Bump the genai-workflow group across 1 directory with 9 updates #218

dependabot · 2024-07-08T13:29:17Z

Bumps the genai-workflow group with 9 updates in the /workflows/charts/huggingface-llm directory:

Package	From	To
accelerate	`0.30.1`	`0.32.1`
datasets	`2.19.0`	`2.20.0`
einops	`0.7.0`	`0.8.0`
mkl-include	`2023.2.0`	`2024.2.0`
mkl	`2023.2.0`	`2024.2.0`
onnxruntime-extensions	`0.10.1`	`0.11.0`
onnxruntime	`1.17.3`	`1.18.1`
protobuf	`4.24.4`	`5.27.2`
psutil	`5.9.5`	`6.0.0`

Updates accelerate from 0.30.1 to 0.32.1

Release notes

Sourced from accelerate's releases.

v0.32.0: Profilers, new hooks, speedups, and more!

Core

Utilize shard saving from the huggingface_hub rather than our own implementation (huggingface/accelerate#2795)

Refactor logging to use logger in dispatch_model (huggingface/accelerate#2855)

The Accelerator.step number is now restored when using save_state and load_state (huggingface/accelerate#2765)

A new profiler has been added allowing users to collect performance metrics during model training and inference, including detailed analysis of execution time and memory consumption. These can then be generated in Chrome's tracing tool. Read more about it here (huggingface/accelerate#2883)

Reduced import times for doing import accelerate and any other major core import by 68%, now should be only slightly longer than doing import torch (huggingface/accelerate#2845)

Fixed a bug in get_backend and added a clear_device_cache utility (huggingface/accelerate#2857)

Distributed Data Parallelism

Introduce DDP communication hooks to have more flexibility in how gradients are communicated across workers, overriding the standard allreduce. (huggingface/accelerate#2841)

Make log_line_prefix_template optional the notebook_launcher (huggingface/accelerate#2888)

FSDP

If the output directory doesn't exist when using accelerate merge-weights, one will be automatically created (huggingface/accelerate#2854)

When merging weights, the default is now .safetensors (huggingface/accelerate#2853)

XPU

Migrate to pytorch's native XPU backend on torch>=2.4 (huggingface/accelerate#2825)

Add @require_triton test decorator and enable test_dynamo work on xpu (huggingface/accelerate#2878)

Fixed load_state_dict not working on xpu and refine xpu safetensors version check (huggingface/accelerate#2879)

XLA

Added support for XLA Dynamo backends for both training and inference (huggingface/accelerate#2892)

Examples

Added a new multi-cpu SLURM example using accelerate launch (huggingface/accelerate#2902)

Full Changelog

Use shard saving from huggingface_hub by @SunMarc in huggingface/accelerate#2795

doc: fix link by @imba-tjd in huggingface/accelerate#2844

Revert "Slight rename" by @SunMarc in huggingface/accelerate#2850

remove warning hook addede during dispatch_model by @SunMarc in huggingface/accelerate#2843

Remove underlines between badges by @novialriptide in huggingface/accelerate#2851

Auto create dir when merging FSDP weights by @helloworld1 in huggingface/accelerate#2854

Add DDP Communication Hooks by @yhna940 in huggingface/accelerate#2841

Refactor logging to use logger in dispatch_model by @panjd123 in huggingface/accelerate#2855

xpu: support xpu backend from stock pytorch (>=2.4) by @dvrogozh in huggingface/accelerate#2825

Drop torch re-imports in npu and mlu paths by @dvrogozh in huggingface/accelerate#2856

Default FSDP weights merge to safetensors by @helloworld1 in huggingface/accelerate#2853

[tests] fix bug in test_tracking.ClearMLTest by @faaany in huggingface/accelerate#2863

[tests] use torch_device instead of 0 for device check by @faaany in huggingface/accelerate#2861

[tests] skip bnb-related tests instead of failing on xpu by @faaany in huggingface/accelerate#2860

Potentially fix tests by @muellerzr in huggingface/accelerate#2862

[tests] enable XPU backend for test_zero3_integration by @faaany in huggingface/accelerate#2864

Support saving and loading of step while saving and loading state by @bipinKrishnan in huggingface/accelerate#2765

Add Profiler Support for Performance Analysis by @yhna940 in huggingface/accelerate#2883

Speed up imports and add a CI by @muellerzr in huggingface/accelerate#2845

Make log_line_prefix_template Optional in Elastic Launcher for Backward Compatibility by @yhna940 in huggingface/accelerate#2888

Add XLA Dynamo backends for training and inference by @johnsutor in huggingface/accelerate#2892

Added a MultiCPU SLURM example using Accelerate Launch and MPIRun by @okhleif-IL in huggingface/accelerate#2902

make more cuda-only tests device-agnostic by @faaany in huggingface/accelerate#2876

... (truncated)

Commits

9726538 Fix slowdown on init with device_map="auto" (#2914)
6d3324a Release v0.32.0
8330b37 Fix get_backend bug and add clear_device_cache function (#2857)
92404fb fix load_state_dict for xpu and refine xpu safetensor version check (#2879)
3a02754 add require_triton and enable test_dynamo work on xpu (#2878)
fec1170 fix mlu device longTensor bugs (#2887)
eac206f make more cuda-only tests device-agnostic (#2876)
6882ff2 Added a MultiCPU SLURM example using Accelerate Launch and MPIRun (#2902)
57a4c74 Add XLA Dynamo backends for training and inference (#2892)
404510a Make log_line_prefix_template Optional in Elastic Launcher for Backward Com...
Additional commits viewable in compare view

Updates datasets from 2.19.0 to 2.20.0

Release notes

Sourced from datasets's releases.

2.20.0

Important

Remove default trust_remote_code=True by @lhoestq in huggingface/datasets#6954

datasets with a python loading script now require passing trust_remote_code=True to be used

Datasets features
[Resumable IterableDataset] Add IterableDataset state_dict by @lhoestq in huggingface/datasets#6658
checkpoint and resume an iterable dataset (e.g. when streaming):
>>> iterable_dataset = Dataset.from_dict({"a": range(6)}).to_iterable_dataset(num_shards=3)
>>> for idx, example in enumerate(iterable_dataset):
...     print(example)
...     if idx == 2:
...         state_dict = iterable_dataset.state_dict()
...         print("checkpoint")
...         break
>>> iterable_dataset.load_state_dict(state_dict)
>>> print(f"restart from checkpoint")
>>> for example in iterable_dataset:
...     print(example)
Returns:
{'a': 0}
{'a': 1}
{'a': 2}
checkpoint
restart from checkpoint
{'a': 3}
{'a': 4}
{'a': 5}
General improvements and bug fixes

Add docs about the CLI by @albertvillanova in huggingface/datasets#6831

Remove token arg from CLI examples by @albertvillanova in huggingface/datasets#6839

Allow deleting a subset/config from a no-script dataset by @albertvillanova in huggingface/datasets#6820

Fix line-endings in tests on Windows by @albertvillanova in huggingface/datasets#6857

Fix CI by temporarily pinning huggingface-hub < 0.23.0 by @albertvillanova in huggingface/datasets#6861

Fix dataset name for community Hub script-datasets by @albertvillanova in huggingface/datasets#6855

Update tqdm >= 4.66.3 to fix vulnerability by @albertvillanova in huggingface/datasets#6870

Fix download for dict of dicts of URLs by @albertvillanova in huggingface/datasets#6871

Set dev version by @albertvillanova in huggingface/datasets#6873

Shorten long logs by @lhoestq in huggingface/datasets#6875

Support jax 0.4.27 in CI tests by @albertvillanova in huggingface/datasets#6885

Close gzipped files properly by @lhoestq in huggingface/datasets#6893

Make CLI convert_to_parquet not raise error if no rights to create script branch by @albertvillanova in huggingface/datasets#6902

... (truncated)

Commits

98fdc9e Release: 2.20.0 (#6969)
af3acfd fix(ci): remove unnecessary permissions (#6962)
37a6036 Move info_utils errors to exceptions module (#6952)
9510252 Better error handling in dataset_module_factory (#6959)
97513be feat(ci): add trufflehog secrets detection (#6960)
686f5df Add support for categorical/dictionary types (#6892)
a2dc287 Remove default trust_remote_code=True (#6954)
09ebf51 Validate config name and data_files in packaged modules (#6915)
5bbbf1b Validate config name and data_files in packaged modules (#6915)
6548e0e Fix typos in docs (#6957)
Additional commits viewable in compare view

Updates einops from 0.7.0 to 0.8.0

Release notes

Sourced from einops's releases.

v0.8.0: tinygrad, small fixes and updates

TLDR

tinygrad backend added

resolve warning in py3.11 related to docstring

remove graph break for unpack

breaking TF layers were updated to follow new instructions, new layers compatible with TF 2.16, and not compatible with old TF (certainly does not work with TF2.13)

What's Changed

Fix invalid escape sequence in einsum docstring by @atwam in arogozhnikov/einops#298

Tinygrad support by @blueridanus in arogozhnikov/einops#297

Coerce bool to int in unpack by @drubinstein in arogozhnikov/einops#287

Remove oneflow from testing by @arogozhnikov in arogozhnikov/einops#289

tests: fix torch installation to force CPU by @arogozhnikov in arogozhnikov/einops#288

Allow anonymous axes in parse_shape, fix #302 by @arogozhnikov in arogozhnikov/einops#303

Codebase standards + update TF layers by @arogozhnikov in arogozhnikov/einops#318

update github actions by @arogozhnikov in arogozhnikov/einops#319

New Contributors

@drubinstein made their first contribution in arogozhnikov/einops#287

@atwam made their first contribution in arogozhnikov/einops#298

@blueridanus made their first contribution in arogozhnikov/einops#297

Full Changelog: arogozhnikov/einops@v0.7.0...v0.8.0

Commits

fe9d81d bump version to 0.8.0
10e19b4 prepare readme for a new release
b67cfea Rename KerasBackend -> TFKerasBackend to avoid confusion with keras 3.
f33113e update github actions
cff63f2 Codebase standards + update TF layers (#318)
2ab5c2a switch to stable paddlepaddle in testing, because of https://github.com/Paddl...
60b87de remove announcement
5655ce1 Merge pull request #303 from arogozhnikov/dev
5b41d90 allow anonymous axes in parse_shape, fix #302
9a9b304 delete experimental data-api_packing as production version is available now
Additional commits viewable in compare view

Updates mkl-include from 2023.2.0 to 2024.2.0

Updates mkl from 2023.2.0 to 2024.2.0

Commits

See full diff in compare view

Updates onnxruntime-extensions from 0.10.1 to 0.11.0

Release notes

Sourced from onnxruntime-extensions's releases.

v0.11.0

What's changed

Created Java packaging pipeline and published to Maven repository.

Added support for conversion of Huggingface FastTokenizer into ONNX custom operator.

Unified the SentencePiece tokenizer with other Byte Pair Encoding (BPE) based tokenizers.

Fixed Whisper large model pre-processing bug.

Enabled eager execution for custom operator and refactored the header file structure.

Contributions

Contributors to ONNX Runtime Extensions include members across teams at Microsoft, along with our community members: @sayanshaw24 @wenbingl @skottmckay @natke @hariharans29 @jslhcl @snnn @kazssym @YUNQIUGUO @souptc @yihonglyu

Commits

8d8670f Fix the Linux and MacOS wheel build for packaging issues (#727)
b988f0d Update onebranch-windows-build-stage.yml
b1989b7 Revert net7.0 update for now (#701) (#712)
1f31d33 Eager mode: cuda kernel support (#694)
627e93a fix version in renaming (#692)
f9290e8 Add a status class for future tokenizer API implementation (#690)
6464627 Refactor the header file directory and integrate the eager tensor implementat...
fe8cd9e Add extensions catalyst support (#684)
a96ed42 Update ext_java.cmake (#688)
00a594f Standardize the inputs for ONNX STFT op for Whisper model (#681)
Additional commits viewable in compare view

Updates onnxruntime from 1.17.3 to 1.18.1

Release notes

Sourced from onnxruntime's releases.

ONNX Runtime v1.18.1

What's new?

Announcements:

ONNX Runtime Python packages now have numpy dependency >=1.21.6, <2.0. Support for numpy 2.0 will be added in a future release.

CUDA 12.x ONNX Runtime GPU packages are now built against cuDNN 9.x (1.18.0 packages previously depended on cuDNN 8.x). CUDA 11.x ONNX Runtime GPU packages continue to depend on CuDNN 8.x.

Windows packages require installation of Microsoft Visual C++ Redistributable Runtime 14.38 or newer.

TensorRT EP:

TensorRT Weightless API integration.

Support for TensorRT hardware compatible engines.

Support for INT64 types in TensorRT constant layer calibration.

Now using latest commit of onnx-tensorrt parser, which includes several issue fixes.

Additional TensorRT support and performance improvements.

Packages:

Publish CUDA 12 Java packages to Azure DevOps feed.

Various packaging pipeline fixes.

This patch release also features various other bug fixes, including a CUDA 12.5 build error fix.

Big thank you to @yf711 for driving this release as the release manager and to all our contributors!

@yf711 @jchen351 @mszhanyi @snnn @wangyems @jywu-msft @skottmckay @chilo-ms @moraxu @kevinch-nv @pengwa @wejoncy @pranavsharma @Craigacp @jslhcl @adrianlizarraga @inisis @jeffbloo @mo-ja @kunal-vaishnavi @sumitsays @neNasko1 @yufenglee @dhruvbird @wangshuai09 @xiaoyu-work @axinging @yuslepukhin @YUNQIUGUO @shubhambhokare1 @fs-eire @afantino951 @tboby @HectorSVC @baijumeswani

ONNX Runtime v1.18.0

Announcements

Windows ARM32 support has been dropped at the source code level.

Python version >=3.8 is now required for build.bat/build.sh (previously >=3.7). Note: If you have Python version <3.8, you can bypass the tools and use CMake directly.

The onnxruntime-mobile Android package and onnxruntime-mobile-c/onnxruntime-mobile-objc iOS cocoapods are being deprecated. Please use the onnxruntime-android Android package, and onnxruntime-c/onnxruntime-objc cocoapods, which support ONNX and ORT format models and all operators and data types. Note: If you require a smaller binary size, a custom build is required. See details on creating a custom Android or iOS package on Custom build | onnxruntime.

Build System & Packages

CoreML execution provider now depends on coremltools.

Flatbuffers has been upgraded from 1.12.0 → 23.5.26.

ONNX has been upgraded from 1.15 → 1.16.

EMSDK has been upgraded from 3.1.51 → 3.1.57.

Intel neural_speed library has been upgraded from v0.1.1 → v0.3 with several important bug fixes.

There is a new onnxruntime_CUDA_MINIMAL CMake option for building ONNX Runtime CUDA execution provider without any operations apart from memcpy ops.

Added support for Catalyst for macOS build support.

Added initial support for RISC-V and three new build options for it: --rv64, --riscv_toolchain_root, and --riscv_qemu_path.

Now you can build TensorRT EP with protobuf-lite instead of the full version of protobuf.

Some security-related compile/link flags have been moved from the default setting → new build option: --use_binskim_compliant_compile_flags. Note: All our release binaries are built with this flag, but when building ONNX Runtime from source, this flag is default OFF.

Windows ARM64 build now depends on PyTorch CPUINFO library.

Windows OneCore build now uses “Reverse forwarding” apisets instead of “Direct forwarding”, so onnxruntime.dll in our Nuget packages will depend on kernel32.dll. Note: Windows systems without kernel32.dll need to have reverse forwarders (see API set loader operation - Win32 apps | Microsoft Learn for more information).

Core

Added ONNX 1.16 support.

Added additional optimizations related to Dynamo-exported models.

Improved testing infrastructure for EPs developed as shared libraries.

Exposed Reserve() in OrtAllocator to allow custom allocators to work when session.use_device_allocator_for_initializers is specified.

... (truncated)

Commits

3871274 [ORT 1.18.1 Release] Update ORT numpy dependency to >=1.21.6,<2.0 (#21141)
d0aee20 [ORT 1.18.1 Release] Cherry pick 3rd round (#21129)
8bfcf14 [ORT 1.18.1 Release] update 1.18.1 patch release version (#21143)
25ab935 [ORT 1.18.1 Release] Cherry pick 2nd round (#21111)
91fb865 [ORT 1.18.1 Release] Cherry pick 1st round (#21105)
4573740 [ORT 1.18.0 Release] Cherry pick 3rd/Final round (#20677)
ed349b9 Mark end of version 17 and 18 C API (#20671)
d72b476 [ORT 1.18.0 Release] Cherry pick 2nd round (#20620)
65f3fbf [ORT 1.18.0 Release] Cherry pick 1st round (#20585)
204f1f5 Run fuzz testing before the CG task cleans up the build directory (#20500) (#...
Additional commits viewable in compare view

Updates protobuf from 4.24.4 to 5.27.2

Commits

63def39 Updating version.json and repo version numbers to: 27.2
19bd211 Port windows bootstrapping fix (#17225)
4923b8d Fix string_type bugs in edition 2023 (#17211)
b0a3c23 Merge pull request #17164 from protocolbuffers/cp-stubs
270ca66 Cleanup imports and comments in V3 stubs.
1e360a4 Add stubs for GeneratedMessageV3, RepeatedFieldBuilderV3, SingleFieldBuilderV...
9cfb59b Add simple conformance test that builds the old gencode against the current r...
6c6f514 Merge pull request #17161 from protocolbuffers/backport-java
c7a006a Fix checking unknown field set empty which wasn't exposed yet in 27.x
2426a02 Reserialize all unresolved features using java features from the generated po...
Additional commits viewable in compare view

Updates psutil from 5.9.5 to 6.0.0

Changelog

Sourced from psutil's changelog.

6.0.0

2024-06-18

Enhancements

2109_: maxfile and maxpath fields were removed from the namedtuple returned by disk_partitions()_. Reason: on network filesystems (NFS) this can potentially take a very long time to complete.

2366_, [Windows]: log debug message when using slower process APIs.

2375_, [macOS]: provide arm64 wheels. (patch by Matthieu Darbois)

2396_: process_iter()_ no longer pre-emptively checks whether PIDs have been reused. This makes process_iter()_ around 20x times faster.

2396_: a new psutil.process_iter.cache_clear() API can be used the clear process_iter()_ internal cache.

2401_, Support building with free-threaded CPython 3.13. (patch by Sam Gross)

2407_: Process.connections()_ was renamed to Process.net_connections()_. The old name is still available, but it's deprecated (triggers a DeprecationWarning) and will be removed in the future.

2425_: [Linux]: provide aarch64 wheels. (patch by Matthieu Darbois / Ben Raz)

Bug fixes

2250_, [NetBSD]: Process.cmdline()_ sometimes fail with EBUSY. It usually happens for long cmdlines with lots of arguments. In this case retry getting the cmdline for up to 50 times, and return an empty list as last resort.

2254_, [Linux]: offline cpus raise NotImplementedError in cpu_freq() (patch by Shade Gladden)

2272_: Add pickle support to psutil Exceptions.

2359_, [Windows], [CRITICAL]: pid_exists()_ disagrees with Process_ on whether a pid exists when ERROR_ACCESS_DENIED.

2360_, [macOS]: can't compile on macOS < 10.13. (patch by Ryan Schmidt)

2362_, [macOS]: can't compile on macOS 10.11. (patch by Ryan Schmidt)

2365_, [macOS]: can't compile on macOS < 10.9. (patch by Ryan Schmidt)

2395_, [OpenBSD]: pid_exists()_ erroneously return True if the argument is a thread ID (TID) instead of a PID (process ID).

2412_, [macOS]: can't compile on macOS 10.4 PowerPC due to missing MNT_ constants.

Porting notes

Version 6.0.0 introduces some changes which affect backward compatibility:

2109_: the namedtuple returned by disk_partitions()_' no longer has maxfile and maxpath fields.

2396_: process_iter()_ no longer pre-emptively checks whether PIDs have been reused. If you want to check for PID reusage you are supposed to use Process.is_running()_ against the yielded Process_ instances. That will also automatically remove reused PIDs from process_iter()_ internal cache.

... (truncated)

Commits

3d5522a release
5b30ef4 Add aarch64 manylinux wheels (#2425)
1d092e7 test subprocesses: sleep() with an interval of 0.1 to make the test process m...
5f80c12 Fix #2412, [macOS]: can't compile on macOS 10.4 PowerPC due to missing MNT_...
89b6096 process_iter(): use another global var to keep track of reused PIDs
9421bf8 openbsd: skip test if cmdline() returns [] due to EBUSY
4b1a054 Fix #2250 / NetBSD / cmdline: retry on EBUSY. (#2421)
20be5ae ruff: enable and fix 'unused variable' rule
5530985 chore(ci): update actions (#2417)
1c7cb0a Don't build with limited API for 3.13 free-threaded build (#2402)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

github-actions · 2024-07-08T13:34:08Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

workflows/charts/huggingface-llm/requirements.txt

Package	Version	License	Issue Type
mkl-include	2024.2.0	Null	Unknown License
mkl	2024.2.0	Null	Unknown License

OpenSSF Scorecard

Package

Version

Score

Details

pip/accelerate

0.32.1

🟢 6.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 29/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 2	SAST tool is not run on all commits -- score normalized to 2

pip/datasets

2.20.0

🟢 5.8

Details

Check	Score	Reason
Code-Review	🟢 3	Found 10/30 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

pip/einops

0.8.0

🟢 5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 4/20 approved changesets -- score normalized to 2
Maintained	🟢 10	8 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

pip/mkl

2024.2.0

Unknown

pip/mkl-include

2024.2.0

Unknown

pip/onnxruntime

1.18.1

🟢 6.8

Details

Check	Score	Reason
Code-Review	🟢 10	all last 30 commits are reviewed through GitHub
Maintained	🟢 10	30 commit(s) out of 30 and 8 issue activity out of 30 found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no badge detected
Vulnerabilities	🟢 10	no vulnerabilities detected
Signed-Releases	⚠️ 0	0 out of 5 artifacts are signed or have provenance
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	no published package detected
License	🟢 10	license file detected
Token-Permissions	⚠️ 0	non read-only tokens detected in GitHub workflows
Dependency-Update-Tool	🟢 10	update tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

pip/onnxruntime-extensions

0.11.0

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 9	Found 29/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

pip/protobuf

5.27.2

🟢 6.9

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests	🟢 9	23 out of 24 merged PRs checked by a CI test -- score normalized to 9
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 1	found 25 unreviewed changesets out of 30 -- score normalized to 1
Contributors	🟢 10	13 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 9	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 3 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 1	SAST tool is not run on all commits -- score normalized to 1
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ 0	0 out of 5 artifacts are signed or have provenance
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

pip/psutil

6.0.0

🟢 5.8

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 8/30 approved changesets -- score normalized to 2
Maintained	🟢 10	14 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	🟢 10	project is fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

workflows/charts/huggingface-llm/requirements.txt

accelerate@0.32.1
datasets@2.20.0
einops@0.8.0
mkl@2024.2.0
mkl-include@2024.2.0
onnxruntime@1.18.1
onnxruntime-extensions@0.11.0
protobuf@5.27.2
psutil@6.0.0
accelerate@0.30.1
datasets@2.19.0
einops@0.7.0
mkl@2023.2.0
mkl-include@2023.2.0
onnxruntime@1.17.3
onnxruntime-extensions@0.10.1
protobuf@4.24.4
psutil@5.9.5

github-advanced-security · 2024-07-08T13:44:07Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

Bumps the genai-workflow group with 9 updates in the /workflows/charts/huggingface-llm directory: | Package | From | To | | --- | --- | --- | | [accelerate](https://github.com/huggingface/accelerate) | `0.30.1` | `0.32.1` | | [datasets](https://github.com/huggingface/datasets) | `2.19.0` | `2.20.0` | | [einops](https://github.com/arogozhnikov/einops) | `0.7.0` | `0.8.0` | | [mkl-include](https://www.intel.com/content/www/us/en/developer/tools/oneapi/onemkl.html) | `2023.2.0` | `2024.2.0` | | [mkl](https://github.com/oneapi-src/oneMKL) | `2023.2.0` | `2024.2.0` | | [onnxruntime-extensions](https://github.com/microsoft/onnxruntime-extensions) | `0.10.1` | `0.11.0` | | [onnxruntime](https://github.com/microsoft/onnxruntime) | `1.17.3` | `1.18.1` | | [protobuf](https://github.com/protocolbuffers/protobuf) | `4.24.4` | `5.27.2` | | [psutil](https://github.com/giampaolo/psutil) | `5.9.5` | `6.0.0` | Updates `accelerate` from 0.30.1 to 0.32.1 - [Release notes](https://github.com/huggingface/accelerate/releases) - [Commits](huggingface/accelerate@v0.30.1...v0.32.1) Updates `datasets` from 2.19.0 to 2.20.0 - [Release notes](https://github.com/huggingface/datasets/releases) - [Commits](huggingface/datasets@2.19.0...2.20.0) Updates `einops` from 0.7.0 to 0.8.0 - [Release notes](https://github.com/arogozhnikov/einops/releases) - [Commits](arogozhnikov/einops@v0.7.0...v0.8.0) Updates `mkl-include` from 2023.2.0 to 2024.2.0 Updates `mkl` from 2023.2.0 to 2024.2.0 - [Release notes](https://github.com/oneapi-src/oneMKL/releases) - [Commits](https://github.com/oneapi-src/oneMKL/commits) Updates `onnxruntime-extensions` from 0.10.1 to 0.11.0 - [Release notes](https://github.com/microsoft/onnxruntime-extensions/releases) - [Commits](microsoft/onnxruntime-extensions@v0.10.1...v.0.11.0) Updates `onnxruntime` from 1.17.3 to 1.18.1 - [Release notes](https://github.com/microsoft/onnxruntime/releases) - [Changelog](https://github.com/microsoft/onnxruntime/blob/main/docs/ReleaseManagement.md) - [Commits](microsoft/onnxruntime@v1.17.3...v1.18.1) Updates `protobuf` from 4.24.4 to 5.27.2 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](protocolbuffers/protobuf@v4.24.4...v5.27.2) Updates `psutil` from 5.9.5 to 6.0.0 - [Changelog](https://github.com/giampaolo/psutil/blob/master/HISTORY.rst) - [Commits](giampaolo/psutil@release-5.9.5...release-6.0.0) --- updated-dependencies: - dependency-name: accelerate dependency-type: direct:production update-type: version-update:semver-minor dependency-group: genai-workflow - dependency-name: datasets dependency-type: direct:production update-type: version-update:semver-minor dependency-group: genai-workflow - dependency-name: einops dependency-type: direct:production update-type: version-update:semver-minor dependency-group: genai-workflow - dependency-name: mkl-include dependency-type: direct:production update-type: version-update:semver-major dependency-group: genai-workflow - dependency-name: mkl dependency-type: direct:production update-type: version-update:semver-major dependency-group: genai-workflow - dependency-name: onnxruntime-extensions dependency-type: direct:production update-type: version-update:semver-minor dependency-group: genai-workflow - dependency-name: onnxruntime dependency-type: direct:production update-type: version-update:semver-minor dependency-group: genai-workflow - dependency-name: protobuf dependency-type: direct:production update-type: version-update:semver-major dependency-group: genai-workflow - dependency-name: psutil dependency-type: direct:production update-type: version-update:semver-major dependency-group: genai-workflow ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-07-29T13:50:38Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot requested review from tylertitsworth and dmsuehir as code owners July 8, 2024 13:29

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 8, 2024

dependabot bot force-pushed the dependabot/pip/workflows/charts/huggingface-llm/genai-workflow-f47b5648a3 branch 2 times, most recently from 6fa051a to 7034b14 Compare July 22, 2024 13:27

dependabot bot force-pushed the dependabot/pip/workflows/charts/huggingface-llm/genai-workflow-f47b5648a3 branch from 7034b14 to 8670936 Compare July 22, 2024 16:23

dependabot bot closed this Jul 29, 2024

dependabot bot deleted the dependabot/pip/workflows/charts/huggingface-llm/genai-workflow-f47b5648a3 branch July 29, 2024 13:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the genai-workflow group across 1 directory with 9 updates #218

Bump the genai-workflow group across 1 directory with 9 updates #218

dependabot bot commented on behalf of github Jul 8, 2024 •

edited

Loading

github-actions bot commented Jul 8, 2024 •

edited

Loading

github-advanced-security bot commented Jul 8, 2024

dependabot bot commented on behalf of github Jul 29, 2024

Bump the genai-workflow group across 1 directory with 9 updates #218

Bump the genai-workflow group across 1 directory with 9 updates #218

Conversation

dependabot bot commented on behalf of github Jul 8, 2024 • edited Loading

v0.32.0: Profilers, new hooks, speedups, and more!

Core

Distributed Data Parallelism

FSDP

XPU

XLA

Examples

Full Changelog

2.20.0

Important

Datasets features

General improvements and bug fixes

v0.8.0: tinygrad, small fixes and updates

TLDR

What's Changed

New Contributors

v0.11.0

What's changed

Contributions

ONNX Runtime v1.18.1

What's new?

ONNX Runtime v1.18.0

Announcements

Build System & Packages

Core

6.0.0

github-actions bot commented Jul 8, 2024 • edited Loading

Dependency Review

License Issues

workflows/charts/huggingface-llm/requirements.txt

OpenSSF Scorecard

Scanned Manifest Files

github-advanced-security bot commented Jul 8, 2024

dependabot bot commented on behalf of github Jul 29, 2024

dependabot bot commented on behalf of github Jul 8, 2024 •

edited

Loading

github-actions bot commented Jul 8, 2024 •

edited

Loading