Skip to content

deps(deps): bump the transformers group across 1 directory with 3 updates#122

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/transformers-b00ba06a5a
Open

deps(deps): bump the transformers group across 1 directory with 3 updates#122
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/transformers-b00ba06a5a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the transformers group with 3 updates in the / directory: transformers, safetensors and tokenizers.

Updates transformers from 4.57.3 to 5.13.0

Release notes

Sourced from transformers's releases.

Release v5.13.0

New Model additions

KimiK 2.5, 2.6, and 2.7

This release includes the architecture for Kimi 2.5 which is used by 2.5-2.7:

Kimi K2.5 is an open-source, native multimodal agentic model that advances practical capabilities in long-horizon coding, coding-driven design, proactive autonomous execution, and swarm-based task orchestration. The model was proposed in Kimi K2.5: Visual Agentic Intelligence and further improved in [Kimi K2.6: Advancing Open-Source Coding](https://github.com/huggingface/transformers/blob/HEAD/Kimi K2.5: Visual Agentic Intelligence).

Kimi K2.5 achieves significant improvements on complex, end-to-end coding tasks, generalizing robustly across programming languages (Rust, Go, Python) and domains spanning front-end, DevOps, and performance optimization. The model is capable of transforming simple prompts and visual inputs into production-ready interfaces and lightweight full-stack workflows, generating structured layouts, interactive elements, and rich animations with deliberate aesthetic precision.

Links: Documentation

MiMo-V2-Flash

MiMo-V2-Flash is a Mixture-of-Experts (MoE) language model developed by the Xiaomi MiMo team. Designed to establish a new balance between long-context modeling capabilities and inference efficiency, the model is built for strong performance in complex reasoning and agentic tasks. Trained on 27T tokens with native 32k sequence lengths, MiMo-V2-Flash seamlessly supports an extended 256K context window while significantly reducing KV-cache storage compared to standard global attention models.

Links: Documentation

Nemotron 3.5 ASR

Nemotron 3.5 ASR is a 600M-parameter multilingual speech recognition model from NVIDIA, built for high-quality transcription in both low-latency streaming and high-throughput batch settings, with native punctuation and capitalization. For streaming, it offers configurable chunk sizes—80ms, 160ms, 560ms, and 1120ms, letting users trade off latency against accuracy to suit their application. Its cache-aware FastConformer-RNNT architecture is central to this capability: unlike traditional buffered streaming, which repeatedly reprocesses overlapping audio windows, the model processes only each new incoming chunk while reusing cached encoder context from prior chunks. This eliminates redundant computation, significantly improves efficiency, and minimizes end-to-end delay without sacrificing accuracy, making it well suited to real-time transcription workloads.

Links: Documentation

NemotronAsrStreaming

Nemotron ASR Streaming is a 600M-parameter English speech recognition model from NVIDIA, built for high-quality transcription in both low-latency streaming and high-throughput batch settings, with native punctuation and capitalization. For streaming, it offers configurable chunk sizes—80ms, 160ms, 560ms, and 1120ms, letting users trade off latency against accuracy to suit their application. Its cache-aware FastConformer-RNNT architecture is central to this capability: unlike traditional buffered streaming, which repeatedly reprocesses overlapping audio windows, the model processes only each new incoming chunk while reusing cached encoder context from prior chunks. This eliminates redundant computation, significantly improves efficiency, and minimizes end-to-end delay without sacrificing accuracy, making it well suited to real-time transcription workloads.

Links: Documentation

Qwen3 ASR

Qwen3 ASR is an automatic speech recognition model from Alibaba's Qwen team that combines a Whisper-style audio encoder with a Qwen3 language model decoder for speech-to-text transcription. The model supports automatic language detection and multilingual transcription.

A forced aligner model is also included. It can be used to timestamp a provided transcript and its audio. It uses the same audio encoder model with a classification head that predicts a word's length. This model can be used with the transcript from any ASR model (see the example below with Parakeet CTC).

... (truncated)

Commits

Updates safetensors from 0.7.0 to 0.8.0

Release notes

Sourced from safetensors's releases.

v0.8.0

News

safetensors joins the PyTorch foundation!

Read more on that: https://huggingface.co/blog/safetensors-joins-pytorch-foundation

What's changed

Safetensors 0.8.0 brings direct to Metal loading on Apple Silicon, GIL-free serialization, broader hardware and dtype coverage, and a stronger Python API.

Breaking

The serialize and serialize_file functions now release the GIL during writes, enabling true multithreaded saves from Python. Their input contract has also changed: tensor metadata is now passed via a TensorSpec class (exported from safetensors) instead of plain dicts, making API more explicit and robust to misinputs. This is a breaking change for anyone calling the low-level serialize / serialize_file API directly; the high-level wrappers (safetensors.torch, safetensors.numpy, safetensors.paddle) are updated internally and their public API is unchanged.

The minimum supported Python version is now 3.10 (was 3.9). Python 3.9 reached end-of-life in October 2025.

TensorIndexer::Narrow now carries a step: NonZeroUsize parameter, so a slice is now start:stop:step. This is a fix as this silent error was hidden behind the Storage::Torch variant which offloaded slicing logic to torch directly.

CI

On the platform side, this release adds Windows ARM64 wheel builds, riscv64 Linux wheels, and CI has been hardened with pinned GitHub Actions SHAs.

Also dropped the anaconda CI we had as there's already an automatic tracker via conda-forge.

New features

  • Direct MPS load on Apple Silicon: tensors are directly loaded in an MTLBuffer and handed to the frameworks that support it (only torch atm) via DLPack, skipping needless copies.
  • New backend parameter introduced, for the addition of the pread backend. We now support loading files via pread(2) syscall instead of just mmap. Useful for specific archs/platforms.
  • get_slice now handles ellipsis [...] and strided slices [:, ::8] wherever safetensors does the slicing itself (pread for any framework, MPS, and mmap outside torch/paddle), which silently dropped the step or rejected ... before.
  • MUSA device support for MooreThreads GPUs.
  • New dtype support includes float8_e4m3fnuz and float8_e5m2fnuz (AMD FNUZ FP8 formats).
  • The reader is now explicitly lenient about leading whitespace in the JSON header, which keeps the door open for future page-aligned writes.

Improvements/perf

  • File writes on macOS now use F_NOCACHE for direct I/O, yielding roughly 30% faster save_file on Apple Silicon.
  • The packaging dependency has been dropped from the [torch] extra, replaced by a simple hasattr probe for efficiency.

What's Changed

... (truncated)

Changelog

Sourced from safetensors's changelog.

0.8.0-dev.0 → 0.8.0


Update lockfiles again:
cargo check
cd bindings/python && uv lock
</code></pre>
<p>Commit:</p>
<pre><code>Set version to 0.8.0
</code></pre>
<p>The Python version is not set in <code>pyproject.toml</code> directly — maturin reads it from <code>bindings/python/Cargo.toml</code> at build time.</p>
<h3>4. Create the release on GitHub</h3>
<p>Go to the <a href="https://github.com/huggingface/safetensors/releases">GitHub Releases page</a> and draft a new release:</p>
<ul>
<li><strong>Choose the release branch</strong> (e.g. <code>git_v0.8.0</code>)</li>
<li><strong>Create a new tag</strong> on publish: <code>v0.8.0</code></li>
<li><strong>Generate release notes</strong> from the previous tag (e.g. <code>v0.7.0</code>)</li>
<li>Add any notable highlights at the top of the generated notes</li>
</ul>
<p>Structure for manual notes:</p>
<pre lang="markdown"><code>## Breaking changes
- ...

New features

  • ...

Bug fixes

  • ...

Internal / CI

  • ...
    </code></pre>
    <p>Click <strong>Publish release</strong>. This creates the tag, which triggers the three release workflows.</p>
    <h3>5. Monitor the CI</h3>
    <p>The tag triggers two workflow runs in the <a href="https://github.com/huggingface/safetensors/actions&quot;&gt;Actions tab</a>:</p>
    <ul>
    <li><strong>CI</strong> (Python release) — builds wheels for every platform × Python version, uploads to PyPI. Can take up to over 30 minutes.</li>
    </ul>
    <!-- raw HTML omitted -->
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Commits</summary>

<ul>
<li><a href="https://github.com/safetensors/safetensors/commit/a406ca3e7a90598be0cd05a50069cb9bf5ef6ba6&quot;&gt;&lt;code&gt;a406ca3&lt;/code&gt;&lt;/a> fix(release): move crates.io to trusted publisher OIDC</li>
<li><a href="https://github.com/safetensors/safetensors/commit/d0368d14c0a417fb2ca2a6627e9513d17f74f9b7&quot;&gt;&lt;code&gt;d0368d1&lt;/code&gt;&lt;/a> feat: <code>0.8.0</code></li>
<li><a href="https://github.com/safetensors/safetensors/commit/5ec3ec14c506d09598df6d96f36cd9a4ea94aafa&quot;&gt;&lt;code&gt;5ec3ec1&lt;/code&gt;&lt;/a> fix(release): move to pypi trusted publisher OIDC (<a href="https://redirect.github.com/huggingface/safetensors/issues/778&quot;&gt;#778&lt;/a&gt;)&lt;/li>
<li><a href="https://github.com/safetensors/safetensors/commit/e37dc536ce598ef1d71a9ad712987571f2f05808&quot;&gt;&lt;code&gt;e37dc53&lt;/code&gt;&lt;/a> feat: bump main to <code>0.9.0-dev.0</code> (<a href="https://redirect.github.com/huggingface/safetensors/issues/777&quot;&gt;#777&lt;/a&gt;)&lt;/li>
<li><a href="https://github.com/safetensors/safetensors/commit/6e32aa7b029d323238233110c1cdecae22cbe564&quot;&gt;&lt;code&gt;6e32aa7&lt;/code&gt;&lt;/a> refactor: replace <code>_host_alias_storage</code> w/ <code>MTLBuffer</code> (<a href="https://redirect.github.com/huggingface/safetensors/issues/767&quot;&gt;#767&lt;/a&gt;)&lt;/li>
<li><a href="https://github.com/safetensors/safetensors/commit/24b0b2857fef49be734b9ab72ce97c09bb25f5b9&quot;&gt;&lt;code&gt;24b0b28&lt;/code&gt;&lt;/a> fix: write to tempfile + rename to preserve mmap source (<a href="https://redirect.github.com/huggingface/safetensors/issues/764&quot;&gt;#764&lt;/a&gt;)&lt;/li>
<li><a href="https://github.com/safetensors/safetensors/commit/73132135947275c5dda135438e4c2e4bd70a2b10&quot;&gt;&lt;code&gt;7313213&lt;/code&gt;&lt;/a> Update free-threading tests for Python 3.14 (<a href="https://redirect.github.com/huggingface/safetensors/issues/699&quot;&gt;#699&lt;/a&gt;)&lt;/li>
<li><a href="https://github.com/safetensors/safetensors/commit/e9091e13ec359e9e5b8b45413fcbe340444dde1c&quot;&gt;&lt;code&gt;e9091e1&lt;/code&gt;&lt;/a> feat: add <code>backend</code> with pread file (<a href="https://redirect.github.com/huggingface/safetensors/issues/760&quot;&gt;#760&lt;/a&gt;)&lt;/li>
<li><a href="https://github.com/safetensors/safetensors/commit/1b0fe9c6acf3ac2ec7f4a0fd13bccfc0b65ce765&quot;&gt;&lt;code&gt;1b0fe9c&lt;/code&gt;&lt;/a> fix(ci): security audit slack message format (<a href="https://redirect.github.com/huggingface/safetensors/issues/757&quot;&gt;#757&lt;/a&gt;)&lt;/li>
<li><a href="https://github.com/safetensors/safetensors/commit/7efac22872a53ae3b30a15f8e786404322f10458&quot;&gt;&lt;code&gt;7efac22&lt;/code&gt;&lt;/a> [MPS] Fast load of the tensors (<a href="https://redirect.github.com/huggingface/safetensors/issues/756&quot;&gt;#756&lt;/a&gt;)&lt;/li>
<li>Additional commits viewable in <a href="https://github.com/huggingface/safetensors/compare/v0.7.0...v0.8.0&quot;&gt;compare view</a></li>
</ul>
</details>

<br />

Updates tokenizers from 0.22.1 to 0.23.1

Release notes

Sourced from tokenizers's releases.

Release v0.23.1

TL;DR

tokenizers 0.23.1 is the first proper stable release in the 0.23 line — 0.23.0 only ever shipped as rc0 because the release pipeline itself was broken (Node side hadn't shipped multi-platform binaries since 2023, Python side was on pyo3 0.27 without free-threaded support). 0.23.1 is the version where everything actually goes out the door together: full Node multi-platform wheels for the first time in years, Python 3.14 (regular and free-threaded 3.14t), full type hints for every Python class, and a stack of measurable perf wins on the BPE / added-vocab hot paths.

There is no functional 0.23.0 published — we tag 0.23.1 directly so users don't accidentally pull a never-shipped version.


🚨 Breaking changes

  • Drop Python 3.9 (#1952) — requires-python = ">=3.10"; 3.9 users stay on 0.22.x.
  • add_tokens normalizes content at insertion (#1995) — re-saved tokenizer.json may differ in the added_tokens block. Existing files load unchanged.
  • Type stubs are precise (#1928, #1997) — methods that returned Any now return real types; mypy --strict may surface previously-hidden errors. Stub layout also moved from tokenizers/<sub>/__init__.pyi to tokenizers/<sub>.pyi. This breaks the surface of some of the processors like RobertaProcessign's __init__ .
  • 3.14t-only: setters/getters return PyResult<T> because of Arc<RwLock<Tokenizer>>; a poisoned lock surfaces as PyException instead of a panic.

⚡ Performance — measured locally on this Mac, not lifted from PRs

Run with cargo bench --bench <name> -- --save-baseline v0_22_2 on v0.22.2, then --baseline v0_22_2 on v0.23.1. Numbers are point-in-time wall clock on a single laptop; relative deltas are what matters, absolute numbers will differ on CI hardware.

Added-vocabulary deserialize — the headline win (#1995, #1999)

bench: improve added_vocab_deserialize to reflect real-world workloads (#2000) is now representative of how transformers actually loads tokenizer.json files. The combined effect of daachorse for the matching automaton plus the normalize-on-insert refactor is enormous on this workload:

benchmark v0.22.2 v0.23.1 change
100k tokens, special, no norm ~410 ms 248 ms −40%
100k tokens, non-special, no norm ~7.1 s 273 ms −96%
100k tokens, special, NFKC ~395 ms 235 ms −40%
100k tokens, non-special, NFKC ~7.4 s 290 ms −96%
400k tokens, special, no norm ~15 s 980 ms −94%

Real-world impact: loading a Llama-3-style tokenizer with a large set of added tokens dropped from "noticeable pause" to "instant".

BPE encode

benchmark v0.22.2 v0.23.1 change
BPE GPT2 encode batch, no cache 530 ms 446 ms −16%
BPE GPT2 encode batch (cached) 690 ms 685 ms noise
BPE GPT2 encode (single) 1.95 s 1.94 s noise
BPE Train (small) 32.6 ms 31.5 ms −3%
BPE Train (big) 1.01 s 988 ms −2%

The BPE per-thread cache PR (#2028) shows much larger wins on highly-parallel workloads (+47–62% at 88+ threads on a server box, per the PR's own measurements on Vera). Single-thread batch numbers above are flat or slightly improved because cache-hit overhead was already low without contention.

Llama-3 encode

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ates

Bumps the transformers group with 3 updates in the / directory: [transformers](https://github.com/huggingface/transformers), [safetensors](https://github.com/huggingface/safetensors) and [tokenizers](https://github.com/huggingface/tokenizers).


Updates `transformers` from 4.57.3 to 5.13.0
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.57.3...v5.13.0)

Updates `safetensors` from 0.7.0 to 0.8.0
- [Release notes](https://github.com/huggingface/safetensors/releases)
- [Changelog](https://github.com/safetensors/safetensors/blob/main/RELEASE.md)
- [Commits](safetensors/safetensors@v0.7.0...v0.8.0)

Updates `tokenizers` from 0.22.1 to 0.23.1
- [Release notes](https://github.com/huggingface/tokenizers/releases)
- [Changelog](https://github.com/huggingface/tokenizers/blob/main/RELEASE.md)
- [Commits](huggingface/tokenizers@v0.22.1...v0.23.1)

---
updated-dependencies:
- dependency-name: transformers
  dependency-version: 5.13.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: transformers
- dependency-name: safetensors
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transformers
- dependency-name: tokenizers
  dependency-version: 0.23.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transformers
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant