Safetensors support

[Narsil]

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Provide a way to share and distribute files which are not unsafe (in the pickle sense with pytorch https://twitter.com/amli_art/status/1593312723898552320 )

It's also leading to faster load times.

Describe the solution you'd like

• Load safetensors by default when the library is present (library purely optional). https://github.com/huggingface/diffusers/pull/1357
• Propose a way to save in safetensors format. (opt-in, not the default) . Pretty much already possible with save_pretrained(..., save_function=...). I don't think it's possible at the pipeline level though.
• Need to add a conversion script (or update the existing one) to support diffusers too.

Also propose an integration with stable-diffusion-webui : https://github.com/AUTOMATIC1111/stable-diffusion-webui/pull/4930

Describe alternatives you've considered

There is torch.load(.., weight_only=True) which is only available with torch==1.13 but should work to prevent most abuses (haven't fully checked, it's possible it' still flawed).

Additional context Add any other context or screenshots about the feature request here.

[Cyberes]

People are making the pickle issue a much bigger deal than it needs to be.

[Narsil]

You're right, it's not that important. /s

Just because you haven't been affected (to your knowledge) doesn't mean it's not real. We have been receiving reports of actual attacks though, so no, it is a real threat in the wild. One that is easily fixed too.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. If you think this still needs to be addressed please comment on this thread.

Please note that issues that do not follow the contributing guidelines are likely to be ignored.