-
Notifications
You must be signed in to change notification settings - Fork 6.5k
chore(deps): update dependency transformers to v4.50.0 [security] #13398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
chore(deps): update dependency transformers to v4.50.0 [security] #13398
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @renovate-bot, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
Summary of Changes
Gemini or gemini-code-assist here, providing a summary of this pull request. The primary intent of this PR, created by renovate-bot, is to update the transformers
Python dependency from version 4.38.0
to 4.50.0
. This is a significant version jump that includes numerous changes, notably addressing several security vulnerabilities (CVEs) related to deserialization and regular expressions, as detailed in the PR description. Beyond security fixes, this update brings a wealth of new features, including support for new models like Gemma 3, Aya Vision, and Mistral 3.1, improvements to quantization and tensor parallelism, generation speedups, and a redesigned documentation, among many other bug fixes and enhancements.
Highlights
- Dependency Update: Updates the
transformers
Python library from version4.38.0
to4.50.0
. - Security Fixes: This update includes fixes for multiple security vulnerabilities (CVEs), including Remote Code Execution and Regular Expression Denial of Service issues present in previous versions.
- Major Feature Release: Version 4.50.0 of
transformers
introduces support for several new models, enhancements to quantization and generation, a new attention visualization tool, and various bug fixes and improvements as detailed in the release notes.
Changelog
- dataflow/run-inference/requirements.txt
- Updates the specified version of the
transformers
package from4.38.0
to4.50.0
.
- Updates the specified version of the
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command>
or @gemini-code-assist <command>
. Below is a summary of the supported commands.
Feature | Command | Description |
---|---|---|
Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/
folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
New version arrives,
Fixing bugs, adding models,
Code now safer runs.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code Review
This pull request updates the transformers
dependency from 4.38.0
to 4.50.0
. This is a crucial update as it addresses several significant security vulnerabilities, including Remote Code Execution (RCE) and Regular Expression Denial of Service (ReDoS) issues, as detailed in the pull request description. The change itself is minimal, consisting only of updating the version number in the requirements.txt
file.
Summary of Findings
- Security Vulnerability Mitigation: The update to
transformers==4.50.0
addresses several critical security vulnerabilities, including Remote Code Execution (RCE) and Regular Expression Denial of Service (ReDoS) issues, as detailed in the pull request description. Applying this update is essential for improving the security posture of the application.
Merge Readiness
The pull request updates a critical dependency to a version that includes important security fixes. The change is limited to a version bump in the requirements file. Based on the Renovate compatibility badge, tests appear to be passing. Given the security implications, this update is highly recommended for merging. I am unable to approve this pull request, so please ensure it is reviewed and approved by others before merging.
d1cd102
to
35d323f
Compare
35d323f
to
ab2bc2f
Compare
ab2bc2f
to
00deea4
Compare
00deea4
to
8db64bb
Compare
8db64bb
to
fc8e82b
Compare
fc8e82b
to
4f6b429
Compare
4f6b429
to
b1d3c6a
Compare
b1d3c6a
to
ce0711c
Compare
ce0711c
to
2a28fda
Compare
2a28fda
to
2700790
Compare
2700790
to
b25fcf6
Compare
b25fcf6
to
fc557a1
Compare
This PR contains the following updates:
==4.38.0
->==4.50.0
GitHub Vulnerability Alerts
CVE-2024-11392
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.
CVE-2024-11394
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.
CVE-2024-11393
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.
CVE-2024-12720
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3.
CVE-2025-1194
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file
tokenization_gpt_neox_japanese.py
of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).CVE-2025-2099
A vulnerability in the
preprocess_string()
function of thetransformers.testing_utils
module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.Release Notes
huggingface/transformers (transformers)
v4.50.0
Compare Source
Release v4.50.0
New Model Additions
Model-based releases
Starting with version v4.49.0, we have been doing model-based releases, additionally to our traditional, software-based monthly releases. These model-based releases provide a tag from which models may be installed.
Contrarily to our software-releases; these are not pushed to pypi and are kept on our GitHub. Each release has a tag attributed to it, such as:
v4.49.0-Gemma-3
v4.49.0-AyaVision
Each new model release will always be based on the current state of the main branch at the time of its creation. This ensures that new models start with the latest features and fixes available.
For example, if two models—Gemma-3 and AyaVision—are released from main, and then a fix for gemma3 is merged, it will look something like this:
We strive to merge model specific fixes on their respective branches as fast as possible!
Gemma 3
Gemma 3 is heavily referenced in the following model-based release and we recommend reading these if you want all the information relative to that model.
The Gemma 3 model was proposed by Google. It is a vision-language model composed by a SigLIP vision encoder and a Gemma 2 language decoder linked by a multimodal linear projection.
It cuts an image into a fixed number of tokens same way as Siglip if the image does not exceed certain aspect ratio. For images that exceed the given aspect ratio, it crops the image into multiple smaller pacthes and concatenates them with the base image embedding.
One particularity is that the model uses bidirectional attention on all the image tokens. Also, the model interleaves sliding window local attention with full causal attention in the language backbone, where each sixth layer is a full causal attention layer.
Shield Gemma2
ShieldGemma 2 is built on Gemma 3, is a 4 billion (4B) parameter model that checks the safety of both synthetic and natural images against key categories to help you build robust datasets and models. With this addition to the Gemma family of models, researchers and developers can now easily minimize the risk of harmful content in their models across key areas of harm as defined below:
We recommend using ShieldGemma 2 as an input filter to vision language models, or as an output filter of image generation systems. To train a robust image safety model, we curated training datasets of natural and synthetic images and instruction-tuned Gemma 3 to demonstrate strong performance.
Aya Vision
AyaVision is heavily referenced in the following model-based release and we recommend reading these if you want all the information relative to that model.
The Aya Vision 8B and 32B models is a state-of-the-art multilingual multimodal models developed by Cohere For AI. They build on the Aya Expanse recipe to handle both visual and textual information without compromising on the strong multilingual textual performance of the original model.
Aya Vision 8B combines the
Siglip2-so400-384-14
vision encoder with the Cohere CommandR-7B language model further post-trained with the Aya Expanse recipe, creating a powerful vision-language model capable of understanding images and generating text across 23 languages. Whereas, Aya Vision 32B uses Aya Expanse 32B as the language model.Key features of Aya Vision include:
Mistral 3.1
Mistral 3.1 is heavily referenced in the following model-based release and we recommend reading these if you want all the information relative to that model.
Building upon Mistral Small 3 (2501), Mistral Small 3.1 (2503) adds state-of-the-art vision understanding and enhances long context capabilities up to 128k tokens without compromising text performance. With 24 billion parameters, this model achieves top-tier capabilities in both text and vision tasks.
It is ideal for:
Smol VLM 2
SmolVLM-2 is heavily referenced in the following model-based release and we recommend reading these if you want all the information relative to that model.
SmolVLM2 is an adaptation of the Idefics3 model with two main differences:
SigLIP-2
SigLIP-2 is heavily referenced in the following model-based release and we recommend reading these if you want all the information relative to that model.
The SigLIP2 model was proposed in SigLIP 2: Multilingual Vision-Language Encoders with Improved Semantic Understanding, Localization, and Dense Features by Michael Tschannen, Alexey Gritsenko, Xiao Wang, Muhammad Ferjad Naeem, Ibrahim Alabdulmohsin,
Nikhil Parthasarathy, Talfan Evans, Lucas Beyer, Ye Xia, Basil Mustafa, Olivier Hénaff, Jeremiah Harmsen,
Andreas Steiner and Xiaohua Zhai.
The model comes in two variants
transformers
)Prompt Depth Anything
PromptDepthAnything is a high-resolution, accurate metric depth estimation model that leverages prompting, inspired by its success in vision-language (VLMs) and large language models (LLMs). Using iPhone LiDAR as a prompt, the model generates precise depth maps at up to 4K resolution, unlocking the potential of depth foundation models.
New tool: attention visualization
We add a new tool to
transformers
to visualize the attention layout of a given model. It only requires a model ID as input, and will load the relevant tokenizer/model and display what the attention mask looks like. Some examples:Deprecating transformers.agents in favor of smolagents
We are deprecating
transformers.agents
in favour of thesmolagents
library. Read more about smolagents here.Quantization
We support adding custom quantization method by using the
@register_quantization_config
and@register_quantizer
decorator:AMD is developing its in-house quantizer named Quark released under MIT license, which supports a broad range of quantization pre-processing, algorithms, dtypes and target hardware. You can now load a model quantized by quark library:
Torchao is augmented with
autoquant
support, CPU-quantization, as well as newAOBaseConfig
object instances for more advanced configuration.Tensor Parallelism implementation changes
At loading time, the parallelization is now applied module-by-module, so that no memory overhead is required compared to what the final weight distribution will be!
Generation
This release includes two speed upgrades to
generate
:do_sample=True
;num_beams
. The speedup is more visible on smaller models, wheremodel.forward
doesn't dominate the total run time.CandidateGenerator
by @keyboardAnt, @jmamou, and @gauravjain14 in #35029Documentation
A significant redesign of our documentation has wrapped-up. The goal was to greatly simplify the
transformers
documentation, making it much more easy to navigate. Let us know what you think!Notable repo maintenance
The research examples folder that was hosted in
transformers
is no more. We have moved it out oftransformers
and in the following repo: github.com/huggingface/transformers-research-projects/We have updated our flex attention support so as to have it be on-par with our Flash Attention 2 support.
More models support flex attention now thanks to @qubvel
First integration of hub kernels for deformable detr!
Bugfixes and improvements
EsmModelIntegrationTest::test_inference_bitsandbytes
by @faaany in #36225LlavaForConditionalGenerationModelTest::test_config
after #36077 by @ydshieh in #36230/generation
by @gante in #36235test_export_to_onnx
by @gante in #36241test_fast_is_faster_than_slow
by @ydshieh in #36240Speech2TextFeatureExtractor
API. by @KarelVesely84 in #34638pt_tf
equivalence tests by @gante in #36253test_from_pretrained_low_cpu_mem_usage_equal
less flaky by @gante in #36255GenerationTesterMixin
inheritance is correct 🐛 🔫 by @gante in #36180main
by @ydshieh in #36375is_causal
fail with compile by @Cyrilvallez in #36374benchmark.yml
by @ydshieh in #36402CandidateGenerator
by @keyboardAnt in #35029contents: write
by @ydshieh in #36445torch.distributed
-compatibleDynamicCache
by @gante in #36373src/transformers/image_utils.py
by @hmellor in #36435hub_retry
by @ydshieh in #36449TRUST_REMOTE_CODE
forRealmRetriever
for security by @ydshieh in #36511input_ids
passed toPrefixConstrainedLogitsProcessor
is zero by @HiDolen in #36489DataCollatorForLanguageModeling
by @capemox in #36457HybridCache
] disable automatic compilation by @gante in #36620make fix-copies
by @gante in #36664from_pretrained
by @Cyrilvallez in #36033meta
device by @gante in #36543gc.collect()
if only 1 shard is used by @gante in #36721test_eager_matches_sdpa_inference
by @gante in #36650generation_config
, overwrite default values with the model's basegeneration_config
by @gante in #36684Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.