Bump the pip group across 3 directories with 5 updates

[dependabot]

Updates the requirements on ray, black, scikit-learn, torch and transformers to permit the latest version.
Updates ray to 2.8.1

Release notes

Sourced from ray's releases.

Ray-2.8.1

Release Highlights

The Ray 2.8.1 patch release contains fixes for the Ray Dashboard.

Additional context can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

Ray Dashboard

🔨 Fixes:

[core][state][log] Cherry pick changes to prevent state API from reading files outside the Ray log directory (#41520) [Dashboard] Migrate Logs page to use state api. (#41474) (#41522)

Commits

• 3546c41 [wheel] revert commit injection (#41550)
• 0853dbf remove py37 from test-wheels script (#41546)
• 9620336 fix mac wheel building (#41536)
• 82a8df1 [Dashboard] Migrate Logs page to use state api. (#41474) (#41522)
• 7459639 [core][state][log] Cherry pick changes to prevent state API from reading file...
• d97943e fix gpu tests on civ2 (#41499)
• 97236f7 fix pipeline issues (#41487)
• 3652b8f ray 2.8.1 version number change
• 9de6897 [ci] Remove tune-sklearn doc dependency (#40721) (#41250)
• 569647a [Doc] Update KubeRay version to 1.0.0 (#40937) (#41100)
• Additional commits viewable in compare view

Updates black from 22.8.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

• 552baf8 Prepare release 24.3.0 (#4279)
• f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
• 7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
• 1abcffc Use regex where we ignore case on windows (#4252)
• 719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
• e5510af update plugin url for Thonny (#4259)
• 6af7d11 Fix AST safety check false negative (#4270)
• f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
• e4bfedb fix: Don't move comments while splitting delimiters (#4248)
• d0287e1 Make trailing comma logic more concise (#4202)
• Additional commits viewable in compare view

Updates scikit-learn to 1.3.2

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.3.2

We're happy to announce the 1.3.2 release.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.3.html#version-1-3-2

This version supports Python versions 3.8 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Commits

• 093e0cf [cd build][azure parallel] trigger CI/CD
• fc24542 TST change random seed to make graphical lasso test pass (#27616)
• 7e3705d DOC move somes fixes from 1.4 to 1.3.2 (#27602)
• e43ad8b MAINT remove prerelease flag for Python 3.12 (#27605)
• b54a13a DOC add version 1.3.2 into landing page (#27604)
• 6d086c2 REL bump to 1.3.2
• 8a3c16c FIX Make decision tree pickles deterministic (#27580)
• 9b977e9 FIX make sure that KernelPCA works with pandas output and arpack solver (#27583)
• d53756e FIX validate properly zero_division=np.nan when used in parallel processing (...
• 1df363c FIX make dataset fetchers accept os.Pathlike for data_home (#27468)
• Additional commits viewable in compare view

Updates torch to 2.2.1

Release notes

Sourced from torch's releases.

PyTorch 2.2.1 Release, bug fix release

This release is meant to fix the following issues (regressions / silent correctness):

• Fix missing OpenMP support on Apple Silicon binaries (pytorch/builder#1697)
• Fix crash when mixing lazy and non-lazy tensors in one operation (pytorch/pytorch#117653)
• Fix PyTorch performance regression on Linux aarch64 (pytorch/builder#1696)
• Fix silent correctness in DTensor _to_copy operation (pytorch/pytorch#116426)
• Fix properly assigning param.grad_fn for next forward (pytorch/pytorch#116792)
• Ensure gradient clear out pending AsyncCollectiveTensor in FSDP Extension (pytorch/pytorch#116122)
• Fix processing unflatten tensor on compute stream in FSDP Extension (pytorch/pytorch#116559)
• Fix FSDP AssertionError on tensor subclass when setting sync_module_states=True (pytorch/pytorch#117336)
• Fix DCP state_dict cannot correctly find FQN when the leaf module is wrapped by FSDP (pytorch/pytorch#115592)
• Fix OOM when when returning a AsyncCollectiveTensor by forcing _gather_state_dict() to be synchronous with respect to the mian stream. (pytorch/pytorch#118197) (pytorch/pytorch#119716)
• Fix Windows runtime torch.distributed.DistNetworkError: [WinError 32] The process cannot access the file because it is being used by another process (pytorch/pytorch#118860)
• Update supported python versions in package description (pytorch/pytorch#119743)
• Fix SIGILL crash during import torch on CPUs that do not support SSE4.1 (pytorch/pytorch#116623)
• Fix DCP RuntimeError in get_state_dict and set_state_dict (pytorch/pytorch#119573)
• Fixes for HSDP + TP integration with device_mesh (pytorch/pytorch#112435) (pytorch/pytorch#118620) (pytorch/pytorch#119064) (pytorch/pytorch#118638) (pytorch/pytorch#119481)
• Fix numerical error with mixedmm on NVIDIA V100 (pytorch/pytorch#118591)
• Fix RuntimeError when using SymInt input invariant when splitting graphs (pytorch/pytorch#117406)
• Fix compile DTensor.from_local in trace_rule_look up (pytorch/pytorch#119659)
• Improve torch.compile integration with CUDA-11.8 binaries (pytorch/pytorch#119750)

Release tracker pytorch/pytorch#119295 contains all relevant pull requests related to this release as well as links to related issues.

Changelog

Sourced from torch's changelog.

Releasing PyTorch

• Release Compatibility Matrix
• Release Cadence
• General Overview
  • Frequently Asked Questions
• Cutting a release branch preparations
• Cutting release branches
  • pytorch/pytorch
  • pytorch/builder / PyTorch domain libraries
  • Making release branch specific changes for PyTorch
  • Making release branch specific changes for domain libraries
• Running Launch Execution team Core XFN sync
• Drafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries
  • Release Candidate Storage
  • Release Candidate health validation
  • Cherry Picking Fixes
    • How to do Cherry Picking
  • Cherry Picking Reverts
• Preparing and Creating Final Release candidate
• Promoting RCs to Stable
• Additional Steps to prepare for release day
  • Modify release matrix
  • Open Google Colab issue
• Patch Releases
  • Patch Release Criteria
  • Patch Release Process
    • Patch Release Process Description
    • Triage
    • Issue Tracker for Patch releases
    • Building a release schedule / cherry picking
    • Building Binaries / Promotion to Stable
• Hardware / Software Support in Binary Build Matrix
  • Python
    • TL;DR
  • Accelerator Software
    • Special support cases
• Submitting Tutorials
• Special Topics
  • Updating submodules for a release
  • Triton dependency for the release

Release Compatibility Matrix

Following is the Release Compatibility Matrix for PyTorch releases:

... (truncated)

Commits

• 6c8c5ad [RelEng] Define BUILD_BUNDLE_PTXAS (#119750) (#119988)
• f00f0ab fix compile DTensor.from_local in trace_rule_look up (#119659) (#119941)
• 077791b Revert "Update state_dict.py to propagate cpu offload (#117453)" (#119995)
• 3eaaeeb Update state_dict.py to propagate cpu offload (#117453) (#119916)
• 0aa3fd3 HSDP + TP integration bug fixes (#119819)
• eef51a6 [Inductor] Skip triton templates for mixedmm on SM70- (#118591) (#119894)
• 940358f [dtensor] fix dtensor _to_copy op for mix precision (#116426) (#119687)
• 24e4751 [state_dict] Calls wait() for the DTensor to_local() result (#118197) (#119692)
• dcaeed3 [DCP][state_dict] Fix the issue that get_state_dict/set_state_dict ig… (#119807)
• 4f882a5 Properly preserve SymInt input invariant when splitting graphs (#117406) (#11...
• Additional commits viewable in compare view

Updates scikit-learn to 1.3.2

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.3.2

We're happy to announce the 1.3.2 release.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.3.html#version-1-3-2

This version supports Python versions 3.8 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Commits

• 093e0cf [cd build][azure parallel] trigger CI/CD
• fc24542 TST change random seed to make graphical lasso test pass (#27616)
• 7e3705d DOC move somes fixes from 1.4 to 1.3.2 (#27602)
• e43ad8b MAINT remove prerelease flag for Python 3.12 (#27605)
• b54a13a DOC add version 1.3.2 into landing page (#27604)
• 6d086c2 REL bump to 1.3.2
• 8a3c16c FIX Make decision tree pickles deterministic (#27580)
• 9b977e9 FIX make sure that KernelPCA works with pandas output and arpack solver (#27583)
• d53756e FIX validate properly zero_division=np.nan when used in parallel processing (...
• 1df363c FIX make dataset fetchers accept os.Pathlike for data_home (#27468)
• Additional commits viewable in compare view

Updates transformers to 4.12.2

Release notes

Sourced from transformers's releases.

v4.12.2: Patch release

Fixes an issue with the image segmentation pipeline and PyTorch's inference mode.

Commits

• 2191373 Release: v4.12.2
• cde7d78 Fixing image segmentation with inference mode. (#14204)
• e0a5154 Release v4.12.1
• 9f3f335 Torch 1.10 (#14169)
• 62bf536 Release v4.12.0
• 5f3bf65 Fix EncoderDecoderModel docs (#14197)
• ac12a5a Fix EncoderDecoderModel classes to be more like BART and T5 (#14139)
• 1251072 Fix SEW-D implementation differences (#14191)
• 78b6a2e Add audio-classification benchmarking results (#14192)
• 1dc96a7 Add SegFormer (#14019)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.