Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update ipex layers to 2.1.40-xpu #305

Merged
merged 11 commits into from
Aug 14, 2024
Merged

update ipex layers to 2.1.40-xpu #305

merged 11 commits into from
Aug 14, 2024

Conversation

sramakintel
Copy link
Contributor

@sramakintel sramakintel commented Aug 13, 2024
edited
Loading

Description

Related Issue

Changes Made

  • The code follows the project's coding standards.
  • No Intel Internal IP is present within the changes.
  • The documentation has been updated to reflect any changes in functionality.

Validation

  • I have tested any changes in container groups locally with test_runner.py with all existing tests passing, and I have added new tests where applicable.
here are the logs tested locally

Uploading test-runner-output-pip-idp.zip…

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 13, 2024
edited
Loading

Dependency Review

The following issues were found:
  • ❌ 2 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

Vulnerabilities

pytorch/xpu-requirements.txt

NameVersionVulnerabilitySeverity
setuptools69.5.1setuptools vulnerable to Command Injection via package URLhigh
torch2.1.0.post3+cxx11.abiPytorch use-after-free vulnerabilityhigh
PyTorch heap buffer overflow vulnerabilityhigh

License Issues

pytorch/xpu-requirements.txt

PackageVersionLicenseIssue Type
intel_extension_for_pytorch2.1.40+xpuNullUnknown License
oneccl_bind_pt2.1.400+xpuNullUnknown License
torch2.1.0.post3+cxx11.abiNullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/setuptools 69.5.1 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 6Found 13/19 approved changesets -- score normalized to 6
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/torch 2.1.0.post3+cxx11.abi 🟢 6.4
Details
CheckScoreReason
Binary-Artifacts🟢 9binaries present in source code
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests⚠️ -1no pull request found
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 10all last 30 commits are reviewed through Prow
Contributors🟢 1035 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool⚠️ 0no update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0no SAST tool detected
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed -- score normalized to 0
Token-Permissions⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 10no vulnerabilities detected
Webhooks⚠️ -1check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check
pip/intel_extension_for_pytorch 2.1.40+xpu UnknownUnknown
pip/numpy 1.26.4 🟢 8.1
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
CI-Tests🟢 1014 out of 14 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 10project has 95 contributing companies or organizations
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 9license file detected
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/oneccl_bind_pt 2.1.400+xpu UnknownUnknown
pip/torchaudio 2.1.0.post3+cxx11.abi 🟢 5.6
Details
CheckScoreReason
Maintained🟢 77 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/torchvision 0.16.0.post3+cxx11.abi 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 4Found 14/30 approved changesets -- score normalized to 4
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 9binaries present in source code
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

pytorch/xpu-requirements.txt

tylertitsworth
tylertitsworth previously approved these changes Aug 13, 2024
View reviewed changes
tylertitsworth
tylertitsworth reviewed Aug 14, 2024
View reviewed changes
pytorch/README.md Outdated Show resolved Hide resolved
sramakintel and others added 9 commits August 14, 2024 12:11
@sramakintel
update ipex layers to 2.1.40-xpu
71660ae 
Signed-off-by: Srikanth Ramakrishna <[email protected]>
@sramakintel
update readme
b801e3a 
Signed-off-by: Srikanth Ramakrishna <[email protected]>
@sramakintel
revert tests
23b43b2 
Signed-off-by: Srikanth Ramakrishna <[email protected]>
@sharvil10 @sramakintel @dependabot
Token Authentication enabled and tested for Torchserve workflow (#306)
0d1b0e3 
Signed-off-by: sharvil10 <[email protected]>
Signed-off-by: Tyler Titsworth <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Tyler Titsworth <[email protected]>
Co-authored-by: Srikanth Ramakrishna <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
@sramakintel
correcy typo
4573190 
Signed-off-by: Srikanth Ramakrishna <[email protected]>
@sramakintel
test CI with no_proxy
4557c88 
Signed-off-by: Srikanth Ramakrishna <[email protected]>
@sramakintel
revert changes
fd8659d 
Signed-off-by: Srikanth Ramakrishna <[email protected]>
@dependabot @sramakintel
Bump the pytorch group across 1 directory with 14 updates (#309)
278f537 
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: tylertitsworth <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: tylertitsworth <[email protected]>
@sramakintel
Update pytorch/README.md
d7b6fc9 
Co-authored-by: Tyler Titsworth <[email protected]>
Signed-off-by: Srikanth Ramakrishna  <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
@sramakintel sramakintel force-pushed the sramakr1/ipex_xpu_update branch from cb72377 to d7b6fc9 Compare August 14, 2024 19:12
@sramakintel sramakintel requested a review from dmsuehir as a code owner August 14, 2024 19:12
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@tylertitsworth tylertitsworth merged commit 4a7f238 into main Aug 14, 2024
40 of 43 checks passed
@tylertitsworth tylertitsworth deleted the sramakr1/ipex_xpu_update branch August 14, 2024 20:18
sramakintel added a commit that referenced this pull request Aug 16, 2024
@sramakintel @sharvil10
@dependabot @pre-commit-ci
update ipex layers to 2.1.40-xpu (#305)
fb93eef 
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: sharvil10 <[email protected]>
Signed-off-by: Tyler Titsworth <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: tylertitsworth <[email protected]>
Signed-off-by: Srikanth Ramakrishna  <[email protected]>
Co-authored-by: Sharvil Shah <[email protected]>
Co-authored-by: Tyler Titsworth <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
sramakintel added a commit that referenced this pull request Aug 16, 2024
@sramakintel @sharvil10
@dependabot @pre-commit-ci
update ipex layers to 2.1.40-xpu (#305)
a63faa6 
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: sharvil10 <[email protected]>
Signed-off-by: Tyler Titsworth <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: tylertitsworth <[email protected]>
Signed-off-by: Srikanth Ramakrishna  <[email protected]>
Co-authored-by: Sharvil Shah <[email protected]>
Co-authored-by: Tyler Titsworth <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
tylertitsworth pushed a commit that referenced this pull request Sep 25, 2024
@sramakintel @sharvil10
@dependabot @pre-commit-ci
update ipex layers to 2.1.40-xpu (#305)
7554d1f 
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: sharvil10 <[email protected]>
Signed-off-by: Tyler Titsworth <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: tylertitsworth <[email protected]>
Signed-off-by: Srikanth Ramakrishna  <[email protected]>
Co-authored-by: Sharvil Shah <[email protected]>
Co-authored-by: Tyler Titsworth <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tylertitsworth tylertitsworth tylertitsworth approved these changes

@jitendra42 jitendra42 Awaiting requested review from jitendra42 jitendra42 is a code owner

@sharvil10 sharvil10 Awaiting requested review from sharvil10 sharvil10 is a code owner

@dmsuehir dmsuehir Awaiting requested review from dmsuehir

Assignees

@sramakintel sramakintel

Labels
Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sramakintel @tylertitsworth @sharvil10