Skip to content

constrain autobahn (daphne dependency) to <25.11.1#277

Merged
samuelvkwong merged 2 commits intomainfrom
autobahn_version_constraint
Dec 17, 2025
Merged

constrain autobahn (daphne dependency) to <25.11.1#277
samuelvkwong merged 2 commits intomainfrom
autobahn_version_constraint

Conversation

@samuelvkwong
Copy link
Collaborator

@samuelvkwong samuelvkwong commented Dec 15, 2025

Added version constraint for autobahn to uv and renovate because beginning from 25.11.1, the ARM64 wheel is broken.

Summary by CodeRabbit

  • Chores
    • Added a constraint to keep autobahn versions below 25.11.1.
    • Updated the adit-radis-shared dependency to v0.19.1.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 15, 2025

Walkthrough

Added a constraint that limits Autobahn versions to below 25.11.1 in Renovate configuration and in the project's uv dependency-constraint settings; also bumped adit-radis-shared from 0.19.0 to 0.19.1 in pyproject.toml.

Changes

Cohort / File(s) Change Summary
Renovate rule
​.github/renovate.json
Added a pep621 packageRule for autobahn with allowedVersions: "<25.11.1".
Project metadata / uv constraints
pyproject.toml
Bumped adit-radis-shared @0.19.0@0.19.1; added tool.uv.constraint-dependencies = ["autobahn<25.11.1"].

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Verify the intended version ceiling "<25.11.1" for autobahn (compatibility rationale).
  • Check Renovate pep621 manager behavior to ensure the new rule will be applied.
  • Confirm uv constraint format is correct and enforced in CI/build tooling.

Possibly related PRs

Poem

🐰 I hopped through two configs, neat and keen,
Tucked Autobahn under a velvet seam,
A tiny bump, constraints set just right,
Now dependency dreams sleep through the night. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately and specifically describes the main change: constraining the autobahn dependency to version <25.11.1, with context about its role as a daphne dependency.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch autobahn_version_constraint

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aa1f668 and 6708932.

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock
📒 Files selected for processing (1)
  • pyproject.toml (2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: ci
  • GitHub Check: claude-review
🔇 Additional comments (2)
pyproject.toml (2)

10-10: Clarify the unrelated dependency version bump.

The version bump of adit-radis-shared from 0.19.0 to 0.19.1 is not mentioned in the PR description. Is this change intentional and related to the autobahn constraint fix, or should it be in a separate PR?


99-99: Approve the autobahn version constraint with verification request.

The constraint correctly limits autobahn to versions below 25.11.1 using uv's constraint-dependencies mechanism, which will prevent problematic versions from being installed as transitive dependencies through daphne.

However, I was unable to find documented evidence of a broken ARM64 wheel specifically in version 25.11.1. Historical issues with ARM64 wheels (SIGILL crashes due to -march=native compilation) were reported and fixed in v25.10.2. Could you provide a link to the issue tracker, discussion, or error logs that document the specific ARM64 wheel problem in 25.11.1?


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@claude
Copy link

claude bot commented Dec 15, 2025

Pull Request Review

Summary

This PR constrains the autobahn package (a dependency of daphne) to version <25.11.1 by:

  • Adding a constraint in pyproject.toml using uv's constraint-dependencies feature
  • Configuring Renovate to respect this version constraint
  • Downgrading from 25.11.1 to 25.10.2 in the lock file

Code Quality and Best Practices ✅

Strengths:

  • Proper dependency management: Uses uv's built-in constraint mechanism (constraint-dependencies) which is the correct approach for constraining transitive dependencies
  • Renovate configuration: Correctly prevents automatic updates past the constraint, preventing future issues
  • Consistent approach: Follows the existing pattern already established for factory-boy in the same files
  • Clean implementation: Minimal, focused changes that address the specific issue

Potential Issues ⚠️

Missing context:

  • No explanation for the constraint: The PR body is empty and the commit message doesn't explain why this constraint is needed. This is important for future maintainability.
    • What issue does autobahn 25.11.1 cause?
    • Is there a related issue or bug report?
    • Is this a compatibility issue with daphne or the project itself?

Recommendations:

  1. Add a PR description explaining:

    • The problem encountered with autobahn 25.11.1
    • Steps to reproduce the issue (if applicable)
    • Why 25.10.2 is the last working version
    • Link to any related issues or upstream bug reports
  2. Add an inline comment in pyproject.toml explaining the constraint

  3. Consider tracking this: If this is a temporary workaround, create an issue to track removing this constraint once the upstream issue is resolved.

Performance Considerations ✅

No performance concerns. The version downgrade actually removes several optional dependencies (cbor2, msgpack, py-ubjson, ujson, u-msgpack-python) that were added in 25.11.1, resulting in a smaller dependency footprint.

Security Considerations ⚠️

  • Version pinning risk: Constraining versions can prevent security updates. Monitor for security advisories affecting autobahn 25.10.2 and earlier.
  • Recommendation: Set up security monitoring (like Dependabot security alerts) to be notified of vulnerabilities in the constrained version range.

Test Coverage

  • No tests are included, but this is acceptable for a dependency constraint change.
  • Recommendation: If the constraint addresses a specific runtime issue, consider adding a regression test if feasible.

Overall Assessment

This is a well-implemented technical solution using the correct tooling and following established patterns. However, it lacks documentation and context which are critical for long-term maintainability.

Approval recommendation: ✅ Approve after adding context to the PR description explaining the rationale for the constraint.


Action Items:

  • Add PR description explaining why this constraint is needed
  • Consider adding an inline comment in pyproject.toml
  • Create a tracking issue if this is a temporary workaround
  • Monitor for security updates to constrained version

@claude
Copy link

claude bot commented Dec 17, 2025

Updated Pull Request Review

Summary

This PR now includes two changes:

  1. Constrains the autobahn package to version <25.11.1 due to a broken ARM64 wheel
  2. Updates adit-radis-shared dependency from 0.19.0 to 0.19.1

Change 1: Autobahn Version Constraint ✅

What was done:

  • Added constraint-dependencies = ["autobahn<25.11.1"] in pyproject.toml
  • Configured Renovate to prevent automatic updates past this version
  • Downgraded from 25.11.1 to 25.10.2 in the lock file

Strengths:

  • ✅ Uses the correct uv mechanism (constraint-dependencies) for constraining transitive dependencies
  • ✅ Properly configured Renovate to respect the constraint
  • ✅ Follows existing pattern used for factory-boy
  • ✅ PR body now includes explanation (ARM64 wheel is broken in 25.11.1+)

Observations:

  • The downgrade removes several optional serialization dependencies (cbor2, msgpack, py-ubjson, ujson, u-msgpack-python) that were added in 25.11.1, resulting in ~150 fewer lines in uv.lock
  • This is a positive side effect - smaller dependency footprint

Change 2: adit-radis-shared Update ⚠️

What was done:

  • Updated adit-radis-shared from 0.19.0 to 0.19.1
  • Lock file hash changed from cba956e to 2b982d6

Concerns:

  1. Mixed scope: This change is unrelated to the autobahn constraint and should ideally be in a separate PR
  2. No changelog reference: No information about what changed in adit-radis-shared 0.19.1
  3. Testing verification: It's unclear if these two changes have been tested together

Recommendations:

  • If the adit-radis-shared update is required for the autobahn fix to work, please add this context to the PR description
  • Otherwise, consider moving this to a separate PR for cleaner git history
  • Document what changed in adit-radis-shared 0.19.1

Code Quality ✅

  • Clean, minimal changes
  • Follows project conventions (Google Python Style Guide)
  • Lock file properly regenerated with uv

Security Considerations ⚠️

  • Version pinning: Be aware that constraining autobahn prevents security updates beyond 25.10.2
  • Recommendation: Monitor security advisories for autobahn and track when the ARM64 wheel issue is resolved upstream so this constraint can be removed

Test Coverage

  • No tests needed for dependency configuration changes
  • Recommendation: Verify the application builds and runs correctly on ARM64 architecture

Overall Assessment

Autobahn constraint: Well-implemented and properly justified. ✅

adit-radis-shared update: Needs clarification on why it's included in this PR. ⚠️

Recommendation:

  • If the two changes are related, explain the relationship in the PR description
  • If they're unrelated, consider splitting into separate PRs
  • Otherwise, the implementation is solid and ready to merge

Action Items

  • Clarify the relationship between the two changes
  • Consider adding an inline comment in pyproject.toml explaining the autobahn constraint (e.g., # ARM64 wheel broken in 25.11.1+)
  • Create a tracking issue to remove the constraint once the upstream issue is resolved
  • Test on ARM64 architecture to verify the fix works

@samuelvkwong samuelvkwong merged commit 211e24c into main Dec 17, 2025
3 checks passed
@samuelvkwong samuelvkwong deleted the autobahn_version_constraint branch December 17, 2025 10:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant