[None][fix] Upgrade dependencies version to avoid security vulnerability #6506
Conversation
📝 WalkthroughWalkthroughDependency versions were updated in three requirements files. The Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~6 minutes Note ⚡️ Unit Test Generation is now available in beta!Learn more here, or try it out under "Finishing Touches" below. 📜 Recent review detailsConfiguration used: .coderabbit.yaml 📒 Files selected for processing (3)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (2)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
yibinl-nvidia
changed the title
|
/bot run --disable-fail-fast |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
examples/models/core/qwen/requirements.txt (1)
13-13: Gradio 4.36 → 4.44 may break the demo UI4.41 introduced an internal server refactor and removed several deprecated props. Ensure that:
demo.launch(share=…)still works in headless environments,- custom CSS / JS overrides in
qwen_demo.pyrender correctly.Consider adding a minimal smoke-test that starts the UI in CI to catch silent regressions.
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
examples/models/core/mixtral/requirements.txt(1 hunks)examples/models/core/qwen/requirements.txt(1 hunks)requirements.txt(1 hunks)
🧰 Additional context used
🧠 Learnings (2)
requirements.txt (1)
Learnt from: CR
PR: NVIDIA/TensorRT-LLM#0
File: CODING_GUIDELINES.md:0-0
Timestamp: 2025-07-31T04:50:23.272Z
Learning: Applies to **/*.py : The code developed for TensorRT-LLM should conform to Python 3.8+.
examples/models/core/mixtral/requirements.txt (2)
Learnt from: CR
PR: NVIDIA/TensorRT-LLM#0
File: CODING_GUIDELINES.md:0-0
Timestamp: 2025-07-31T04:50:23.272Z
Learning: Applies to **/*.py : The code developed for TensorRT-LLM should conform to Python 3.8+.
Learnt from: moraxu
PR: #6303
File: tests/integration/test_lists/qa/examples_test_list.txt:494-494
Timestamp: 2025-07-28T17:06:08.621Z
Learning: In TensorRT-LLM testing, it's common to have both CLI flow tests (test_cli_flow.py) and PyTorch API tests (test_llm_api_pytorch.py) for the same model. These serve different purposes: CLI flow tests validate the traditional command-line workflow, while PyTorch API tests validate the newer LLM API backend. Both are legitimate and should coexist.
🔇 Additional comments (2)
requirements.txt (1)
11-11: Confirm ONNX 1.18 compatibility with our CUDA / PyTorch stackGoing from 1.12 → 1.18 is a large jump (five minor releases). 1.18 wheels are built against newer CUDA / cuDNN and assume NumPy ≥ 1.23; we still cap NumPy at
<2but do not pin a minimum. Please sanity-check that
- the wheel pulled on CI matches the CUDA 12.8 runtime used by the TRT-LLM images,
- all custom ONNX-GraphSurgeon and shape-inference code paths still behave the same,
- no ABI clash occurs with
onnxruntime-gpushould users install it side-by-side.If we knowingly rely on 1.18-only operators, document that in the release notes.
examples/models/core/mixtral/requirements.txt (1)
3-3: Check breaking changes between 4.53 → 4.54If we keep 4.54, audit:
MixtralForCausalLMAPI – tokenizer / config files generated by 4.53 are still accepted.- Flash-Attention & AWQ patches compile against the new C++ extension layout.
No action needed if tests pass, but worth noting for downstream integrators.
|
PR_Github #13628 [ run ] triggered by Bot |
|
PR_Github #13628 [ run ] completed with state |
|
/bot run --disable-fail-fast |
|
/bot run |
|
PR_Github #13751 [ run ] triggered by Bot |
|
PR_Github #13751 [ run ] completed with state |
Signed-off-by: Yibin Li <[email protected]>
yibinl-nvidia
force-pushed
the
dev-yibinl-upgrade-dependency-version
branch
from
7db7bcc to
8302b79
Compare
|
/bot run |
|
PR_Github #13765 [ run ] triggered by Bot |
|
PR_Github #13765 [ run ] completed with state |
|
/bot run --only-multi-gpu-test |
|
PR_Github #13815 [ run ] triggered by Bot |
|
PR_Github #13815 [ run ] completed with state |
|
/bot run --post-merge |
|
PR_Github #13839 [ run ] triggered by Bot |
|
PR_Github #13839 [ run ] completed with state |
|
/bot run --post-merge |
|
PR_Github #13846 [ run ] triggered by Bot |
|
PR_Github #13846 [ run ] completed with state |
|
/bot run --post-merge |
|
PR_Github #13904 [ run ] triggered by Bot |
|
PR_Github #13904 [ run ] completed with state |
|
/bot run --post-merge |
|
PR_Github #14035 [ run ] triggered by Bot |
|
PR_Github #14035 [ run ] completed with state |
yibinl-nvidia
changed the title
yibinl-nvidia
changed the title
|
cc @nv-guomingz @Shixiaowei02 for doc review |
Summary by CodeRabbit
Description
Test Coverage
GitHub Bot Help
/bot [-h] ['run', 'kill', 'skip', 'reuse-pipeline'] ...Provide a user friendly way for developers to interact with a Jenkins server.
Run
/bot [-h|--help]to print this help message.See details below for each supported subcommand.
run [--reuse-test (optional)pipeline-id --disable-fail-fast --skip-test --stage-list "A10-PyTorch-1, xxx" --gpu-type "A30, H100_PCIe" --test-backend "pytorch, cpp" --add-multi-gpu-test --only-multi-gpu-test --disable-multi-gpu-test --post-merge --extra-stage "H100_PCIe-TensorRT-Post-Merge-1, xxx" --detailed-log --debug(experimental)]Launch build/test pipelines. All previously running jobs will be killed.
--reuse-test (optional)pipeline-id(OPTIONAL) : Allow the new pipeline to reuse build artifacts and skip successful test stages from a specified pipeline or the last pipeline if no pipeline-id is indicated. If the Git commit ID has changed, this option will be always ignored. The DEFAULT behavior of the bot is to reuse build artifacts and successful test results from the last pipeline.--disable-reuse-test(OPTIONAL) : Explicitly prevent the pipeline from reusing build artifacts and skipping successful test stages from a previous pipeline. Ensure that all builds and tests are run regardless of previous successes.--disable-fail-fast(OPTIONAL) : Disable fail fast on build/tests/infra failures.--skip-test(OPTIONAL) : Skip all test stages, but still run build stages, package stages and sanity check stages. Note: Does NOT update GitHub check status.--stage-list "A10-PyTorch-1, xxx"(OPTIONAL) : Only run the specified test stages. Examples: "A10-PyTorch-1, xxx". Note: Does NOT update GitHub check status.--gpu-type "A30, H100_PCIe"(OPTIONAL) : Only run the test stages on the specified GPU types. Examples: "A30, H100_PCIe". Note: Does NOT update GitHub check status.--test-backend "pytorch, cpp"(OPTIONAL) : Skip test stages which don't match the specified backends. Only support [pytorch, cpp, tensorrt, triton]. Examples: "pytorch, cpp" (does not run test stages with tensorrt or triton backend). Note: Does NOT update GitHub pipeline status.--only-multi-gpu-test(OPTIONAL) : Only run the multi-GPU tests. Note: Does NOT update GitHub check status.--disable-multi-gpu-test(OPTIONAL) : Disable the multi-GPU tests. Note: Does NOT update GitHub check status.--add-multi-gpu-test(OPTIONAL) : Force run the multi-GPU tests in addition to running L0 pre-merge pipeline.--post-merge(OPTIONAL) : Run the L0 post-merge pipeline instead of the ordinary L0 pre-merge pipeline.--extra-stage "H100_PCIe-TensorRT-Post-Merge-1, xxx"(OPTIONAL) : Run the ordinary L0 pre-merge pipeline and specified test stages. Examples: --extra-stage "H100_PCIe-TensorRT-Post-Merge-1, xxx".--detailed-log(OPTIONAL) : Enable flushing out all logs to the Jenkins console. This will significantly increase the log volume and may slow down the job.--debug(OPTIONAL) : Experimental feature. Enable access to the CI container for debugging purpose. Note: Specify exactly one stage in thestage-listparameter to access the appropriate container environment. Note: Does NOT update GitHub check status.For guidance on mapping tests to stage names, see
docs/source/reference/ci-overview.mdand the
scripts/test_to_stage_mapping.pyhelper.kill
killKill all running builds associated with pull request.
skip
skip --comment COMMENTSkip testing for latest commit on pull request.
--comment "Reason for skipping build/test"is required. IMPORTANT NOTE: This is dangerous since lack of user care and validation can cause top of tree to break.reuse-pipeline
reuse-pipelineReuse a previous pipeline to validate current commit. This action will also kill all currently running builds associated with the pull request. IMPORTANT NOTE: This is dangerous since lack of user care and validation can cause top of tree to break.