Bump the pytorch group across 1 directory with 17 updates

[dependabot]

Bumps the pytorch group with 17 updates in the /pytorch directory:

Package	From	To
torch	2.1.0.post0+cxx11.abi	2.3.1
torchvision	0.16.0.post0+cxx11.abi	0.18.1
torchaudio	2.1.0.post0+cxx11.abi	2.3.1
intel-extension-for-pytorch	2.1.20+xpu	2.3.100+cpu
oneccl-bind-pt	2.1.200	2.3.0+cpu
accelerate	0.28.0	0.32.1
datasets	2.19.0	2.20.0
einops	0.7.0	0.8.0
evaluate	0.4.1	0.4.2
onnxruntime-extensions	0.10.1	0.11.0
onnxruntime	1.17.3	1.18.1
peft	0.10.0	0.11.1
protobuf	4.24.4	5.27.2
scikit-learn	1.5.0	1.5.1
transformers	4.41.2	4.42.4
jupyterlab	4.3.0a0	4.3.0a2
notebook	7.3.0a0	7.3.0a1

Updates torch from 2.1.0.post0+cxx11.abi to 2.3.1

Release notes

Sourced from torch's releases.

PyTorch 2.3.1 Release, bug fix release

This release is meant to fix the following issues (regressions / silent correctness):

Torch.compile:

• Remove runtime dependency on JAX/XLA, when importing torch.__dynamo (pytorch/pytorch#124634)
• Hide Plan failed with a cudnnException warning (pytorch/pytorch#125790)
• Fix CUDA memory leak (pytorch/pytorch#124238) (pytorch/pytorch#120756)

Distributed:

• Fix format_utils executable, which was causing it to run as a no-op (pytorch/pytorch#123407)
• Fix regression with device_mesh in 2.3.0 during initialization causing memory spikes (pytorch/pytorch#124780)
• Fix crash of FSDP + DTensor with ShardingStrategy.SHARD_GRAD_OP (pytorch/pytorch#123617)
• Fix failure with distributed checkpointing + FSDP if at least 1 forward/backward pass has not been run. (pytorch/pytorch#121544) (pytorch/pytorch#127069)
• Fix error with distributed checkpointing + FSDP, and with use_orig_params = False and activation checkpointing (pytorch/pytorch#124698) (pytorch/pytorch#126935)
• Fix set_model_state_dict errors on compiled module with non-persistent buffer with distributed checkpointing (pytorch/pytorch#125336) (pytorch/pytorch#125337)

MPS:

• Fix data corruption when coping large (>4GiB) tensors (pytorch/pytorch#124635)
• Fix Tensor.abs() for complex (pytorch/pytorch#125662)

Packaging:

• Fix UTF-8 encoding on Windows .pyi files (pytorch/pytorch#124932)
• Fix import torch failure when wheel is installed for a single user on Windows(pytorch/pytorch#125684)
• Fix compatibility with torchdata 0.7.1 (pytorch/pytorch#122616)
• Fix aarch64 docker publishing to https://ghcr.io (pytorch/pytorch#125617)
• Fix performance regression an aarch64 linux (pytorch/builder#1803)

Other:

• Fix DeepSpeed transformer extension build on ROCm (pytorch/pytorch#121030)
• Fix kernel crash on tensor.dtype.to_complex() after ~100 calls in ipython kernel (pytorch/pytorch#125154)

Release tracker pytorch/pytorch#125425 contains all relevant pull requests related to this release as well as links to related issues.

PyTorch 2.3: User-Defined Triton Kernels in torch.compile, Tensor Parallelism in Distributed

PyTorch 2.3 Release notes

• Highlights
• Backwards Incompatible Changes
• Deprecations
• New Features
• Improvements
• Bug fixes
• Performance
• Documentation

Highlights

We are excited to announce the release of PyTorch® 2.3! PyTorch 2.3 offers support for user-defined Triton kernels in torch.compile, allowing for users to migrate their own Triton kernels from eager without experiencing performance complications or graph breaks. As well, Tensor Parallelism improves the experience for training Large Language Models using native PyTorch functions, which has been validated on training runs for 100B parameter models.

This release is composed of 3393 commits and 426 contributors since PyTorch 2.2. We want to sincerely thank our dedicated community for your contributions. As always, we encourage you to try these out and report any issues as we improve 2.3. More information about how to get started with the PyTorch 2-series can be found at our Getting Started page.

... (truncated)

Commits

• See full diff in compare view

Updates torchvision from 0.16.0.post0+cxx11.abi to 0.18.1

Release notes

Sourced from torchvision's releases.

TorchVision 0.18.1 Release

This is a patch release, which is compatible with PyTorch 2.3.1. There are no new features added.

TorchVision 0.18 Release

BC-Breaking changes

[datasets] gdown is now a required dependency for downloading datasets that are on Google Drive. This change was actually introduced in 0.17.1 (repeated here for visibility) (#8237) [datasets] The StanfordCars dataset isn’t available for download anymore. Please follow these instructions to manually download it (#8309, #8324) [transforms] to_grayscale and corresponding transform now always return 3 channels when num_output_channels=3 (#8229)

Bug Fixes

[datasets] Fix download URL of EMNIST dataset (#8350) [datasets] Fix root path expansion in Kitti dataset (#8164) [models] Fix default momentum value of BatchNorm2d in MaxViT from 0.99 to 0.01 (#8312) [reference scripts] Fix CutMix and MixUp arguments (#8287) [MPS, build] Link essential libraries in cmake (#8230) [build] Fix build with ffmpeg 6.0 (#8096)

New Features

[transforms] New GrayscaleToRgb transform (#8247) [transforms] New JPEG augmentation transform (#8316)

Improvements

[datasets, io] Added pathlib.Path support to datasets and io utilities. (#8196, #8200, #8314, #8321) [datasets] Added allow_empty parameter to ImageFolder and related utils to support empty classes during image discovery (#8311) [datasets] Raise proper error in CocoDetection when a slice is passed (#8227) [io] Added support for EXIF orientation in JPEG and PNG decoders (#8303, #8279, #8342, #8302) [io] Avoiding unnecessary copies on io.VideoReader with pyav backend (#8173) [transforms] Allow SanitizeBoundingBoxes to sanitize more than labels (#8319) [transforms] Add sanitize_bounding_boxes kernel/functional (#8308) [transforms] Make perspective more numerically stable (#8249) [transforms] Allow 2D numpy arrays as inputs for to_image (#8256) [transforms] Speed-up rotate for 90, 180, 270 degrees (#8295) [transforms] Enabled torch compile on affine transform (#8218) [transforms] Avoid some graph breaks in transforms (#8171) [utils] Add float support to draw_keypoints (#8276) [utils] Add visibility parameter to draw_keypoints (#8225) [utils] Add float support to draw_segmentation_masks (#8150) [utils] Better show overlap section of masks in draw_segmentation_masks (#8213) [Docs] Various documentation improvements (#8341, #8332, #8198, #8318, #8202, #8246, #8208, #8231, #8300, #8197) [code quality] Various code quality improvements (#8273, #8335, #8234, #8345, #8334, #8119, #8251, #8329, #8217, #8180, #8105, #8280, #8161, #8313)

Contributors

We're grateful for our community, which helps us improve torchvision by submitting issues and PRs, and providing feedback and suggestions. The following persons have contributed patches for this release:

... (truncated)

Commits

• See full diff in compare view

Updates torchaudio from 2.1.0.post0+cxx11.abi to 2.3.1

Release notes

Sourced from torchaudio's releases.

TorchAudio 2.3.1 Release

This release is compatible with PyTorch 2.3.1 patch release. There are no new features added.

TorchAudio 2.3.0 Release

This release is compatible with PyTorch 2.3.0 patch release. There are no new features added.

This release contains minor documentation and code quality improvements (#3734, #3748, #3757, #3759)

TorchAudio 2.2.2 Release

This release is compatible with PyTorch 2.2.2 patch release. There are no new features added.

TorchAudio 2.2.1 Release

This release is compatible with PyTorch 2.2.1 patch release. There are no new features added.

TorchAudio 2.2.0 Release

New Features

• Add path-like object support to StreamReader/Writer pytorch/audio#3608
• Introduce trio top-level module, dedicated for core I/O operations (pytorch/audio#3676, pytorch/audio#3680, pytorch/audio#3681, pytorch/audio#3682) Please refer to https://pytorch.org/audio/2.2.0/torio.html for the details.

Bug Fixes

• pytorch/audio#3685 Make F.vad return empty tensor for zero valued tensor input

Recipe Updates

• pytorch/audio#3631 Fix inconsistent naming

TorchAudio 2.1.2 Release

This is a patch release, which is compatible with PyTorch 2.1.2. There are no new features added.

v2.1.1

This is a minor release, which is compatible with PyTorch 2.1.1 and includes bug fixes, improvements and documentation updates.

Bug Fixes

• Cherry-pick 2.1.1: Fix WavLM bundles (#3665)
• Cherry-pick 2.1.1: Add back compression level in i/o dispatcher backend by (#3666)

Commits

• See full diff in compare view

Updates intel-extension-for-pytorch from 2.1.20+xpu to 2.3.100+cpu

Updates oneccl-bind-pt from 2.1.200 to 2.3.0+cpu

Updates accelerate from 0.28.0 to 0.32.1

Release notes

Sourced from accelerate's releases.

v0.32.0: Profilers, new hooks, speedups, and more!

Core

• Utilize shard saving from the huggingface_hub rather than our own implementation (huggingface/accelerate#2795)
• Refactor logging to use logger in dispatch_model (huggingface/accelerate#2855)
• The Accelerator.step number is now restored when using save_state and load_state (huggingface/accelerate#2765)
• A new profiler has been added allowing users to collect performance metrics during model training and inference, including detailed analysis of execution time and memory consumption. These can then be generated in Chrome's tracing tool. Read more about it here (huggingface/accelerate#2883)
• Reduced import times for doing import accelerate and any other major core import by 68%, now should be only slightly longer than doing import torch (huggingface/accelerate#2845)
• Fixed a bug in get_backend and added a clear_device_cache utility (huggingface/accelerate#2857)

Distributed Data Parallelism

• Introduce DDP communication hooks to have more flexibility in how gradients are communicated across workers, overriding the standard allreduce. (huggingface/accelerate#2841)
• Make log_line_prefix_template optional the notebook_launcher (huggingface/accelerate#2888)

FSDP

• If the output directory doesn't exist when using accelerate merge-weights, one will be automatically created (huggingface/accelerate#2854)
• When merging weights, the default is now .safetensors (huggingface/accelerate#2853)

XPU

• Migrate to pytorch's native XPU backend on torch>=2.4 (huggingface/accelerate#2825)
• Add @require_triton test decorator and enable test_dynamo work on xpu (huggingface/accelerate#2878)
• Fixed load_state_dict not working on xpu and refine xpu safetensors version check (huggingface/accelerate#2879)

XLA

• Added support for XLA Dynamo backends for both training and inference (huggingface/accelerate#2892)

Examples

• Added a new multi-cpu SLURM example using accelerate launch (huggingface/accelerate#2902)

Full Changelog

• Use shard saving from huggingface_hub by @​SunMarc in huggingface/accelerate#2795
• doc: fix link by @​imba-tjd in huggingface/accelerate#2844
• Revert "Slight rename" by @​SunMarc in huggingface/accelerate#2850
• remove warning hook addede during dispatch_model by @​SunMarc in huggingface/accelerate#2843
• Remove underlines between badges by @​novialriptide in huggingface/accelerate#2851
• Auto create dir when merging FSDP weights by @​helloworld1 in huggingface/accelerate#2854
• Add DDP Communication Hooks by @​yhna940 in huggingface/accelerate#2841
• Refactor logging to use logger in dispatch_model by @​panjd123 in huggingface/accelerate#2855
• xpu: support xpu backend from stock pytorch (>=2.4) by @​dvrogozh in huggingface/accelerate#2825
• Drop torch re-imports in npu and mlu paths by @​dvrogozh in huggingface/accelerate#2856
• Default FSDP weights merge to safetensors by @​helloworld1 in huggingface/accelerate#2853
• [tests] fix bug in test_tracking.ClearMLTest by @​faaany in huggingface/accelerate#2863
• [tests] use torch_device instead of 0 for device check by @​faaany in huggingface/accelerate#2861
• [tests] skip bnb-related tests instead of failing on xpu by @​faaany in huggingface/accelerate#2860
• Potentially fix tests by @​muellerzr in huggingface/accelerate#2862
• [tests] enable XPU backend for test_zero3_integration by @​faaany in huggingface/accelerate#2864
• Support saving and loading of step while saving and loading state by @​bipinKrishnan in huggingface/accelerate#2765
• Add Profiler Support for Performance Analysis by @​yhna940 in huggingface/accelerate#2883
• Speed up imports and add a CI by @​muellerzr in huggingface/accelerate#2845
• Make log_line_prefix_template Optional in Elastic Launcher for Backward Compatibility by @​yhna940 in huggingface/accelerate#2888
• Add XLA Dynamo backends for training and inference by @​johnsutor in huggingface/accelerate#2892
• Added a MultiCPU SLURM example using Accelerate Launch and MPIRun by @​okhleif-IL in huggingface/accelerate#2902
• make more cuda-only tests device-agnostic by @​faaany in huggingface/accelerate#2876

... (truncated)

Commits

• 9726538 Fix slowdown on init with device_map="auto" (#2914)
• 6d3324a Release v0.32.0
• 8330b37 Fix get_backend bug and add clear_device_cache function (#2857)
• 92404fb fix load_state_dict for xpu and refine xpu safetensor version check (#2879)
• 3a02754 add require_triton and enable test_dynamo work on xpu (#2878)
• fec1170 fix mlu device longTensor bugs (#2887)
• eac206f make more cuda-only tests device-agnostic (#2876)
• 6882ff2 Added a MultiCPU SLURM example using Accelerate Launch and MPIRun (#2902)
• 57a4c74 Add XLA Dynamo backends for training and inference (#2892)
• 404510a Make log_line_prefix_template Optional in Elastic Launcher for Backward Com...
• Additional commits viewable in compare view

Updates datasets from 2.19.0 to 2.20.0

Release notes

Sourced from datasets's releases.

2.20.0

Important

• Remove default trust_remote_code=True by @​lhoestq in huggingface/datasets#6954
  • datasets with a python loading script now require passing trust_remote_code=True to be used

Datasets features

• [Resumable IterableDataset] Add IterableDataset state_dict by @​lhoestq in huggingface/datasets#6658

  • checkpoint and resume an iterable dataset (e.g. when streaming):

    >>> iterable_dataset = Dataset.from_dict({"a": range(6)}).to_iterable_dataset(num_shards=3)
    >>> for idx, example in enumerate(iterable_dataset):
    ...     print(example)
    ...     if idx == 2:
    ...         state_dict = iterable_dataset.state_dict()
    ...         print("checkpoint")
    ...         break
    >>> iterable_dataset.load_state_dict(state_dict)
    >>> print(f"restart from checkpoint")
    >>> for example in iterable_dataset:
    ...     print(example)

    Returns:

    {'a': 0}
    {'a': 1}
    {'a': 2}
    checkpoint
    restart from checkpoint
    {'a': 3}
    {'a': 4}
    {'a': 5}
    

General improvements and bug fixes

• Add docs about the CLI by @​albertvillanova in huggingface/datasets#6831
• Remove token arg from CLI examples by @​albertvillanova in huggingface/datasets#6839
• Allow deleting a subset/config from a no-script dataset by @​albertvillanova in huggingface/datasets#6820
• Fix line-endings in tests on Windows by @​albertvillanova in huggingface/datasets#6857
• Fix CI by temporarily pinning huggingface-hub < 0.23.0 by @​albertvillanova in huggingface/datasets#6861
• Fix dataset name for community Hub script-datasets by @​albertvillanova in huggingface/datasets#6855
• Update tqdm >= 4.66.3 to fix vulnerability by @​albertvillanova in huggingface/datasets#6870
• Fix download for dict of dicts of URLs by @​albertvillanova in huggingface/datasets#6871
• Set dev version by @​albertvillanova in huggingface/datasets#6873
• Shorten long logs by @​lhoestq in huggingface/datasets#6875
• Support jax 0.4.27 in CI tests by @​albertvillanova in huggingface/datasets#6885
• Close gzipped files properly by @​lhoestq in huggingface/datasets#6893
• Make CLI convert_to_parquet not raise error if no rights to create script branch by @​albertvillanova in huggingface/datasets#6902

... (truncated)

Commits

• 98fdc9e Release: 2.20.0 (#6969)
• af3acfd fix(ci): remove unnecessary permissions (#6962)
• 37a6036 Move info_utils errors to exceptions module (#6952)
• 9510252 Better error handling in dataset_module_factory (#6959)
• 97513be feat(ci): add trufflehog secrets detection (#6960)
• 686f5df Add support for categorical/dictionary types (#6892)
• a2dc287 Remove default trust_remote_code=True (#6954)
• 09ebf51 Validate config name and data_files in packaged modules (#6915)
• 5bbbf1b Validate config name and data_files in packaged modules (#6915)
• 6548e0e Fix typos in docs (#6957)
• Additional commits viewable in compare view

Updates einops from 0.7.0 to 0.8.0

Release notes

Sourced from einops's releases.

v0.8.0: tinygrad, small fixes and updates

TLDR

• tinygrad backend added
• resolve warning in py3.11 related to docstring
• remove graph break for unpack
• breaking TF layers were updated to follow new instructions, new layers compatible with TF 2.16, and not compatible with old TF (certainly does not work with TF2.13)

What's Changed

• Fix invalid escape sequence in einsum docstring by @​atwam in arogozhnikov/einops#298
• Tinygrad support by @​blueridanus in arogozhnikov/einops#297
• Coerce bool to int in unpack by @​drubinstein in arogozhnikov/einops#287
• Remove oneflow from testing by @​arogozhnikov in arogozhnikov/einops#289
• tests: fix torch installation to force CPU by @​arogozhnikov in arogozhnikov/einops#288
• Allow anonymous axes in parse_shape, fix #302 by @​arogozhnikov in arogozhnikov/einops#303
• Codebase standards + update TF layers by @​arogozhnikov in arogozhnikov/einops#318
• update github actions by @​arogozhnikov in arogozhnikov/einops#319

New Contributors

• @​drubinstein made their first contribution in arogozhnikov/einops#287
• @​atwam made their first contribution in arogozhnikov/einops#298
• @​blueridanus made their first contribution in arogozhnikov/einops#297

Full Changelog: arogozhnikov/einops@v0.7.0...v0.8.0

Commits

• fe9d81d bump version to 0.8.0
• 10e19b4 prepare readme for a new release
• b67cfea Rename KerasBackend -> TFKerasBackend to avoid confusion with keras 3.
• f33113e update github actions
• cff63f2 Codebase standards + update TF layers (#318)
• 2ab5c2a switch to stable paddlepaddle in testing, because of https://github.com/Paddl...
• 60b87de remove announcement
• 5655ce1 Merge pull request #303 from arogozhnikov/dev
• 5b41d90 allow anonymous axes in parse_shape, fix #302
• 9a9b304 delete experimental data-api_packing as production version is available now
• Additional commits viewable in compare view

Updates evaluate from 0.4.1 to 0.4.2

Release notes

Sourced from evaluate's releases.

v0.4.2

What's Changed

• Update the documentation and citation of mauve by @​krishnap25 in huggingface/evaluate#416
• Remove unused dependency by @​daskol in huggingface/evaluate#507
• Add confusion matrix by @​osanseviero in huggingface/evaluate#528
• Update python to 3.8 by @​qubvel in huggingface/evaluate#571
• Fix FileFreeLock by @​lhoestq in huggingface/evaluate#578
• Fix example doc in load function by @​alexrs in huggingface/evaluate#575
• Speeding up mean_iou metric computation by @​qubvel in huggingface/evaluate#569

New Contributors

• @​rtrompier made their first contribution in huggingface/evaluate#510
• @​daskol made their first contribution in huggingface/evaluate#507
• @​qubvel made their first contribution in huggingface/evaluate#571
• @​alexrs made their first contribution in huggingface/evaluate#575

Full Changelog: huggingface/evaluate@v0.4.1...v0.4.2

Commits

• a4bdc10 Release: 0.4.2 (#579)
• edb83af Speeding up mean_iou metric computation (#569)
• 04c7588 Fix example doc in load function (#575)
• b337370 Fix FileFreeLock (#578)
• 7a18c55 Update python to 3.8 (#571)
• 8dfe057 Add confusion matrix (#528)
• dfbbf15 Remove unused dependency (#507)
• 1893285 Update the documentation and citation of mauve (#416)
• 344b8b4 fix: remove useless token (#510)
• 728bd3e set dev version (#506)
• See full diff in compare view

Updates onnxruntime-extensions from 0.10.1 to 0.11.0

Release notes

Sourced from onnxruntime-extensions's releases.

v0.11.0

What's changed

• Created Java packaging pipeline and published to Maven repository.
• Added support for conversion of Huggingface FastTokenizer into ONNX custom operator.
• Unified the SentencePiece tokenizer with other Byte Pair Encoding (BPE) based tokenizers.
• Fixed Whisper large model pre-processing bug.
• Enabled eager execution for custom operator and refactored the header file structure.

Contributions

Contributors to ONNX Runtime Extensions include members across teams at Microsoft, along with our community members: @​sayanshaw24 @​wenbingl @​skottmckay @​natke @​hariharans29 @​jslhcl @​snnn @​kazssym @​YUNQIUGUO @​souptc @​yihonglyu

Commits

• 8d8670f Fix the Linux and MacOS wheel build for packaging issues (#727)
• b988f0d Update onebranch-windows-build-stage.yml
• b1989b7 Revert net7.0 update for now (#701) (#712)
• 1f31d33 Eager mode: cuda kernel support (#694)
• 627e93a fix version in renaming (#692)
• f9290e8 Add a status class for future tokenizer API implementation (#690)
• 6464627 Refactor the header file directory and integrate the eager tensor implementat...
• fe8cd9e Add extensions catalyst support (#684)
• a96ed42 Update ext_java.cmake (#688)
• 00a594f Standardize the inputs for ONNX STFT op for Whisper model (#681)
• Additional commits viewable in compare view

Updates onnxruntime from 1.17.3 to 1.18.1

Release notes

Sourced from onnxruntime's releases.

ONNX Runtime v1.18.1

What's new?

Announcements:

• ONNX Runtime Python packages now have numpy dependency >=1.21.6, <2.0. Support for numpy 2.0 will be added in a future release.
• CUDA 12.x ONNX Runtime GPU packages are now built against cuDNN 9.x (1.18.0 packages previously depended on cuDNN 8.x). CUDA 11.x ONNX Runtime GPU packages continue to depend on CuDNN 8.x.
• Windows packages require installation of Microsoft Visual C++ Redistributable Runtime 14.38 or newer.

TensorRT EP:

• TensorRT Weightless API integration.
• Support for TensorRT hardware compatible engines.
• Support for INT64 types in TensorRT constant layer calibration.
• Now using latest commit of onnx-tensorrt parser, which includes several issue fixes.
• Additional TensorRT support and performance improvements.

Packages:

• Publish CUDA 12 Java packages to Azure DevOps feed.
• Various packaging pipeline fixes.

This patch release also features various other bug fixes, including a CUDA 12.5 build error fix.

Big thank you to @​yf711 for driving this release as the release manager and to all our contributors!

@​yf711 @​jchen351 @​mszhanyi @​snnn @​wangyems @​jywu-msft @​skottmckay @​chilo-ms @​moraxu @​kevinch-nv @​pengwa @​wejoncy @​pranavsharma @​Craigacp @​jslhcl @​adrianlizarraga @​inisis @​jeffbloo @​mo-ja @​kunal-vaishnavi @​sumitsays @​neNasko1 @​yufenglee @​dhruvbird @​wangshuai09 @​xiaoyu-work @​axinging @​yuslepukhin @​YUNQIUGUO @​shubhambhokare1 @​fs-eire @​afantino951 @​tboby @​HectorSVC @​baijumeswani

ONNX Runtime v1.18.0

Announcements

• Windows ARM32 support has been dropped at the source code level.
• Python version >=3.8 is now required for build.bat/build.sh (previously >=3.7). Note: If you have Python version <3.8, you can bypass the tools and use CMake directly.
• The onnxruntime-mobile Android package and onnxruntime-mobile-c/onnxruntime-mobile-objc iOS cocoapods are being deprecated. Please use the onnxruntime-android Android package, and onnxruntime-c/onnxruntime-objc cocoapods, which support ONNX and ORT format models and all operators and data types. Note: If you require a smaller binary size, a custom build is required. See details on creating a custom Android or iOS package on Custom build | onnxruntime.

Build System & Packages

• CoreML execution provider now depends on coremltools.
• Flatbuffers has been upgraded from 1.12.0 → 23.5.26.
• ONNX has been upgraded from 1.15 → 1.16.
• EMSDK has been upgraded from 3.1.51 → 3.1.57.
• Intel neural_speed library has been upgraded from v0.1.1 → v0.3 with several important bug fixes.
• There is a new onnxruntime_CUDA_MINIMAL CMake option for building ONNX Runtime CUDA execution provider without any operations apart from memcpy ops.
• Added support for Catalyst for macOS build support.
• Added initial support for RISC-V and three new build options for it: --rv64, --riscv_toolchain_root, and --riscv_qemu_path.
• Now you can build TensorRT EP with protobuf-lite instead of the full version of protobuf.
• Some security-related compile/link flags have been moved from the default setting → new build option: --use_binskim_compliant_compile_flags. Note: All our release binaries are built with this flag, but when building ONNX Runtime from source, this flag is default OFF.
• Windows ARM64 build now depends on PyTorch CPUINFO library.
• Windows OneCore build now uses “Reverse forwarding” apisets instead of “Direct forwarding”, so onnxruntime.dll in our Nuget packages will depend on kernel32.dll. Note: Windows systems without kernel32.dll need to have reverse forwarders (see API set loader operation - Win32 apps | Microsoft Learn for more information).

Core

• Added ONNX 1.16 support.
• Added additional optimizations related to Dynamo-exported models.
• Improved testing infrastructure for EPs developed as shared libraries.
• Exposed Reserve() in OrtAllocator to allow custom allocators to work when session.use_device_allocator_for_initializers is specified.

... (truncated)

Commits

• 3871274 [ORT 1.18.1 Release] Update ORT numpy dependency to >=1.21.6,<2.0 (#21141)
• d0aee20 [ORT 1.18.1 Release] Cherry pick 3rd round (#21129)
• 8bfcf14 [ORT 1.18.1 Release] update 1.18.1 patch release version (#21143)
• 25ab935 [ORT 1.18.1 Release] Cherry pick 2nd round (#21111)
• 91fb865 [ORT 1.18.1 Release] Cherry pick 1st round (#21105)
• 4573740 [ORT 1.18.0 Release] Cherry pick 3rd/Final round (#20677)
• ed349b9 Mark end of version 17 and 18 C API (#20671)
• d72b476 [ORT 1.18.0 Release] Cherry pick 2nd round (#20620)
• 65f3fbf [ORT 1.18.0 Release] Cherry pick 1st round (#20585)
• 204f1f5 Run fuzz testing before the CG task cleans up the build directory (#20500) (#...
• Additional commits viewable in compare view

Updates peft from 0.10.0 to 0.11.1

Release notes

Sourced from peft's releases.

v0.11.1

Patch release v0.11.1

Fix a bug that could lead to C++ compilation errors after importing PEFT (#1738 #1739).

Full Changelog: huggingface/peft@v0.11.0...v0.11.1

v0.11.0: New PEFT methods BOFT, VeRA, PiSSA, quantization with HQQ and EETQ, and more

Highlights

New methods

BOFT

Thanks to @​yfeng95, @​Zeju1997, and @​YuliangXiu, PEFT was extended with BOFT: Parameter-Efficient Orthogonal Finetuning via Butterfly Factorization (#1326, BOFT paper link). In PEFT v0.7.0, we already added OFT, but BOFT is even more parameter efficient. Check out the included

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 5 package(s) with unknown licenses.

See the Details below.

License Issues

pytorch/requirements.txt

Package	Version	License	Issue Type
intel_extension_for_pytorch	2.3.100+cpu	Null	Unknown License

pytorch/torchserve-requirements.txt

Package	Version	License	Issue Type
intel_extension_for_pytorch	2.3.100+cpu	Null	Unknown License

pytorch/xpu-requirements.txt

Package	Version	License	Issue Type
intel_extension_for_pytorch	2.3.100+cpu	Null	Unknown License
oneccl_bind_pt	2.3.0+cpu	Null	Unknown License
torch	2.3.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/accelerate	0.32.1	🟢 6.1	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1
pip/datasets	2.20.0	🟢 5.8	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/einops	0.8.0	🟢 5	Details Check Score Reason Code-Review ⚠️ 2 Found 4/20 approved changesets -- score normalized to 2 Maintained 🟢 10 8 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/evaluate	0.4.2	🟢 5.3	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3
pip/onnxruntime	1.18.1	🟢 6.8	Details Check Score Reason Code-Review 🟢 10 all last 30 commits are reviewed through GitHub Maintained 🟢 10 30 commit(s) out of 30 and 8 issue activity out of 30 found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Signed-Releases ⚠️ 0 0 out of 5 artifacts are signed or have provenance Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 no published package detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Dependency-Update-Tool 🟢 10 update tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/onnxruntime-extensions	0.11.0	🟢 6.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/peft	0.11.1	Unknown	Unknown
pip/protobuf	5.27.2	🟢 6.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 26 out of 27 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 0 found 29 unreviewed changesets out of 30 -- score normalized to 0 Contributors 🟢 10 13 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 5 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 0 out of 5 artifacts are signed or have provenance Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 7 3 existing vulnerabilities detected
pip/scikit-learn	1.5.1	🟢 9.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ -1 No tokens found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found Fuzzing 🟢 10 project is fuzzed
pip/transformers	4.42.4	🟢 4.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 465 existing vulnerabilities detected
pip/accelerate	0.28.0	🟢 6.1	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1
pip/datasets	2.19.0	🟢 5.8	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/einops	0.7.0	🟢 5	Details Check Score Reason Code-Review ⚠️ 2 Found 4/20 approved changesets -- score normalized to 2 Maintained 🟢 10 8 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/evaluate	0.4.1	🟢 5.3	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3
pip/onnxruntime	1.17.3	🟢 6.8	Details Check Score Reason Code-Review 🟢 10 all last 30 commits are reviewed through GitHub Maintained 🟢 10 30 commit(s) out of 30 and 8 issue activity out of 30 found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Signed-Releases ⚠️ 0 0 out of 5 artifacts are signed or have provenance Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 no published package detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Dependency-Update-Tool 🟢 10 update tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/onnxruntime-extensions	0.10.1	🟢 6.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/peft	0.10.0	Unknown	Unknown
pip/protobuf	4.24.4	🟢 6.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 26 out of 27 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 0 found 29 unreviewed changesets out of 30 -- score normalized to 0 Contributors 🟢 10 13 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 5 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 0 out of 5 artifacts are signed or have provenance Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 7 3 existing vulnerabilities detected
pip/scikit-learn	1.5.0	🟢 9.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ -1 No tokens found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found Fuzzing 🟢 10 project is fuzzed
pip/transformers	4.41.2	🟢 4.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 465 existing vulnerabilities detected
pip/jupyterlab	4.3.0a2	🟢 5.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 21/26 approved changesets -- score normalized to 8 License 🟢 9 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected SAST 🟢 10 SAST tool is run on all commits Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
pip/notebook	7.3.0a1	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Maintained 🟢 10 28 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during GetBranch(7.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 12 existing vulnerabilities detected
pip/jupyterlab	4.3.0a0	🟢 5.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 21/26 approved changesets -- score normalized to 8 License 🟢 9 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected SAST 🟢 10 SAST tool is run on all commits Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
pip/notebook	7.3.0a0	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Maintained 🟢 10 28 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during GetBranch(7.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 12 existing vulnerabilities detected
pip/intel_extension_for_pytorch	2.3.100+cpu	Unknown	Unknown
pip/intel_extension_for_pytorch	2.3.0+cpu	Unknown	Unknown
pip/intel_extension_for_pytorch	2.3.100+cpu	Unknown	Unknown
pip/intel_extension_for_pytorch	2.3.0+cpu	Unknown	Unknown
pip/intel_extension_for_pytorch	2.3.100+cpu	Unknown	Unknown
pip/oneccl_bind_pt	2.3.0+cpu	Unknown	Unknown
pip/torch	2.3.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 9 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 0 no badge detected Code-Review 🟢 10 all last 30 commits are reviewed through Prow Contributors 🟢 10 35 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool ⚠️ 0 no update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 0 out of 5 artifacts are signed -- score normalized to 0 Token-Permissions ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 no vulnerabilities detected Webhooks ⚠️ -1 check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check
pip/torchaudio	2.3.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 7 6 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/torchvision	0.18.1	🟢 5.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 4 Found 14/30 approved changesets -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 9 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/intel_extension_for_pytorch	2.1.20+xpu	Unknown	Unknown
pip/oneccl_bind_pt	2.1.200	Unknown	Unknown
pip/torch	2.1.0.post0+cxx11.abi	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 9 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 0 no badge detected Code-Review 🟢 10 all last 30 commits are reviewed through Prow Contributors 🟢 10 35 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool ⚠️ 0 no update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 0 out of 5 artifacts are signed -- score normalized to 0 Token-Permissions ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 no vulnerabilities detected Webhooks ⚠️ -1 check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check
pip/torchaudio	2.1.0.post0+cxx11.abi	🟢 5.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 7 6 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/torchvision	0.16.0.post0+cxx11.abi	🟢 5.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 4 Found 14/30 approved changesets -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 9 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

pytorch/hf-genai-requirements.txt

• accelerate@0.32.1
• datasets@2.20.0
• einops@0.8.0
• evaluate@0.4.2
• onnxruntime@1.18.1
• onnxruntime-extensions@0.11.0
• peft@0.11.1
• protobuf@5.27.2
• scikit-learn@1.5.1
• transformers@4.42.4
• accelerate@0.28.0
• datasets@2.19.0
• einops@0.7.0
• evaluate@0.4.1
• onnxruntime@1.17.3
• onnxruntime-extensions@0.10.1
• peft@0.10.0
• protobuf@4.24.4
• scikit-learn@1.5.0
• transformers@4.41.2

pytorch/jupyter-requirements.txt

• jupyterlab@4.3.0a2
• notebook@7.3.0a1
• jupyterlab@4.3.0a0
• notebook@7.3.0a0

pytorch/requirements.txt

• intel_extension_for_pytorch@2.3.100+cpu
• intel_extension_for_pytorch@2.3.0+cpu

pytorch/torchserve-requirements.txt

• intel_extension_for_pytorch@2.3.100+cpu
• intel_extension_for_pytorch@2.3.0+cpu

pytorch/xpu-requirements.txt

• intel_extension_for_pytorch@2.3.100+cpu
• oneccl_bind_pt@2.3.0+cpu
• torch@2.3.1
• torchaudio@2.3.1
• torchvision@0.18.1
• intel_extension_for_pytorch@2.1.20+xpu
• oneccl_bind_pt@2.1.200
• torch@2.1.0.post0+cxx11.abi
• torchaudio@2.1.0.post0+cxx11.abi
• torchvision@0.16.0.post0+cxx11.abi

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.