Add security warning to bug report template

[russellb]

This PR adds a prominent security warning to the GitHub bug report template to remind users to review any pasted text for sensitive information before submitting issues. The warning specifically alerts users about API tokens, passwords, private URLs, and other confidential data to prevent accidental exposure in public GitHub issues.

[gemini-code-assist]

Hello @russellb, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

Hello! Gemini here, providing a summary of this pull request by @russellb. This PR primarily aims to enhance the user experience when submitting bug reports by adding a clear security warning to the issue template. This is a great step to help prevent accidental exposure of sensitive information in public issues.

Additionally, this PR includes changes related to handling encoder/decoder models, specifically adding a check and error message for unsupported num_scheduler_steps greater than 1, and modifying a test utility function to conditionally run seeded sampling tests.

Highlights

• Security Warning in Bug Report Template: A new markdown section has been added to the 400-bug-report.yml issue template. This section provides a prominent warning about including sensitive information like API tokens, passwords, or private URLs in the bug report and suggests redacting such data.
• Encoder/Decoder Model Scheduler Steps Limitation: A new error string constant STR_NOT_IMPL_ENC_DEC_SCHED_STEPS is introduced in vllm/utils.py. This constant is used in vllm/worker/utils.py to raise a NotImplementedError if num_scheduler_steps is set to a value greater than 1 for encoder/decoder models, indicating this configuration is not currently supported.
• Test Utility Modification: The _test_completion function in tests/utils.py now accepts an optional deterministic boolean parameter. The seeded random sampling tests within this function are now only executed if deterministic is False. The compare_all_settings function is updated to call _test_completion with deterministic=True.

Changelog

Click here to see the changelog

• .github/ISSUE_TEMPLATE/400-bug-report.yml
  • Added a new markdown section (lines 11-20) containing a security warning for users submitting bug reports, advising them to check for and redact sensitive information.
• tests/utils.py
  • Added a deterministic: bool = False parameter to the _test_completion function signature (line 201).
  • Wrapped the 'seeded random sampling' tests within an if not deterministic: block (lines 233-263).
  • Modified the call to _test_completion within compare_all_settings to pass deterministic=True (lines 550-554).
• vllm/utils.py
  • Added a new constant STR_NOT_IMPL_ENC_DEC_SCHED_STEPS for an encoder/decoder related error message (lines 135-137).
  • Added STR_NOT_IMPL_ENC_DEC_SCHED_STEPS to the STR_NOT_IMPL_ENC_DEC_ERR_STRS dictionary (line 153).
• vllm/worker/utils.py
  • Added a check in assert_enc_dec_mr_supported_scenario to raise NotImplementedError if num_scheduler_steps > 1 for encoder/decoder models, using the new error string (lines 47-49).

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces two sets of changes:

1. A valuable security warning to the GitHub bug report template, which is clear, well-placed, and will undoubtedly help users avoid accidentally exposing sensitive information. This is a great addition!
2. Several changes in Python files related to encoder-decoder model functionality and testing. These include adding a deterministic flag to test utilities and introducing a new restriction for num_scheduler_steps in encoder-decoder models.

While the changes themselves appear correct and follow existing codebase patterns, the PR's title and description focus exclusively on the bug report template update. Ideally, unrelated changes should be in separate PRs for better clarity, review focus, and commit history. However, reviewing the code as presented, the quality is good.

Summary of Findings

• Scope of Changes: The PR includes changes to Python code (related to testing and encoder-decoder model restrictions) that are not mentioned in the PR title or description, which focus solely on the bug report template update. While the code changes are sound, this makes the PR's intent less clear. This is a process/organizational point rather than a code defect.
• Code Quality: No issues of medium, high, or critical severity were found in the provided diffs. The code changes are clear and well-implemented.

Merge Readiness

The code changes in this pull request are of good quality and appear correct. From a technical standpoint regarding the code itself, it seems ready for merging. However, it's worth noting that the PR combines documentation changes (bug report template) with unrelated functional changes to the Python codebase (encoder-decoder model restrictions and test modifications). For future PRs, separating such concerns would improve clarity and reviewability. As I am an AI assistant, I am not authorized to approve pull requests; please ensure further review and approval by authorized maintainers.

[Copilot]

Pull Request Overview

Adds a prominent security warning to the bug report issue template to remind users to redact sensitive data before submission.

• Inserts a new markdown block highlighting API tokens, passwords, private URLs, and personal data exclusions.
• Advises users to replace sensitive values with placeholders like <YOUR_TOKEN_HERE>.

Comments suppressed due to low confidence (1)

.github/ISSUE_TEMPLATE/400-bug-report.yml:11

• Ensure the new markdown block is indented to match the other - type: entries under body: so it displays correctly in the GitHub issue form.

- type: markdown

[github-actions]

👋 Hi! Thank you for contributing to the vLLM project.

💬 Join our developer Slack at https://slack.vllm.ai to discuss your PR in #pr-reviews, coordinate on features in #feat- channels, or join special interest groups in #sig- channels.

Just a reminder: PRs would not trigger full CI run by default. Instead, it would only run fastcheck CI which starts running only a small and essential subset of CI tests to quickly catch errors. You can run other CI tests on top of those by going to your fastcheck build on Buildkite UI (linked in the PR checks section) and unblock them. If you do not have permission to unblock, ping simon-mo or khluu to add you in our Buildkite org.

Once the PR is approved and ready to go, your PR reviewer(s) can run CI to test the changes comprehensively before merging.

To run CI, PR reviewers can either: Add ready label to the PR or enable auto-merge.

🚀

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!