chore(deps-dev): update bitsandbytes requirement from >=0.43 to >=0.49.2

[dependabot]

Updates the requirements on bitsandbytes to permit the latest version.

Release notes

Sourced from bitsandbytes's releases.

0.49.2

Highlights

• The default blocksize of 64 for 4bit quantization is now supported on ROCm. Previously the default was 128, which was a mismatch from the default for other devices.
• ROCm 7.2 build is now included.

What's Changed

• bug: fix 8bitoptim support with fsdp by @​ved1beta in bitsandbytes-foundation/bitsandbytes#1840
• Fix xpu 4bit kernel by @​jiqing-feng in bitsandbytes-foundation/bitsandbytes#1839
• ROCm 7.2 build and doc changes by @​sstamenk in bitsandbytes-foundation/bitsandbytes#1845
• Add CUDA kernel support for 4-bit quantization with blocksize=32 by @​Abdennacer-Badaoui in bitsandbytes-foundation/bitsandbytes#1854
• Add blocksize=64 4-bit quantization support for ROCm CDNA (warp64) GPUs by @​Abdennacer-Badaoui in bitsandbytes-foundation/bitsandbytes#1856
• [Docs Update] QLoRA 4-bit Support on ROCm by @​Abdennacer-Badaoui in bitsandbytes-foundation/bitsandbytes#1857
• [ROCm] Make blocksize=64 default for 4bit by @​matthewdouglas in bitsandbytes-foundation/bitsandbytes#1873
• Handle non-contiguous tensors in quantize/dequantize ops by @​TimDettmers in bitsandbytes-foundation/bitsandbytes#1859
• Fix AdEMAMix scheduler guard and add state_dict round-trip test by @​TimDettmers in bitsandbytes-foundation/bitsandbytes#1861

New Contributors

• @​Abdennacer-Badaoui made their first contribution in bitsandbytes-foundation/bitsandbytes#1854

Full Changelog: bitsandbytes-foundation/bitsandbytes@0.49.1...0.49.2

Changelog

Sourced from bitsandbytes's changelog.

v0.45.1

Improvements:

• Compatibility for triton>=3.2.0
• Moved package configuration to pyproject.toml
• Build system: initial support for NVIDIA Blackwell B100 GPUs, RTX 50 Blackwell series GPUs and Jetson Thor Blackwell.
  • Note: Binaries built for these platforms are not included in this release. They will be included in future releases upon the availability of the upcoming CUDA Toolkit 12.7 and 12.8.

Bug Fixes:

• Packaging: wheels will no longer include unit tests. (#1478)

Dependencies:

• Sets the minimum PyTorch version to 2.0.0.

0.45.0

This is a significant release, bringing support for LLM.int8() to NVIDIA Hopper GPUs such as the H100.

As part of the compatibility enhancements, we've rebuilt much of the LLM.int8() code in order to simplify for future compatibility and maintenance. We no longer use the col32 or architecture-specific tensor layout formats while maintaining backwards compatibility. We additionally bring performance improvements targeted for inference scenarios.

Performance Improvements

This release includes broad performance improvements for a wide variety of inference scenarios. See this X thread for a detailed explanation.

Breaking Changes

🤗PEFT users wishing to merge adapters with 8-bit weights will need to upgrade to peft>=0.14.0.

Packaging Improvements

• The size of our wheel has been reduced by ~43.5% from 122.4 MB to 69.1 MB! This results in an on-disk size decrease from ~396MB to ~224MB.
• Binaries built with CUDA Toolkit 12.6.2 are now included in the PyPI distribution.
• The CUDA 12.5.0 build has been updated to CUDA Toolkit 12.5.1.

Deprecations

• A number of public API functions have been marked for deprecation and will emit FutureWarning when used. These functions will become unavailable in future releases. This should have minimal impact on most end-users.
• The k-bit quantization features are deprecated in favor of blockwise quantization. For all optimizers, using block_wise=False is not recommended and support will be removed in a future release.
• As part of the refactoring process, we've implemented many new 8bit operations. These operations no longer use specialized data layouts.

Full Changelog

• refine docs for multi-backend alpha release by @​Titus-von-Koeller in #1380
• README: Replace special Unicode text symbols with regular characters by @​akx in #1385
• Update CI tools & fix typos by @​akx in #1386
• Fix invalid escape sequence warning in Python 3.12 by @​oshiteku in #1420
• [Build] Add CUDA 12.6.2 build; update 12.5.0 to 12.5.1 by @​matthewdouglas in #1431
• LLM.int8() Refactoring: Part 1 by @​matthewdouglas in #1401

0.44.1

Bug fixes:

... (truncated)

Commits

• f0e6ca3 Release 0.49.2
• cace65c Fix AdEMAMix scheduler guard and add state_dict round-trip test (#1861)
• 505a00a Handle non-contiguous tensors in quantize/dequantize ops (#1859)
• c2ae381 [ROCm] Make blocksize=64 default for 4bit (#1873)
• 943e42d Skip typo check on agent markdown files
• b075afc update docs (#1857)
• de89ff7 docs: Add PR review posting guide, agent reference docs, and lint fixes
• a2c92f7 docs: Add human+agent issue triage workflow guide
• 252e6ff docs: Update issue patterns from 43 recently closed issues
• 88c6c71 style: Fix ruff format violation in test_linear4bit.py
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

Greptile Summary

This Dependabot PR bumps the bitsandbytes minimum version from >=0.43 to >=0.49.2 in pyproject.toml's train optional dependencies. The uv.lock resolved package is already at 0.49.2, but the [package.metadata].requires-dist snapshot in the lockfile still reflects the old specifier >=0.43, leaving it out of sync with pyproject.toml and breaking uv sync --locked.

Confidence Score: 4/5

Safe to merge after regenerating uv.lock with uv lock to fix the stale requires-dist metadata.

The pyproject.toml change itself is correct and the resolved package in the lock file is already 0.49.2. However, the lock file's requires-dist metadata still references the old >=0.43 specifier, which will cause uv sync --locked to fail. A P1 fix is needed before CI using locked installs will pass.

uv.lock — requires-dist metadata must be updated by running uv lock.

Important Files Changed

Filename	Overview
pyproject.toml	Bumps bitsandbytes minimum version from >=0.43 to >=0.49.2 in the train optional dependencies group.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[pyproject.toml\nbitsandbytes >=0.49.2] -->|uv lock| B[uv.lock resolved\nbitsandbytes==0.49.2 ✓]
    A -->|requires-dist metadata| C[uv.lock metadata\nspecifier: >=0.43 ✗ STALE]
    C -->|uv sync --locked| D[❌ Lock file outdated error]
    B -->|uv sync| E[✅ Installs 0.49.2 correctly]

Loading

Comments Outside Diff (1)

1. uv.lock, line 763 (link)

   Stale lock file metadata after pyproject.toml update

   The requires-dist snapshot in uv.lock still records specifier = ">=0.43" for bitsandbytes, but pyproject.toml now declares >=0.49.2. uv sync --locked validates that this metadata matches pyproject.toml exactly and will fail with a "lockfile is outdated" error until the lock file is regenerated. The resolved wheel is already pinned to 0.49.2 (line 200), so a uv lock run will likely produce no actual package changes — but CI that uses --locked is broken until then.

_{Reviews (1): Last reviewed commit: "chore(deps-dev): update bitsandbytes req..." | Re-trigger Greptile}