Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 5 updates #16

Closed
wants to merge 1 commit into from
Closed

Bump the pip group across 1 directory with 5 updates #16

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Apr 3, 2024

Bumps the pip group with 5 updates in the / directory:

Package From To
transformers 4.25.1 4.36.0
gradio 3.29.0 4.19.2
pillow 9.4.0 10.3.0
gitpython 3.1.30 3.1.41
fastapi 0.94.0 0.109.1

Updates transformers from 4.25.1 to 4.36.0

Release notes

Sourced from transformers's releases.

v4.36: Mixtral, Llava/BakLlava, SeamlessM4T v2, AMD ROCm, F.sdpa wide-spread support

New model additions

Mixtral

Mixtral is the new open-source model from Mistral AI announced by the blogpost Mixtral of Experts. The model has been proven to have comparable capabilities to Chat-GPT according to the benchmark results shared on the release blogpost.

The architecture is a sparse Mixture of Experts with Top-2 routing strategy, similar as NllbMoe architecture in transformers. You can use it through AutoModelForCausalLM interface:

>>> import torch
>>> from transformers import AutoModelForCausalLM, AutoTokenizer
>>> model = AutoModelForCausalLM.from_pretrained("mistralai/Mixtral-8x7B", torch_dtype=torch.float16, device_map="auto")
>>> tokenizer = AutoTokenizer.from_pretrained("mistralai/Mistral-8x7B")
>>> prompt = "My favourite condiment is"
>>> model_inputs = tokenizer([prompt], return_tensors="pt").to(device)
>>> model.to(device)
>>> generated_ids = model.generate(**model_inputs, max_new_tokens=100, do_sample=True)
>>> tokenizer.batch_decode(generated_ids)[0]

The model is compatible with existing optimisation tools such Flash Attention 2, bitsandbytes and PEFT library. The checkpoints are release under mistralai organisation on the Hugging Face Hub.

Llava / BakLlava

Llava is an open-source chatbot trained by fine-tuning LlamA/Vicuna on GPT-generated multimodal instruction-following data. It is an auto-regressive language model, based on the transformer architecture. In other words, it is an multi-modal version of LLMs fine-tuned for chat / instructions.

The Llava model was proposed in Improved Baselines with Visual Instruction Tuning by Haotian Liu, Chunyuan Li, Yuheng Li and Yong Jae Lee.

The integration also includes BakLlava which is a Llava model trained with Mistral backbone.

The mode is compatible with "image-to-text" pipeline:

from transformers import pipeline
from PIL import Image    
import requests
model_id = "llava-hf/llava-1.5-7b-hf"
</tr></table>

... (truncated)

Commits

Updates gradio from 3.29.0 to 4.19.2

Release notes

Sourced from gradio's releases.

@​gradio/model3d@​0.8.9

Dependency updates

  • @​gradio/upload@​0.8.3
  • @​gradio/client@​0.15.0

@​gradio/model3d@​0.8.8

Dependency updates

  • @​gradio/atoms@​0.6.1
  • @​gradio/statustracker@​0.4.10
  • @​gradio/icons@​0.3.4
  • @​gradio/upload@​0.8.2

@​gradio/model3d@​0.8.7

Dependency updates

  • @​gradio/upload@​0.8.1
  • @​gradio/statustracker@​0.4.9
  • @​gradio/wasm@​0.10.0
  • @​gradio/atoms@​0.6.0
Changelog

Sourced from gradio's changelog.

4.19.2

Features

Fixes

4.19.1

Features

Fixes

4.19.0

Features

Fixes

... (truncated)

Commits

Updates pillow from 9.4.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

  • CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

  • Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

  • Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

  • Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

  • Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

  • Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

  • Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

  • Determine MPO size from markers, not EXIF data #7884 [radarhere]

  • Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

  • Support FITS images with GZIP_1 compression #7894 [radarhere]

  • Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

  • Raise ValueError if kmeans is negative #7891 [radarhere]

  • Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

  • Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

  • Added reading of JPEG2000 palettes #7870 [radarhere]

  • Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits
  • 5c89d88 10.3.0 version bump
  • 63cbfcf Update CHANGES.rst [ci skip]
  • 2776126 Merge pull request #7928 from python-pillow/lcms
  • aeb51cb Merge branch 'main' into lcms
  • 5beb0b6 Update CHANGES.rst [ci skip]
  • cac6ffa Merge pull request #7927 from python-pillow/imagemath
  • f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
  • facf3af Added release notes
  • 2a93aba Use strncpy to avoid buffer overflow
  • a670597 Update CHANGES.rst [ci skip]
  • Additional commits viewable in compare view

Updates gitpython from 3.1.30 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @​EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

... (truncated)

Commits
  • f288738 bump patch level
  • ef3192c Merge pull request #1792 from EliahKagan/popen
  • 1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
  • 3eb7c2a Move safer_popen from git.util to git.cmd
  • c551e91 Extract shared logic for using Popen safely on Windows
  • 15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
  • f44524a Avoid spurious "location may have moved" on Windows
  • a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
  • 7751436 Extract venv management from test_installation
  • 66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
  • Additional commits viewable in compare view

Updates fastapi from 0.94.0 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

  • ⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

Refactors

  • ✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @​emmettbutler.
  • ♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @​eukub.
  • 🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @​jiridanek.
  • ✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @​ooknimm.

Docs

Translations

  • 🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @​pablocm83.
  • 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @​SnowSuno.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 5 updates
5f8a8ae 
Bumps the pip group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [transformers](https://github.com/huggingface/transformers) | `4.25.1` | `4.36.0` |
| [gradio](https://github.com/gradio-app/gradio) | `3.29.0` | `4.19.2` |
| [pillow](https://github.com/python-pillow/Pillow) | `9.4.0` | `10.3.0` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.30` | `3.1.41` |
| [fastapi](https://github.com/tiangolo/fastapi) | `0.94.0` | `0.109.1` |



Updates `transformers` from 4.25.1 to 4.36.0
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.25.1...v4.36.0)

Updates `gradio` from 3.29.0 to 4.19.2
- [Release notes](https://github.com/gradio-app/gradio/releases)
- [Changelog](https://github.com/gradio-app/gradio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gradio-app/gradio/compare/[email protected])

Updates `pillow` from 9.4.0 to 10.3.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@9.4.0...10.3.0)

Updates `gitpython` from 3.1.30 to 3.1.41
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.30...3.1.41)

Updates `fastapi` from 0.94.0 to 0.109.1
- [Release notes](https://github.com/tiangolo/fastapi/releases)
- [Commits](fastapi/fastapi@0.94.0...0.109.1)

---
updated-dependencies:
- dependency-name: transformers
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: gradio
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: pillow
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: gitpython
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: fastapi
  dependency-type: direct:production
  dependency-group: pip-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 3, 2024
@dependabot dependabot bot mentioned this pull request Apr 3, 2024
Closed
@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Apr 3, 2024

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Apr 10, 2024

Superseded by #17.

@dependabot dependabot bot closed this Apr 10, 2024
@dependabot dependabot bot deleted the dependabot/pip/pip-security-group-ca5bfd7fe4 branch April 10, 2024 22:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants