Add missing types for FOBS

[nvidianz]

Added more types to the FOBS types white-list

Types of changes

• Non-breaking change (fix or new feature that would not break existing functionality).
• Breaking change (fix or new feature that would cause existing functionality to change).
• New tests added to cover the changes.
• Quick tests passed locally by running ./runtest.sh.
• In-line docstrings updated.
• Documentation updated.

[greptile-apps]

Greptile Summary

This PR adds xgboost.core.DataSplitMode to the FOBS BUILTIN_TYPES whitelist in builtin_decomposers.py, enabling the deserialization of XGBoost's DataSplitMode enum (an IntEnum used to configure how data is split across federated XGBoost clients) without requiring an explicit register_enum_types() call.

• The whitelist exists specifically to prevent arbitrary class loading / RCE via deserialization, so additions to it should be intentional and documented — this entry looks legitimate for NVFlare's federated XGBoost integration.
• xgboost is an optional dependency (similar to tenseal), but unlike the tenseal.CKKSVector entry, no comment explains the optional-dependency behavior or the context in which this type appears.
• No corresponding custom decomposer is needed since DataSplitMode is an IntEnum and will be handled by the existing generic EnumTypeDecomposer.
• The change is minimal and non-breaking.

Confidence Score: 5/5

• Safe to merge — the one-line whitelist addition is correct and does not introduce security or behavioral regressions.
• xgboost.core.DataSplitMode is a well-known, benign IntEnum from the xgboost library. Adding it to the FOBS type whitelist follows the established pattern for optional-dependency types and is handled correctly by the existing EnumTypeDecomposer. The only gap is a missing inline comment, which is a documentation concern, not a functional one.
• No files require special attention.

Important Files Changed

Filename	Overview
nvflare/fuel/utils/fobs/builtin_decomposers.py	Adds xgboost.core.DataSplitMode to the FOBS type whitelist to allow deserialization of XGBoost data-split-mode enums in federated XGBoost training workflows. Change is functionally correct; a brief comment explaining the optional-dependency behavior would align with existing conventions.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[fobs.unpack / deserialize] --> B{type_name in whitelist?}
    B -- No --> C[Reject: security guard blocks deserialization]
    B -- Yes --> D{xgboost installed?}
    D -- No --> E[ImportError at load_class]
    D -- Yes --> F{Is type an IntEnum?}
    F -- Yes --> G[EnumTypeDecomposer handles DataSplitMode]
    G --> H[Object reconstructed successfully]

Loading

_{Last reviewed commit: 409e6eb}

[greptile-apps]

Missing explanatory comment for optional dependency

The file consistently documents why each type is included in this security-sensitive whitelist (e.g., tenseal.CKKSVector has a multi-line note about it being an optional dependency, and JobMetaKey says "Found in integration test"). Since xgboost is also an optional dependency, adding a comment here would:

1. Help future maintainers understand why this type was added
2. Clarify that if xgboost is not installed, fobs.unpack() will still fail with an ImportError (consistent with the tenseal behavior)

Suggested change

	"xgboost.core.DataSplitMode",
	# XGBoost type used in federated XGBoost training (optional dependency).
	# If xgboost is not installed, fobs.unpack() will fail at load_class() with ImportError.
	"xgboost.core.DataSplitMode",

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}