chore(deps): bump vllm from 0.6.1.post1 to 0.14.1 in /research

[dependabot]

Bumps vllm from 0.6.1.post1 to 0.14.1.

Release notes

Sourced from vllm's releases.

v0.14.1

This is a patch release on top of v0.14.0 to address a few security and memory leak fixes.

v0.14.0

Highlights

This release features approximately 660 commits from 251 contributors (86 new contributors).

Breaking Changes:

• Async scheduling is now enabled by default - Users who experience issues can disable with --no-async-scheduling.
  • Excludes some not-yet-supported configurations: pipeline parallel, CPU backend, non-MTP/Eagle spec decoding.
• PyTorch 2.9.1 is now required and the default wheel is compiled against cu129.
• Deprecated quantization schemes have been removed (#31688, #31285).
• When using speculative decoding, unsupported sampling parameters will fail rather than being silently ignored (#31982).

Key Improvements:

• Async scheduling enabled by default (#27614): Overlaps engine core scheduling with GPU execution, improving throughput without user configuration. Now also works with speculative decoding (#31998) and structured outputs (#29821).
• gRPC server entrypoint (#30190): Alternative to REST API with binary protocol, HTTP/2 multiplexing.
• --max-model-len auto (#29431): Automatically fits context length to available GPU memory, eliminating OOM startup failures.
• Model inspection view (#29450): View the modules, attention backends, and quantization of your model in vLLM by specifying VLLM_LOG_MODEL_INSPECTION=1 or by simply printing the LLM object.
• Model Runner V2 enhancements: UVA block tables (#31965), M-RoPE (#32143), logit_bias/allowed_token_ids/min_tokens support (#32163).
  • Please note that Model Runner V2 is still experimental and disabled by default.

Model Support

New Model Architectures:

• Grok-2 with tiktoken tokenizer (#31847)
• LFM2-VL vision-language model (#31758)
• MiMo-V2-Flash (#30836)
• openPangu MoE (#28775)
• IQuestCoder (#31575)
• Nemotron Parse 1.1 (#30864)
• GLM-ASR audio (#31436)
• Isaac vision model v0.1/v0.2 (#28367, #31550)
• Kanana-1.5-v-3b-instruct (#29384)
• K-EXAONE-236B-A23B MoE (#31621)

LoRA Support Expansion:

• Multimodal tower/connector LoRA (#26674): LLaVA (#31513), BLIP2 (#31620), PaliGemma (#31656), Pixtral (#31724), DotsOCR (#31825), GLM4-V (#31652)
• DeepSeek-OCR (#31569), Qwen3-Next (#31719), NemotronH (#31539), PLaMo 2/3 (#31322)
• Vision LoRA mm_processor_cache support (#31927)
• MoE expert base_layer loading (#31104)

Model Enhancements:

• Qwen3-VL as reranker (#31890)
• DeepSeek v3.2 chat prefix completion (#31147)
• GLM-4.5/GLM-4.7 enable_thinking: false (#31788)
• Ernie4.5-VL video timestamps (#31274)
• Score template expansion (#31335)
• LLaMa4 vision encoder compilation (#30709)

... (truncated)

Commits

• d7de043 [CI] fix version comparsion and exclusion patterns in upload-release-wheels.s...
• 4dc11b0 [Bugfix] Fix Whisper/encoder-decoder GPU memory leak (#32789)
• 2bd95d8 [Misc] Bump opencv-python dependecy version to 4.13 (#32668)
• f46d576 [Misc] Replace urllib's urlparse with urllib3's parse_url (#32746)
• d682094 [build] fix cu130 related release pipeline steps and publish as nightly image...
• b17039b [CI] Implement uploading to PyPI and GitHub in the release pipeline, enable r...
• 48b67ba [Frontend] Standardize use of create_error_response (#32319)
• 09f4264 [Bugfix] Fix ROCm dockerfiles (#32447)
• 7f42dc2 [CI] Fix LM Eval Large Models (H100) (#32423)
• c2a37a3 Cherry pick [ROCm] [CI] [Release] Rocm wheel pipeline with sccache #32264
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.