Use weights_only for load

[kit1980]

torch.load without weights_only parameter is unsafe. Explicitly set weights_only to False only if you trust the data you load and full pickle functionality is needed, otherwise set weights_only=True.

If weights_only=True doesn't work for some cases, then explicit weights_only=False should be used.

Found with https://github.com/pytorch-labs/torchfix/

[francois-rozet]

Thank you for the PR! This is the very first PR of Azula 🥳

I agree that weights_only=True should be used as much as possible. However, we already set it to true by default, and I am not sure it necessary to enforce it further. It also seems to not be supported by older version of PyTorch (1.12).

Do you know the version it was introduced in?

[kit1980]

Do you know the version it was introduced in?

The PR that added the option is pytorch/pytorch#86812, first release with it is PyTorch 1.13.0

[francois-rozet]

Thank you! I have dropped the support for torch<=1.12 to be able to use weights_only everywhere. Merged 👍

I also plan to add a hash-check protocol for our plugins to ensure that downloaded files are safe to read. I have already implemented part of that protocol in #6.