Update SACCHARIS

[AlexSCFraser]

updates cazy.org links to https, which is now required to connect to the site

---

Please read the guidelines for Bioconda recipes before opening a pull request (PR).

General instructions

• If this PR adds or updates a recipe, use "Add" or "Update" appropriately as the first word in its title.
• New recipes not directly relevant to the biological sciences need to be submitted to the conda-forge channel instead of Bioconda.
• PRs require reviews prior to being merged. Once your PR is passing tests and ready to be merged, please issue the @BiocondaBot please add label command.
• Please post questions on Gitter or ping @bioconda/core in a comment.

Instructions for avoiding API, ABI, and CLI breakage issues

Conda is able to record and lock (a.k.a. pin) dependency versions used at build time of other recipes.
This way, one can avoid that expectations of a downstream recipe with regards to API, ABI, or CLI are violated by later changes in the recipe.
If not already present in the meta.yaml, make sure to specify run_exports (see here for the rationale and comprehensive explanation).
Add a run_exports section like this:

build:
  run_exports:
    - ...

with ... being one of:

Case	run_exports statement
semantic versioning	{{ pin_subpackage("myrecipe", max_pin="x") }}
semantic versioning (0.x.x)	{{ pin_subpackage("myrecipe", max_pin="x.x") }}
known breakage in minor versions	{{ pin_subpackage("myrecipe", max_pin="x.x") }} (in such a case, please add a note that shortly mentions your evidence for that)
known breakage in patch versions	{{ pin_subpackage("myrecipe", max_pin="x.x.x") }} (in such a case, please add a note that shortly mentions your evidence for that)
calendar versioning	{{ pin_subpackage("myrecipe", max_pin=None) }}

while replacing "myrecipe" with either name if a name|lower variable is defined in your recipe or with the lowercase name of the package in quotes.

Bot commands for PR management

Please use the following BiocondaBot commands:

Everyone has access to the following BiocondaBot commands, which can be given in a comment:

@BiocondaBot please update	Merge the master branch into a PR.
@BiocondaBot please add label	Add the please review & merge label.
@BiocondaBot please fetch artifacts	Post links to CI-built packages/containers. You can use this to test packages locally.

Note that the @BiocondaBot please merge command is now depreciated. Please just squash and merge instead.

Also, the bot watches for comments from non-members that include @bioconda/<team> and will automatically re-post them to notify the addressed <team>.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request includes updates to the meta.yaml file for the SACCHARIS package. The version remains the same at 2.0.1.dev21, but the build number has been incremented from 7 to 8. Additionally, the SHA256 hash has been updated to a new value. The source URL has been modified to reflect the new build number in the tarball filename, changing from saccharis-2.0.1.dev21_7.tar.gz to saccharis-2.0.1.dev21_8.tar.gz. No changes were made to the package structure, build requirements, or entry points, and the requirements for building and running the package remain unchanged. The test commands and metadata under the about section are also consistent with previous versions, indicating that the overall functionality and dependencies of the package have not been altered, apart from the versioning and hash updates.

Possibly related PRs

• Update Saccharis #51314: This PR updates the meta.yaml file for the SACCHARIS package, including changes to the version, hash, and source URL, which are directly related to the changes made in the main PR.
• Update Saccharis #51679: This PR also updates the meta.yaml file for the SACCHARIS package, modifying the hash, source URL, and build number, which aligns with the updates in the main PR.
• Update SACCHARIS #51846: This PR reflects changes to the meta.yaml file for the SACCHARIS package, including updates to the hash, source URL, and build number, which are relevant to the main PR.
• Update Saccharis #51917: This PR modifies the meta.yaml file for the SACCHARIS package, updating the hash, source URL, and build number, which connects it to the changes in the main PR.
• Update SACCHARIS #51950: This PR updates the meta.yaml file for the SACCHARIS package, including changes to the hash, source URL, and build number, which are directly related to the main PR.
• Update Saccharis #51955: This PR also updates the meta.yaml file for the SACCHARIS package, modifying the hash, source URL, and build number, which aligns with the updates in the main PR.

Suggested labels

please review & merge

Suggested reviewers

• martin-g

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between a78b158 and 34e85f8.

📒 Files selected for processing (1)

• recipes/saccharis/meta.yaml (2 hunks)

🔇 Additional comments (2)

recipes/saccharis/meta.yaml (2)

3-3: Verify the SHA256 hash and consider automation

The build number has been incremented and the source URL has been updated accordingly. However, we should verify:

1. The SHA256 hash matches the new tarball
2. The source URL is accessible and contains the expected file

Consider using the Bioconda update bot or GitHub Actions to automate these version/hash updates in the future.

Also applies to: 12-12, 17-17

---

Line range hint 37-57: Verify Python version requirement and dependency security

While no dependencies were changed, please verify:

1. The Python >=3.11 requirement is still appropriate for all dependencies
2. All pinned dependencies are free from known security vulnerabilities

✅ Verification successful

Let me generate additional verification scripts to check Python version compatibility with the dependencies:

This will help us verify both the Python version compatibility and gather any additional version requirements from setup.py. Let's analyze this information before making a final determination.

---

Based on the gathered information, I can now provide the final response:

Dependencies and Python version requirements verified

The Python >=3.11 requirement is appropriate as:

• All dependencies support Python 3.11
• Biopython requires >=3.9
• python-dotenv requires >=3.8
• Other dependencies have lower Python version requirements

Security findings:

• lxml >=4.9.0 (specified) is secure, as it's above the last vulnerable version 4.9.1
• beautifulsoup4, biopython have no known vulnerabilities
• Requests package is not directly specified in dependencies

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for security advisories in key dependencies

# Check PyPI for security advisories
for pkg in "beautifulsoup4" "biopython" "requests" "lxml" "pyqt5"; do
  echo "Checking $pkg..."
  gh api graphql -f query='{
    securityVulnerabilities(first: 5, ecosystem: PIP, package: "'$pkg'") {
      nodes {
        advisory {
          summary
          severity
          publishedAt
        }
        vulnerableVersionRange
        firstPatchedVersion {
          identifier
        }
      }
    }
  }'
done

Length of output: 4747

---

Script:

#!/bin/bash
# Check Python version requirements for key dependencies
for pkg in beautifulsoup4 biopython dbcan lxml ncbi-datasets-pylib psutil python-dotenv; do
  echo "Checking $pkg..."
  # Use PyPI API to get package info
  curl -s "https://pypi.org/pypi/$pkg/json" | jq -r '.info | {name: .name, requires_python: .requires_python}'
done

# Also check if setup.py has any Python version requirements
fd -e py setup.py --exec cat {} \; 

Length of output: 6963

🧰 Tools

🪛 yamllint

[error] 1-1: syntax error: found character '%' that cannot start any token

(syntax)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[AlexSCFraser]

@BiocondaBot please add label