Skip to content

build(deps): bump the pip group across 1 directory with 2 updates #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

build(deps): bump the pip group across 1 directory with 2 updates #35

wants to merge 2 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 9, 2025

Bumps the pip group with 2 updates in the / directory: ray and torch.

Updates ray from 2.42.0 to 2.49.2

Release notes

Sourced from ray's releases.

Ray-2.49.2

There is no difference between 2.49.2 and 2.49.1, though we needed a patch version for other out of band reasons. To fill the awkward blankness, here is a haiku about Ray:

Summit drawing near Ray advances, step by step Scaling without end

Ray-2.49.1

  • Ray Dashboard: Fix issue where GPU metrics are missing (#56006)
  • Ray Data: Fixed regression in handling very large schemas (#56058)

Ray-2.49.0

Release Highlights

Ray Data:

  • We’ve implemented a variety of performance enhancements, including improved actor/node autoscaling with budget-aware decisions; faster/more accurate shuffle accounting; reduced Parquet metadata footprint; and out-of-order execution for higher throughput.
  • We’ve also implemented anti/semi joins, stratified train_test_split, and added Snowflake connectors.

Ray Core:

  • Performance/robustness cleanups around GCS publish path and raylet internals; simpler OpenTelemetry flagging; new user-facing API to wait for GPU tensor free; plus assorted test/infra tidy-ups

Ray Train:

  • We’ve introduced a new JaxTrainer with SPMD support for TPUs.

Ray Serve:

  • Custom Autoscaling per Deployment Serve now supports user-defined autoscaling policies via AutoscalingContext and AutoscalingPolicy, enabling fine-grained scaling logic at the deployment level. This is part of a large effort where we are adding support for autoscaling based on custom metrics in Serve, see this RFC for more details.
  • Async Inference (Initial Support): Ray Serve introduces asynchronous inference execution, laying the foundation for better throughput and latency in async workloads. Please see this RFC for more details.
  • Major Performance Gains: This version of ray serve brings double digit % performance improvements both in throughput and latency. See release notes for more details.

Ray Serve/Data LLM:

  • We’ve refactored Ray Serve LLM to be fully compatible with the default vllm serve and also now supports vLLM=0.10.
  • We’ve added a prefix cache-aware router with PrefixCacheAffinityRouter for optimized cache utilization; dynamic cache management via reset prefix cache remote methods; enhanced LMCacheConnectorV1 with kv_transfer_config support.

Ray Libraries

Ray Data

🎉 New Features:

  • Wrapped batch indices in a BatchMetadata object to make per-batch metadata explicit. (#55643)
  • Added support for Anti/Semi Join types. (#55272)
  • Introduced an Issue Detection Framework. (#55155)
  • Added an option to enable out-of-order execution for better performance. (#54504)
  • Introduced a StreamingSplit logical operator for DAG rewrite. (#54994)
  • Added a stratify parameter to train_test_split. (#54624)
  • Added Snowflake connectors. (#51429)
  • Updated Hudi integration to support incremental query. (#54301)
  • Added an Actor location tracker. (#54590)

... (truncated)

Commits

Updates torch from 2.7.0 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

Highlights

... (truncated)

Commits
  • ba56102 Cherrypick: Add the RunLLM widget to the website (#159592)
  • c525a02 [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (#15...
  • a1cb3cc [Release Only] Remove nvshmem from list of preload libraries (#158925)
  • c76b235 Move out super large one off foreach_copy test (#158880)
  • 20a0e22 Revert "[Dynamo] Allow inlining into AO quantization modules (#152934)" (#158...
  • 9167ac8 [MPS] Switch Cholesky decomp to column wise (#158237)
  • 5534685 [MPS] Reimplement tri[ul] as Metal shaders (#158867)
  • d19e08d Cherry pick PR 158746 (#158801)
  • a6c044a [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...
  • 620ebd0 [Dynamo] Use proper sources for constructing dataclass defaults (#158689)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the pip group across 1 directory with 2 updates
46a4cb0 
Bumps the pip group with 2 updates in the / directory: [ray](https://github.com/ray-project/ray) and [torch](https://github.com/pytorch/pytorch).


Updates `ray` from 2.42.0 to 2.49.2
- [Release notes](https://github.com/ray-project/ray/releases)
- [Commits](ray-project/ray@ray-2.42.0...ray-2.49.2)

Updates `torch` from 2.7.0 to 2.8.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.7.0...v2.8.0)

---
updated-dependencies:
- dependency-name: ray
  dependency-version: 2.49.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: torch
  dependency-version: 2.8.0
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Oct 9, 2025
@dependabot dependabot bot requested a review from rivertalk as a code owner October 9, 2025 09:11
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Oct 9, 2025
@da-niao-dan da-niao-dan closed this Oct 9, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 9, 2025

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/pip/pip-fb9c603669 branch October 9, 2025 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rivertalk rivertalk Awaiting requested review from rivertalk rivertalk is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@da-niao-dan