security(deps): bump the inference-dependencies group across 1 directory with 8 updates#539
Conversation
… with 8 updates Bumps the inference-dependencies group with 8 updates in the /evaluation directory: | Package | From | To | | --- | --- | --- | | [numpy](https://github.com/numpy/numpy) | `2.2.6` | `2.4.4` | | [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.26.2` | `4.3.0` | | [packaging](https://github.com/pypa/packaging) | `25.0` | `26.1` | | [onnxscript](https://github.com/microsoft/onnxscript) | `0.6.2` | `0.7.0` | | [torch](https://github.com/pytorch/pytorch) | `2.10.0` | `2.11.0` | | [tensordict](https://github.com/pytorch/tensordict) | `0.12.1` | `0.12.2` | | [lerobot](https://github.com/huggingface/lerobot) | `0.5.0` | `0.5.1` | | [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.151.13` | `6.152.1` | Updates `numpy` from 2.2.6 to 2.4.4 - [Release notes](https://github.com/numpy/numpy/releases) - [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst) - [Commits](numpy/numpy@v2.2.6...v2.4.4) Updates `marshmallow` from 3.26.2 to 4.3.0 - [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst) - [Commits](marshmallow-code/marshmallow@3.26.2...4.3.0) Updates `packaging` from 25.0 to 26.1 - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](pypa/packaging@25.0...26.1) Updates `onnxscript` from 0.6.2 to 0.7.0 - [Release notes](https://github.com/microsoft/onnxscript/releases) - [Commits](microsoft/onnxscript@v0.6.2...v0.7.0) Updates `torch` from 2.10.0 to 2.11.0 - [Release notes](https://github.com/pytorch/pytorch/releases) - [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md) - [Commits](pytorch/pytorch@v2.10.0...v2.11.0) Updates `tensordict` from 0.12.1 to 0.12.2 - [Release notes](https://github.com/pytorch/tensordict/releases) - [Commits](pytorch/tensordict@v0.12.1...v0.12.2) Updates `lerobot` from 0.5.0 to 0.5.1 - [Release notes](https://github.com/huggingface/lerobot/releases) - [Commits](huggingface/lerobot@v0.5.0...v0.5.1) Updates `hypothesis` from 6.151.13 to 6.152.1 - [Release notes](https://github.com/HypothesisWorks/hypothesis/releases) - [Commits](HypothesisWorks/hypothesis@hypothesis-python-6.151.13...hypothesis-python-6.152.1) --- updated-dependencies: - dependency-name: numpy dependency-version: 2.4.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: inference-dependencies - dependency-name: marshmallow dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: inference-dependencies - dependency-name: packaging dependency-version: '26.1' dependency-type: direct:production update-type: version-update:semver-major dependency-group: inference-dependencies - dependency-name: onnxscript dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: inference-dependencies - dependency-name: torch dependency-version: 2.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: inference-dependencies - dependency-name: tensordict dependency-version: 0.12.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: inference-dependencies - dependency-name: lerobot dependency-version: 0.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: inference-dependencies - dependency-name: hypothesis dependency-version: 6.152.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: inference-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
github-actions
Bot
changed the title
Dependency ReviewThe following issues were found:
Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. License Issuesevaluation/pyproject.toml
OpenSSF Scorecard
Scanned Files
|
|
✅ AW Dependabot PR Review completed successfully! |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #539 +/- ##
=======================================
Coverage 65.07% 65.07%
=======================================
Files 253 253
Lines 15621 15621
Branches 2087 2087
=======================================
Hits 10166 10166
Misses 5165 5165
Partials 290 290
🚀 New features to boost your workflow:
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
⚠️ Maintainer review recommended
Advisory Review Summary
Ecosystems touched: uv/pip — evaluation/pyproject.toml
Surface: python-runtime (evaluation directory)
No GHSA or CVE identifiers were found in the PR body. Despite the security(deps): title prefix, this appears to be a proactive group-update rather than a specific vulnerability patch.
Affected packages
| Package | From | To | Severity | Surface |
|---|---|---|---|---|
| numpy | 2.2.6 | 2.4.4 | None found | python-runtime |
| marshmallow | 3.26.2 | 4.3.0 | None found | python-runtime |
| packaging | 25.0 | 26.1 | None found | python-runtime |
| onnxscript | 0.6.2 | 0.7.0 | None found | python-runtime |
| torch | 2.10.0 | 2.11.0 | None found | python-runtime |
| tensordict | 0.12.1 | 0.12.2 | None found | python-runtime |
| lerobot | 0.5.0 | 0.5.1 | None found | python-runtime |
| hypothesis | 6.151.13 | 6.152.1 | None found | python-runtime (dev) |
numpy
From 2.2.6 to 2.4.4 — skips the entire 2.3.x series.
NumPy 2.4.4 is a patch release fixing bugs discovered after 2.4.3. Closes OpenBLAS threading problem on ARM (#30816). Supports Python 3.11–3.14.
Source: NumPy 2.4.4 release notes
Repo-specific risk: numpy is listed as an ABI-sensitive trigger on the python-runtime surface. onnxruntime-gpu==1.24.4 is co-pinned in this manifest but not being updated. Cross-minor numpy jumps (2.2 → 2.4) should be validated against the onnxruntime-gpu CUDA ABI. Run pytest evaluation/tests/ on a GPU node.
marshmallow
From 3.26.2 to 4.3.0 — MAJOR version bump.
4.3.0 (2026-04-03): Adds
pre_load/post_loadparameters tofields.Fieldfor field-level pre/post processing. Typing improvements tomarshmallow.validate.
4.2.3:fields.Numberandfields.Mappingare now abstract base classes — using them directly in schemas raisesTypeError.
Source: marshmallow CHANGELOG
Repo-specific risk: No Python files in evaluation/ import marshmallow directly, indicating it is a transitive requirement of mlflow==3.11.1 and/or azure-ai-ml==1.32.0, both of which are pinned. Verify those pinned versions explicitly support marshmallow 4.x before merging. Breaking changes in marshmallow 4.x (removal of missing/default field aliases, abstract base-class changes) could surface at runtime in mlflow model-artifact serialization.
packaging
From 25.0 to 26.1 — minor bump, additive features only (Emscripten wheel tags, packaging.dependency_groups, SpecifierSet.is_unsatisfiable). No breaking changes identified. Low risk.
Source: packaging releases
onnxscript
From 0.6.2 to 0.7.0 — pre-1.0 minor bump. Pre-1.0 packages may carry API changes in minor increments. No security advisories found. Verify against microsoft/onnxscript releases.
torch
From 2.10.0 to 2.11.0 — minor bump on ABI-sensitive surface.
No security advisories found. onnxruntime-gpu==1.24.4 (co-pinned, not updated) shares the CUDA runtime with torch. Confirm onnxruntime-gpu 1.24.4 supports torch 2.11.x in its compatibility matrix. Validate with a SIL smoke run.
Source: pytorch/pytorch releases
tensordict
From 0.12.1 to 0.12.2 — patch bump. Low risk. Source: pytorch/tensordict releases.
lerobot
From 0.5.0 to 0.5.1 — pre-1.0 patch bump. Confirm compatibility with the co-bumped torch==2.11.0. Source: huggingface/lerobot releases.
hypothesis
From 6.151.13 to 6.152.1 — patch bump in dev-only group. No risk to production evaluation runtime. Source: HypothesisWorks/hypothesis releases.
⚠️ Lockfile not updated
The evaluation/uv.lock does not appear to be modified in this PR diff. Dependabot typically updates both the manifest (pyproject.toml) and the lock file together for uv projects. Merging without an updated lockfile means the resolved dependency tree may not reflect the new manifest pins until the lockfile is regenerated manually. Run uv lock in evaluation/ after merging.
Advisory verdict: COMMENT — marshmallow crosses a major version boundary (3 → 4) with known breaking API changes, numpy jumps two minor versions on the ABI-sensitive python-runtime surface, and torch/onnxruntime-gpu ABI compatibility requires validation before merge. No security advisories were found for any updated package.
Note
🔒 Integrity filter blocked 1 item
The following item was blocked because it doesn't meet the GitHub integrity level.
- #539
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | noneGenerated by AW Dependabot PR Review for issue #539 · ● 943.2K
| "torch==2.10.0", | ||
| "tensordict==0.12.1", | ||
| "lerobot==0.5.0", | ||
| "torch==2.11.0", |
There was a problem hiding this comment.
torch 2.10.0 → 2.11.0 — check onnxruntime-gpu ABI compatibility
Minor version bump for PyTorch on the python-runtime surface. PyTorch and onnxruntime-gpu share CUDA runtime libraries; mismatched CUDA minor expectations can cause silent ABI failures at inference time.
onnxruntime-gpu==1.24.4 (line 20) is not being bumped in this PR — confirm that onnxruntime-gpu 1.24.4 lists torch 2.11.x in its supported matrix. Validate with a SIL smoke run of evaluation/sil/policy_runner.py on GPU hardware after merging.
No security advisories identified for this bump.
| "lerobot==0.5.0", | ||
| "torch==2.11.0", | ||
| "tensordict==0.12.2", | ||
| "lerobot==0.5.1", |
There was a problem hiding this comment.
lerobot 0.5.0 → 0.5.1 — pre-1.0 patch bump
Patch release in a pre-1.0 package. Low risk, but confirm this version is compatible with the torch==2.11.0 being co-bumped in this PR (lerobot depends on torch).
Source: huggingface/lerobot releases
| requires-python = ">=3.12" | ||
| dependencies = [ | ||
| "numpy==2.2.6", | ||
| "numpy==2.4.4", |
There was a problem hiding this comment.
numpy 2.2.6 → 2.4.4 — cross-minor jump on ABI-sensitive surface
This bump skips the entire 2.3.x series and lands on 2.4.4. NumPy 2.x introduced C-ABI breaking changes (NEP 47/50). The 2.4.x branch supports Python 3.11–3.14 and includes fixes for OpenBLAS threading on ARM (issue #30816) — no security advisories found.
Risk: onnxruntime-gpu==1.24.4 is pinned alongside this and is CUDA/ABI-sensitive. Verify onnxruntime-gpu built against numpy 2.x ABI is compatible with numpy 2.4. Run pytest evaluation/tests/ on a GPU node before merging.
Source: NumPy 2.4.4 release notes
| "azure-identity==1.25.3", | ||
| "azure-ai-ml==1.32.0", | ||
| "marshmallow==3.26.2", | ||
| "marshmallow==4.3.0", |
There was a problem hiding this comment.
marshmallow crossed a major version boundary (3 → 4). The 4.x line removed several deprecated 3.x APIs:
missinganddefaultfield arguments have changed semantics (see marshmallow 4.0.0 changelog).fields.Numberandfields.Mappingare now abstract base classes and cannot be used directly in schemas.post_load(pass_many=True)and other decorator behaviors have breaking-change semantics in 4.x.
No Python files in evaluation/ directly import marshmallow, suggesting it is consumed indirectly via mlflow==3.11.1 or azure-ai-ml==1.32.0. Verify that those pinned versions support marshmallow 4.x before merging.
Validation: ruff check evaluation/ && pytest evaluation/tests/ against the new lockfile.
| "pyperclip==1.11.0", | ||
| "onnx==1.21.0", | ||
| "onnxscript==0.6.2", | ||
| "onnxscript==0.7.0", |
There was a problem hiding this comment.
onnxscript 0.6.2 → 0.7.0 — pre-1.0 minor bump
onnxscript is a pre-1.0 package; minor version increments may include breaking API changes per semantic versioning conventions for unstable packages. No GHSA/CVE advisories were found.
Changelog: microsoft/onnxscript releases. Verify that any onnxscript API usage in the evaluation codebase is not affected by 0.7.0 changes.
|
@dependabot recreate |
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
dependabot
Bot
deleted the
dependabot/pip/evaluation/inference-dependencies-2eeb1ad467
branch
…ers, and runtime scripts (microsoft#541) Standardizes the entire Physical AI Toolchain on Python 3.12, raising `requires-python` to `>=3.12` in every `pyproject.toml` and regenerating all lock files under the new baseline. This unifies a previously fragmented version floor (`>=3.11` in some packages, `>=3.11,<3.12` in RL) that blocked Dependabot from proposing dependency updates. Beyond the version bump, the PR eliminates runtime `uv pip compile` calls from IL training and SIL evaluation scripts, replacing them with installs from pre-compiled `requirements.txt` files. This matches the existing RL pattern, removes a deployment-time failure mode (Python 3.11 containers resolving 3.12-only wheels), and cuts job startup latency. > Regenerating requirements surfaced pre-existing metadata conflicts in `azureml-mlflow` (incompatible caps on `mlflow-skinny` and `azure-storage-blob` in RL; `marshmallow <4.0.0` cap collision in IL). Dropping `azureml-mlflow` resolved both — the package was a legacy holdover since `azure-ai-ml` MLClient already provides the MLflow tracking URI directly. Closes microsoft#540 ## Type of Change - [ ] 🐛 Bug fix (non-breaking change fixing an issue) - [ ] ✨ New feature (non-breaking change adding functionality) - [x] 💥 Breaking change (fix or feature causing existing functionality to change) - [ ] 📚 Documentation update - [ ] 🏗️ Infrastructure change (Terraform/IaC) - [ ] ♻️ Refactoring (no functional changes) ## Component(s) Affected - [ ] `infrastructure/terraform/prerequisites/` - Azure subscription setup - [ ] `infrastructure/terraform/` - Terraform infrastructure - [ ] `infrastructure/setup/` - OSMO control plane / Helm - [x] `workflows/` - Training and evaluation workflows - [x] `training/` - Training pipelines and scripts - [x] `docs/` - Documentation ## Changes ### Python 3.12 Version Standardization Raised `requires-python` to `>=3.12` in all six package manifests (root, RL, IL/LeRobot, dataviewer workspace, dataviewer backend, evaluation). Bumped `.python-version` from 3.11.13 to 3.12.13. Updated the dataviewer backend Dockerfile base image from an erroneous `python:3.14-slim` to `python:3.12-slim`, and changed *start.sh* to create venvs with `--python 3.12`. Updated *copilot-instructions.md* references and ruff `target-version` documentation to `py312`. ### Runtime Compilation Replaced with Pre-compiled Requirements Replaced dynamic `uv pip compile` invocations with installs from committed `requirements.txt` files in three scripts: - *training/il/scripts/submit-azureml-lerobot-training.sh* — now installs from `training/il/lerobot/requirements.txt` with a missing-file guard - *evaluation/sil/infer.sh* — same pattern; added PyTorch cu124 fallback index - *evaluation/sil/validate.sh* — same pattern; added PyTorch cu124 fallback index Created **training/il/lerobot/requirements.txt** (new file) and regenerated **training/rl/requirements.txt** under Python 3.12 (CUDA packages shifted from cu12 to cu13 variants). ### Dependency Cleanup and Version Alignment Dropped `azureml-mlflow` from both RL and IL pyprojects. The package caused metadata conflicts (incompatible caps on `mlflow-skinny`, `azure-storage-blob`, and `marshmallow`) and was redundant — `azure-ai-ml` MLClient resolves the MLflow tracking URI directly. Removed the corresponding `azureml.mlflow` entry from `_REQUIRED_MODULES` in *launch.py* and *launch_rsl_rl.py*. Bumped **LeRobot** from 0.3.3 to 0.4.4 and aligned transitive pins (`huggingface-hub`, `wandb`, `torchcodec`, `numpy`, `packaging`) to LeRobot's upstream caps. Bumped IL `azure-ai-ml` from 1.31.0 to 1.32.0 for parity with RL. IL `marshmallow` pinned to 3.26.2 (latest 3.x; forced by `azure-ai-ml <4.0.0` cap — no known CVEs). ### Lock File Regeneration Regenerated *data-management/viewer/backend/uv.lock*, *data-management/viewer/uv.lock*, and root *uv.lock* under Python 3.12. Systematically removed Python 3.11 (cp311) and PyPy 3.11 (pp311) wheel entries. ### Ancillary Fixes - Replaced deprecated `datetime.utcnow()` with `datetime.now(UTC)` in *data-management/viewer/backend/tests/storage/conftest.py* - Removed `coverage[toml]` optional dependency from root *pyproject.toml* - Updated *docs/contributing/prerequisites.md* Python version to 3.12+ - Fixed OSMO installer URL in *scripts/security/Test-BinaryFreshness.ps1* to use releases/download path ## Related Issues - Closes microsoft#540 - Related to microsoft#539 (Dependabot blocked by fragmented `requires-python`) ## Testing Performed - [ ] Terraform `plan` reviewed (no unexpected changes) - [ ] Terraform `apply` tested in dev environment - [ ] Training scripts tested locally with Isaac Sim - [ ] OSMO workflow submitted successfully - [ ] Smoke tests passed (`smoke_test_azure.py`) ## Documentation Impact - [x] Documentation updated in this PR ## Bug Fix Checklist *N/A — this is a build/dependency change, not a bug fix.* ## Checklist - [x] My code follows the [project conventions](copilot-instructions.md) - [x] Commit messages follow [conventional commit format](instructions/commit-message.instructions.md) - [x] I have performed a self-review - [x] Documentation impact assessed above - [ ] No new linting warnings introduced ## Notes - **Breaking change**: Python 3.11 support is fully discontinued. All development environments, containers, and CI pipelines require Python 3.12+. - Only IL `marshmallow` (3.26.2 vs 4.2.3 in RL) and `huggingface-hub`/`wandb` pins move backward relative to the RL package — all forced by `azure-ai-ml` and LeRobot upstream caps. `marshmallow` 3.26.2 is the latest 3.x release with no known open CVEs. - The OSMO installer URL fix in *Test-BinaryFreshness.ps1* is unrelated to the Python migration but was included in the same commit. ## Follow-up Tasks - Rebase or re-run Dependabot PR microsoft#539 after this lands — it should resolve cleanly with unified `requires-python` - Add CI freshness check that regenerates `requirements.txt` files and diffs against committed versions to catch pyproject edits that skip regeneration - Add grep-based regression guard rejecting reintroduction of `uv pip compile` in IL/evaluation scripts - Upgrade Isaac Lab container to Python 3.12 (Isaac Sim 5.x) to eliminate the pre-compilation workaround entirely (tracked as microsoft#114) --------- Co-authored-by: Bill Berry <wbery@microsoft.com>
2 participants
Bumps the inference-dependencies group with 8 updates in the /evaluation directory:
2.2.62.4.43.26.24.3.025.026.10.6.20.7.02.10.02.11.00.12.10.12.20.5.00.5.16.151.136.152.1Updates
numpyfrom 2.2.6 to 2.4.4Release notes
Sourced from numpy's releases.
... (truncated)
Changelog
Sourced from numpy's changelog.
... (truncated)
Commits
be93fe2Merge pull request #31090 from charris/prepare-2.4.4f5245dcREL: Prepare for the NumPy 2.4.4 release02e838bMerge pull request #31084 from charris/backport-31056fa74b2dMAINT: numpy.i: Replace deprecatedsprintfwithsnprintf(#31056)533a6dbMerge pull request #31079 from charris/backport-208019e496cbTST: fix POWER VSX feature mapping (#30801)8052c4bMerge pull request #31058 from charris/backport-310217f13b5aMAINT: Skip test on PyPy.4c5fdd6MAINT: Remove unused import of tracemalloc.a3ca5edUpdate numpy/_core/src/multiarray/shape.cUpdates
marshmallowfrom 3.26.2 to 4.3.0Changelog
Sourced from marshmallow's changelog.
... (truncated)
Commits
b596fdbBump version and update changelog256f0aaAdd pre/post_load parameters to Field (#2799)c847ad4Typing improvements to marshmallow.validate (#2940)eb86322Remove redundant docs job (#2939)a44ad62Avoid infinite recursion in nesting docs (#2938)3360e34Bump version and update changelog7b9ce45Fix changelog typos and update releasing docsf07eadcFix validate.Email to accept IDNs (#2937)4acb783Fix Unreachable Warning (#2935)3492faeRemove redundant python-version (#2932)Updates
packagingfrom 25.0 to 26.1Release notes
Sourced from packaging's releases.
... (truncated)
Changelog
Sourced from packaging's changelog.
... (truncated)
Commits
c1a88a3Bump for release702c25edocs: update changelog for 26.1 (#1156)3f4f5d4Implementis_unsatisfiableonSpecifierSetusing ranges (#1119)06c6555Propagate int-max-str-digits ValueError (#1155)905c90cfeat: option to validate compressed tag set sort order in `parse_wheel_filena...af0026cdocs(pylock): document select() method and PylockSelectError (#1153)668da86Rename format_full_version to _format_full_version to make it visibly private...f294d52tests: do not reload the tags module (#1152)2c6c7dffeat: add handling for Emscripten wheels tags per PEP 783 (#804)6762eeadocs(markers): document & and | operators for combining Marker objects (#1151)Updates
onnxscriptfrom 0.6.2 to 0.7.0Release notes
Sourced from onnxscript's releases.
... (truncated)
Commits
df97c94Add an option to not inline a function when building the graph (#2851)90f754achore(deps): bump actions/upload-pages-artifact from 4 to 5 (#2895)b068297Bumped version to 0.7.0 (#2894)c8f5f6aMake GraphBuilder.init use keyword-only args after graph (#2893)c6e8ec6Handling initializers in GraphBuilder (#2889)63ffecffix: normalize cache key dtype to prevent initializer name collisions (#2888)13f265cfix(fuse_batchnorm): support convtranpose + bn fusion with group != 1 (#2879)6c092e2Add fusion rule to remove Expand before broadcast-capable binary operators (#...c7d13fbAdd input() and add_output() methods to GraphBuilder (#2828)864b785Fix BatchNorm fusion producing invalid ONNX when Conv nodes share weight init...Updates
torchfrom 2.10.0 to 2.11.0Release notes
Sourced from torch's releases.
... (truncated)
Commits
70d99e9[release only] Increase timeout for rocm libtorch and manywheel builds (#178006)3e05c5a[MPS] Properly handle conjugated tensors in bmm (#178010)db741c7[MPS] fix compiling of SDPA producing nan results (#178009)483b55dUpdate pytorch_sphinx_theme2 version to 0.4.6 (#177616)7f2cdeb[windows][smoke test] Add an option to install cuda if required cuda/cudnn on...76fd078[release-only] Fix libtorch builds. Fix lint (#177299)fa384de[Inductor][MPS] Fix half-precision type mismatches in Metal shader codegen (#...036b25fLet stable::from_blob accept a lambda as deleter (cherry-pick) (#176440)41f8e3e[CI] Stop using G3 runners (#177161)e2fa295[CD] Unpin cuda-bindings dependencies (#177159)Updates
tensordictfrom 0.12.1 to 0.12.2Release notes
Sourced from tensordict's releases.
Commits
8ee33fa[Release] Bump version to 0.12.2dcb6ddd[BugFix] fix ragged_idx of consolidated tensor (#1675)85ea4e7[CI] Temporarily use vmoens/test-infra fork for macOS buildsUpdates
lerobotfrom 0.5.0 to 0.5.1Release notes
Sourced from lerobot's releases.
... (truncated)
Commits
1396b9f🔒 Pin GitHub Actions to commit SHAs (#3265)7c032f1feat(dataset): registering torchvision transforms (#3153)e2f27bfFix lerobot_train script without interpolation (#3281)ea36a4achore(docs): new badge for readme (#3303)399b3c9chore(dependencies): update uv.lock (#3302)913041efix(ci): latest deps tests permissions (#3296)2b541dddocs(ci): add readme for dockerfile (#3295)50a1e67feat(ci): adduv.lock(#3292)d60a700chore(policy): multi dit docs (#3285)8c3d4cfchore(docs): no policy readme in src code (#3286)Updates
hypothesisfrom 6.151.13 to 6.152.1Release notes
Sourced from hypothesis's releases.
Commits
d451213Bump hypothesis-python version to 6.152.1 and update changelogc95fa97Merge pull request #4706 from Liam-DeVoe/typing-fix7dd2cfdMerge remote-tracking branch 'upstream/master' into typing-fix35fdf62Bump hypothesis-python version to 6.152.0 and update changelog0cb15c5tighten check for typing0e03204Merge pull request #4704 from Liam-DeVoe/auto-ignore-.hypothesis3625c63fix ci failures8a8a6a1reword for clarity0102250fix ci