Bump the pip group across 2 directories with 3 updates

[dependabot]

Bumps the pip group with 3 updates in the /LLM/rag directory: transformers, langchain-core and pypdf.
Bumps the pip group with 1 update in the /Text-Summarizer-Browser-Plugin directory: pypdf.

Updates transformers from 4.57.6 to 5.0.0rc3

Commits

• cb5079f v5.0.0rc3
• d1808f2 [ci] Fixing some failing tests for important models (#43231)
• 3d27645 Add LightOnOCR model implementation (#41621)
• 77146cc fix crash in when running FSDP2+TP (#43226)
• 61317f5 [CB] Ensure parallel decoding test passes using FA (#43277)
• 1efe1a6 Fix failing PegasusX, Mvp & LED model integration tests (#43245)
• e8ae373 [consistency] Ensure models are added to the _toctree.yml (#43264)
• c85be98 [docs] tensorrt-llm (#43176)
• 38022fd [style] Fix init isort and align makefile and CI (#43260)
• e977446 Fix failing Hiera, SwiftFormer & LED Model integration tests (#43225)
• Additional commits viewable in compare view

Updates langchain-core from 1.2.22 to 1.2.28

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.28

Changes since langchain-core==1.2.27

release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612)

langchain-core==1.2.27

Changes since langchain-core==1.2.26

release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue in #36585.

langchain-core==1.2.26

Changes since langchain-core==1.2.25

release(core): 1.2.26 (#36511) fix(core): add init validator and serialization mappings for Bedrock models (#34510) feat(core): add ChatBaseten to serializable mapping (#36510) chore(core): drop gpt-3.5-turbo from docstrings (#36497) fix(core): correct parameter names in filter_messages docstring example (#36462)

langchain-core==1.2.25

Changes since langchain-core==1.2.24

release(core): 1.2.25 (#36473) fix(core): harden check for txt files in deprecated prompt loading functions (#36471) fix(core): fixed typos in the documentation (#36459)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue resolved in #36471.

langchain-core==1.2.24

Changes since langchain-core==1.2.23

release(core): 1.2.24 (#36434) feat(core): impute placeholder filenames for OpenAI file inputs (#36433) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) fix(core): add "computer" to _WellKnownOpenAITools (#36261)

langchain-core==1.2.23

Changes since langchain-core==1.2.22

release(core): 1.2.23 (#36323) revert: Revert "fix(core): trace invocation params in metadata" (#36322) chore: bump requests from 2.32.5 to 2.33.0 in /libs/core (#36243)

Commits

• dd7c3eb release(core): release 1.2.28 (#36614)
• af2ed47 fix(core): add more sanitization to templates (#36612)
• 7e5858d release(standard-tests): 1.1.6 (#36610)
• fe99cb2 fix(standard-tests): update standard tests for sandbox backends (#36036)
• 65bbd47 chore(model-profiles): refresh model profile data (#36596)
• 6486404 release(core): 1.2.27 (#36586)
• 7629c74 fix(core): handle symlinks in deprecated prompt save path (#36585)
• ce21bf4 ci: convert working-directory to validated dropdown (#36575)
• b8698ea release(ollama): 1.1.0 (#36574)
• 3beba77 feat(ollama): support response_format (#34612)
• Additional commits viewable in compare view

Updates pypdf from 6.9.2 to 6.10.2

Release notes

Sourced from pypdf's releases.

Version 6.10.2, 2026-04-15

What's new

Security (SEC)

• Do not rely on possibly invalid /Size for incremental cloning (#3735) by @​stefan6419846
• Introduce limits for FlateDecode parameters and image decoding (#3734) by @​stefan6419846

Full Changelog

Version 6.10.1, 2026-04-14

What's new

Security (SEC)

• Limit the allowed size of xref and object streams (#3733) by @​stefan6419846

Robustness (ROB)

• Consider strict mode setting for decryption errors (#3731) by @​stefan6419846

Documentation (DOC)

• Use new parameter names for compress_identical_objects by @​stefan6419846

Full Changelog

Version 6.10.0, 2026-04-10

What's new

Security (SEC)

• Disallow custom XML entity declarations for XMP metadata (#3724) by @​stefan6419846

New Features (ENH)

• Skip MD5 key derivation for AES-256 encrypted PDFs (#3694) by @​Ygnas

Bug Fixes (BUG)

• Use remove_orphans in compress_identical_objects (#3310) by @​j-t-1
• Fix PdfReadError when xref table contains comments before trailer (#3710) by @​rassie
• Correctly verify AES padding during decryption (#3699) by @​stefan6419846
• Fix stale object cache from non-authoritative object streams (#3698) by @​astahlman
• Fix extract_links pairing when annotations include non-links (#3687) by @​ReinerBRO

Documentation (DOC)

• Add AI policy (#3717) by @​stefan6419846

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.10.2, 2026-04-15

Security (SEC)

• Do not rely on possibly invalid /Size for incremental cloning (#3735)
• Introduce limits for FlateDecode parameters and image decoding (#3734)

Full Changelog

Version 6.10.1, 2026-04-14

Security (SEC)

• Limit the allowed size of xref and object streams (#3733)

Robustness (ROB)

• Consider strict mode setting for decryption errors (#3731)

Documentation (DOC)

• Use new parameter names for compress_identical_objects

Full Changelog

Version 6.10.0, 2026-04-10

Security (SEC)

• Disallow custom XML entity declarations for XMP metadata (#3724)

New Features (ENH)

• Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)

Bug Fixes (BUG)

• Use remove_orphans in compress_identical_objects (#3310)
• Fix PdfReadError when xref table contains comments before trailer (#3710)
• Correctly verify AES padding during decryption (#3699)
• Fix stale object cache from non-authoritative object streams (#3698)
• Fix extract_links pairing when annotations include non-links (#3687)

Documentation (DOC)

• Add AI policy (#3717)

Full Changelog

Commits

• c476b4f REL: 6.10.2
• c50a010 SEC: Do not rely on possibly invalid /Size for incremental cloning (#3735)
• ac734da SEC: Introduce limits for FlateDecode parameters and image decoding (#3734)
• b49e7eb REL: 6.10.1
• 62338e9 SEC: Limit the allowed size of xref and object streams (#3733)
• 5dcc0ae DEV: Update pytest-benchmark to 5.2.3
• b42e4aa DEV: Update pinned pillow and pytest where possible (#3732)
• 717446b ROB: Consider strict mode setting for decryption errors (#3731)
• 9e461d3 DEV: Bump softprops/action-gh-release from 2 to 3 (#3730)
• 500d09d TST: Update test_embedded_file__basic to use tmp_path fixture (#3726)
• Additional commits viewable in compare view

Updates pypdf from 6.9.2 to 6.10.2

Release notes

Sourced from pypdf's releases.

Version 6.10.2, 2026-04-15

What's new

Security (SEC)

• Do not rely on possibly invalid /Size for incremental cloning (#3735) by @​stefan6419846
• Introduce limits for FlateDecode parameters and image decoding (#3734) by @​stefan6419846

Full Changelog

Version 6.10.1, 2026-04-14

What's new

Security (SEC)

• Limit the allowed size of xref and object streams (#3733) by @​stefan6419846

Robustness (ROB)

• Consider strict mode setting for decryption errors (#3731) by @​stefan6419846

Documentation (DOC)

• Use new parameter names for compress_identical_objects by @​stefan6419846

Full Changelog

Version 6.10.0, 2026-04-10

What's new

Security (SEC)

• Disallow custom XML entity declarations for XMP metadata (#3724) by @​stefan6419846

New Features (ENH)

• Skip MD5 key derivation for AES-256 encrypted PDFs (#3694) by @​Ygnas

Bug Fixes (BUG)

• Use remove_orphans in compress_identical_objects (#3310) by @​j-t-1
• Fix PdfReadError when xref table contains comments before trailer (#3710) by @​rassie
• Correctly verify AES padding during decryption (#3699) by @​stefan6419846
• Fix stale object cache from non-authoritative object streams (#3698) by @​astahlman
• Fix extract_links pairing when annotations include non-links (#3687) by @​ReinerBRO

Documentation (DOC)

• Add AI policy (#3717) by @​stefan6419846

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.10.2, 2026-04-15

Security (SEC)

• Do not rely on possibly invalid /Size for incremental cloning (#3735)
• Introduce limits for FlateDecode parameters and image decoding (#3734)

Full Changelog

Version 6.10.1, 2026-04-14

Security (SEC)

• Limit the allowed size of xref and object streams (#3733)

Robustness (ROB)

• Consider strict mode setting for decryption errors (#3731)

Documentation (DOC)

• Use new parameter names for compress_identical_objects

Full Changelog

Version 6.10.0, 2026-04-10

Security (SEC)

• Disallow custom XML entity declarations for XMP metadata (#3724)

New Features (ENH)

• Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)

Bug Fixes (BUG)

• Use remove_orphans in compress_identical_objects (#3310)
• Fix PdfReadError when xref table contains comments before trailer (#3710)
• Correctly verify AES padding during decryption (#3699)
• Fix stale object cache from non-authoritative object streams (#3698)
• Fix extract_links pairing when annotations include non-links (#3687)

Documentation (DOC)

• Add AI policy (#3717)

Full Changelog

Commits

• c476b4f REL: 6.10.2
• c50a010 SEC: Do not rely on possibly invalid /Size for incremental cloning (#3735)
• ac734da SEC: Introduce limits for FlateDecode parameters and image decoding (#3734)
• b49e7eb REL: 6.10.1
• 62338e9 SEC: Limit the allowed size of xref and object streams (#3733)
• 5dcc0ae DEV: Update pytest-benchmark to 5.2.3
• b42e4aa DEV: Update pinned pillow and pytest where possible (#3732)
• 717446b ROB: Consider strict mode setting for decryption errors (#3731)
• 9e461d3 DEV: Bump softprops/action-gh-release from 2 to 3 (#3730)
• 500d09d TST: Update test_embedded_file__basic to use tmp_path fixture (#3726)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.