Skip to content

[FlashAttention] Sync FA with upstream#44065

Merged
vllm-bot merged 4 commits into
vllm-project:mainfrom
MatthewBonanni:sync_fa_2
Jun 2, 2026
Merged

[FlashAttention] Sync FA with upstream#44065
vllm-bot merged 4 commits into
vllm-project:mainfrom
MatthewBonanni:sync_fa_2

Conversation

@MatthewBonanni
Copy link
Copy Markdown
Member

@MatthewBonanni MatthewBonanni commented May 30, 2026
edited by github-actions Bot
Loading

Purpose

Corresponding PR: vllm-project/flash-attention#141

Test Plan

CI

Test Result

TBD

Essential Elements of an Effective PR Description Checklist
  • The purpose of the PR, such as "Fix some issue (link existing issues this PR will resolve)".
  • The test plan, such as providing test command.
  • The test results, such as pasting the results comparison before and after, or e2e results
  • (Optional) The necessary documentation update, such as updating supported_models.md and examples for a new model.

@MatthewBonanni
Update GIT_TAG
e591913 
Signed-off-by: Matthew Bonanni <mbonanni@redhat.com>
@MatthewBonanni MatthewBonanni added the ready ONLY add when PR is ready to merge/full CI is needed label May 30, 2026
@mergify mergify Bot added the ci/build label May 30, 2026
@MatthewBonanni MatthewBonanni mentioned this pull request May 30, 2026
Open
4 tasks
depthfirst-app[bot]
depthfirst-app Bot reviewed May 30, 2026
View reviewed changes
Comment thread cmake/external_projects/vllm_flash_attn.cmake Outdated
vllm-flash-attn
GIT_REPOSITORY https://github.com/vllm-project/flash-attention.git
GIT_TAG bce29425653ec0fbc579d329883030e832d15ada
GIT_REPOSITORY https://github.com/MatthewBonanni/flash-attention.git
Copy link
Copy Markdown

@depthfirst-app depthfirst-app Bot May 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severity: LOW

The dependency source is changed from the official vllm-project/flash-attention organization repository to a personal fork (MatthewBonanni/flash-attention). Personal repos lack organizational branch protections and required reviewers. If this account were compromised, malicious code could be injected into all downstream builds via this fetch path.
Helpful? Add 👍 / 👎

💡 Fix Suggestion

Suggestion: Replace the personal fork URL (MatthewBonanni/flash-attention) with the official organization repository (vllm-project/flash-attention). Since the PR description references an upstream PR (vllm-project/flash-attention#141), this change should be reverted to use the official repo once that upstream PR is merged. Using a personal fork, even with a pinned commit hash, introduces availability risk (if the fork is deleted, builds break) and deviates from the project's established supply-chain pattern where all other dependencies point to organizational repos.

⚠️ Experimental Feature: This code suggestion is automatically generated. Please review carefully.

Suggested change
GIT_REPOSITORY https://github.com/MatthewBonanni/flash-attention.git
GIT_REPOSITORY https://github.com/vllm-project/flash-attention.git

@MatthewBonanni
Update GIT_TAG
222c083 
Signed-off-by: Matthew Bonanni <mbonanni@redhat.com>
LucasWilkinson
LucasWilkinson approved these changes May 30, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@LucasWilkinson LucasWilkinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this!

@MatthewBonanni MatthewBonanni enabled auto-merge (squash) May 31, 2026 04:13
@lucianommartins
Copy link
Copy Markdown
Contributor

lucianommartins commented May 31, 2026

👀

@wjabbour wjabbour mentioned this pull request Jun 1, 2026
Open
2 tasks
@vllm-bot vllm-bot merged commit ea0d045 into vllm-project:main Jun 2, 2026
165 of 178 checks passed
@MatthewBonanni MatthewBonanni deleted the sync_fa_2 branch June 2, 2026 14:17
@MatthewBonanni MatthewBonanni mentioned this pull request Jun 2, 2026
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@depthfirst-app depthfirst-app[bot] depthfirst-app[bot] left review comments

@mgoin mgoin mgoin approved these changes

@LucasWilkinson LucasWilkinson LucasWilkinson approved these changes

@tlrmchlsmth tlrmchlsmth Awaiting requested review from tlrmchlsmth tlrmchlsmth is a code owner

@Harry-Chen Harry-Chen Awaiting requested review from Harry-Chen Harry-Chen is a code owner

Assignees

No one assigned

Labels

ci/build ready ONLY add when PR is ready to merge/full CI is needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@MatthewBonanni @lucianommartins @mgoin @LucasWilkinson @vllm-bot