Skip to content

Update dependency transformers to v5#5

Open
dev-mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/transformers-5.x
Open

Update dependency transformers to v5#5
dev-mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/transformers-5.x

Update dependency transformers to v5

35f5081
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed May 2, 2026 in 2m 55s

Security Report

You have successfully remediated 31 vulnerabilities, but introduced 7 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-2025-64439

Path to dependency file: /06_OpenSource_examples/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/20260502015918/7/langgraph_checkpoint-2.1.2-py3-none-any.whl

Dependency Hierarchy:

-> ❌ langgraph_checkpoint-2.1.2-py3-none-any.whl (Vulnerable Library)

Critical 9.9 Direct langgraph_checkpoint-2.1.2-py3-none-any.whl langgraph_checkpoint-2.1.2-py3-none-any.whl langgraph-checkpoint - 3.0.0 None
CVE-2025-6985

Path to dependency file: /06_OpenSource_examples/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/202605020159381/env/lib/python3.9/site-packages/langchain_text_splitters-0.3.11.dist-info,/tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/202605020200151/env/lib/python3.9/site-packages/langchain_text_splitters-0.3.11.dist-info

Dependency Hierarchy:

-> ❌ langchain_text_splitters-0.3.11-py3-none-any.whl (Vulnerable Library)

High 7.5 Direct langchain_text_splitters-0.3.11-py3-none-any.whl langchain_text_splitters-0.3.11-py3-none-any.whl langchain-text-splitters - 0.3.9 None
CVE-2025-71176

Path to dependency file: /05_Agents/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/202605020159181/env/lib/python3.9/site-packages/pytest-8.4.2.dist-info

Dependency Hierarchy:

-> ❌ pytest-8.4.2-py3-none-any.whl (Vulnerable Library)

Medium 6.8 Direct pytest-8.4.2-py3-none-any.whl pytest-8.4.2-py3-none-any.whl Upgrade to version pytest - 9.0.3 or greater None
CVE-2025-68146

Path to dependency file: /02_KnowledgeBases_and_RAG/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/202605020200151/env/lib/python3.9/site-packages/filelock-3.19.1.dist-info

Dependency Hierarchy:

-> ragas-0.1.9-py3-none-any.whl (Root Library)

   -> datasets-4.5.0-py3-none-any.whl

     -> ❌ filelock-3.19.1-py3-none-any.whl (Vulnerable Library)

Medium 6.3 Transitive filelock-3.19.1-py3-none-any.whl ragas-0.1.9-py3-none-any.whl Transitive filelock - 3.20.1,https://github.com/tox-dev/filelock.git - 3.20.1 None
CVE-2021-41496

Path to dependency file: /06_OpenSource_examples/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/20260502015918/10/numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl,/tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/20260502015918/6/numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl,/tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/20260502015918/8/numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> ❌ numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.5 Direct numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl https://github.com/numpy/numpy.git - no_fix None
CVE-2021-41495

Path to dependency file: /06_OpenSource_examples/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/20260502015918/10/numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl,/tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/20260502015918/6/numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl,/tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/20260502015918/8/numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Dependency Hierarchy:

-> ❌ numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Direct numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl numpy-2.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl https://github.com/numpy/numpy.git - no_fix None
CVE-2026-25645

Path to dependency file: /05_Agents/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/202605020159181/env/lib/python3.9/site-packages/requests-2.32.5.dist-info,/tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/202605020159381/env/lib/python3.9/site-packages/requests-2.32.5.dist-info,/tmp/ws-ua_20260502015918_WJNQIR/python_UOIEOA/202605020200151/env/lib/python3.9/site-packages/requests-2.32.5.dist-info

Dependency Hierarchy:

-> ❌ requests-2.32.5-py3-none-any.whl (Vulnerable Library)

Medium 4.4 Direct requests-2.32.5-py3-none-any.whl requests-2.32.5-py3-none-any.whl Upgrade to version requests - 2.33.0 or greater None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2026-4539 pygments-2.19.1-py3-none-any.whl
CVE-2025-6921 transformers-4.49.0-py3-none-any.whl
CVE-2026-1839 transformers-4.49.0-py3-none-any.whl
CVE-2026-34517 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-3264 transformers-4.49.0-py3-none-any.whl
CVE-2026-34525 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-34514 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-43859 h11-0.14.0-py3-none-any.whl
CVE-2025-68664 langchain_core-0.3.41-py3-none-any.whl
CVE-2025-1194 transformers-4.49.0-py3-none-any.whl
CVE-2026-34518 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-25645 requests-2.32.3-py3-none-any.whl
CVE-2026-34513 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-34520 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-22815 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-68146 filelock-3.17.0-py3-none-any.whl
CVE-2025-3262 transformers-4.49.0-py3-none-any.whl
CVE-2024-47081 requests-2.32.3-py3-none-any.whl
CVE-2025-65106 langchain_core-0.3.41-py3-none-any.whl
CVE-2026-34519 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-34515 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-34070 langchain_core-0.3.41-py3-none-any.whl
CVE-2025-68480 marshmallow-3.26.1-py3-none-any.whl
CVE-2025-3777 transformers-4.49.0-py3-none-any.whl
CVE-2026-34516 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-3263 transformers-4.49.0-py3-none-any.whl
CVE-2025-53643 aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-41066 lxml-5.3.1-cp39-cp39-manylinux_2_28_x86_64.whl
CVE-2025-6985 langchain_text_splitters-0.3.6-py3-none-any.whl
CVE-2026-40087 langchain_core-0.3.41-py3-none-any.whl
CVE-2025-64439 langgraph_checkpoint-2.0.17-py3-none-any.whl

Base branch total remaining vulnerabilities: 37
Base branch commit: 6d36e1de7991f86f4efb71f4207005cef8e6d437


Total libraries scanned: 132

Scan token: ecccf4c0f4814a7cb315b7dd65b16504

View more details on Dev - Mend for GitHub.com