Skip to content

deps: bump torch from 2.10.0 to 2.13.0+cpu#881

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/torch-2.13.0cpu
Open

deps: bump torch from 2.10.0 to 2.13.0+cpu#881
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/torch-2.13.0cpu

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 11, 2026

Copy link
Copy Markdown
Contributor

Bumps torch from 2.10.0 to 2.13.0+cpu.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

  • Chores
    • Updated the CPU-only PyTorch requirement to version 2.13.0 or newer for machine-learning and full installation options.
    • Updated the pinned CPU-only PyTorch version to 2.13.0 in the standard requirements.

Bumps torch from 2.10.0 to 2.13.0+cpu.

---
updated-dependencies:
- dependency-name: torch
  dependency-version: 2.13.0+cpu
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file security labels Jul 11, 2026
@github-actions

Copy link
Copy Markdown
Contributor

LS multi-model PR review

  • Exact head: d903ec5baaa0a26305158a935f36d357152df580
  • Base: e9fbbde7723e86db22ca083f822f20641ed65e16
  • Provider: openrouter
  • Status: PARTIAL
  • Aggregate verdict: COMMENT
  • Mode: advisory
  • High-risk route: false
  • Diff truncated: false
  • Files represented in bounded evidence: 2/2
  • Policy would block: true

Model executions

Role Model Status Verdict
- - NOT_RUN -

Confirmed findings

No finding reached independent two-model confirmation.

Candidate findings

No structured candidate finding was produced.

Incomplete lanes

  • provider: {'key': 'provider', 'reason': 'provider credential is not configured'}

Authority boundary

This output is evidence for human review. It cannot approve or merge the PR, and a single-model finding remains a candidate rather than a gate decision.

@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

CPU-only Torch requirements are updated from older versions to 2.13.0+cpu in the ml and full optional dependency groups and in requirements.in.

Changes

Torch CPU Version Alignment

Layer / File(s) Summary
Update CPU-only Torch requirements
pyproject.toml, requirements.in
The optional dependency groups now require torch>=2.13.0+cpu, and requirements.in pins torch==2.13.0+cpu; other dependencies remain unchanged.

Estimated code review effort: 1 (Trivial) | ~5 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is missing the required template sections for what changed, type of change, why it matters, checks, and screenshots. Add the template sections and briefly fill in what changed, why it matters, checks run, and screenshots if applicable.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely summarizes the main change: bumping torch to 2.13.0+cpu.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/pip/torch-2.13.0cpu

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pyproject.toml`:
- Around line 43-44: Update the torch dependency entries in the ml and full
extras to use the valid exact specifier torch==2.13.0+cpu instead of
torch>=2.13.0+cpu. If these project extras are intended for direct installation,
document the required PyTorch CPU wheel index separately from requirements.in.

In `@requirements.in`:
- Line 18: Regenerate the resolved requirements.txt from requirements.in so the
lockfile reflects torch==2.13.0+cpu instead of torch==2.10.0, including the
CPU-only package resolution.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 22248eb0-1103-4bf0-bd4f-d2280eaf4ef8

📥 Commits

Reviewing files that changed from the base of the PR and between e9fbbde and d903ec5.

📒 Files selected for processing (2)
  • pyproject.toml
  • requirements.in

Comment thread pyproject.toml
Comment on lines +43 to +44
ml = ["torch>=2.13.0+cpu", "sentence-transformers>=2.2.2"]
full = ["opencv-python>=4.8.0", "torch>=2.13.0+cpu", "sentence-transformers>=2.2.2", "sounddevice>=0.4.6", "soundfile>=0.12.1", "faster-whisper>=1.2.1"]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

python - <<'PY'
from packaging.requirements import Requirement

for value in ("torch>=2.13.0+cpu", "torch==2.13.0+cpu"):
    try:
        Requirement(value)
        print("valid:", value)
    except Exception as exc:
        print("invalid:", value, type(exc).__name__, exc)
PY

Repository: safal207/LS

Length of output: 326


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== pyproject.toml relevant lines ==\n'
nl -ba pyproject.toml | sed -n '1,140p'

printf '\n== search for torch/cpu index references ==\n'
rg -n --hidden --glob '!**/.git/**' -e 'download\.pytorch\.org|extra-index-url|index-url|torch==2\.13\.0\+cpu|torch>=2\.13\.0\+cpu|torch' .

printf '\n== list dependency files ==\n'
git ls-files | rg '(^|/)(pyproject\.toml|requirements(\..*)?|uv\.lock|poetry\.lock|Pipfile|Pipfile\.lock|setup\.cfg|setup\.py|README.*)$'

Repository: safal207/LS

Length of output: 226


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== pyproject.toml relevant lines ==\n'
python3 - <<'PY'
from pathlib import Path
for i, line in enumerate(Path("pyproject.toml").read_text().splitlines(), 1):
    if 1 <= i <= 160:
        print(f"{i:4}: {line}")
PY

printf '\n== search for torch/cpu index references ==\n'
rg -n --hidden --glob '!**/.git/**' -e 'download\.pytorch\.org|extra-index-url|index-url|torch==2\.13\.0\+cpu|torch>=2\.13\.0\+cpu|torch' .

printf '\n== list dependency files ==\n'
git ls-files | rg '(^|/)(pyproject\.toml|requirements(\..*)?|uv\.lock|poetry\.lock|Pipfile|Pipfile\.lock|setup\.cfg|setup\.py|README.*)$'

Repository: safal207/LS

Length of output: 10025


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== pyproject.toml (lines 1-180) ==\n'
python3 - <<'PY'
from pathlib import Path
for i, line in enumerate(Path("pyproject.toml").read_text().splitlines(), 1):
    if i <= 180:
        print(f"{i:4}: {line}")
PY

printf '\n== dependency/install index references ==\n'
python3 - <<'PY'
from pathlib import Path
import re

paths = [p for p in Path('.').rglob('*') if p.is_file() and '.git' not in p.parts]
pat = re.compile(r'download\.pytorch\.org|extra-index-url|index-url|torch==2\.13\.0\+cpu|torch>=2\.13\.0\+cpu|faster-whisper|sentence-transformers')
for p in paths:
    if p.suffix in {'.toml', '.txt', '.in', '.md', '.cfg', '.py', '.ya?ml'} or p.name in {'README', 'README.md', 'pyproject.toml', 'requirements.txt', 'requirements.in'}:
        try:
            txt = p.read_text(errors='ignore')
        except Exception:
            continue
        if pat.search(txt):
            for i, line in enumerate(txt.splitlines(), 1):
                if pat.search(line):
                    print(f"{p}:{i}: {line}")
PY

printf '\n== tracked dependency files ==\n'
git ls-files | python3 - <<'PY'
import sys, re
pat = re.compile(r'(^|/)(pyproject\.toml|requirements(\..*)?|uv\.lock|poetry\.lock|Pipfile|Pipfile\.lock|setup\.cfg|setup\.py|README.*)$')
for line in sys.stdin:
    p = line.strip()
    if pat.search(p):
        print(p)
PY

Repository: safal207/LS

Length of output: 5019


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '== pyproject.toml =='
python3 - <<'PY'
from pathlib import Path
for i, line in enumerate(Path("pyproject.toml").read_text().splitlines(), 1):
    if i <= 180:
        print(f"{i:4}: {line}")
PY

echo
echo '== files mentioning torch or index-url =='
python3 - <<'PY'
from pathlib import Path
import re

patterns = re.compile(r'download\.pytorch\.org|extra-index-url|index-url|torch==2\.13\.0\+cpu|torch>=2\.13\.0\+cpu|^\s*(ml|full)\s*=\s*\[', re.I)
for path in sorted(p for p in Path('.').rglob('*') if p.is_file() and '.git' not in p.parts):
    if path.suffix.lower() not in {'.toml', '.txt', '.in', '.md', '.cfg', '.py', '.yml', '.yaml'} and path.name not in {'README', 'README.md'}:
        continue
    try:
        text = path.read_text(errors='ignore')
    except Exception:
        continue
    for i, line in enumerate(text.splitlines(), 1):
        if patterns.search(line):
            print(f"{path}:{i}: {line}")
PY

Repository: safal207/LS

Length of output: 2891


🏁 Script executed:

#!/bin/bash
set -euo pipefail

python3 - <<'PY'
from pathlib import Path
for name in ["README.md", "pyproject.toml", "requirements.in", "requirements.txt"]:
    p = Path(name)
    if p.exists():
        print(f"\n== {name} ==")
        for i, line in enumerate(p.read_text().splitlines(), 1):
            if any(k in line.lower() for k in ["install", "extra", "ml", "full", "torch", "pytorch", "cpu"]):
                print(f"{i:4}: {line}")
PY

Repository: safal207/LS

Length of output: 2604


Use a valid torch dependency specifier. torch>=2.13.0+cpu is invalid; change it to torch==2.13.0+cpu. If [ml]/[full] are meant to be installed directly, the CPU wheel index also needs to be documented separately, since requirements.in doesn’t apply to project extras.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pyproject.toml` around lines 43 - 44, Update the torch dependency entries in
the ml and full extras to use the valid exact specifier torch==2.13.0+cpu
instead of torch>=2.13.0+cpu. If these project extras are intended for direct
installation, document the required PyTorch CPU wheel index separately from
requirements.in.

Comment thread requirements.in
# Keep the default install CPU-only; GPU builds should be opt-in in a separate profile.
--extra-index-url https://download.pytorch.org/whl/cpu
torch==2.10.0+cpu
torch==2.13.0+cpu

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

rg -n '^(--extra-index-url|torch)' requirements.in requirements.txt

Repository: safal207/LS

Length of output: 295


🏁 Script executed:

sed -n '1,30p' requirements.in
printf '\n---\n'
sed -n '415,430p' requirements.txt

Repository: safal207/LS

Length of output: 1156


Regenerate requirements.txt. requirements.in now pins torch==2.13.0+cpu, but the resolved file still has torch==2.10.0, so installs from the lockfile will keep the old Torch version and miss the CPU-only pin.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@requirements.in` at line 18, Regenerate the resolved requirements.txt from
requirements.in so the lockfile reflects torch==2.13.0+cpu instead of
torch==2.10.0, including the CPU-only package resolution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file security

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants