VULN UPGRADE: minor upgrades — 19 packages (minor: 6 · patch: 13) by campaigner-prod[bot] · Pull Request #81 · DataDog/toto

campaigner-prod · 2026-03-06T07:11:34Z

Summary: Security update — 19 packages upgraded (MINOR changes included)

Manifests changed:

. (pip)

Updates

Package	From	To	Type	Vulnerabilities Fixed
transformers	4.52.1	4.52.4	patch	8 MODERATE
torch	2.7.0	2.7.1	patch	2 MODERATE, 1 LOW
datasets	2.17.1	2.21.0	minor	-
lightning	2.3.3	2.6.0	minor	-
pandas	2.2.3	2.3.3	minor	-
pytest	8.3.5	8.4.2	minor	-
pytest-env	1.1.5	1.5.0	minor	-
rich	10.2.2	10.16.2	minor	-
PyYAML	6.0.2	6.0.3	patch	-
boto3	1.34.69	1.34.162	patch	-
dill	0.3.8	0.3.9	patch	-
jaxtyping	0.2.29	0.2.38	patch	-
matplotlib	3.9.2	3.9.4	patch	-
mypy	1.11.1	1.11.2	patch	-
pyyaml	6.0.2	6.0.3	patch	-
rotary-embedding-torch	0.8.6	0.8.9	patch	-
scikit-learn	1.5.0	1.5.2	patch	-
tqdm	4.66.3	4.66.6	patch	-
types-PyYAML	6.0.12.20240917	6.0.12.20250915	patch	-

Packages marked with "-" are updated due to dependency constraints.

Security Details

ℹ️ Other Vulnerabilities (11)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
torch	GHSA-887c-mr87-cxwp	MODERATE	PyTorch Improper Resource Shutdown or Release vulnerability	2.7.0	2.8.0
torch	CVE-2025-3730	MODERATE	-	2.7.0	-
transformers	GHSA-9356-575x-2w9m	MODERATE	Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability	4.52.1	4.53.0
transformers	CVE-2025-5197	MODERATE	-	4.52.1	-
transformers	GHSA-4w7r-h757-3r74	MODERATE	Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer	4.52.1	4.53.0
transformers	CVE-2025-6921	MODERATE	-	4.52.1	-
transformers	GHSA-rcv9-qm8p-9p6j	MODERATE	Hugging Face Transformers library has Regular Expression Denial of Service	4.52.1	4.53.0
transformers	CVE-2025-6051	MODERATE	-	4.52.1	-
transformers	GHSA-59p9-h35m-wg4g	MODERATE	Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer	4.52.1	4.53.0
transformers	CVE-2025-6638	MODERATE	-	4.52.1	-
torch	GHSA-3749-ghw9-m3mg	LOW	PyTorch susceptible to local Denial of Service	2.7.0	2.7.1-rc1

Review Checklist

Standard review:

Review changes for compatibility with your code
Check for breaking changes in release notes
Run tests locally or wait for CI

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

Executing automated changes

55e9110

campaigner-prod bot added campaigner-automated-change adms-low-severity adms-medium-severity adms-minor-update adms-mode-all-updates adms-python adms-dependency-update labels Mar 6, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VULN UPGRADE: minor upgrades — 19 packages (minor: 6 · patch: 13) #81

VULN UPGRADE: minor upgrades — 19 packages (minor: 6 · patch: 13) #81
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/0-1772781088

campaigner-prod bot commented Mar 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

campaigner-prod bot commented Mar 6, 2026

Updates

Security Details

Review Checklist

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants