feat: update jsonschema constraint to >=4.20,<5.0 for fastmcp compatibility (minimal)

[aaronsteers]

feat: update jsonschema constraint to >=4.20,<5.0 for fastmcp compatibility (minimal)

Summary

This PR updates the jsonschema version constraint from ~4.17.3 to >=4.20,<5.0 to enable fastmcp compatibility, which requires jsonschema 4.20.0+. This is a minimal test PR that only changes the version constraint without any referencing library migration code.

Key changes:

• Updated pyproject.toml jsonschema constraint to >=4.20,<5.0
• Regenerated poetry.lock with the new constraint (jsonschema 4.17.3 → 4.25.1)
• New transitive dependencies: jsonschema-specifications, referencing, rpds-py
• Removed transitive dependency: pyrsistent

This PR serves as a test to determine if the version bump alone resolves CI issues, or if the problems were related to the referencing library migration code from PR #737.

Review & Testing Checklist for Human

⚠️ Risk Level: High - Substantial dependency upgrade with significant transitive changes

• Verify existing jsonschema functionality: Test that current JSON schema validation still works correctly across the codebase
• Check CI results carefully: Monitor all test suites, especially unit_tests.sources.utils.test_transform#0 which was previously failing
• Test fastmcp compatibility: Confirm that the new version constraint actually supports fastmcp requirements (>=4.20.0)
• Validate transitive dependency changes: Ensure no code is broken by the removal of pyrsistent or addition of new dependencies like rpds-py

Test Plan Recommendation

1. Run the full test suite locally to catch any immediate issues
2. Pay special attention to any JSON schema validation or reference resolution functionality
3. Test any connectors or components that heavily use JSON schemas
4. If this PR passes CI, it confirms the issue was with the referencing migration, not the version bump

Notes

• This PR was created by @devin as requested by @aaronsteers to isolate the version bump from the referencing library migration
• The previous comment about jsonschema 4.18+ having "significant breaking changes" was based on RefResolver being deprecated (not removed)
• Session URL: https://app.devin.ai/sessions/5a4dd7c708c64eb2bbc2d42fb688c9a7

Link to Devin run: https://app.devin.ai/sessions/5a4dd7c708c64eb2bbc2d42fb688c9a7
Requested by: @aaronsteers

Summary by CodeRabbit

• Chores
  • Updated the JSON Schema validation dependency to a newer 4.x release (pinned to 4.20.x) to align with upstream releases.
  • Maintenance-only change: no user-facing behavior expected; improves dependency alignment, stability, and security maintenance.

[devin-ai-integration]

Original prompt from AJ Steers

@Devin - Can you take care of this version pin issue for the python CDK for jsonschema library:

jsonschema = "~4.17.3"  # 4.18 has some significant breaking changes: <https://github.com/python-jsonschema/jsonschema/releases/tag/v4.18.0>

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[github-actions]

👋 Greetings, Airbyte Team Member!

Here are some helpful tips and reminders for your convenience.

Testing This CDK Version

You can test this version of the CDK using the following:

# Run the CLI from this branch:
uvx 'git+https://github.com/airbytehq/airbyte-python-cdk.git@devin/1756486554-jsonschema-minimal-bump#egg=airbyte-python-cdk[dev]' --help

# Update a connector to use the CDK from this branch ref:
cd airbyte-integrations/connectors/source-example
poe use-cdk-branch devin/1756486554-jsonschema-minimal-bump

Helpful Resources

• CDK API Reference

PR Slash Commands

Airbyte Maintainers can execute the following slash commands on your PR:

• /autofix - Fixes most formatting and linting issues
• /poetry-lock - Updates poetry.lock file
• /test - Runs connector tests with the updated CDK
• /poe build - Regenerate git-committed build artifacts, such as the pydantic models which are generated from the manifest JSON schema in YAML.
• /poe <command> - Runs any poe command in the CDK environment

📝 Edit this welcome message.

[Copilot]

Pull Request Overview

This PR updates the jsonschema dependency constraint from ~4.17.3 to >=4.20,<5.0 to enable fastmcp compatibility. This is a minimal test PR that isolates the version constraint change from the referencing library migration code to determine which change was causing CI failures.

Key changes:

• Updated jsonschema version constraint to support fastmcp requirements (>=4.20.0)
• Regenerated poetry.lock with new transitive dependencies
• Removed the comment about 4.18+ breaking changes since they were related to RefResolver deprecation

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

[nitpick] Consider adding a comment explaining why the minimum version is 4.20.0 (fastmcp compatibility requirement) to help future maintainers understand the constraint rationale.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Updated the jsonschema dependency in pyproject.toml from ~4.17.3 to >=4.20,<4.21, and removed the previous comment about 4.18 breaking changes. No other files or public entities were modified.

Changes

Cohort / File(s)	Summary of Changes
Dependency version change pyproject.toml	Changed jsonschema constraint from ~4.17.3 to >=4.20,<4.21 and removed the note about 4.18 breaking changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• chore(deps): bump jsonschema to "~4.17.3" #68 — Modified the same jsonschema entry in pyproject.toml (previously set to ~4.17.3), so it is directly related.

Suggested labels

dependencies

Suggested reviewers

• dbgold17
• bnchrch

Would you like to apply these reviewers and the dependencies label, wdyt?

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8bdc7da and af6e7c8.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• pyproject.toml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)

• GitHub Check: Check: source-hardcoded-records
• GitHub Check: Check: destination-motherduck
• GitHub Check: Check: source-shopify
• GitHub Check: Check: source-pokeapi
• GitHub Check: Check: source-intercom
• GitHub Check: Pytest (Fast)
• GitHub Check: Pytest (All, Python 3.13, Ubuntu)
• GitHub Check: SDM Docker Image Build
• GitHub Check: Manifest Server Docker Image Build
• GitHub Check: Pytest (All, Python 3.12, Ubuntu)
• GitHub Check: Pytest (All, Python 3.10, Ubuntu)
• GitHub Check: Pytest (All, Python 3.11, Ubuntu)
• GitHub Check: Analyze (python)

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch devin/1756486554-jsonschema-minimal-bump

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

pyproject.toml (3)

46-46: If you rely on "format" validation, enable non-GPL format extras or wire a FormatChecker explicitly, wdyt?

By default, "format" is annotation-only. If tests expect strict format validation (e.g., date-time, email, uri), consider enabling extras to avoid silent behavior shifts.

-jsonschema = ">=4.20,<5.0"
+jsonschema = { version = ">=4.20,<5.0", extras = ["format-nongpl"] }

Or keep dependency as-is and ensure call sites pass format_checker=jsonschema.draft202012_format_checker.

---

46-46: Changelog/Upgrade note: can we add a short entry calling out the dependency bump and potential deprecations, wdyt?

Helps connector authors anticipate jsonschema/ref behavior changes.

I can draft a CHANGELOG snippet and an upgrade note section if helpful.

---

46-46: Align or deprecate jsonref in favor of jsonschema’s built-in $ref handling?
I see import jsonref in both airbyte_cdk/sources/utils/schema_helpers.py and your tests, so jsonref isn’t just a test-only dependency. Mixing jsonref (~0.2) with jsonschema>=4.20 risks diverging $ref semantics or double-resolution. Should we retire jsonref (dropping it from pyproject.toml) and lean on jsonschema’s RefResolver exclusively, or else guard its usage and migrate gradually, wdyt?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e4b34b6 and 8bdc7da.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)

• GitHub Check: Check: destination-motherduck
• GitHub Check: Check: source-pokeapi
• GitHub Check: Check: source-hardcoded-records
• GitHub Check: Check: source-intercom
• GitHub Check: Check: source-shopify
• GitHub Check: Manifest Server Docker Image Build
• GitHub Check: SDM Docker Image Build
• GitHub Check: Pytest (All, Python 3.13, Ubuntu)
• GitHub Check: Pytest (All, Python 3.10, Ubuntu)
• GitHub Check: Pytest (All, Python 3.12, Ubuntu)
• GitHub Check: Pytest (All, Python 3.11, Ubuntu)
• GitHub Check: Pytest (Fast)
• GitHub Check: Analyze (python)

🔇 Additional comments (2)

pyproject.toml (2)

46-46: Audit JSONSchema bump for legacy APIs
Bumping jsonschema to “>=4.20,<5.0” may break usages of deprecated/changed APIs. We detected hotspots in:

• airbyte_cdk/utils/spec_schema_transformations.py (RefResolver.from_schema)
• airbyte_cdk/sources/utils/schema_helpers.py (_expand_refs + validate)
• airbyte_cdk/sources/utils/transform.py (Draft7Validator, RefResolver, validators.create)
• airbyte_cdk/sources/declarative/validators/validate_adheres_to_schema.py (jsonschema.validate)

Could you verify these call sites remain compatible with jsonschema 4.20’s updated ref/format semantics? wdyt?

---

46-46: Confirm CI wheel availability
Could you verify in our [tool.airbyte_ci] matrix for Python 3.10–3.13 that no steps emit “Building wheel for rpds-py”, “Building wheel for referencing” or “Building wheel for jsonschema-specifications”? Please check the CI install logs and surface any source-build occurrences—wdyt?

[github-actions]

PyTest Results (Fast)

3 461 tests   - 302   3 448 ✅  - 303   6m 31s ⏱️ -8s
    1 suites ±  0      12 💤 ±  0 
    1 files   ±  0       1 ❌ +  1 

For more details on these failures, see this check.

Results for commit af6e7c8. ± Comparison against base commit e4b34b6.

This pull request removes 302 tests.

unit_tests.sources.utils.test_transform ‑ test_custom_transform
unit_tests.sources.utils.test_transform ‑ test_custom_transform_with_default_normalization
unit_tests.sources.utils.test_transform ‑ test_transform[array_in_nested_object]
unit_tests.sources.utils.test_transform ‑ test_transform[array_without_items]
unit_tests.sources.utils.test_transform ‑ test_transform[empty_object]
unit_tests.sources.utils.test_transform ‑ test_transform[facebook_cpc_number_conversion]
unit_tests.sources.utils.test_transform ‑ test_transform[max_nesting_depth_protection]
unit_tests.sources.utils.test_transform ‑ test_transform[multiple_allowed_types]
unit_tests.sources.utils.test_transform ‑ test_transform[nested_list_conversion]
unit_tests.sources.utils.test_transform ‑ test_transform[non_array_to_array]
…

♻️ This comment has been updated with latest results.

[github-actions]

PyTest Results (Full)

3 766 tests  ±0   3 749 ✅  - 5   11m 12s ⏱️ -15s
    1 suites ±0      12 💤 ±0 
    1 files   ±0       5 ❌ +5 

For more details on these failures, see this check.

Results for commit af6e7c8. ± Comparison against base commit e4b34b6.

[aaronsteers]

Resolution tests break on 4.20, even with no code changes. What is odd is that there's no complaint about missing classes or deprecation warnings - the resolution just doesn't work.

Could be a factor with the test itself (expecting niche or incorrect behavior) but I'm going to for now assume it's just not viable.

Continuing to pursue this in:

#737

Closing this PR for now.

Error was:

FAILED unit_tests/sources/utils/test_transform.py::test_transform[array_with_mixed_types] - jsonschema.exceptions._RefResolutionError: Unresolvable JSON pointer: 'definitions/str_type'

https://github.com/airbytehq/airbyte-python-cdk/actions/runs/17329936082/job/49203351546

cc @lmossman