Upgrade: Bump github.com/ollama/ollama from 0.3.0 to 0.5.7

[dependabot]

Bumps github.com/ollama/ollama from 0.3.0 to 0.5.7.

Release notes

Sourced from github.com/ollama/ollama's releases.

v0.5.7

What's Changed

• Fixed issue where using two FROM commands in Modelfile
• Support importing Command R and Command R+ architectures from safetensors

New Contributors

• @​Gloryjaw made their first contribution in ollama/ollama#8438

Full Changelog: ollama/ollama@v0.5.6...v0.5.7

v0.5.6

What's Changed

• Fixed errors that would occur when running ollama create on Windows and when using absolute paths

New Contributors

• @​steveberdy made their first contribution in ollama/ollama#8352

Full Changelog: ollama/ollama@v0.5.5...v0.5.6

v0.5.5

New models

• Phi-4: Phi 4 is a 14B parameter, state-of-the-art open model from Microsoft.
• Command R7B: the smallest model in Cohere's R series delivers top-tier speed, efficiency, and quality to build powerful AI applications on commodity GPUs and edge devices.
• DeepSeek-V3: A strong Mixture-of-Experts (MoE) language model with 671B total parameters with 37B activated for each token.
• OLMo 2: a new family of 7B and 13B models trained on up to 5T tokens. These models are on par with or better than equivalently sized fully open models, and competitive with open-weight models such as Llama 3.1 on English academic benchmarks.
• Dolphin 3: the next generation of the Dolphin series of instruct-tuned models designed to be the ultimate general purpose local model, enabling coding, math, agentic, function calling, and general use cases.
• SmallThinker: A new small reasoning model fine-tuned from the Qwen 2.5 3B Instruct model.
• Granite 3.1 Dense: 2B and 8B text-only dense LLMs trained on over 12 trillion tokens of data, demonstrated significant improvements over their predecessors in performance and speed in IBM’s initial testing.
• Granite 3.1 MoE: 1B and 3B long-context mixture of experts (MoE) Granite models from IBM designed for low latency usage.

What's Changed

• The /api/create API endpoint that powers ollama create has been changed to improve conversion time and also accept a JSON object. Note: this change is not backwards compatible. If importing models, make sure you're using version 0.5.5 or later for both Ollama and the ollama CLI when running ollama create. If using ollama.create in the Python or JavaScript libraries, make sure to update to the latest version.
• Fixed runtime error that would occur when filling the model's context window
• Fixed crash that would occur when quotes were used in /save
• Fixed errors that would occur when sending x-stainless headers from OpenAI clients

New Contributors

• @​Squishedmac made their first contribution in ollama/ollama#8172
• @​erusev made their first contribution in ollama/ollama#7950
• @​olumolu made their first contribution in ollama/ollama#8227
• @​paradoxical-dev made their first contribution in ollama/ollama#8242
• @​belfie13 made their first contribution in ollama/ollama#8215
• @​Docteur-RS made their first contribution in ollama/ollama#7259
• @​anxkhn made their first contribution in ollama/ollama#8082
• @​ubaldus made their first contribution in ollama/ollama#8307
• @​isamu made their first contribution in ollama/ollama#8343

... (truncated)

Commits

• a420a45 fix default modelfile for create (#8452)
• 42cf4db parser: fix parsing Modelfiles with multiple FROM commands (#8449)
• 93a8daf convert: import support for command-r models from safetensors (#6063)
• a041b4d docs: fix path to examples (#8438)
• 2539f2d Fix absolute path names + gguf detection (#8428)
• 61676fb llama: move grammar tests to llama_test.go (#8411)
• f6f3713 convert: qwen2 from safetensors (#8408)
• a30f347 readme: add LangChain for .NET to community integrations (#8352)
• 74ea4fb remove .prettierrc.json (#8413)
• 6982e9c readme: remove link to missing page
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The pull request updates the Go version from 1.23.2 to 1.23.5 and several dependencies, including security-relevant packages like golang.org/x/crypto and github.com/ollama/ollama, with changes reflected in the go.mod and go.sum files.

Expand for full summary

Summary:

The changes in this pull request primarily focus on updating the Go version used in the project from 1.23.2 to 1.23.5, as well as updating several dependencies, including github.com/ollama/ollama, golang.org/x/crypto, and others. From an application security perspective, the update to the golang.org/x/crypto package is the most notable change, as it can help address any known security vulnerabilities in the previous version. Additionally, the update to the github.com/ollama/ollama dependency should be reviewed to understand the nature of the changes and any potential security implications.

Overall, these changes appear to be routine updates to the project's dependencies, including a minor version update to the Go toolchain. As long as the updated dependencies have been thoroughly tested and vetted, this change should not introduce any significant security concerns. However, it's important to review the release notes and change logs for the updated dependencies to ensure that there are no known security issues or breaking changes that could impact the application.

Files Changed:

1. go.mod: This file has been updated to reflect the changes in the Go version and dependency versions. The Go version has been updated from 1.23.2 to 1.23.5, and several dependencies have been updated, including github.com/ollama/ollama, golang.org/x/crypto, golang.org/x/sync, golang.org/x/sys, golang.org/x/term, and golang.org/x/text.
2. go.sum: This file has been updated to reflect the changes in the github.com/ollama/ollama dependency, which has been updated from version 0.3.0 to 0.5.7.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

View PR in the DryRun Dashboard.

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
Critical	pkg:golang/github.com/ollama/ollama@v0.5.7 upgrade to: > v0.5.7

More info on how to fix Vulnerable Libraries in Go.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.