Fix: Relax torch and scipy version constraints for Windows compatibility

[SxBxcoder]

Description

Relaxed scipy and torch version constraints in requirements.txt to fix installation failures on Windows environments (specifically for Python 3.11+).

Type of Change

• Bug fix (non-breaking change which fixes an installation issue)

Summary by CodeRabbit

• Chores
  • Relaxed dependency constraints for core libraries to allow newer compatible releases, improving installation flexibility and compatibility with modern environments.
  • Broadened ranges for machine-learning and scientific computing libraries so installations can use newer minor/patch releases while avoiding major breaking upgrades.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Relaxed dependency pins in requirements.txt: torch moved from ==2.5.1 to >=2.8.0,<3, transformers from ==4.46.1 to >=4.53.0, and scipy from ==1.14.1 to >=1.14.1. No other files or code logic changed.

Changes

Cohort / File(s)	Summary
Dependency Version Relaxation requirements.txt	Updated package version constraints: torch ==2.5.1 → >=2.8.0,<3; transformers ==4.46.1 → >=4.53.0; scipy ==1.14.1 → >=1.14.1. No functional code changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I nudged the pins and set them free,
Torch and Transformers hopped with glee,
SciPy stretched out a tiny paw,
One small change — no drama, no flaw,
A happy hop across the tree 🌿

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: relaxing version constraints for torch and scipy to improve Windows compatibility.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@requirements.txt`:
- Line 1: Update the torch requirement to a patched minimum version to avoid the
RCE vulnerability: change the requirement in requirements.txt from torch>=2.5.1
to at least torch>=2.6.0 (or preferably torch>=2.8.0,<3 to cover all advisories
and prevent accidental major upgrades); ensure the new constraint replaces the
existing "torch>=2.5.1" entry so dependency installs pull the fixed release.

[SxBxcoder]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

Thanks for the catch!

I have updated the constraint to torch>=2.8.0,<3. This resolves the RCE vulnerability (CVE-2025-32434) and covers the other advisories while maintaining Windows Python 3.11 compatibility.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@requirements.txt`:
- Line 8: You relaxed scipy to ">=1.14.1" but scipy 1.15.0 introduces breaking
changes; either pin an upper bound (e.g., "<1.15.0") in requirements.txt until
compatibility is verified, or run the test suite against scipy 1.15+ and update
code to handle the changes: adapt any uses of BSpline.integrate to accept a
numpy.ndarray (coerce to float when a scalar is expected), revise wilcoxon calls
to pass and handle the stricter method argument behavior, and remove or replace
references to AccuracyWarning; search for BSpline.integrate, wilcoxon, and
AccuracyWarning to locate affected code paths and add conversions/guards or
adjust logic accordingly.
- Line 1: The requirements.txt currently pins the torch dependency as
"torch>=2.2.0,<3" which is too permissive and contradicts your stated update;
change the constraint to "torch>=2.8.0,<3" to ensure fixes for CVE-2025-32434
and the mkldnn/ctc_loss DoS issues are included, and update any related comments
or documentation that claim "torch>=2.8.0,<3" so they match the actual
requirement; look for the "torch" line in requirements.txt and any nearby notes
referencing torch versions to keep them consistent.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check scipy versions and security information from PyPI

# Get scipy package info
echo "=== Fetching scipy package information from PyPI ==="
curl -s https://pypi.org/pypi/scipy/json 2>/dev/null | jq -r '
  .info | 
  "\(.name) - Latest: \(.version)\nHome Page: \(.home_page)\n"
'

# Get recent scipy releases (1.14.x and 1.15.x)
echo -e "\n=== Recent scipy releases ==="
curl -s https://pypi.org/pypi/scipy/json 2>/dev/null | jq -r '
  .releases | keys[] | 
  select(test("^1\\.(14|15|16)\\.")) | sort -V
' | tail -20

# Check if there are any security advisories on PyPI
echo -e "\n=== Checking for known security issues ==="
curl -s https://pypi.org/pypi/scipy/json 2>/dev/null | jq -r '
  if .vulnerabilities then 
    .vulnerabilities[] | "\(.id): \(.description)"
  else 
    "No vulnerabilities field found in PyPI API response"
  end
'

Repository: AOSSIE-Org/EduAid

Length of output: 411

---

🌐 Web query:

scipy 1.14.1 1.15 breaking changes release notes

💡 Result:

SciPy 1.14.1 (vs 1.14.0)

• No breaking changes called out: it’s a bug-fix release with no new features.
• Adds Python 3.13 support (including PyPI wheels). [1]

SciPy 1.15.0 (vs 1.14.x) — breaking/backwards-incompatible changes & notable upgrade notes

• Version requirements changed: requires Python 3.10–3.13 and NumPy ≥ 1.23.5. [2]
• Backwards incompatible changes: [2]
  • interpolate.BSpline.integrate now always returns a NumPy array (previously could return a Python float for 1D splines).
  • scipy.stats.wilcoxon now respects the user-provided method argument (previously could fall back to 'approx' even if 'exact' was specified in some cases).
  • scipy.integrate.AccuracyWarning removed because the functions that emitted it (scipy.integrate.quadrature, scipy.integrate.romberg) have been removed.
• Deprecations announced in 1.15.0 notes (scheduled removals/errors in 1.17.0): [3]
  • scipy.linalg.interpolative.rand / seed deprecated.
  • Complex inputs to scipy.spatial.distance.cosine and correlation deprecated (will error).
  • scipy.spatial.distance.kulczynski1 and sokalmichener deprecated.
  • scipy.stats.find_repeats deprecated (prefer numpy.unique / counts).

SciPy 1.15.1 (vs 1.15.0)

• No new features; bug-fix-only release.
• Fixes a reported issue where importing scipy.optimize could break other packages. [4]

Sources (release notes): SciPy 1.14.1 [1], SciPy 1.15.0 [2][3], SciPy 1.15.1 [4].

---

🌐 Web query:

scipy Windows installation compatibility Python 3.11 3.12

💡 Result:

• Python 3.11 on Windows: Supported by SciPy 1.9+ (SciPy 1.9–1.11 support Python <3.12, so 3.11 is OK), and Windows cp311 wheels are available (e.g., SciPy 1.10.x has cp311 win_amd64 wheels). [1], [2]
• Python 3.12 on Windows: Use SciPy 1.12+ for straightforward pip installs, because SciPy 1.12.0 is where Windows cp312 wheels are present on PyPI. [1], [3]
• Practical recommendation (Windows): For Python 3.11/3.12, install a recent SciPy (today, PyPI shows SciPy 1.17.0 with Windows wheels including cp312 win_amd64). [4]

Install (pip):

py -3.11 -m pip install -U pip scipy
py -3.12 -m pip install -U pip scipy

Common gotcha: If you pin an older SciPy that doesn’t provide a wheel for your Python version, pip may fall back to a source build (often failing without a full compiler/Fortran toolchain). [1]

Sources: SciPy toolchain/version support table [1]; PyPI wheel listings for cp311 (SciPy 1.10.1) [2] and cp312 (SciPy 1.12.0) [3]; PyPI current SciPy files showing cp312 Windows wheels (SciPy 1.17.0) [4].

---

Verify compatibility with scipy 1.15.0+ before deploying.

The constraint relaxation from ==1.14.1 to >=1.14.1 does improve Windows compatibility by allowing newer scipy versions with precompiled wheels. However, scipy 1.15.0 introduces backwards-incompatible changes: BSpline.integrate now always returns a numpy array (previously could return a float), wilcoxon respects the method argument more strictly, and AccuracyWarning has been removed. Test the application against scipy 1.15.0+ to ensure these changes don't break existing functionality.

🤖 Prompt for AI Agents

In `@requirements.txt` at line 8, You relaxed scipy to ">=1.14.1" but scipy 1.15.0
introduces breaking changes; either pin an upper bound (e.g., "<1.15.0") in
requirements.txt until compatibility is verified, or run the test suite against
scipy 1.15+ and update code to handle the changes: adapt any uses of
BSpline.integrate to accept a numpy.ndarray (coerce to float when a scalar is
expected), revise wilcoxon calls to pass and handle the stricter method argument
behavior, and remove or replace references to AccuracyWarning; search for
BSpline.integrate, wilcoxon, and AccuracyWarning to locate affected code paths
and add conversions/guards or adjust logic accordingly.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@requirements.txt`:
- Line 2: Replace the vulnerable pinned dependency "transformers==4.46.1" in
requirements.txt with a safe minimum version; update the line to
"transformers>=4.48.0" to immediately mitigate the RCE (CVE-2024-11394) or
preferably "transformers>=4.53.0" (or "transformers>=5.0.0") to also cover ReDoS
fixes—after changing the requirement, regenerate your lockfile or dependency
freeze (pip-compile / pip freeze) and run the test suite/CI to ensure
compatibility and no regressions.