Bump the pytorch group across 1 directory with 7 updates

[dependabot]

Bumps the pytorch group with 7 updates in the /pytorch directory:

Package	From	To
datasets	3.0.0	3.0.1
peft	0.12.0	0.13.0
protobuf	5.28.1	5.28.2
tokenizers	0.19.1	0.20.0
transformers	4.44.2	4.45.1
mkl	2024.2.1	2024.2.2
mkl-include	2024.2.1	2024.2.2

Updates datasets from 3.0.0 to 3.0.1

Release notes

Sourced from datasets's releases.

3.0.1

What's Changed

• Modify add_column() to optionally accept a FeatureType as param by @​varadhbhatnagar in huggingface/datasets#7143
• Align filename prefix splitting with WebDataset library by @​albertvillanova in huggingface/datasets#7151
• Support ndjson data files by @​albertvillanova in huggingface/datasets#7154
• Support JSON lines with missing struct fields by @​albertvillanova in huggingface/datasets#7160
• Support JSON lines with empty struct by @​albertvillanova in huggingface/datasets#7162
• fix increase_load_count by @​lhoestq in huggingface/datasets#7165
• fix docstring code example for distributed shuffle by @​lhoestq in huggingface/datasets#7166
• Support JSON lines with missing columns by @​albertvillanova in huggingface/datasets#7170
• Add torchdata as a regular test dependency by @​albertvillanova in huggingface/datasets#7172

New Contributors

• @​varadhbhatnagar made their first contribution in huggingface/datasets#7143

Full Changelog: huggingface/datasets@3.0.0...3.0.1

Commits

• 679562d Release: 3.0.1 (#7173)
• 46c39d8 Add torchdata as a regular test dependency (#7172)
• e450bd3 Support JSON lines with missing columns (#7170)
• e9ec56c fix docstring code example for distributed shuffle (#7166)
• 548d2d2 fix increase_load_count (#7165)
• b032702 Support JSON lines with empty struct (#7162)
• 2eb4edb Support JSON lines with missing struct fields (#7160)
• 13f18e3 Support ndjson data files (#7154)
• d70c902 Align filename prefix splitting with WebDataset library (#7151)
• 43b1fe1 Modify add_column() to optionally accept a FeatureType as param (#7143)
• Additional commits viewable in compare view

Updates peft from 0.12.0 to 0.13.0

Release notes

Sourced from peft's releases.

LoRA+, VB-LoRA, and more

Highlights

New methods

LoRA+

@​kallewoof added LoRA+ to PEFT (#1915). This is a function that allows to initialize an optimizer with settings that are better suited for training a LoRA adapter.

VB-LoRA

@​leo-yangli added a new method to PEFT called VB-LoRA (#2039). The idea is to have LoRA layers be composed from a single vector bank (hence "VB") that is shared among all layers. This makes VB-LoRA extremely parameter efficient and the checkpoints especially small (comparable to the VeRA method), while still promising good fine-tuning performance. Check the VB-LoRA docs and example.

Enhancements

New Hugging Face team member @​ariG23498 added the helper function rescale_adapter_scale to PEFT (#1951). Use this context manager to temporarily increase or decrease the scaling of the LoRA adapter of a model. It also works for PEFT adapters loaded directly into a transformers or diffusers model.

@​ariG23498 also added DoRA support for embedding layers (#2006). So if you're using the use_dora=True option in the LoraConfig, you can now also target embedding layers.

For some time now, we support inference with batches that are using different adapters for different samples, so e.g. sample 1-5 use "adapter1" and samples 6-10 use "adapter2". However, this only worked for LoRA layers so far. @​saeid93 extended this to also work with layers targeted by modules_to_save (#1990).

When loading a PEFT adapter, you now have the option to pass low_cpu_mem_usage=True (#1961). This will initialize the adapter with empty weights ("meta" device) before loading the weights instead of initializing on CPU or GPU. This can speed up loading PEFT adapters. So use this option especially if you have a lot of adapters to load at the same time or if these adapters are very big. Please let us know if you encounter issues with this option, as we may make this the default in the future.

Changes

Safe loading of PyTorch weights

Unless indicated otherwise, PEFT adapters are saved and loaded using the secure safetensors format. However, we also support the PyTorch format for checkpoints, which relies on the inherently insecure pickle protocol from Python. In the future, PyTorch will be more strict when loading these files to improve security by making the option weights_only=True the default. This is generally recommended and should not cause any trouble with PEFT checkpoints, which is why with this release, PEFT will enable this by default. Please open an issue if this causes trouble.

What's Changed

• Bump version to 0.12.1.dev0 by @​BenjaminBossan in huggingface/peft#1950
• CI Fix Windows permission error on merge test by @​BenjaminBossan in huggingface/peft#1952
• Check if past_key_values is provided when using prefix_tuning in peft_model by @​Nidhogg-lyz in huggingface/peft#1942
• Add lora+ implementation by @​kallewoof in huggingface/peft#1915
• FIX: New bloom changes breaking prompt learning by @​BenjaminBossan in huggingface/peft#1969
• ENH Update VeRA preconfigured models by @​BenjaminBossan in huggingface/peft#1941
• fix: lora+: include lr in optimizer kwargs by @​kallewoof in huggingface/peft#1973
• FIX active_adapters for transformers models by @​BenjaminBossan in huggingface/peft#1975
• FIX Loading adapter honors offline mode by @​BenjaminBossan in huggingface/peft#1976
• chore: Update CI configuration for workflows by @​XciD in huggingface/peft#1985
• Cast to fp32 if using bf16 weights on cpu during merge_and_unload by @​snarayan21 in huggingface/peft#1978
• AdaLora: Trigger warning when user uses 'r' inplace of 'init_r' by @​bhargavyagnik in huggingface/peft#1981
• [Add] scaling LoRA adapter weights with a context manager by @​ariG23498 in huggingface/peft#1951
• DOC Small fixes for HQQ and section title by @​BenjaminBossan in huggingface/peft#1986
• Add docs and examples for X-LoRA by @​EricLBuehler in huggingface/peft#1970
• fix: fix docker build gpus by @​XciD in huggingface/peft#1987
• FIX: Adjust transformers version check for bloom by @​BenjaminBossan in huggingface/peft#1992
• [Hotfix] Fix BOFT mixed precision by @​Edenzzzz in huggingface/peft#1925

... (truncated)

Commits

• f0b066e Release v0.13.0 (#2093)
• 8f39708 ENH: Better DoRA check in mixed adapter batch inference (#2089)
• f4cf170 DOC Docstring of load_adapter, type annotation (#2087)
• b67c9b6 FIX: Bug in find_minimal_target_modules (#2083)
• 5efeba1 ENH: Add default target layers for gemma2 architecture (#2078)
• af275d2 ENH: Allow empty initialization of adapter weight (#1961)
• 9bc670e MNT Update author email in setup.py (#2086)
• 5d94458 ENH Expose bias of ModulesToSaveWrapper (#2081)
• 152ed70 ENH PiSSA/OLoRA: Preserve original config on save (#2077)
• f5dd2ac TST Skip some quantization tests on XPU (#2074)
• Additional commits viewable in compare view

Updates protobuf from 5.28.1 to 5.28.2

Commits

• 9fff46d Updating version.json and repo version numbers to: 28.2
• ce60d01 Merge pull request #18385 from protocolbuffers/cp-lp-28
• ac9fb5b Add recursion check when parsing unknown fields in Java.
• 9a5f5fe Internal change
• 50a7745 Internal change
• 5b0e543 Fix cord handling in DynamicMessage and oneofs. (#18373)
• 421fc16 Merge pull request #18343 from protocolbuffers/revert-18339-bazel-rules2
• 607bfdd Revert "Cherry-pick changes related to new Bazel rules"
• 106f4a6 Merge pull request #18339 from protocolbuffers/bazel-rules2
• c2f34d6 Automated rollback of commit 76794bf3adceefcd69a2eb5785635a084fbe2e32.
• Additional commits viewable in compare view

Updates tokenizers from 0.19.1 to 0.20.0

Release notes

Sourced from tokenizers's releases.

Release v0.20.0: faster encode, better python support

Release v0.20.0

This release is focused on performances and user experience.

Performances:

First off, we did a bit of benchmarking, and found some place for improvement for us! With a few minor changes (mostly #1587) here is what we get on Llama3 running on a g6 instances on AWS https://github.com/huggingface/tokenizers/blob/main/bindings/python/benches/test_tiktoken.py :

Python API

We shipped better deserialization errors in general, and support for __str__ and __repr__ for all the object. This allows for a lot easier debugging see this:

>>> from tokenizers import Tokenizer;
>>> tokenizer = Tokenizer.from_pretrained("bert-base-uncased");
>>> print(tokenizer)
Tokenizer(version="1.0", truncation=None, padding=None, added_tokens=[{"id":0, "content":"[PAD]", "single_word":False, "lstrip":False, "rstrip":False, ...}, {"id":100, "content":"[UNK]", "single_word":False, "lstrip":False, "rstrip":False, ...}, {"id":101, "content":"[CLS]", "single_word":False, "lstrip":False, "rstrip":False, ...}, {"id":102, "content":"[SEP]", "single_word":False, "lstrip":False, "rstrip":False, ...}, {"id":103, "content":"[MASK]", "single_word":False, "lstrip":False, "rstrip":False, ...}], normalizer=BertNormalizer(clean_text=True, handle_chinese_chars=True, strip_accents=None, lowercase=True), pre_tokenizer=BertPreTokenizer(), post_processor=TemplateProcessing(single=[SpecialToken(id="[CLS]", type_id=0), Sequence(id=A, type_id=0), SpecialToken(id="[SEP]", type_id=0)], pair=[SpecialToken(id="[CLS]", type_id=0), Sequence(id=A, type_id=0), SpecialToken(id="[SEP]", type_id=0), Sequence(id=B, type_id=1), SpecialToken(id="[SEP]", type_id=1)], special_tokens={"[CLS]":SpecialToken(id="[CLS]", ids=[101], tokens=["[CLS]"]), "[SEP]":SpecialToken(id="[SEP]", ids=[102], tokens=["[SEP]"])}), decoder=WordPiece(prefix="##", cleanup=True), model=WordPiece(unk_token="[UNK]", continuing_subword_prefix="##", max_input_chars_per_word=100, vocab={"[PAD]":0, "[unused0]":1, "[unused1]":2, "[unused2]":3, "[unused3]":4, ...}))
>>> tokenizer
Tokenizer(version="1.0", truncation=None, padding=None, added_tokens=[{"id":0, "content":"[PAD]", "single_word":False, "lstrip":False, "rstrip":False, "normalized":False, "special":True}, {"id":100, "content":"[UNK]", "single_word":False, "lstrip":False, "rstrip":False, "normalized":False, "special":True}, {"id":101, "content":"[CLS]", "single_word":False, "lstrip":False, "rstrip":False, "normalized":False, "special":True}, {"id":102, "content":"[SEP]", "single_word":False, "lstrip":False, "rstrip":False, "normalized":False, "special":True}, {"id":103, "content":"[MASK]", "single_word":False, "lstrip":False, "rstrip":False, "normalized":False, "special":True}], normalizer=BertNormalizer(clean_text=True, handle_chinese_chars=True, strip_accents=None, lowercase=True), pre_tokenizer=BertPreTokenizer(), post_processor=TemplateProcessing(single=[SpecialToken(id="[CLS]", type_id=0), Sequence(id=A, type_id=0), SpecialToken(id="[SEP]", type_id=0)], pair=[SpecialToken(id="[CLS]", type_id=0), Sequence(id=A, type_id=0), SpecialToken(id="[SEP]", type_id=0), Sequence(id=B, type_id=1), SpecialToken(id="[SEP]", type_id=1)], special_tokens={"[CLS]":SpecialToken(id="[CLS]", ids=[101], tokens=["[CLS]"]), "[SEP]":SpecialToken(id="[SEP]", ids=[102], tokens=["[SEP]"])}), decoder=WordPiece(prefix="##", cleanup=True), model=WordPiece(unk_token="[UNK]", continuing_subword_prefix="##", max_input_chars_per_word=100, vocab={"[PAD]":0, "[unused0]":1, "[unused1]":2, ...}))

The pre_tokenizer.Sequence and normalizer.Sequence are also more accessible now:

from tokenizers import normalizers
norm = normalizers.Sequence([normalizers.Strip(), normalizers.BertNormalizer()])
norm[0]
norm[1].lowercase=False

What's Changed

• remove enforcement of non special when adding tokens by @​ArthurZucker in huggingface/tokenizers#1521
• [BREAKING CHANGE] Ignore added_tokens (both special and not) in the decoder by @​Narsil in huggingface/tokenizers#1513
• Make USED_PARALLELISM atomic by @​nathaniel-daniel in huggingface/tokenizers#1532
• Fixing for clippy 1.78 by @​Narsil in huggingface/tokenizers#1548
• feat(ci): add trufflehog secrets detection by @​McPatate in huggingface/tokenizers#1551
• Switch from cached_download to hf_hub_download in tests by @​Wauplin in huggingface/tokenizers#1547
• Fix "dictionnary" typo by @​nprisbrey in huggingface/tokenizers#1511
• make sure we don't warn on empty tokens by @​ArthurZucker in huggingface/tokenizers#1554
• Enable dropout = 0.0 as an equivalent to none in BPE by @​mcognetta in huggingface/tokenizers#1550
• Revert "[BREAKING CHANGE] Ignore added_tokens (both special and not) … by @​ArthurZucker in huggingface/tokenizers#1569
• Add bytelevel normalizer to fix decode when adding tokens to BPE by @​ArthurZucker in huggingface/tokenizers#1555
• Fix clippy + feature test management. by @​Narsil in huggingface/tokenizers#1580
• Bump spm_precompiled to 0.1.3 by @​MikeIvanichev in huggingface/tokenizers#1571
• Add benchmark vs tiktoken by @​Narsil in huggingface/tokenizers#1582
• Fixing the benchmark. by @​Narsil in huggingface/tokenizers#1583
• Tiny improvement by @​Narsil in huggingface/tokenizers#1585
• Enable fancy regex by @​Narsil in huggingface/tokenizers#1586
• Fixing release CI strict (taken from safetensors). by @​Narsil in huggingface/tokenizers#1593
• Adding some serialization testing around the wrapper. by @​Narsil in huggingface/tokenizers#1594

... (truncated)

Commits

• a5adaac version 0.20.0
• a8def07 Merge branch 'fix_release' of github.com:huggingface/tokenizers into branch_v...
• fe50673 Fix CI
• b253835 push cargo
• fc3bb76 update dependencies
• bfd9cde Perf improvement 16% by removing offsets. (#1587)
• bd27fa5 add deserialize for pre tokenizers (#1603)
• 56c9c70 Tests + Deserialization improvement for normalizers. (#1604)
• 49dafd7 Fix strip python type (#1602)
• bded212 Support None to reset pre_tokenizers and normalizers, and index sequences (...
• Additional commits viewable in compare view

Updates transformers from 4.44.2 to 4.45.1

Release notes

Sourced from transformers's releases.

Patch Release v4.45.1

Patches for v4.45.1

• [MllamaProcessor] Update errors and API with multiple image (#33715) by @​ArthurZucker
• Generate: can_generate() recursive check (#33718) by @​gante
• clean_up_tokenization_spaces=False if unset (#31938) by @​itazap

Llama 3.2, mllama, Qwen2-Audio, Qwen2-VL, OLMoE, Llava Onevision, Pixtral, FalconMamba, Modular Transformers

New model additions

mllama

The Llama 3.2-Vision collection of multimodal large language models (LLMs) is a collection of pretrained and instruction-tuned image reasoning generative models in 11B and 90B sizes (text + images in / text out). The Llama 3.2-Vision instruction-tuned models are optimized for visual recognition, image reasoning, captioning, and answering general questions about an image. The models outperform many of the available open source and closed multimodal models on common industry benchmarks.

• Add MLLama #33703, by @​qubvel, @​zucchini-nlp, @​ArthurZucker

Qwen2-VL

The Qwen2-VL is a major update from the previous Qwen-VL by the Qwen team.

An extract from the Qwen2-VL blogpost available here is as follows:

Qwen2-VL is the latest version of the vision language models based on Qwen2 in the Qwen model familities. Compared with Qwen-VL, Qwen2-VL has the capabilities of:

• SoTA understanding of images of various resolution & ratio: Qwen2-VL achieves state-of-the-art performance on visual understanding benchmarks, including MathVista, DocVQA, RealWorldQA, MTVQA, etc.
• Understanding videos of 20min+: Qwen2-VL can understand videos over 20 minutes for high-quality video-based question answering, dialog, content creation, etc.
• Agent that can operate your mobiles, robots, etc.: with the abilities of complex reasoning and decision making, Qwen2-VL can be integrated with devices like mobile phones, robots, etc., for automatic operation based on visual environment and text instructions.
• Multilingual Support: to serve global users, besides English and Chinese, Qwen2-VL now supports the understanding of texts in different languages inside images, including most European languages, Japanese, Korean, Arabic, Vietnamese, etc.

• support qwen2-vl by @​simonJJJ in #32318

Qwen2-Audio

The Qwen2-Audio is the new model series of large audio-language models from the Qwen team. Qwen2-Audio is capable of accepting various audio signal inputs and performing audio analysis or direct textual responses with regard to speech instructions.

They introduce two distinct audio interaction modes:

• voice chat: users can freely engage in voice interactions with Qwen2-Audio without text input
• audio analysis: users could provide audio and text instructions for analysis during the interaction

• Add Qwen2-Audio by @​faychu in #32137

OLMoE

OLMoE is a series of Open Language Models using sparse Mixture-of-Experts designed to enable the science of language models. The team releases all code, checkpoints, logs, and details involved in training these models.

... (truncated)

Commits

• e71a01a manually fix PLBart tokenizer
• 0317895 v4.45.1
• 4ea1c43 clean_up_tokenization_spaces=False if unset (#31938)
• 289edd9 Generate: can_generate() recursive check (#33718)
• c64be31 [MllamaProcessor] Update errors and API with multiple image (#33715)
• 2ef31de Release: v4.45.0
• 19d58d3 Add MLLama (#33703)
• 94f18cf Add OmDet-Turbo (#31843)
• ade9e0f Corrected max number for bf16 in transformer/docs (#33658)
• 196d35c Add AdEMAMix optimizer (#33682)
• Additional commits viewable in compare view

Updates mkl from 2024.2.1 to 2024.2.2

Commits

• See full diff in compare view

Updates mkl-include from 2024.2.1 to 2024.2.2

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

pytorch/venv-requirements.txt

Package	Version	License	Issue Type
mkl-include	2024.2.2	Null	Unknown License
mkl	2024.2.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/datasets	3.0.1	🟢 5.8	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/peft	0.13.0	Unknown	Unknown
pip/protobuf	5.28.2	🟢 5.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 24 out of 24 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 0 found 29 unreviewed changesets out of 30 -- score normalized to 0 Contributors 🟢 10 12 different organizations found -- score normalized to 10 Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 3 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 0 out of 5 artifacts are signed or have provenance Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 7 3 existing vulnerabilities detected
pip/tokenizers	0.20.0	🟢 5	Details Check Score Reason Code-Review 🟢 8 Found 24/27 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 12 existing vulnerabilities detected
pip/transformers	4.45.1	🟢 4.4	Details Check Score Reason Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 463 existing vulnerabilities detected
pip/mkl	2024.2.2	Unknown	Unknown
pip/mkl-include	2024.2.2	Unknown	Unknown

Scanned Manifest Files

pytorch/hf-genai-requirements.txt

• datasets@3.0.1
• peft@0.13.0
• protobuf@5.28.2
• tokenizers@0.20.0
• transformers@4.45.1
• datasets@3.0.0
• peft@0.12.0
• protobuf@5.28.1
• tokenizers@0.19.1
• transformers@4.44.2

pytorch/venv-requirements.txt

• mkl@2024.2.2
• mkl-include@2024.2.2
• mkl@2024.2.1
• mkl-include@2024.2.1

[tylertitsworth]

@dependabot rebase

[tylertitsworth]

@dependabot rebase

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.