search

foundation-model-stack / fms-hf-tuning

🚀 Collection of tuning recipes with HuggingFace SFTTrainer and PyTorch FSDP.
Apache License 2.0
28 stars 48 forks source link

build(deps): Update simpleeval requirement from <1.0,>=0.9.13 to >=0.9.13,<2.0 #369

Open dependabot[bot] opened 1 month ago

dependabot[bot] commented 1 month ago

Updates the requirements on simpleeval to permit the latest version.

Release notes

Sourced from simpleeval's releases.

1.0.0

What's new in this release?

  • Fix a sandbox escape via generators and _frame methods.
  • Supporting dictionary comprehensions
  • A custom exception rather than KeyError when names not found
  • Dropping support for old python versions - if you need pre 3.9, then you can use an older version
  • Various cleanups & tidying warnings, deprecation warnings etc.

So 1.0 as a 'this is the way it works'. It's been basically stable for years now, I've just never called it that - hopefully now this draws a line in what's possible without breaking changes.

There's lots of ideas to make it better - but that's better as a new 2.x branch with allowing a few breaking changes (mostly for security).

Commits
  • f046223 Merge pull request #144 from danthedeckie/1.0.0
  • 0fe45bb Fix licence & classifier info for pypi
  • eced404 README bump badges
  • 07f3363 Hacky make codecov see new lines are tested.
  • 5c38a5c Bump copyright year.
  • 014f2e8 Merge pull request #126 from danthedeckie/better-names-exceptions
  • ee16fd3 README fixes
  • 983f4e0 Don't misuse KeyError for the custom names function.
  • 166e90f Merge pull request #150 from danthedeckie/dictcomp-support
  • c9dcca1 delint and add contib to README
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
github-actions[bot] commented 1 month ago

Thanks for making a pull request! 😃 One of the maintainers will review and advise on the next steps.