Fix TrustyAI missing pylock.cpu.toml update

[ayush17]

Summary

The previous PR #3254 updated requirements.cpu.txt but the pylock.cpu.toml was not properly included in the merge. This regenerates both lockfiles to fix the TrustyAI test failures on main.

Changes

• Regenerated lockfiles using: FORCE_LOCKFILES_UPGRADE=1 make refresh-lock-files DIR=jupyter/trustyai/ubi9-python-3.12

Test Plan

• CI tests pass
• TrustyAI build succeeds

Fixes test failures reported by @atheo89

Made with Cursor

Summary by CodeRabbit

• Chores
  • Updated multiple package dependencies to their latest stable versions, including updates to core data science libraries (Ray, Transformers), infrastructure tools (Boto3, UVicorn), cryptography packages, and other supporting components for enhanced security and performance.

[github-actions]

@ayush17 — This PR is from a fork.
The build-rhoai CI job was skipped because subscription
builds (RHEL, AIPCC) need secrets unavailable to forks.
ODH builds and code quality checks still ran.

Recommended: Push your branch to the main repo for full CI:

git remote add upstream https://github.com/opendatahub-io/notebooks.git
git push upstream HEAD:ayush17/your-branch-name

Then open a new PR from that branch.

No push access? A maintainer will cherry-pick and test your changes.

See CONTRIBUTING.md for details.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited), Repository UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 200226bb-9eb4-464d-b0f8-fa7b56f6433f

📥 Commits

Reviewing files that changed from the base of the PR and between 715a38f and e451e89.

📒 Files selected for processing (2)

• jupyter/trustyai/ubi9-python-3.12/requirements.cpu.txt
• jupyter/trustyai/ubi9-python-3.12/uv.lock.d/pylock.cpu.toml

---

📝 Walkthrough

Walkthrough

Dependency versions are bumped across two configuration files for a Jupyter/TrustyAI Python 3.12 CPU environment. Twenty-two packages receive version updates (including boto3, cryptography, transformers, uvicorn) with corresponding hash values recalculated. The lock file's exclusion timestamp advances from April 4 to April 7, 2026, and pyarrow's wheel set expands to include new architecture variants. No code logic is modified.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Actionable issues

invoke major version bump (2.2.1→3.0.2): This crosses a major version boundary. Verify no breaking API changes impact downstream usage within this environment, as invoke is a task execution library with potential compatibility implications for build/deployment scripts.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	Title uses past tense ('Fix') instead of imperative mood and lacks required RHAIENG or NO-JIRA ticket reference.	Change to imperative mood format: 'RHAIENG-XXXX: chore: update TrustyAI pylock.cpu.toml' or 'NO-JIRA: chore: update TrustyAI pylock.cpu.toml' with appropriate ticket.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	Description adequately summarizes the issue, changes made, and testing approach, meeting the core requirements despite incomplete checklist items.
Branch Prefix Policy	✅ Passed	PR title "Fix TrustyAI missing pylock.cpu.toml update" targets main branch and does not start with a branch prefix, complying with policy.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 3.34%. Comparing base (a9c8da2) to head (e451e89).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files

@@          Coverage Diff          @@
##            main   #3306   +/-   ##
=====================================
  Coverage   3.34%   3.34%           
=====================================
  Files         31      31           
  Lines       3562    3562           
  Branches     572     572           
=====================================
  Hits         119     119           
  Misses      3441    3441           
  Partials       2       2           

Flag	Coverage Δ
python	3.34% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a9c8da2...e451e89. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jiridanek]

check-generated-code still fails, but if it has been failing more befoe and this is an improvement, then ok

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jiridanek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jiridanek]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[atheo89]

Thank you @ayush17!
For some reason the pytest failing on pandas version, expects 3.x but found 2.x. I see that 2.x is on datascience notebook. Could you please check why it doesn't fetch the pandas version from trusty?
The failing test regarding feast was always there, so ignore it for now as well as the check-generated-code.
(Rebase before you push latest commits)

[openshift-ci]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.