Release 1.5.1 Updates #8575
Release 1.5.1 Updates #8575
Conversation
Signed-off-by: Eric Kerfoot <[email protected]>
Signed-off-by: Eric Kerfoot <[email protected]>
WalkthroughAdds a 1.5.1 release entry to CHANGELOG.md with dated subsections (Added, Fixed, Changed) describing PyTorch 2.7/2.8 support, GPU compatibility notes, security fixes, dependency updates, new YAML config and input validation items, conditioning/classifier-guidance and DiffusionModelEncoder enhancements, and other minor fixes. Adds docs/source/whatsnew_1_5_1.md with the 1.5.1 release notes, updates docs/source/whatsnew.rst to include the new page in the toctree, and removes trailing emoji from the main heading in docs/source/whatsnew_1_5.md. No public/exported API signatures changed. Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Pre-merge checks and finishing touches❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✨ Finishing touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
for more information, see https://pre-commit.ci
Signed-off-by: Eric Kerfoot <[email protected]>
…e_1_5_1 Signed-off-by: Eric Kerfoot <[email protected]>
Signed-off-by: Eric Kerfoot <[email protected]>
Signed-off-by: Eric Kerfoot <[email protected]>
|
/build |
|
Hi @ericspod, does this PR ready for review? |
Signed-off-by: Eric Kerfoot <[email protected]>
I've just added a few more items for the changelog but we should be ready to go now. Thanks! |
|
#8580 is mentioned in the changelog although it hasn't been merged yet, it should be merged before the release. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (6)
CHANGELOG.md (5)
22-24: Fix MD034 (bare URLs) and improve readability of advisories.Wrap advisory URLs with link text.
Apply:
-* Fix for insecure zip file extraction to address https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-x6ww-pf9m-m73m (#8568) -* Fix for insecure use of `torch.load` and `pickle` to address https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-6vm5-6jv9-rjpj and https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-p8cm-mm2v-gwjm (#8566) +* Fix for insecure zip file extraction to address [GHSA-x6ww-pf9m-m73m](https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-x6ww-pf9m-m73m) (#8568) +* Fix for insecure use of `torch.load` and `pickle` to address [GHSA-6vm5-6jv9-rjpj](https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-6vm5-6jv9-rjpj) and [GHSA-p8cm-mm2v-gwjm](https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-p8cm-mm2v-gwjm) (#8566)
24-24: Capitalize TorchVision consistently.-* Torchvision fix for loading pretrained weights using current syntax (#8563) +* TorchVision fix for loading pretrained weights using current syntax (#8563)
25-26: Proper nouns and acronyms: MAISI, VAE.-* Fix bug in maisi vae (#8517) +* Fix bug in MAISI VAE (#8517)
8-8: Nit: double space before date.-## [1.5.1] - 2025-09-22 +## [1.5.1] - 2025-09-22
1264-1285: Add missing link ref for [1.5.1] and prep [Unreleased] compare for post‑tag.Apply now; flip Unreleased compare after tagging:
-[Unreleased]: https://github.com/Project-MONAI/MONAI/compare/1.5.0...HEAD +[Unreleased]: https://github.com/Project-MONAI/MONAI/compare/1.5.1...HEAD +[1.5.1]: https://github.com/Project-MONAI/MONAI/compare/1.5.0...1.5.1Ensure you switch the Unreleased link in the same commit that creates the 1.5.1 tag.
docs/source/whatsnew_1_5_1.md (1)
2-12: Tighten wording, capitalization, emoji, and link to CHANGELOG.Apply:
-# What's new in 1.5.1 🎉🎉 +# What's new in 1.5.1 -This is a minor update for MONAI to address security concerns and improve compatibility with the newest PyTorch release. +This minor release addresses security advisories and adds compatibility with the latest PyTorch release. -With the upgrade support for PyTorch 2.8, MONAI now directly support NVIDIA GeForce RTX 50 series GPUs and other Blackwell-based GPUs! +With support for PyTorch 2.8, MONAI now supports NVIDIA GeForce RTX 50‑series and other Blackwell‑based GPUs (subject to matching CUDA/driver versions). -- Support up to PyTorch 2.8. -- Security fixes to address advisories [GHSA-x6ww-pf9m-m73m](https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-x6ww-pf9m-m73m), [GHSA-6vm5-6jv9-rjpj](https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-6vm5-6jv9-rjpj), and [GHSA-p8cm-mm2v-gwjm](https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-p8cm-mm2v-gwjm), -- Updated version of supported Huggingface Transformers library to address security advisories raised for it. -- Updated Torchvision pretrained network loading to use current arguments. -- Many minor fixes to identified issues, see release notes for details on merged PRs. +- Support up to PyTorch 2.8. +- Security fixes addressing [GHSA-x6ww-pf9m-m73m](https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-x6ww-pf9m-m73m), [GHSA-6vm5-6jv9-rjpj](https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-6vm5-6jv9-rjpj), and [GHSA-p8cm-mm2v-gwjm](https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-p8cm-mm2v-gwjm). +- Updated supported version of the Hugging Face Transformers library to address its advisories. +- Updated TorchVision pretrained model loading to current argument patterns. +- Many minor fixes; see the [CHANGELOG 1.5.1 section](../../CHANGELOG.md#151---2025-09-22) for details.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting
📒 Files selected for processing (4)
CHANGELOG.md(1 hunks)docs/source/whatsnew.rst(1 hunks)docs/source/whatsnew_1_5.md(1 hunks)docs/source/whatsnew_1_5_1.md(1 hunks)
🧰 Additional context used
📓 Path-based instructions (2)
**/*.rst
⚙️ CodeRabbit configuration file
Remember that documentation must be updated with the latest information.
Files:
docs/source/whatsnew.rst
**/*.md
⚙️ CodeRabbit configuration file
Remember that documentation must be updated with the latest information.
Files:
docs/source/whatsnew_1_5.mdCHANGELOG.mddocs/source/whatsnew_1_5_1.md
🪛 markdownlint-cli2 (0.18.1)
CHANGELOG.md
22-22: Bare URL used
(MD034, no-bare-urls)
23-23: Bare URL used
(MD034, no-bare-urls)
23-23: Bare URL used
(MD034, no-bare-urls)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (19)
- GitHub Check: min-dep-pytorch (2.5.1)
- GitHub Check: quick-py3 (ubuntu-latest)
- GitHub Check: min-dep-pytorch (2.6.0)
- GitHub Check: min-dep-pytorch (2.8.0)
- GitHub Check: quick-py3 (macOS-latest)
- GitHub Check: packaging
- GitHub Check: build-docs
- GitHub Check: min-dep-os (macOS-latest)
- GitHub Check: flake8-py3 (pytype)
- GitHub Check: quick-py3 (windows-latest)
- GitHub Check: min-dep-pytorch (2.7.1)
- GitHub Check: min-dep-py3 (3.12)
- GitHub Check: flake8-py3 (mypy)
- GitHub Check: min-dep-os (ubuntu-latest)
- GitHub Check: min-dep-py3 (3.11)
- GitHub Check: min-dep-py3 (3.9)
- GitHub Check: flake8-py3 (codeformat)
- GitHub Check: min-dep-py3 (3.10)
- GitHub Check: min-dep-os (windows-latest)
🔇 Additional comments (5)
CHANGELOG.md (2)
8-8: Release date is in the future—confirm before merging.“2025-09-22” is tomorrow (current date: 2025-09-21). Either confirm the date matches the tag cut or leave it blank until tagging.
12-20: Version support claims—ensure CI matrices and docs match.“PyTorch 2.7 and 2.8 support” and “DiffusionModelEncoder updates (#8578, #8580)” should be reflected in requirements, CI envs, and docs. Verify the min/max versions and CUDA/toolkit combos are tested.
docs/source/whatsnew_1_5.md (1)
2-2: Heading style consistency looks good.docs/source/whatsnew.rst (1)
9-9: Add 1.5.1 to toctree—LGTM.Run “make html” to ensure MyST parses the new .md page cleanly.
docs/source/whatsnew_1_5_1.md (1)
6-6: Hardware claim—verify CUDA/driver matrix and CI coverage.Ensure CI includes PyTorch 2.8 + appropriate CUDA/driver versions that enable Blackwell/RTX 50 support; otherwise soften the claim further.
Signed-off-by: Eric Kerfoot <[email protected]>
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (5)
CHANGELOG.md (5)
18-18: Hyphenate “classifier‑free guidance”.Microcopy polish.
-* Add classifier free guidance unconditioned value (#8562) +* Add classifier‑free guidance unconditioned value (#8562)
25-27: Capitalize proper nouns.VAE and RetinaNet.
-* Fix bug in MAISI vae (#8517) -* Throw exception on invalid images in retinanet detector (#8515) +* Fix bug in MAISI VAE (#8517) +* Throw exception on invalid images in RetinaNet detector (#8515)
30-31: Tighten wording.Grammar/readability.
-* Fix for gdown downloading fails (#8576) +* Fix gdown download failures (#8576)
33-38: Consistent naming and capitalization.CI/Test/Hugging Face formatting.
-* CI: Add custom timeout to ci job in order to save resources (#8504) -* Tests Cleanup and refactor (#8405, #8535) -* Updated supported version of Huggingface Transformers (#8574) +* CI: Add custom timeout to CI job to save resources (#8504) +* Test cleanup and refactor (#8405, #8535) +* Updated supported version of Hugging Face Transformers (#8574)
10-39: Sync with docs “What’s New” page.Ensure bullets and wording match docs/source/whatsnew_1_5_1.md (e.g., GPU compatibility notes).
If desired, I can auto‑diff the docs and normalize phrasing.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting
📒 Files selected for processing (1)
CHANGELOG.md(2 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**/*.md
⚙️ CodeRabbit configuration file
Remember that documentation must be updated with the latest information.
Files:
CHANGELOG.md
🔇 Additional comments (3)
CHANGELOG.md (3)
1264-1265: Compare links will 404 until tags exist — OK as-is. Both compare URLs returned 404 when tested; that's expected. No change required — re-run the validation after creating the tag.
8-8: Do not set the release date in the changelog until the tag exists.Tag 1.5.1 is not present; remove the hardcoded date in CHANGELOG.md (line 8) and use "(planned)" or leave blank — set the final date when you create the tag.
File: CHANGELOG.md (line 8)
## [1.5.1] - 2025-09-22
21-24: Security advisories verified — confirm fixes implement recommended remediations
- GHSA-x6ww-pf9m-m73m: path traversal via zipfile.extractall — sanitize/normalize entries (reject absolute paths and “..”), or use a safe-extract helper; sandbox extraction of untrusted archives.
- GHSA-6vm5-6jv9-rjpj: unsafe torch.load usage — use torch.load(..., weights_only=True) or equivalent, validate provenance (signatures/checksums), and sandbox checkpoint loading.
- GHSA-p8cm-mm2v-gwjm: unsafe pickle.loads — remove/untrusted unpickling or use a restricted unpickler/whitelist; prefer safer formats (JSON/msgpack) when possible.
- CHANGELOG references fixes — verify the code changes actually implement the mitigations above (search for zipfile.extractall, torch.load checkpoint paths, pickle.loads usage — e.g., monai/data/utils.py) and add patched release/version numbers to the changelog.
|
/build |
Fixes #8569.
Description
This updates documentation and other components for the 1.5.1 release.
Types of changes
./runtests.sh -f -u --net --coverage../runtests.sh --quick --unittests --disttests.make htmlcommand in thedocs/folder.