Skip to content

Security: transformers 4.41.2 flagged by Veracode (6 High / 7 Medium) — please upgrade #3691

@rfedkovych-collab

Description

@rfedkovych-collab

Hi Flair maintainers 👋

Our dependency scanning (Veracode SCA) is flagging transformers==4.41.2 as vulnerable. Since transformers is a transitive dependency for Flair in our setup, this is impacting downstream users.

What we’re seeing
Package: transformers
Version: 4.41.2
Tool: Veracode SCA
Findings: 6 High severity + 7 Medium severity issues (per Veracode)

Could you please:

Confirm whether Flair can upgrade/pin transformers to a non-vulnerable version, and

Image

share guidance on the minimum safe version you recommend (or whether there’s an alternate dependency approach)?

Many thanks for considering my request!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions