[Snyk] Upgrade @xenova/transformers from 2.14.0 to 2.17.2 #8504
Conversation
Snyk has created this PR to upgrade @xenova/transformers from 2.14.0 to 2.17.2. See this package in npm: @xenova/transformers See this project in Snyk: https://app.snyk.io/org/continue-dev-inc.-default/project/28169ab9-1c19-4a68-a5a7-b4dc27c515be?utm_source=github&utm_medium=referral&page=upgrade-pr
sestinj
requested review from
Patrick-Erichsen
and removed request for
a team
dosubot
bot
added
the
size:XS
|
|
I have read the CLA Document and I hereby sign the CLA You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot. |
|
✅ Review Complete Code Review Summary |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files
Prompt for AI agents (all 1 issues)
Understand the root cause of the following 1 issues and fix them.
<file name="core/vendor/package.json">
<violation number="1" location="core/vendor/package.json:12">
The dependency `@xenova/transformers` is vendored, but this PR only updates `package.json`. The actual code being used is an outdated, checked-in copy of the library, making this upgrade ineffective and misleading. The application will continue to use the old version (`2.14.0`) despite this change.</violation>
</file>
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
| "license": "Apache-2.0", | ||
| "dependencies": { | ||
| "@xenova/transformers": "^2.14.0" | ||
| "@xenova/transformers": "^2.17.2" |
There was a problem hiding this comment.
The dependency @xenova/transformers is vendored, but this PR only updates package.json. The actual code being used is an outdated, checked-in copy of the library, making this upgrade ineffective and misleading. The application will continue to use the old version (2.14.0) despite this change.
Prompt for AI agents
Address the following comment on core/vendor/package.json at line 12:
<comment>The dependency `@xenova/transformers` is vendored, but this PR only updates `package.json`. The actual code being used is an outdated, checked-in copy of the library, making this upgrade ineffective and misleading. The application will continue to use the old version (`2.14.0`) despite this change.</comment>
<file context>
@@ -9,7 +9,7 @@
"license": "Apache-2.0",
"dependencies": {
- "@xenova/transformers": "^2.14.0"
+ "@xenova/transformers": "^2.17.2"
},
"engine-strict": true,
</file context>
Snyk has created this PR to upgrade @xenova/transformers from 2.14.0 to 2.17.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 9 versions ahead of your current version.
The recommended version was released a year ago.
Release notes
Package name: @xenova/transformers
-
2.17.2 - 2024-05-29
-
2.17.1 - 2024-04-18
-
2.17.0 - 2024-04-11
-
2.16.1 - 2024-03-20
-
2.16.0 - 2024-03-07
-
2.15.1 - 2024-02-21
-
2.15.0 - 2024-02-06
-
2.14.2 - 2024-01-29
-
2.14.1 - 2024-01-25
-
2.14.0 - 2024-01-10
from @xenova/transformers GitHub release notesImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Summary by cubic
Upgrade @xenova/transformers from 2.14.0 to 2.17.2 to keep our ML runtime current and compatible. This also updates the transitive @huggingface/jinja to 0.2.2; no app code changes.