Skip to content
Nightly Compatibility

Nightly Compatibility #88

Sign in to view logs

Nightly Compatibility

Nightly Compatibility #88

Triggered via schedule June 17, 2026 08:30
@cemililikcemililik
ebe0d6c
main
Status Failure
Total duration 7m 24s
Artifacts 1

nightly.yml

on: schedule
Matrix: Test with latest dependencies
Wheel install smoke test
1m 31s
Wheel install smoke test
Test with minimum supported versions
7m 10s
Test with minimum supported versions
Supply-chain security (pip-audit + bandit)
1m 50s
Supply-chain security (pip-audit + bandit)
Notify on failure
6s
Notify on failure
Fit to window
Zoom out
Zoom in

Annotations

2 errors, 11 warnings, and 3 notices
Test with latest dependencies (3.11)
Process completed with exit code 2.
Test with latest dependencies (3.12)
Process completed with exit code 2.
Supply-chain security (pip-audit + bandit)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/upload-artifact@v5. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/judge.py:305 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/judge.py:304 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/ingestion.py:1964 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/inference.py:106 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/inference.py:83 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/fit_check.py:83 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/export.py:160 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/export.py:159 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/data.py:104 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in load_dataset()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/data.py:103 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in load_dataset()
Supply-chain security (pip-audit + bandit)
pip-audit suppressed (project ignore list): transformers CVE-2026-1839 — reason: Fix only in transformers 5.0.0rc3 (release candidate); pyproject pins <5.0.0 due to TRL adapter + tokenizer-config breaking changes.
Supply-chain security (pip-audit + bandit)
pip-audit suppressed (project ignore list): transformers PYSEC-2025-217 — reason: CVE-2025-14929 — X-CLIP checkpoint-conversion deserialization RCE (CVSS:3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The advisory records no fixed version for the 4.x line that pyproject pins.
Supply-chain security (pip-audit + bandit)
pip-audit suppressed (project ignore list): torch CVE-2025-3000 — reason: Local memory corruption in `torch.jit.script`.

Artifacts

Produced during runtime
Name Size Digest
supply-chain-scans
5.38 KB
sha256:f5c8a70ecf4855e47b2157c84429b71c0c3a84c4c0883f686c4cd75d7dc35617