Skip to content

chore: dependabot updates#3098

Merged
anish-sahoo merged 27 commits into
mainfrom
dependabot-updates
Jul 16, 2026
Merged

chore: dependabot updates#3098
anish-sahoo merged 27 commits into
mainfrom
dependabot-updates

Conversation

@anish-sahoo

@anish-sahoo anish-sahoo commented Jul 9, 2026

Copy link
Copy Markdown
Member

Updates dependencies across GitHub Actions, Go, Rust, and Python examples.

Updates

  • GitHub Actions: actions/checkout 6 -> 7 (#3068)
  • Go: github.com/getkin/kin-openapi 0.139.0 -> 0.140.0 (#3079)
  • Go: golang.org/x/crypto 0.50.0 -> 0.52.0 (#3099)
  • Go: golang.org/x/net 0.53.0 -> 0.55.0, with transitive updates to golang.org/x/term 0.42.0 -> 0.43.0 and golang.org/x/text 0.36.0 -> 0.37.0 (#3092)
  • Rust: nix 0.31.2 -> 0.31.3 and transitive libc 0.2.184 -> 0.2.186 (#3084)
  • Rust (not included): jsonschema 0.29.1 -> 0.46.6 (#3085) REVERTED — breaking API change (error.instance_path field changed to a method), plus aws-lc-sys requires cmake and breaks the manylinux wheel build
  • Python: transformers 4.52.3 -> 5.5.0 in examples/experimental/resnet-managed-weights (#3102)
  • Python: transformers 5.0.0rc3 -> 5.5.0 in examples/streaming-text (#3103)
  • Python: transformers 5.0.0rc3 -> 5.5.0 in examples/z-image-turbo (#3117)
  • Go module cleanup: remove obsolete indirect dependencies from go.mod and go.sum.

dependabot Bot and others added 16 commits June 25, 2026 17:08
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) from 0.139.0 to 0.140.0.
- [Release notes](https://github.com/getkin/kin-openapi/releases)
- [Commits](getkin/kin-openapi@v0.139.0...v0.140.0)

---
updated-dependencies:
- dependency-name: github.com/getkin/kin-openapi
  dependency-version: 0.140.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [nix](https://github.com/nix-rust/nix) from 0.31.2 to 0.31.3.
- [Changelog](https://github.com/nix-rust/nix/blob/master/CHANGELOG.md)
- [Commits](nix-rust/nix@v0.31.2...v0.31.3)

---
updated-dependencies:
- dependency-name: nix
  dependency-version: 0.31.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [jsonschema](https://github.com/Stranger6667/jsonschema) from 0.29.1 to 0.46.6.
- [Release notes](https://github.com/Stranger6667/jsonschema/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md)
- [Commits](Stranger6667/jsonschema@rust-v0.29.1...cli-v0.46.6)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-version: 0.46.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [transformers](https://github.com/huggingface/transformers) from 4.52.3 to 5.3.0.
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.52.3...v5.3.0)

---
updated-dependencies:
- dependency-name: transformers
  dependency-version: 5.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [transformers](https://github.com/huggingface/transformers) from 5.0.0rc3 to 5.3.0.
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v5.0.0rc3...v5.3.0)

---
updated-dependencies:
- dependency-name: transformers
  dependency-version: 5.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.53.0 to 0.55.0.
- [Commits](golang/net@v0.53.0...v0.55.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [transformers](https://github.com/huggingface/transformers) from 5.0.0rc3 to 5.3.0.
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v5.0.0rc3...v5.3.0)

---
updated-dependencies:
- dependency-name: transformers
  dependency-version: 5.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
…ntal/resnet-managed-weights/transformers-5.3.0' into dependabot
…/getkin/kin-openapi-0.140.0' into dependabot
@anish-sahoo
anish-sahoo requested a review from a team as a code owner July 9, 2026 18:48
@ask-bonk

ask-bonk Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

@anish-sahoo Bonk workflow was cancelled.

View workflow run · To retry, trigger Bonk again.

@ask-bonk

ask-bonk Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

LGTM

github run

dependabot Bot and others added 5 commits July 10, 2026 14:16
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.50.0 to 0.52.0.
- [Commits](golang/crypto@v0.50.0...v0.52.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [transformers](https://github.com/huggingface/transformers) from 4.52.3 to 5.5.0.
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.52.3...v5.5.0)

---
updated-dependencies:
- dependency-name: transformers
  dependency-version: 5.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [transformers](https://github.com/huggingface/transformers) from 5.0.0rc3 to 5.5.0.
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v5.0.0rc3...v5.5.0)

---
updated-dependencies:
- dependency-name: transformers
  dependency-version: 5.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [transformers](https://github.com/huggingface/transformers) from 5.0.0rc3 to 5.5.0.
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v5.0.0rc3...v5.5.0)

---
updated-dependencies:
- dependency-name: transformers
  dependency-version: 5.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ask-bonk

ask-bonk Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

LGTM

github run

…g-text/transformers-5.5.0' into dependabot-updates
…ntal/resnet-managed-weights/transformers-5.5.0' into dependabot-updates
@ask-bonk

ask-bonk Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

I'm Bonk, and I've done a quick review of your PR.

This PR rolls up safe dependency updates from dependabot (GitHub Actions, Go, Rust, Python examples).

Issues found (1 critical):

  1. CRITICAL -- go.sum contains unresolved merge conflict markers at two locations (around lines 330 and 348). This will break Go builds. The conflicts are between golang.org/x/crypto and golang.org/x/net versions.

    Fix: Run go mod tidy and commit the result. This will regenerate go.sum correctly. Alternatively, manually remove the conflict markers and keep:

    • For golang.org/x/crypto: the v0.52.0 entries (matching go.mod)
    • For golang.org/x/net: the v0.55.0 entries (matching go.mod)
  2. Note -- PR description mismatch: The description says transformers is updated 5.2.0 -> 5.3.0, but the actual code updates examples to 5.5.0 (and one example jumps from 4.52.3). Not blocking, but you may want to update the PR description for clarity.

@ask-bonk

ask-bonk Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

I've posted a review on PR #3098.

Summary: The PR contains unresolved git merge conflict markers in go.sum (lines ~330 and ~348) for golang.org/x/crypto and golang.org/x/net. This is a critical issue that will break Go builds. I suggested running go mod tidy to regenerate the file correctly.

I also noted a minor PR description mismatch: the body says transformers 5.2.0 -> 5.3.0, but the actual code updates examples to 5.5.0 (with one jumping from 4.52.3).

github run

@ask-bonk

ask-bonk Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

LGTM

github run

@anish-sahoo
anish-sahoo added this pull request to the merge queue Jul 16, 2026
Merged via the queue into main with commit 4e62b8b Jul 16, 2026
43 checks passed
@anish-sahoo
anish-sahoo deleted the dependabot-updates branch July 16, 2026 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants