcf2maf.yaml (1)

5-5: Minor patch version bump looks safe.

The patch version bump from 1.6 to 1.6.22 is a routine update with minimal risk of breaking changes.

workflow/envs/excel.yaml (1)

5-7: Major version bumps require comprehensive testing—pandas 1.x → 2.x and numpy 1.x → 2.x.

The updates jump across major versions:

• pandas 1.5.2 → 2.3.3 introduces significant API and behavioral changes
• numpy 1.24.1 → 2.3.3 introduces breaking changes to dtype handling

While pandas 2.3.3 is the first version compatible with Python 3.14 and the combination is known to work, ensure all Excel-related workflows have been tested with these versions to catch any breaking changes in openpyxl, pandas, or numpy interactions.

workflow/envs/samtools.yaml (1)

5-6: Verify samtools 1.12 → 1.22.1 compatibility.

The jump from samtools 1.12 to 1.22.1 spans 10 minor versions with potential CLI/API changes. Confirm that workflows depending on samtools behavior (e.g., flag handling, output format) are compatible with the newer version.

workflow/envs/pystats.yaml (1)

5-9: Verify pysam 0.22 → 0.23.3 and Python 3.12 → 3.13.9 compatibility.

Multiple coordinated updates here require integrated testing:

• pysam 0.22 → 0.23.3 is a significant version bump with potential API changes
• Python 3.12 → 3.13.9 is a major version jump (though more conservative than other envs in this PR)

Ensure bioinformatics workflows using pysam have been tested with the combination of pysam 0.23.3 and Python 3.13.9 to verify no breaking changes.

workflow/envs/pandas.linux-64.pin.txt (1)

1-41: Explicit pin file structure looks correct, but inherits Python 3.14.0 concern.

The @explicit format with exact package URLs and hashes is properly structured for reproducible conda environments. However, this pin file locks Python to 3.14.0 (line 31), which is consistent with the aggressive version bump flagged in workflow/envs/pandas.yaml. Resolve the Python version concern before merging to avoid locking production environments to an unexpectedly narrow constraint.

workflow/envs/bedtools.linux-64.pin.txt (1)

1-31: Explicit pin file structure looks correct and aligns with bedtools/samtools version updates.

The @explicit format is properly structured for reproducible conda environments. Versions (bedtools 2.31.1, samtools 1.22.1, htslib 1.22.1) are consistent with the YAML file updates elsewhere in the PR. Ensure workflows have been tested with the upgraded bedtools/samtools combination to verify compatibility.

workflow/envs/rbt.linux-64.pin.txt (2)

1-5: Conda pin file format is correct.

The @EXPLICIT format and platform specification are properly configured for creating reproducible linux-64 environments.

---

6-40: Pin file verified as complete and accessible.

Verification confirms:

• File contains 35 complete package entries (not truncated)
• Last package URL returns HTTP 200 response
• Hash format valid (32 hex characters)
• File ends properly at rust-bio-tools-0.42.2-h5c46d4b_3.conda#60c253e6a43cbfcba38b01e5ace98927

The pin file is ready for use in CI/CD pipelines.

workflow/envs/varlociraptor.yaml (1)

6-8: No critical concerns with the vega-lite-cli v6.4.1 bump.

Vega-Lite v6.0.0 release notes show no breaking changes—only small refactors and dependency updates. The workflow's usage of vega-lite-cli is straightforward (vl2svg {input} {output} in workflow/rules/vega.smk), so the major version bump to v6.4.1 is safe. The dependency updates in varlociraptor.yaml are compatible and justified.

workflow/envs/vembrane.yaml (1)

5-6: ****

The original review comment assumes vembrane is actively invoked in Snakemake workflows and recommends verifying compatibility across a major version bump. However, verification reveals:

1. vembrane is NOT called in any workflow rules (comprehensive search across all .smk files and Snakefile returned no matches)
2. vembrane v2.4.0 has no breaking changes—only new features

Since vembrane exists only as a conda environment dependency without actual usage in the workflow rules, the version bump poses no compatibility risk to workflow execution. The review comment can be safely dismissed.

Likely an incorrect or invalid review comment.

workflow/envs/vembrane.linux-64.pin.txt (1)

1-73: Format and version bumps look correct.

The @explicit format is properly structured with correct header, platform declaration, and 68 explicit package entries with SHA256 hashes. The version bumps are correctly reflected: vembrane-2.4.0 (line 73) and bcftools-1.22 (line 71) match the expected updates. Core dependencies (compilers, libraries, Python ecosystem, bioconda packages) are present and their transitive relationships appear sound.

If this is a critical reproducibility artifact, consider running conda install --file workflow/envs/vembrane.linux-64.pin.txt --dry-run in a linux-64 environment to verify that the explicit pins resolve without conflicts and that all hashes are valid. This would confirm that the manifest is internally consistent and can actually be used to recreate the environment.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

CRITICAL: Python version jump from 3.10 → 3.14.0 is extremely aggressive.

Python 3.14.0 was released October 7, 2025, making this technically valid, but jumping 4 major Python versions (3.10 → 3.11 → 3.12 → 3.13 → 3.14) in a single autobump is unprecedented and risky:

• Major breaking changes between each Python version
• Significant deprecations and removals
• Severely restricts the environment's compatibility
• Likely unintended by the autobump automation

Verify: Is this intentional? If this represents an autobump action misconfiguration, consider resetting to a more conservative version constraint (e.g., python >=3.10 or python 3.13) and testing incrementally.

🤖 Prompt for AI Agents

In workflow/envs/pandas.yaml around lines 5-6 the Python pin jumps from 3.10 to
3.14.0 which is an unsafe autobump; replace the hard 3.14 pin with a
conservative constraint (for example target the most recent compatible minor
like 3.13 or a range such as ">=3.10,<3.14") or revert to the previous pinned
version, update the autobump configuration to prevent multi-major jumps, and run
the test matrix / CI to validate compatibility before merging.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

workflow/envs/oncoprint.yaml (1)

5-8: ⚠️ Critical: Unresolved version incompatibility (duplicate of past review).

Python 3.14.0 and scikit-learn 1.7.2 are not available on conda-forge and will cause the solver to fail. This issue was flagged in previous reviews and remains unresolved. These versions do not exist in the published package repositories.

Retarget to available versions (e.g., python=3.11.0 and scikit-learn=1.5.2, or verify the latest available versions on conda-forge).

To verify availability on conda-forge, run:

#!/bin/bash
# Check available Python and scikit-learn versions on conda-forge

echo "Latest Python versions on conda-forge:"
curl -s https://conda.anaconda.org/conda-forge/linux-64/repodata.json \
  | jq -r '.packages | to_entries[] | select(.value.name=="python") | .value.version' \
  | sort -V | tail -5

echo ""
echo "Latest scikit-learn versions on conda-forge:"
curl -s https://conda.anaconda.org/conda-forge/linux-64/repodata.json \
  | jq -r '.packages | to_entries[] | select(.value.name=="scikit-learn") | .value.version' \
  | sort -V | tail -5

🧹 Nitpick comments (1)

workflow/envs/snpsift.linux-64.pin.txt (1)

6-93: Document the explicit pin file maintenance process.

This file contains pinned URLs and hashes for reproducible environments. Consider adding a comment or documentation explaining:

• How/when this file is generated or updated
• Whether it's auto-generated or manually curated
• The command or process to regenerate it if dependencies are added/removed

This helps maintainers understand whether to edit it directly or regenerate it.

Would you like me to help add a header comment to document the pin file's purpose and maintenance process?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 777eb20 and 8cdf585.

📒 Files selected for processing (57)

• workflow/envs/arriba.linux-64.pin.txt (1 hunks)
• workflow/envs/arriba.yaml (1 hunks)
• workflow/envs/awk.linux-64.pin.txt (1 hunks)
• workflow/envs/awk.yaml (1 hunks)
• workflow/envs/awk_bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/awk_bedtools.yaml (1 hunks)
• workflow/envs/bcftools.linux-64.pin.txt (1 hunks)
• workflow/envs/bcftools.yaml (1 hunks)
• workflow/envs/bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/bedtools.yaml (1 hunks)
• workflow/envs/curl.linux-64.pin.txt (1 hunks)
• workflow/envs/curl.yaml (1 hunks)
• workflow/envs/excel.linux-64.pin.txt (1 hunks)
• workflow/envs/excel.yaml (1 hunks)
• workflow/envs/fgbio.linux-64.pin.txt (1 hunks)
• workflow/envs/fgbio.yaml (1 hunks)
• workflow/envs/filter_reads.linux-64.pin.txt (1 hunks)
• workflow/envs/filter_reads.yaml (1 hunks)
• workflow/envs/htslib.linux-64.pin.txt (1 hunks)
• workflow/envs/htslib.yaml (1 hunks)
• workflow/envs/jannovar.linux-64.pin.txt (1 hunks)
• workflow/envs/jannovar.yaml (1 hunks)
• workflow/envs/kmc.linux-64.pin.txt (1 hunks)
• workflow/envs/kmc.yaml (1 hunks)
• workflow/envs/mark_duplicates.linux-64.pin.txt (1 hunks)
• workflow/envs/mark_duplicates.yaml (1 hunks)
• workflow/envs/mosdepth.linux-64.pin.txt (1 hunks)
• workflow/envs/mosdepth.yaml (1 hunks)
• workflow/envs/oncoprint.linux-64.pin.txt (1 hunks)
• workflow/envs/oncoprint.yaml (1 hunks)
• workflow/envs/pandas.linux-64.pin.txt (1 hunks)
• workflow/envs/pandas.yaml (1 hunks)
• workflow/envs/pysam.linux-64.pin.txt (1 hunks)
• workflow/envs/pysam.yaml (1 hunks)
• workflow/envs/pystats.linux-64.pin.txt (1 hunks)
• workflow/envs/pystats.yaml (1 hunks)
• workflow/envs/rbt.linux-64.pin.txt (1 hunks)
• workflow/envs/rbt.yaml (1 hunks)
• workflow/envs/samtools.linux-64.pin.txt (1 hunks)
• workflow/envs/samtools.yaml (1 hunks)
• workflow/envs/siglasso.linux-64.pin.txt (1 hunks)
• workflow/envs/siglasso.yaml (1 hunks)
• workflow/envs/snpsift.linux-64.pin.txt (1 hunks)
• workflow/envs/snpsift.yaml (1 hunks)
• workflow/envs/split_call_tables.linux-64.pin.txt (1 hunks)
• workflow/envs/split_call_tables.yaml (1 hunks)
• workflow/envs/tabix.linux-64.pin.txt (1 hunks)
• workflow/envs/tabix.yaml (1 hunks)
• workflow/envs/umi_tools.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.yaml (1 hunks)
• workflow/envs/vcf2maf.linux-64.pin.txt (1 hunks)
• workflow/envs/vcf2maf.yaml (1 hunks)
• workflow/envs/vega.linux-64.pin.txt (1 hunks)
• workflow/envs/vega.yaml (1 hunks)
• workflow/envs/vembrane.linux-64.pin.txt (1 hunks)
• workflow/envs/vembrane.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• workflow/envs/vcf2maf.linux-64.pin.txt
• workflow/envs/tabix.linux-64.pin.txt

🚧 Files skipped from review as they are similar to previous changes (38)

• workflow/envs/fgbio.linux-64.pin.txt
• workflow/envs/vega.linux-64.pin.txt
• workflow/envs/excel.linux-64.pin.txt
• workflow/envs/pysam.linux-64.pin.txt
• workflow/envs/split_call_tables.linux-64.pin.txt
• workflow/envs/siglasso.linux-64.pin.txt
• workflow/envs/bedtools.linux-64.pin.txt
• workflow/envs/tabix.yaml
• workflow/envs/mark_duplicates.linux-64.pin.txt
• workflow/envs/split_call_tables.yaml
• workflow/envs/mosdepth.linux-64.pin.txt
• workflow/envs/awk_bedtools.linux-64.pin.txt
• workflow/envs/awk.yaml
• workflow/envs/kmc.linux-64.pin.txt
• workflow/envs/vega.yaml
• workflow/envs/umi_tools.linux-64.pin.txt
• workflow/envs/bcftools.linux-64.pin.txt
• workflow/envs/htslib.linux-64.pin.txt
• workflow/envs/pystats.yaml
• workflow/envs/pysam.yaml
• workflow/envs/pandas.yaml
• workflow/envs/jannovar.yaml
• workflow/envs/kmc.yaml
• workflow/envs/vembrane.linux-64.pin.txt
• workflow/envs/rbt.yaml
• workflow/envs/arriba.yaml
• workflow/envs/vcf2maf.yaml
• workflow/envs/varlociraptor.linux-64.pin.txt
• workflow/envs/rbt.linux-64.pin.txt
• workflow/envs/arriba.linux-64.pin.txt
• workflow/envs/curl.linux-64.pin.txt
• workflow/envs/filter_reads.linux-64.pin.txt
• workflow/envs/mark_duplicates.yaml
• workflow/envs/pystats.linux-64.pin.txt
• workflow/envs/varlociraptor.yaml
• workflow/envs/awk_bedtools.yaml
• workflow/envs/vembrane.yaml
• workflow/envs/samtools.linux-64.pin.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: test primers
• GitHub Check: test local input
• GitHub Check: test no candidate filtering
• GitHub Check: test target regions
• GitHub Check: test testcase generation
• GitHub Check: test target regions, multiple BEDs
• GitHub Check: test sra download

🔇 Additional comments (13)

workflow/envs/curl.yaml (1)

5-5: Verify curl 7→8 major version bump compatibility.

The change bumps curl from 7.86.0 to 8.16.0, a major version transition. While this may bring performance improvements (aligning with the "perf: autobump" PR title), curl 8.x has breaking changes compared to 7.x, including TLS/SSL defaults and behavioral differences.

Since this is an automated change, confirm that:

1. The version bump has been tested or validated against the workflow's curl usage patterns
2. Any downstream tools or scripts that depend on curl 7.x behavior have been updated or verified
3. The explicit pinfile (workflow/envs/curl.linux-64.pin.txt) is properly generated and synchronized with this version

workflow/envs/filter_reads.yaml (2)

4-8: Verify conda resolver compatibility with exact pinning strategy.

The use of exact version pinning (=) across all dependencies may cause conda resolution to fail, particularly with transitive dependencies. Conda's resolver can struggle when all packages are pinned to exact versions, especially for complex packages like Rust and cryptography that have many indirect dependencies.

Consider testing the environment specification to ensure conda can successfully resolve and install all packages. If resolution fails, you may need to either:

1. Allow more flexible version ranges for some dependencies (e.g., ~= or >=X.Y)
2. Use conda-lock or similar tools to generate explicit lock files that include all transitive dependencies
3. Verify that the pinned versions are compatible across the dependency tree

---

4-8: Verify major version bumps for compatibility and test coverage.

Several significant version changes warrant validation:

• rust: Major version bump to 1.90.0 (from unspecified range). Confirm this is compatible with the rust-script version and any downstream code.
• cryptography: Major version bump to 46.0.3. Verify no breaking API changes affecting dependencies.
• rust-script: 0.22 → 0.36.0 (minor bump in 0.x series can contain breaking changes). Confirm compatibility.

Since this is an automated bulk bump, please confirm these versions have been tested together in the actual workflow.

workflow/envs/mosdepth.yaml (1)

5-5: Version bump is safe—no breaking changes identified.

mosdepth v0.3.11 (released Jan 17, 2020) only adds --fragment-mode for calculating coverage over full fragments, with no breaking changes. The bump from 0.2.9 to 0.3.11 is straightforward, and the accompanying pin file ensures reproducibility.

workflow/envs/excel.yaml (1)

5-7: Dependency versions are reasonable.

The updates to openpyxl, pandas, and numpy are all stable, recent releases. No apparent compatibility concerns for these updates.

workflow/envs/oncoprint.linux-64.pin.txt (1)

1-49: ****

The core factual claims in this review are incorrect. Python 3.14.0 is available on conda-forge across major platforms, and scikit-learn 1.7.2 is available for linux-64 with Python 3.14 support. The versions specified in oncoprint.yaml (python=3.14.0 and scikit-learn=1.7.2) are valid, and the URLs in this pin file will resolve successfully. No action is needed.

Likely an incorrect or invalid review comment.

workflow/envs/fgbio.yaml (1)

5-5: No compatibility issues found with fgbio-minimal 3.0.0 upgrade.

Verification confirms the workflow uses only fgbio AssignPrimers and fgbio TrimPrimers commands (workflow/rules/primers.smk). The breaking changes in fgbio 3.0.0 (FilterConsensusReads option rename, GroupReadsByUmi R1/R2 handling) do not affect these commands. Additionally, the pin file (workflow/envs/fgbio.linux-64.pin.txt) ensures reproducible environment resolution.

workflow/envs/siglasso.yaml (1)

5-11: Flag major R version bump for testing verification.

The PR updates r-base from 4.3 to 4.5.1, which is a significant version change. Ensure this major version bump has been tested with the other R packages in this environment (r-devtools, r-glmnet, r-tidyverse, etc.) to confirm compatibility and that no breaking changes affect downstream workflow steps.

workflow/envs/pandas.linux-64.pin.txt (1)

1-41: Verify Python 3.14 stability for workflow.

This explicit pinfile introduces Python 3.14 alongside pandas 2.3.3 and numpy 2.3.4. While the @explicit manifest format is correct for reproducible conda environment creation, ensure that Python 3.14 (a very recent release) has been tested with the workflow and all downstream dependencies to avoid unexpected compatibility issues.

workflow/envs/bedtools.yaml (1)

5-6: Verify bedtools and samtools version compatibility.

Bumping samtools from 1.12 to 1.22.1 is a significant version jump (10 minor versions). While both samtools-1.22.1 and bedtools are available, confirm that bedtools 2.31.1 has been tested with samtools 1.22.1 to ensure API compatibility and no breaking changes.

workflow/envs/htslib.yaml (1)

5-5: Verify htslib 1.22.1 compatibility across dependent tools.

htslib has been bumped to 1.22.1. This is a foundational library version update that affects samtools, bcftools, and related tools. Ensure this version has been tested against all tools that depend on htslib (especially given the simultaneous samtools/bedtools upgrades) to confirm no compatibility issues.

workflow/envs/samtools.yaml (1)

5-6: samtools 1.22.1 and sed 4.9 version bumps are well-supported releases with no known incompatibilities.

samtools 1.22.1 (released July 2025) includes security fixes for a use-after-free in mpileup and a buffer-overflow in CRAM decoder, making this upgrade justified. sed 4.9 (released November 2022) is a bug-fix and safety release with no deliberate backward-incompatible user-facing changes. The YAML file structure is valid. While running the full test suite would be ideal, web research indicates these are stable, mature versions with no documented issues affecting workflows.

workflow/envs/snpsift.linux-64.pin.txt (1)

1-5: No action needed—all URLs are valid and file is properly maintained.

All 88 package URLs in the explicit pin file are accessible (HTTP 200), and the file follows the correct conda explicit format. The pin file is auto-generated and maintained via .github/workflows/autobump-envs.yml, paired with its source snpsift.yaml configuration. Hash accuracy is ensured by conda's installation verification process.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

⚠️ snpsift 5.3.0a is a pre-release version—confirm this is intentional.

Line 5 specifies snpsift 5.3.0a (with the 'a' pre-release suffix), not the stable release. Pre-release versions may contain bugs and lack thorough testing. Confirm this is intentional for your workflow; consider using the stable 5.3 release instead unless there is a specific reason (e.g., bugfix) for the pre-release.

🤖 Prompt for AI Agents

In workflow/envs/snpsift.yaml around lines 5 to 6, the snpsift version is pinned
to the pre-release "5.3.0a"; change it to the stable release "5.3" unless the
pre-release is intentionally required for a specific fix. If you need the stable
build, update the file to use snpsift =5.3 (remove the "a"), then run your
environment resolution/lock step (conda-lock/poetry/etc.) and any CI tests to
verify compatibility; if the pre-release is required, add a short inline comment
explaining why and link to the changelog/issue that necessitates it.