From ae469aff893b4275292b30fc3f1abe7180014086 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 17:47:19 +0000 Subject: [PATCH 01/14] Bump transformers in /sagemaker-script-mode/pytorch_bert/code Bumps [transformers](https://github.com/huggingface/transformers) from 3.3.1 to 4.48.0. - [Release notes](https://github.com/huggingface/transformers/releases) - [Commits](https://github.com/huggingface/transformers/compare/v3.3.1...v4.48.0) --- updated-dependencies: - dependency-name: transformers dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- sagemaker-script-mode/pytorch_bert/code/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sagemaker-script-mode/pytorch_bert/code/requirements.txt b/sagemaker-script-mode/pytorch_bert/code/requirements.txt index da4fe8a0bf..8852cd1777 100644 --- a/sagemaker-script-mode/pytorch_bert/code/requirements.txt +++ b/sagemaker-script-mode/pytorch_bert/code/requirements.txt @@ -1 +1 @@ -transformers==3.3.1 \ No newline at end of file +transformers==4.48.0 \ No newline at end of file From 2878c55fc9b83fa3c78fb852ee78f5f1502328ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 12:05:36 -0700 Subject: [PATCH 02/14] Bump pytorch-lightning (#2) Bumps [pytorch-lightning](https://github.com/Lightning-AI/lightning) from 1.0.2 to 2.4.0. - [Release notes](https://github.com/Lightning-AI/lightning/releases) - [Commits](https://github.com/Lightning-AI/lightning/compare/1.0.2...2.4.0) --- updated-dependencies: - dependency-name: pytorch-lightning dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .../relationship_extraction/requirements.in | 2 +- .../relationship_extraction/requirements.txt | 61 +++++++++++++++++-- 2 files changed, 57 insertions(+), 6 deletions(-) diff --git a/introduction_to_applying_machine_learning/identify_key_insights_from_textual_document/containers/relationship_extraction/requirements.in b/introduction_to_applying_machine_learning/identify_key_insights_from_textual_document/containers/relationship_extraction/requirements.in index 16eaa8f58c..3ed331fc98 100644 --- a/introduction_to_applying_machine_learning/identify_key_insights_from_textual_document/containers/relationship_extraction/requirements.in +++ b/introduction_to_applying_machine_learning/identify_key_insights_from_textual_document/containers/relationship_extraction/requirements.in @@ -1,4 +1,4 @@ boto3 transformers -pytorch_lightning==1.0.2 +pytorch_lightning==2.4.0 sentencepiece \ No newline at end of file diff --git a/introduction_to_applying_machine_learning/identify_key_insights_from_textual_document/containers/relationship_extraction/requirements.txt b/introduction_to_applying_machine_learning/identify_key_insights_from_textual_document/containers/relationship_extraction/requirements.txt index b6b809ad9f..f83c5a20f0 100644 --- a/introduction_to_applying_machine_learning/identify_key_insights_from_textual_document/containers/relationship_extraction/requirements.txt +++ b/introduction_to_applying_machine_learning/identify_key_insights_from_textual_document/containers/relationship_extraction/requirements.txt @@ -1,5 +1,56 @@ -boto3 -transformers -pytorch_lightning==1.0.2 -sentencepiece -protobuf==3.20.0 \ No newline at end of file +aiohappyeyeballs==2.6.1 +aiohttp==3.11.14 +aiosignal==1.3.2 +async-timeout==5.0.1 +attrs==25.3.0 +boto3==1.37.18 +botocore==1.37.18 +certifi==2025.1.31 +charset-normalizer==3.4.1 +filelock==3.18.0 +frozenlist==1.5.0 +fsspec[http]==2025.3.0 +huggingface-hub==0.29.3 +idna==3.10 +jinja2==3.1.6 +jmespath==1.0.1 +lightning-utilities==0.14.2 +markupsafe==3.0.2 +mpmath==1.3.0 +multidict==6.2.0 +networkx==3.2.1 +numpy==2.0.2 +nvidia-cublas-cu12==12.4.5.8 +nvidia-cuda-cupti-cu12==12.4.127 +nvidia-cuda-nvrtc-cu12==12.4.127 +nvidia-cuda-runtime-cu12==12.4.127 +nvidia-cudnn-cu12==9.1.0.70 +nvidia-cufft-cu12==11.2.1.3 +nvidia-curand-cu12==10.3.5.147 +nvidia-cusolver-cu12==11.6.1.9 +nvidia-cusparse-cu12==12.3.1.170 +nvidia-cusparselt-cu12==0.6.2 +nvidia-nccl-cu12==2.21.5 +nvidia-nvjitlink-cu12==12.4.127 +nvidia-nvtx-cu12==12.4.127 +packaging==24.2 +propcache==0.3.0 +python-dateutil==2.9.0.post0 +pytorch-lightning==2.4.0 +pyyaml==6.0.2 +regex==2024.11.6 +requests==2.32.3 +s3transfer==0.11.4 +safetensors==0.5.3 +sentencepiece==0.2.0 +six==1.17.0 +sympy==1.13.1 +tokenizers==0.21.1 +torch==2.6.0 +torchmetrics==1.7.0 +tqdm==4.67.1 +transformers==4.50.0 +triton==3.2.0 +typing-extensions==4.12.2 +urllib3==1.26.20 +yarl==1.18.3 From f0a7840ecbc6fd613399d011204c5b350986cced Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 22:52:47 +0000 Subject: [PATCH 03/14] Bump torch from 1.13.1 to 2.4.0 in /aws_sagemaker_studio/streamlit_demo Bumps [torch](https://github.com/pytorch/pytorch) from 1.13.1 to 2.4.0. - [Release notes](https://github.com/pytorch/pytorch/releases) - [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md) - [Commits](https://github.com/pytorch/pytorch/compare/v1.13.1...v2.4.0) --- updated-dependencies: - dependency-name: torch dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- aws_sagemaker_studio/streamlit_demo/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws_sagemaker_studio/streamlit_demo/requirements.txt b/aws_sagemaker_studio/streamlit_demo/requirements.txt index f7c4152393..b66c3e9c9c 100644 --- a/aws_sagemaker_studio/streamlit_demo/requirements.txt +++ b/aws_sagemaker_studio/streamlit_demo/requirements.txt @@ -2,5 +2,5 @@ boto3==1.26.73 pandas==1.5.3 Pillow==9.4.0 streamlit==1.20.0 -torch==1.13.1 +torch==2.4.0 torchvision==0.14.1 From 6c6a0e897dcbf29be725049eb86ca9339d69151f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 19:06:20 +0000 Subject: [PATCH 04/14] Bump transformers in /sagemaker-python-sdk/pytorch_batch_inference/code Bumps [transformers](https://github.com/huggingface/transformers) from 4.6.0 to 4.48.0. - [Release notes](https://github.com/huggingface/transformers/releases) - [Commits](https://github.com/huggingface/transformers/compare/v4.6.0...v4.48.0) --- updated-dependencies: - dependency-name: transformers dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../pytorch_batch_inference/code/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sagemaker-python-sdk/pytorch_batch_inference/code/requirements.txt b/sagemaker-python-sdk/pytorch_batch_inference/code/requirements.txt index d02c022582..0347135464 100644 --- a/sagemaker-python-sdk/pytorch_batch_inference/code/requirements.txt +++ b/sagemaker-python-sdk/pytorch_batch_inference/code/requirements.txt @@ -1 +1 @@ -transformers==4.6.0 +transformers==4.48.0 From b72ddfaff2bb6ac86dae94fa2acce9fbd196c832 Mon Sep 17 00:00:00 2001 From: Chris Petrov Date: Fri, 28 Mar 2025 12:07:19 -0700 Subject: [PATCH 05/14] Create SECURITY.md --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..034e848032 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From 9f7733127c802d5760b8f88a2f107547fd0e3929 Mon Sep 17 00:00:00 2001 From: Chris Petrov Date: Fri, 28 Mar 2025 12:09:32 -0700 Subject: [PATCH 06/14] Create docker-image.yml --- .github/workflows/docker-image.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/docker-image.yml diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml new file mode 100644 index 0000000000..3f53646d13 --- /dev/null +++ b/.github/workflows/docker-image.yml @@ -0,0 +1,18 @@ +name: Docker Image CI + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +jobs: + + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Build the Docker image + run: docker build . --file Dockerfile --tag my-image-name:$(date +%s) From 3ce627719172de7811bb2fc9a75768414c940a81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 22 Mar 2025 00:03:53 +0000 Subject: [PATCH 07/14] Bump sagemaker Bumps [sagemaker](https://github.com/aws/sagemaker-python-sdk) from 1.72.0 to 2.237.3. - [Release notes](https://github.com/aws/sagemaker-python-sdk/releases) - [Changelog](https://github.com/aws/sagemaker-python-sdk/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/sagemaker-python-sdk/compare/v1.72.0...v2.237.3) --- updated-dependencies: - dependency-name: sagemaker dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../requirements.in | 2 +- .../requirements.txt | 68 ++++++++++++++++++- 2 files changed, 67 insertions(+), 3 deletions(-) diff --git a/introduction_to_applying_machine_learning/fraud_detection_using_graph_neural_networks/sagemaker_graph_fraud_detection/requirements.in b/introduction_to_applying_machine_learning/fraud_detection_using_graph_neural_networks/sagemaker_graph_fraud_detection/requirements.in index 7ad7253acf..1c7712141b 100644 --- a/introduction_to_applying_machine_learning/fraud_detection_using_graph_neural_networks/sagemaker_graph_fraud_detection/requirements.in +++ b/introduction_to_applying_machine_learning/fraud_detection_using_graph_neural_networks/sagemaker_graph_fraud_detection/requirements.in @@ -1,3 +1,3 @@ -sagemaker==1.72.0 +sagemaker==2.237.3 awscli watchtower==1.0.0 diff --git a/introduction_to_applying_machine_learning/fraud_detection_using_graph_neural_networks/sagemaker_graph_fraud_detection/requirements.txt b/introduction_to_applying_machine_learning/fraud_detection_using_graph_neural_networks/sagemaker_graph_fraud_detection/requirements.txt index fd09f075e7..0d75f4fa01 100644 --- a/introduction_to_applying_machine_learning/fraud_detection_using_graph_neural_networks/sagemaker_graph_fraud_detection/requirements.txt +++ b/introduction_to_applying_machine_learning/fraud_detection_using_graph_neural_networks/sagemaker_graph_fraud_detection/requirements.txt @@ -1,2 +1,66 @@ -sagemaker==1.72.0 -awscli>=1.18.140 \ No newline at end of file +annotated-types==0.7.0 +antlr4-python3-runtime==4.9.3 +anyio==4.9.0 +attrs==23.2.0 +awscli==1.38.18 +boto3==1.37.18 +botocore==1.37.18 +certifi==2025.1.31 +charset-normalizer==3.4.1 +click==8.1.8 +cloudpickle==3.1.1 +colorama==0.4.6 +dill==0.3.9 +docker==7.1.0 +docutils==0.16 +exceptiongroup==1.2.2 +fastapi==0.115.11 +google-pasta==0.2.0 +h11==0.14.0 +idna==3.10 +importlib-metadata==6.11.0 +jmespath==1.0.1 +jsonschema==4.23.0 +jsonschema-specifications==2024.10.1 +markdown-it-py==3.0.0 +mdurl==0.1.2 +mock==4.0.3 +multiprocess==0.70.17 +numpy==1.26.4 +omegaconf==2.2.3 +packaging==24.2 +pandas==2.2.3 +pathos==0.3.3 +platformdirs==4.3.7 +pox==0.3.5 +ppft==1.7.6.9 +protobuf==5.29.4 +psutil==7.0.0 +pyasn1==0.6.1 +pydantic==2.10.6 +pydantic-core==2.27.2 +pygments==2.19.1 +python-dateutil==2.9.0.post0 +pytz==2025.1 +pyyaml==6.0.2 +referencing==0.36.2 +requests==2.32.3 +rich==13.9.4 +rpds-py==0.23.1 +rsa==4.7.2 +s3transfer==0.11.4 +sagemaker==2.237.3 +sagemaker-core==1.0.25 +schema==0.7.7 +six==1.17.0 +smdebug-rulesconfig==1.0.1 +sniffio==1.3.1 +starlette==0.46.1 +tblib==3.0.0 +tqdm==4.67.1 +typing-extensions==4.12.2 +tzdata==2025.1 +urllib3==1.26.20 +uvicorn==0.34.0 +watchtower==1.0.0 +zipp==3.21.0 From f7e2c0a56391181b997b15cd46b9cad95cdcb9d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 19:07:52 +0000 Subject: [PATCH 08/14] Bump pytorch-lightning Bumps [pytorch-lightning](https://github.com/Lightning-AI/lightning) from 1.9.4 to 2.4.0. - [Release notes](https://github.com/Lightning-AI/lightning/releases) - [Commits](https://github.com/Lightning-AI/lightning/compare/1.9.4...2.4.0) --- updated-dependencies: - dependency-name: pytorch-lightning dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../Text_Classification_BERT/scripts/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/training/smart_sifting/Text_Classification_BERT/scripts/requirements.txt b/training/smart_sifting/Text_Classification_BERT/scripts/requirements.txt index cc40005a44..ca900a882d 100644 --- a/training/smart_sifting/Text_Classification_BERT/scripts/requirements.txt +++ b/training/smart_sifting/Text_Classification_BERT/scripts/requirements.txt @@ -4,4 +4,4 @@ transformers accelerate sagemaker botocore -pytorch-lightning==1.9.4 \ No newline at end of file +pytorch-lightning==2.4.0 \ No newline at end of file From becbe9956beaa965b8ebd5c8b568e9b914455188 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 19:08:18 +0000 Subject: [PATCH 09/14] Bump transformers Bumps [transformers](https://github.com/huggingface/transformers) from 4.38.0 to 4.48.0. - [Release notes](https://github.com/huggingface/transformers/releases) - [Commits](https://github.com/huggingface/transformers/compare/v4.38.0...v4.48.0) --- updated-dependencies: - dependency-name: transformers dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../code/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sagemaker_neo_compilation_jobs/deploy_huggingface_model_on_Inf1_instance/code/requirements.txt b/sagemaker_neo_compilation_jobs/deploy_huggingface_model_on_Inf1_instance/code/requirements.txt index 7b06ed5b80..0347135464 100644 --- a/sagemaker_neo_compilation_jobs/deploy_huggingface_model_on_Inf1_instance/code/requirements.txt +++ b/sagemaker_neo_compilation_jobs/deploy_huggingface_model_on_Inf1_instance/code/requirements.txt @@ -1 +1 @@ -transformers==4.38.0 +transformers==4.48.0 From 7403652333176df1e20e4c11c7dbbcfec66f10ed Mon Sep 17 00:00:00 2001 From: Chris Petrov Date: Fri, 28 Mar 2025 12:13:25 -0700 Subject: [PATCH 10/14] Create python-package-conda.yml --- .github/workflows/python-package-conda.yml | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/python-package-conda.yml diff --git a/.github/workflows/python-package-conda.yml b/.github/workflows/python-package-conda.yml new file mode 100644 index 0000000000..f3586044ab --- /dev/null +++ b/.github/workflows/python-package-conda.yml @@ -0,0 +1,34 @@ +name: Python Package using Conda + +on: [push] + +jobs: + build-linux: + runs-on: ubuntu-latest + strategy: + max-parallel: 5 + + steps: + - uses: actions/checkout@v4 + - name: Set up Python 3.10 + uses: actions/setup-python@v3 + with: + python-version: '3.10' + - name: Add conda to system path + run: | + # $CONDA is an environment variable pointing to the root of the miniconda directory + echo $CONDA/bin >> $GITHUB_PATH + - name: Install dependencies + run: | + conda env update --file environment.yml --name base + - name: Lint with flake8 + run: | + conda install flake8 + # stop the build if there are Python syntax errors or undefined names + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + - name: Test with pytest + run: | + conda install pytest + pytest From 650bcc66a282a7c93a19707d0c22a60ca447bc67 Mon Sep 17 00:00:00 2001 From: Chris Petrov Date: Fri, 28 Mar 2025 12:43:49 -0700 Subject: [PATCH 11/14] Create jekyll-gh-pages.yml --- .github/workflows/jekyll-gh-pages.yml | 51 +++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/jekyll-gh-pages.yml diff --git a/.github/workflows/jekyll-gh-pages.yml b/.github/workflows/jekyll-gh-pages.yml new file mode 100644 index 0000000000..e31d81c586 --- /dev/null +++ b/.github/workflows/jekyll-gh-pages.yml @@ -0,0 +1,51 @@ +# Sample workflow for building and deploying a Jekyll site to GitHub Pages +name: Deploy Jekyll with GitHub Pages dependencies preinstalled + +on: + # Runs on pushes targeting the default branch + push: + branches: ["main"] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. +concurrency: + group: "pages" + cancel-in-progress: false + +jobs: + # Build job + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Setup Pages + uses: actions/configure-pages@v5 + - name: Build with Jekyll + uses: actions/jekyll-build-pages@v1 + with: + source: ./ + destination: ./_site + - name: Upload artifact + uses: actions/upload-pages-artifact@v3 + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4 From 24e63fc844df1a118f32c8de5d54dd619c93c392 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 19:13:50 +0000 Subject: [PATCH 12/14] Bump transformers Bumps [transformers](https://github.com/huggingface/transformers) from 4.38.0 to 4.48.0. - [Release notes](https://github.com/huggingface/transformers/releases) - [Commits](https://github.com/huggingface/transformers/compare/v4.38.0...v4.48.0) --- updated-dependencies: - dependency-name: transformers dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../smp-train-t5-sharded-data-parallel/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archived/notebooks/smp-train-t5-sharded-data-parallel/requirements.txt b/archived/notebooks/smp-train-t5-sharded-data-parallel/requirements.txt index a7f48435ba..548e8062bf 100644 --- a/archived/notebooks/smp-train-t5-sharded-data-parallel/requirements.txt +++ b/archived/notebooks/smp-train-t5-sharded-data-parallel/requirements.txt @@ -4,6 +4,6 @@ sagemaker sagemaker-experiments scipy torchnet -transformers==4.38.0 +transformers==4.48.0 smdebug humanize From 64710d2b47ce1494b02de6479d1cf5571b71f501 Mon Sep 17 00:00:00 2001 From: Chris Petrov Date: Fri, 28 Mar 2025 12:49:58 -0700 Subject: [PATCH 13/14] Create codacy.yml --- .github/workflows/codacy.yml | 61 ++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/codacy.yml diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml new file mode 100644 index 0000000000..76a065c56a --- /dev/null +++ b/.github/workflows/codacy.yml @@ -0,0 +1,61 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow checks out code, performs a Codacy security scan +# and integrates the results with the +# GitHub Advanced Security code scanning feature. For more information on +# the Codacy security scan action usage and parameters, see +# https://github.com/codacy/codacy-analysis-cli-action. +# For more information on Codacy Analysis CLI in general, see +# https://github.com/codacy/codacy-analysis-cli. + +name: Codacy Security Scan + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '31 14 * * 1' + +permissions: + contents: read + +jobs: + codacy-security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + name: Codacy Security Scan + runs-on: ubuntu-latest + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout code + uses: actions/checkout@v4 + + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis + - name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + with: + # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository + # You can also omit the token and run the tools that support default configurations + project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + verbose: true + output: results.sarif + format: sarif + # Adjust severity of non-security issues + gh-code-scanning-compat: true + # Force 0 exit code to allow SARIF file generation + # This will handover control about PR rejection to the GitHub side + max-allowed-issues: 2147483647 + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif From debabf78ec64da1800ebde1ae31038103c6ab5e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 19:50:24 +0000 Subject: [PATCH 14/14] Bump transformers Bumps [transformers](https://github.com/huggingface/transformers) from 4.36.2 to 4.48.0. - [Release notes](https://github.com/huggingface/transformers/releases) - [Commits](https://github.com/huggingface/transformers/compare/v4.36.2...v4.48.0) --- updated-dependencies: - dependency-name: transformers dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../mixtral_tune_and_deploy/scripts/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/introduction_to_applying_machine_learning/mixtral_tune_and_deploy/scripts/requirements.txt b/introduction_to_applying_machine_learning/mixtral_tune_and_deploy/scripts/requirements.txt index ac1db44c98..a92eeaa17f 100644 --- a/introduction_to_applying_machine_learning/mixtral_tune_and_deploy/scripts/requirements.txt +++ b/introduction_to_applying_machine_learning/mixtral_tune_and_deploy/scripts/requirements.txt @@ -1,4 +1,4 @@ -transformers==4.36.2 +transformers==4.48.0 peft==0.4.0 accelerate==0.21.0 bitsandbytes==0.40.2