Skip to content

fix(deps): vuln minor: pytest, torch · patch: transformers #104

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/pip/2-1778211144
Draft

fix(deps): vuln minor: pytest, torch · patch: transformers #104
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/pip/2-1778211144

Conversation

@gh-worker-campaigns-3e9aa4

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented May 8, 2026

Copy link
Copy Markdown

Summary: Security update — 3 packages upgraded (MINOR changes included)

Manifests changed:

  • . (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
transformers 4.52.1 4.52.4 patch Direct 9 MODERATE
pytest 8.3.5 8.4.2 minor Direct 2 MODERATE
torch 2.7.0 2.11.0 minor Direct 2 MODERATE, 1 LOW

Security Details

ℹ️ Other Vulnerabilities (14)
Package CVE Severity Summary Unsafe Version Fixed In
pytest GHSA-6w46-j5rx-g56g MODERATE pytest has vulnerable tmpdir handling 8.3.5 9.0.3
pytest CVE-2025-71176 MODERATE - 8.3.5 -
torch GHSA-887c-mr87-cxwp MODERATE PyTorch Improper Resource Shutdown or Release vulnerability 2.7.0 2.8.0
torch CVE-2025-3730 MODERATE - 2.7.0 -
transformers CVE-2025-6051 MODERATE - 4.52.1 -
transformers GHSA-rcv9-qm8p-9p6j MODERATE Hugging Face Transformers library has Regular Expression Denial of Service 4.52.1 4.53.0
transformers GHSA-59p9-h35m-wg4g MODERATE Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer 4.52.1 4.53.0
transformers CVE-2025-6638 MODERATE - 4.52.1 -
transformers GHSA-9356-575x-2w9m MODERATE Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability 4.52.1 4.53.0
transformers CVE-2025-5197 MODERATE - 4.52.1 -
transformers GHSA-4w7r-h757-3r74 MODERATE Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer 4.52.1 4.53.0
transformers CVE-2025-6921 MODERATE - 4.52.1 -
transformers GHSA-69w3-r845-3855 MODERATE HuggingFace Transformers allows for arbitrary code execution in the Trainer class 4.52.1 5.0.0rc3
torch GHSA-3749-ghw9-m3mg LOW PyTorch susceptible to local Denial of Service 2.7.0 2.7.1-rc1

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-low-severity adms-medium-severity adms-minor-update adms-mode-all-vulns adms-python campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants