AlexsLemonade · jashapiro · Oct 29, 2024 · Oct 28, 2024 · Oct 28, 2024
diff --git a/docker/README.md b/docker/README.md
@@ -40,8 +40,9 @@ Dependency lock files, with the exception of `renv.lock`, are built using the `m
 This script depends on `pip-tools` and should be run using Python 3.10 to match the default version of Python in the Docker images.
 For convenience, a conda `environment.yml` file is included in this directory that can be used to create an `scpcatools-dev` environment with the necessary Python version and packages.
 
-This script will generate the `requirements_*.txt` and `renv_*.lock` files for each set of Python packages to be installed within the various Docker images.
-- The requirements files are based on `requirements_*.in` files that specify the high-level package requirements for each image.
+This script will generate the `requirements*.txt` and `renv*.lock` files for each set of Python packages to be installed within the various Docker images.
+- The Python requirements files are based on `requirements*.in` files that specify the high-level package requirements for each image.
+  - To upgrade existing `requirements*.txt` files, the `make-requirements.sh` script should be run with the `UPGRADE_PY` environment variable, e.g., `UPGRADE_PY=1 bash make-requirements.sh`.
 - The `renv_*.lock` files are strict subsets of the main `renv.lock` file that is use for development and for the full image.
   - The main `renv.lock` file should be updated manually using `renv::snapshot()` from within the `scpcaTools` project.
   - After updating `renv.lock`, the `make-requirements.sh` script should be run to update the `renv_*.lock` files.
diff --git a/docker/make-requirements.sh b/docker/make-requirements.sh
@@ -5,13 +5,24 @@ set -euo pipefail
 # Before running, make sure that the renv.lock file and installed libaries are
 # consistent with renv::snapshot() or renv::restore()
 
+# To upgrade packages, set the `UPGRADE_PY` environment variable as follows:
+# UPGRADE_PY=1 bash make-requirements.sh
+
 # Set the working directory to the directory of this file
 cd "$(dirname "${BASH_SOURCE[0]}")"
 
+UPGRADE_PY=${UPGRADE_PY:-0}
+
+if [ "$UPGRADE_PY" -eq 0 ]; then
+  UPGRADE_PY_FLAG=""
+else
+  UPGRADE_PY_FLAG="--upgrade"
+fi
+
 # Python package lists
-pip-compile --no-annotate --strip-extras --output-file=requirements.txt requirements.in
-pip-compile --no-annotate --strip-extras --output-file=requirements_anndata.txt requirements_anndata.in
-pip-compile --no-annotate --strip-extras --output-file=requirements_scvi.txt requirements_scvi.in
+pip-compile --no-annotate --strip-extras $UPGRADE_PY_FLAG --output-file=requirements.txt requirements.in
+pip-compile --no-annotate --strip-extras $UPGRADE_PY_FLAG --output-file=requirements_anndata.txt requirements_anndata.in
+pip-compile --no-annotate --strip-extras $UPGRADE_PY_FLAG --output-file=requirements_scvi.txt requirements_scvi.in
 
 # slim lockfile
 Rscript scripts/make-lockfile.R -f renv_slim.lock -p batchelor,rtracklayer

diff --git a/docker/requirements.in b/docker/requirements.in
@@ -1,8 +1,9 @@
-anndata~=0.10
+anndata~=0.10.8
 etils<1.8 # v1.8 drops python 3.10 support
 jax[cpu]
+lightning>=2.3.3 # critical security fix
 pandas
-scanpy~=1.10
-scvi-tools~=1.1
+scanpy~=1.10.2
+scvi-tools~=1.1.5
 torch
 torchvision
diff --git a/docker/requirements.txt b/docker/requirements.txt
@@ -5,93 +5,96 @@
 #    pip-compile --no-annotate --output-file=requirements.txt --strip-extras requirements.in
 #
 absl-py==2.1.0
-aiohttp==3.9.5
+aiohappyeyeballs==2.4.3
+aiohttp==3.10.10
 aiosignal==1.3.1
 anndata==0.10.8
-array-api-compat==1.7.1
+array-api-compat==1.9
 async-timeout==4.0.3
-attrs==23.2.0
-chex==0.1.86
+attrs==24.2.0
+chex==0.1.87
 contextlib2==21.6.0
-contourpy==1.2.1
+contourpy==1.3.0
 cycler==0.12.1
 docrep==0.3.2
 etils==1.7.0
-exceptiongroup==1.2.1
-filelock==3.15.4
-flax==0.8.5
-fonttools==4.53.1
-frozenlist==1.4.1
-fsspec==2024.6.1
-h5py==3.11.0
-idna==3.7
-importlib-resources==6.4.0
-jax==0.4.30
-jaxlib==0.4.30
+exceptiongroup==1.2.2
+filelock==3.16.1
+flax==0.10.0
+fonttools==4.54.1
+frozenlist==1.5.0
+fsspec==2024.10.0
+h5py==3.12.1
+humanize==4.11.0
+idna==3.10
+importlib-resources==6.4.5
+jax==0.4.35
+jaxlib==0.4.35
 jinja2==3.1.4
 joblib==1.4.2
-kiwisolver==1.4.5
+kiwisolver==1.4.7
 legacy-api-wrap==1.4
-lightning==2.1.4
-lightning-utilities==0.11.3.post0
+lightning==2.4.0
+lightning-utilities==0.11.8
 llvmlite==0.43.0
 markdown-it-py==3.0.0
-markupsafe==2.1.5
-matplotlib==3.9.1
+markupsafe==3.0.2
+matplotlib==3.9.2
 mdurl==0.1.2
 ml-collections==0.1.1
-ml-dtypes==0.4.0
+ml-dtypes==0.5.0
 mpmath==1.3.0
-msgpack==1.0.8
-mudata==0.2.4
-multidict==6.0.5
+msgpack==1.1.0
+mudata==0.3.1
+multidict==6.1.0
 multipledispatch==1.0.0
 natsort==8.4.0
 nest-asyncio==1.6.0
-networkx==3.3
+networkx==3.4.2
 numba==0.60.0
 numpy==1.26.4
-numpyro==0.15.0
-opt-einsum==3.3.0
-optax==0.2.2
-orbax-checkpoint==0.5.20
+numpyro==0.15.3
+opt-einsum==3.4.0
+optax==0.2.3
+orbax-checkpoint==0.7.0
 packaging==24.1
-pandas==2.2.2
+pandas==2.2.3
 patsy==0.5.6
-pillow==10.4.0
-protobuf==5.27.2
+pillow==11.0.0
+propcache==0.2.0
+protobuf==5.28.3
 pygments==2.18.0
 pynndescent==0.5.13
-pyparsing==3.1.2
+pyparsing==3.2.0
 pyro-api==0.1.2
 pyro-ppl==1.9.1
 python-dateutil==2.9.0.post0
-pytorch-lightning==2.3.3
-pytz==2024.1
-pyyaml==6.0.1
-rich==13.7.1
-scanpy==1.10.2
-scikit-learn==1.5.1
-scipy==1.14.0
-scvi-tools==1.1.5
+pytorch-lightning==2.4.0
+pytz==2024.2
+pyyaml==6.0.2
+rich==13.9.3
+scanpy==1.10.3
+scikit-learn==1.5.2
+scipy==1.14.1
+scvi-tools==1.1.6.post2
 seaborn==0.13.2
 session-info==1.0.0
 six==1.16.0
-statsmodels==0.14.2
-stdlib-list==0.10.0
-sympy==1.13.0
-tensorstore==0.1.63
+statsmodels==0.14.4
+stdlib-list==0.11.0
+sympy==1.13.1
+tensorstore==0.1.67
 threadpoolctl==3.5.0
-toolz==0.12.1
-torch==2.3.1
-torchmetrics==1.4.0.post0
-torchvision==0.18.1
-tqdm==4.66.4
+toolz==1.0.0
+torch==2.5.0
+torchmetrics==1.5.1
+torchvision==0.20.0
+tqdm==4.66.6
 typing-extensions==4.12.2
-tzdata==2024.1
+tzdata==2024.2
 umap-learn==0.5.6
-yarl==1.9.4
-zipp==3.19.2
+yarl==1.16.0
+zipp==3.20.2
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools
diff --git a/docker/requirements_anndata.in b/docker/requirements_anndata.in
@@ -1,2 +1,2 @@
 # requirements.in packages for minimal ScPCA workflows
-anndata~=0.10
+anndata~=0.10.8
diff --git a/docker/requirements_anndata.txt b/docker/requirements_anndata.txt
@@ -4,16 +4,16 @@
 #
 #    pip-compile --no-annotate --output-file=requirements_anndata.txt --strip-extras requirements_anndata.in
 #
-anndata==0.10.8
-array-api-compat==1.7.1
-exceptiongroup==1.2.1
-h5py==3.11.0
+anndata==0.10.9
+array-api-compat==1.9
+exceptiongroup==1.2.2
+h5py==3.12.1
 natsort==8.4.0
-numpy==2.0.0
+numpy==2.1.2
 packaging==24.1
-pandas==2.2.2
+pandas==2.2.3
 python-dateutil==2.9.0.post0
-pytz==2024.1
-scipy==1.14.0
+pytz==2024.2
+scipy==1.14.1
 six==1.16.0
-tzdata==2024.1
+tzdata==2024.2
diff --git a/docker/requirements_scvi.in b/docker/requirements_scvi.in
@@ -1,4 +1,5 @@
 # requirements.in packages for scvi-based analysis
-anndata~=0.10
-scanpy~=1.10
-scvi-tools~=1.1
+anndata~=0.10.8
+lightning>=2.3.3 # critical security fix
+scanpy~=1.10.2
+scvi-tools~=1.1.5
diff --git a/docker/requirements_scvi.txt b/docker/requirements_scvi.txt
@@ -5,92 +5,95 @@
 #    pip-compile --no-annotate --output-file=requirements_scvi.txt --strip-extras requirements_scvi.in
 #
 absl-py==2.1.0
-aiohttp==3.9.5
+aiohappyeyeballs==2.4.3
+aiohttp==3.10.10
 aiosignal==1.3.1
 anndata==0.10.8
-array-api-compat==1.7.1
+array-api-compat==1.9
 async-timeout==4.0.3
-attrs==23.2.0
-chex==0.1.86
+attrs==24.2.0
+chex==0.1.87
 contextlib2==21.6.0
-contourpy==1.2.1
+contourpy==1.3.0
 cycler==0.12.1
 docrep==0.3.2
-etils==1.7.0
-exceptiongroup==1.2.1
-filelock==3.15.4
-flax==0.8.5
-fonttools==4.53.1
-frozenlist==1.4.1
-fsspec==2024.6.1
-h5py==3.11.0
-idna==3.7
-importlib-resources==6.4.0
-jax==0.4.30
-jaxlib==0.4.30
+etils==1.10.0
+exceptiongroup==1.2.2
+filelock==3.16.1
+flax==0.10.0
+fonttools==4.54.1
+frozenlist==1.5.0
+fsspec==2024.10.0
+h5py==3.12.1
+humanize==4.11.0
+idna==3.10
+importlib-resources==6.4.5
+jax==0.4.35
+jaxlib==0.4.35
 jinja2==3.1.4
 joblib==1.4.2
-kiwisolver==1.4.5
+kiwisolver==1.4.7
 legacy-api-wrap==1.4
-lightning==2.1.4
-lightning-utilities==0.11.3.post0
+lightning==2.4.0
+lightning-utilities==0.11.8
 llvmlite==0.43.0
 markdown-it-py==3.0.0
-markupsafe==2.1.5
-matplotlib==3.9.1
+markupsafe==3.0.2
+matplotlib==3.9.2
 mdurl==0.1.2
 ml-collections==0.1.1
-ml-dtypes==0.4.0
+ml-dtypes==0.5.0
 mpmath==1.3.0
-msgpack==1.0.8
-mudata==0.2.4
-multidict==6.0.5
+msgpack==1.1.0
+mudata==0.3.1
+multidict==6.1.0
 multipledispatch==1.0.0
 natsort==8.4.0
 nest-asyncio==1.6.0
-networkx==3.3
+networkx==3.4.2
 numba==0.60.0
 numpy==1.26.4
-numpyro==0.15.0
-opt-einsum==3.3.0
-optax==0.2.2
-orbax-checkpoint==0.5.20
+numpyro==0.15.3
+opt-einsum==3.4.0
+optax==0.2.3
+orbax-checkpoint==0.7.0
 packaging==24.1
-pandas==2.2.2
+pandas==2.2.3
 patsy==0.5.6
-pillow==10.4.0
-protobuf==5.27.2
+pillow==11.0.0
+propcache==0.2.0
+protobuf==5.28.3
 pygments==2.18.0
 pynndescent==0.5.13
-pyparsing==3.1.2
+pyparsing==3.2.0
 pyro-api==0.1.2
 pyro-ppl==1.9.1
 python-dateutil==2.9.0.post0
-pytorch-lightning==2.3.3
-pytz==2024.1
-pyyaml==6.0.1
-rich==13.7.1
-scanpy==1.10.2
-scikit-learn==1.5.1
-scipy==1.14.0
-scvi-tools==1.1.5
+pytorch-lightning==2.4.0
+pytz==2024.2
+pyyaml==6.0.2
+rich==13.9.3
+scanpy==1.10.3
+scikit-learn==1.5.2
+scipy==1.14.1
+scvi-tools==1.1.6.post2
 seaborn==0.13.2
 session-info==1.0.0
 six==1.16.0
-statsmodels==0.14.2
-stdlib-list==0.10.0
-sympy==1.13.0
-tensorstore==0.1.63
+statsmodels==0.14.4
+stdlib-list==0.11.0
+sympy==1.13.1
+tensorstore==0.1.67
 threadpoolctl==3.5.0
-toolz==0.12.1
-torch==2.3.1
-torchmetrics==1.4.0.post0
-tqdm==4.66.4
+toolz==1.0.0
+torch==2.5.0
+torchmetrics==1.5.1
+tqdm==4.66.6
 typing-extensions==4.12.2
-tzdata==2024.1
+tzdata==2024.2
 umap-learn==0.5.6
-yarl==1.9.4
-zipp==3.19.2
+yarl==1.16.0
+zipp==3.20.2
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools