Use safe loading for .pth checkpoint

[albanD]

This change ensures that only weights can be loaded from the checkpoints, which is the case for the official llama checkpoints. It reduces the potential impact of a malicious checkpoint.

This argument has been available since at least PyTorch 1.13, but I haven't checked earlier versions. If you need to support older versions of PyTorch, please let me know and I can modify the code to be backward compatible.

[prusnak]

Can you please also update convert-gptq-to-ggml.py?

[albanD]

I can for sure.
I don't have a gptq file on hand so I couldn't check if regular gptq files contains things that are not weights?
If you could try on your end or give me instructions how to get one I can check that.

[albanD]

Added the update but this needs to be tested before merging!

[ggerganov]

This change was added before and it was a real pain because my Python wasn't the proper version.
Unless this can somehow check if the Python version supports this flag, I prefer to not add it because it will mostly cause trouble than anything else.

Please reopen if you can make it backwards compatible

[prusnak]

The new conversion script in #545 does not use torch.load, so we won't need this anymore if it is merged.

[albanD]

You do run regular python unpickler on it so unsafe idd.
But I guess the safetensors is the right way to go for the people who want this extra safety.