perf: autobump conda envs

[johanneskoester]

Automated changes by create-pull-request GitHub action

Summary by CodeRabbit

• Chores
  • Updated multiple bioinformatics tools to latest versions (bcftools, samtools, htslib, bedtools, jannovar, etc.)
  • Upgraded Python ecosystem dependencies (Python 3.13+, pandas 2.3.3, numpy 2.3.5, pysam 0.23.3)
  • Updated R packages (r-base 4.5.2, r-devtools 2.4.6, and related packages)
  • Added explicit environment specifications for Linux platforms to ensure reproducible installations across environments

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR updates multiple conda environment specifications across the workflow, bumping dependency versions to newer releases and adding explicit linux-64 pin files for reproducible environment creation. All changes are configuration-driven dependency version updates with no code logic modifications.

Changes

Cohort / File(s)	Summary
Conda YAML environment files with dependency version bumps workflow/envs/arriba.yaml, workflow/envs/awk.yaml, workflow/envs/awk_bedtools.yaml, workflow/envs/bcftools.yaml, workflow/envs/bedtools.yaml, workflow/envs/curl.yaml, workflow/envs/excel.yaml, workflow/envs/fgbio.yaml, workflow/envs/filter_reads.yaml, workflow/envs/htslib.yaml, workflow/envs/jannovar.yaml, workflow/envs/kmc.yaml, workflow/envs/mark_duplicates.yaml, workflow/envs/mosdepth.yaml, workflow/envs/oncoprint.yaml, workflow/envs/pandas.yaml, workflow/envs/pysam.yaml, workflow/envs/pystats.yaml, workflow/envs/rbt.yaml, workflow/envs/samtools.yaml, workflow/envs/siglasso.yaml, workflow/envs/snpsift.yaml, workflow/envs/split_call_tables.yaml, workflow/envs/tabix.yaml, workflow/envs/varlociraptor.yaml, workflow/envs/vcf2maf.yaml, workflow/envs/vega.yaml, workflow/envs/vembrane.yaml	Updated package version constraints; e.g., bcftools 1.19→1.22, pandas 1.5.2→2.3.3, python 3.10→3.14.0, pysam 0.22→0.23.3, rust 1.58+→1.91.1, r-base 4.3→4.5.2
New linux-64 explicit conda environment pin files workflow/envs/*.linux-64.pin.txt (32 files: arriba, awk, awk_bedtools, bcftools, bedtools, curl, excel, fgbio, filter_reads, htslib, jannovar, kmc, mark_duplicates, mosdepth, oncoprint, pandas, pysam, pystats, rbt, samtools, siglasso, snpsift, split_call_tables, tabix, umi_tools, varlociraptor, vcf2maf, vega, vembrane)	Added explicit conda environment specifications for linux-64, listing pinned package URLs with hashes for reproducible environment creation

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Note: While the pattern is highly repetitive (consistent version bumps across ~28 environment files plus ~32 new pin file additions), the large scale and need to verify dependency compatibility across multiple tools warrant careful spot-checking of critical updates.
• Key areas for attention:
  • Python version upgrades (3.10 → 3.13.9/3.14.0) and compatibility with dependent packages (pandas, numpy, scikit-learn, statsmodels, etc.)
  • Bioinformatics tools with interdependencies (bcftools, samtools, htslib, pysam versions)
  • Rust ecosystem updates (rust 1.58+ → 1.91.1) and rust-script/rust-bio-tools compatibility
  • R package version changes in siglasso environment (r-base 4.3 → 4.5.2)
  • Large version jumps (e.g., tabix 0.2 → 1.11, vembrane 1.0.7 → 2.4.0) should be verified for breaking changes

Possibly related PRs

• fix: update to latest datavzrd and vembrane #329: Both PRs modify workflow/envs/vembrane.yaml to update the vembrane package version
• feat: refactor pangenome mapping #357: Overlapping updates to workflow/envs/kmc.yaml and kmc-related linux-64 pin files
• chore: add autobump actions #394: Related to autobump workflows that regenerate conda environment pins and yaml files

Suggested reviewers

• dlaehnemann

Poem

🐰 Hopping through dependencies with glee,
From old pins to fresh, version-bumped spree!
Python, R, Rust aligned in a row,
Reproducible environments—
Let the workflows flow! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'perf: autobump conda envs' accurately describes the main changes in the pull request—updating (bumping) conda environment dependencies across multiple YAML files to newer versions for performance improvements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch perf/autobump

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

workflow/envs/snpsift.linux-64.pin.txt (1)

22-93: Deduplicate repeated package entries.

This manifest repeats several packages (e.g., libedit/libev/libssh2) later in the file. While conda tolerates duplicates, trimming them keeps the pin file lean and avoids confusion next time we regenerate or diff these pins. Consider re-exporting with conda list --explicit > file from a clean env to ensure each artifact is listed once.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2150170 and 86dc412.

📒 Files selected for processing (57)

• workflow/envs/arriba.linux-64.pin.txt (1 hunks)
• workflow/envs/arriba.yaml (1 hunks)
• workflow/envs/awk.linux-64.pin.txt (1 hunks)
• workflow/envs/awk.yaml (1 hunks)
• workflow/envs/awk_bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/awk_bedtools.yaml (1 hunks)
• workflow/envs/bcftools.linux-64.pin.txt (1 hunks)
• workflow/envs/bcftools.yaml (1 hunks)
• workflow/envs/bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/bedtools.yaml (1 hunks)
• workflow/envs/curl.linux-64.pin.txt (1 hunks)
• workflow/envs/curl.yaml (1 hunks)
• workflow/envs/excel.linux-64.pin.txt (1 hunks)
• workflow/envs/excel.yaml (1 hunks)
• workflow/envs/fgbio.linux-64.pin.txt (1 hunks)
• workflow/envs/fgbio.yaml (1 hunks)
• workflow/envs/filter_reads.linux-64.pin.txt (1 hunks)
• workflow/envs/filter_reads.yaml (1 hunks)
• workflow/envs/htslib.linux-64.pin.txt (1 hunks)
• workflow/envs/htslib.yaml (1 hunks)
• workflow/envs/jannovar.linux-64.pin.txt (1 hunks)
• workflow/envs/jannovar.yaml (1 hunks)
• workflow/envs/kmc.linux-64.pin.txt (1 hunks)
• workflow/envs/kmc.yaml (1 hunks)
• workflow/envs/mark_duplicates.linux-64.pin.txt (1 hunks)
• workflow/envs/mark_duplicates.yaml (1 hunks)
• workflow/envs/mosdepth.linux-64.pin.txt (1 hunks)
• workflow/envs/mosdepth.yaml (1 hunks)
• workflow/envs/oncoprint.linux-64.pin.txt (1 hunks)
• workflow/envs/oncoprint.yaml (1 hunks)
• workflow/envs/pandas.linux-64.pin.txt (1 hunks)
• workflow/envs/pandas.yaml (1 hunks)
• workflow/envs/pysam.linux-64.pin.txt (1 hunks)
• workflow/envs/pysam.yaml (1 hunks)
• workflow/envs/pystats.linux-64.pin.txt (1 hunks)
• workflow/envs/pystats.yaml (1 hunks)
• workflow/envs/rbt.linux-64.pin.txt (1 hunks)
• workflow/envs/rbt.yaml (1 hunks)
• workflow/envs/samtools.linux-64.pin.txt (1 hunks)
• workflow/envs/samtools.yaml (1 hunks)
• workflow/envs/siglasso.linux-64.pin.txt (1 hunks)
• workflow/envs/siglasso.yaml (1 hunks)
• workflow/envs/snpsift.linux-64.pin.txt (1 hunks)
• workflow/envs/snpsift.yaml (1 hunks)
• workflow/envs/split_call_tables.linux-64.pin.txt (1 hunks)
• workflow/envs/split_call_tables.yaml (1 hunks)
• workflow/envs/tabix.linux-64.pin.txt (1 hunks)
• workflow/envs/tabix.yaml (1 hunks)
• workflow/envs/umi_tools.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.yaml (1 hunks)
• workflow/envs/vcf2maf.linux-64.pin.txt (1 hunks)
• workflow/envs/vcf2maf.yaml (1 hunks)
• workflow/envs/vega.linux-64.pin.txt (1 hunks)
• workflow/envs/vega.yaml (1 hunks)
• workflow/envs/vembrane.linux-64.pin.txt (1 hunks)
• workflow/envs/vembrane.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: test target regions, multiple BEDs
• GitHub Check: test sra download
• GitHub Check: test no candidate filtering
• GitHub Check: test testcase generation
• GitHub Check: test primers
• GitHub Check: test target regions
• GitHub Check: test local input

🔇 Additional comments (9)

workflow/envs/pystats.yaml (1)

5-9: Verify Python build availability on conda-forge

The repodata.json query returned no results; please confirm whether python=3.13.7 is published for linux-64 on conda-forge. If not, pin to a valid version (e.g. python=3.13).

workflow/envs/awk.yaml (1)

4-4: Version bump looks good.

gawk =5.3.1 matches the raised toolchain elsewhere; no concerns from my side.

workflow/envs/bedtools.yaml (1)

5-6: Upgrade aligns with ecosystem updates.

Bumping to bedtools =2.31.1 and samtools =1.22.1 keeps this env consistent with the rest of the PR; no issues.

workflow/envs/vcf2maf.yaml (1)

5-5: vcf2maf bump looks good.

vcf2maf =1.6.22 matches the new pin files; nothing further.

workflow/envs/fgbio.yaml (1)

5-5: fgbio-minimal 3.0.0 upgrade accepted.

Version aligns with the explicit pin set; no additional concerns.

workflow/envs/samtools.yaml (1)

5-6: Samtools stack update looks consistent.

samtools =1.22.1 with sed =4.9 aligns with the broader toolchain refresh.

workflow/envs/bcftools.yaml (1)

5-5: bcftools version bump acknowledged.

bcftools =1.22 matches the other environment updates; looks good.

workflow/envs/pandas.yaml (1)

5-6: Python 3.14.0 is available on conda-forge. No further changes needed.

workflow/envs/pysam.yaml (1)

5-6: No action needed: python 3.13.7 and pysam 0.23.3 are available. Verified python 3.13.7 on conda-forge and pysam 0.23.3 includes py313 builds on bioconda.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Python 3.14.0 and scikit-learn 1.7.2 are not on conda-forge

Neither pin exists today, so the solver will fail. Please retarget to published builds (e.g. python =3.13 and scikit-learn =1.5.2, or whatever the latest available versions are).

You can verify the available builds with:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "python versions:"
curl -s https://conda.anaconda.org/conda-forge/linux-64/repodata.json \
  | jq -r '.packages | to_entries[] | select(.value.name=="python") | .value.version' \
  | sort -V | tail

echo "scikit-learn versions:"
curl -s https://conda.anaconda.org/conda-forge/linux-64/repodata.json \
  | jq -r '.packages | to_entries[] | select(.value.name=="scikit-learn") | .value.version' \
  | sort -V | tail

Length of output: 169

---

Python 3.14.0 and scikit-learn 1.7.2 are not on conda-forge
Neither package is available; retarget to published builds (python =3.11.0, scikit-learn =1.1.3).

🤖 Prompt for AI Agents

In workflow/envs/oncoprint.yaml around lines 5 to 8, the environment pins
python=3.14.0 and scikit-learn=1.7.2 which are not available on conda-forge;
update those pins to published builds by setting python=3.11.0 and
scikit-learn=1.1.3 (leave pandas and statsmodels as-is), and verify the
environment resolves against conda-forge after the change.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 86dc412 and 777eb20.

📒 Files selected for processing (57)

• workflow/envs/arriba.linux-64.pin.txt (1 hunks)
• workflow/envs/arriba.yaml (1 hunks)
• workflow/envs/awk.linux-64.pin.txt (1 hunks)
• workflow/envs/awk.yaml (1 hunks)
• workflow/envs/awk_bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/awk_bedtools.yaml (1 hunks)
• workflow/envs/bcftools.linux-64.pin.txt (1 hunks)
• workflow/envs/bcftools.yaml (1 hunks)
• workflow/envs/bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/bedtools.yaml (1 hunks)
• workflow/envs/curl.linux-64.pin.txt (1 hunks)
• workflow/envs/curl.yaml (1 hunks)
• workflow/envs/excel.linux-64.pin.txt (1 hunks)
• workflow/envs/excel.yaml (1 hunks)
• workflow/envs/fgbio.linux-64.pin.txt (1 hunks)
• workflow/envs/fgbio.yaml (1 hunks)
• workflow/envs/filter_reads.linux-64.pin.txt (1 hunks)
• workflow/envs/filter_reads.yaml (1 hunks)
• workflow/envs/htslib.linux-64.pin.txt (1 hunks)
• workflow/envs/htslib.yaml (1 hunks)
• workflow/envs/jannovar.linux-64.pin.txt (1 hunks)
• workflow/envs/jannovar.yaml (1 hunks)
• workflow/envs/kmc.linux-64.pin.txt (1 hunks)
• workflow/envs/kmc.yaml (1 hunks)
• workflow/envs/mark_duplicates.linux-64.pin.txt (1 hunks)
• workflow/envs/mark_duplicates.yaml (1 hunks)
• workflow/envs/mosdepth.linux-64.pin.txt (1 hunks)
• workflow/envs/mosdepth.yaml (1 hunks)
• workflow/envs/oncoprint.linux-64.pin.txt (1 hunks)
• workflow/envs/oncoprint.yaml (1 hunks)
• workflow/envs/pandas.linux-64.pin.txt (1 hunks)
• workflow/envs/pandas.yaml (1 hunks)
• workflow/envs/pysam.linux-64.pin.txt (1 hunks)
• workflow/envs/pysam.yaml (1 hunks)
• workflow/envs/pystats.linux-64.pin.txt (1 hunks)
• workflow/envs/pystats.yaml (1 hunks)
• workflow/envs/rbt.linux-64.pin.txt (1 hunks)
• workflow/envs/rbt.yaml (1 hunks)
• workflow/envs/samtools.linux-64.pin.txt (1 hunks)
• workflow/envs/samtools.yaml (1 hunks)
• workflow/envs/siglasso.linux-64.pin.txt (1 hunks)
• workflow/envs/siglasso.yaml (1 hunks)
• workflow/envs/snpsift.linux-64.pin.txt (1 hunks)
• workflow/envs/snpsift.yaml (1 hunks)
• workflow/envs/split_call_tables.linux-64.pin.txt (1 hunks)
• workflow/envs/split_call_tables.yaml (1 hunks)
• workflow/envs/tabix.linux-64.pin.txt (1 hunks)
• workflow/envs/tabix.yaml (1 hunks)
• workflow/envs/umi_tools.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.yaml (1 hunks)
• workflow/envs/vcf2maf.linux-64.pin.txt (1 hunks)
• workflow/envs/vcf2maf.yaml (1 hunks)
• workflow/envs/vega.linux-64.pin.txt (1 hunks)
• workflow/envs/vega.yaml (1 hunks)
• workflow/envs/vembrane.linux-64.pin.txt (1 hunks)
• workflow/envs/vembrane.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (6)

• workflow/envs/tabix.linux-64.pin.txt
• workflow/envs/curl.yaml
• workflow/envs/bcftools.linux-64.pin.txt
• workflow/envs/varlociraptor.linux-64.pin.txt
• workflow/envs/arriba.yaml
• workflow/envs/htslib.linux-64.pin.txt

🚧 Files skipped from review as they are similar to previous changes (34)

• workflow/envs/kmc.yaml
• workflow/envs/awk.linux-64.pin.txt
• workflow/envs/awk.yaml
• workflow/envs/snpsift.yaml
• workflow/envs/siglasso.yaml
• workflow/envs/mark_duplicates.yaml
• workflow/envs/pystats.linux-64.pin.txt
• workflow/envs/curl.linux-64.pin.txt
• workflow/envs/mosdepth.yaml
• workflow/envs/bcftools.yaml
• workflow/envs/oncoprint.linux-64.pin.txt
• workflow/envs/mark_duplicates.linux-64.pin.txt
• workflow/envs/vcf2maf.linux-64.pin.txt
• workflow/envs/pysam.linux-64.pin.txt
• workflow/envs/split_call_tables.linux-64.pin.txt
• workflow/envs/oncoprint.yaml
• workflow/envs/jannovar.yaml
• workflow/envs/mosdepth.linux-64.pin.txt
• workflow/envs/vega.yaml
• workflow/envs/awk_bedtools.linux-64.pin.txt
• workflow/envs/filter_reads.yaml
• workflow/envs/siglasso.linux-64.pin.txt
• workflow/envs/split_call_tables.yaml
• workflow/envs/pysam.yaml
• workflow/envs/awk_bedtools.yaml
• workflow/envs/vega.linux-64.pin.txt
• workflow/envs/bedtools.yaml
• workflow/envs/fgbio.linux-64.pin.txt
• workflow/envs/filter_reads.linux-64.pin.txt
• workflow/envs/samtools.linux-64.pin.txt
• workflow/envs/umi_tools.linux-64.pin.txt
• workflow/envs/htslib.yaml
• workflow/envs/rbt.yaml
• workflow/envs/excel.linux-64.pin.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: test no candidate filtering
• GitHub Check: test sra download
• GitHub Check: test primers
• GitHub Check: test target regions, multiple BEDs
• GitHub Check: test target regions
• GitHub Check: test testcase generation
• GitHub Check: test local input

🔇 Additional comments (19)

workflow/envs/fgbio.yaml (1)

5-5: Verify that fgbio-minimal 3.0.0 is compatible and tested.

This is a major version bump from 2.2 to 3.0.0. While the exact pin syntax is correct and aids reproducibility, this change introduces potential breaking changes that need verification.

Please confirm:

1. That workflows and tasks using fgbio have been tested against version 3.0.0
2. Whether there are any known breaking changes or API differences between 2.2 and 3.0.0
3. That this is an intentional upgrade (rather than an unvetted automated bump)

workflow/envs/kmc.linux-64.pin.txt (2)

1-5: File format is correct and follows conda explicit specification.

The header and @EXPLICIT marker are properly formatted for a conda reproducible lock file.

---

6-32: Verify this pin file is synchronized with the kmc.yaml environment specification.

This explicit lock file pins kmc-3.2.4 (line 29) and supporting dependencies. Ensure this file is paired with a corresponding update to workflow/envs/kmc.yaml that specifies the same kmc version, and verify that both are consistent throughout the PR.

workflow/envs/jannovar.linux-64.pin.txt (2)

1-5: File format is correct and well-structured.

The file uses the proper @EXPLICIT Conda format with appropriate metadata headers (platform and created-by information). Each package entry includes a full URL with hash, which is the correct structure for explicit environment pin files.

---

6-69: Explicit pin file appropriately captures all transitive dependencies.

The package list includes all direct and transitive dependencies for the jannovar environment, including system libraries, development tools (OpenJDK), and bioinformatics packages. The final entry (line 69) correctly pins jannovar-cli to version 0.36, aligning with the version bump mentioned in the PR objectives.

Note: This is a linux-64-specific pin file; equivalent files would need to be generated for other architectures (e.g., osx-64, win-64) to ensure reproducibility across platforms.

workflow/envs/arriba.linux-64.pin.txt (1)

1-160: Verify Python 3.14.0 compatibility and check for pre-release version pinning.

The conda explicit environment file structure is correct and properly formatted (valid header with platform, @explicit marker, and package URLs with hashes). However, the pinned Python version (line 81) is 3.14.0, which is unusually recent—as of October 2025, Python 3.14 would likely still be in beta or release candidate phase rather than a stable release.

Verify:

1. Whether pinning a pre-release Python version is intentional for this workflow
2. If the automated dependency resolution should have selected a stable Python version instead (e.g., 3.13.x)
3. Whether this aligns with the expected environment stability for the arriba workflow

workflow/envs/snpsift.linux-64.pin.txt (1)

1-93: Conda environment pin file is correct and ready.

The @EXPLICIT format is properly structured with valid package URLs and cryptographic hashes from trusted sources (conda-forge, bioconda). Python 3.14.0 specified at line 69 is available and resolvable in the conda-forge repository—the exact build (python-3.14.0-h5989046_101_cp314.conda) exists. The pinned versions of snpsift-5.3.0a, bcftools-1.22, and htslib-1.22.1 align with the stated version bumps and provide a reproducible environment snapshot.

workflow/envs/tabix.yaml (1)

5-5: Verify tabix 1.11 compatibility with workflows.

The version jump from 0.2 to 1.11 is substantial. Ensure that dependent workflows have been tested with the new tabix version to confirm no breaking changes in CLI or behavior.

workflow/envs/vcf2maf.yaml (1)

5-5: Minor patch version bump looks safe.

The patch version bump from 1.6 to 1.6.22 is a routine update with minimal risk of breaking changes.

workflow/envs/excel.yaml (1)

5-7: Major version bumps require comprehensive testing—pandas 1.x → 2.x and numpy 1.x → 2.x.

The updates jump across major versions:

• pandas 1.5.2 → 2.3.3 introduces significant API and behavioral changes
• numpy 1.24.1 → 2.3.3 introduces breaking changes to dtype handling

While pandas 2.3.3 is the first version compatible with Python 3.14 and the combination is known to work, ensure all Excel-related workflows have been tested with these versions to catch any breaking changes in openpyxl, pandas, or numpy interactions.

workflow/envs/samtools.yaml (1)

5-6: Verify samtools 1.12 → 1.22.1 compatibility.

The jump from samtools 1.12 to 1.22.1 spans 10 minor versions with potential CLI/API changes. Confirm that workflows depending on samtools behavior (e.g., flag handling, output format) are compatible with the newer version.

workflow/envs/pystats.yaml (1)

5-9: Verify pysam 0.22 → 0.23.3 and Python 3.12 → 3.13.9 compatibility.

Multiple coordinated updates here require integrated testing:

• pysam 0.22 → 0.23.3 is a significant version bump with potential API changes
• Python 3.12 → 3.13.9 is a major version jump (though more conservative than other envs in this PR)

Ensure bioinformatics workflows using pysam have been tested with the combination of pysam 0.23.3 and Python 3.13.9 to verify no breaking changes.

workflow/envs/pandas.linux-64.pin.txt (1)

1-41: Explicit pin file structure looks correct, but inherits Python 3.14.0 concern.

The @explicit format with exact package URLs and hashes is properly structured for reproducible conda environments. However, this pin file locks Python to 3.14.0 (line 31), which is consistent with the aggressive version bump flagged in workflow/envs/pandas.yaml. Resolve the Python version concern before merging to avoid locking production environments to an unexpectedly narrow constraint.

workflow/envs/bedtools.linux-64.pin.txt (1)

1-31: Explicit pin file structure looks correct and aligns with bedtools/samtools version updates.

The @explicit format is properly structured for reproducible conda environments. Versions (bedtools 2.31.1, samtools 1.22.1, htslib 1.22.1) are consistent with the YAML file updates elsewhere in the PR. Ensure workflows have been tested with the upgraded bedtools/samtools combination to verify compatibility.

workflow/envs/rbt.linux-64.pin.txt (2)

1-5: Conda pin file format is correct.

The @EXPLICIT format and platform specification are properly configured for creating reproducible linux-64 environments.

---

6-40: Pin file verified as complete and accessible.

Verification confirms:

• File contains 35 complete package entries (not truncated)
• Last package URL returns HTTP 200 response
• Hash format valid (32 hex characters)
• File ends properly at rust-bio-tools-0.42.2-h5c46d4b_3.conda#60c253e6a43cbfcba38b01e5ace98927

The pin file is ready for use in CI/CD pipelines.

workflow/envs/varlociraptor.yaml (1)

6-8: No critical concerns with the vega-lite-cli v6.4.1 bump.

Vega-Lite v6.0.0 release notes show no breaking changes—only small refactors and dependency updates. The workflow's usage of vega-lite-cli is straightforward (vl2svg {input} {output} in workflow/rules/vega.smk), so the major version bump to v6.4.1 is safe. The dependency updates in varlociraptor.yaml are compatible and justified.

workflow/envs/vembrane.yaml (1)

5-6: ****

The original review comment assumes vembrane is actively invoked in Snakemake workflows and recommends verifying compatibility across a major version bump. However, verification reveals:

1. vembrane is NOT called in any workflow rules (comprehensive search across all .smk files and Snakefile returned no matches)
2. vembrane v2.4.0 has no breaking changes—only new features

Since vembrane exists only as a conda environment dependency without actual usage in the workflow rules, the version bump poses no compatibility risk to workflow execution. The review comment can be safely dismissed.

Likely an incorrect or invalid review comment.

workflow/envs/vembrane.linux-64.pin.txt (1)

1-73: Format and version bumps look correct.

The @explicit format is properly structured with correct header, platform declaration, and 68 explicit package entries with SHA256 hashes. The version bumps are correctly reflected: vembrane-2.4.0 (line 73) and bcftools-1.22 (line 71) match the expected updates. Core dependencies (compilers, libraries, Python ecosystem, bioconda packages) are present and their transitive relationships appear sound.

If this is a critical reproducibility artifact, consider running conda install --file workflow/envs/vembrane.linux-64.pin.txt --dry-run in a linux-64 environment to verify that the explicit pins resolve without conflicts and that all hashes are valid. This would confirm that the manifest is internally consistent and can actually be used to recreate the environment.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

CRITICAL: Python version jump from 3.10 → 3.14.0 is extremely aggressive.

Python 3.14.0 was released October 7, 2025, making this technically valid, but jumping 4 major Python versions (3.10 → 3.11 → 3.12 → 3.13 → 3.14) in a single autobump is unprecedented and risky:

• Major breaking changes between each Python version
• Significant deprecations and removals
• Severely restricts the environment's compatibility
• Likely unintended by the autobump automation

Verify: Is this intentional? If this represents an autobump action misconfiguration, consider resetting to a more conservative version constraint (e.g., python >=3.10 or python 3.13) and testing incrementally.

🤖 Prompt for AI Agents

In workflow/envs/pandas.yaml around lines 5-6 the Python pin jumps from 3.10 to
3.14.0 which is an unsafe autobump; replace the hard 3.14 pin with a
conservative constraint (for example target the most recent compatible minor
like 3.13 or a range such as ">=3.10,<3.14") or revert to the previous pinned
version, update the autobump configuration to prevent multi-major jumps, and run
the test matrix / CI to validate compatibility before merging.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

workflow/envs/oncoprint.yaml (1)

5-8: ⚠️ Critical: Unresolved version incompatibility (duplicate of past review).

Python 3.14.0 and scikit-learn 1.7.2 are not available on conda-forge and will cause the solver to fail. This issue was flagged in previous reviews and remains unresolved. These versions do not exist in the published package repositories.

Retarget to available versions (e.g., python=3.11.0 and scikit-learn=1.5.2, or verify the latest available versions on conda-forge).

To verify availability on conda-forge, run:

#!/bin/bash
# Check available Python and scikit-learn versions on conda-forge

echo "Latest Python versions on conda-forge:"
curl -s https://conda.anaconda.org/conda-forge/linux-64/repodata.json \
  | jq -r '.packages | to_entries[] | select(.value.name=="python") | .value.version' \
  | sort -V | tail -5

echo ""
echo "Latest scikit-learn versions on conda-forge:"
curl -s https://conda.anaconda.org/conda-forge/linux-64/repodata.json \
  | jq -r '.packages | to_entries[] | select(.value.name=="scikit-learn") | .value.version' \
  | sort -V | tail -5

🧹 Nitpick comments (1)

workflow/envs/snpsift.linux-64.pin.txt (1)

6-93: Document the explicit pin file maintenance process.

This file contains pinned URLs and hashes for reproducible environments. Consider adding a comment or documentation explaining:

• How/when this file is generated or updated
• Whether it's auto-generated or manually curated
• The command or process to regenerate it if dependencies are added/removed

This helps maintainers understand whether to edit it directly or regenerate it.

Would you like me to help add a header comment to document the pin file's purpose and maintenance process?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 777eb20 and 8cdf585.

📒 Files selected for processing (57)

• workflow/envs/arriba.linux-64.pin.txt (1 hunks)
• workflow/envs/arriba.yaml (1 hunks)
• workflow/envs/awk.linux-64.pin.txt (1 hunks)
• workflow/envs/awk.yaml (1 hunks)
• workflow/envs/awk_bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/awk_bedtools.yaml (1 hunks)
• workflow/envs/bcftools.linux-64.pin.txt (1 hunks)
• workflow/envs/bcftools.yaml (1 hunks)
• workflow/envs/bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/bedtools.yaml (1 hunks)
• workflow/envs/curl.linux-64.pin.txt (1 hunks)
• workflow/envs/curl.yaml (1 hunks)
• workflow/envs/excel.linux-64.pin.txt (1 hunks)
• workflow/envs/excel.yaml (1 hunks)
• workflow/envs/fgbio.linux-64.pin.txt (1 hunks)
• workflow/envs/fgbio.yaml (1 hunks)
• workflow/envs/filter_reads.linux-64.pin.txt (1 hunks)
• workflow/envs/filter_reads.yaml (1 hunks)
• workflow/envs/htslib.linux-64.pin.txt (1 hunks)
• workflow/envs/htslib.yaml (1 hunks)
• workflow/envs/jannovar.linux-64.pin.txt (1 hunks)
• workflow/envs/jannovar.yaml (1 hunks)
• workflow/envs/kmc.linux-64.pin.txt (1 hunks)
• workflow/envs/kmc.yaml (1 hunks)
• workflow/envs/mark_duplicates.linux-64.pin.txt (1 hunks)
• workflow/envs/mark_duplicates.yaml (1 hunks)
• workflow/envs/mosdepth.linux-64.pin.txt (1 hunks)
• workflow/envs/mosdepth.yaml (1 hunks)
• workflow/envs/oncoprint.linux-64.pin.txt (1 hunks)
• workflow/envs/oncoprint.yaml (1 hunks)
• workflow/envs/pandas.linux-64.pin.txt (1 hunks)
• workflow/envs/pandas.yaml (1 hunks)
• workflow/envs/pysam.linux-64.pin.txt (1 hunks)
• workflow/envs/pysam.yaml (1 hunks)
• workflow/envs/pystats.linux-64.pin.txt (1 hunks)
• workflow/envs/pystats.yaml (1 hunks)
• workflow/envs/rbt.linux-64.pin.txt (1 hunks)
• workflow/envs/rbt.yaml (1 hunks)
• workflow/envs/samtools.linux-64.pin.txt (1 hunks)
• workflow/envs/samtools.yaml (1 hunks)
• workflow/envs/siglasso.linux-64.pin.txt (1 hunks)
• workflow/envs/siglasso.yaml (1 hunks)
• workflow/envs/snpsift.linux-64.pin.txt (1 hunks)
• workflow/envs/snpsift.yaml (1 hunks)
• workflow/envs/split_call_tables.linux-64.pin.txt (1 hunks)
• workflow/envs/split_call_tables.yaml (1 hunks)
• workflow/envs/tabix.linux-64.pin.txt (1 hunks)
• workflow/envs/tabix.yaml (1 hunks)
• workflow/envs/umi_tools.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.yaml (1 hunks)
• workflow/envs/vcf2maf.linux-64.pin.txt (1 hunks)
• workflow/envs/vcf2maf.yaml (1 hunks)
• workflow/envs/vega.linux-64.pin.txt (1 hunks)
• workflow/envs/vega.yaml (1 hunks)
• workflow/envs/vembrane.linux-64.pin.txt (1 hunks)
• workflow/envs/vembrane.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• workflow/envs/vcf2maf.linux-64.pin.txt
• workflow/envs/tabix.linux-64.pin.txt

🚧 Files skipped from review as they are similar to previous changes (38)

• workflow/envs/fgbio.linux-64.pin.txt
• workflow/envs/vega.linux-64.pin.txt
• workflow/envs/excel.linux-64.pin.txt
• workflow/envs/pysam.linux-64.pin.txt
• workflow/envs/split_call_tables.linux-64.pin.txt
• workflow/envs/siglasso.linux-64.pin.txt
• workflow/envs/bedtools.linux-64.pin.txt
• workflow/envs/tabix.yaml
• workflow/envs/mark_duplicates.linux-64.pin.txt
• workflow/envs/split_call_tables.yaml
• workflow/envs/mosdepth.linux-64.pin.txt
• workflow/envs/awk_bedtools.linux-64.pin.txt
• workflow/envs/awk.yaml
• workflow/envs/kmc.linux-64.pin.txt
• workflow/envs/vega.yaml
• workflow/envs/umi_tools.linux-64.pin.txt
• workflow/envs/bcftools.linux-64.pin.txt
• workflow/envs/htslib.linux-64.pin.txt
• workflow/envs/pystats.yaml
• workflow/envs/pysam.yaml
• workflow/envs/pandas.yaml
• workflow/envs/jannovar.yaml
• workflow/envs/kmc.yaml
• workflow/envs/vembrane.linux-64.pin.txt
• workflow/envs/rbt.yaml
• workflow/envs/arriba.yaml
• workflow/envs/vcf2maf.yaml
• workflow/envs/varlociraptor.linux-64.pin.txt
• workflow/envs/rbt.linux-64.pin.txt
• workflow/envs/arriba.linux-64.pin.txt
• workflow/envs/curl.linux-64.pin.txt
• workflow/envs/filter_reads.linux-64.pin.txt
• workflow/envs/mark_duplicates.yaml
• workflow/envs/pystats.linux-64.pin.txt
• workflow/envs/varlociraptor.yaml
• workflow/envs/awk_bedtools.yaml
• workflow/envs/vembrane.yaml
• workflow/envs/samtools.linux-64.pin.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: test primers
• GitHub Check: test local input
• GitHub Check: test no candidate filtering
• GitHub Check: test target regions
• GitHub Check: test testcase generation
• GitHub Check: test target regions, multiple BEDs
• GitHub Check: test sra download

🔇 Additional comments (13)

workflow/envs/curl.yaml (1)

5-5: Verify curl 7→8 major version bump compatibility.

The change bumps curl from 7.86.0 to 8.16.0, a major version transition. While this may bring performance improvements (aligning with the "perf: autobump" PR title), curl 8.x has breaking changes compared to 7.x, including TLS/SSL defaults and behavioral differences.

Since this is an automated change, confirm that:

1. The version bump has been tested or validated against the workflow's curl usage patterns
2. Any downstream tools or scripts that depend on curl 7.x behavior have been updated or verified
3. The explicit pinfile (workflow/envs/curl.linux-64.pin.txt) is properly generated and synchronized with this version

workflow/envs/filter_reads.yaml (2)

4-8: Verify conda resolver compatibility with exact pinning strategy.

The use of exact version pinning (=) across all dependencies may cause conda resolution to fail, particularly with transitive dependencies. Conda's resolver can struggle when all packages are pinned to exact versions, especially for complex packages like Rust and cryptography that have many indirect dependencies.

Consider testing the environment specification to ensure conda can successfully resolve and install all packages. If resolution fails, you may need to either:

1. Allow more flexible version ranges for some dependencies (e.g., ~= or >=X.Y)
2. Use conda-lock or similar tools to generate explicit lock files that include all transitive dependencies
3. Verify that the pinned versions are compatible across the dependency tree

---

4-8: Verify major version bumps for compatibility and test coverage.

Several significant version changes warrant validation:

• rust: Major version bump to 1.90.0 (from unspecified range). Confirm this is compatible with the rust-script version and any downstream code.
• cryptography: Major version bump to 46.0.3. Verify no breaking API changes affecting dependencies.
• rust-script: 0.22 → 0.36.0 (minor bump in 0.x series can contain breaking changes). Confirm compatibility.

Since this is an automated bulk bump, please confirm these versions have been tested together in the actual workflow.

workflow/envs/mosdepth.yaml (1)

5-5: Version bump is safe—no breaking changes identified.

mosdepth v0.3.11 (released Jan 17, 2020) only adds --fragment-mode for calculating coverage over full fragments, with no breaking changes. The bump from 0.2.9 to 0.3.11 is straightforward, and the accompanying pin file ensures reproducibility.

workflow/envs/excel.yaml (1)

5-7: Dependency versions are reasonable.

The updates to openpyxl, pandas, and numpy are all stable, recent releases. No apparent compatibility concerns for these updates.

workflow/envs/oncoprint.linux-64.pin.txt (1)

1-49: ****

The core factual claims in this review are incorrect. Python 3.14.0 is available on conda-forge across major platforms, and scikit-learn 1.7.2 is available for linux-64 with Python 3.14 support. The versions specified in oncoprint.yaml (python=3.14.0 and scikit-learn=1.7.2) are valid, and the URLs in this pin file will resolve successfully. No action is needed.

Likely an incorrect or invalid review comment.

workflow/envs/fgbio.yaml (1)

5-5: No compatibility issues found with fgbio-minimal 3.0.0 upgrade.

Verification confirms the workflow uses only fgbio AssignPrimers and fgbio TrimPrimers commands (workflow/rules/primers.smk). The breaking changes in fgbio 3.0.0 (FilterConsensusReads option rename, GroupReadsByUmi R1/R2 handling) do not affect these commands. Additionally, the pin file (workflow/envs/fgbio.linux-64.pin.txt) ensures reproducible environment resolution.

workflow/envs/siglasso.yaml (1)

5-11: Flag major R version bump for testing verification.

The PR updates r-base from 4.3 to 4.5.1, which is a significant version change. Ensure this major version bump has been tested with the other R packages in this environment (r-devtools, r-glmnet, r-tidyverse, etc.) to confirm compatibility and that no breaking changes affect downstream workflow steps.

workflow/envs/pandas.linux-64.pin.txt (1)

1-41: Verify Python 3.14 stability for workflow.

This explicit pinfile introduces Python 3.14 alongside pandas 2.3.3 and numpy 2.3.4. While the @explicit manifest format is correct for reproducible conda environment creation, ensure that Python 3.14 (a very recent release) has been tested with the workflow and all downstream dependencies to avoid unexpected compatibility issues.

workflow/envs/bedtools.yaml (1)

5-6: Verify bedtools and samtools version compatibility.

Bumping samtools from 1.12 to 1.22.1 is a significant version jump (10 minor versions). While both samtools-1.22.1 and bedtools are available, confirm that bedtools 2.31.1 has been tested with samtools 1.22.1 to ensure API compatibility and no breaking changes.

workflow/envs/htslib.yaml (1)

5-5: Verify htslib 1.22.1 compatibility across dependent tools.

htslib has been bumped to 1.22.1. This is a foundational library version update that affects samtools, bcftools, and related tools. Ensure this version has been tested against all tools that depend on htslib (especially given the simultaneous samtools/bedtools upgrades) to confirm no compatibility issues.

workflow/envs/samtools.yaml (1)

5-6: samtools 1.22.1 and sed 4.9 version bumps are well-supported releases with no known incompatibilities.

samtools 1.22.1 (released July 2025) includes security fixes for a use-after-free in mpileup and a buffer-overflow in CRAM decoder, making this upgrade justified. sed 4.9 (released November 2022) is a bug-fix and safety release with no deliberate backward-incompatible user-facing changes. The YAML file structure is valid. While running the full test suite would be ideal, web research indicates these are stable, mature versions with no documented issues affecting workflows.

workflow/envs/snpsift.linux-64.pin.txt (1)

1-5: No action needed—all URLs are valid and file is properly maintained.

All 88 package URLs in the explicit pin file are accessible (HTTP 200), and the file follows the correct conda explicit format. The pin file is auto-generated and maintained via .github/workflows/autobump-envs.yml, paired with its source snpsift.yaml configuration. Hash accuracy is ensured by conda's installation verification process.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

⚠️ snpsift 5.3.0a is a pre-release version—confirm this is intentional.

Line 5 specifies snpsift 5.3.0a (with the 'a' pre-release suffix), not the stable release. Pre-release versions may contain bugs and lack thorough testing. Confirm this is intentional for your workflow; consider using the stable 5.3 release instead unless there is a specific reason (e.g., bugfix) for the pre-release.

🤖 Prompt for AI Agents

In workflow/envs/snpsift.yaml around lines 5 to 6, the snpsift version is pinned
to the pre-release "5.3.0a"; change it to the stable release "5.3" unless the
pre-release is intentionally required for a specific fix. If you need the stable
build, update the file to use snpsift =5.3 (remove the "a"), then run your
environment resolution/lock step (conda-lock/poetry/etc.) and any CI tests to
verify compatibility; if the pre-release is required, add a short inline comment
explaining why and link to the changelog/issue that necessitates it.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1ffcdbb and 303f3c8.

📒 Files selected for processing (57)

• workflow/envs/arriba.linux-64.pin.txt (1 hunks)
• workflow/envs/arriba.yaml (1 hunks)
• workflow/envs/awk.linux-64.pin.txt (1 hunks)
• workflow/envs/awk.yaml (1 hunks)
• workflow/envs/awk_bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/awk_bedtools.yaml (1 hunks)
• workflow/envs/bcftools.linux-64.pin.txt (1 hunks)
• workflow/envs/bcftools.yaml (1 hunks)
• workflow/envs/bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/bedtools.yaml (1 hunks)
• workflow/envs/curl.linux-64.pin.txt (1 hunks)
• workflow/envs/curl.yaml (1 hunks)
• workflow/envs/excel.linux-64.pin.txt (1 hunks)
• workflow/envs/excel.yaml (1 hunks)
• workflow/envs/fgbio.linux-64.pin.txt (1 hunks)
• workflow/envs/fgbio.yaml (1 hunks)
• workflow/envs/filter_reads.linux-64.pin.txt (1 hunks)
• workflow/envs/filter_reads.yaml (1 hunks)
• workflow/envs/htslib.linux-64.pin.txt (1 hunks)
• workflow/envs/htslib.yaml (1 hunks)
• workflow/envs/jannovar.linux-64.pin.txt (1 hunks)
• workflow/envs/jannovar.yaml (1 hunks)
• workflow/envs/kmc.linux-64.pin.txt (1 hunks)
• workflow/envs/kmc.yaml (1 hunks)
• workflow/envs/mark_duplicates.linux-64.pin.txt (1 hunks)
• workflow/envs/mark_duplicates.yaml (1 hunks)
• workflow/envs/mosdepth.linux-64.pin.txt (1 hunks)
• workflow/envs/mosdepth.yaml (1 hunks)
• workflow/envs/oncoprint.linux-64.pin.txt (1 hunks)
• workflow/envs/oncoprint.yaml (1 hunks)
• workflow/envs/pandas.linux-64.pin.txt (1 hunks)
• workflow/envs/pandas.yaml (1 hunks)
• workflow/envs/pysam.linux-64.pin.txt (1 hunks)
• workflow/envs/pysam.yaml (1 hunks)
• workflow/envs/pystats.linux-64.pin.txt (1 hunks)
• workflow/envs/pystats.yaml (1 hunks)
• workflow/envs/rbt.linux-64.pin.txt (1 hunks)
• workflow/envs/rbt.yaml (1 hunks)
• workflow/envs/samtools.linux-64.pin.txt (1 hunks)
• workflow/envs/samtools.yaml (1 hunks)
• workflow/envs/siglasso.linux-64.pin.txt (1 hunks)
• workflow/envs/siglasso.yaml (1 hunks)
• workflow/envs/snpsift.linux-64.pin.txt (1 hunks)
• workflow/envs/snpsift.yaml (1 hunks)
• workflow/envs/split_call_tables.linux-64.pin.txt (1 hunks)
• workflow/envs/split_call_tables.yaml (1 hunks)
• workflow/envs/tabix.linux-64.pin.txt (1 hunks)
• workflow/envs/tabix.yaml (1 hunks)
• workflow/envs/umi_tools.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.yaml (1 hunks)
• workflow/envs/vcf2maf.linux-64.pin.txt (1 hunks)
• workflow/envs/vcf2maf.yaml (1 hunks)
• workflow/envs/vega.linux-64.pin.txt (1 hunks)
• workflow/envs/vega.yaml (1 hunks)
• workflow/envs/vembrane.linux-64.pin.txt (1 hunks)
• workflow/envs/vembrane.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (4)

• workflow/envs/awk.linux-64.pin.txt
• workflow/envs/pysam.linux-64.pin.txt
• workflow/envs/mark_duplicates.linux-64.pin.txt
• workflow/envs/split_call_tables.linux-64.pin.txt

🚧 Files skipped from review as they are similar to previous changes (38)

• workflow/envs/htslib.linux-64.pin.txt
• workflow/envs/umi_tools.linux-64.pin.txt
• workflow/envs/vcf2maf.linux-64.pin.txt
• workflow/envs/kmc.linux-64.pin.txt
• workflow/envs/awk.yaml
• workflow/envs/rbt.linux-64.pin.txt
• workflow/envs/fgbio.yaml
• workflow/envs/vcf2maf.yaml
• workflow/envs/bedtools.linux-64.pin.txt
• workflow/envs/pandas.yaml
• workflow/envs/curl.yaml
• workflow/envs/mosdepth.linux-64.pin.txt
• workflow/envs/mosdepth.yaml
• workflow/envs/pandas.linux-64.pin.txt
• workflow/envs/kmc.yaml
• workflow/envs/siglasso.linux-64.pin.txt
• workflow/envs/vega.linux-64.pin.txt
• workflow/envs/samtools.yaml
• workflow/envs/pystats.linux-64.pin.txt
• workflow/envs/filter_reads.linux-64.pin.txt
• workflow/envs/filter_reads.yaml
• workflow/envs/mark_duplicates.yaml
• workflow/envs/excel.linux-64.pin.txt
• workflow/envs/pystats.yaml
• workflow/envs/oncoprint.yaml
• workflow/envs/pysam.yaml
• workflow/envs/curl.linux-64.pin.txt
• workflow/envs/samtools.linux-64.pin.txt
• workflow/envs/jannovar.yaml
• workflow/envs/bcftools.linux-64.pin.txt
• workflow/envs/tabix.yaml
• workflow/envs/varlociraptor.linux-64.pin.txt
• workflow/envs/bcftools.yaml
• workflow/envs/snpsift.yaml
• workflow/envs/bedtools.yaml
• workflow/envs/fgbio.linux-64.pin.txt
• workflow/envs/arriba.yaml
• workflow/envs/htslib.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: test target regions, multiple BEDs
• GitHub Check: test primers
• GitHub Check: test sra download
• GitHub Check: test target regions
• GitHub Check: test local input (dryrun)
• GitHub Check: test no candidate filtering
• GitHub Check: test testcase generation
• GitHub Check: test local input

🔇 Additional comments (15)

workflow/envs/arriba.linux-64.pin.txt (1)

1-160: Explicit pinfile format is correct and comprehensive.

The @explicit format is properly structured with valid conda-forge/bioconda URLs and SHA256 hashes. Package resolution includes arriba-2.5.1 and all supporting dependencies (htslib, samtools, R ecosystem, Python 3.14). The environment is pinned for reproducibility on linux-64.

workflow/envs/awk_bedtools.yaml (1)

5-7: Version bumps are clean and consistent with pinfile.

All three dependencies are pinned exactly (bedtools 2.31.1, gawk 5.3.1, samtools 1.22.1) and match the linux-64 pinfile. The samtools bump spans 7 minor versions; ensure workflows have been validated with the new version if not already covered by CI.

workflow/envs/awk_bedtools.linux-64.pin.txt (1)

1-38: Explicit pinfile is well-formed and consistent with yaml versions.

The @explicit format correctly pins bedtools-2.31.1, gawk-5.3.1, samtools-1.22.1, and htslib-1.22.1 with supporting libraries. All versions align with awk_bedtools.yaml. Hashes are valid and packages are properly ordered.

workflow/envs/siglasso.yaml (1)

5-11: I'll verify the compatibility concerns through alternative approaches. Let me search for R 4.5.2 information and check the repository for CI configuration and test validation.

Now let me check the repository for CI configuration and test results to see if this environment was actually validated.

Based on my verification through official R release notes and package documentation, I need to rewrite this review comment.

R 4.5.2 is a patch/minor version update (4.3 → 4.5 within the 4.x series), not a major version bump. The tidyverse maintains backward compatibility with the past 5 minor versions of R, which covers this range. Breaking changes in R 4.5.x primarily involve deprecated functions removed from the S4 method handling system, which are unlikely to affect r-glmnet, r-nnls, or r-tidyverse. No documented incompatibilities exist for the specified package versions.

If this PR is automated via GitHub Actions, confirm the CI pipeline ran successfully with these versions before merging.

workflow/envs/excel.yaml (1)

5-7: Dependency versions are compatible; no blocking issues found.

Verification confirms that numpy 2.3.4, pandas 2.3.3, and openpyxl 3.1.5 are mutually compatible. pandas 2.3.x was updated to work with NumPy 2.x series, and openpyxl 3.1.5 does not hard-pin a NumPy runtime dependency and pandas 2.x requires openpyxl ≥ 3.1.0, so openpyxl 3.1.5 satisfies pandas' requirement. The environment file contains no other packages with conflicting version constraints.

workflow/envs/tabix.linux-64.pin.txt (2)

1-5: Explicit conda environment pin file—good for reproducibility.

The @explicit format with SHA256 hashes is an excellent practice for ensuring reproducible environments across platforms and time. The metadata and format structure are correct.

---

29-30: I'll fix the fd command and search for more information about tabix changes:

Let me search more specifically about the tabix versioning history:

Now let me run the corrected shell commands to check the rest:

No API or behavior breaking changes found between tabix versions.

Based on verification:

1. The bioconda tabix package contains versions 1.11-0 and 0.2.x, indicating this is a controlled, intentional package migration rather than an accidental bump.

2. The tabix 1.11 package is built from HTSlib source (replacing the old standalone tabix 0.2 package). This is a standard evolution in the bioinformatics ecosystem where tabix functionality was integrated into HTSlib ~2014, with HTSlib now providing tabix as a utility.

3. The YAML alignment is confirmed: workflow/envs/tabix.yaml correctly specifies tabix =1.11, matching the pin file version.

4. Pin files are generated by conda-lock to create fully reproducible environments by performing a conda solve for each platform. This is standard practice and the .pin.txt file is the generated locked specification from the source tabix.yaml.

No evidence of breaking changes or workflow functionality issues with this version transition.

workflow/envs/varlociraptor.yaml (1)

6-8: Coordinate verification with other environment files.

This file updates three packages: varlociraptor (8.7.3 → 8.8.1), vega-lite-cli (5.16 → 6.4.1), and bcftools (1.21 → 1.22). The vega-lite-cli and bcftools versions are consistent with updates in workflow/envs/vega.yaml and workflow/envs/rbt.yaml respectively, suggesting coordinated ecosystem updates. Ensure the verification checks in those files cover these versions holistically.

workflow/envs/vega.yaml (1)

4-4: Verify compatibility with vega-lite-cli 6.4.1 major version bump.

vega-lite-cli 6.4.1 is confirmed available on conda-forge. However, this is a major version jump (5.16 → 6.4.1) and should be tested to ensure no breaking changes affect the workflow. The change is consistent with varlociraptor.yaml, but manual verification of the upgrade's impact is recommended before merging.

workflow/envs/rbt.yaml (1)

5-6: Both package versions verified and available on bioconda.

rust-bio-tools 0.42.2 and bcftools 1.22 are confirmed available on bioconda. The version pins are valid.

workflow/envs/split_call_tables.yaml (1)

5-7: No issues found — all package versions verified.

All critical concerns have been verified:

• Python 3.13.9 is available on conda-forge
• pysam 0.23.3 is available on bioconda with Python 3.13 builds
• pandas 2.3.3 supports Python 3.13

The environment file is correct and ready to merge.

workflow/envs/jannovar.linux-64.pin.txt (1)

1-69: Auto-generated pin file is well-formed.

The explicit environment pin file follows the standard conda @EXPLICIT format with valid URLs, hashes, and platform metadata. Since this is an auto-generated lock file, its correctness is dependent on the source environment specifications being accurate. Ensure that the related YAML environment file (if any) matches the pinned versions.

workflow/envs/oncoprint.linux-64.pin.txt (1)

1-52: Auto-generated pin file is well-formed.

The explicit environment pin file follows the standard conda @EXPLICIT format with valid package URLs, hashes, and platform metadata. This is a static lock file whose correctness depends on the source environment specifications being accurate. Verify that related YAML environment files (if present) are aligned with the pinned versions.

workflow/envs/vembrane.linux-64.pin.txt (1)

1-74: Auto-generated pin file is well-formed and consistent.

The explicit environment pin file follows the standard conda @EXPLICIT format with valid URLs, hashes, and platform metadata. Version alignment appears correct: htslib-1.22.1 and bcftools-1.22 are synchronized versions, and pysam-0.23.3 is compatible with modern htslib versions. The pinned vembrane-2.4.0 matches the target version in the companion YAML file.

workflow/envs/snpsift.linux-64.pin.txt (1)

1-93: No action needed—automated pin file is correct and complete.

Verification confirms the pin file is properly constructed and addresses all dependencies:

• Java runtime: openjdk-25.0.1 is included (line 92), satisfying SnpSift 5.3.0a's requirement for Java 21+
• Package versions: snpsift-5.3.0a, bcftools-1.22, and htslib-1.22.1 match the yaml specification and are compatible
• Python 3.14.0: Present as a transitive dependency, not explicitly required by snpsift.yaml, and poses no compatibility issues
• Format & checksums: All URLs are properly formed with valid SHA256 checksums

The automated bot correctly resolved the environment dependencies.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

workflow/rules/fusion_calling.smk (1)

83-98: Replace wrapper version with an existing Snakemake wrapper tag.

The v7.6.0/bio/bcftools/sort wrapper does not exist. Available sort wrapper versions include v6.2.0 and v3.3.3. Update line 98 to use an existing wrapper version, such as "v6.2.0/bio/bcftools/sort". The sort wrapper parameters remain compatible across these versions.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9066ffa and df3980f.

📒 Files selected for processing (16)

• workflow/rules/annotation.smk (1 hunks)
• workflow/rules/benchmarking.smk (5 hunks)
• workflow/rules/calling.smk (2 hunks)
• workflow/rules/candidate_calling.smk (3 hunks)
• workflow/rules/datavzrd.smk (4 hunks)
• workflow/rules/filtering.smk (2 hunks)
• workflow/rules/fusion_calling.smk (3 hunks)
• workflow/rules/maf.smk (1 hunks)
• workflow/rules/mapping.smk (11 hunks)
• workflow/rules/primers.smk (2 hunks)
• workflow/rules/qc.smk (4 hunks)
• workflow/rules/ref.smk (6 hunks)
• workflow/rules/regions.smk (1 hunks)
• workflow/rules/testcase.smk (1 hunks)
• workflow/rules/trimming.smk (3 hunks)
• workflow/rules/utils.smk (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (8)

• workflow/rules/primers.smk
• workflow/rules/trimming.smk
• workflow/rules/mapping.smk
• workflow/rules/annotation.smk
• workflow/rules/benchmarking.smk
• workflow/rules/regions.smk
• workflow/rules/utils.smk
• workflow/rules/datavzrd.smk

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2024-11-25T12:34:09.018Z

Learnt from: johanneskoester
Repo: snakemake-workflows/dna-seq-varlociraptor PR: 338
File: workflow/rules/candidate_calling.smk:86-87
Timestamp: 2024-11-25T12:34:09.018Z
Learning: In this workflow, the grouping of variant calling rules is intentional, and not all related variant calling rules need to be grouped under "calling".

Applied to files:

• workflow/rules/candidate_calling.smk

🔇 Additional comments (8)

workflow/rules/filtering.smk (1)

65-65: Wrapper versions updated for bcftools/concat.

Both gather_calls and merge_calls rules now use v7.6.0 of the bcftools/concat wrapper, updated from v2.3.2. This aligns with similar updates across the workflow.

Also applies to: 95-95

workflow/rules/testcase.smk (1)

16-17: Wrapper version updated for bcftools/concat.

The wrapper has been updated from v2.3.2 to v7.6.0, consistent with other bcftools/concat updates in this PR.

workflow/rules/calling.smk (1)

110-111: Wrapper versions updated for bcftools utilities.

Both sort_calls (bcftools/sort) and bcftools_concat rules have been updated to v7.6.0, aligning with the broader wrapper version updates in this PR.

Also applies to: 124-125

workflow/rules/qc.smk (1)

11-12: Wrapper versions updated for QC tools.

All QC-related wrappers have been updated:

• fastqc: v2.10.0 → v7.6.0
• samtools/idxstats: v2.3.2 → v7.6.0
• samtools/stats: v2.3.2 → v7.6.0
• multiqc: v2.10.0 → v7.9.0

These updates align with the broader wrapper version bumps across the workflow.

Also applies to: 23-24, 34-35, 52-53

workflow/rules/candidate_calling.smk (1)

22-23: Wrapper versions updated for candidate calling tools.

The following wrappers have been updated:

• freebayes: v2.7.0 → v7.6.0
• delly: v2.3.2 → v8.0.0
• bcftools/filter: v2.3.2 → v7.6.0

Note that delly uses v8.0.0 while most other wrappers target v7.6.0, which likely reflects the latest available wrapper version for that tool.

Also applies to: 40-41, 69-70

workflow/rules/maf.smk (1)

8-9: Remove verification concern—wrapper version v7.6.0 exists and is valid.

The v7.6.0 tag exists in the snakemake-wrappers repository. The wrapper reference is correct and will resolve properly. No changes needed.

workflow/rules/ref.smk (1)

26-26: Verify major wrapper version upgrades for breaking changes.

Two wrappers are receiving major version upgrades:

• Line 26: samtools/faidx v2.3.2 → v7.6.0
• Line 123: bwa/index v2.3.2 → v5.10.0

These are significant version jumps. Please verify that the wrapper interfaces remain compatible and no breaking changes affect the rule inputs, outputs, or parameters.

Check the snakemake-wrappers changelog or wrapper meta.yaml files for breaking changes between these versions.

Also applies to: 123-123

workflow/rules/fusion_calling.smk (1)

101-116: The version update is verified and safe. The bcftools/concat wrapper exists at v7.6.0, and the interface has not changed in a way that introduces breaking changes between v1.21.0 and v7.x. The wrapper still uses the same parameters (calls list, uncompressed_bcf, and extra), which matches the parameters used in your code.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify major version bump for star_arriba meta wrapper.

The update from v7.1.0 to v8.0.0 represents a major version change that may include breaking changes. Ensure that the v8.0.0 wrapper exists and is compatible with the current rule configuration.

---

🌐 Web query:

Does Snakemake wrapper v8.0.0/meta/bio/star_arriba exist and what are the breaking changes from v7.1.0?

💡 Result:

Short answer: Yes — v8.0.0/meta/bio/star_arriba exists. See the v8.0.0 (stable) meta-wrapper docs and earlier v7.x docs below. [1][2]

Breaking / user-facing changes vs. the v7.x examples

• Module usage is promoted in v8.0.0: the docs show including the meta-wrapper via the Snakemake module system (module ... meta_wrapper: "v8.0.0/meta/bio/star_arriba" and use rule * from ...). Earlier v7.x docs show the older copy-paste/wrapper-style examples. This is the main workflow-usage change you’ll observe. [1][2]
• The v8.0.0 docs recommend running with modern Snakemake module features (Snakemake >= 7.9 is referenced in the v8 docs). If you upgrade from a v7.1.0-style workflow you may need to adapt to the module/pathvars usage or keep using the copy-paste version shown in the docs. [1][3]
• No major changes to the meta-wrapper’s inputs/outputs or the STAR/ARRIBA subrules are shown in the v8.0.0 docs vs. v7.x examples — the example rules (star_index, star_align, arriba), params and defaults appear the same in the v8.0.0 page and the v7.x pages I inspected. If you rely on specific internal wrapper versions referenced by the meta-wrapper, verify the used sub-wrapper versions (the v8 doc lists the sub-wrappers it calls). [1][2][4]

Sources

• v8.0.0 / stable meta-wrapper docs (module usage example). [1]
• v7.x meta-wrapper docs (example usage via wrapper/copy-paste). [2]
• Snakemake modularization / module recommendation (Snakemake docs referencing module usage / version recommendations). [3]
• Example v7.x page showing identical rule inputs/outputs/params for comparison. [4]

References
[1] Snakemake wrappers — STAR-ARRIBA (stable / v8.0.0).
[2] Snakemake wrappers — STAR-ARRIBA (v7.6 / v7.x examples).
[3] Snakemake docs — modularization / modules (version recommendation).
[4] Snakemake wrappers — STAR-ARRIBA (v7.4 / v7.x).

---

---

🏁 Script executed:

#!/bin/bash
# Examine the full fusion_calling.smk file to verify module setup and other version updates
cat workflow/rules/fusion_calling.smk

Length of output: 3540

---

🏁 Script executed:

#!/bin/bash
# Search for Snakemake version requirements in the project
fd -e yaml -e yml -e txt | xargs grep -l "snakemake" | head -20 | xargs cat 2>/dev/null | grep -i "version\|require"

Length of output: 0

---

🏁 Script executed:

#!/bin/bash
# Look for Snakemake environment or requirements specification
fd -E node_modules -E .git "requirements" -o "environment" | xargs cat 2>/dev/null | head -50

Length of output: 141

---

🏁 Script executed:

#!/bin/bash
# Check for .snakemake_metadata or workflow config
fd -E node_modules -E .git "config\|snakemake" --type f | head -20

Length of output: 0

---

🏁 Script executed:

#!/bin/bash
# Search for any bcftools wrapper references to verify v7.6.0 compatibility
rg "bcftools" -n --type snakemake -C 2

Length of output: 33

---

🌐 Web query:

Snakemake wrapper v7.6.0/bio/bcftools/sort compatibility and breaking changes

💡 Result:

Short answer: wrapper v7.6.0 for bcftools/sort requires newer wrapper-utils and a newer bcftools than older wrapper series — main compatibility/breaking changes are dependency bumps and small param/API name changes.

Details (concise)

• Required runtime deps for the v7.6.0-series bcftools wrappers: bcftools = 1.22 and snakemake-wrapper-utils = 0.8.0. Use a conda/env with those versions when using v7.6.0 wrappers. [1][2]
• Older bcftools/sort wrappers (examples from the v3.x series) listed bcftools = 1.19 and snakemake-wrapper-utils = 0.6.2 — upgrading to v7.6.0 may require updating environments. [3]
• Small wrapper API differences to watch for when migrating:
  • Parameter name differences in docs/examples: some older sort pages show params.extras (plural) while newer bcftools wrappers use params.extra (singular) for passing additional bcftools args — double-check your rule params. [3][2]
  • get_bcftools_opts usage/signature was tightened in newer wrapper-utils (additional parse_* flags like parse_memory/parse_ref/parse_samples available) — wrappers may call get_bcftools_opts with different arguments, so customizations that relied on the older helper behavior can break. [2][4]
• Practical checklist for upgrade:
  • Update your conda/env to bcftools 1.22 (or the version declared by the specific v7.6.0 wrapper you use). [2]
  • Update snakemake-wrapper-utils to 0.8.0. [2]
  • Search your Snakefile for params.extras → change to params.extra if needed, and verify any use of get_bcftools_opts matches the wrapper implementation. [3][2]

Sources

• v7.6.0-series bcftools wrapper examples & deps (shows bcftools=1.22, snakemake-wrapper-utils=0.8.0). [1][2]
• Older bcftools/sort wrapper (v3.x) showing bcftools=1.19 and params.extras example. [3]

References
[1] Snakemake wrappers — BCFTOOLS VIEW / other bcftools wrappers (v7.6.0) — software dependencies listing.
[2] Snakemake wrappers — BCFTOOLS NORM / FILTER (v7.6.0) — shows bcftools=1.22 and snakemake-wrapper-utils=0.8.0 and use of get_bcftools_opts.
[3] Snakemake wrappers — BCFTOOLS SORT (v3.3.x) — shows older deps (bcftools=1.19) and params.extras example.
[4] get_bcftools_opts usage in wrapper code snippets (see wrapper pages linked above).

If you want, I can: (a) fetch the exact v7.6.0/bio/bcftools/sort page (if present) and show the wrapper code and declared dependencies, or (b) produce a one-line patch for migrating a Snakefile rule from the older wrapper to v7.6.0. Which would you prefer?

---

---

🏁 Script executed:

```shell
#!/bin/bash
# Search more broadly for Snakemake version specifications
find . -type f \( -name "*.yaml" -o -name "*.yml" -o -name "Makefile" -o -name "*.toml" -o -name "*.cfg" -o -name "*.ini" \) -exec grep -l "snakemake" {} \; | head -20

Length of output: 219

---

🏁 Script executed:

#!/bin/bash
# Look for conda environment files
find . -type f -name "*.yaml" -o -name "*.yml" | head -30

Length of output: 1068

---

🏁 Script executed:

#!/bin/bash
# Check for setup.py or pyproject.toml that might declare Snakemake version
find . -type f \( -name "setup.py" -o -name "pyproject.toml" -o -name "setup.cfg" \) | head -10

Length of output: 0

---

🏁 Script executed:

#!/bin/bash
# Search for any version or requirement strings in common locations
find . -maxdepth 2 -type f \( -name "requirements*.txt" -o -name "environment*.yml" -o -name "environment*.yaml" \) 2>/dev/null

Length of output: 0

---

🏁 Script executed:

#!/bin/bash
# Check bcftools wrapper params in the file to verify they match v7.6.0 expectations
grep -n "params:" workflow/rules/fusion_calling.smk -A 5 | grep -E "extras|extra|uncompressed"

Length of output: 443

---

---

🏁 Script executed:

```shell
#!/bin/bash
# Read bcftools.yaml to check dependency versions
cat ./workflow/envs/bcftools.yaml

Length of output: 71

---

🏁 Script executed:

#!/bin/bash
# Check arriba.yaml for dependencies
cat ./workflow/envs/arriba.yaml

Length of output: 68

---

🏁 Script executed:

#!/bin/bash
# Check workflow main configuration
cat ./workflow/Snakefile | head -100

Length of output: 1458

---

🏁 Script executed:

#!/bin/bash
# Look for autobump-wrappers workflow to understand how updates are applied
cat ./.github/workflows/autobump-wrappers.yml

Length of output: 950

---

Line 3 verified compatible, but v7.6.0 bcftools wrappers in same file have critical compatibility issues.

v8.0.0/meta/bio/star_arriba is confirmed stable and compatible with the project's Snakemake 9.1.0 requirement. However, verification uncovered critical issues with the v7.6.0 bcftools wrapper updates on lines 92 and 111:

1. Line 92 (sort_arriba_calls rule): Parameter uses params.extras="" (plural), but v7.6.0 wrappers expect params.extra (singular). This must be changed to params.extra="".

2. Dependency mismatch: workflow/envs/bcftools.yaml declares bcftools=1.19, but v7.6.0 wrappers require bcftools=1.22 and snakemake-wrapper-utils=0.8.0. Update bcftools.yaml:

   channels:
     - conda-forge
     - bioconda
   dependencies:
     - bcftools=1.22
     - snakemake-wrapper-utils=0.8.0

3. Line 111 (bcftools_concat_candidates rule): Already uses correct params.extra (singular), but will fail without dependency versions updated above.

These are prerequisites for the bcftools wrappers to function at runtime.

🤖 Prompt for AI Agents

In workflow/rules/fusion_calling.smk around lines 1-6 and specifically lines 92
and 111, fix bcftools wrapper compatibility: change the sort_arriba_calls rule's
parameter from params.extras="" to params.extra="" (singular) at line 92; note
that bcftools_concat_candidates at line 111 already uses params.extra and is
fine but will fail until dependencies are updated; update
workflow/envs/bcftools.yaml to require bcftools=1.22 and
snakemake-wrapper-utils=0.8.0 (keeping channels conda-forge and bioconda) so the
v7.6.0 wrappers run with the correct versions.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify wrapper version downgrades are intentional.

Several wrapper versions are being downgraded rather than upgraded:

• Line 14: ensembl-sequence v7.3.0 → v5.10.0
• Line 74: ensembl-annotation v7.5.0 → v7.4.0
• Line 137: vep/cache v8.0.0 → v7.6.0
• Line 148: vep/plugins v8.0.0 → v7.7.0

This is unexpected for an "autobump" PR and could potentially lose bug fixes, performance improvements, or new features from the newer versions. Confirm these downgrades are intentional and verify all wrapper versions exist in the snakemake-wrappers repository.

Run this script to verify the wrapper versions exist:

Also applies to: 74-74, 137-137, 148-148

---

🏁 Script executed:

#!/bin/bash
# Verify that the specified Snakemake wrapper versions exist

WRAPPERS=(
  "v5.10.0/bio/reference/ensembl-sequence"
  "v7.6.0/bio/samtools/faidx"
  "v7.4.0/bio/reference/ensembl-annotation"
  "v5.10.0/bio/bwa/index"
  "v7.6.0/bio/vep/cache"
  "v7.7.0/bio/vep/plugins"
)

echo "Checking wrapper versions in snakemake-wrappers repository..."
for wrapper in "${WRAPPERS[@]}"; do
  version=$(echo "$wrapper" | cut -d'/' -f1)
  path=$(echo "$wrapper" | cut -d'/' -f2-)
  url="https://github.com/snakemake/snakemake-wrappers/tree/${version}/${path}"
  
  # Check if the tag exists
  if curl -s -o /dev/null -w "%{http_code}" "https://api.github.com/repos/snakemake/snakemake-wrappers/git/refs/tags/${version}" | grep -q "200"; then
    echo "✓ Version ${version} exists"
  else
    echo "✗ Version ${version} NOT FOUND"
  fi
done

Length of output: 207

---

I can see that all specified wrapper versions exist in the snakemake-wrappers repository. However, existence alone doesn't confirm whether these downgrades are intentional or problematic. Let me examine the actual file and changes to better understand the context.

---

🏁 Script executed:

#!/bin/bash
# Examine the workflow/rules/ref.smk file to understand context
fd -t f -n 'ref.smk' -x head -n 160 {} \;

Length of output: 230

---

🏁 Script executed:

#!/bin/bash
# Check if there are any comments or metadata in the file explaining version changes
rg -n 'v5\.10\.0|v7\.6\.0|v7\.4\.0|v7\.7\.0' workflow/rules/ref.smk -A2 -B2

Length of output: 660

---

🏁 Script executed:

#!/bin/bash
# Look for any recent git history or comments about version pinning
git log --oneline -n 20 -- workflow/rules/ref.smk 2>/dev/null || echo "Git history not available"

Length of output: 1191

---

🏁 Script executed:

#!/bin/bash
# Check if there's a requirements file or version manifest
fd -t f -name '*requirements*' -o -name '*versions*' -o -name '*pins*' | head -20

Length of output: 230

---

The git history confirms something notable: commit fa7d314 recently updated VEP wrappers to v8.0.0, and now the current PR (df3980f "perf: autobump snakemake wrappers") is downgrading them back to v7.6.0 and v7.7.0. This pattern suggests the "autobump" action is behaving unexpectedly.

Let me investigate the automation and PR context more closely:

---

🏁 Script executed:

```shell
#!/bin/bash
# Check for GitHub Actions workflow files related to autobump
fd -type f -name '*.yml' -o -name '*.yaml' | xargs grep -l 'autobump\|create-pull-request' 2>/dev/null | head -5

Length of output: 170

---

🏁 Script executed:

#!/bin/bash
# Look for the actual previous versions by checking git show of the parent commit
git show HEAD~1:workflow/rules/ref.smk 2>/dev/null | grep -A1 'wrapper:' | head -40

Length of output: 386

---

🏁 Script executed:

#!/bin/bash
# Check PR metadata or branch info
git branch -a 2>/dev/null | head -5

Length of output: 88

---

Downgrade issue confirmed — autobump rolled back recent fixes.

Verification reveals the downgrades are real and problematic:

Previous commit (fa7d314) had:

• vep/cache: v8.0.0 (updated to "make env installable" per commit message)
• vep/plugins: v8.0.0
• ensembl-sequence: v7.3.0
• ensembl-annotation: v7.5.0

Current PR downgrades to:

• vep/cache: v7.6.0 (reverting fix from fa7d314)
• vep/plugins: v7.7.0 (reverting fix from fa7d314)
• ensembl-sequence: v5.10.0
• ensembl-annotation: v7.4.0

The vep downgrade is particularly concerning since the immediate prior commit explicitly updated these to v8.0.0 to resolve an environment installation issue. The autobump automation appears to be rolling back recent fixes.

Clarify whether:

1. This autobump is intentional rollback to a stable baseline
2. The automation has a bug causing unintended downgrades
3. If downgrades proceed, confirm the environment installation issue (fa7d314) won't resurface

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (2)

workflow/envs/pandas.yaml (1)

5-6: 🔴 CRITICAL (UNRESOLVED): Python 3.10 → 3.14.0 is an unsafe autobump—needs immediate action.

This Python version jump of 4 major releases remains unresolved from previous review feedback. Jumping from 3.10 through 3.11, 3.12, 3.13 to 3.14.0 in a single autobump is unprecedented and introduces severe compatibility risks:

• Each major Python version includes breaking changes and removals.
• Restricts the environment to only Python 3.14.0 (no flexibility).
• Likely unintended by the autobump automation (misconfiguration).

Action required: Either revert to Python 3.10, use a conservative version constraint (e.g., python >=3.10,<3.14 or python =3.13), or investigate and adjust the autobump configuration to prevent multi-major-version jumps. Run full CI/test matrix before merging.

workflow/envs/snpsift.yaml (1)

5-6: ⚠️ Pre-release snpsift 5.3.0a not addressed from prior review—confirm intentionality.

Line 5 specifies snpsift 5.3.0a (pre-release). The prior review flagged this concern. If the pre-release is required for a specific fix or feature, add an inline comment with the justification and link to the changelog or issue; otherwise, use the stable release 5.3.

🧹 Nitpick comments (1)

workflow/envs/vembrane.linux-64.pin.txt (1)

1-74: Format and content look good.

This file correctly uses Conda's @explicit format with valid package URLs and SHA256 hashes from trusted sources (conda-forge, bioconda). The pinned versions align with the AI summary (vembrane 2.4.0, bcftools 1.22).

However, clarify the operational approach:

• Are these pin files used in CI/workflows, or are they for reference only?
• Is generation/regeneration of these 29 files automated, and what triggers updates?
• Do you have coverage for other platforms (osx-64, arm64) beyond linux-64?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between df3980f and 44ff697.

📒 Files selected for processing (57)

• workflow/envs/arriba.linux-64.pin.txt (1 hunks)
• workflow/envs/arriba.yaml (1 hunks)
• workflow/envs/awk.linux-64.pin.txt (1 hunks)
• workflow/envs/awk.yaml (1 hunks)
• workflow/envs/awk_bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/awk_bedtools.yaml (1 hunks)
• workflow/envs/bcftools.linux-64.pin.txt (1 hunks)
• workflow/envs/bcftools.yaml (1 hunks)
• workflow/envs/bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/bedtools.yaml (1 hunks)
• workflow/envs/curl.linux-64.pin.txt (1 hunks)
• workflow/envs/curl.yaml (1 hunks)
• workflow/envs/excel.linux-64.pin.txt (1 hunks)
• workflow/envs/excel.yaml (1 hunks)
• workflow/envs/fgbio.linux-64.pin.txt (1 hunks)
• workflow/envs/fgbio.yaml (1 hunks)
• workflow/envs/filter_reads.linux-64.pin.txt (1 hunks)
• workflow/envs/filter_reads.yaml (1 hunks)
• workflow/envs/htslib.linux-64.pin.txt (1 hunks)
• workflow/envs/htslib.yaml (1 hunks)
• workflow/envs/jannovar.linux-64.pin.txt (1 hunks)
• workflow/envs/jannovar.yaml (1 hunks)
• workflow/envs/kmc.linux-64.pin.txt (1 hunks)
• workflow/envs/kmc.yaml (1 hunks)
• workflow/envs/mark_duplicates.linux-64.pin.txt (1 hunks)
• workflow/envs/mark_duplicates.yaml (1 hunks)
• workflow/envs/mosdepth.linux-64.pin.txt (1 hunks)
• workflow/envs/mosdepth.yaml (1 hunks)
• workflow/envs/oncoprint.linux-64.pin.txt (1 hunks)
• workflow/envs/oncoprint.yaml (1 hunks)
• workflow/envs/pandas.linux-64.pin.txt (1 hunks)
• workflow/envs/pandas.yaml (1 hunks)
• workflow/envs/pysam.linux-64.pin.txt (1 hunks)
• workflow/envs/pysam.yaml (1 hunks)
• workflow/envs/pystats.linux-64.pin.txt (1 hunks)
• workflow/envs/pystats.yaml (1 hunks)
• workflow/envs/rbt.linux-64.pin.txt (1 hunks)
• workflow/envs/rbt.yaml (1 hunks)
• workflow/envs/samtools.linux-64.pin.txt (1 hunks)
• workflow/envs/samtools.yaml (1 hunks)
• workflow/envs/siglasso.linux-64.pin.txt (1 hunks)
• workflow/envs/siglasso.yaml (1 hunks)
• workflow/envs/snpsift.linux-64.pin.txt (1 hunks)
• workflow/envs/snpsift.yaml (1 hunks)
• workflow/envs/split_call_tables.linux-64.pin.txt (1 hunks)
• workflow/envs/split_call_tables.yaml (1 hunks)
• workflow/envs/tabix.linux-64.pin.txt (1 hunks)
• workflow/envs/tabix.yaml (1 hunks)
• workflow/envs/umi_tools.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.yaml (1 hunks)
• workflow/envs/vcf2maf.linux-64.pin.txt (1 hunks)
• workflow/envs/vcf2maf.yaml (1 hunks)
• workflow/envs/vega.linux-64.pin.txt (1 hunks)
• workflow/envs/vega.yaml (1 hunks)
• workflow/envs/vembrane.linux-64.pin.txt (1 hunks)
• workflow/envs/vembrane.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• workflow/envs/pystats.linux-64.pin.txt
• workflow/envs/pandas.linux-64.pin.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: test target regions, multiple BEDs
• GitHub Check: test target regions
• GitHub Check: test no candidate filtering
• GitHub Check: test sra download
• GitHub Check: test primers
• GitHub Check: test local input
• GitHub Check: test testcase generation

🔇 Additional comments (47)

workflow/envs/jannovar.yaml (1)

5-5: I'll search for the jannovar-cli 0.36 release notes and changelog information now.

No breaking changes detected in jannovar-cli 0.36; version bump is safe.

Jannovar 0.36 focuses on providing pre-built databases via Zenodo to address upstream data URL issues, and jannovar-cli 0.36 is available on Bioconda. The changelog documents new commands for database management and bug fixes to HGVS parsing, with no reported breaking changes to the CLI interface or core functionality.

The version bump from 0.33 to 0.36 includes stability improvements and should not require workflow modifications.

workflow/envs/mosdepth.yaml (1)

5-5: LGTM. The mosdepth version bump (0.2.9 → 0.3.12) is a minor update that aligns with the PR objective to systematically bump conda environment dependencies.

workflow/envs/awk.yaml (1)

4-4: LGTM. The gawk version bump (5.1 → 5.3.1) is a minor/patch update within the stable 5.x series with no expected breaking changes.

workflow/envs/filter_reads.linux-64.pin.txt (1)

1-51: LGTM. This is an auto-generated explicit conda environment pin file for linux-64. The file follows the standard @EXPLICIT format and includes complete package specifications with checksums for reproducible environment creation, aligning with the PR objective.

workflow/envs/jannovar.linux-64.pin.txt (1)

1-69: LGTM. Auto-generated explicit conda environment pin file with complete package specifications for reproducible jannovar environment creation on linux-64.

workflow/envs/vega.linux-64.pin.txt (1)

1-55: LGTM. Auto-generated explicit conda environment pin file for vega tools on linux-64, with complete dependency specifications for reproducible environment creation.

workflow/envs/awk.linux-64.pin.txt (1)

1-20: LGTM. Auto-generated explicit conda environment pin file for gawk on linux-64, with minimal dependencies and checksums for reproducible environment creation.

workflow/envs/fgbio.yaml (1)

5-5: Review comment is incorrect based on actual codebase usage.

The review assumes usage of FilterConsensusReads and GroupReadsByUmi, but the workflow actually invokes AssignPrimers and TrimPrimers in workflow/rules/primers.smk (lines 12 and 34). Neither AssignPrimers nor TrimPrimers have documented breaking changes in fgbio 3.0.0, so the compatibility concerns raised do not apply to the tools actually used in this workflow.

Likely an incorrect or invalid review comment.

workflow/envs/fgbio.linux-64.pin.txt (1)

1-78: Pin file format and structure are correct.

The fgbio environment pin file follows the standard conda explicit environment format with valid package URLs, hashes, and channel sources. No issues detected with the file structure itself.

workflow/envs/vcf2maf.linux-64.pin.txt (1)

1-40: Pin file format and content are correct.

The vcf2maf environment pin is properly formatted with appropriate dependencies for the tool (samtools, bcftools, vcf2maf). No issues detected.

workflow/envs/oncoprint.linux-64.pin.txt (1)

1-52: Pin file format and scientific stack are appropriate.

The oncoprint environment pin includes a reasonable Python 3.14.0 scientific stack (numpy, scipy, pandas, scikit-learn, statsmodels). All packages are stable releases. No issues detected.

workflow/envs/umi_tools.linux-64.pin.txt (1)

1-93: Pin file format and bioinformatics stack are appropriate.

The umi_tools environment pin uses Python 3.12.12 with pysam 0.23.3 (consistent with pysam.yaml updates) and appropriate bioinformatics dependencies. Format and versions are correct.

workflow/envs/mosdepth.linux-64.pin.txt (1)

1-30: Pin file is minimal and correctly formatted.

The mosdepth environment pin provides a focused, minimal environment with mosdepth 0.3.12 and its essential dependencies. Format and versions are correct.

workflow/envs/pysam.yaml (1)

5-6: Verify Python 3.13.9 and pysam 0.23.3 compatibility.

The YAML updates Python from 3.12 to 3.13.9 and pysam from 0.22 to 0.23.3. While both are stable releases, verify that pysam 0.23.3 is compatible with Python 3.13.9.

workflow/envs/curl.yaml (1)

5-5: Curl 8.17.0 upgrade is compatible — no breaking changes for workflow usage.

Verification shows curl is used only for basic file downloads (curl {url} -o {output}) across four workflow rules. Curl 8.x introduces very few incompatibilities with 7.x, primarily removing support for platforms with small file offsets and providing mostly bugfixes and cleanups. The standard curl operations used in the workflows are not affected by these changes. The upgrade is safe to proceed.

workflow/envs/snpsift.linux-64.pin.txt (1)

93-93: Remove this review comment — snpsift 5.3.0a is the current latest release.

SnpSift 5.3.0a is the latest version available on Bioconda and was released on September 2, 2025. No stable 5.3.0 release exists; the only alternatives are significantly older versions (5.2, 5.1, etc.). The alpha designation is accurate, but pinning to a "stable 5.3.0" is not possible. The developer's choice to use 5.3.0a is intentional and reasonable—it provides access to the latest features and has matured over ~2.5 months of availability.

Likely an incorrect or invalid review comment.

workflow/envs/arriba.yaml (1)

5-5: Routine patch-level version bump.

The arriba update from 2.5 to 2.5.1 is a safe, backward-compatible patch release. No concerns.

workflow/envs/samtools.yaml (1)

5-6: Routine version bumps for stable packages.

Updates to samtools 1.22.1 and sed 4.9 are consistent with broader ecosystem updates in this PR and represent stable, mature releases. No compatibility concerns.

workflow/envs/vcf2maf.yaml (1)

5-5: Routine patch-level version bump.

The vcf2maf update from 1.6 to 1.6.22 is a safe, backward-compatible patch release within the same minor version. No concerns.

workflow/envs/bcftools.yaml (1)

5-5: Routine bioinformatics tool update.

The bcftools update from 1.19 to 1.22 represents a stable progression within the 1.x series and aligns with broader ecosystem updates in this PR. No compatibility concerns.

workflow/envs/rbt.yaml (1)

5-6: Routine bioinformatics tool updates.

The rust-bio-tools update from 0.39 to 0.42.2 and bcftools update from 1.14 to 1.22 are aligned with ecosystem updates across this PR. Both tools are stable and well-maintained. No compatibility concerns.

workflow/envs/awk_bedtools.yaml (1)

5-7: Routine updates to stable bioinformatics tools.

The updates to bedtools 2.31.1, gawk 5.3.1, and samtools 1.22.1 represent reasonable version bumps for mature, well-maintained tools. The samtools version is consistent with samtools.yaml, indicating good coordination across environment specifications. No compatibility concerns.

workflow/envs/split_call_tables.yaml (1)

5-7: Previous critical issue resolved: Python version updated to valid build.

The upgrade from the previously flagged python=3.13.7 to python=3.13.9 resolves the environment-solving blocker. Both python 3.13.9 and 3.14.0 are available on conda-forge, so this pin is now valid.

All three dependency updates look reasonable (pandas 2.3.3, python 3.13.9, pysam 0.23.3).

workflow/envs/bedtools.yaml (1)

5-6: LGTM: Straightforward version bumps for bioinformatics tools.

Both updates are standard dependency increments with no apparent issues.

workflow/envs/htslib.yaml (1)

5-6: LGTM: Consistent version updates for htslib ecosystem.

Straightforward dependency bumps with no concerns.

workflow/envs/oncoprint.yaml (1)

5-8: Past concerns about package availability have been resolved.

The prior review flagged python =3.14.0 and scikit-learn =1.7.2 as unavailable on conda-forge. However, both python 3.14.0 and 3.13.9 are now listed on conda-forge, and scikit-learn 1.7.2 is available across all platforms on conda-forge. scikit-learn 1.7.2 is the first version supporting Python 3.14, making this combination valid.

All four dependency updates appear sound.

workflow/envs/mark_duplicates.yaml (1)

5-6: LGTM: Standard version updates.

Straightforward dependency bumps for duplicate-marking utilities, including a major version update for sambamba (0.7.0 → 1.0.1) which is reasonable for tool maturation.

workflow/envs/kmc.yaml (1)

5-5: LGTM: Minor version increment.

Simple patch-level update for kmc with no concerns.

workflow/envs/tabix.yaml (1)

5-5: LGTM: Significant version bump for tabix indexer.

The jump from 0.2 to 1.11 is substantial, but tabix is a stable utility and this appears to be a justified modernization alongside htslib (1.22.1 in htslib.yaml).

workflow/envs/filter_reads.yaml (1)

4-8: Notable: Significant version bumps and pkg-config pin strictening.

These updates include substantial version increments (Rust 1.58 → 1.91.1, rust-script 0.22 → 0.36.0, cryptography 36.0 → 46.0.3) and a change in pin flexibility for pkg-config (from >=0.29 to =0.29.2). The pkg-config constraint may intentionally improve reproducibility, but verify that the specific version works across target platforms.

workflow/envs/varlociraptor.yaml (1)

6-8: LGTM—straightforward version bumps across bioinformatics tools.

The updates are minor/major releases without breaking API changes indicated. Ensure dependent workflows have been tested with vega-lite-cli 6.4.1 and varlociraptor 8.9.0, especially given the major version bump on vega-lite-cli.

workflow/envs/vega.yaml (1)

4-4: LGTM—consistent vega-lite-cli update across environments.

The version bump aligns with the same update in varlociraptor.yaml, indicating coordinated testing.

workflow/envs/curl.linux-64.pin.txt (1)

1-26: ✓ Explicit pin file format is correct—enables reproducible curl environment.

The @explicit format with pinned URLs and SHA256 hashes allows deterministic environment recreation. The Linux-64 snapshot aligns with the curl.yaml version bump to 8.17.0.

workflow/envs/pystats.yaml (2)

7-7: Verify Python 3.13.9 compatibility and test impact across dependent workflows.

The Python bump from 3.12 to 3.13.9 is a major version change affecting all downstream code and dependencies. Confirm that:

1. All packages (biopython, pysam, pandas, altair) officially support Python 3.13
2. Dependent workflows have been regression-tested
3. No byte-code or ABI incompatibilities exist

---

5-6: LGTM—minor package bumps (pending Python 3.13 verification above).

Once Python 3.13 compatibility is confirmed, the minor version updates to biopython, pysam, pandas, and altair are routine ecosystem hygiene.

Also applies to: 8-9

workflow/envs/excel.linux-64.pin.txt (1)

1-46: ✓ Explicit pin file format is correct, but verify Python 3.14.0 alignment.

The @explicit format is valid and hashes are correct. However, line 37 pins Python 3.14.0, which differs from pystats.yaml/pysam.linux-64.pin.txt at Python 3.13.9. Confirm whether:

1. The excel environment intentionally uses Python 3.14.0
2. OR if this should align with the Python 3.13.9 standard across pystats-related environments

workflow/envs/pysam.linux-64.pin.txt (1)

1-42: ✓ Explicit pin file is consistent with pysam.yaml updates and format is correct.

The pinned python 3.13.9 (line 40) and pysam 0.23.3 (line 42) match the pysam.yaml bumps. The @explicit format enables reproducible environment recreation for the Linux-64 platform.

workflow/envs/siglasso.yaml (1)

5-8: Verify R 4.3 → 4.5.2 compatibility and dependent workflows.

The R version bump from 4.3 to 4.5.2 is a major release spanning two minor versions. Confirm that:

1. All bioconda packages in this environment support R 4.5.2
2. Dependent R scripts have been tested with the new R version
3. No binary incompatibilities exist with existing packages

The r-devtools, r-glmnet, and r-nnls updates appear routine (patch/minor bumps).

workflow/envs/mark_duplicates.linux-64.pin.txt (1)

1-18: Format and content look good.

Correct @explicit format with valid packages and hashes from trusted sources. Package versions (samblaster 0.1.26, sambamba 1.0.1) align with the bioinformatics tools ecosystem.

workflow/envs/bedtools.linux-64.pin.txt (1)

1-31: Format and content look good.

Correct @explicit format with valid packages and hashes. Pin file appropriately includes bedtools (2.31.1) and dependencies like samtools (1.22.1) and htslib (1.22.1) that are commonly used together.

workflow/envs/bcftools.linux-64.pin.txt (1)

1-38: Format and content look good.

Correct @explicit format with valid packages and hashes. Pin file includes bcftools (1.22) with appropriate dependencies including GSL (2.7) for statistical operations.

workflow/envs/awk_bedtools.linux-64.pin.txt (1)

1-38: Format and content look good.

Correct @explicit format with valid packages and hashes. Pin file appropriately combines awk tools (gawk 5.3.1) with genomics tools (bedtools, samtools, htslib).

workflow/envs/samtools.linux-64.pin.txt (1)

1-31: Format and content look good.

Correct @explicit format with valid packages and hashes. Pin file includes samtools (1.22.1) and htslib (1.22.1) with appropriate utilities (sed).

workflow/envs/siglasso.linux-64.pin.txt (1)

1-255: Format and content look good.

Correct @explicit format with comprehensive R environment pins. The large size reflects R's complex dependency graph, particularly the tidyverse ecosystem (ggplot2, dplyr, tidyr, shiny) and development tools (roxygen2, devtools, testthat). All packages from trusted conda-forge source with valid SHA256 hashes.

workflow/envs/tabix.linux-64.pin.txt (1)

1-30: Format and content look good.

Correct @explicit format with valid packages and hashes. Pin file includes tabix (1.11) and htslib (1.22.1) for genomic file indexing operations.

workflow/envs/htslib.linux-64.pin.txt (1)

1-30: Explicit pin files generated correctly with proper format.

All explicit pin files (htslib, rbt, arriba, split_call_tables, kmc, varlociraptor) follow the standard conda @explicit format with valid package URLs and SHA256 hashes. The format is machine-generated and appropriate for deterministic environment reproduction.

workflow/envs/arriba.linux-64.pin.txt (1)

91-91: Verify htslib version consistency across environments.

Line 91 pins htslib-1.21, while other pin files (htslib.linux-64.pin.txt, rbt.linux-64.pin.txt, varlociraptor.linux-64.pin.txt) pin htslib-1.22.1. If this is intentional per workflow/envs/arriba.yaml specifications, no action needed. Otherwise, confirm the version compatibility with the corresponding YAML environment file.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Previous review flagged breaking changes requiring workflow updates—status unclear.

A previous review identified breaking changes in vembrane 2.4.0 (v2.0.0) that require updates to workflow rules. Specifically:

• ANN["Annotation"] field is now a list (previously string), breaking equality checks
• vembrane table defaults changed from --wide to --long

The prior reviewer requested updates to workflow/rules/filtering.smk (filter_candidates_by_annotation, filter_by_annotation) and workflow/rules/table.smk (vembrane_table rule). Confirm these updates have been applied and tested before merging.

---

🏁 Script executed:

#!/bin/bash
# Verify the rules were updated for vembrane 2.4.0 compatibility
echo "=== Checking filter_candidates_by_annotation rule ==="
rg -A 10 'filter_candidates_by_annotation|filter_by_annotation' workflow/rules/filtering.smk | grep -E 'ANN\[|params|shell'

echo "=== Checking vembrane_table rule ==="
rg -A 10 'vembrane_table' workflow/rules/table.smk | grep -E 'params|shell|--wide|--long'

Length of output: 126

---

🏁 Script executed:

#!/bin/bash
# Get full rule definitions with broader context
echo "=== Full filter_candidates_by_annotation rule ==="
rg -B 2 -A 20 'rule filter_candidates_by_annotation' workflow/rules/filtering.smk

echo ""
echo "=== Full filter_by_annotation rule ==="
rg -B 2 -A 20 'rule filter_by_annotation' workflow/rules/filtering.smk

echo ""
echo "=== Full vembrane_table rule ==="
rg -B 2 -A 25 'rule vembrane_table' workflow/rules/table.smk

Length of output: 2431

---

🏁 Script executed:

#!/bin/bash
# Check for ANN["Annotation"] string access pattern (breaking change indicator)
echo "=== Checking for ANN[\"Annotation\"] string indexing (pre-2.4.0 pattern) ==="
rg 'ANN\["Annotation"\]' workflow/rules/

echo ""
echo "=== Checking for ANN as list access (post-2.4.0 pattern) ==="
rg 'ANN\[0\]|\.get\(.*Annotation' workflow/rules/

Length of output: 136

---

🏁 Script executed:

#!/bin/bash
# Find the helper functions that generate filter expressions and config
echo "=== Searching for get_candidate_filter_expression function ==="
rg -B 2 -A 15 'def get_candidate_filter_expression' workflow/

echo ""
echo "=== Searching for get_annotation_filter_expression function ==="
rg -B 2 -A 15 'def get_annotation_filter_expression' workflow/

echo ""
echo "=== Searching for get_vembrane_config function ==="
rg -B 2 -A 15 'def get_vembrane_config' workflow/

Length of output: 179

---

🏁 Script executed:

#!/bin/bash
# Search more broadly for filter expression definitions
echo "=== Searching for any ANN references in Python/Snakemake files ==="
rg 'ANN' workflow/ --type=py | head -20

echo ""
echo "=== Searching for vembrane filter/table params ==="
rg 'vembrane.*filter|vembrane.*table' workflow/ --type=py -B 2 -A 2 | head -40

Length of output: 118

---

🏁 Script executed:

#!/bin/bash
# Search in Snakemake files (.smk)
echo "=== Searching for filter expression functions in .smk files ==="
rg -B 2 -A 15 'get_candidate_filter_expression|get_annotation_filter_expression|get_vembrane_config' workflow/ --type-list | head -5

echo ""
echo "=== List all .smk and .py files in workflow ==="
fd -e smk -e py workflow/ | head -20

echo ""
echo "=== Search in main Snakefile ==="
fd -e smk workflow/ -exec basename {} \; | sort | uniq

Length of output: 1071

---

🏁 Script executed:

#!/bin/bash
# Look for any config or params that might contain filter expressions
echo "=== Search for filter expression or vembrane config definitions ==="
rg 'filter.*=' workflow/ --type=smk -B 1 -A 1 | grep -E 'filter|ANN|params' | head -30

echo ""
echo "=== Look for Snakefile or main workflow entry point ==="
find workflow/ -name "Snakefile*" -o -name "*config*"

Length of output: 207

---

🏁 Script executed:

#!/bin/bash
# Correct approach: find files and view the Snakefile
echo "=== Find all .smk files ==="
find workflow -name "*.smk" -type f

echo ""
echo "=== View main Snakefile ==="
cat workflow/Snakefile | head -100

Length of output: 2172

---

🏁 Script executed:

#!/bin/bash
# Search for the function definitions without type restriction
echo "=== Search for get_candidate_filter_expression ==="
grep -r 'get_candidate_filter_expression' workflow/ --include="*.smk" --include="*.py" -B 2 -A 10

echo ""
echo "=== Search for get_vembrane_config ==="
grep -r 'get_vembrane_config' workflow/ --include="*.smk" --include="*.py" -B 2 -A 10

Length of output: 3157

---

🏁 Script executed:

#!/bin/bash
# Search for where filter expressions are built (look for include statements too)
echo "=== Search for include statements in Snakefile ==="
grep -E 'include|from|import' workflow/Snakefile

echo ""
echo "=== Search for vembrane or ANN anywhere in workflow ==="
grep -r 'ANN\|filter_expression' workflow/ --include="*.smk" --include="*.py" | head -30

Length of output: 2716

---

🏁 Script executed:

#!/bin/bash
# Get the full get_vembrane_config function
echo "=== Full get_vembrane_config function ==="
grep -A 80 'def get_vembrane_config' workflow/rules/common.smk

Length of output: 2859

---

🏁 Script executed:

#!/bin/bash
# Get get_annotation_filter_expression function
echo "=== Full get_annotation_filter_expression function ==="
grep -A 20 'def get_annotation_filter_expression' workflow/rules/common.smk

Length of output: 758

---

🏁 Script executed:

#!/bin/bash
# Check if there's any handling for vembrane 2.0+ ANN list format
echo "=== Search for any ANN[0] or list access patterns ==="
grep -r "ANN\[0\]\|ANN\s*\[" workflow/ --include="*.smk" | grep -v "\.raw"

Length of output: 1180

---

Update vembrane field access in get_vembrane_config function for vembrane 2.0+ compatibility.

The vembrane 2.0.0+ breaking change has not been addressed. The code in workflow/rules/common.smk (get_vembrane_config function) uses the old dictionary-style ANN field access pattern (ANN['SYMBOL'], ANN['IMPACT'], ANN['HGVSp'], etc.), which is incompatible with vembrane 2.0+, where ANN is now a list. All ANN field references must be updated to ANN[0]['fieldname'] to access the first annotation record. This affects the vembrane_table rule and will cause runtime failures with vembrane 2.4.0.

🤖 Prompt for AI Agents

In workflow/envs/vembrane.yaml around lines 5 to 6 and in
workflow/rules/common.smk (get_vembrane_config function), the code still treats
Vembrane ANN as a dict (e.g. ANN['SYMBOL'], ANN['IMPACT'], ANN['HGVSp']), which
breaks with vembrane 2.0+ where ANN is a list; update every ANN field access in
get_vembrane_config (and any related vembrane_table logic) to pull the first
annotation record by using ANN[0]['FIELDNAME'] (e.g. ANN[0]['SYMBOL'],
ANN[0]['IMPACT'], ANN[0]['HGVSp']) and add a defensive check that ANN is
non-empty before indexing to avoid runtime errors.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

workflow/rules/fusion_calling.smk (2)

91-97: Fix critical parameter naming error for v7.6.0 bcftools wrapper.

Line 91 uses extras="" (plural), but the v7.6.0 bcftools/sort wrapper requires extra (singular). This parameter naming mismatch will cause the wrapper to fail at runtime.

Apply this diff to fix the parameter name:

     params:
         # Set to True, in case you want uncompressed BCF output
         uncompressed_bcf=False,
         # Extra arguments
-        extras="",
+        extra="",
     log:
         "logs/bcf-sort/{sample}.log",

Additionally, ensure workflow/envs/bcftools.yaml is updated to meet v7.6.0 wrapper requirements:

channels:
  - conda-forge
  - bioconda
dependencies:
  - bcftools=1.22
  - snakemake-wrapper-utils=0.8.0

---

110-115: Update bcftools environment to match v7.6.0 wrapper requirements.

The v7.6.0 bcftools/concat wrapper requires bcftools=1.22 and snakemake-wrapper-utils=0.8.0, but workflow/envs/bcftools.yaml specifies bcftools=1.19 and does not include snakemake-wrapper-utils. This version mismatch will cause runtime failures.

Update workflow/envs/bcftools.yaml:

• Change bcftools =1.19 to bcftools =1.22
• Add snakemake-wrapper-utils =0.8.0 to dependencies

♻️ Duplicate comments (1)

workflow/rules/ref.smk (1)

14-14: Downgrade issue remains unresolved.

The wrapper version downgrades flagged in the previous review are still present:

• ensembl-sequence: v7.3.0 → v5.10.0
• ensembl-annotation: v7.5.0 → v7.4.0
• vep/cache: v8.0.0 → v7.6.0
• vep/plugins: v8.0.0 → v7.7.0

As noted in the previous review, the VEP downgrades are particularly concerning since commit fa7d314 explicitly updated these to v8.0.0 to resolve an environment installation issue. This autobump automation appears to be reverting that fix.

Also applies to: 74-74, 137-137, 148-148

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 44ff697 and b1f5c1e.

📒 Files selected for processing (16)

• workflow/rules/annotation.smk (1 hunks)
• workflow/rules/benchmarking.smk (5 hunks)
• workflow/rules/calling.smk (2 hunks)
• workflow/rules/candidate_calling.smk (3 hunks)
• workflow/rules/datavzrd.smk (4 hunks)
• workflow/rules/filtering.smk (2 hunks)
• workflow/rules/fusion_calling.smk (3 hunks)
• workflow/rules/maf.smk (1 hunks)
• workflow/rules/mapping.smk (11 hunks)
• workflow/rules/primers.smk (2 hunks)
• workflow/rules/qc.smk (4 hunks)
• workflow/rules/ref.smk (6 hunks)
• workflow/rules/regions.smk (1 hunks)
• workflow/rules/testcase.smk (1 hunks)
• workflow/rules/trimming.smk (3 hunks)
• workflow/rules/utils.smk (3 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2024-11-25T12:34:09.018Z

Learnt from: johanneskoester
Repo: snakemake-workflows/dna-seq-varlociraptor PR: 338
File: workflow/rules/candidate_calling.smk:86-87
Timestamp: 2024-11-25T12:34:09.018Z
Learning: In this workflow, the grouping of variant calling rules is intentional, and not all related variant calling rules need to be grouped under "calling".

Applied to files:

• workflow/rules/candidate_calling.smk

🔇 Additional comments (17)

workflow/rules/fusion_calling.smk (1)

3-3: LGTM: star_arriba v8.0.0 meta wrapper is compatible.

Based on previous verification, the v8.0.0/meta/bio/star_arriba wrapper exists and is compatible with the project's Snakemake requirements.

workflow/rules/primers.smk (2)

75-75: I need to gather information about the previous wrapper version to make a proper comparison.

samtools/view v7.6.0 wrapper is compatible with the upgrade.

The v2.1.1 wrapper required samtools=1.16.1 and snakemake-wrapper-utils=0.5.2, while v7.6.0 requires samtools=1.22.1 and snakemake-wrapper-utils=0.8.0. The samtools 1.22.1 release contains primarily security fixes and bug fixes with no breaking changes to the view command interface. Both wrapper versions use the same underlying API function (snakemake_wrapper_utils.samtools.get_samtools_opts) for option handling, and the wrapper parameter interface (extra, region) remains consistent. The dependency upgrades are backward-compatible and represent normal maintenance updates.

---

62-62: No compatibility issues found with v7.6.0/bio/bwa/mem wrapper.

The wrapper call is properly configured with all expected parameters (idx, params.extra, params.sorting, params.sort_order, params.sort_extra) matching v7.6.0 specification. Python environments (3.10, 3.12) exceed Snakemake 7.x minimum requirement (3.7), and the repository's Snakemake requirement (≥6.3.0) is satisfied by v7.6.0. No wrapper-specific breaking changes are documented for this version.

workflow/rules/testcase.smk (1)

17-17: No compatibility issues detected—review comment is based on a misunderstanding.

The "v7.6.0" refers to the Snakemake wrapper repository version, not the bcftools binary version. The v7.6.0 release includes an autobump for bio/bcftools/concat, and the rule correctly uses params.extra (singular) which matches wrapper conventions since v0.80.2+. Your environment specifies bcftools v1.19, which is a recent stable version compatible with the v7.6.0 wrapper.

workflow/rules/trimming.smk (2)

39-39: Test workflow with fastp 1.0.1 before merging.

The v6.2.0→v7.1.0 wrapper update pins a major upstream fastp bump (from 0.24.1 to 1.0.1). fastp 1.0.x may change command-line behavior, defaults, or output format compared with 0.24.x. Verify the workflow runs correctly with this new version and adjust any extra params or output parsing if needed.

Also applies to: 59-59

---

8-8: Confirm v7.6.0 wrapper is PE-only; document requirement if SE accessions may be used.

The v7.6.0 fasterq-dump wrapper explicitly supports only paired-end samples. Web search confirms this is a breaking change from earlier versions. The workflow code assumes PE for SRA accessions—get_sra_reads() always requests reads 1 and 2 (common.smk:324-328). The test case uses only PE accessions.

If any production workflows intend to process single-end SRA accessions, add validation to reject SE accessions or explicitly document the PE-only requirement in the workflow README or comments.

workflow/rules/candidate_calling.smk (2)

41-41: No breaking changes in v8.0.0/bio/delly wrapper—the review concern is unfounded.

Based on verification, there are no wrapper-specific breaking changes documented for bio/delly in v8.0.0. The wrapper reference in your code is valid and uses a stable runtime dependency (delly=1.3.3). The original review comment references a non-existent v2.3.2 version and conflates Snakemake tool versions with wrapper versions. No further action is needed.

Likely an incorrect or invalid review comment.

---

23-23: Freebayes v7.6.0 wrapper is properly integrated and compatible with the rule parameters.

Verification shows that the codebase is already using v7.6.0/bio/freebayes with compatible parameters. The rule in workflow/rules/candidate_calling.smk does not use the breaking parameters identified in the v2.7.0→v7.6.0 migration (normalize semantics or chunksize), and instead uses the safe extra parameter pattern. Configuration parameters (min_alternate_fraction, extra) align with wrapper expectations. Dependency version pinning is handled by the Snakemake wrapper system.

workflow/rules/datavzrd.smk (2)

168-168: Now I need to find what bedtools version v2.6.0 required. Let me search for that:

Let me search more specifically for v2.6.0 wrapper information on GitHub:

Let me search for bedtools version changelog to understand breaking changes:

Based on my verification, I have enough information to provide a rewritten review comment. I found that:

1. v2.6.0 is a real Snakemake wrapper version (confirmed via git history)
2. The change is confirmed: Line 168 shows upgrade from v2.6.0 to v7.3.0
3. v7.3.0 requirements: The v7.3.0 Snakemake bedtools wrappers expect bedtools 2.31.1 (the v7.3.0 bedtools wrappers declare bedtools=2.31.1 in their software dependencies), and some bedtools wrappers in v7.3.0 also list htslib=1.22.1 as a dependency for BAM/VCF handling
4. Unable to find v2.6.0's bedtools requirement through available documentation

However, the actual bedtools version that v2.6.0 required could not be verified through publicly available sources. Without knowing what v2.6.0 required, I cannot conclusively determine if there are breaking changes in bedtools between versions.

---

Verify bedtools/intersect wrapper upgrade v2.6.0 → v7.3.0.

The v7.3.0 wrapper requires bedtools 2.31.1 and optionally htslib 1.22.1. Verify that bedtools 2.31.1 is compatible with the workflow's BED/BAM input formats and that the -wa parameter is supported. The exact bedtools version required by v2.6.0 is not available in public documentation, so manual testing with the new wrapper version is recommended.

---

114-114: Datavzrd v8.0.0 wrapper update is prepared for the critical breaking change, but runtime verification is recommended.

The v8.0.0 wrapper enforces __use_yte__: true in templates, and your codebase already satisfies this: all three datavzrd YAML templates (fusion-calls, gene-coverage, variant-calls) include this flag. The Python 3.8+ requirement is also met—your environments pin Python 3.10 or 3.12.

The wrapper's pinned datavzrd version was bumped from ~2.6.x to ~2.61.x, which may introduce behavioral or API changes. While your workflow is configured correctly for the known breaking changes, you should verify the upgraded datavzrd and yte versions are acceptable for your environment by testing the updated wrapper against your actual data/templates.

workflow/rules/maf.smk (1)

9-9: LGTM!

The bcftools/view wrapper upgrade from v3.8.0 to v7.6.0 aligns with the PR-wide standardization effort.

workflow/rules/mapping.smk (1)

13-13: LGTM — mapping pipeline wrapper standardization.

All mapping-related wrappers are being consistently updated to v7.6.0, which represents a comprehensive standardization of the mapping pipeline toolchain. The changes maintain identical inputs/outputs and control flow.

Also applies to: 76-76, 107-107, 150-150, 181-181, 217-217, 231-231, 243-243, 265-265, 288-288, 311-311

workflow/rules/calling.smk (1)

111-111: LGTM — calling pipeline wrapper updates.

Both bcftools wrapper updates (sort and concat) to v7.6.0 align with the broader standardization effort.

Also applies to: 125-125

workflow/rules/benchmarking.smk (1)

16-16: Benchmarking wrapper versions verified—all exist and are accessible.

All five benchmarking wrapper versions referenced in the changes (v7.6.0, v7.3.0, v2.9.1) are valid and accessible in the snakemake-wrappers repository. No broken or non-existent references were identified.

workflow/rules/utils.smk (1)

22-22: Wrapper versions verified successfully.

All three wrapper versions exist and are accessible in the snakemake-wrappers repository:

• v7.6.0/bio/bcftools/view ✓
• v7.3.0/bio/samtools/index ✓
• v7.3.0/bio/tabix/index ✓

The version upgrades are valid and the code changes can proceed.

workflow/rules/qc.smk (1)

12-12: QC wrapper upgrades verified and valid.

All wrapper references exist at the specified v7.x versions:

• ✓ v7.6.0/bio/fastqc
• ✓ v7.6.0/bio/samtools/idxstats
• ✓ v7.6.0/bio/samtools/stats
• ✓ v7.9.0/bio/multiqc

workflow/rules/annotation.smk (1)

117-117: <!-- [scratchpad_start]
[task verify_bcftools_concat_wrapper - continued 4]

• Version existence: CONFIRMED (HTTP 200)
• gather_annotated_calls rule: FOUND in annotation.smk

[observations]

• Rule at lines ~123-132 in workflow/rules/annotation.smk
• Inputs: calls (files), idx (indexes)
• Output: single BCF file
• Params: extra="-a" (append to existing header)
• Uses wrapper: v7.6.0/bio/bcftools/concat
• No params.uncompressed_bcf used

[analysis]

• The rule uses standard bcftools/concat params (extra flag)
• Usage appears minimal and basic: concatenate BCF files with -a flag
• Need to verify v7.6.0 wrapper still supports: input 'calls', input 'idx', params 'extra'
• v2.3.2 → v7.6.0 is significant jump; need to check for breaking changes

[pending]

• Confirm v7.6.0 wrapper interface matches current usage
• Identify any breaking changes between v2.3.2 and v7.6.0

[actions]

• Web search for bcftools/concat wrapper breaking changes and interface info

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (2)

workflow/envs/pandas.yaml (1)

5-6: CRITICAL: Aggressive Python version jump remains unresolved (duplicate of previous review).

The Python pin of 3.14.0 (released October 7, 2025) represents a jump across four major versions from 3.10. While technically valid, this is unprecedented in automated dependency bumping and likely signals autobump misconfiguration rather than intentional modernization. The previous review flagged this concern, which remains unaddressed.

Recommended action: Verify the autobump configuration—consider reverting to a conservative constraint (e.g., python >=3.10,<3.14 or pinning to python 3.13) and run the full CI test matrix to validate compatibility across all affected workflows before merging.

workflow/envs/excel.yaml (1)

7-7: MAJOR: NumPy 2.x breaking changes require validation (duplicate of previous review).

The numpy jump to 2.3.5 crosses the NumPy 2.0 boundary (ABI/API breaking change, released June 2024). The previous review identified direct numpy API usage in 4 workflow scripts that may break under NumPy 2.0 type promotion (NEP 50) and dtype handling changes. This concern remains unresolved.

pandas 2.3.3 and openpyxl 3.1.5 are confirmed compatible with numpy 2.x, but script compatibility still needs validation.

Recommended action: Before merging, run the affected scripts under numpy 2.3.5 to validate dtype operations remain correct:

• workflow/scripts/split-call-tables.py (np.floating type checking, dtype.type introspection)
• workflow/scripts/oncoprint.py (np.sort, np.argsort, np.around)
• workflow/scripts/create_mutational_context.py (np.arange)
• workflow/scripts/coverage_table.py (np.nan)

Consider adding a CI job to validate these scripts under the pinned numpy version to prevent regressions.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b1f5c1e and 0eeac58.

📒 Files selected for processing (57)

• workflow/envs/arriba.linux-64.pin.txt (1 hunks)
• workflow/envs/arriba.yaml (1 hunks)
• workflow/envs/awk.linux-64.pin.txt (1 hunks)
• workflow/envs/awk.yaml (1 hunks)
• workflow/envs/awk_bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/awk_bedtools.yaml (1 hunks)
• workflow/envs/bcftools.linux-64.pin.txt (1 hunks)
• workflow/envs/bcftools.yaml (1 hunks)
• workflow/envs/bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/bedtools.yaml (1 hunks)
• workflow/envs/curl.linux-64.pin.txt (1 hunks)
• workflow/envs/curl.yaml (1 hunks)
• workflow/envs/excel.linux-64.pin.txt (1 hunks)
• workflow/envs/excel.yaml (1 hunks)
• workflow/envs/fgbio.linux-64.pin.txt (1 hunks)
• workflow/envs/fgbio.yaml (1 hunks)
• workflow/envs/filter_reads.linux-64.pin.txt (1 hunks)
• workflow/envs/filter_reads.yaml (1 hunks)
• workflow/envs/htslib.linux-64.pin.txt (1 hunks)
• workflow/envs/htslib.yaml (1 hunks)
• workflow/envs/jannovar.linux-64.pin.txt (1 hunks)
• workflow/envs/jannovar.yaml (1 hunks)
• workflow/envs/kmc.linux-64.pin.txt (1 hunks)
• workflow/envs/kmc.yaml (1 hunks)
• workflow/envs/mark_duplicates.linux-64.pin.txt (1 hunks)
• workflow/envs/mark_duplicates.yaml (1 hunks)
• workflow/envs/mosdepth.linux-64.pin.txt (1 hunks)
• workflow/envs/mosdepth.yaml (1 hunks)
• workflow/envs/oncoprint.linux-64.pin.txt (1 hunks)
• workflow/envs/oncoprint.yaml (1 hunks)
• workflow/envs/pandas.linux-64.pin.txt (1 hunks)
• workflow/envs/pandas.yaml (1 hunks)
• workflow/envs/pysam.linux-64.pin.txt (1 hunks)
• workflow/envs/pysam.yaml (1 hunks)
• workflow/envs/pystats.linux-64.pin.txt (1 hunks)
• workflow/envs/pystats.yaml (1 hunks)
• workflow/envs/rbt.linux-64.pin.txt (1 hunks)
• workflow/envs/rbt.yaml (1 hunks)
• workflow/envs/samtools.linux-64.pin.txt (1 hunks)
• workflow/envs/samtools.yaml (1 hunks)
• workflow/envs/siglasso.linux-64.pin.txt (1 hunks)
• workflow/envs/siglasso.yaml (1 hunks)
• workflow/envs/snpsift.linux-64.pin.txt (1 hunks)
• workflow/envs/snpsift.yaml (1 hunks)
• workflow/envs/split_call_tables.linux-64.pin.txt (1 hunks)
• workflow/envs/split_call_tables.yaml (1 hunks)
• workflow/envs/tabix.linux-64.pin.txt (1 hunks)
• workflow/envs/tabix.yaml (1 hunks)
• workflow/envs/umi_tools.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.yaml (1 hunks)
• workflow/envs/vcf2maf.linux-64.pin.txt (1 hunks)
• workflow/envs/vcf2maf.yaml (1 hunks)
• workflow/envs/vega.linux-64.pin.txt (1 hunks)
• workflow/envs/vega.yaml (1 hunks)
• workflow/envs/vembrane.linux-64.pin.txt (1 hunks)
• workflow/envs/vembrane.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (8)

• workflow/envs/umi_tools.linux-64.pin.txt
• workflow/envs/varlociraptor.linux-64.pin.txt
• workflow/envs/filter_reads.linux-64.pin.txt
• workflow/envs/split_call_tables.linux-64.pin.txt
• workflow/envs/fgbio.linux-64.pin.txt
• workflow/envs/arriba.linux-64.pin.txt
• workflow/envs/kmc.linux-64.pin.txt
• workflow/envs/awk_bedtools.linux-64.pin.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: test no candidate filtering
• GitHub Check: test target regions, multiple BEDs
• GitHub Check: test primers
• GitHub Check: test sra download
• GitHub Check: test testcase generation
• GitHub Check: test target regions
• GitHub Check: test local input

🔇 Additional comments (45)

workflow/envs/filter_reads.yaml (1)

4-8: Verify that the significant version bumps are compatible with the workflow.

These changes shift from loose version constraints (>=) to exact pinning, which improves reproducibility. However, several are substantial bumps:

• rust: >= 1.58 → 1.91.1 (spans multiple minor/patch versions)
• cryptography: >= 36.0 → 46.0.3 (major version change)
• c-compiler: 1.3 → 1.11.0 (bumped)

Since this appears to be automatically generated by the create-pull-request action, confirm that these pinned versions have been validated to work together and with the rest of the workflow. Any compatibility issues from major version updates could break downstream tasks.

workflow/envs/vcf2maf.yaml (1)

5-5: Version bump looks good.

Patch version bump from vcf2maf 1.6 to 1.6.22 maintains backward compatibility. Structure and channels unchanged.

workflow/envs/arriba.yaml (1)

5-5: Version bump looks good.

Patch version bump from arriba 2.5 to 2.5.1 is low-risk and maintains compatibility.

workflow/envs/htslib.yaml (1)

5-6: Verify htslib 1.12 → 1.22.1 compatibility.

The htslib version jump spans 10 minor versions (1.12 to 1.22.1). While this appears to be a straightforward update, verify that dependent tools and packages are compatible with this version range and that no breaking API changes affect downstream usage.

workflow/envs/kmc.yaml (1)

5-5: Version bump looks good.

Patch version bump from kmc 3.2 to 3.2.4 is low-risk.

workflow/envs/jannovar.yaml (1)

5-5: Version bump looks good.

Minor version bump from jannovar-cli 0.33 to 0.36 follows expected semantic versioning patterns.

workflow/envs/fgbio.yaml (1)

5-5: Verify fgbio-minimal major version compatibility.

The bump from fgbio-minimal 2.2 to 3.1.0 is a major version change and may introduce breaking API changes. Verify that workflows and downstream code are compatible with version 3.1.0 before merging.

workflow/envs/pystats.yaml (1)

5-9: Verify interdependent package compatibility, especially Python version bump.

This file updates multiple interdependent packages simultaneously:

• Python 3.12 → 3.13.9 (minor version bump—high-risk for binary packages)
• Altair 5.3 → 6.0.0 (major version—may have breaking changes)
• pysam, biopython, pandas also updated

Python version bumps can break binary package compatibility and require recompilation of native extensions (pysam, biopython). Verify:

1. Binary wheels for pysam 0.23.3 are available for Python 3.13.9
2. Altair 6.0.0 does not introduce breaking API changes
3. All interdependent packages are tested together on Python 3.13.9

workflow/envs/awk.yaml (1)

4-4: Version bump looks good.

Minor+patch version bump from gawk 5.1 to 5.3.1 follows expected patterns for stable tools.

workflow/envs/tabix.yaml (1)

5-5: Version bump is appropriate.

The tabix upgrade from 0.2 to 1.11 is a straightforward and reasonable modernization of this tool. No compatibility concerns identified.

workflow/envs/samtools.yaml (1)

5-6: Conservative version bumps—approved.

Both samtools (1.21 → 1.22.1) and sed (4.8 → 4.9) are minor/patch-level upgrades with minimal breaking change risk.

workflow/envs/mark_duplicates.yaml (1)

5-6: Version bumps are reasonable.

samblaster patch bump (0.1.24 → 0.1.26) is conservative. The sambamba major version jump (0.7.0 → 1.0.1) represents entry into a stable 1.x release, which is a modernization rather than a destabilizing change.

workflow/envs/siglasso.yaml (1)

5-11: R package updates are appropriate.

The R package version bumps are reasonable ecosystem modernization. The r-base jump from 4.3 to 4.5.2 is a moderate version increase with typical R backward compatibility expectations. Other bumps are minor/patch-level.

workflow/envs/jannovar.linux-64.pin.txt (1)

1-69: Explicit pin file is properly formatted and follows conda conventions.

The new jannovar.linux-64.pin.txt file correctly implements conda's explicit environment pinning format with proper headers, valid @explicit section, and package URLs with SHA256 hashes. This enables reproducible environment installation on linux-64 systems, supporting the PR's goal of environment immutability.

workflow/envs/pandas.linux-64.pin.txt (1)

1-44: Explicit pin file is properly formatted and aligns with environment specifications.

The pandas.linux-64.pin.txt file correctly implements conda's explicit pinning format with proper headers and valid @explicit entries. The pin file correctly reflects the pandas.yaml environment changes (Python 3.14.0, pandas 2.3.3, numpy 2.3.5).

However, note that the critical and major concerns flagged for pandas.yaml (aggressive Python version jump) and excel.yaml (NumPy 2.x compatibility) apply to this explicit pin file as well—the pins themselves inherit those same dependency risks.

workflow/envs/vembrane.linux-64.pin.txt (1)

1-74: Properly formatted explicit conda environment pin.

The file follows the CONDA_EXPLICIT format correctly with valid package URLs and SHA256 hashes, enabling reproducible Linux-64 environments. This aligns well with the PR's goal to improve environment consistency through explicit pinning.

workflow/envs/vega.linux-64.pin.txt (1)

1-55: Well-formed explicit conda environment specification.

The file is properly formatted with consistent package URLs and valid hashes. The inclusion of vega-lite-cli and related visualization dependencies aligns with the environment's purpose.

workflow/envs/pystats.linux-64.pin.txt (1)

1-69: Properly specified scientific Python environment pin.

The file correctly enumerates the bioinformatics and data science dependencies (Python 3.13, pandas, altair, pysam, biopython) with valid format and hashes, supporting reproducible statistical analysis workflows.

workflow/envs/vcf2maf.linux-64.pin.txt (1)

1-40: Well-structured bioinformatics environment pin.

The pin file correctly captures vcf2maf 1.6.22 and its dependencies (bcftools, samtools, htslib) with valid format, enabling reproducible variant annotation workflows.

workflow/envs/tabix.linux-64.pin.txt (1)

1-30: Lean, properly formatted environment pin for tabix.

The explicit specification correctly pins tabix 1.11 and htslib with minimal but complete dependencies, suitable for genomic data indexing tasks.

workflow/envs/awk.linux-64.pin.txt (1)

1-20: Valid minimal environment pin for gawk.

The file correctly specifies gawk 5.3.1 with necessary math libraries, following proper conda explicit format for text processing workflows.

workflow/envs/snpsift.linux-64.pin.txt (1)

1-93: Complete environment pin with proper Java support for SnpSift.

The file comprehensively specifies SnpSift 5.3.0a with required OpenJDK 25.0.1, bioinformatics tools (bcftools, htslib), and complete graphics/display stack with valid format throughout.

workflow/envs/samtools.linux-64.pin.txt (1)

1-31: Well-formed samtools environment specification.

The file correctly pins samtools 1.22.1 with htslib 1.22.1 and essential utilities, following proper conda explicit format for sequence alignment/variant calling workflows.

workflow/envs/siglasso.linux-64.pin.txt (1)

1-5: LGTM!

The explicit pin file is properly formatted with valid R 4.5.2 and supporting packages.

workflow/envs/htslib.linux-64.pin.txt (1)

1-30: LGTM!

The explicit pin file correctly references htslib-1.22.1 from bioconda and includes necessary dependencies.

workflow/envs/mark_duplicates.linux-64.pin.txt (1)

1-18: LGTM!

The explicit pin file is properly formatted for mark_duplicates tooling.

workflow/envs/mosdepth.yaml (1)

5-5: LGTM!

Straightforward version bump for mosdepth.

workflow/envs/bcftools.yaml (1)

5-5: LGTM!

Straightforward version bump for bcftools.

workflow/envs/curl.yaml (1)

5-5: LGTM!

Straightforward version bump for curl.

workflow/envs/excel.linux-64.pin.txt (1)

37-37: No issues identified with python-3.14.0 pin.

Python 3.14 is available on conda-forge as of November 2025, so the explicit pin referencing python-3.14.0 is valid.

workflow/envs/oncoprint.yaml (1)

6-7: python 3.14.0 and scikit-learn 1.7.2 are both available on conda-forge, so the original review comment's concerns about unavailable versions are unfounded. The environment specification in the YAML file is valid.

Likely an incorrect or invalid review comment.

workflow/envs/awk_bedtools.yaml (1)

5-7: Cross-file consistency verified.

The bedtools 2.31.1 and samtools 1.22.1 pins match those in workflow/envs/bedtools.yaml, and the gawk 5.3.1 upgrade is a standard stable release. All versions support reproducible environment construction.

workflow/envs/varlociraptor.yaml (1)

6-8: Version updates are consistent across related environments.

The vega-lite-cli 6.4.1 bump aligns with workflow/envs/vega.yaml, and bcftools 1.22 is pinned consistently across multiple environment specs. The varlociraptor upgrade from 8.7.3 to 8.9.0 is a stable release.

workflow/envs/vega.yaml (1)

4-4: Simple, consistent version bump.

The vega-lite-cli upgrade to 6.4.1 matches the bump in workflow/envs/varlociraptor.yaml and is a stable release.

workflow/envs/rbt.yaml (1)

5-6: No action needed; environment channels are correctly configured.

rust-bio-tools 0.42.2 is available on Bioconda, and the rbt.yaml file already lists bioconda in its channels alongside conda-forge. The dependency will resolve correctly during environment creation.

workflow/envs/split_call_tables.yaml (1)

5-7: No action required—Python 3.13.9 is available on conda-forge.

Python 3.13.9 is available on conda-forge with multiple builds listed on Anaconda.org and was released on October 14, 2025. The update from the flagged 3.13.7 to 3.13.9 correctly resolves the earlier environment-resolution failure.

workflow/envs/pysam.yaml (1)

5-6: Version pins verified and aligned across environments.

Python 3.13.9 is confirmed available on conda-forge, and both python 3.13.9 and pysam 0.23.3 pins match those in workflow/envs/split_call_tables.yaml, ensuring consistent environment management. Both are stable releases.

workflow/envs/bedtools.yaml (1)

5-6: Both bedtools 2.31.1 and samtools 1.22.1 are Bioconda-only packages; configuration is correct.

Bedtools 2.31.1 and samtools 1.22.1 are both published on Bioconda, not conda-forge. The bedtools.yaml file correctly includes both conda-forge and bioconda in its channels list, ensuring dependency resolution will succeed. Version pinning is consistent and stable.

workflow/envs/bcftools.linux-64.pin.txt (1)

1-38: Auto-generated explicit environment pin file looks good.

This new explicit pin file correctly enumerates exact package URLs and hashes for reproducible Linux-64 environment creation, matching the standard Conda EXPLICIT format. As a data-only configuration file, it poses no executable code risks.

workflow/envs/curl.linux-64.pin.txt (1)

1-26: Auto-generated explicit environment pin file looks good.

This new explicit pin file correctly specifies exact package URLs and hashes for curl 8.17.0 environment on Linux-64. As a data-only configuration file, no code risks are present.

workflow/envs/rbt.linux-64.pin.txt (1)

1-40: Auto-generated explicit environment pin file looks good.

This new explicit pin file correctly enumerates exact package URLs for rust-bio-tools 0.42.2 and dependencies on Linux-64 in standard Conda EXPLICIT format. As a data-only configuration file, no code risks are present.

workflow/envs/oncoprint.linux-64.pin.txt (1)

1-52: Auto-generated explicit environment pin file looks good.

This new explicit pin file correctly specifies exact packages (including Python 3.14.0, numpy, scipy, pandas, scikit-learn, statsmodels) on Linux-64 in standard Conda EXPLICIT format. All entries include proper integrity hashes. As a data-only configuration file, no code risks are present.

workflow/envs/pysam.linux-64.pin.txt (1)

1-42: Auto-generated explicit environment pin file looks good.

This new explicit pin file correctly specifies exact packages (Python 3.13.9, pysam-0.23.3) on Linux-64 in standard Conda EXPLICIT format with proper integrity hashes. As a data-only configuration file, no code risks are present.

workflow/envs/bedtools.linux-64.pin.txt (1)

1-31: Auto-generated explicit environment pin file looks good.

This new explicit pin file correctly specifies exact packages (bedtools 2.31.1, samtools 1.22.1, htslib 1.22.1) on Linux-64 in standard Conda EXPLICIT format with proper integrity hashes. As a data-only configuration file, no code risks are present.

workflow/envs/mosdepth.linux-64.pin.txt (1)

1-30: Auto-generated explicit environment pin file looks good.

This new explicit pin file correctly specifies exact packages (mosdepth 0.3.12, htslib 1.22.1) on Linux-64 in standard Conda EXPLICIT format with proper integrity hashes. As a data-only configuration file, no code risks are present.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

snpsift 5.3.0a remains a pre-release version—verify this is intentional.

The 'a' suffix indicates an alpha/pre-release build. A past review flagged this concern; if the prior "fix" commit (777eb20) intended to address this, the pre-release status has either been reintroduced or the decision to use it was deliberate. Confirm whether this pre-release is required for a specific bug fix or if a stable 5.3.0 release exists and should be used instead.

---

🌐 Web query:

What is the latest stable release version of snpsift available on conda-forge?

💡 Result:

SnpSift is not packaged on conda-forge. The latest conda package is on Bioconda (version 5.3.0a as of Nov 23, 2025). [1][2]

Sources:

• Bioconda recipe listing (snpsift versions). [1]
• Anaconda.org Bioconda package page (snpsift 5.3.0a). [2]

---

Let me search for more detailed information about snpsift releases:

**snpsift 5.3.0a remains a pre-release version—verify this is intentional.**

The latest stable upstream release is version 5.3 (September 2, 2025), but the latest conda package available on Bioconda is 5.3.0a (as of November 23, 2025). The pre-release designation suggests the Bioconda package may be pending an update. Confirm whether:
- The pre-release is required for a specific feature or bug fix
- Bioconda's stable 5.3 package has been released and should be used instead
- Intentional use of the alpha version is acceptable for your workflow

---

🏁 Script executed:

```shell
#!/bin/bash
# Search for snpsift versions and release information
# Check multiple sources for available versions
python3 << 'EOF'
import json
import subprocess

# Try to get snpsift version info from PyPI (if available there)
try:
    result = subprocess.run(['curl', '-s', 'https://pypi.org/pypi/snpsift/json'], 
                          capture_output=True, text=True, timeout=5)
    if result.returncode == 0:
        data = json.loads(result.stdout)
        print("=== PyPI Available Versions ===")
        versions = sorted(data.get('releases', {}).keys())
        print(f"Total versions on PyPI: {len(versions)}")
        # Show last 10 versions
        for v in versions[-10:]:
            print(f"  {v}")
except Exception as e:
    print(f"Could not fetch PyPI data: {e}")

EOF

Length of output: 57

---

🌐 Web query:

snpsift SnpEff version 5.3 stable release

💡 Result:

SnpEff (and bundled SnpSift) latest stable release is version 5.3 — released September 2, 2025. [1][2]

Sources:

• Official SnpEff / SnpSift site (latest version 5.3; 2025-09-02). [1]
• SnpEff download page (bundled SnpSift; installation/download instructions). [2]

---

snpsift 5.3.0a remains a pre-release—a stable 5.3 release exists upstream (September 2, 2025) but is not yet available on Bioconda.

The workflow uses the latest Bioconda-available package (5.3.0a), but the official upstream release is the stable 5.3. Verify whether:

• The pre-release is acceptable for your workflow needs
• You should wait for Bioconda to package the stable 5.3 release
• An alternative approach is required

🤖 Prompt for AI Agents

In workflow/envs/snpsift.yaml around line 5, the environment pins snpsift to the
pre-release 5.3.0a while an official stable 5.3 exists upstream; you should
either (A) keep 5.3.0a only after verifying it passes your workflow tests and
document acceptance, (B) wait and change the pin to 5.3 once Bioconda publishes
it, or (C) immediately adopt an alternative (build and host a conda package for
upstream 5.3, use a direct jar/binary from the upstream release, or pin a prior
known-good stable release). Implement by running the workflow test suite against
5.3.0a, checking Bioconda PR/status for 5.3, and then updating the YAML to the
chosen version or adding a comment describing the chosen mitigation and
rationale.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Critical: Vembrane 2.4.0 breaking changes not verified as resolved.

The version bump to vembrane 2.4.0 introduces breaking changes documented in the previous review comment. Specifically, vembrane 2.0+ changed the ANN field from a dict to a list, requiring all ANN field access patterns in workflow/rules/common.smk (get_vembrane_config function) to be updated from ANN['FIELDNAME'] to ANN[0]['FIELDNAME']. The previous review verified this code remained unmodified. Confirm these workflow rule updates have been applied before merging.

Verify the following:

---

🏁 Script executed:

#!/bin/bash
# Check if get_vembrane_config function has been updated for vembrane 2.0+ ANN list format
echo "=== Checking for old dict-style ANN access (should not exist) ==="
rg "ANN\['[A-Z]" workflow/rules/common.smk

echo ""
echo "=== Checking for new list-style ANN[0] access (should exist) ==="
rg "ANN\[0\]\['" workflow/rules/common.smk

echo ""
echo "=== Full get_vembrane_config function ==="
rg -A 50 'def get_vembrane_config' workflow/rules/common.smk

Length of output: 2629

---

Critical: Vembrane 2.4.0 breaking changes not resolved—code will fail at runtime.

The version bump to vembrane 2.4.0 introduces breaking changes: vembrane 2.0+ changed the ANN field from a dict to a list. Verification confirms the codebase still uses the deprecated ANN['FIELDNAME'] pattern (19+ occurrences found in workflow/rules/common.smk).

The get_vembrane_config function must be updated to use ANN[0]['FIELDNAME'] format before this dependency upgrade. All references including ANN['SYMBOL'], ANN['IMPACT'], ANN['HGVSp'], ANN['Consequence'], and others must be converted to the list-indexed format.

🤖 Prompt for AI Agents

In workflow/envs/vembrane.yaml around lines 5-6 and in
workflow/rules/common.smk, the bump to vembrane 2.4.0 changed ANN from a dict to
a list so existing ANN['FIELD'] usages will break; update get_vembrane_config to
normalize ANN entries by detecting whether ANN is a list or dict and return
values using ANN[0]['FIELDNAME'] when ANN is a list (falling back to
ANN['FIELDNAME'] if dict) so all callers can use the normalized keys, and then
replace the 19+ direct ANN['SYMBOL'], ANN['IMPACT'], ANN['HGVSp'],
ANN['Consequence'], etc. usages in common.smk to use the normalized fields from
get_vembrane_config (no raw ANN[...] indexing remains).

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

workflow/envs/pandas.yaml (1)

1-6: Python 3.14.0 is a legitimate release with pandas 2.3.3 compatibility, but the exact pinning approach is overly restrictive.

Python 3.14.0 was released on October 7, 2025, and pandas 2.3.3 (released this year) is the first pandas release to add general compatibility with Python 3.14. The version combination is technically valid.

However, pinning Python to an exact version (python =3.14.0) in a shared conda environment is problematic:

• Prevents patch-level security updates (e.g., 3.14.1, 3.14.2)
• Reduces flexibility for users with other Python 3.14 patch versions
• Best practice: use a range constraint like python >=3.14,<3.15 or python >=3.9,<3.15

The pandas version (2.3.3) is appropriately pinned and reasonable. Verify the autobump tool's configuration to ensure it uses version ranges rather than exact pins for patch compatibility.

♻️ Duplicate comments (1)

workflow/envs/fgbio.linux-64.pin.txt (1)

1-78: Pin file structure is correct, but depends on problematic Python 3.14.0.

The @EXPLICIT pin file format is well-structured for reproducible environment creation. However, line 64 pins python-3.14.0-h32b2ec7_102_cp314.conda, which inherits the critical availability and safety concerns flagged for python=3.14.0 in the YAML specifications.

If the Python 3.14.0 dependency is revised in the YAML files, this pin file must be regenerated to reflect the corrected Python version.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a2bcb94 and 00b9c74.

📒 Files selected for processing (57)

• workflow/envs/arriba.linux-64.pin.txt (1 hunks)
• workflow/envs/arriba.yaml (1 hunks)
• workflow/envs/awk.linux-64.pin.txt (1 hunks)
• workflow/envs/awk.yaml (1 hunks)
• workflow/envs/awk_bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/awk_bedtools.yaml (1 hunks)
• workflow/envs/bcftools.linux-64.pin.txt (1 hunks)
• workflow/envs/bcftools.yaml (1 hunks)
• workflow/envs/bedtools.linux-64.pin.txt (1 hunks)
• workflow/envs/bedtools.yaml (1 hunks)
• workflow/envs/curl.linux-64.pin.txt (1 hunks)
• workflow/envs/curl.yaml (1 hunks)
• workflow/envs/excel.linux-64.pin.txt (1 hunks)
• workflow/envs/excel.yaml (1 hunks)
• workflow/envs/fgbio.linux-64.pin.txt (1 hunks)
• workflow/envs/fgbio.yaml (1 hunks)
• workflow/envs/filter_reads.linux-64.pin.txt (1 hunks)
• workflow/envs/filter_reads.yaml (1 hunks)
• workflow/envs/htslib.linux-64.pin.txt (1 hunks)
• workflow/envs/htslib.yaml (1 hunks)
• workflow/envs/jannovar.linux-64.pin.txt (1 hunks)
• workflow/envs/jannovar.yaml (1 hunks)
• workflow/envs/kmc.linux-64.pin.txt (1 hunks)
• workflow/envs/kmc.yaml (1 hunks)
• workflow/envs/mark_duplicates.linux-64.pin.txt (1 hunks)
• workflow/envs/mark_duplicates.yaml (1 hunks)
• workflow/envs/mosdepth.linux-64.pin.txt (1 hunks)
• workflow/envs/mosdepth.yaml (1 hunks)
• workflow/envs/oncoprint.linux-64.pin.txt (1 hunks)
• workflow/envs/oncoprint.yaml (1 hunks)
• workflow/envs/pandas.linux-64.pin.txt (1 hunks)
• workflow/envs/pandas.yaml (1 hunks)
• workflow/envs/pysam.linux-64.pin.txt (1 hunks)
• workflow/envs/pysam.yaml (1 hunks)
• workflow/envs/pystats.linux-64.pin.txt (1 hunks)
• workflow/envs/pystats.yaml (1 hunks)
• workflow/envs/rbt.linux-64.pin.txt (1 hunks)
• workflow/envs/rbt.yaml (1 hunks)
• workflow/envs/samtools.linux-64.pin.txt (1 hunks)
• workflow/envs/samtools.yaml (1 hunks)
• workflow/envs/siglasso.linux-64.pin.txt (1 hunks)
• workflow/envs/siglasso.yaml (1 hunks)
• workflow/envs/snpsift.linux-64.pin.txt (1 hunks)
• workflow/envs/snpsift.yaml (1 hunks)
• workflow/envs/split_call_tables.linux-64.pin.txt (1 hunks)
• workflow/envs/split_call_tables.yaml (1 hunks)
• workflow/envs/tabix.linux-64.pin.txt (1 hunks)
• workflow/envs/tabix.yaml (1 hunks)
• workflow/envs/umi_tools.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.linux-64.pin.txt (1 hunks)
• workflow/envs/varlociraptor.yaml (1 hunks)
• workflow/envs/vcf2maf.linux-64.pin.txt (1 hunks)
• workflow/envs/vcf2maf.yaml (1 hunks)
• workflow/envs/vega.linux-64.pin.txt (1 hunks)
• workflow/envs/vega.yaml (1 hunks)
• workflow/envs/vembrane.linux-64.pin.txt (1 hunks)
• workflow/envs/vembrane.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (12)

• workflow/envs/arriba.linux-64.pin.txt
• workflow/envs/pandas.linux-64.pin.txt
• workflow/envs/kmc.linux-64.pin.txt
• workflow/envs/rbt.linux-64.pin.txt
• workflow/envs/filter_reads.linux-64.pin.txt
• workflow/envs/curl.linux-64.pin.txt
• workflow/envs/vega.linux-64.pin.txt
• workflow/envs/siglasso.linux-64.pin.txt
• workflow/envs/vembrane.yaml
• workflow/envs/vembrane.linux-64.pin.txt
• workflow/envs/rbt.yaml
• workflow/envs/tabix.linux-64.pin.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: test sra download
• GitHub Check: test primers
• GitHub Check: test target regions, multiple BEDs
• GitHub Check: test no candidate filtering
• GitHub Check: test target regions
• GitHub Check: test local input
• GitHub Check: test testcase generation

🔇 Additional comments (42)

workflow/envs/siglasso.yaml (1)

5-11: All specified package versions are available on conda-forge; however, verify compatibility through testing before merging.

This PR automatically updates R package versions using exact version pinning, which is good for reproducibility. Verification confirms all packages exist on conda-forge:

• ✓ r-base=4.5.2 (stable R 4.x release)
• ✓ All dependent packages (r-devtools, r-glmnet, r-nnls, r-rcolorbrewer, r-colorramps, r-tidyverse)

However, since this is an automated change with no explicit verification of compatibility, please ensure:

1. The updated environment builds successfully
2. Any existing workflow tests pass with these versions
3. No breaking changes between R versions impact the workflow logic

workflow/envs/filter_reads.yaml (1)

4-8: The version bumps are validated—conda's resolution confirms compatibility.

The .linux-64.pin.txt lock file confirms that conda successfully resolved all dependencies together, including rust-script 0.36.0 with rust 1.91.1 and cryptography 46.0.3. This resolution serves as proof of compatibility. Additionally:

• rust-script 0.36.0 requires Rust 1.74+, so Rust 1.91.1 is fully compatible
• cryptography 46.0.3 is a patch release (Oct 2025) with no breaking changes
• The autobump workflow uses conda's own dependency resolver with --pin-envs, which automatically validates version compatibility

No further verification needed.

workflow/envs/pysam.yaml (1)

5-6: Verify Python 3.13 compatibility before merge.

Bumping to Python 3.13.9 is a significant upgrade (3.12 → 3.13.9). While pysam 0.23.3 is a minor bump, you should confirm that pysam 0.23.3 is fully compatible with Python 3.13 and that no breakage or deprecation warnings occur during testing.

Please verify:

• pysam 0.23.3 is certified/tested against Python 3.13.9
• All dependent workflows execute without errors using this combination
• No deprecation warnings or compatibility issues are introduced

workflow/envs/kmc.yaml (1)

5-5: Patch-level update looks good.

The kmc 3.2 → 3.2.4 bump is a safe patch release with minimal breaking change risk.

workflow/envs/samtools.yaml (1)

5-6: Verify samtools 1.22.1 compatibility with downstream workflows.

samtools is a critical tool used throughout bioinformatics pipelines. While the 1.21 → 1.22.1 bump is minor, you should verify that all downstream tools and workflows that depend on samtools output format and behavior are compatible with this version.

Ensure samtools 1.22.1 output format and behavior are compatible with downstream workflow steps.

workflow/envs/arriba.yaml (1)

5-5: Patch-level update is low-risk.

The arriba 2.5 → 2.5.1 bump is a patch release with minimal breaking change risk.

workflow/envs/fgbio.yaml (1)

5-5: Verify fgbio-minimal 3.1.0 compatibility with downstream tools.

The fgbio-minimal 2.2 → 3.1.0 bump is a major version upgrade (2→3) that may introduce breaking changes. You should verify:

• Output format/structure changes between versions
• Compatibility with downstream SAM/BAM processing tools
• Expected behavior of duplicate marking and UMI handling

Run integration tests with fgbio-minimal 3.1.0 to ensure output format compatibility with downstream tools.

workflow/envs/mosdepth.yaml (1)

5-5: Verify mosdepth 0.3.12 output format compatibility.

The mosdepth 0.2.9 → 0.3.12 bump moves across a minor version boundary that could introduce changes in:

• Coverage output format/structure
• Metrics calculations or reporting

Confirm that mosdepth 0.3.12 output format is compatible with downstream analysis tools that consume coverage metrics.

workflow/envs/curl.yaml (1)

5-5: Verify curl 8.17.0 TLS/HTTPS behavior.

While curl is generally backward compatible in CLI usage, the 7.86.0 → 8.17.0 jump is large. Verify that:

• TLS/SSL certificate validation behavior is unchanged
• HTTP/2 and HTTP/1.1 fallback works as expected
• Any HTTPS requests in workflows still succeed

Confirm that network requests in workflows execute successfully with curl 8.17.0.

workflow/envs/pystats.yaml (1)

1-9: Environment updates are reasonable and conservative.

The dependency bumps here are significantly more measured than in other YAML files:

• python 3.12 → 3.13.9: Single major-version jump (safe and tested)
• biopython 1.83 → 1.86: Minor bump (safe)
• pysam 0.22 → 0.23.3: Minor bump (safe)
• pandas 2.2 → 2.3.3: Minor bump (aligned with PR goal)
• altair 5.3 → 6.0.0: Major bump but typically forward-compatible

These versions align with the pin file (pystats.linux-64.pin.txt), suggesting testing has occurred.

workflow/envs/jannovar.yaml (1)

1-5: Straightforward, conservative update.

Minor version bump for jannovar-cli (0.33 → 0.36) is a safe, incremental update. Aligns with the corresponding pin file.

workflow/envs/samtools.linux-64.pin.txt (1)

1-31: Pin file structure is correct; dependencies are reasonable.

The @EXPLICIT format correctly pins exact builds for reproducible environment creation. Updates to sed 4.9 and samtools 1.22.1 / htslib 1.22.1 are straightforward tool version bumps without the problematic Python 3.14.0 dependency seen in other environments.

workflow/envs/umi_tools.linux-64.pin.txt (1)

1-92: Pin file structure is correct; Python version is conservative and safe.

The @EXPLICIT format correctly pins exact builds. Unlike other environments in this PR, this file pins python-3.12.12 (line 64), a conservative choice that avoids the aggressive Python 3.14.0 jump. Dependencies (pysam 0.23.3, umi_tools 1.1.6, pandas 2.3.3, etc.) are reasonable.

workflow/envs/pystats.linux-64.pin.txt (1)

1-68: Pin file structure is correct; versions align with conservative YAML updates.

The @EXPLICIT format correctly pins exact builds. Line 43 pins python-3.13.9 (single major-version bump from 3.12), which is conservative and safe. All dependencies align with pystats.yaml (biopython 1.86, pysam 0.23.3, pandas 2.3.3, altair 6.0.0) and appear well-tested.

workflow/envs/oncoprint.yaml (1)

1-8: All claimed unavailable packages are actually available on conda-forge.

Web search verification shows:

• python=3.14.0: Available on conda-forge (released October 9, 2025)
• scikit-learn=1.7.2: Available on conda-forge with builds for all major platforms (linux-64, win-64, osx-64, osx-arm64, etc.)

The oncoprint.yaml environment file contains no dependency resolution issues. The original review's claims that these packages "are not available" and "will fail to resolve" are factually incorrect based on current conda-forge status.

Likely an incorrect or invalid review comment.

workflow/envs/snpsift.linux-64.pin.txt (1)

1-93: Autogenerated explicit pin file looks good.

The @EXPLICIT format is correct, URLs are from trusted channels (conda-forge, bioconda), and hashes are present. Versions (snpsift-5.4.0a, bcftools-1.22, htslib-1.22.1) align with the claimed YAML bumps.

workflow/envs/pysam.linux-64.pin.txt (1)

1-41: Autogenerated explicit pin file is valid.

Format and URLs are correct. Python pinned to 3.13.9, pysam to 0.23.3 as expected.

workflow/envs/oncoprint.linux-64.pin.txt (1)

1-49: Autogenerated pin file is well-formed.

Format is valid, all packages from trusted sources. Python 3.14.0 is the latest available, and dependencies (pandas, scipy, scikit-learn, statsmodels) are pinned appropriately.

workflow/envs/jannovar.linux-64.pin.txt (1)

1-69: Autogenerated explicit pin file is valid.

Format and sources are correct. jannovar-cli version 0.36 matches the expected bump from the summary.

workflow/envs/mosdepth.linux-64.pin.txt (1)

1-30: Autogenerated explicit pin file is valid.

Format and URLs are correct. mosdepth version 0.3.12 aligns with the expected bump. htslib pinned to 1.22.1 for consistency with related tools.

workflow/envs/vcf2maf.yaml (1)

5-5: Simple, safe version bump.

vcf2maf updated from 1.6 to 1.6.22—a patch/minor bump with no expected breaking changes.

workflow/envs/awk.yaml (1)

4-4: Safe version bump.

gawk updated from 5.1 to 5.3.1—a minor version bump with no expected breaking changes.

workflow/envs/bedtools.yaml (1)

5-6: Samtools 1.12 → 1.22.1 is a significant version bump with breaking changes; verify test results confirm compatibility.

Samtools 1.22.1 introduces multiple breaking changes across 1.13–1.22: CRAM output defaults to 3.1 (from 3.0), reference data is no longer fetched from EBI by default, and samtools stats checksums differ. Bedtools 2.31.1 is compatible with samtools 1.22.1 for standard BAM/VCF operations, but the bump spans ~3–4 years of development.

This workflow does not appear to use CRAM or mpileup, reducing exposure to these breaking changes. However, ensure CI tests pass with both versions to confirm no downstream compatibility issues. If the autobump PR was tested and passed via the main workflow, the versions are safe for this pipeline; if not, run the full test suite before merging.

workflow/envs/bcftools.yaml (1)

5-5: Minor version bump appears reasonable.

The bcftools 1.22 version is available on conda-forge, and this is a moderate patch-level bump. No obvious compatibility concerns for a simple tool version update in this context. Consider running integration tests to ensure any changes in bcftools behavior don't affect downstream tools.

workflow/envs/vega.yaml (1)

4-4: Major version bump (5.16 → 6.4.1)—verify backward compatibility.

This is a significant jump spanning multiple minor versions. Major version bumps often introduce breaking changes. Ensure vega-lite-cli 6.x outputs are compatible with downstream consumers (e.g., rendering, formatting expectations).

workflow/envs/mark_duplicates.yaml (1)

5-6: Sambamba major version bump (0.7.0 → 1.0.1)—verify workflow compatibility.

Sambamba 1.0 was announced in January 2023 as a stable release after 10 years, suggesting a mature transition. However, verify that any workflow steps using sambamba don't depend on functionality removed or changed in the v1.0 transition (e.g., output format, command-line flags).

workflow/envs/snpsift.yaml (1)

6-6: bcftools version bump is acceptable.

The bcftools 1.12 → 1.22 bump is a standard patch-level update aligned with other environment files. No concerns identified.

workflow/envs/split_call_tables.yaml (1)

5-7: Version updates appear valid; previous Python pin issue resolved.

Python 3.13.9 is available on conda-forge, resolving the prior issue with the invalid 3.13.7 pin. The pandas and pysam updates are standard patch-level bumps. These changes look correct for a dependency auto-bump.

workflow/envs/awk_bedtools.yaml (1)

5-7: Routine dependency version bumps—no immediate concerns.

These are standard patch and minor version updates across alignment and data manipulation tools. No major version transitions detected. Ensure workflow integration tests pass with these versions.

workflow/envs/htslib.yaml (1)

5-6: Core library version bump—standard update.

The htslib 1.12 → 1.22.1 bump is a patch-level update for a core sequencing library. This is a common dependency in bioinformatics workflows. Ensure downstream tools depending on htslib API remain compatible.

workflow/envs/awk.linux-64.pin.txt (1)

1-20: New explicit pin file promotes reproducibility—good practice.

This new linux-64 explicit pin file locks environment packages to exact URLs and hashes, enabling reproducible environment creation on Linux-64 systems. This is a best practice for CI/CD and collaborative workflows. Verify that the pinned versions align with the corresponding YAML specifications (e.g., gawk 5.3.1 is correctly pinned in line 20).

workflow/envs/varlociraptor.yaml (1)

6-8: Dependency version bumps look reasonable; verify vega-lite-cli 6.x CLI compatibility.

The varlociraptor (8.7.3 → 8.9.1) and bcftools (1.21 → 1.22) bumps are minor/patch increments with low risk. However, vega-lite-cli crosses a major version boundary (5.16 → 6.4.1). Confirm that the CLI interface and output formats remain compatible with downstream workflow steps.

Can you verify that vega-lite-cli 6.x is compatible with the workflow scripts that invoke it?

workflow/envs/excel.yaml (1)

5-7: NumPy 2.x compatibility—verify fixes are applied in this PR.

A prior review flagged NumPy 2.0 breaking changes affecting direct numpy API usage in scripts (dtype introspection, type checking patterns). Pandas 2.3.3 and openpyxl 3.1.5 are compatible with NumPy 2.x, but the concern regarding scripts using np.floating, dtype.type, np.sort(), etc. was marked "Addressed in commit 0eeac58." Please confirm that all numpy compatibility fixes are included in this PR and that the scripts have been validated under NumPy 2.3.5.

workflow/envs/excel.linux-64.pin.txt (1)

1-43: Pin file is consistent with excel.yaml versions.

Lines 40–43 correctly pin numpy-2.3.5, openpyxl-3.1.5, and pandas-2.3.3, matching the dependency versions in workflow/envs/excel.yaml. The explicit URL-based pin format enhances reproducibility.

workflow/envs/bcftools.linux-64.pin.txt (1)

1-38: Pin file correctly locks bcftools and related dependencies.

Line 38 correctly pins bcftools-1.22, aligning with the varlociraptor.yaml update (bcftools 1.21 → 1.22). Supporting dependencies like htslib (line 35: version 1.22.1) are also properly versioned.

workflow/envs/mark_duplicates.linux-64.pin.txt (1)

1-18: Pin file follows established pattern; verify against mark_duplicates.yaml.

The explicit pin file correctly specifies samblaster (line 16) and sambamba (line 18) for the duplicate-marking environment. The format and structure align with other pin files in the PR. Ensure the versions here match any corresponding updates in workflow/envs/mark_duplicates.yaml.

workflow/envs/varlociraptor.linux-64.pin.txt (1)

1-79: Pin file correctly locks all varlociraptor environment dependencies.

All three primary dependencies from varlociraptor.yaml are correctly pinned:

• Line 75: varlociraptor-8.9.1 ✓
• Line 79: vega-lite-cli-6.4.1 ✓
• Line 73: bcftools-1.22 (hash matches bcftools.linux-64.pin.txt) ✓

Supporting dependencies for Vega-Lite visualization (fonts, rendering libraries, line 72–78) are properly included and versioned.

workflow/envs/vcf2maf.linux-64.pin.txt (1)

1-40: Pin file correctly locks vcf2maf and bioinformatics dependencies.

Line 40 pins vcf2maf-1.6.22 (alignment with PR vcf2maf 1.6 → 1.6.22 update). Supporting bioinformatics tools are consistently versioned across related pin files:

• Line 35: htslib-1.22.1 (matches bcftools.linux-64.pin.txt) ✓
• Line 38: samtools-1.22.1
• Line 39: bcftools-1.22 (hash consistent with bcftools.linux-64.pin.txt) ✓

workflow/envs/split_call_tables.linux-64.pin.txt (1)

1-53: Pin file correctly locks split_call_tables Python data-science stack.

All expected version pins from split_call_tables.yaml updates are present:

• Line 43: python-3.13.9 ✓
• Line 53: pandas-2.3.3 ✓
• Line 47: pysam-0.23.3 ✓
• Line 51: numpy-2.3.5 (aligned with excel environment updates) ✓

Python version bump to 3.13.9 is moderate; build tags correctly reflect cp313. Numpy 2.x compatibility is consistent across environments.

workflow/envs/bedtools.linux-64.pin.txt (1)

1-31: Pin file format is correct; version alignment with bedtools.yaml could not be verified due to repository access constraints.

This is a properly formatted explicit environment specification with channel URLs and SHA256 hashes, which enables reproducible environment creation without requiring the solver. The file correctly pins bedtools 2.31.1 and samtools 1.22.1 (lines 21, 31).

The original review requested verification that these pinned versions align with the accompanying bedtools.yaml specification, but this verification could not be completed due to inaccessibility of the repository environment.

workflow/envs/awk_bedtools.linux-64.pin.txt (1)

1-38: Pin file versions correctly match awk_bedtools.yaml specifications.

The pinned versions align perfectly with the YAML configuration:

• bedtools 2.31.1 ✓
• gawk 5.3.1 ✓
• samtools 1.22.1 ✓

All dependencies are correctly resolved from the specified channels (conda-forge, bioconda), and transitive build dependencies (gmp, mpfr, readline, libiconv, libgettextpo, libasprintf) are properly included for the gawk toolchain. The @explicit format with verified SHA256 hashes is correct.

workflow/envs/htslib.linux-64.pin.txt (1)

1-30: Pin file format and version alignment verified; ready to merge.

The htslib.yaml specification correctly pins htslib=1.22.1 and unzip=6.0, and both dependencies are properly locked in the .pin.txt file with exact build strings and checksums. The @explicit format ensures reproducible environment recreation without solver invocation.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

CRITICAL: snpsift 5.4.0a does not exist on Bioconda—environment creation will fail.

The latest available snpsift version on Bioconda is 5.3.0a (pre-release). Version 5.4.0a does not exist and will cause conda environment resolution to fail. This appears to be an error introduced by the automated bump tool.

Recommended fixes:

1. If you need the latest stable version, use snpsift =5.3 (pending Bioconda update to stable 5.3 release, currently only 5.3.0a is available)
2. If the pre-release is acceptable, revert to snpsift =5.3.0a
3. Document the rationale if the pre-release is intentionally required

-  - snpsift =5.4.0a
+  - snpsift =5.3.0a

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- snpsift =5.4.0a
	- snpsift =5.3.0a

🤖 Prompt for AI Agents

In workflow/envs/snpsift.yaml around line 5, the pinned version "snpsift
=5.4.0a" does not exist on Bioconda and will cause environment resolution to
fail; change the version to a valid one — either "snpsift =5.3" for the latest
stable (when available) or "snpsift =5.3.0a" to accept the pre-release — and add
a one-line comment explaining which choice was made and why (pre-release vs
stable) so future bumps are clear.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Critical: Verify tabix 1.11 compatibility with existing indexed files and workflows.

The tabix version jump from 0.2 → 1.11 is very large and spans many minor versions. This is a high-risk upgrade that could introduce breaking changes in:

• File index format compatibility
• Command-line API changes
• Output format changes

Before merging, you must verify:

• Existing tabix indices (*.tbi) created with tabix 0.2 remain compatible with 1.11
• All command-line usage in workflows is still valid with 1.11
• bgzip-compressed VCF/BED files are handled identically
• Downstream tools that read these indices still work correctly

Consider testing a complete workflow run with the new version to ensure no silent failures occur.

🤖 Prompt for AI Agents

In workflow/envs/tabix.yaml around line 5, the tabix version was changed to 1.11
which is a large jump and may break index/CLI/output compatibility; verify
compatibility by (1) testing that existing .tbi indices produced with tabix 0.2
are readable by 1.11 and by downstream tools, (2) running all CI/workflow
command-line invocations that use tabix (including region queries and indexing)
to ensure flags and outputs remain identical, (3) validating bgzip-compressed
VCF/BED handling by re-indexing and comparing checksums/records, and (4) running
a full end-to-end workflow using representative datasets; if any incompatibility
appears, pin to a safe minor version or add compatibility shims and update
workflows/commands accordingly and add automated tests that exercise indexing
and query operations to prevent regressions.