deps: bump torch from 2.10.0 to 2.13.0+cpu#881
Conversation
Bumps torch from 2.10.0 to 2.13.0+cpu. --- updated-dependencies: - dependency-name: torch dependency-version: 2.13.0+cpu dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
LS multi-model PR review
Model executions
Confirmed findingsNo finding reached independent two-model confirmation. Candidate findingsNo structured candidate finding was produced. Incomplete lanes
Authority boundaryThis output is evidence for human review. It cannot approve or merge the PR, and a single-model finding remains a candidate rather than a gate decision. |
📝 WalkthroughWalkthroughCPU-only Torch requirements are updated from older versions to ChangesTorch CPU Version Alignment
Estimated code review effort: 1 (Trivial) | ~5 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pyproject.toml`:
- Around line 43-44: Update the torch dependency entries in the ml and full
extras to use the valid exact specifier torch==2.13.0+cpu instead of
torch>=2.13.0+cpu. If these project extras are intended for direct installation,
document the required PyTorch CPU wheel index separately from requirements.in.
In `@requirements.in`:
- Line 18: Regenerate the resolved requirements.txt from requirements.in so the
lockfile reflects torch==2.13.0+cpu instead of torch==2.10.0, including the
CPU-only package resolution.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 22248eb0-1103-4bf0-bd4f-d2280eaf4ef8
📒 Files selected for processing (2)
pyproject.tomlrequirements.in
| ml = ["torch>=2.13.0+cpu", "sentence-transformers>=2.2.2"] | ||
| full = ["opencv-python>=4.8.0", "torch>=2.13.0+cpu", "sentence-transformers>=2.2.2", "sounddevice>=0.4.6", "soundfile>=0.12.1", "faster-whisper>=1.2.1"] |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
python - <<'PY'
from packaging.requirements import Requirement
for value in ("torch>=2.13.0+cpu", "torch==2.13.0+cpu"):
try:
Requirement(value)
print("valid:", value)
except Exception as exc:
print("invalid:", value, type(exc).__name__, exc)
PYRepository: safal207/LS
Length of output: 326
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== pyproject.toml relevant lines ==\n'
nl -ba pyproject.toml | sed -n '1,140p'
printf '\n== search for torch/cpu index references ==\n'
rg -n --hidden --glob '!**/.git/**' -e 'download\.pytorch\.org|extra-index-url|index-url|torch==2\.13\.0\+cpu|torch>=2\.13\.0\+cpu|torch' .
printf '\n== list dependency files ==\n'
git ls-files | rg '(^|/)(pyproject\.toml|requirements(\..*)?|uv\.lock|poetry\.lock|Pipfile|Pipfile\.lock|setup\.cfg|setup\.py|README.*)$'Repository: safal207/LS
Length of output: 226
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== pyproject.toml relevant lines ==\n'
python3 - <<'PY'
from pathlib import Path
for i, line in enumerate(Path("pyproject.toml").read_text().splitlines(), 1):
if 1 <= i <= 160:
print(f"{i:4}: {line}")
PY
printf '\n== search for torch/cpu index references ==\n'
rg -n --hidden --glob '!**/.git/**' -e 'download\.pytorch\.org|extra-index-url|index-url|torch==2\.13\.0\+cpu|torch>=2\.13\.0\+cpu|torch' .
printf '\n== list dependency files ==\n'
git ls-files | rg '(^|/)(pyproject\.toml|requirements(\..*)?|uv\.lock|poetry\.lock|Pipfile|Pipfile\.lock|setup\.cfg|setup\.py|README.*)$'Repository: safal207/LS
Length of output: 10025
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== pyproject.toml (lines 1-180) ==\n'
python3 - <<'PY'
from pathlib import Path
for i, line in enumerate(Path("pyproject.toml").read_text().splitlines(), 1):
if i <= 180:
print(f"{i:4}: {line}")
PY
printf '\n== dependency/install index references ==\n'
python3 - <<'PY'
from pathlib import Path
import re
paths = [p for p in Path('.').rglob('*') if p.is_file() and '.git' not in p.parts]
pat = re.compile(r'download\.pytorch\.org|extra-index-url|index-url|torch==2\.13\.0\+cpu|torch>=2\.13\.0\+cpu|faster-whisper|sentence-transformers')
for p in paths:
if p.suffix in {'.toml', '.txt', '.in', '.md', '.cfg', '.py', '.ya?ml'} or p.name in {'README', 'README.md', 'pyproject.toml', 'requirements.txt', 'requirements.in'}:
try:
txt = p.read_text(errors='ignore')
except Exception:
continue
if pat.search(txt):
for i, line in enumerate(txt.splitlines(), 1):
if pat.search(line):
print(f"{p}:{i}: {line}")
PY
printf '\n== tracked dependency files ==\n'
git ls-files | python3 - <<'PY'
import sys, re
pat = re.compile(r'(^|/)(pyproject\.toml|requirements(\..*)?|uv\.lock|poetry\.lock|Pipfile|Pipfile\.lock|setup\.cfg|setup\.py|README.*)$')
for line in sys.stdin:
p = line.strip()
if pat.search(p):
print(p)
PYRepository: safal207/LS
Length of output: 5019
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo '== pyproject.toml =='
python3 - <<'PY'
from pathlib import Path
for i, line in enumerate(Path("pyproject.toml").read_text().splitlines(), 1):
if i <= 180:
print(f"{i:4}: {line}")
PY
echo
echo '== files mentioning torch or index-url =='
python3 - <<'PY'
from pathlib import Path
import re
patterns = re.compile(r'download\.pytorch\.org|extra-index-url|index-url|torch==2\.13\.0\+cpu|torch>=2\.13\.0\+cpu|^\s*(ml|full)\s*=\s*\[', re.I)
for path in sorted(p for p in Path('.').rglob('*') if p.is_file() and '.git' not in p.parts):
if path.suffix.lower() not in {'.toml', '.txt', '.in', '.md', '.cfg', '.py', '.yml', '.yaml'} and path.name not in {'README', 'README.md'}:
continue
try:
text = path.read_text(errors='ignore')
except Exception:
continue
for i, line in enumerate(text.splitlines(), 1):
if patterns.search(line):
print(f"{path}:{i}: {line}")
PYRepository: safal207/LS
Length of output: 2891
🏁 Script executed:
#!/bin/bash
set -euo pipefail
python3 - <<'PY'
from pathlib import Path
for name in ["README.md", "pyproject.toml", "requirements.in", "requirements.txt"]:
p = Path(name)
if p.exists():
print(f"\n== {name} ==")
for i, line in enumerate(p.read_text().splitlines(), 1):
if any(k in line.lower() for k in ["install", "extra", "ml", "full", "torch", "pytorch", "cpu"]):
print(f"{i:4}: {line}")
PYRepository: safal207/LS
Length of output: 2604
Use a valid torch dependency specifier. torch>=2.13.0+cpu is invalid; change it to torch==2.13.0+cpu. If [ml]/[full] are meant to be installed directly, the CPU wheel index also needs to be documented separately, since requirements.in doesn’t apply to project extras.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@pyproject.toml` around lines 43 - 44, Update the torch dependency entries in
the ml and full extras to use the valid exact specifier torch==2.13.0+cpu
instead of torch>=2.13.0+cpu. If these project extras are intended for direct
installation, document the required PyTorch CPU wheel index separately from
requirements.in.
| # Keep the default install CPU-only; GPU builds should be opt-in in a separate profile. | ||
| --extra-index-url https://download.pytorch.org/whl/cpu | ||
| torch==2.10.0+cpu | ||
| torch==2.13.0+cpu |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
rg -n '^(--extra-index-url|torch)' requirements.in requirements.txtRepository: safal207/LS
Length of output: 295
🏁 Script executed:
sed -n '1,30p' requirements.in
printf '\n---\n'
sed -n '415,430p' requirements.txtRepository: safal207/LS
Length of output: 1156
Regenerate requirements.txt. requirements.in now pins torch==2.13.0+cpu, but the resolved file still has torch==2.10.0, so installs from the lockfile will keep the old Torch version and miss the CPU-only pin.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@requirements.in` at line 18, Regenerate the resolved requirements.txt from
requirements.in so the lockfile reflects torch==2.13.0+cpu instead of
torch==2.10.0, including the CPU-only package resolution.
Bumps torch from 2.10.0 to 2.13.0+cpu.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Summary by CodeRabbit