pickle.loads throws warning with nn.Module #130242
Description
Pickling a nn.Module that contains tensor attributes now throws a warning:
import torch
import pickle
pickle.loads(pickle.dumps(torch.nn.Linear(10, 10)))/home/nicolashug/.miniconda3/envs/pt/lib/python3.11/site-packages/torch/storage.py:505: FutureWarning: You are using `torch.load`
with `weights_only=False` (the current default value), which uses the default pickle module implicitly. It is possible to construct malicious
pickle data which will execute arbitrary code during unpickling (See https://github.com/pytorch/pytorch/blob/main/
SECURITY.md#untrusted-models for more details). In a future release, the default value for `weights_only` will be flipped to `True`. This
limits the functions that could be executed during unpickling. Arbitrary objects will no longer be allowed to be loaded via this mode
unless they are explicitly allowlisted by the user via `torch.serialization.add_safe_globals`. We recommend you start setting
`weights_only=True` for any use case where you don't have full control of the loaded file. Please open an issue on GitHub for any issues
related to this experimental feature.
This seems to be due to #129239 (CC-ing authors and reviewers: @mikaylagawarecki @albanD @malfet).
What is the recommended workaround to avoid the warning? The current warning message is unfortunately unactionable in this case because the user didn't call torch.load() directly, only pickle.loads().
Note: this is related to / causing pytorch/vision#8517
torch version: 2.5.0.dev20240708+cpu