Bump transformers from 4.41.2 to 5.3.0#20
Conversation
Bumps [transformers](https://github.com/huggingface/transformers) from 4.41.2 to 5.3.0. - [Release notes](https://github.com/huggingface/transformers/releases) - [Commits](huggingface/transformers@v4.41.2...v5.3.0) --- updated-dependencies: - dependency-name: transformers dependency-version: 5.3.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 062b253. Configure here.
|
|
||
| # Models and Metrics Extras | ||
| transformers~=4.40 # For anthropic_client, vision_language.huggingface_vlm_client, huggingface_client, huggingface_tokenizer, test_openai_token_cost_estimator, model_summac (via summarization_metrics) | ||
| transformers~=5.3 # For anthropic_client, vision_language.huggingface_vlm_client, huggingface_client, huggingface_tokenizer, test_openai_token_cost_estimator, model_summac (via summarization_metrics) |
There was a problem hiding this comment.
Transformers 5 needs Python 3.10
High Severity
transformers==5.3.0 / transformers~=5.3 require Python 3.10+, but the package still declares python_requires = >=3.8,<3.11 and CI installs on 3.8 and 3.9. Dependency resolution or install for those interpreters fails when pulling the new transformers release.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 062b253. Configure here.
| torchvision~=0.16.2 | ||
| tqdm==4.66.4 | ||
| transformers==4.41.2 | ||
| transformers==5.3.0 |
There was a problem hiding this comment.
Stale tokenizers pin conflicts transformers
High Severity
The lockfile bumps transformers to 5.3.0 but leaves tokenizers==0.19.1, which matched the prior 4.x stack. transformers v5 declares a higher minimum tokenizers version, so pip install -r requirements.txt or pip check in install-dev.sh can fail on Python 3.10.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 062b253. Configure here.
There was a problem hiding this comment.
Risk: medium. Not approving: Cursor Bugbot reported 2 high-severity issues (transformers 5 requires Python 3.10+ vs python_requires>=3.8, stale tokenizers pin) and its check completed as skipped. This major transformers 4→5 bump needs human validation of dependency/CI compatibility.
Sent by Cursor Approval Agent: Pull Request Approver




Bumps transformers from 4.41.2 to 5.3.0.
Release notes
Sourced from transformers's releases.
... (truncated)
Commits
aad13b8v5.3.0f6c63a6protect imports (#44437)fd6bc38[vllm + v5 fix] handle TokenizersBackend fallback properly for v5 (#44255)30c4801Fix CLI NameError: name 'TypeAdapter' is not defined (#44256)ee4c220Enforce min length in some generate tests (#44401)a4f3df0[tiny] Add olmo_hybrid to tokenizer auto-mapping (#44416)1313588Update PR template (#44415)7235d44Add eurobert (#39455)f60c4e9Add Qwen3.5 support for sequence classification (#44406)fa7f4b6update the expected output for qwen2_5_vl w/ pytorch 2.10 XPU (#44426)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Medium Risk
Major dependency upgrade with documented v5 breaking changes affecting generation and model loading used by core Hugging Face integration code; risk is mitigated by the diff being pins-only but runtime compatibility is unverified in this PR.
Overview
Dependabot major-version bump for Hugging Face
transformers: pinnedrequirements.txtmoves from 4.41.2 to 5.3.0, andsetup.cfginstall_requiresupdates the compatible range from~=4.40to~=5.3.No application code changes in this PR—only dependency pins. The library is used across Hugging Face clients, tokenizers, VLM paths, and summarization metrics (e.g. SummaC, GPT-2 tokenization). Transformers v5 includes breaking changes (generation cache/sliding-window behavior, backbone config cleanup, and other API shifts), so installs and CI that exercise those paths may need follow-up validation beyond merging the version bump.
Reviewed by Cursor Bugbot for commit 062b253. Bugbot is set up for automated code reviews on this repo. Configure here.