Update dependency torch to v2 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
torch	1.* -> 2.*

GitHub Vulnerability Alerts

CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. The fix for this issue is available in version 1.13.1. There is a release checker in issue #​89855.

CVE-2024-31583

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.

CVE-2024-31580

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock

Updating dependencies
Resolving dependencies...


The current project's Python requirement (>=3.7.10,<3.11) is not compatible with some of the required packages Python requirement:
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0
  - torch requires Python >=3.8.0, so it will not be satisfied for Python >=3.7.10,<3.8.0

Because no versions of torch match >2.0.0,<2.0.1 || >2.0.1,<2.1.0 || >2.1.0,<2.1.1 || >2.1.1,<2.1.2 || >2.1.2,<2.2.0 || >2.2.0,<2.2.1 || >2.2.1,<2.2.2 || >2.2.2,<2.3.0 || >2.3.0,<2.3.1 || >2.3.1,<2.4.0 || >2.4.0,<3.0.0
 and torch (2.0.0) requires Python >=3.8.0, torch is forbidden.
And because torch (2.0.1) requires Python >=3.8.0, torch is forbidden.
And because torch (2.1.0) requires Python >=3.8.0
 and torch (2.1.1) requires Python >=3.8.0, torch is forbidden.
And because torch (2.1.2) requires Python >=3.8.0
 and torch (2.2.0) requires Python >=3.8.0, torch is forbidden.
And because torch (2.2.1) requires Python >=3.8.0
 and torch (2.2.2) requires Python >=3.8.0, torch is forbidden.
And because torch (2.3.0) requires Python >=3.8.0
 and torch (2.3.1) requires Python >=3.8.0, torch is forbidden.
So, because torch (2.4.0) requires Python >=3.8.0
 and goldnlp depends on torch (2.*), version solving failed.

  • Check your dependencies Python requirement: The Python requirement can be specified via the `python` or `markers` properties
    
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"
    For torch, a possible solution would be to set the `python` property to ">=3.8.0,<3.11"

    https://python-poetry.org/docs/dependency-specification/#python-restricted-dependencies,
    https://python-poetry.org/docs/dependency-specification/#using-environment-markers