fix(pt_expt): use weights_only=True when reading .pt checkpoints

`Backend.detect_backend_by_model` and `pt_expt.DeepEval._load_pt`
deserialised `.pt` files with `weights_only=False`, which allows
arbitrary code execution from a malicious checkpoint. The training
resume path (training.py:712) already uses `weights_only=True`; align
the two new sites with that convention.

Reported by chatgpt-codex-connector on PR #5423.

Author: Han Wang

deepmd/backend/backend.py

@@ -109,7 +109,9 @@ def detect_backend_by_model(filename: str) -> type["Backend"]:
             try:
                 import torch
 
-                sd = torch.load(filename, map_location="cpu", weights_only=False)
+                # Use weights_only=True to avoid executing arbitrary pickle
+                # from an untrusted .pt — sniffing only needs the dict keys.
+                sd = torch.load(filename, map_location="cpu", weights_only=True)
                 if isinstance(sd, dict) and "model" in sd:
                     sd = sd["model"]
                 keys = list(sd.keys()) if hasattr(sd, "keys") else []

deepmd/pt_expt/infer/deep_eval.py

@@ -227,7 +227,9 @@ def _load_pt(self, model_file: str, head: str | None = None) -> None:
             get_model,
         )
 
-        state_dict = torch.load(model_file, map_location=DEVICE, weights_only=False)
+        # Match the training resume path (training.py:712) — weights_only=True
+        # avoids unpickling arbitrary code from untrusted checkpoints.
+        state_dict = torch.load(model_file, map_location=DEVICE, weights_only=True)
         if "model" in state_dict:
             state_dict = state_dict["model"]
         model_params = deepcopy(state_dict["_extra_state"]["model_params"])