Bump the pip group across 2 directories with 11 updates

[dependabot]

Bumps the pip group with 11 updates in the / directory:

Package	From	To
dash	2.3.1	2.15.0
eventlet	0.30.2	0.35.2
flask	2.1.1	2.2.5
flask-cors	3.0.10	4.0.1
numpy	1.21.5	1.22.0
setuptools	61.2.0	65.5.1
torch	1.9.0	1.13.1
tqdm	4.64.0	4.66.3
transformers	4.21.0	4.38.0
werkzeug	2.1.1	3.0.3
gevent	22.10.2	23.9.0

Bumps the pip group with 4 updates in the /external_apps/webex_bot directory: numpy, torch, tqdm and transformers.

Updates dash from 2.3.1 to 2.15.0

Release notes

Sourced from dash's releases.

Dash v2.15.0

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

Dash v2.14.2

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

Dash v2.14.1

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

Dash v2.14.0

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

Dash v2.13.0

Changed

• #2610 Load plotly.js bundle/version from plotly.py

... (truncated)

Changelog

Sourced from dash's changelog.

[2.15.0] - 2024-01-31

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

[2.14.2] - 2023-11-27

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

[2.14.1] - 2023-10-26

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

[2.14.0] - 2023-10-11

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

... (truncated)

Commits

• 115aa4e Merge pull request #2739 from plotly/master-2.15.0
• 9243f93 build
• 83c5422 Version 2.15.0 build artifacts
• 78d07c4 Merge branch 'dev' into master-2.15.0
• 6a8da52 Merge pull request #2737 from plotly/version-2.15.0
• 7cb6f07 build
• da4261e Fix changelog.
• 27751a8 Version 2.15.0
• 49ac14f Merge pull request #2723 from plotly/slider-tips
• 06fb03a docstring typos
• Additional commits viewable in compare view

Updates eventlet from 0.30.2 to 0.35.2

Changelog

Sourced from eventlet's changelog.

0.35.2

• [fix] Fix tool.setuptools/packages list eventlet/eventlet#921
• [security] Dnspython 2.6.1 - Address DoS via the Tudoor mechanism (CVE-2023-29483) eventlet/eventlet#916
• [doc] add asyncio into the doc hub page eventlet/eventlet#918
• [clean] clean obsolete python 2 code from the ssl module eventlet/eventlet#915
• [fix] Add get_server_info to db_pool.py eventlet/eventlet#324
• [fix] wsgi: Handle Timeouts from applications eventlet/eventlet#911
• [fix] shrinks window before connecting eventlet/eventlet#905

0.35.1

• [fix] Do not allow failed patching to stop execution eventlet/eventlet#907

0.35.0

• [doc] Basic documentation for asyncio migration eventlet/eventlet#892
• [tests] add minimal linting eventlet/eventlet#894
• [doc] officially host docs on readthedocs eventlet/eventlet#899
• [fix] fix truncate size nullable eventlet/eventlet#789
• [fix] Handle transport endpoint shutdown in conditions eventlet/eventlet#884
• [fix] Rework reject_bad_requests option eventlet/eventlet#890
• [fix] Fix NameError introduced by #826 eventlet/eventlet#890
• [feature] Support awaiting GreenThread in an async def context eventlet/eventlet#889
• [infra] Extend test cert to 2049 eventlet/eventlet#643
• [feature] Asyncio hub support for Python 3.7 to 3.9 eventlet/eventlet#886
• [infra] Modernize doc generation eventlet/eventlet#880
• [fix] Fix bad exceptions handlings eventlet/eventlet#883
• [feature] Support using asyncio coroutines from inside greenlets eventlet/eventlet#877
• [removal] Remove deprecated CGIHTTPServer and SimpleHTTPServer eventlet/eventlet#881
• [governance] Update maintenance goals eventlet/eventlet#850
• [feature] Add an asyncio hub for eventlet eventlet/eventlet#870

0.34.3

• Fix security issue in the wsgi module related to RFC 9112 eventlet/eventlet#826
• Fix segfault, a new approach for greening existing locks eventlet/eventlet#866
• greendns: fix getaddrinfo parameter name eventlet/eventlet#809
• Fix deprecation warning on ssl.PROTOCOL_TLS eventlet/eventlet#872
• Pytests, fix error at teardown of TestGreenSocket.test_full_duplex eventlet/eventlet#871
• Skip test which uses Py cgi module eventlet/eventlet#865
• Drop old code based on python < 3.7

0.34.2

... (truncated)

Commits

• edd9e7e Update changelog for version 0.35.2 (#920)
• a23fd0e Fix tool.setuptools/packages list (#921)
• 51e3c49 Dnspython 2.6.1 - Address DoS via the Tudoor mechanism (CVE-2023-29483)
• b6f6e7c add asyncio into the doc hub page (#918)
• 96a3940 clean obsolete python 2 code from the ssl module (#915)
• 06ec630 Add get_server_info to db_pool.py (#324)
• dfcc939 wsgi: Handle Timeouts from applications (#911)
• 799dabc [Fix] shrinks window before connecting (#905)
• 3f8c9e4 Do not allow failed patching to stop execution (#907)
• d467343 Add Python 3.7 to pyproject classifiers (#904)
• Additional commits viewable in compare view

Updates flask from 2.1.1 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

• Security advisory: GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5
• Milestone: https://github.com/pallets/flask/milestone/30?closed=1

2.2.4

This is a fix release for the 2.2.x release branch.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4
• Milestone: https://github.com/pallets/flask/milestone/27?closed=1

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/flask/milestone/26?closed=1

2.2.2

This is a fix release for the 2.2.0 feature release.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
• Milestone: https://github.com/pallets/flask/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
• Milestone: https://github.com/pallets/flask/milestone/23?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
• Milestone: https://github.com/pallets/flask/milestone/19?closed=1

2.1.3

• Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-3
• Milestone: https://github.com/pallets/flask/milestone/22?closed=1

2.1.2

This is a fix release for the 2.1.0 feature release.

• Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-2
• Milestone: https://github.com/pallets/flask/milestone/21?closed=1

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

• Update for compatibility with Werkzeug 2.3.3.
• Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

• Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

• Autoescape is enabled by default for .svg template files. :issue:4831
• Fix the type of template_folder to accept pathlib.Path. :issue:4892
• Add --debug option to the flask run command. :issue:4777

Version 2.2.2

Released 2022-08-08

• Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754
• Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

Version 2.2.1

Released 2022-08-03

• Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

Version 2.2.0

... (truncated)

Commits

• 47af817 release version 2.2.5
• afd63b1 Merge pull request #5109 from pallets/backport-vary-cookie
• 8646edc set Vary: Cookie header consistently for session
• a6367da Merge pull request #5108 from pallets/werkzeug-compat
• 3fbfbad werkzeug 2.3.3 compatibility
• 726d3f4 start version 2.2.5
• ddc7acc Merge pull request #5081 from pallets/release-2.2.4
• 74e0329 release version 2.2.4
• 2d46068 update dev env
• 64bc458 update dev dependencies
• Additional commits viewable in compare view

Updates flask-cors from 3.0.10 to 4.0.1

Release notes

Sourced from flask-cors's releases.

4.0.1

What's Changed

• Fix Read the Docs builds by @​kurtmckee in corydolphin/flask-cors#345
• Update extension.py to clean request.path before logging it by @​aneshujevic in corydolphin/flask-cors#351
• Update CI to include Python 3.12 and flask 3.0.3 by @​corydolphin in corydolphin/flask-cors#354
• Release 4.0.1 by @​corydolphin in corydolphin/flask-cors#353

New Contributors

• @​kurtmckee made their first contribution in corydolphin/flask-cors#345
• @​aneshujevic made their first contribution in corydolphin/flask-cors#351

Full Changelog: corydolphin/flask-cors@4.0.0...4.0.1

Release 4.0.0

What's Changed

• Remove support for Python versions older than 3.8 by @​WAKayser in corydolphin/flask-cors#330
• Add GHA tooling by @​corydolphin in corydolphin/flask-cors#331

New Contributors

• @​WAKayser made their first contribution in corydolphin/flask-cors#330

Full Changelog: corydolphin/flask-cors@3.1.01...v4.0.0

3.1.01

What's Changed

• Include examples to specify that schema and port must be included in … by @​YPCrumble in corydolphin/flask-cors#294
• two small changes to the documentation, based on issue #290 by @​bbbart in corydolphin/flask-cors#291
• Fix typo by @​sunarch in corydolphin/flask-cors#304
• FIX: typo in CSRF by @​sattamjh in corydolphin/flask-cors#315
• Test against recent Python versions by @​pylipp in corydolphin/flask-cors#314
• Correct spelling mistakes by @​EdwardBetts in corydolphin/flask-cors#311
• 'Access-Control-Allow-Private-Network = true' header for http response by @​chelo-kjml in corydolphin/flask-cors#318
• docs: Fix a few typos by @​timgates42 in corydolphin/flask-cors#323
• [Docs] Fix typo in configuration documentation by @​sachit-shroff in corydolphin/flask-cors#316
• Release Version 3.1.01 by @​corydolphin in corydolphin/flask-cors#329

New Contributors

• @​YPCrumble made their first contribution in corydolphin/flask-cors#294
• @​sunarch made their first contribution in corydolphin/flask-cors#304
• @​sattamjh made their first contribution in corydolphin/flask-cors#315
• @​pylipp made their first contribution in corydolphin/flask-cors#314
• @​EdwardBetts made their first contribution in corydolphin/flask-cors#311
• @​chelo-kjml made their first contribution in corydolphin/flask-cors#318
• @​sachit-shroff made their first contribution in corydolphin/flask-cors#316

Full Changelog: corydolphin/flask-cors@3.0.10...3.1.01

Changelog

Sourced from flask-cors's changelog.

4.0.1

Security

• Address CVE-2024-1681 which is a log injection vulnerability when the log level is set to debug by @​aneshujevic in corydolphin/flask-cors#351

4.0.0

• Remove support for Python versions older than 3.8 by @​WAKayser in corydolphin/flask-cors#330
• Add GHA tooling by @​corydolphin in corydolphin/flask-cors#331

3.1.01

• Include examples to specify that schema and port must be included in … by @​YPCrumble in corydolphin/flask-cors#294
• two small changes to the documentation, based on issue #290 by @​bbbart in corydolphin/flask-cors#291
• Fix typo by @​sunarch in corydolphin/flask-cors#304
• FIX: typo in CSRF by @​sattamjh in corydolphin/flask-cors#315
• Test against recent Python versions by @​pylipp in corydolphin/flask-cors#314
• Correct spelling mistakes by @​EdwardBetts in corydolphin/flask-cors#311
• 'Access-Control-Allow-Private-Network = true' header for http response by @​chelo-kjml in corydolphin/flask-cors#318
• docs: Fix a few typos by @​timgates42 in corydolphin/flask-cors#323
• [Docs] Fix typo in configuration documentation by @​sachit-shroff in corydolphin/flask-cors#316

Commits

• 1df178c Release 0.4.1 (#353)
• 5090b4a Update CI to include Python 3.12 and flask 3.0.3 (#354)
• 6172c20 Update extension.py to clean request.path before logging it (#351)
• cadade9 Fix Read the Docs builds (#345)
• 40acc80 Update CHANGELOG to reflect 4.0.0 release (#335)
• dbabb27 Testing: Move from deprecated assertEquals to assertEqual (#332)
• 0b74401 Convert CI to use GHA (#331)
• 637595d Remove support for old python versions (#330)
• c9c55e1 Release Version 3.1.01 (#329)
• 98aca1a Fix typo (#316)
• Additional commits viewable in compare view

Updates numpy from 1.21.5 to 1.22.0

Release notes

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

• Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
• A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
• NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
• New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
• A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits

• 4adc87d Merge pull request #20685 from charris/prepare-for-1.22.0-release
• fd66547 REL: Prepare for the NumPy 1.22.0 release.
• 125304b wip
• c283859 Merge pull request #20682 from charris/backport-20416
• 5399c03 Merge pull request #20681 from charris/backport-20954
• f9c45f8 Merge pull request #20680 from charris/backport-20663
• 794b36f Update armccompiler.py
• d93b14e Update test_public_api.py
• 7662c07 Update init.py
• 311ab52 Update armccompiler.py
• Additional commits viewable in compare view

Updates setuptools from 61.2.0 to 65.5.1

Release notes

Sourced from setuptools's releases.

v65.5.1

No release notes provided.

v65.5.0

No release notes provided.

v65.4.1

No release notes provided.

v65.4.0

No release notes provided.

v65.3.0

No release notes provided.

v65.2.0

No release notes provided.

v65.1.1

No release notes provided.

v65.1.0

No release notes provided.

v65.0.2

No release notes provided.

v65.0.1

No release notes provided.

v65.0.0

No release notes provided.

v64.0.3

No release notes provided.

v64.0.2

No release notes provided.

v64.0.1

No release notes provided.

v64.0.0

No release notes provided.

v63.4.3

No release notes provided.

v63.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from setuptools's changelog.

v65.5.1

Misc

• #3638: Drop a test dependency on the mock package, always use :external+python:py:mod:unittest.mock -- by :user:hroncok
• #3659: Fixed REDoS vector in package_index -- by :user:SCH227

v65.5.0

Changes

• #3624: Fixed editable install for multi-module/no-package src-layout projects.
• #3626: Minor refactorings to support distutils using stdlib logging module.

Documentation changes

• #3419: Updated the example version numbers to be compliant with PEP-440 on the "Specifying Your Project’s Version" page of the user guide.

Misc

• #3569: Improved information about conflicting entries in the current working directory and editable install (in documentation and as an informational warning).
• #3576: Updated version of validate_pyproject.

v65.4.1

Misc

• #3613: Fixed encoding errors in expand.StaticModule when system default encoding doesn't match expectations for source files.
• #3617: Merge with pypa/distutils@6852b20 including fix for pypa/distutils#181.

v65.4.0

Changes

• #3609: Merge with pypa/distutils@d82d926 including support for DIST_EXTRA_CONFIG in pypa/distutils#177.

v65.3.0

... (truncated)

Commits

• a462cb5 Bump version: 65.5.0 → 65.5.1
• de35d8b Merge pull request #3656 from bmorris3/typos
• 58e23de Update changelog. Ref #3659.
• 43a9c9b Limit the amount of whitespace to search/backtrack. Fixes #3659.
• 5791343 Add test capturing failed expectation. Ref #3659.
• 1f97905 ⚫ Fade to black.
• 6254567 Remove workaround for emacs.
• 729b180 ⚫ Fade to black.
• c068081 Typo corrections
• f777a40 Suppress deprecation warning in --rsyncdir. Workaround for #3655.
• Additional commits viewable in compare view

Updates torch from 1.9.0 to 1.13.1

Release notes

Sourced from torch's releases.

PyTorch 1.13.1 Release, small bug fix release

This release is meant to fix the following issues (regressions / silent correctness):

• RuntimeError by torch.nn.modules.activation.MultiheadAttention with bias=False and batch_first=True #88669
• Installation via pip on Amazon Linux 2, regression #88869
• Installation using poetry on Mac M1, failure #88049
• Missing masked tensor documentation #89734
• torch.jit.annotations.parse_type_line is not safe (command injection) #88868
• Use the Python frame safely in _pythonCallstack #88993
• Double-backward with full_backward_hook causes RuntimeError #88312
• Fix logical error in get_default_qat_qconfig #88876
• Fix cuda/cpu check on NoneType and unit test #88854 and #88970
• Onnx ATen Fallback for BUILD_CAFFE2=0 for ONNX-only ops #88504
• Onnx operator_export_type on the new registry #87735
• torchrun AttributeError caused by file_based_local_timer on Windows #85427

The release tracker should contain all relevant pull requests related to this release as well as links to related issues

PyTorch 1.13: beta versions of functorch and improved support for Apple’s new M1 chips are now available

Pytorch 1.13 Release Notes

• Highlights
• Backwards Incompatible Changes
• New Features
• Improvements
• Performance
• Documentation
• Developers

Highlights

We are excited to announce the release of PyTorch 1.13! This includes stable versions of BetterTransformer. We deprecated CUDA 10.2 and 11.3 and completed migration of CUDA 11.6 and 11.7. Beta includes improved support for Apple M1 chips and functorch, a library that offers composable vmap (vectorization) and autodiff transforms, being included in-tree with the PyTorch release. This release is composed of over 3,749 commits and 467 contributors since 1.12.1. We want to sincerely thank our dedicated community for your contributions.

Summary:

• The BetterTransformer feature set supports fastpath execution for common Transformer models during Inference out-of-the-box, without the need to modify the model. Additional improvements include accelerated add+matmul linear algebra kernels for sizes commonly used in Transformer models and Nested Tensors is now enabled by default.

• Timely deprecating older CUDA versions allows us to proceed with introducing the latest CUDA version as they are introduced by Nvidia®, and hence allows support for C++17 in PyTorch and new NVIDIA Open GPU Kernel Modules.

• Previously, functorch was released out-of-tree in a separate package. After installing PyTorch, a user will be able to import functorch and use functorch without needing to install another package.

• PyTorch is offering native builds for Apple® silicon machines that use Apple's new M1 chip as a beta feature, providing improved support across PyTorch's APIs.

Stable	Beta	Prototype
Better TransformerCUDA 10.2 and 11.3 CI/CD Deprecation	Enable Intel® VTune™ Profiler's Instrumentation and Tracing Technology APIsExtend NNC to support channels last and bf16Functorch now in PyTorch Core LibraryBeta Support for M1 devices	Arm® Compute Library backend support for AWS Graviton CUDA Sanitizer

You can check the blogpost that shows the new features here.

Backwards Incompatible changes

... (truncated)

Changelog

Sourced from torch's changelog.

Releasing PyTorch

• Release Compatibility Matrix
• Release Cadence
• General Overview
  • Frequently Asked Questions
• Cutting a release branch preparations
• Cutting release branches
  • pytorch/pytorch
  • pytorch/builder / PyTorch domain libraries
  • Making release branch specific changes for PyTorch
  • Making release branch specific changes for domain libraries
• Running Launch Execution team Core XFN sync
• Drafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries
  • Release Candidate Storage
  • Release Candidate health validation
  • Cherry Picking Fixes
    • How to do Cherry Picking
  • Cherry Picking Reverts
• Preparing and Creating Final Release candidate
• Promoting RCs to Stable
• Additional Steps to prepare for release day
  • Modify release matrix
  • Open Google Colab issue
• Patch Releases
  • Patch Release Criteria
  • Patch Release Process
    • Patch Release Process Description
    • Triage
    • Issue Tracker for Patch releases
    • Building a release schedule / cherry picking
    • Building Binaries / Promotion to Stable
• Hardware / Software Support in Binary Build Matrix
  • Python
    • TL;DR
  • Accelerator Software
    • Special support cases
• Submitting Tutorials
• Special Topics
  • Updating submodules for a release
  • Triton dependency for the release

Release Compatibility Matrix

Following is the Release Compatibility Matrix for PyTorch releases:

... (truncated)

Commits

• 49444c3 [BE] Do not package caffe2 in wheel (#87986) (#90433)
• 56de8a3 Add manual cuda deps search logic (#90411) (#90426)
• a4d16e0 Fix ATen Fallback for BUILD_CAFFE2=0 for ONNX-only ops (#88504) (#90104)
• 80abad3 Handle Tensor.deepcopy via clone(), on IPU (#89129) (#89999)
• 73a852a [Release only change] Fix rocm5.1.1 docker image (#90321)
• 029ec16 Add platform markers for linux only extra_install_requires (#88826) (#89924)
• 197c5c0 Fix cuda/cpu check on NoneType (#88854) (#90068)
• aadbeb7 Make TorchElastic timer importable on Windows (#88522) (#90045)
• aa94433 Mark IPU device as not supports_as_strided (#89130) (#89998)
• 59b4f3b Use the Python frame safely in _pythonCallstack (#89997)
• Additional commits viewable in compare view

Updates tqdm from 4.64.0 to 4.66.3

Release notes

Sourced from tqdm's releases.

tqdm v4.66.3 stable

• cli: eval safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)

tqdm v4.66.2 stable

• pandas: add DataFrame.progress_map (#1549)
• notebook: fix HTML padding (#1506)
• keras: fix resuming training when verbose>=2 (#1508)
• fix format_num negative fractions missing leading zero (#1548)
• fix Python 3.12 DeprecationWarning on import (#1519)
• linting: use f-strings (#1549)
• update tests (#1549)
  • fix pandas warnings
  • fix asv (airspeed-velocity/asv#1323)
  • fix macos notebook docstring indentation
• CI: bump actions (#1549)

tqdm v4.66.1 stable

...

Description has been truncated