Patch release to resolve some critical issues relating to the recent cache refactor, flash attention refactor and training in the multi-gpu and multi-node settings:
Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)
2.0.6
Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)
2.0.5
Allowed pyOpenSSL third-party module without any deprecation warning. #3126
Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066
Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.
2.0.6 (2023-10-02)
Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
2.0.5 (2023-09-20)
Allowed pyOpenSSL third-party module without any deprecation warning. ([#3126](https://github.com/urllib3/urllib3/issues/3126) <https://github.com/urllib3/urllib3/issues/3126>__)
Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. ([#3066](https://github.com/urllib3/urllib3/issues/3066) <https://github.com/urllib3/urllib3/issues/3066>__)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NEOS-AI/Neosearch/network/alerts).
Bumps the pip group with 7 updates in the /samples/bi_encoding_sbert directory:
4.36.0
4.36.2
3.9.0
3.9.1
2023.7.22
2023.11.17
3.1.2
3.1.3
10.0.1
10.2.0
13.0.0
14.0.1
2.0.4
2.0.7
Updates
transformers
from 4.36.0 to 4.36.2Release notes
Sourced from transformers's releases.
Commits
a7cab3c
Release: v4.36.2f6d6189
Fix bug for checkpoint saving on multi node training setting (#28078)64bcf77
fix resuming from ckpt when using FSDP with FULL_STATE_DICT (#27891)780376f
[Modeling
/Mixtral
] Fix GC + PEFT issues with Mixtral (#28061)6e4429f
[FA-2
] Fix fa-2 issue when passingconfig
tofrom_pretrained
(#28043)f33b061
Generate: Mistral/Mixtral FA2 cache fix when going beyond the context window ...d1dec79
[core
/modeling
] Fix training bug with PEFT + GC (#28031)c48787f
fix seamless importbd65410
Release: v4.36.16342b9b
Fix bug with rotating checkpoints (#28009)Updates
aiohttp
from 3.9.0 to 3.9.1Release notes
Sourced from aiohttp's releases.
Changelog
Sourced from aiohttp's changelog.
Commits
6333c02
Release v3.9.1 (#7911)9dbd273
[PR #7673/aa7d1a8f backport][3.9] Document release process (#7909)dd175b6
Fix regression with connection upgrade (#7879) (#7908)946523d
Fix flaky websocket test (#7902) (#7904)ddc2a26
[PR #7896/9a7cfe77 backport][3.9] Fix some flaky tests (#7900)2ae4d6f
Message is not upgraded if Upgrade header is missing (#7895) (#7898)bb11101
Restore async concurrency safety to websocket compressor (#7865) (#7889)6dd0122
Update dependabot.yml (#7888)41a9f1f
Bump mypy from 1.7.0 to 1.7.1 (#7882)a049701
Fix usage of proxy.py in test_proxy_functional (#7773) (#7876)Updates
certifi
from 2023.7.22 to 2023.11.17Commits
515962b
Merge pull request #252 from certifi/create-pull-request/patch28b2a0d
2023.11.177ccda9f
Bump actions/checkout from 4.1.0 to 4.1.1 (#251)5e4bb9e
Bump actions/setup-python from 4.7.0 to 4.7.1 (#248)610354f
Bump actions/checkout from 4.0.0 to 4.1.0 (#247)2d98c76
Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#246)7f0e639
ci: add minimal permissions to workflows bump.yml and release.yml (#245)600713d
Bump actions/checkout from 3.6.0 to 4.0.0 (#244)0435b2a
Bump actions/checkout from 3.5.3 to 3.6.0 (#242)25ea83a
Fix bashUpdates
jinja2
from 3.1.2 to 3.1.3Release notes
Sourced from jinja2's releases.
Changelog
Sourced from jinja2's changelog.
Commits
d9de4bb
release version 3.1.350124e1
skip test pypi9ea7222
use trusted publishingda703f7
use trusted publishingbce1746
use trusted publishing7277d80
update pre-commit hooks5c8a105
Make nested-trans-block exceptions nicer (#1918)19a55db
Make nested-trans-block exceptions nicer7167953
Merge pull request from GHSA-h5c8-rqwp-cp957dd3680
xmlattr filter disallows keys with spacesUpdates
pillow
from 10.0.1 to 10.2.0Release notes
Sourced from pillow's releases.
... (truncated)
Changelog
Sourced from pillow's changelog.
... (truncated)
Commits
6956d0b
10.2.0 version bump31c8dac
Merge pull request #7675 from python-pillow/pre-commit-ci-update-config40a3f91
Merge pull request #7674 from nulano/url-examplecb41b0c
[pre-commit.ci] pre-commit autoupdatede62b25
fix image url in "Reading from URL" example7c526a6
Update CHANGES.rst [ci skip]d93a5ad
Merge pull request #7553 from bgilbert/jpeg-rgbaed764f
Update CHANGES.rst [ci skip]f8df530
Merge pull request #7672 from nulano/imagefont-negative-crop24e9485
Merge pull request #7671 from radarhere/imagetransformUpdates
pyarrow
from 13.0.0 to 14.0.1Commits
ba53748
MINOR: [Release] Update versions for 14.0.1529f376
MINOR: [Release] Update .deb/.rpm changelogs for 14.0.1b84bbca
MINOR: [Release] Update CHANGELOG.md for 14.0.1f141709
GH-38607: [Python] Disable PyExtensionType autoload (#38608)5a37e74
GH-38431: [Python][CI] Update fs.type_name checks for s3fs tests (#38455)2dcee3f
MINOR: [Release] Update versions for 14.0.0297428c
MINOR: [Release] Update .deb/.rpm changelogs for 14.0.03e9734f
MINOR: [Release] Update CHANGELOG.md for 14.0.09f90995
GH-38332: [CI][Release] Resolve symlinks in RAT lint (#38337)bd61239
GH-35531: [Python] C Data Interface PyCapsule Protocol (#37797)Updates
urllib3
from 2.0.4 to 2.0.7Release notes
Sourced from urllib3's releases.
Changelog
Sourced from urllib3's changelog.
Commits
56f01e0
Release 2.0.74e50fbc
Merge pull request from GHSA-g4mx-q9vg-27p480808b0
Fix docs build on Python 3.12 (#3144)f28deff
Add 1.26.17 to the current changelog262e3e3
Release 2.0.6644124e
Merge pull request from GHSA-v845-jxx5-vc9f740380c
Bump cryptography from 41.0.3 to 41.0.4 (#3131)d9f85a7
Release 2.0.5d41f412
Undeprecate pyOpenSSL module (#3127)b6c04cb
Fix a link to "absolute URI" definition (#3128)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show