Security: transformers 4.41.2 flagged by Veracode (6 High / 7 Medium) — please upgrade

Hi Flair maintainers 👋

Our dependency scanning (Veracode SCA) is flagging `transformers==4.41.2` as vulnerable. Since transformers is a transitive dependency for Flair in our setup, this is impacting downstream users.

What we’re seeing
 **Package**: transformers
 **Version**: 4.41.2
 **Tool**: Veracode SCA
 **Findings**: 6 High severity + 7 Medium severity issues (per Veracode)

_**Could you please:**_

Confirm whether Flair can upgrade/pin transformers to a non-vulnerable version, and

<img width="1092" height="65" alt="Image" src="https://github.com/user-attachments/assets/48aea1c3-dc4a-40d0-bb5a-ed4909d16a3e" />

share guidance on the minimum safe version you recommend (or whether there’s an alternate dependency approach)?

Many thanks for considering my request!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security: transformers 4.41.2 flagged by Veracode (6 High / 7 Medium) — please upgrade #3691

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Security: transformers 4.41.2 flagged by Veracode (6 High / 7 Medium) — please upgrade #3691

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions