Skip to content
Nightly Compatibility

Nightly Compatibility #95

Sign in to view logs

Nightly Compatibility

Nightly Compatibility #95

Triggered via schedule June 23, 2026 06:53
@cemililikcemililik
282f139
main
Status Success
Total duration 7m 36s
Artifacts 1

nightly.yml

on: schedule
Matrix: Test with latest dependencies
Wheel install smoke test
1m 33s
Wheel install smoke test
Test with minimum supported versions
7m 23s
Test with minimum supported versions
Supply-chain security (pip-audit + bandit)
1m 58s
Supply-chain security (pip-audit + bandit)
Notify on failure
0s
Notify on failure
Fit to window
Zoom out
Zoom in

Annotations

11 warnings and 2 notices
Supply-chain security (pip-audit + bandit)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/upload-artifact@v5. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/judge.py:305 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/judge.py:304 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/ingestion.py:1964 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/inference.py:106 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/inference.py:83 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/fit_check.py:83 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/export.py:160 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/export.py:159 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in from_pretrained()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/data.py:104 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in load_dataset()
Supply-chain security (pip-audit + bandit)
bandit [MEDIUM/HIGH] forgelm/data.py:103 B615 huggingface_unsafe_download — Unsafe Hugging Face Hub download without revision pinning in load_dataset()
Supply-chain security (pip-audit + bandit)
pip-audit suppressed (project ignore list): transformers CVE-2026-1839 — reason: Fix only in transformers 5.0.0rc3 (release candidate); pyproject pins <5.0.0 due to TRL adapter + tokenizer-config breaking changes.
Supply-chain security (pip-audit + bandit)
pip-audit suppressed (project ignore list): transformers PYSEC-2025-217 — reason: CVE-2025-14929 — X-CLIP checkpoint-conversion deserialization RCE (CVSS:3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The advisory records no fixed version for the 4.x line that pyproject pins.

Artifacts

Produced during runtime
Name Size Digest
supply-chain-scans
5.24 KB
sha256:fe32f4775023d9ff4a38a18f913ef4e893274c228ac90fdd978109c6ad2792f6