Skip to content

Bump the pip group across 1 directory with 3 updates#3602

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/src/maxtext/inference/mlperf/pip-3fc678fe5d
Open

Bump the pip group across 1 directory with 3 updates#3602
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/src/maxtext/inference/mlperf/pip-3fc678fe5d

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Apr 8, 2026

Bumps the pip group with 3 updates in the /src/maxtext/inference/mlperf directory: transformers, nltk and sentencepiece.

Updates transformers from 4.31.0 to 5.0.0rc3

Release notes

Sourced from transformers's releases.

Release candidate v5.0.0rc3

New models:

What's Changed

We are getting closer and closer to the official release! This RC is focused on removing more of the deprecated stuff, fixing some minors issues, doc updates.

... (truncated)

Commits

Updates nltk from 3.8.1 to 3.9.4

Changelog

Sourced from nltk's changelog.

Version 3.9.4 2026-03-24

  • Support Python 3.14
  • Fix bug in Levenshtein distance when substitution_cost > 2
  • Fix bug in Treebank detokeniser re quote ordering
  • Fix bug in Jaro similarity for empty strings
  • Several security enhancements
  • Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
  • Implement TextTiling vocabulary introduction method (Hearst 1997)
  • Fix ALINE feature matrix errors and add comprehensive tests
  • Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
  • Let downloader fallback to md5 when sha256 is unavailable
  • Several other minor bugfixes and code cleanups

Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,

Version 3.9.3 2026-02-21

  • Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (#3468)
  • Block path traversal/arbitrary reads in nltk.data for protocol-less refs (#3467)
  • Block path traversal/abs paths in corpus readers and FS pointers (#3479, #3480)
  • Validate external StanfordSegmenter JARs using SHA256 (#3477)
  • Add optional sandbox enforcement for filestring() (#3485)
  • Maintenance: downloader/zipped models, CI/tooling updates

Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith

Version 3.9.2 2025-10-01

  • Update download checksums to use SHA256 in built index
  • Fix percentage escape in new-style string formatting
  • replace shortened URLs using goo.gl
  • Make Wordnet interoperable with various taggers and tagged corpora
  • Fix saving PerceptronTagger
  • Document how to reproduce old Wordnet studies
  • properly initialize Portuguese corpus reader
  • support for mixed rules conversion into Chomsky Normal Form
  • only import tkinter if a GUI is needed
  • issue #2112 with Corenlp
  • new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
  • Lesk defaults to most frequent sense in case of ties

Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion

Version 3.9.1 2024-08-19

... (truncated)

Commits
  • ad9c96b Update copyright year
  • 7edcddf Updates for 3.9.4 release
  • 67a2736 Merge pull request #3180 from yzhaoinuw/bug-on-edit_distance_align
  • 2b17ac5 Fix edit_distance_align backtrace for high substitution costs
  • 4b72976 Merge pull request #3018 from JuanIMartinezB/bug/shortid-longid
  • 8a5619f Merge pull request #3222 from Syzygy2048/feature/texttiling-vocabulary-introd...
  • c6574d7 Merge pull request #3289 from ihitamandal/codeflash/optimize-windowdiff-2024-...
  • 98ff5d9 Merge pull request #3435 from Hrudhai01/fix-3260-detokenize-quotes
  • aec4fce Merge pull request #3522 from ekaf/pathsec
  • eec4ee3 Merge pull request #3526 from nltk/update-contributing
  • Additional commits viewable in compare view

Updates sentencepiece from 0.1.99 to 0.2.1

Release notes

Sourced from sentencepiece's releases.

v0.2.1

Major changes

New features

  • [ALL]: Added new build mode to prevent the precompiled normalization rules being embedded in *.so and *.a. (-DSPM_DISABLE_EMBEDDED_DATA=ON). This reduces the runtime size by approximately 1-2 MB. This mode is enabled to build python wheels. The rules are loaded as the data package.

Bug fixes & minor changes

  • [ALL]: Security fix to address a heap overflow issue that could occur when using a model containing an invalid precompiled normalization model.
  • [Python]: Deprecates the wheel package for Linux i686.
  • [Python]: Supported wheel for Windows Arm64. #1114
  • [Python]: Fixed the crash issue on batch decoding #1051
  • [ALL]: Updated the Unicode normalization rule with the latest ICU/Unicode rules.
  • [ALL]: Unused code and build mode cleanup.

v0.2.1pre2

Major changes

New features

  • [ALL]: Added new build mode to prevent the precompiled normalization rules being embedded in *.so and *.a. (-DSPM_DISABLE_EMBEDDED_DATA=ON). This reduces the runtime size by approximately 1-2 MB. This mode is enabled to build python wheels. The rules are loaded as the data package.

Bug fixes & minor changes

  • [ALL]: Security fix to address a heap overflow issue that could occur when using a model containing an invalid precompiled normalization model.
  • [Python]: Deprecates the wheel package for Linux i686.
  • [Python]: Supported wheel for Windows Arm64.
  • [Python]: Fixed the crash issue on batch decoding #1051
  • [ALL]: Updated the Unicode normalization rule with the latest ICU/Unicode rules.
  • [ALL]: Unused code and build mode cleanup.

v0.2.0

Major changes

N/A

New features

  • [ALL] Added SentencePieceNormalizer class in C++/Python. It supports almost the equivalent feature of spm_normalize. Python Sample C++ Sample
  • [ALL] Added SentencePieceProcessor::Normalize method in C++/Python Python Sample C++ Sample
  • [ALL] Added functionality to override the normalization spec before the processing. Python Sample

Bug fixes & minor changes

... (truncated)

Commits
  • 31646a4 Merge pull request #1136 from crusaderky/pytest-run-parallel
  • bcd44b9 free-threading tests
  • 135747f install twine before checking wheel
  • 69fe0b2 install setuptools before making sdist
  • ee1422b install setuptools before making sdist
  • 5ac2fd2 use windows-11-arm runner to test ARM64 wheel on native env.
  • 36b9745 use windows-11-arm runner to test ARM64 wheel on native env.
  • 4f043ae use auto-mode to make wheel with the native binary.
  • 623196e uses arm docker image to build and test wheel
  • 559fd65 re-enable QEMU to enable arm execution
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 3 updates
4c2618e 
Bumps the pip group with 3 updates in the /src/maxtext/inference/mlperf directory: [transformers](https://github.com/huggingface/transformers), [nltk](https://github.com/nltk/nltk) and [sentencepiece](https://github.com/google/sentencepiece).


Updates `transformers` from 4.31.0 to 5.0.0rc3
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.31.0...v5.0.0rc3)

Updates `nltk` from 3.8.1 to 3.9.4
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.8.1...3.9.4)

Updates `sentencepiece` from 0.1.99 to 0.2.1
- [Release notes](https://github.com/google/sentencepiece/releases)
- [Commits](google/sentencepiece@v0.1.99...v0.2.1)

---
updated-dependencies:
- dependency-name: transformers
  dependency-version: 5.0.0rc3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: nltk
  dependency-version: 3.9.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: sentencepiece
  dependency-version: 0.2.1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 8, 2026
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 8, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vipannalla vipannalla Awaiting requested review from vipannalla vipannalla is a code owner

@mitalisi mitalisi Awaiting requested review from mitalisi mitalisi is a code owner

@gpolovets1 gpolovets1 Awaiting requested review from gpolovets1 gpolovets1 is a code owner

@mailvijayasingh mailvijayasingh Awaiting requested review from mailvijayasingh mailvijayasingh is a code owner

@jrplatin jrplatin Awaiting requested review from jrplatin jrplatin is a code owner

@patemotter patemotter Awaiting requested review from patemotter patemotter is a code owner

@Lumosis Lumosis Awaiting requested review from Lumosis Lumosis is a code owner

@richjames0 richjames0 Awaiting requested review from richjames0 richjames0 is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants