Skip to content

Bump the pip group across 4 directories with 3 updates#1151

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-e320c5ce9a
Closed

Bump the pip group across 4 directories with 3 updates#1151
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-e320c5ce9a

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 31, 2026

Bumps the pip group with 1 update in the /examples/llm_ptq directory: transformers.
Bumps the pip group with 1 update in the /examples/windows/onnx_ptq/genai_llm directory: onnx.
Bumps the pip group with 1 update in the /examples/windows/onnx_ptq/sam2 directory: onnx.
Bumps the pip group with 2 updates in the /examples/windows/onnx_ptq/whisper directory: torch and onnx.

Updates transformers from 4.48.0 to 4.53.0

Release notes

Sourced from transformers's releases.

Release v4.53.0

Gemma3n

Gemma 3n models are designed for efficient execution on low-resource devices. They are capable of multimodal input, handling text, image, video, and audio input, and generating text outputs, with open weights for pre-trained and instruction-tuned variants. These models were trained with data in over 140 spoken languages.

Gemma 3n models use selective parameter activation technology to reduce resource requirements. This technique allows the models to operate at an effective size of 2B and 4B parameters, which is lower than the total number of parameters they contain. For more information on Gemma 3n's efficient parameter management technology, see the Gemma 3n page.

image

from transformers import pipeline
import torch
pipe = pipeline(
"image-text-to-text",
torch_dtype=torch.bfloat16,
model="google/gemma-3n-e4b",
device="cuda",
)
output = pipe(
"https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/bee.jpg",
text="<image_soft_token> in this image, there is"
)
print(output)

Dia

image

Dia is an opensource text-to-speech (TTS) model (1.6B parameters) developed by Nari Labs. It can generate highly realistic dialogue from transcript including nonverbal communications such as laughter and coughing. Furthermore, emotion and tone control is also possible via audio conditioning (voice cloning).

Model Architecture: Dia is an encoder-decoder transformer based on the original transformer architecture. However, some more modern features such as rotational positional embeddings (RoPE) are also included. For its text portion (encoder), a byte tokenizer is utilized while for the audio portion (decoder), a pretrained codec model DAC is used - DAC encodes speech into discrete codebook tokens and decodes them back into audio.

Kyutai Speech-to-Text

Kyutai STT is a speech-to-text model architecture based on the Mimi codec, which encodes audio into discrete tokens in a streaming fashion, and a Moshi-like autoregressive decoder. Kyutai’s lab has released two model checkpoints:

... (truncated)

Commits

Updates onnx from 1.19.0 to 1.21.0rc1

Release notes

Sourced from onnx's releases.

v1.20.1

[!NOTE] This patch release includes important bug fixes to ONNX build.

What's Changed

Commits

Full Changelog: onnx/onnx@v1.20.0...v1.20.1

v1.20.0

ONNX v1.20.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

Updated Op list:

Cast, CastLike, Constant, ConstantOfShape, DequantizeLinear, Flatten, Identity, If, Loop, Pad, QuantizeLinear, Reshape, Scan, Shape, Size, Squeeze, Transpose, Unsqueeze

Key Updates:

  • Support for Python 3.14 via Python's stable ABI. (#7276)
  • Opset 25
  • 2-bit dtype support (#7446)
  • A new "node determinism" attribute in operator schemas (#7176)

Breaking Changes and Deprecations

  • Update manylinux_2014 -> manylinux_2_28 (#7151)
  • Update attention gqa to use repeat interleave within repeat kv (#7274)
  • Update required Python version to 3.10 and related fixes (#7220)
  • Remove Python 3.9 wheel build (#7217)
  • Remove deprecated methods (#7214)

Spec and Operator

  • Add 2 bit support to onnx (#7446)
  • Remove enforcement to node determinism attribute (#7473)
  • Fix handling of empty inputs for the Softmax operator (#7206)
  • Fix OneHotEncoder segfault due to missing input shape validation (#7302)
  • Fix Attention backend test: correct dimension of Range input (#7300)
  • Fix Range input rank in Attention op function definition (#7240)

... (truncated)

Commits

Updates onnx from 1.17.0 to 1.21.0rc1

Release notes

Sourced from onnx's releases.

v1.20.1

[!NOTE] This patch release includes important bug fixes to ONNX build.

What's Changed

Commits

Full Changelog: onnx/onnx@v1.20.0...v1.20.1

v1.20.0

ONNX v1.20.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

Updated Op list:

Cast, CastLike, Constant, ConstantOfShape, DequantizeLinear, Flatten, Identity, If, Loop, Pad, QuantizeLinear, Reshape, Scan, Shape, Size, Squeeze, Transpose, Unsqueeze

Key Updates:

  • Support for Python 3.14 via Python's stable ABI. (#7276)
  • Opset 25
  • 2-bit dtype support (#7446)
  • A new "node determinism" attribute in operator schemas (#7176)

Breaking Changes and Deprecations

  • Update manylinux_2014 -> manylinux_2_28 (#7151)
  • Update attention gqa to use repeat interleave within repeat kv (#7274)
  • Update required Python version to 3.10 and related fixes (#7220)
  • Remove Python 3.9 wheel build (#7217)
  • Remove deprecated methods (#7214)

Spec and Operator

  • Add 2 bit support to onnx (#7446)
  • Remove enforcement to node determinism attribute (#7473)
  • Fix handling of empty inputs for the Softmax operator (#7206)
  • Fix OneHotEncoder segfault due to missing input shape validation (#7302)
  • Fix Attention backend test: correct dimension of Range input (#7300)
  • Fix Range input rank in Attention op function definition (#7240)

... (truncated)

Commits

Updates torch from 2.7.0+cu128 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

Highlights

... (truncated)

Commits

Updates onnx from 1.19.0 to 1.21.0rc1

Release notes

Sourced from onnx's releases.

v1.20.1

[!NOTE] This patch release includes important bug fixes to ONNX build.

What's Changed

Commits

Full Changelog: onnx/onnx@v1.20.0...v1.20.1

v1.20.0

ONNX v1.20.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

Updated Op list:

Cast, CastLike, Constant, ConstantOfShape, DequantizeLinear, Flatten, Identity, If, Loop, Pad, QuantizeLinear, Reshape, Scan, Shape, Size, Squeeze, Transpose, Unsqueeze

Key Updates:

  • Support for Python 3.14 via Python's stable ABI. (#7276)
  • Opset 25
  • 2-bit dtype support (#7446)
  • A new "node determinism" attribute in operator schemas (#7176)

Breaking Changes and Deprecations

  • Update manylinux_2014 -> manylinux_2_28 (#7151)
  • Update attention gqa to use repeat interleave within repeat kv (#7274)
  • Update required Python version to 3.10 and related fixes (#7220)
  • Remove Python 3.9 wheel build (#7217)
  • Remove deprecated methods (#7214)

Spec and Operator

  • Add 2 bit support to onnx (#7446)
  • Remove enforcement to node determinism attribute (#7473)
  • Fix handling of empty inputs for the Softmax operator (#7206)
  • Fix OneHotEncoder segfault due to missing input shape validation (#7302)
  • Fix Attention backend test: correct dimension of Range input (#7300)
  • Fix Range input rank in Attention op function definition (#7240)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 4 directories with 3 updates
dc06d60 
Bumps the pip group with 1 update in the /examples/llm_ptq directory: [transformers](https://github.com/huggingface/transformers).
Bumps the pip group with 1 update in the /examples/windows/onnx_ptq/genai_llm directory: [onnx](https://github.com/onnx/onnx).
Bumps the pip group with 1 update in the /examples/windows/onnx_ptq/sam2 directory: [onnx](https://github.com/onnx/onnx).
Bumps the pip group with 2 updates in the /examples/windows/onnx_ptq/whisper directory: [torch](https://github.com/pytorch/pytorch) and [onnx](https://github.com/onnx/onnx).


Updates `transformers` from 4.48.0 to 4.53.0
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.48.0...v4.53.0)

Updates `onnx` from 1.19.0 to 1.21.0rc1
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](https://github.com/onnx/onnx/commits)

Updates `onnx` from 1.17.0 to 1.21.0rc1
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](https://github.com/onnx/onnx/commits)

Updates `torch` from 2.7.0+cu128 to 2.8.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](https://github.com/pytorch/pytorch/commits/v2.8.0)

Updates `onnx` from 1.19.0 to 1.21.0rc1
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](https://github.com/onnx/onnx/commits)

---
updated-dependencies:
- dependency-name: transformers
  dependency-version: 4.53.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: onnx
  dependency-version: 1.21.0rc1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: onnx
  dependency-version: 1.21.0rc1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: torch
  dependency-version: 2.8.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: onnx
  dependency-version: 1.21.0rc1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 31, 2026
@dependabot dependabot bot requested review from a team as code owners March 31, 2026 23:05
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 31, 2026
@dependabot dependabot bot requested a review from ynankani March 31, 2026 23:05
@dependabot dependabot bot added the python Pull requests that update python code label Mar 31, 2026
@copy-pr-bot
Copy link
Copy Markdown

copy-pr-bot bot commented Mar 31, 2026

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@dependabot dependabot bot mentioned this pull request Mar 31, 2026
Closed
cjluo-nv
cjluo-nv reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@cjluo-nv cjluo-nv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary: Dependabot PR bumping transformers, onnx, and torch across example requirements and project config files. The PR description is stale (mentions 4.48.0→4.53.0) but the actual diff shows much larger version jumps including transformers to 5.4.0 and onnx to 1.21.0rc1.

Issues Found:

  1. [Correctness] Version guard in modelopt/torch/__init__.py:35 not updated. The pyproject.toml now allows transformers>=4.56,<6.0, but the runtime version check still enforces < _Version("5.0"). This means anyone installing transformers 5.x (which this PR enables) will get a warning on every import. The comment on the pyproject.toml line says "Should match modelopt/torch/init.py and tox.ini" — neither was updated.

  2. [Correctness] tox.ini:27 not updated. The comment says it should match pyproject.toml, but tox.ini still pins transformers~=4.56.0 as the minimum test version. If the intent is to support transformers 5.x, there should be a tf_max or similar test environment to validate against 5.x.

  3. [Correctness] onnx==1.21.0rc1 is a release candidate. Three example requirements files pin to an RC version. RC versions can have breaking changes before final release and shouldn't be pinned in shipped examples. Use 1.20.1 (latest stable) or wait for 1.21.0 final.

  4. [Correctness] torchaudio version mismatch in examples/windows/onnx_ptq/whisper/requirements.txt. torch is bumped from 2.7.0+cu128 to 2.8.0, but torchaudio remains at 2.7.0+cu128 on the next line. PyTorch and torchaudio versions must be compatible — mixing 2.8.0 torch with 2.7.0 torchaudio will likely fail at import time.

  5. [Correctness] torch and transformers versions inconsistent across genai_llm/requirements.txt. This file pins torch==2.11.0 and transformers==5.4.0 — these are versions that don't exist yet as of the knowledge cutoff. The PR description mentions torch 2.8.0 but the diff shows 2.11.0 for genai_llm. This looks like the Dependabot resolved to different targets across directories.

  6. [Correctness] requirements-vila.txt upper bound jump. The VILA requirements go from transformers<=4.50.0 to transformers<=5.4.0 — a very large upper bound increase. VILA integration should be explicitly tested against transformers 5.x before opening up this range.

Suggestions:

  • Update modelopt/torch/__init__.py:35 to < _Version("6.0") to match pyproject.toml.
  • Update tox.ini to add a transformers 5.x test environment.
  • Pin onnx to 1.20.1 (stable) instead of 1.21.0rc1.
  • Fix the torchaudio version in whisper requirements to match the torch version.
  • Verify that torch==2.11.0 in genai_llm is intentional (it appears unreleased).

Overall Assessment: This PR has multiple version inconsistencies and missing updates to runtime version checks. The most critical issue is that the version guard in __init__.py actively contradicts the new pyproject.toml range, and pinning to an RC version of onnx is inappropriate for example code. Needs revision.

@cjluo-nv cjluo-nv mentioned this pull request Apr 1, 2026
Open
@kevalmorabia97
Copy link
Copy Markdown
Collaborator

kevalmorabia97 commented Apr 1, 2026
edited
Loading

Needs proper testing and maybe more updates since we dont have cicd testing for windows examples. Closing this

@dependabot @github
Copy link
Copy Markdown
Author

dependabot bot commented on behalf of github Apr 1, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/pip/pip-e320c5ce9a branch April 1, 2026 08:13
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 1, 2026

PR Preview Action v1.8.1
Preview removed because the pull request was closed.
2026-04-01 08:13 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cjluo-nv cjluo-nv cjluo-nv left review comments

@ynankani ynankani Awaiting requested review from ynankani ynankani is a code owner automatically assigned from NVIDIA/modelopt-windows-codeowners

@Edwardf0t1 Edwardf0t1 Awaiting requested review from Edwardf0t1 Edwardf0t1 is a code owner automatically assigned from NVIDIA/modelopt-examples-vlm-codeowners

@kevalmorabia97 kevalmorabia97 Awaiting requested review from kevalmorabia97 kevalmorabia97 is a code owner automatically assigned from NVIDIA/modelopt-setup-codeowners

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kevalmorabia97 @cjluo-nv