security(deps): bump the inference-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the inference-dependencies group with 10 updates in the /evaluation directory:

Package	From	To
numpy	2.2.6	2.4.4
marshmallow	3.26.2	4.3.0
packaging	25.0	26.1
onnxscript	0.6.2	0.7.0
onnxruntime-gpu	1.24.4	1.25.0
gymnasium	1.2.3	1.3.0
torch	2.10.0	2.11.0
tensordict	0.12.1	0.12.2
lerobot	0.5.0	0.5.1
hypothesis	6.151.13	6.152.1

Updates numpy from 2.2.6 to 2.4.4

Release notes

Sourced from numpy's releases.

2.4.4 (Mar 29, 2026)

NumPy 2.4.4 Release Notes

The NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3 release. It should finally close issue #30816, the OpenBLAS threading problem on ARM.

This release supports Python versions 3.11-3.14

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Charles Harris
• Daniel Haag +
• Denis Prokopenko +
• Harshith J +
• Koki Watanabe
• Marten van Kerkwijk
• Matti Picus
• Nathan Goldbaum

Pull requests merged

A total of 7 pull requests were merged for this release.

• #30978: MAINT: Prepare 2.4.x for further development
• #31049: BUG: Add test to reproduce problem described in #30816 (#30818)
• #31052: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (#31035)
• #31053: BUG: avoid warning on ufunc with where=True and no output
• #31058: DOC: document caveats of ndarray.resize on 3.14 and newer
• #31079: TST: fix POWER VSX feature mapping (#30801)
• #31084: MAINT: numpy.i: Replace deprecated sprintf with snprintf...

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

The NumPy 2.4.3 is a patch release that fixes bugs discovered after the 2.4.2 release. The most user visible fix may be a threading fix for OpenBLAS on ARM, closing issue #30816.

This release supports Python versions 3.11-3.14

Contributors

A total of 11 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Antareep Sarkar +

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits

• be93fe2 Merge pull request #31090 from charris/prepare-2.4.4
• f5245dc REL: Prepare for the NumPy 2.4.4 release
• 02e838b Merge pull request #31084 from charris/backport-31056
• fa74b2d MAINT: numpy.i: Replace deprecated sprintf with snprintf (#31056)
• 533a6db Merge pull request #31079 from charris/backport-20801
• 9e496cb TST: fix POWER VSX feature mapping (#30801)
• 8052c4b Merge pull request #31058 from charris/backport-31021
• 7f13b5a MAINT: Skip test on PyPy.
• 4c5fdd6 MAINT: Remove unused import of tracemalloc.
• a3ca5ed Update numpy/_core/src/multiarray/shape.c
• Additional commits viewable in compare view

Updates marshmallow from 3.26.2 to 4.3.0

Changelog

Sourced from marshmallow's changelog.

4.3.0 (2026-04-03)

Features:

• Add pre_load and post_load parameters to marshmallow.fields.Field for field-level pre- and post-processing (:issue:2787).
• Typing: improvements to marshmallow.validate (:pr:2940).

4.2.4 (2026-04-02)

Bug fixes:

• marshmallow.validate.URL and marshmallow.validate.Email accept Internationalized Domain Names (IDNs) (:issue:2821, :issue:2936). marshmallow.validate.Email also correctly rejects IDN domains with leading/trailing hyphens. Thanks :user:touhidurrr for the report.
• Typing: Fix typing of nested in marshmallow.fields.Nested (:pr:2935).

4.2.3 (2026-03-25)

Bug fixes:

• Make marshmallow.fields.Number and marshmallow.fields.Mapping abstract base classes to prevent using them within Schemas (:issue:2924). Thanks :user:MartingaleCoda for reporting.
• Allow required to be set on marshmallow.fields.Contant (:issue:2900). Thanks :user:nosnickid for the report and :user:worksbyfriday for the PR.
• Fix marshmallow.validate.OneOf emitting extra pairs when labels outnumber choices (:issue:2869). Thanks: user:T90REAL for the report and :user:rstar327 for the PR.
• Fix behavior when passing a dot-delimited attribute name to partial for a key with data_key set (:pr:2903). Thanks :user:bysiber for the PR.
• Fix Enum field by-name lookup to only return actual members (:pr:2902). Thanks :user:bysiber for the PR.
• marshmallow.fields.DateTime with format="timestamp_ms" properly rejects bool values (:pr:2904). Thanks :user:bysiber for the PR.
• Fix typing of error_messages argument to marshmallow.fields.Field (:pr:1636). Thanks :user:repole for reporting and :user:dhruvildarji for the PR.

Other changes:

• Add ipaddress.* to marshmallow.Schema.TYPE_MAPPING (:issue:1695). Thanks :user:liberforce for the suggestion and :user:dhruvildarji for the PR.

4.2.2 (2026-02-04)

Bug fixes:

• Fix behavior of fields.Contant(None) (:issue:2868).

... (truncated)

Commits

• b596fdb Bump version and update changelog
• 256f0aa Add pre/post_load parameters to Field (#2799)
• c847ad4 Typing improvements to marshmallow.validate (#2940)
• eb86322 Remove redundant docs job (#2939)
• a44ad62 Avoid infinite recursion in nesting docs (#2938)
• 3360e34 Bump version and update changelog
• 7b9ce45 Fix changelog typos and update releasing docs
• f07eadc Fix validate.Email to accept IDNs (#2937)
• 4acb783 Fix Unreachable Warning (#2935)
• 3492fae Remove redundant python-version (#2932)
• Additional commits viewable in compare view

Updates packaging from 25.0 to 26.1

Release notes

Sourced from packaging's releases.

26.1

Features:

• PEP 783: add handling for Emscripten wheel tags by @​hoodmane in pypa/packaging#804 (old name used in implementation, will be fixed in next release)
• PEP 803: add handling for the abi3.abi3t free-threading tag by @​ngoldbaum in pypa/packaging#1099
• PEP 723: add packaging.dependency_groups module, based on the dependency-groups package by @​sirosen in pypa/packaging#1065
• Add the packaging.direct_url module by @​sbidoul in pypa/packaging#944
• Add the packaging.errors module by @​henryiii in pypa/packaging#1071
• Add SpecifierSet.is_unsatisfiable using ranges (new internals that will be expanded in future versions) by @​notatallshaw in pypa/packaging#1119
• Add create_compatible_tags_selector to select compatible tags by @​sbidoul in pypa/packaging#1110
• Add a key argument to SpecifierSet.filter() by @​frostming in pypa/packaging#1068
• Support & and | for Marker's by @​henryiii in pypa/packaging#1146
• Normalize Version.__replace__ and add Version.from_parts by @​henryiii in pypa/packaging#1078
• Add an option to validate compressed tag set sort order in parse_wheel_filename by @​r266-tech in pypa/packaging#1150

Behavior adaptations:

• Narrow exclusion of pre-releases for <V.postN to match spec by @​notatallshaw in pypa/packaging#1140
• Narrow exclusion of post-releases for >V to match spec by @​notatallshaw in pypa/packaging#1141
• Rename format_full_version to _format_full_version to make it visibly private by @​r266-tech in pypa/packaging#1125
• Restrict local version to ASCII by @​henryiii in pypa/packaging#1102

Pylock (PEP 751) updates:

• Add pylock select function by @​sbidoul in pypa/packaging#1092
• Document pylock select() method and PylockSelectError by @​r266-tech in pypa/packaging#1153
• Add filename property to PackageSdist and PackageWheel, more validation by @​sbidoul in pypa/packaging#1095
• Give preference to path over url by @​sbidoul in pypa/packaging#1128
• Validate name/version consistency in file names by @​sbidoul in pypa/packaging#1114

Fixes:

• Fix > comparison for versions with dev+local segments by @​veeceey in pypa/packaging#1097
• Fix incorrect self-comparison for InfinityType and NegativeInfinityType by @​bysiber in pypa/packaging#1093
• Canonicalize when deduplicating specifiers in SpecifierSet by @​notatallshaw in pypa/packaging#1109
• Fix charset error message formatting by @​notatallshaw in pypa/packaging#1121
• Handle the key parameter in SpecifierSet.filter when specifiers are empty and prerelease is False by @​notatallshaw in pypa/packaging#1096
• Standardize inner components of repr output by @​henryiii in pypa/packaging#1090
• Specifier's === uses original string, not normalized, when available by @​notatallshaw in pypa/packaging#1124
• Propagate int-max-str-digits ValueError by @​notatallshaw in pypa/packaging#1155

Performance:

• Add fast path for parsing simple versions (digits and dots only) by @​notatallshaw in pypa/packaging#1082
• Add fast path for Version to Version comparison by skipping _key property by @​notatallshaw in pypa/packaging#1083
• Cache Version hash value in dedicated slot by @​notatallshaw in pypa/packaging#1118
• Overhaul _cmpkey to remove use of custom objects by @​notatallshaw in pypa/packaging#1116
• Skip __replace__ in Specifier comparison if not needed by @​notatallshaw in pypa/packaging#1081
• SpecifierSet use tuple instead of frozenset for _specs by @​notatallshaw in pypa/packaging#1108
• Speed up complex SpecifierSet filtering by implementing cost-based ordering by @​notatallshaw in pypa/packaging#1105

... (truncated)

Changelog

Sourced from packaging's changelog.

26.1 - 2026-04-14

Features:

PEP 783: add handling for Emscripten wheel tags in (:pull:804)
PEP 803: add handling for the abi3.abi3t free-threading tag in (:pull:1099)
PEP 723: add packaging.dependency_groups module, based on the dependency-groups package in (:pull:1065)
Add the packaging.direct_url module in (:pull:944)
Add the packaging.errors module in (:pull:1071)
Add SpecifierSet.is_unsatisfiable using ranges (new internals that will be expanded in future versions) in (:pull:1119)
Add create_compatible_tags_selector to select compatible tags in (:pull:1110)
Add a key argument to SpecifierSet.filter() in (:pull:1068)
Support & and | for Marker's in (:pull:1146)
Normalize Version.__replace__ and add Version.from_parts in (:pull:1078)
Add an option to validate compressed tag set sort order in parse_wheel_filename in (:pull:1150)

Behavior adaptations:

Narrow exclusion of pre-releases for <V.postN to match spec in (:pull:1140)
Narrow exclusion of post-releases for >V to match spec in (:pull:1141)
Rename format_full_version to _format_full_version to make it visibly private in (:pull:1125)
Restrict local version to ASCII in (:pull:1102)

Pylock (PEP 751) updates:

Add pylock select function in (:pull:1092)
Document pylock select() method and PylockSelectError in (:pull:1153)
Add filename property to PackageSdist and PackageWheel, more validation in (:pull:1095)
Give preference to path over url in (:pull:1128)
Validate name/version consistency in file names in (:pull:1114)

Fixes:

Fix > comparison for versions with dev+local segments in (:pull:1097)
Fix incorrect self-comparison for InfinityType and NegativeInfinityType in (:pull:1093)
Canonicalize when deduplicating specifiers in SpecifierSet in (:pull:1109)
Fix charset error message formatting in (:pull:1121)
Handle the key parameter in SpecifierSet.filter when specifiers are empty and prerelease is False in (:pull:1096)
Standardize inner components of repr output in (:pull:1090)
Specifier's === uses original string, not normalized, when available in (:pull:1124)
Propagate int-max-str-digits ValueError in (:pull:1155)

Performance:

Add fast path for parsing simple versions (digits and dots only) in (:pull:1082)
Add fast path for Version to Version comparison by skipping _key property in (:pull:1083)
Cache Version hash value in dedicated slot in (:pull:1118)
Overhaul _cmpkey to remove use of custom objects in (:pull:1116)
Skip __replace__ in Specifier comparison if not needed in (:pull:1081)

</tr></table>

... (truncated)

Commits

• c1a88a3 Bump for release
• 702c25e docs: update changelog for 26.1 (#1156)
• 3f4f5d4 Implement is_unsatisfiable on SpecifierSet using ranges (#1119)
• 06c6555 Propagate int-max-str-digits ValueError (#1155)
• 905c90c feat: option to validate compressed tag set sort order in `parse_wheel_filena...
• af0026c docs(pylock): document select() method and PylockSelectError (#1153)
• 668da86 Rename format_full_version to _format_full_version to make it visibly private...
• f294d52 tests: do not reload the tags module (#1152)
• 2c6c7df feat: add handling for Emscripten wheels tags per PEP 783 (#804)
• 6762eea docs(markers): document & and | operators for combining Marker objects (#1151)
• Additional commits viewable in compare view

Updates onnxscript from 0.6.2 to 0.7.0

Release notes

Sourced from onnxscript's releases.

v0.7.0

What's Changed

Optimizer and Rewriter

• [Rewriter] Extend list of supported commutative operations by @​iksnagreb in microsoft/onnxscript#2741
• fix(fuse_batchnorm): support convtranpose + bn fusion with group != 1 by @​AyoubMDL in microsoft/onnxscript#2879
• optimizer: Prevent constant folding of DynamicQuantizeLinear by @​Copilot in microsoft/onnxscript#2865
• Unify failure-handling in rewrite-rule by @​gramalingam in microsoft/onnxscript#2866
• Fix non-deterministic rewriter behavior in multi-output pattern matching by @​Copilot in microsoft/onnxscript#2880
• Fix BatchNorm fusion producing invalid ONNX when Conv nodes share weight initializers by @​Copilot in microsoft/onnxscript#2883
• Add fusion rule to remove Expand before broadcast-capable binary operators by @​Copilot in microsoft/onnxscript#2862
• Use logging instead of print in RewritePass by @​tgolsson in microsoft/onnxscript#2835
• fix: normalize cache key dtype to prevent initializer name collisions by @​gramalingam in microsoft/onnxscript#2888

ONNX IR

• Refactor schemas to use the onnx_ir version by @​justinchuby in microsoft/onnxscript#2797

Torch Lib

• Add converter torch aten::histc by @​xadupre in microsoft/onnxscript#2796
• Trace single op.SplitToSequence by @​titaiwangms in microsoft/onnxscript#2817
• Fix bicubic antialias export: use cubic_coeff_a=-0.5 instead of -0.75 by @​Copilot in microsoft/onnxscript#2849
• [torchlib] Add missing dtype parameter to aten_mean_dim by @​linusjuni in microsoft/onnxscript#2885
• [torchlib] Fix torchvision::roi_align lowering to accept 7-arg schema by @​FraGirla in microsoft/onnxscript#2830

Core ONNX Script

• First version of GraphBuilder by @​gramalingam in microsoft/onnxscript#2814
• Allow GraphBuilder to call script functions by @​gramalingam in microsoft/onnxscript#2820
• Add GraphBuilder.subgraph() and TensorType.to_ir() for control-flow ops by @​gramalingam in microsoft/onnxscript#2824
• Support outer scope value reference in script by @​gramalingam in microsoft/onnxscript#2831
• Expose OpBuilder as onnxscript.OpBuilder by @​gramalingam in microsoft/onnxscript#2840
• Extend graph construction utility by @​gramalingam in microsoft/onnxscript#2842
• Implement schema-based input/attribute partitioning in GraphBuilder by @​gramalingam in microsoft/onnxscript#2837
• Replace input-constraint asserts with TranslationError in converter by @​gramalingam in microsoft/onnxscript#2845
• Support None as op input in GraphBuilder by @​justinchuby in microsoft/onnxscript#2868
• Add parent/root tracking to GraphBuilder for subgraph Parameter realization by @​gramalingam in microsoft/onnxscript#2877
• Add input() and add_output() methods to GraphBuilder by @​justinchuby in microsoft/onnxscript#2828
• Handling initializers in GraphBuilder by @​gramalingam in microsoft/onnxscript#2889
• Make GraphBuilder.init use keyword-only args after graph by @​gramalingam in microsoft/onnxscript#2893
• Trivial cleanup of onnxscript converter by @​gramalingam in microsoft/onnxscript#2839

New Features

• Add onnxscript.nn module with Module and Parameter classes by @​justinchuby in microsoft/onnxscript#2819
• Add nn.Sequential: callable ModuleList that chains forward calls by @​justinchuby in microsoft/onnxscript#2823
• Update nn.Sequential signature to match PyTorch (*modules varargs) by @​Copilot in microsoft/onnxscript#2827

Other Changes

• Raise version converter error when function attribute is RefAttr by @​titaiwangms in microsoft/onnxscript#2806
• Update ruff version to 0.15.1 by @​justinchuby in microsoft/onnxscript#2809
• Add back inliner to version converter by @​titaiwangms in microsoft/onnxscript#2813
• Remove unused function before version converter by @​titaiwangms in microsoft/onnxscript#2816

New Contributors

• @​FraGirla made their first contribution in microsoft/onnxscript#2830
• @​linusjuni made their first contribution in microsoft/onnxscript#2885

... (truncated)

Commits

• df97c94 Add an option to not inline a function when building the graph (#2851)
• 90f754a chore(deps): bump actions/upload-pages-artifact from 4 to 5 (#2895)
• b068297 Bumped version to 0.7.0 (#2894)
• c8f5f6a Make GraphBuilder.init use keyword-only args after graph (#2893)
• c6e8ec6 Handling initializers in GraphBuilder (#2889)
• 63ffecf fix: normalize cache key dtype to prevent initializer name collisions (#2888)
• 13f265c fix(fuse_batchnorm): support convtranpose + bn fusion with group != 1 (#2879)
• 6c092e2 Add fusion rule to remove Expand before broadcast-capable binary operators (#...
• c7d13fb Add input() and add_output() methods to GraphBuilder (#2828)
• 864b785 Fix BatchNorm fusion producing invalid ONNX when Conv nodes share weight init...
• Additional commits viewable in compare view

Updates onnxruntime-gpu from 1.24.4 to 1.25.0

Release notes

Sourced from onnxruntime-gpu's releases.

ONNX Runtime v1.25.0

📢 Announcements & Breaking Changes

Build & Platform

• C++20 is now required to build ONNX Runtime from source. Minimum toolchains: MSVC 19.29+, GCC 10+, Clang 10+. Users of prebuilt packages are unaffected. (#27178)
• CUDA minimum version raised to 12.0 — CUDA 11.x is no longer supported. Users pinned to CUDA 11.x should stay on ORT 1.24.x or upgrade their CUDA toolkit/driver. (#27570)
• ONNX upgraded to 1.21.0 (#27601)
• sympy is now an optional dependency for Python builds. (#27200)

Execution Provider Changes

• ArmNN EP has been removed. Users should remove any --use_armnn build flags and migrate to the MLAS/KleidiAI-backed CPU EP or QNN EP for Qualcomm hardware. (#27447)

API Version

• ORT_API_VERSION updated to 25. (#27280)

---

🔒 Security Fixes

• Fixed potential integer truncation leading to heap out-of-bounds read/write (#27544)
• Addressed Pad Reflect vulnerability (#27652)
• Security fix for transpose optimizer (#27555)
• Upgraded minimatch 3.1.2 → 3.1.4 for CVE-2026-27904 (#27667)
• Hardened shell command handling for constant strings (#27840)
• Added validation of onnx::TensorProto data size before allocation (#27547)
• Cleaned up external data path validation (#27539)
• Fixed misaligned address reads for tensor attributes from raw data buffers (#27312)
• Fixed CPU Attention overflow issue (#27822)
• Fixed CPU LRN integer overflow issues (#27886)
• Additional input validation hardening:
  • Tile kernel dim overflow (#27566)
  • Out-of-bounds read in cross entropy (#27568)
  • TreeEnsembleClassifier attributes (#27571)
  • AffineGrid (#27572)
  • EmbedLayerNorm position_ids (#27573)
  • RotaryEmbedding position_ids (#27597)
  • RoiAlign batch_indices (#27603)
  • MaxUnpool indices (#27432)
  • QMoECPU swiglu OOB (#27748)
  • SVMClassifier initializer (#27699)
  • Col2Im SafeInt (#27625)

---

✨ New Features

🔌 Execution Provider Plugin API & CUDA Plugin EP

... (truncated)

Commits

• 7a71bc5 Cherry-pick CI/pipeline fixes for rel-1.25.0 (#28106)
• 211edbc FF rel-1.25 to last merge prior to version bump & add first round of cherry p...
• 57b265e [MLAS] Add depthwise with multiplier conv special kernel for NCHW data layout...
• bec2792 Plugin EP event profiling APIs (#27649)
• a997c4f [VitisAI] external_ep_library typo fix (#27647)
• f2c28e2 S390x test fixes (#27404)
• 0f43e16 [QNN-EP] Fix use-after-free of logger object (#27804)
• f22e3a9 webgpu: Optimize DP4A SmallM MatMulNBits tiling (#27910)
• 048e7dc [Plugin EP] Add plugin EP APIs to retrieve ONNX operator schemas (#27713)
• e43d306 [CI] fix: missing branch specifier in schedule directive (#27914)
• Additional commits viewable in compare view

Updates gymnasium from 1.2.3 to 1.3.0

Release notes

Sourced from gymnasium's releases.

v1.3.0

Gymnasium v1.3.0

This release brings a new Taxi environment version, a new RepeatAction wrapper, and a range of bug fixes across vector environments and wrappers.

Core Changes

• The Taxi environment has been updated to v4 to correct the is_rainy implementation, which previously did not behave as documented by @​pseudo-rnd-thoughts (Farama-Foundation/Gymnasium#1561)
• pygame has been replaced with pygame-ce, unlocking Python 3.14 compatibility. The drop-in replacement preserves the existing rendering behaviour by @​mwydmuch (Farama-Foundation/Gymnasium#1512)
• Added RepeatAction wrapper that repeats a given action for a fixed number of steps, useful for frame-skipping and coarser control loops by @​Lidang-Jiang (Farama-Foundation/Gymnasium#1553)
• Optimised Box.__init__ to reduce overhead through lazy evaluation of variables by @​pseudo-rnd-thoughts (Farama-Foundation/Gymnasium#1529)
• Fix vector RecordVideo wrapper to remove memory leaks across episodes by @​JonahFSD (Farama-Foundation/Gymnasium#1527)
• Fix Vector NormalizeReward wrapper to work identically as the non-vectorized version by @​JonahFSD (Farama-Foundation/Gymnasium#1526)

Bug Fixes

• Removed the VectorEnv destructor, which was causing VectorEnv.close() to be called unintentionally by @​TimSchneider42 (Farama-Foundation/Gymnasium#1522)
• Fixed NormalizeObservation vectorized wrapper to override the observation_space and a float32 cast by @​JonahFSD (Farama-Foundation/Gymnasium#1528)
• Fixed RenderFrame's typing by @​jorenham (Farama-Foundation/Gymnasium#1560)
• Fixed A2C tutorial's entropy computation when a scalar (rather than tensor) is passed to the loss function by @​epoint95 (Farama-Foundation/Gymnasium#1524)

Third-Party Environments

10 new community environments have been added to the third-party environments list, including a new Cybersecurity environments section.

Full Changelog: Farama-Foundation/Gymnasium@v1.2.3...v1.3.0

Commits

• eb5c00e Update to use Taxi-v4
• 4436f89 fix incorrect TypeVar use in core for RenderFrame (#1560)
• 877ba30 Update to 1.3.0
• c3b809f Update Taxi to V4 and fix is_rainy implementation (#1561)
• 9e6f855 Add RepeatAction wrapper (#1553)
• 1532e66 Add external environment Hill Climb Racing Env (#1554)
• df8704c Add boltcrypt to third party environments (#1557)
• 01c0d39 Add external environment firecastrl (wildfire env) (#1551)
• 9edc68e Fix spelling in test_mujoco_v5.py (#1550)
• a31fa4b Change action seed for MuJoCo/test_verify_reward_survive test, to be valid ...
• Additional commits viewable in compare view

Updates torch from 2.10.0 to 2.11.0

Release notes

Sourced from torch's releases.

PyTorch 2.11.0 Release Notes

• Highlights
• Backwards Incompatible Changes
• Deprecations
• New Features
• Improvements
• Bug fixes
• Performance
• Documentation
• Developers
• Security

Highlights

For more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.

Backwards Incompatible Changes

Release Engineering

... (truncated)

Commits

• 70d99e9 [release only] Increase timeout for rocm libtorch and manywheel builds (#178006)
• 3e05c5a [MPS] Properly handle conjugated tensors in bmm (#178010)
• db741c7 [MPS] fix compiling of SDPA producing nan results (#178009)
• 483b55d Update pytorch_sphinx_theme2 version to 0.4.6 (#177616)
• 7f2cdeb [windows][smoke test] Add an option to install cuda if required cuda/cudnn on...
• 76fd078 [release-only] Fix libtorch builds. Fix lint (#177299)
• fa384de [Inductor][MPS] Fix half-precision type mismatches in Metal shader codegen (#...
• 036b25f Let stable::from_blob accept a lambda as deleter (cherry-pick) (#176440)
• 41f8e3e [CI] Stop using G3 runners (#177161)
• e2fa295 [CD] Unpin cuda-bindings dependencies (#177159)
• Additional commits viewable in compare view

Updates tensordict from 0.12.1 to 0.12.2

Release notes

Sourced from tensordict's releases.

TensorDict v0.12.2

Patch release with a bug fix for consolidated nested tensors.

Bug Fixes

• Fix _ragged_idx loss during consolidation of nested tensors, which caused numerical incorrectness when the nested tensor had more than 2 dimensions and ragged_idx != 1 (#1675)

Installation

pip install tensordict==0.12.2

Full Changelog: pytorch/tensordict@v0.12.1...v0.12.2

Commits

• 8ee33fa [Release] Bump version to 0.12.2
• dcb6ddd [BugFix] fix ragged_idx of consolidated tensor (#1675)
• 85ea4e7 [CI] Temporarily use vmoens/test-infra fork for macOS builds
• See full diff in compare view

Updates lerobot from 0.5.0 to 0.5.1

Release notes

Sourced from lerobot's releases.

Release v0.5.1

What's Changed

• chore(dependencies): Bump lerobot to 0.5.1 by @​imstevenpmwork in huggingface/lerobot#3118
• fix(unitree_g1): correct SDK detection and update installation docs by @​nepyope in huggingface/lerobot#3115
• docs: fix HF_USER to ignore bash ANSI codes by @​j3soon in huggingface/lerobot#3119
• chore(dependencies): Increase opencv-python-headless upper bound by @​traversaro in huggingface/lerobot#3120
• Fix action padding key at SmolVLA by @​ymd-h in huggingface/lerobot#1717
• Update Dockerfile.user by @​heuzef in huggingface/lerobot#1633
• fix(policies): crop losses based on the action dof by @​imstevenpmwork in huggingface/lerobot#3133
• Add option to disable tags on WandB by @​brunomachado37 in huggingface/lerobot#1339
• fix(links): replacing relative links with absolute links in the contribution guide by @​CarolinePascal in huggingface/lerobot#3141
• fix(script help): fixing lerobot-train --help by removing % in the docstrings by @​CarolinePascal in huggingface/lerobot#3161
• chore(dependecies): untangle dependecies across internal modules by @​imstevenpmwork in huggingface/lerobot#3149
• refactor(datasets...

  Description has been truncated

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 8 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 9f0c860.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

evaluation/pyproject.toml

Package	Version	License	Issue Type
gymnasium	1.3.0	Null	Unknown License
lerobot	0.5.1	Null	Unknown License
marshmallow	4.3.0	Null	Unknown License
onnxruntime-gpu	1.25.0	Null	Unknown License
onnxscript	0.7.0	Null	Unknown License
packaging	26.1	Null	Unknown License
tensordict	0.12.2	Null	Unknown License
torch	2.11.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/gymnasium	1.3.0	Unknown	Unknown
pip/lerobot	0.5.1	Unknown	Unknown
pip/marshmallow	4.3.0	Unknown	Unknown
pip/numpy	2.4.4	Unknown	Unknown
pip/onnxruntime-gpu	1.25.0	Unknown	Unknown
pip/onnxscript	0.7.0	Unknown	Unknown
pip/packaging	26.1	Unknown	Unknown
pip/tensordict	0.12.2	Unknown	Unknown
pip/torch	2.11.0	Unknown	Unknown

Scanned Files

• evaluation/pyproject.toml

[github-actions]

✅ AW Dependabot PR Review completed successfully!

[github-actions]

⚠️ Maintainer review recommended

Advisory Review Summary

Affected ecosystems and surfaces:

• python-runtime — pip/uv under evaluation/ (ABI-sensitive packages: numpy, torch, tensordict, onnxruntime-gpu)

Package	From	To	Severity	Surface
numpy	2.2.6	2.4.4	i️ None (bug-fix series)	python-runtime
marshmallow	3.26.2	4.3.0	⚠️ Major API break	python-runtime
packaging	25.0	26.1	Low	python-runtime
onnxscript	0.6.2	0.7.0	Low	python-runtime
onnxruntime-gpu	1.24.4	1.25.0	⚠️ Breaking + CVE security fix	python-runtime
gymnasium	1.2.3	1.3.0	Low	python-runtime
torch	2.10.0	2.11.0	⚠️ Backwards-incompatible changes	python-runtime
tensordict	0.12.1	0.12.2	Low	python-runtime
lerobot	0.5.0	0.5.1	Low	python-runtime
hypothesis	6.151.13	6.152.1	Low (dev only)	python-runtime

---

onnxruntime-gpu

CVE-2026-27904 — Fixed in onnxruntime-gpu 1.25.0 via upgrade of minimatch 3.1.2 → 3.1.4 (microsoft/onnxruntime#27667). This CVE affects the JavaScript/build toolchain component of ONNX Runtime; the Python runtime path in prebuilt wheels is not directly exposed. No GHSA record found for this CVE ID in GitHub Advisory Database at review time; the fix is documented in the onnxruntime v1.25.0 release notes.

Breaking changes in 1.25.0 (source: onnxruntime v1.25.0 release notes):

• CUDA minimum version raised to 12.0 — CUDA 11.x is no longer supported. Users pinned to CUDA 11.x should stay on ORT 1.24.x or upgrade their CUDA toolkit/driver. (#27570)
• C++20 is now required to build from source (prebuilt-wheel users unaffected).
• ArmNN EP has been removed.

🔴 Repo-specific risk: The evaluation surface targets GPU inference on Isaac Sim / NVIDIA nodes. Confirm all GPU compute environments run CUDA ≥ 12.0 before deploying. Any environment on CUDA 11.x will be broken by this upgrade.

---

marshmallow

Major version bump 3.26.2 → 4.3.0. marshmallow 4.0 removed APIs deprecated in the 3.x series. Notable breaking changes (source: marshmallow changelog):

• Deprecated Schema.Meta.fields/additional patterns removed.
• @post_load(pass_many=True) removed.
• marshmallow.compat module removed.
• Error handling behaviour in Schema.load()/dump() changed.

marshmallow 4.3.0 itself adds field-level pre_load/post_load parameters and various typing improvements.

🔴 Repo-specific risk: training/rl/pyproject.toml still pins marshmallow==3.26.2. The two surfaces now diverge on incompatible major versions. Audit all marshmallow usage in evaluation/ for 3.x patterns before merging.

---

numpy

Bug-fix/maintenance series bump 2.2.6 → 2.4.4 within the 2.x major. numpy 2.4.4 fixes an OpenBLAS threading problem on ARM (numpy#30816) and a FNV-1a 64-bit hash selection bug. No CUDA ABI break expected within 2.x.

Cross-surface divergence: training/rl/pyproject.toml still pins numpy==1.26.4 (1.x series). numpy 2.x breaks the C ABI with 1.x, so any shared Cython/C extension that bridges evaluation and training environments must be validated against both.

Source: numpy releases

---

torch

Minor bump 2.10.0 → 2.11.0. The PyTorch 2.11.0 release notes list backwards-incompatible changes and a Security section. Full detail was truncated in the Dependabot body; review the upstream release notes for any changes affecting the evaluation/ inference pipeline.

tensordict 0.12.1 → 0.12.2 is a patch bump coordinated with this torch release; no breaking changes expected.

---

Remaining packages (low risk)

• packaging 25.0 → 26.1: Utility library, no ABI sensitivity.
• onnxscript 0.6.2 → 0.7.0: ONNX graph-building library; minor bump.
• gymnasium 1.2.3 → 1.3.0: VectorEnv destructor removed (was calling close() unintentionally) — minor behavioural fix.
• lerobot 0.5.0 → 0.5.1: Patch bump.
• hypothesis 6.151.13 → 6.152.1: Dev-only testing library, patch bump.

---

Lock file note

evaluation/uv.lock is not included in this PR diff — only evaluation/pyproject.toml is updated. After merge, run uv sync in evaluation/ and commit the regenerated lock file to ensure reproducible installs. CI that installs from the lock file will continue to use the old pinned versions until the lock is refreshed.

---

Advisory verdict: COMMENT — Two high-risk signals fire: (1) onnxruntime-gpu 1.25.0 raises the CUDA minimum to 12.0, breaking CUDA 11.x environments; (2) marshmallow 3 → 4 is a major API break that requires code-level audit before merging. Recommend validating GPU environment CUDA versions and running ruff check + pytest evaluation/ before merge.

Note

🔒 Integrity filter blocked 1 item

The following item was blocked because it doesn't meet the GitHub integrity level.

• #544 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by AW Dependabot PR Review for issue #544 · ● 1.2M

[github-actions]

⚠️ Major version bump: marshmallow 3.26.2 → 4.3.0. marshmallow 4.0 removed APIs deprecated in the 3.x series (e.g. Schema.Meta.fields/additional unification, @post_load(pass_many=True), marshmallow.compat module, and behaviour changes in Schema.load()/dump() error handling). Any code in evaluation/ that uses marshmallow 3.x patterns will need to be audited against the [marshmallow 4.0 migration guide]((marshmallow.readthedocs.io/redacted)

Note: training/rl/pyproject.toml still pins marshmallow==3.26.2 — the two surfaces now use incompatible major versions. Ensure any shared serialisation helpers are tested with both.

[github-actions]

⚠️ CUDA minimum version raised to 12.0 — onnxruntime-gpu 1.25.0 drops support for CUDA 11.x. Any environment (CI, GPU nodes, Isaac Sim host) that is still pinned to a CUDA 11.x driver will fail at inference time. Verify that all GPU compute environments have been upgraded to CUDA ≥ 12.0 before merging.

Additionally, this release notes the fix for CVE-2026-27904 (via minimatch 3.1.2 → 3.1.4 upgrade in the ORT JS toolchain — see microsoft/onnxruntime#27667). This CVE affects the JavaScript/build toolchain component of ORT, not the Python runtime path; Python users of the prebuilt wheel are not exposed at runtime.

Source: onnxruntime v1.25.0 release notes

[github-actions]

ABI note — numpy 2.2.6 → 2.4.4 (within 2.x series). The jump crosses numpy 2.3 and 2.4 minor releases. Both are bug-fix/maintenance series with no known CUDA ABI break, and 2.4.4 specifically resolves an OpenBLAS threading issue on ARM (numpy#30816).

Cross-surface divergence: training/rl/pyproject.toml still pins numpy==1.26.4 (1.x series). Any shared evaluation–training code that imports numpy needs to be compatible with both 1.26.x and 2.4.x. The 2.x C API breaks ABI with 1.x extension modules — confirm no shared Cython/C extension code bridges both environments.

Validation: ruff check evaluation/ plus pytest evaluation/.

[github-actions]

torch 2.10.0 → 2.11.0 — minor version, but PyTorch minor releases routinely include backwards-incompatible changes. The PyTorch 2.11.0 release notes list a "Backwards Incompatible Changes" section (see release engineering and Security sub-sections). Verify evaluation/ GPU-accelerated inference paths (e.g. sil/, metrics/) against those changes before merging to a GPU fleet.

tensordict 0.12.1 → 0.12.2 is a patch bump aligned to this torch minor; no breaking changes expected.

[github-actions]

Lock file not updated. This PR modifies evaluation/pyproject.toml but the corresponding evaluation/uv.lock is not included in the diff. After merge, running uv sync in the evaluation/ directory will regenerate the lock file. CI that relies on the lock file for reproducible installs should regenerate and commit it, or the environment may still install the old pinned versions until the lock is refreshed.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.