Bump the pytorch group across 1 directory with 7 updates

[dependabot[bot]]

Bumps the pytorch group with 7 updates in the /pytorch directory:

Package	From	To
torch	2.1.0.post0+cxx11.abi	2.3.1
torchvision	0.16.0.post0+cxx11.abi	0.18.1
torchaudio	2.1.0.post0+cxx11.abi	2.3.1
intel-extension-for-pytorch	2.1.20+xpu	2.3.100+cpu
oneccl-bind-pt	2.1.200	2.3.0+cpu
jupyterlab	4.3.0a0	4.3.0a1
notebook	7.3.0a0	7.3.0a1

Updates torch from 2.1.0.post0+cxx11.abi to 2.3.1

Release notes

Sourced from torch's releases.

PyTorch 2.3.1 Release, bug fix release

This release is meant to fix the following issues (regressions / silent correctness):

Torch.compile:

• Remove runtime dependency on JAX/XLA, when importing torch.__dynamo (pytorch/pytorch#124634)
• Hide Plan failed with a cudnnException warning (pytorch/pytorch#125790)
• Fix CUDA memory leak (pytorch/pytorch#124238) (pytorch/pytorch#120756)

Distributed:

• Fix format_utils executable, which was causing it to run as a no-op (pytorch/pytorch#123407)
• Fix regression with device_mesh in 2.3.0 during initialization causing memory spikes (pytorch/pytorch#124780)
• Fix crash of FSDP + DTensor with ShardingStrategy.SHARD_GRAD_OP (pytorch/pytorch#123617)
• Fix failure with distributed checkpointing + FSDP if at least 1 forward/backward pass has not been run. (pytorch/pytorch#121544) (pytorch/pytorch#127069)
• Fix error with distributed checkpointing + FSDP, and with use_orig_params = False and activation checkpointing (pytorch/pytorch#124698) (pytorch/pytorch#126935)
• Fix set_model_state_dict errors on compiled module with non-persistent buffer with distributed checkpointing (pytorch/pytorch#125336) (pytorch/pytorch#125337)

MPS:

• Fix data corruption when coping large (>4GiB) tensors (pytorch/pytorch#124635)
• Fix Tensor.abs() for complex (pytorch/pytorch#125662)

Packaging:

• Fix UTF-8 encoding on Windows .pyi files (pytorch/pytorch#124932)
• Fix import torch failure when wheel is installed for a single user on Windows(pytorch/pytorch#125684)
• Fix compatibility with torchdata 0.7.1 (pytorch/pytorch#122616)
• Fix aarch64 docker publishing to https://ghcr.io (pytorch/pytorch#125617)
• Fix performance regression an aarch64 linux (pytorch/builder#1803)

Other:

• Fix DeepSpeed transformer extension build on ROCm (pytorch/pytorch#121030)
• Fix kernel crash on tensor.dtype.to_complex() after ~100 calls in ipython kernel (pytorch/pytorch#125154)

Release tracker pytorch/pytorch#125425 contains all relevant pull requests related to this release as well as links to related issues.

PyTorch 2.3: User-Defined Triton Kernels in torch.compile, Tensor Parallelism in Distributed

PyTorch 2.3 Release notes

• Highlights
• Backwards Incompatible Changes
• Deprecations
• New Features
• Improvements
• Bug fixes
• Performance
• Documentation

Highlights

We are excited to announce the release of PyTorch® 2.3! PyTorch 2.3 offers support for user-defined Triton kernels in torch.compile, allowing for users to migrate their own Triton kernels from eager without experiencing performance complications or graph breaks. As well, Tensor Parallelism improves the experience for training Large Language Models using native PyTorch functions, which has been validated on training runs for 100B parameter models.

This release is composed of 3393 commits and 426 contributors since PyTorch 2.2. We want to sincerely thank our dedicated community for your contributions. As always, we encourage you to try these out and report any issues as we improve 2.3. More information about how to get started with the PyTorch 2-series can be found at our Getting Started page.

... (truncated)

Commits

• See full diff in compare view

Updates torchvision from 0.16.0.post0+cxx11.abi to 0.18.1

Release notes

Sourced from torchvision's releases.

TorchVision 0.18.1 Release

This is a patch release, which is compatible with PyTorch 2.3.1. There are no new features added.

TorchVision 0.18 Release

BC-Breaking changes

[datasets] gdown is now a required dependency for downloading datasets that are on Google Drive. This change was actually introduced in 0.17.1 (repeated here for visibility) (#8237) [datasets] The StanfordCars dataset isn’t available for download anymore. Please follow these instructions to manually download it (#8309, #8324) [transforms] to_grayscale and corresponding transform now always return 3 channels when num_output_channels=3 (#8229)

Bug Fixes

[datasets] Fix download URL of EMNIST dataset (#8350) [datasets] Fix root path expansion in Kitti dataset (#8164) [models] Fix default momentum value of BatchNorm2d in MaxViT from 0.99 to 0.01 (#8312) [reference scripts] Fix CutMix and MixUp arguments (#8287) [MPS, build] Link essential libraries in cmake (#8230) [build] Fix build with ffmpeg 6.0 (#8096)

New Features

[transforms] New GrayscaleToRgb transform (#8247) [transforms] New JPEG augmentation transform (#8316)

Improvements

[datasets, io] Added pathlib.Path support to datasets and io utilities. (#8196, #8200, #8314, #8321) [datasets] Added allow_empty parameter to ImageFolder and related utils to support empty classes during image discovery (#8311) [datasets] Raise proper error in CocoDetection when a slice is passed (#8227) [io] Added support for EXIF orientation in JPEG and PNG decoders (#8303, #8279, #8342, #8302) [io] Avoiding unnecessary copies on io.VideoReader with pyav backend (#8173) [transforms] Allow SanitizeBoundingBoxes to sanitize more than labels (#8319) [transforms] Add sanitize_bounding_boxes kernel/functional (#8308) [transforms] Make perspective more numerically stable (#8249) [transforms] Allow 2D numpy arrays as inputs for to_image (#8256) [transforms] Speed-up rotate for 90, 180, 270 degrees (#8295) [transforms] Enabled torch compile on affine transform (#8218) [transforms] Avoid some graph breaks in transforms (#8171) [utils] Add float support to draw_keypoints (#8276) [utils] Add visibility parameter to draw_keypoints (#8225) [utils] Add float support to draw_segmentation_masks (#8150) [utils] Better show overlap section of masks in draw_segmentation_masks (#8213) [Docs] Various documentation improvements (#8341, #8332, #8198, #8318, #8202, #8246, #8208, #8231, #8300, #8197) [code quality] Various code quality improvements (#8273, #8335, #8234, #8345, #8334, #8119, #8251, #8329, #8217, #8180, #8105, #8280, #8161, #8313)

Contributors

We're grateful for our community, which helps us improve torchvision by submitting issues and PRs, and providing feedback and suggestions. The following persons have contributed patches for this release:

... (truncated)

Commits

• See full diff in compare view

Updates torchaudio from 2.1.0.post0+cxx11.abi to 2.3.1

Release notes

Sourced from torchaudio's releases.

TorchAudio 2.3.1 Release

This release is compatible with PyTorch 2.3.1 patch release. There are no new features added.

TorchAudio 2.3.0 Release

This release is compatible with PyTorch 2.3.0 patch release. There are no new features added.

This release contains minor documentation and code quality improvements (#3734, #3748, #3757, #3759)

TorchAudio 2.2.2 Release

This release is compatible with PyTorch 2.2.2 patch release. There are no new features added.

TorchAudio 2.2.1 Release

This release is compatible with PyTorch 2.2.1 patch release. There are no new features added.

TorchAudio 2.2.0 Release

New Features

• Add path-like object support to StreamReader/Writer pytorch/audio#3608
• Introduce trio top-level module, dedicated for core I/O operations (pytorch/audio#3676, pytorch/audio#3680, pytorch/audio#3681, pytorch/audio#3682) Please refer to https://pytorch.org/audio/2.2.0/torio.html for the details.

Bug Fixes

• pytorch/audio#3685 Make F.vad return empty tensor for zero valued tensor input

Recipe Updates

• pytorch/audio#3631 Fix inconsistent naming

TorchAudio 2.1.2 Release

This is a patch release, which is compatible with PyTorch 2.1.2. There are no new features added.

v2.1.1

This is a minor release, which is compatible with PyTorch 2.1.1 and includes bug fixes, improvements and documentation updates.

Bug Fixes

• Cherry-pick 2.1.1: Fix WavLM bundles (#3665)
• Cherry-pick 2.1.1: Add back compression level in i/o dispatcher backend by (#3666)

Commits

• See full diff in compare view

Updates intel-extension-for-pytorch from 2.1.20+xpu to 2.3.100+cpu

Updates oneccl-bind-pt from 2.1.200 to 2.3.0+cpu

Updates jupyterlab from 4.3.0a0 to 4.3.0a1

Release notes

Sourced from jupyterlab's releases.

v4.3.0a1

4.3.0a1

(Full Changelog)

New features added

• Notebook minimap in the virtual scrollbar #16432 (@​krassowski)

Enhancements made

• Define ICodeCellModel.executionState, deprecate setPrompt() #16431 (@​krassowski)
• Implement viewport tracking and reactive rendering in scrollbar #16392 (@​krassowski)
• Use lazy loading for HTML/PDF files, and help tabs #16387 (@​hnben)
• Add option to dismiss "Server Connection Error" dialog for the duration of the session #16269 (@​RRosio)

Bugs fixed

• Fix inline completer configure calls not being propagated correctly #16508 (@​krassowski)
• Fix the lines placeholder taking up too much space #16493 (@​krassowski)
• Fix check link CI failure in README (time zone converter site) #16482 (@​afshin)
• Use correct hub restart URL #16471 (@​mahendrapaipuri)
• Fix async function display #16443 (@​sanskriti2005)
• Fix code comments in tilde (~) fences incorrectly shown as headings in TOC #16437 (@​itsmevichu)
• Fix typos in jupyter-collaboration-missing error message #16436 (@​krishanbhasin-px)
• Fix comments in nested markdown code blocks incorrectly being identified as TOC headings #16420 (@​itsmevichu)
• Reactive toolbar computation, again... #16409 (@​brichet)
• Align token usage for events #16397 (@​fcollonval)
• Add the toolbar again when updating the title of PanelWithToolbar #16390 (@​brichet)
• Fix width and margins of the notebook footer. #16383 (@​HaudinFlorence)
• Fix runtime console error in debugger extension #16368 (@​afshin)

Maintenance and upkeep improvements

• Update to Playwright 1.45.0 #16530 (@​jtpio)
• Bump ws from 8.12.0 to 8.17.1 #16495 (@​dependabot)
• Bump braces from 3.0.2 to 3.0.3 #16486 (@​dependabot)
• Ignore empty stdout data when logging in verdaccio #16459 (@​fcollonval)
• Do not install cairo/pango on Mac in CI #16434 (@​krassowski)
• Fix some flaky ui tests #16430 (@​brichet)
• Fix usage check job on CI (add setuptools dependency) #16423 (@​jtpio)
• Bump the pip group with 5 updates #16412 (@​dependabot)
• Bump tj-actions/changed-files from 44.3.0 to 44.5.2 in the actions group #16411 (@​dependabot)
• Fix failing link check (point to JAWS on Wikipedia) #16365 (@​krassowski)

Documentation improvements

• Fix the description for the main inline completer plugin #16526 (@​krassowski)

... (truncated)

Changelog

Sourced from jupyterlab's changelog.

4.3.0a1

(Full Changelog)

New features added

• Notebook minimap in the virtual scrollbar #16432 (@​krassowski)

Enhancements made

• Define ICodeCellModel.executionState, deprecate setPrompt() #16431 (@​krassowski)
• Implement viewport tracking and reactive rendering in scrollbar #16392 (@​krassowski)
• Use lazy loading for HTML/PDF files, and help tabs #16387 (@​hnben)
• Add option to dismiss "Server Connection Error" dialog for the duration of the session #16269 (@​RRosio)

Bugs fixed

• Fix inline completer configure calls not being propagated correctly #16508 (@​krassowski)
• Fix the lines placeholder taking up too much space #16493 (@​krassowski)
• Fix check link CI failure in README (time zone converter site) #16482 (@​afshin)
• Use correct hub restart URL #16471 (@​mahendrapaipuri)
• Fix async function display #16443 (@​sanskriti2005)
• Fix code comments in tilde (~) fences incorrectly shown as headings in TOC #16437 (@​itsmevichu)
• Fix typos in jupyter-collaboration-missing error message #16436 (@​krishanbhasin-px)
• Fix comments in nested markdown code blocks incorrectly being identified as TOC headings #16420 (@​itsmevichu)
• Reactive toolbar computation, again... #16409 (@​brichet)
• Align token usage for events #16397 (@​fcollonval)
• Add the toolbar again when updating the title of PanelWithToolbar #16390 (@​brichet)
• Fix width and margins of the notebook footer. #16383 (@​HaudinFlorence)
• Fix runtime console error in debugger extension #16368 (@​afshin)

Maintenance and upkeep improvements

• Update to Playwright 1.45.0 #16530 (@​jtpio)
• Bump ws from 8.12.0 to 8.17.1 #16495 (@​dependabot)
• Bump braces from 3.0.2 to 3.0.3 #16486 (@​dependabot)
• Ignore empty stdout data when logging in verdaccio #16459 (@​fcollonval)
• Do not install cairo/pango on Mac in CI #16434 (@​krassowski)
• Fix some flaky ui tests #16430 (@​brichet)
• Fix usage check job on CI (add setuptools dependency) #16423 (@​jtpio)
• Bump the pip group with 5 updates #16412 (@​dependabot)
• Bump tj-actions/changed-files from 44.3.0 to 44.5.2 in the actions group #16411 (@​dependabot)
• Fix failing link check (point to JAWS on Wikipedia) #16365 (@​krassowski)

Documentation improvements

• Fix the description for the main inline completer plugin #16526 (@​krassowski)
• Update JupyterLab 3.x maintenance announcement #16506 (@​krassowski)
• Fix check link CI failure in README (time zone converter site) #16482 (@​afshin)
• Fix typo in documentation - spurious single quote prefix #16476 (@​achhina)

... (truncated)

Commits

• 8585fc8 [ci skip] Publish 4.3.0a1
• 133a9e4 Update to Playwright 1.45.0 (#16530)
• a957490 Add option to dismiss "Server Connection Error" dialog for the duration of th...
• 1d3e4ac Notebook minimap in the virtual scrollbar (#16432)
• 362818f Fix the description for the main inline completer plugin (#16526)
• f364345 Implement viewport tracking and reactive rendering in scrollbar (#16392)
• 5d8216d Fix inline completer configure calls not being propagated correctly (#16508)
• c6cd12b Bump ws from 8.12.0 to 8.17.1 (#16495)
• 0e95797 Update JupyterLab 3.x maintenance announcement (#16506)
• 4789392 Fix the lines placeholder taking up too much space (#16493)
• Additional commits viewable in compare view

Updates notebook from 7.3.0a0 to 7.3.0a1

Release notes

Sourced from notebook's releases.

v7.3.0a1

7.3.0a1

(Full Changelog)

Enhancements made

• Update to JupyterLab 4.3.0a1 #7416 (@​jtpio)

Bugs fixed

• Remove pseudoelement obstructing the cell collapser #7392 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio | @​krassowski

Changelog

Sourced from notebook's changelog.

7.3.0a1

(Full Changelog)

Enhancements made

• Update to JupyterLab 4.3.0a1 #7416 (@​jtpio)

Bugs fixed

• Remove pseudoelement obstructing the cell collapser #7392 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio | @​krassowski

Commits

• 53b3820 Publish 7.3.0a1
• ff2b822 Update to JupyterLab 4.3.0a1 (#7416)
• fffe390 Remove pseudoelement obstructing the cell collapser (#7392)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 5 package(s) with unknown licenses.

See the Details below.

License Issues

pytorch/requirements.txt

Package	Version	License	Issue Type
intel_extension_for_pytorch	2.3.100+cpu	Null	Unknown License

pytorch/torchserve-requirements.txt

Package	Version	License	Issue Type
intel_extension_for_pytorch	2.3.100+cpu	Null	Unknown License

pytorch/xpu-requirements.txt

Package	Version	License	Issue Type
intel_extension_for_pytorch	2.3.100+cpu	Null	Unknown License
oneccl_bind_pt	2.3.0+cpu	Null	Unknown License
torch	2.3.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/jupyterlab	4.3.0a1	:green_circle: 5.8	Details Check Score Reason Code-Review :green_circle: 9 Found 23/25 approved changesets -- score normalized to 9 Maintained :green_circle: 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 License :green_circle: 9 license file detected CII-Best-Practices :warning: 2 badge detected: InProgress Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Branch-Protection :warning: -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions SAST :green_circle: 10 SAST tool is run on all commits Binary-Artifacts :green_circle: 10 no binaries found in the repo Security-Policy :green_circle: 10 security policy file detected Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :warning: 2 8 existing vulnerabilities detected
pip/notebook	7.3.0a1	:green_circle: 4.2	Details Check Score Reason Code-Review :warning: 2 Found 8/30 approved changesets -- score normalized to 2 Maintained :green_circle: 10 28 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Branch-Protection :warning: -1 internal error: error during GetBranch(7.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Security-Policy :green_circle: 10 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities :warning: 0 12 existing vulnerabilities detected
pip/jupyterlab	4.3.0a0	:green_circle: 5.8	Details Check Score Reason Code-Review :green_circle: 9 Found 23/25 approved changesets -- score normalized to 9 Maintained :green_circle: 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 License :green_circle: 9 license file detected CII-Best-Practices :warning: 2 badge detected: InProgress Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Branch-Protection :warning: -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions SAST :green_circle: 10 SAST tool is run on all commits Binary-Artifacts :green_circle: 10 no binaries found in the repo Security-Policy :green_circle: 10 security policy file detected Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :warning: 2 8 existing vulnerabilities detected
pip/notebook	7.3.0a0	:green_circle: 4.2	Details Check Score Reason Code-Review :warning: 2 Found 8/30 approved changesets -- score normalized to 2 Maintained :green_circle: 10 28 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Branch-Protection :warning: -1 internal error: error during GetBranch(7.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Security-Policy :green_circle: 10 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities :warning: 0 12 existing vulnerabilities detected
pip/intel_extension_for_pytorch	2.3.100+cpu	Unknown	Unknown
pip/intel_extension_for_pytorch	2.3.0+cpu	Unknown	Unknown
pip/intel_extension_for_pytorch	2.3.100+cpu	Unknown	Unknown
pip/intel_extension_for_pytorch	2.3.0+cpu	Unknown	Unknown
pip/intel_extension_for_pytorch	2.3.100+cpu	Unknown	Unknown
pip/oneccl_bind_pt	2.3.0+cpu	Unknown	Unknown
pip/torch	2.3.1	:green_circle: 6.4	Details Check Score Reason Binary-Artifacts :green_circle: 9 binaries present in source code Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :warning: -1 no pull request found CII-Best-Practices :warning: 0 no badge detected Code-Review :green_circle: 10 all last 30 commits are reviewed through Prow Contributors :green_circle: 10 35 different organizations found -- score normalized to 10 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :warning: 0 no update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :green_circle: 10 30 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging :warning: -1 no published package detected Pinned-Dependencies :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST :warning: 0 no SAST tool detected Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: 0 0 out of 5 artifacts are signed -- score normalized to 0 Token-Permissions :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities :green_circle: 10 no vulnerabilities detected Webhooks :warning: -1 check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check
pip/torchaudio	2.3.1	:green_circle: 5.3	Details Check Score Reason Maintained :green_circle: 5 5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/torchvision	0.18.1	:green_circle: 5.2	Details Check Score Reason Code-Review :green_circle: 5 Found 17/30 approved changesets -- score normalized to 5 Maintained :green_circle: 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 9 binaries present in source code Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0
pip/intel_extension_for_pytorch	2.1.20+xpu	Unknown	Unknown
pip/oneccl_bind_pt	2.1.200	Unknown	Unknown
pip/torch	2.1.0.post0+cxx11.abi	:green_circle: 6.4	Details Check Score Reason Binary-Artifacts :green_circle: 9 binaries present in source code Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :warning: -1 no pull request found CII-Best-Practices :warning: 0 no badge detected Code-Review :green_circle: 10 all last 30 commits are reviewed through Prow Contributors :green_circle: 10 35 different organizations found -- score normalized to 10 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :warning: 0 no update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :green_circle: 10 30 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging :warning: -1 no published package detected Pinned-Dependencies :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST :warning: 0 no SAST tool detected Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: 0 0 out of 5 artifacts are signed -- score normalized to 0 Token-Permissions :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities :green_circle: 10 no vulnerabilities detected Webhooks :warning: -1 check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check
pip/torchaudio	2.1.0.post0+cxx11.abi	:green_circle: 5.3	Details Check Score Reason Maintained :green_circle: 5 5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/torchvision	0.16.0.post0+cxx11.abi	:green_circle: 5.2	Details Check Score Reason Code-Review :green_circle: 5 Found 17/30 approved changesets -- score normalized to 5 Maintained :green_circle: 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 9 binaries present in source code Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

pytorch/jupyter-requirements.txt

• jupyterlab@4.3.0a1
• notebook@7.3.0a1
• jupyterlab@4.3.0a0
• notebook@7.3.0a0

pytorch/requirements.txt

• intel_extension_for_pytorch@2.3.100+cpu
• intel_extension_for_pytorch@2.3.0+cpu

pytorch/torchserve-requirements.txt

• intel_extension_for_pytorch@2.3.100+cpu
• intel_extension_for_pytorch@2.3.0+cpu

pytorch/xpu-requirements.txt

• intel_extension_for_pytorch@2.3.100+cpu
• oneccl_bind_pt@2.3.0+cpu
• torch@2.3.1
• torchaudio@2.3.1
• torchvision@0.18.1
• intel_extension_for_pytorch@2.1.20+xpu
• oneccl_bind_pt@2.1.200
• torch@2.1.0.post0+cxx11.abi
• torchaudio@2.1.0.post0+cxx11.abi
• torchvision@0.16.0.post0+cxx11.abi

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.