Skip to content

chore(library): remove unused vllm requirements.txt files #1466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 22, 2025
Merged

chore(library): remove unused vllm requirements.txt files #1466

merged 1 commit into from
Oct 22, 2025

Conversation

@Pouyanpi
Copy link
Collaborator

Summary

Removes unused requirements.txt files from patronusai and llama_guard library directories that pinned vllm==0.10.1.1 (which has known security vulnerabilities).

we won't get any of these in future:

https://github.com/NVIDIA-NeMo/Guardrails/security/dependabot/130
https://github.com/NVIDIA-NeMo/Guardrails/security/dependabot/129
https://github.com/NVIDIA-NeMo/Guardrails/security/dependabot/125
https://github.com/NVIDIA-NeMo/Guardrails/security/dependabot/124

Context

  • These requirements.txt files were not referenced or used by any code in the codebase
  • The Python code in both libraries does not import vllm
  • vllm is only needed for users who choose to self-host the models, which is already documented in the deployment guides
  • Removing these files eliminates the pinned vulnerable vllm version from the repository

@Pouyanpi Pouyanpi self-assigned this Oct 21, 2025
@Pouyanpi Pouyanpi added this to the v0.18.0 milestone Oct 21, 2025
greptile-apps[bot]
greptile-apps bot reviewed Oct 21, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

@codecov-commenter
Copy link

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

tgasser-nv
tgasser-nv approved these changes Oct 21, 2025
View reviewed changes
Copy link
Collaborator

@tgasser-nv tgasser-nv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, will be great to get rid of the spurious vllm vulnerability messages

@Pouyanpi Pouyanpi merged commit a2f17bc into develop Oct 22, 2025
7 checks passed
@Pouyanpi Pouyanpi deleted the chore/remove-unused-vllm-reqs branch October 22, 2025 05:28
Pouyanpi added a commit that referenced this pull request Oct 28, 2025
@Pouyanpi
chore(library): remove unused vllm requirements.txt files (#1466)
b10ebcc
tgasser-nv pushed a commit that referenced this pull request Oct 28, 2025
@Pouyanpi @tgasser-nv
chore(library): remove unused vllm requirements.txt files (#1466)
69683ff
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tgasser-nv tgasser-nv tgasser-nv approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@Pouyanpi Pouyanpi

Labels

None yet

Projects

None yet

Milestone

v0.18.0

Development

Successfully merging this pull request may close these issues.

4 participants

@Pouyanpi @codecov-commenter @tgasser-nv