Bump the genai-workflow group across 1 directory with 9 updates

[dependabot[bot]]

Bumps the genai-workflow group with 9 updates in the /workflows/charts/huggingface-llm directory:

Package	From	To
accelerate	0.30.1	0.31.0
datasets	2.19.0	2.20.0
einops	0.7.0	0.8.0
mkl-include	2023.2.0	2024.2.0
mkl	2023.2.0	2024.2.0
onnxruntime-extensions	0.10.1	0.11.0
onnxruntime	1.17.3	1.18.1
protobuf	4.24.4	5.27.2
psutil	5.9.5	6.0.0

Updates accelerate from 0.30.1 to 0.31.0

Release notes

Sourced from accelerate's releases.

v0.31.0: Better support for sharded state dict with FSDP and Bugfixes

Core

• Set timeout default to PyTorch defaults based on backend by @​muellerzr in huggingface/accelerate#2758
• fix duplicate elements in split_between_processes by @​hkunzhe in huggingface/accelerate#2781
• Add Elastic Launch Support to notebook_launcher by @​yhna940 in huggingface/accelerate#2788
• Fix Wrong use of sync_gradients used to implement sync_each_batch by @​fabianlim in huggingface/accelerate#2790

FSDP

• Introduce shard-merging util for FSDP by @​muellerzr in huggingface/accelerate#2772
• Enable sharded state dict + offload to cpu resume by @​muellerzr in huggingface/accelerate#2762
• Enable config for fsdp activation checkpointing by @​helloworld1 in huggingface/accelerate#2779

Megatron

• Upgrade huggingface's megatron to nvidia's megatron when use MegatronLMPlugin by @​zhangsheng377 in huggingface/accelerate#2501

What's Changed

• Add feature to allow redirecting std streams into log files when using torchrun as the launcher. by @​lyuwen in huggingface/accelerate#2740
• Update modeling.py by adding try-catch section to skip the unavailable devices by @​MeVeryHandsome in huggingface/accelerate#2681
• Fixed the problem of incorrect conditional judgment statement when configuring enable_cpu_affinity by @​statelesshz in huggingface/accelerate#2748
• Fix stacklevel in logging to log the actual user call site (instead of the call site inside the logger wrapper) of log functions by @​luowyang in huggingface/accelerate#2730
• LOMO / FIX: Support multiple optimizers by @​younesbelkada in huggingface/accelerate#2745
• Fix max_memory assignment by @​SunMarc in huggingface/accelerate#2751
• Fix duplicate environment variable check in multi-cpu condition by @​yhna940 in huggingface/accelerate#2752
• Simplify CLI args validation and ensure CLI args take precedence over config file. by @​Iain-S in huggingface/accelerate#2757
• Fix sagemaker config by @​muellerzr in huggingface/accelerate#2753
• fix cpu omp num threads set by @​jiqing-feng in huggingface/accelerate#2755
• Revert "Simplify CLI args validation and ensure CLI args take precedence over config file." by @​muellerzr in huggingface/accelerate#2763
• Enable sharded cpu resume by @​muellerzr in huggingface/accelerate#2762
• Sets default to PyTorch defaults based on backend by @​muellerzr in huggingface/accelerate#2758
• optimize get_module_leaves speed by @​BBuf in huggingface/accelerate#2756
• fix minor typo by @​TemryL in huggingface/accelerate#2767
• Fix small edge case in get_module_leaves by @​SunMarc in huggingface/accelerate#2774
• Skip deepspeed test by @​SunMarc in huggingface/accelerate#2776
• Enable config for fsdp activation checkpointing by @​helloworld1 in huggingface/accelerate#2779
• Add arg from CLI to fix failing test by @​muellerzr in huggingface/accelerate#2783
• Skip tied weights disk offload test by @​SunMarc in huggingface/accelerate#2782
• Introduce shard-merging util for FSDP by @​muellerzr in huggingface/accelerate#2772
• FIX / FSDP : Guard fsdp utils for earlier PyTorch versions by @​younesbelkada in huggingface/accelerate#2794
• Upgrade huggingface's megatron to nvidia's megatron when use MegatronLMPlugin by @​zhangsheng377 in huggingface/accelerate#2501
• Fixup CLI test by @​muellerzr in huggingface/accelerate#2796
• fix duplicate elements in split_between_processes by @​hkunzhe in huggingface/accelerate#2781
• Add Elastic Launch Support to notebook_launcher by @​yhna940 in huggingface/accelerate#2788
• Fix Wrong use of sync_gradients used to implement sync_each_batch by @​fabianlim in huggingface/accelerate#2790
• Fix type in accelerator.py by @​qgallouedec in huggingface/accelerate#2800
• fix comet ml test by @​SunMarc in huggingface/accelerate#2804
• New template by @​muellerzr in huggingface/accelerate#2808
• Fix access error for torch.mps when using torch==1.13.1 on macOS by @​SunMarc in huggingface/accelerate#2806
• 4-bit quantization meta device bias loading bug by @​SunMarc in huggingface/accelerate#2805
• State dictionary retrieval from offloaded modules by @​blbadger in huggingface/accelerate#2619
• add cuda dep for a test by @​SunMarc in huggingface/accelerate#2820

... (truncated)

Commits

• 66eefd7 Release: v0.30.1
• 83bad87 fix fstr format (#2810)
• 24d8b63 Optimize the megatron plugin (#2822)
• 4a83ee5 monitor-interval, take 2 (#2833)
• 05d240a Improve test speeds by up to 30% in multi-gpu settings (#2830)
• bad2ce4 Fix DeepSpeed config validation error by changing `stage3_prefetch_bucket_siz...
• 30cb7ec Remove out-dated xpu device check code in get_balanced_memory (#2826)
• b7fa2fa add cuda dep for a test (#2820)
• d5d378d State dictionary retrieval from offloaded modules (#2619)
• 065e74d 4-bit quantization meta device bias loading bug (#2805)
• Additional commits viewable in compare view

Updates datasets from 2.19.0 to 2.20.0

Release notes

Sourced from datasets's releases.

2.20.0

Important

• Remove default trust_remote_code=True by @​lhoestq in huggingface/datasets#6954
  • datasets with a python loading script now require passing trust_remote_code=True to be used

Datasets features

• [Resumable IterableDataset] Add IterableDataset state_dict by @​lhoestq in huggingface/datasets#6658

  • checkpoint and resume an iterable dataset (e.g. when streaming):

    >>> iterable_dataset = Dataset.from_dict({"a": range(6)}).to_iterable_dataset(num_shards=3)
    >>> for idx, example in enumerate(iterable_dataset):
    ...     print(example)
    ...     if idx == 2:
    ...         state_dict = iterable_dataset.state_dict()
    ...         print("checkpoint")
    ...         break
    >>> iterable_dataset.load_state_dict(state_dict)
    >>> print(f"restart from checkpoint")
    >>> for example in iterable_dataset:
    ...     print(example)
    

    Returns:

    {'a': 0}
    {'a': 1}
    {'a': 2}
    checkpoint
    restart from checkpoint
    {'a': 3}
    {'a': 4}
    {'a': 5}
    

General improvements and bug fixes

• Add docs about the CLI by @​albertvillanova in huggingface/datasets#6831
• Remove token arg from CLI examples by @​albertvillanova in huggingface/datasets#6839
• Allow deleting a subset/config from a no-script dataset by @​albertvillanova in huggingface/datasets#6820
• Fix line-endings in tests on Windows by @​albertvillanova in huggingface/datasets#6857
• Fix CI by temporarily pinning huggingface-hub < 0.23.0 by @​albertvillanova in huggingface/datasets#6861
• Fix dataset name for community Hub script-datasets by @​albertvillanova in huggingface/datasets#6855
• Update tqdm >= 4.66.3 to fix vulnerability by @​albertvillanova in huggingface/datasets#6870
• Fix download for dict of dicts of URLs by @​albertvillanova in huggingface/datasets#6871
• Set dev version by @​albertvillanova in huggingface/datasets#6873
• Shorten long logs by @​lhoestq in huggingface/datasets#6875
• Support jax 0.4.27 in CI tests by @​albertvillanova in huggingface/datasets#6885
• Close gzipped files properly by @​lhoestq in huggingface/datasets#6893
• Make CLI convert_to_parquet not raise error if no rights to create script branch by @​albertvillanova in huggingface/datasets#6902

... (truncated)

Commits

• 98fdc9e Release: 2.20.0 (#6969)
• af3acfd fix(ci): remove unnecessary permissions (#6962)
• 37a6036 Move info_utils errors to exceptions module (#6952)
• 9510252 Better error handling in dataset_module_factory (#6959)
• 97513be feat(ci): add trufflehog secrets detection (#6960)
• 686f5df Add support for categorical/dictionary types (#6892)
• a2dc287 Remove default trust_remote_code=True (#6954)
• 09ebf51 Validate config name and data_files in packaged modules (#6915)
• 5bbbf1b Validate config name and data_files in packaged modules (#6915)
• 6548e0e Fix typos in docs (#6957)
• Additional commits viewable in compare view

Updates einops from 0.7.0 to 0.8.0

Release notes

Sourced from einops's releases.

v0.8.0: tinygrad, small fixes and updates

TLDR

• tinygrad backend added
• resolve warning in py3.11 related to docstring
• remove graph break for unpack
• breaking TF layers were updated to follow new instructions, new layers compatible with TF 2.16, and not compatible with old TF (certainly does not work with TF2.13)

What's Changed

• Fix invalid escape sequence in einsum docstring by @​atwam in arogozhnikov/einops#298
• Tinygrad support by @​blueridanus in arogozhnikov/einops#297
• Coerce bool to int in unpack by @​drubinstein in arogozhnikov/einops#287
• Remove oneflow from testing by @​arogozhnikov in arogozhnikov/einops#289
• tests: fix torch installation to force CPU by @​arogozhnikov in arogozhnikov/einops#288
• Allow anonymous axes in parse_shape, fix #302 by @​arogozhnikov in arogozhnikov/einops#303
• Codebase standards + update TF layers by @​arogozhnikov in arogozhnikov/einops#318
• update github actions by @​arogozhnikov in arogozhnikov/einops#319

New Contributors

• @​drubinstein made their first contribution in arogozhnikov/einops#287
• @​atwam made their first contribution in arogozhnikov/einops#298
• @​blueridanus made their first contribution in arogozhnikov/einops#297

Full Changelog: https://github.com/arogozhnikov/einops/compare/v0.7.0...v0.8.0

Commits

• fe9d81d bump version to 0.8.0
• 10e19b4 prepare readme for a new release
• b67cfea Rename KerasBackend -> TFKerasBackend to avoid confusion with keras 3.
• f33113e update github actions
• cff63f2 Codebase standards + update TF layers (#318)
• 2ab5c2a switch to stable paddlepaddle in testing, because of https://github.com/Paddl...
• 60b87de remove announcement
• 5655ce1 Merge pull request #303 from arogozhnikov/dev
• 5b41d90 allow anonymous axes in parse_shape, fix #302
• 9a9b304 delete experimental data-api_packing as production version is available now
• Additional commits viewable in compare view

Updates mkl-include from 2023.2.0 to 2024.2.0

Updates mkl from 2023.2.0 to 2024.2.0

Commits

• See full diff in compare view

Updates onnxruntime-extensions from 0.10.1 to 0.11.0

Release notes

Sourced from onnxruntime-extensions's releases.

v0.11.0

What's changed

• Created Java packaging pipeline and published to Maven repository.
• Added support for conversion of Huggingface FastTokenizer into ONNX custom operator.
• Unified the SentencePiece tokenizer with other Byte Pair Encoding (BPE) based tokenizers.
• Fixed Whisper large model pre-processing bug.
• Enabled eager execution for custom operator and refactored the header file structure.

Contributions

Contributors to ONNX Runtime Extensions include members across teams at Microsoft, along with our community members: @​sayanshaw24 @​wenbingl @​skottmckay @​natke @​hariharans29 @​jslhcl @​snnn @​kazssym @​YUNQIUGUO @​souptc @​yihonglyu

Commits

• 8d8670f Fix the Linux and MacOS wheel build for packaging issues (#727)
• b988f0d Update onebranch-windows-build-stage.yml
• b1989b7 Revert net7.0 update for now (#701) (#712)
• 1f31d33 Eager mode: cuda kernel support (#694)
• 627e93a fix version in renaming (#692)
• f9290e8 Add a status class for future tokenizer API implementation (#690)
• 6464627 Refactor the header file directory and integrate the eager tensor implementat...
• fe8cd9e Add extensions catalyst support (#684)
• a96ed42 Update ext_java.cmake (#688)
• 00a594f Standardize the inputs for ONNX STFT op for Whisper model (#681)
• Additional commits viewable in compare view

Updates onnxruntime from 1.17.3 to 1.18.1

Release notes

Sourced from onnxruntime's releases.

ONNX Runtime v1.18.1

What's new?

Announcements:

• ONNX Runtime Python packages now have numpy dependency >=1.21.6, <2.0. Support for numpy 2.0 will be added in a future release.
• CUDA 12.x ONNX Runtime GPU packages are now built against cuDNN 9.x (1.18.0 packages previously depended on cuDNN 8.x). CUDA 11.x ONNX Runtime GPU packages continue to depend on CuDNN 8.x.
• Windows packages require installation of Microsoft Visual C++ Redistributable Runtime 14.38 or newer.

TensorRT EP:

• TensorRT Weightless API integration.
• Support for TensorRT hardware compatible engines.
• Support for INT64 types in TensorRT constant layer calibration.
• Now using latest commit of onnx-tensorrt parser, which includes several issue fixes.
• Additional TensorRT support and performance improvements.

Packages:

• Publish CUDA 12 Java packages to Azure DevOps feed.
• Various packaging pipeline fixes.

This patch release also features various other bug fixes, including a CUDA 12.5 build error fix.

Big thank you to @​yf711 for driving this release as the release manager and to all our contributors!

@​yf711 @​jchen351 @​mszhanyi @​snnn @​wangyems @​jywu-msft @​skottmckay @​chilo-ms @​moraxu @​kevinch-nv @​pengwa @​wejoncy @​pranavsharma @​Craigacp @​jslhcl @​adrianlizarraga @​inisis @​jeffbloo @​mo-ja @​kunal-vaishnavi @​sumitsays @​neNasko1 @​yufenglee @​dhruvbird @​wangshuai09 @​xiaoyu-work @​axinging @​yuslepukhin @​YUNQIUGUO @​shubhambhokare1 @​fs-eire @​afantino951 @​tboby @​HectorSVC @​baijumeswani

ONNX Runtime v1.18.0

Announcements

• Windows ARM32 support has been dropped at the source code level.
• Python version >=3.8 is now required for build.bat/build.sh (previously >=3.7). Note: If you have Python version <3.8, you can bypass the tools and use CMake directly.
• The onnxruntime-mobile Android package and onnxruntime-mobile-c/onnxruntime-mobile-objc iOS cocoapods are being deprecated. Please use the onnxruntime-android Android package, and onnxruntime-c/onnxruntime-objc cocoapods, which support ONNX and ORT format models and all operators and data types. Note: If you require a smaller binary size, a custom build is required. See details on creating a custom Android or iOS package on Custom build | onnxruntime.

Build System & Packages

• CoreML execution provider now depends on coremltools.
• Flatbuffers has been upgraded from 1.12.0 → 23.5.26.
• ONNX has been upgraded from 1.15 → 1.16.
• EMSDK has been upgraded from 3.1.51 → 3.1.57.
• Intel neural_speed library has been upgraded from v0.1.1 → v0.3 with several important bug fixes.
• There is a new onnxruntime_CUDA_MINIMAL CMake option for building ONNX Runtime CUDA execution provider without any operations apart from memcpy ops.
• Added support for Catalyst for macOS build support.
• Added initial support for RISC-V and three new build options for it: --rv64, --riscv_toolchain_root, and --riscv_qemu_path.
• Now you can build TensorRT EP with protobuf-lite instead of the full version of protobuf.
• Some security-related compile/link flags have been moved from the default setting → new build option: --use_binskim_compliant_compile_flags. Note: All our release binaries are built with this flag, but when building ONNX Runtime from source, this flag is default OFF.
• Windows ARM64 build now depends on PyTorch CPUINFO library.
• Windows OneCore build now uses “Reverse forwarding” apisets instead of “Direct forwarding”, so onnxruntime.dll in our Nuget packages will depend on kernel32.dll. Note: Windows systems without kernel32.dll need to have reverse forwarders (see API set loader operation - Win32 apps | Microsoft Learn for more information).

Core

• Added ONNX 1.16 support.
• Added additional optimizations related to Dynamo-exported models.
• Improved testing infrastructure for EPs developed as shared libraries.
• Exposed Reserve() in OrtAllocator to allow custom allocators to work when session.use_device_allocator_for_initializers is specified.

... (truncated)

Commits

• 3871274 [ORT 1.18.1 Release] Update ORT numpy dependency to >=1.21.6,<2.0 (#21141)
• d0aee20 [ORT 1.18.1 Release] Cherry pick 3rd round (#21129)
• 8bfcf14 [ORT 1.18.1 Release] update 1.18.1 patch release version (#21143)
• 25ab935 [ORT 1.18.1 Release] Cherry pick 2nd round (#21111)
• 91fb865 [ORT 1.18.1 Release] Cherry pick 1st round (#21105)
• 4573740 [ORT 1.18.0 Release] Cherry pick 3rd/Final round (#20677)
• ed349b9 Mark end of version 17 and 18 C API (#20671)
• d72b476 [ORT 1.18.0 Release] Cherry pick 2nd round (#20620)
• 65f3fbf [ORT 1.18.0 Release] Cherry pick 1st round (#20585)
• 204f1f5 Run fuzz testing before the CG task cleans up the build directory (#20500) (#...
• Additional commits viewable in compare view

Updates protobuf from 4.24.4 to 5.27.2

Commits

• 63def39 Updating version.json and repo version numbers to: 27.2
• 19bd211 Port windows bootstrapping fix (#17225)
• 4923b8d Fix string_type bugs in edition 2023 (#17211)
• b0a3c23 Merge pull request #17164 from protocolbuffers/cp-stubs
• 270ca66 Cleanup imports and comments in V3 stubs.
• 1e360a4 Add stubs for GeneratedMessageV3, RepeatedFieldBuilderV3, SingleFieldBuilderV...
• 9cfb59b Add simple conformance test that builds the old gencode against the current r...
• 6c6f514 Merge pull request #17161 from protocolbuffers/backport-java
• c7a006a Fix checking unknown field set empty which wasn't exposed yet in 27.x
• 2426a02 Reserialize all unresolved features using java features from the generated po...
• Additional commits viewable in compare view

Updates psutil from 5.9.5 to 6.0.0

Changelog

Sourced from psutil's changelog.

6.0.0

2024-06-18

Enhancements

• 2109_: maxfile and maxpath fields were removed from the namedtuple returned by disk_partitions()_. Reason: on network filesystems (NFS) this can potentially take a very long time to complete.
• 2366_, [Windows]: log debug message when using slower process APIs.
• 2375_, [macOS]: provide arm64 wheels. (patch by Matthieu Darbois)
• 2396_: process_iter()_ no longer pre-emptively checks whether PIDs have been reused. This makes process_iter()_ around 20x times faster.
• 2396_: a new psutil.process_iter.cache_clear() API can be used the clear process_iter()_ internal cache.
• 2401_, Support building with free-threaded CPython 3.13. (patch by Sam Gross)
• 2407_: Process.connections()_ was renamed to Process.net_connections()_. The old name is still available, but it's deprecated (triggers a DeprecationWarning) and will be removed in the future.
• 2425_: [Linux]: provide aarch64 wheels. (patch by Matthieu Darbois / Ben Raz)

Bug fixes

• 2250_, [NetBSD]: Process.cmdline()_ sometimes fail with EBUSY. It usually happens for long cmdlines with lots of arguments. In this case retry getting the cmdline for up to 50 times, and return an empty list as last resort.
• 2254_, [Linux]: offline cpus raise NotImplementedError in cpu_freq() (patch by Shade Gladden)
• 2272_: Add pickle support to psutil Exceptions.
• 2359_, [Windows], [CRITICAL]: pid_exists()_ disagrees with Process_ on whether a pid exists when ERROR_ACCESS_DENIED.
• 2360_, [macOS]: can't compile on macOS < 10.13. (patch by Ryan Schmidt)
• 2362_, [macOS]: can't compile on macOS 10.11. (patch by Ryan Schmidt)
• 2365_, [macOS]: can't compile on macOS < 10.9. (patch by Ryan Schmidt)
• 2395_, [OpenBSD]: pid_exists()_ erroneously return True if the argument is a thread ID (TID) instead of a PID (process ID).
• 2412_, [macOS]: can't compile on macOS 10.4 PowerPC due to missing MNT_ constants.

Porting notes

Version 6.0.0 introduces some changes which affect backward compatibility:

• 2109_: the namedtuple returned by disk_partitions()_' no longer has maxfile and maxpath fields.
• 2396_: process_iter()_ no longer pre-emptively checks whether PIDs have been reused. If you want to check for PID reusage you are supposed to use Process.is_running()_ against the yielded Process_ instances. That will also automatically remove reused PIDs from process_iter()_ internal cache.

... (truncated)

Commits

• 3d5522a release
• 5b30ef4 Add aarch64 manylinux wheels (#2425)
• 1d092e7 test subprocesses: sleep() with an interval of 0.1 to make the test process m...
• 5f80c12 Fix #2412, [macOS]: can't compile on macOS 10.4 PowerPC due to missing MNT_...
• 89b6096 process_iter(): use another global var to keep track of reused PIDs
• 9421bf8 openbsd: skip test if cmdline() returns [] due to EBUSY
• 4b1a054 Fix #2250 / NetBSD / cmdline: retry on EBUSY. (#2421)
• 20be5ae ruff: enable and fix 'unused variable' rule
• 5530985 chore(ci): update actions (#2417)
• 1c7cb0a Don't build with limited API for 3.13 free-threaded build (#2402)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

workflows/charts/huggingface-llm/requirements.txt

Package	Version	License	Issue Type
mkl-include	2024.2.0	Null	Unknown License
mkl	2024.2.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/accelerate	0.31.0	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 9 Found 28/30 approved changesets -- score normalized to 9 Maintained :green_circle: 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Signed-Releases :warning: -1 no releases found Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 3 SAST tool is not run on all commits -- score normalized to 3
pip/datasets	2.20.0	:green_circle: 6	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 5 Found 16/30 approved changesets -- score normalized to 5 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/einops	0.8.0	:green_circle: 5	Details Check Score Reason Code-Review :warning: 2 Found 4/20 approved changesets -- score normalized to 2 Maintained :green_circle: 10 8 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases :warning: -1 no releases found Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy :warning: 0 security policy file not detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/mkl	2024.2.0	Unknown	Unknown
pip/mkl-include	2024.2.0	Unknown	Unknown
pip/onnxruntime	1.18.1	:green_circle: 6.8	Details Check Score Reason Code-Review :green_circle: 10 all last 30 commits are reviewed through GitHub Maintained :green_circle: 10 30 commit(s) out of 30 and 8 issue activity out of 30 found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no badge detected Vulnerabilities :green_circle: 10 no vulnerabilities detected Signed-Releases :warning: 0 0 out of 5 artifacts are signed or have provenance Branch-Protection :green_circle: 8 branch protection is not maximal on development and all release branches Security-Policy :green_circle: 10 security policy file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 no published package detected License :green_circle: 10 license file detected Token-Permissions :warning: 0 non read-only tokens detected in GitHub workflows Dependency-Update-Tool :green_circle: 10 update tool detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/onnxruntime-extensions	0.11.0	:green_circle: 6.1	Details Check Score Reason Code-Review :green_circle: 9 Found 29/30 approved changesets -- score normalized to 9 Maintained :green_circle: 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Binary-Artifacts :green_circle: 7 binaries present in source code Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/protobuf	5.27.2	:green_circle: 6.9	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 22 out of 22 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :warning: 1 found 25 unreviewed changesets out of 30 -- score normalized to 1 Contributors :green_circle: 10 13 different organizations found -- score normalized to 10 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :green_circle: 10 project is fuzzed License :green_circle: 9 license file detected Maintained :green_circle: 10 30 commit(s) out of 30 and 4 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging :warning: -1 no published package detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 SAST :warning: 1 SAST tool is not run on all commits -- score normalized to 1 Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: 0 0 out of 5 artifacts are signed or have provenance Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 7 3 existing vulnerabilities detected
pip/psutil	6.0.0	:green_circle: 5.8	Details Check Score Reason Maintained :green_circle: 10 24 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 2 Found 8/30 approved changesets -- score normalized to 2 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Security-Policy :green_circle: 10 security policy file detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/accelerate	0.30.1	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 9 Found 28/30 approved changesets -- score normalized to 9 Maintained :green_circle: 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Signed-Releases :warning: -1 no releases found Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 3 SAST tool is not run on all commits -- score normalized to 3
pip/datasets	2.19.0	:green_circle: 6	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 5 Found 16/30 approved changesets -- score normalized to 5 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/einops	0.7.0	:green_circle: 5	Details Check Score Reason Code-Review :warning: 2 Found 4/20 approved changesets -- score normalized to 2 Maintained :green_circle: 10 8 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases :warning: -1 no releases found Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy :warning: 0 security policy file not detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/mkl	2023.2.0	Unknown	Unknown
pip/mkl-include	2023.2.0	Unknown	Unknown
pip/onnxruntime	1.17.3	:green_circle: 6.8	Details Check Score Reason Code-Review :green_circle: 10 all last 30 commits are reviewed through GitHub Maintained :green_circle: 10 30 commit(s) out of 30 and 8 issue activity out of 30 found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no badge detected Vulnerabilities :green_circle: 10 no vulnerabilities detected Signed-Releases :warning: 0 0 out of 5 artifacts are signed or have provenance Branch-Protection :green_circle: 8 branch protection is not maximal on development and all release branches Security-Policy :green_circle: 10 security policy file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 no published package detected License :green_circle: 10 license file detected Token-Permissions :warning: 0 non read-only tokens detected in GitHub workflows Dependency-Update-Tool :green_circle: 10 update tool detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/onnxruntime-extensions	0.10.1	:green_circle: 6.1	Details Check Score Reason Code-Review :green_circle: 9 Found 29/30 approved changesets -- score normalized to 9 Maintained :green_circle: 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Binary-Artifacts :green_circle: 7 binaries present in source code Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/protobuf	4.24.4	:green_circle: 6.9	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 22 out of 22 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :warning: 1 found 25 unreviewed changesets out of 30 -- score normalized to 1 Contributors :green_circle: 10 13 different organizations found -- score normalized to 10 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :green_circle: 10 project is fuzzed License :green_circle: 9 license file detected Maintained :green_circle: 10 30 commit(s) out of 30 and 4 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging :warning: -1 no published package detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 SAST :warning: 1 SAST tool is not run on all commits -- score normalized to 1 Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: 0 0 out of 5 artifacts are signed or have provenance Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 7 3 existing vulnerabilities detected
pip/psutil	5.9.5	:green_circle: 5.8	Details Check Score Reason Maintained :green_circle: 10 24 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 2 Found 8/30 approved changesets -- score normalized to 2 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Security-Policy :green_circle: 10 security policy file detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

workflows/charts/huggingface-llm/requirements.txt

• accelerate@0.31.0
• datasets@2.20.0
• einops@0.8.0
• mkl@2024.2.0
• mkl-include@2024.2.0
• onnxruntime@1.18.1
• onnxruntime-extensions@0.11.0
• protobuf@5.27.2
• psutil@6.0.0
• accelerate@0.30.1
• datasets@2.19.0
• einops@0.7.0
• mkl@2023.2.0
• mkl-include@2023.2.0
• onnxruntime@1.17.3
• onnxruntime-extensions@0.10.1
• protobuf@4.24.4
• psutil@5.9.5

[github-advanced-security[bot]]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[dependabot[bot]]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml