Skip to content

Bump the pip group across 2 directories with 5 updates #3902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump the pip group across 2 directories with 5 updates #3902

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 1, 2025
edited
Loading

Bumps the pip group with 5 updates in the / directory:

Package From To
transformers 4.52.4 4.53.0
torch 2.5.1 2.8.0
tensorflow 2.11.1 2.12.1
protobuf 3.19.6 4.25.8
mkdocs-include-markdown-plugin 4.0.0 7.1.8

Bumps the pip group with 1 update in the /docs directory: mkdocs-include-markdown-plugin.

Updates transformers from 4.52.4 to 4.53.0

Release notes

Sourced from transformers's releases.

Release v4.53.0

Gemma3n

Gemma 3n models are designed for efficient execution on low-resource devices. They are capable of multimodal input, handling text, image, video, and audio input, and generating text outputs, with open weights for pre-trained and instruction-tuned variants. These models were trained with data in over 140 spoken languages.

Gemma 3n models use selective parameter activation technology to reduce resource requirements. This technique allows the models to operate at an effective size of 2B and 4B parameters, which is lower than the total number of parameters they contain. For more information on Gemma 3n's efficient parameter management technology, see the Gemma 3n page.

image

from transformers import pipeline
import torch
pipe = pipeline(
"image-text-to-text",
torch_dtype=torch.bfloat16,
model="google/gemma-3n-e4b",
device="cuda",
)
output = pipe(
"https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/bee.jpg",
text="<image_soft_token> in this image, there is"
)
print(output)

Dia

image

Dia is an opensource text-to-speech (TTS) model (1.6B parameters) developed by Nari Labs. It can generate highly realistic dialogue from transcript including nonverbal communications such as laughter and coughing. Furthermore, emotion and tone control is also possible via audio conditioning (voice cloning).

Model Architecture: Dia is an encoder-decoder transformer based on the original transformer architecture. However, some more modern features such as rotational positional embeddings (RoPE) are also included. For its text portion (encoder), a byte tokenizer is utilized while for the audio portion (decoder), a pretrained codec model DAC is used - DAC encodes speech into discrete codebook tokens and decodes them back into audio.

Kyutai Speech-to-Text

Kyutai STT is a speech-to-text model architecture based on the Mimi codec, which encodes audio into discrete tokens in a streaming fashion, and a Moshi-like autoregressive decoder. Kyutai’s lab has released two model checkpoints:

... (truncated)

Commits

Updates torch from 2.5.1 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

Highlights

... (truncated)

Commits
  • ba56102 Cherrypick: Add the RunLLM widget to the website (#159592)
  • c525a02 [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (#15...
  • a1cb3cc [Release Only] Remove nvshmem from list of preload libraries (#158925)
  • c76b235 Move out super large one off foreach_copy test (#158880)
  • 20a0e22 Revert "[Dynamo] Allow inlining into AO quantization modules (#152934)" (#158...
  • 9167ac8 [MPS] Switch Cholesky decomp to column wise (#158237)
  • 5534685 [MPS] Reimplement tri[ul] as Metal shaders (#158867)
  • d19e08d Cherry pick PR 158746 (#158801)
  • a6c044a [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...
  • 620ebd0 [Dynamo] Use proper sources for constructing dataclass defaults (#158689)
  • Additional commits viewable in compare view

Updates tensorflow from 2.11.1 to 2.12.1

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.12.1

Release 2.12.1

Bug Fixes and Other Changes

  • The use of the ambe config to build and test aarch64 is not needed. The ambe config will be removed in the future. Making cpu_arm64_pip.sh and cpu_arm64_nonpip.sh more similar for easier future maintenance.

TensorFlow 2.12.0

Release 2.12.0

TensorFlow

Breaking Changes

  • Build, Compilation and Packaging

    • Removed redundant packages tensorflow-gpu and tf-nightly-gpu. These packages were removed and replaced with packages that direct users to switch to tensorflow or tf-nightly respectively. Since TensorFlow 2.1, the only difference between these two sets of packages was their names, so there is no loss of functionality or GPU support. See https://pypi.org/project/tensorflow-gpu for more details.

  • tf.function:

    • tf.function now uses the Python inspect library directly for parsing the signature of the Python function it is decorated on. This change may break code where the function signature is malformed, but was ignored previously, such as:
      • Using functools.wraps on a function with different signature
      • Using functools.partial with an invalid tf.function input
    • tf.function now enforces input parameter names to be valid Python identifiers. Incompatible names are automatically sanitized similarly to existing SavedModel signature behavior.
    • Parameterless tf.functions are assumed to have an empty input_signature instead of an undefined one even if the input_signature is unspecified.
    • tf.types.experimental.TraceType now requires an additional placeholder_value method to be defined.
    • tf.function now traces with placeholder values generated by TraceType instead of the value itself.

  • Experimental APIs tf.config.experimental.enable_mlir_graph_optimization and tf.config.experimental.disable_mlir_graph_optimization were removed.

Major Features and Improvements

  • Support for Python 3.11 has been added.

  • Support for Python 3.7 has been removed. We are not releasing any more patches for Python 3.7.

  • tf.lite:

    • Add 16-bit float type support for built-in op fill.
    • Transpose now supports 6D tensors.
    • Float LSTM now supports diagonal recurrent tensors: https://arxiv.org/abs/1903.08023

  • tf.experimental.dtensor:

    • Coordination service now works with dtensor.initialize_accelerator_system, and enabled by default.
    • Add tf.experimental.dtensor.is_dtensor to check if a tensor is a DTensor instance.

  • tf.data:

    • Added support for alternative checkpointing protocol which makes it possible to checkpoint the state of the input pipeline without having to store the contents of internal buffers. The new functionality can be enabled through the experimental_symbolic_checkpoint option of tf.data.Options().
    • Added a new rerandomize_each_iteration argument for the tf.data.Dataset.random() operation, which controls whether the sequence of generated random numbers should be re-randomized every epoch or not (the default behavior). If seed is set and rerandomize_each_iteration=True, the random() operation will produce a different (deterministic) sequence of numbers every epoch.

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.12.1

Bug Fixes and Other Changes

  • The use of the ambe config to build and test aarch64 is not needed. The ambe config will be removed in the future. Making cpu_arm64_pip.sh and cpu_arm64_nonpip.sh more similar for easier future maintenance.

Release 2.12.0

Breaking Changes

  • Build, Compilation and Packaging

    • Removed redundant packages tensorflow-gpu and tf-nightly-gpu. These packages were removed and replaced with packages that direct users to switch to tensorflow or tf-nightly respectively. Since TensorFlow 2.1, the only difference between these two sets of packages was their names, so there is no loss of functionality or GPU support. See https://pypi.org/project/tensorflow-gpu for more details.

  • tf.function:

    • tf.function now uses the Python inspect library directly for parsing the signature of the Python function it is decorated on. This change may break code where the function signature is malformed, but was ignored previously, such as:
      • Using functools.wraps on a function with different signature
      • Using functools.partial with an invalid tf.function input
    • tf.function now enforces input parameter names to be valid Python identifiers. Incompatible names are automatically sanitized similarly to existing SavedModel signature behavior.
    • Parameterless tf.functions are assumed to have an empty input_signature instead of an undefined one even if the input_signature is unspecified.
    • tf.types.experimental.TraceType now requires an additional placeholder_value method to be defined.
    • tf.function now traces with placeholder values generated by TraceType instead of the value itself.

  • Experimental APIs tf.config.experimental.enable_mlir_graph_optimization and tf.config.experimental.disable_mlir_graph_optimization were removed.

Major Features and Improvements

  • Support for Python 3.11 has been added.

  • Support for Python 3.7 has been removed. We are not releasing any more patches for Python 3.7.

  • tf.lite:

    • Add 16-bit float type support for built-in op fill.
    • Transpose now supports 6D tensors.
    • Float LSTM now supports diagonal recurrent tensors: https://arxiv.org/abs/1903.08023

  • tf.experimental.dtensor:

    • Coordination service now works with dtensor.initialize_accelerator_system, and enabled by default.
    • Add tf.experimental.dtensor.is_dtensor to check if a tensor is a DTensor instance.

  • tf.data:

    • Added support for alternative checkpointing protocol which makes it possible to checkpoint the state of the input pipeline without having to store the contents of internal buffers. The new functionality can be enabled through the experimental_symbolic_checkpoint option of tf.data.Options().
    • Added a new rerandomize_each_iteration argument for the tf.data.Dataset.random() operation, which controls whether the sequence of generated random numbers should be re-randomized every epoch or not (the default behavior). If seed is set and rerandomize_each_iteration=True, the random() operation will produce a different (deterministic) sequence of numbers every epoch.
    • Added a new rerandomize_each_iteration argument for the tf.data.Dataset.sample_from_datasets() operation, which controls whether the sequence of generated random numbers used for sampling should be re-randomized every epoch or not. If seed is set and rerandomize_each_iteration=True, the sample_from_datasets() operation will use a different (deterministic) sequence of numbers every epoch.

  • tf.test:

... (truncated)

Commits
  • 8e2b665 Merge pull request #61094 from tensorflow/venkat-patch-444
  • 02478f0 Fix unit test failure caused by numpy update
  • 2cd9b41 Merge pull request #61082 from tensorflow/venkat-patch-333
  • 7995c95 Updating Simplified retry logic to DNS cache
  • 29479ed Merge pull request #60872 from tensorflow/r2.12-c45a6c0b1cb
  • e76a933 Simplified retry logic to DNS cache
  • 76addf7 Merge pull request #60850 from elfringham/non_pip_fix
  • 05987a8 [Linaro:ARM_CI] Fix permissions for running nonpip tests
  • 23724d2 Merge pull request #60842 from elfringham/r2.12
  • 496730b Limit typing_extensions to less than 4.6.0 until it works
  • Additional commits viewable in compare view

Updates protobuf from 3.19.6 to 4.25.8

Release notes

Sourced from protobuf's releases.

Protocol Buffers v3.20.3

Java

  • Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder.
  • Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class.
  • Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations.
  • Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance.
  • Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.
  • This release addresses a Security Advisory for Java users

Protocol Buffers v3.20.2

C++

Commits
  • a4cbdd3 Updating version.json and repo version numbers to: 25.8
  • 29445be Merge pull request #21880 from shaod2/py-25
  • cc13b69 Remove debugging code and add EOLs
  • d31100c Manually backport recursion limit enforcement to 25.x
  • 88a3b90 Change pre-22 poison pill to only log once per affected message type. (#21754)
  • 320eafa Weaken vulnerable gencode poison pills to warning by default.
  • f584fe3 Merge branch 'protocolbuffers:25.x' into 25.x
  • c710036 Update test_upb.yml to use ubuntu-22
  • 9721758 Fix missing trailing newline.
  • cca7b28 Update test_upb.yml to use ubuntu-22
  • Additional commits viewable in compare view

Updates mkdocs-include-markdown-plugin from 4.0.0 to 7.1.8

Release notes

Sourced from mkdocs-include-markdown-plugin's releases.

v7.1.8

Bug fixes

  • Escape substitution placeholders to prevent malformed output in edge cases.

v7.1.7

Bug fixes

  • Fix passing negative values to heading-offset argument of include-markdown directive.

v7.1.6

Bug fixes

  • Fix internal anchor in included file incorrectly rewritten.

v7.1.5

Bug fixes

  • Fix bug when warning about some invalid directive arguments.
  • Fix bug trying to use punctuations inside custom include directive names.

v7.1.4

Bug fixes

  • Fix internal anchors in included files not rewritten correctly.

v7.1.3

Enhancements

  • Add HTML support for relative URL rewrites.

v7.1.2

Enhancements

  • Add cache_dir global setting to configure the path to the cache directory. When setted avoids the requirement to install platformdirs to use HTTP caching.

v7.1.1

New features

  • Add a new directives global setting to customize directive names.

Enhancements

  • Some performance optimizations.

v7.0.1

Enhancements

  • Performance optimization up to 25% faster.

... (truncated)

Commits
  • 7466d67 Escape placeholders to avoid input collisions (#277)
  • 1ae8fca Cheaper placeholders (#276)
  • 39fb303 Fix tests for comments global config and update JSON Schema (#275)
  • 6581671 Bump pypa/gh-action-pypi-publish in /.github/workflows (#273)
  • cc0f211 Fix negative heading-offsets (#271)
  • 577e067 Upgrade pre-commit hooks revisions (#268)
  • 1062404 Fix internal anchor in included file incorrectly rewritten (#267)
  • aa17cc0 Don't compile argument regexes if not required (#262)
  • bc8c281 Fix bug warning about some invalid directive arguments (#261)
  • 253cbc4 Fix internal anchors in included file not correctly rewritten (#258)
  • Additional commits viewable in compare view

Updates mkdocs-include-markdown-plugin from 4.0.0 to 7.1.8

Release notes

Sourced from mkdocs-include-markdown-plugin's releases.

v7.1.8

Bug fixes

  • Escape substitution placeholders to prevent malformed output in edge cases.

v7.1.7

Bug fixes

  • Fix passing negative values to heading-offset argument of include-markdown directive.

v7.1.6

Bug fixes

  • Fix internal anchor in included file incorrectly rewritten.

v7.1.5

Bug fixes

  • Fix bug when warning about some invalid directive arguments.
  • Fix bug trying to use punctuations inside custom include directive names.

v7.1.4

Bug fixes

  • Fix internal anchors in included files not rewritten correctly.

v7.1.3

Enhancements

  • Add HTML support for relative URL rewrites.

v7.1.2

Enhancements

  • Add cache_dir global setting to configure the path to the cache directory. When setted avoids the requirement to install platformdirs to use HTTP caching.

v7.1.1

New features

  • Add a new directives global setting to customize directive names.

Enhancements

  • Some performance optimizations.

v7.0.1

Enhancements

  • Performance optimization up to 25% faster.

... (truncated)

Commits
  • 7466d67 Escape placeholders to avoid input collisions (#277)
  • 1ae8fca Cheaper placeholders (#276)
  • 39fb303 Fix tests for comments global config and update JSON Schema (#275)
  • 6581671 Bump pypa/gh-action-pypi-publish in /.github/workflows (#273)
  • cc0f211 Fix negative heading-offsets (#271)
  • 577e067 Upgrade pre-commit hooks revisions (#268)
  • 1062404 Fix internal anchor in included file incorrectly rewritten (#267)
  • aa17cc0 Don't compile argument regexes if not required (#262)
  • bc8c281 Fix bug warning about some invalid directive arguments (#261)
  • 253cbc4 Fix internal anchors in included file not correctly rewritten (#258)
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 1, 2025
@dependabot
Bump the pip group across 2 directories with 5 updates
1a3732b 
Bumps the pip group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [transformers](https://github.com/huggingface/transformers) | `4.52.4` | `4.53.0` |
| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.8.0` |
| [tensorflow](https://github.com/tensorflow/tensorflow) | `2.11.1` | `2.12.1` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.19.6` | `4.25.8` |
| [mkdocs-include-markdown-plugin](https://github.com/mondeja/mkdocs-include-markdown-plugin) | `4.0.0` | `7.1.8` |

Bumps the pip group with 1 update in the /docs directory: [mkdocs-include-markdown-plugin](https://github.com/mondeja/mkdocs-include-markdown-plugin).


Updates `transformers` from 4.52.4 to 4.53.0
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.52.4...v4.53.0)

Updates `torch` from 2.5.1 to 2.8.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.5.1...v2.8.0)

Updates `tensorflow` from 2.11.1 to 2.12.1
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](tensorflow/tensorflow@v2.11.1...v2.12.1)

Updates `protobuf` from 3.19.6 to 4.25.8
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](protocolbuffers/protobuf@v3.19.6...v4.25.8)

Updates `mkdocs-include-markdown-plugin` from 4.0.0 to 7.1.8
- [Release notes](https://github.com/mondeja/mkdocs-include-markdown-plugin/releases)
- [Commits](mondeja/mkdocs-include-markdown-plugin@v4.0.0...v7.1.8)

Updates `mkdocs-include-markdown-plugin` from 4.0.0 to 7.1.8
- [Release notes](https://github.com/mondeja/mkdocs-include-markdown-plugin/releases)
- [Commits](mondeja/mkdocs-include-markdown-plugin@v4.0.0...v7.1.8)

---
updated-dependencies:
- dependency-name: transformers
  dependency-version: 4.53.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: torch
  dependency-version: 2.8.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tensorflow
  dependency-version: 2.12.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: protobuf
  dependency-version: 4.25.8
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: mkdocs-include-markdown-plugin
  dependency-version: 7.1.8
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: mkdocs-include-markdown-plugin
  dependency-version: 7.1.8
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/pip-4ded5b9ef7 branch from b699924 to 1a3732b Compare October 2, 2025 02:19
@yifanmai yifanmai closed this Jan 13, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 13, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/pip/pip-4ded5b9ef7 branch January 13, 2026 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yifanmai