Bump the pip group across 1 directory with 3 updates by dependabot[bot] · Pull Request #11 · bentoml/BentoCLIP

dependabot · 2026-06-10T00:11:42Z

Bumps the pip group with 3 updates in the / directory: pillow, torch and transformers.

Updates pillow from 10.3.0 to 12.2.0

Release notes

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Update 12.2.0 release notes #9522 [@hugovk]

Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #9482 [@bitplane]

Update Python versions #9515 [@radarhere]

Jeffrey A. Clark -> Jeffrey 'Alex' Clark #9513 [@aclark4life]

Add release notes for #9394, #9419 and #9456 #9467 [@radarhere]

Add Amiga Workbench .info loader to 3rd party plugins list #9459 [@bitplane]

Merge PFM documentation into PPM #9434 [@radarhere]

Update macOS tested Pillow versions #9431 [@radarhere]

Fix CVE number #9430 [@hugovk]

Dependencies

Update xz to 5.8.3 #9523 [@radarhere]

Update libjpeg-turbo to 3.1.4.1 #9507 [@radarhere]

Update libpng to 1.6.56 #9499 [@radarhere]

Update freetype to 2.14.3 #9485 [@radarhere]

Updated libavif to 1.4.1 #9479 [@radarhere]

Updated harfbuzz to 13.2.1 #9461 [@radarhere]

Update Ghostscript to 10.7.0 #9469 [@radarhere]

Update harfbuzz to 13.0.1 #9453 [@radarhere]

Update libavif to 1.4.0 #9460 [@radarhere]

Update freetype to 2.14.2 #9449 [@radarhere]

Update actions/download-artifact action to v8 #9451 [@renovate[bot]]

Updated libpng to 1.6.55 #9425 [@radarhere]

Testing

Cleanup .spider extension in the same test where it is added #9517 [@radarhere]

Run tests in parallel via tox for 3.5x speedup #9516 [@hugovk]

Enable colour in CI logs #9486 [@hugovk]

Update Ghostscript to 10.7.0 #9469 [@radarhere]

Simplify TGA test code #9477 [@radarhere]

Update tests to check for ValueError when encoding an empty image #9464 [@radarhere]

Upgrade CI from macos-15-intel to macos-26-intel #9454 [@hugovk]

Add check-case-conflict hook #9446 [@radarhere]

Specify platform when pulling docker image #9440 [@radarhere]

GHA: Cache libavif and webp builds for Ubuntu #9437 [@hugovk]

Update macOS tested Pillow versions #9431 [@radarhere]

Other changes

Check calloc return value #9527 [@radarhere]

Check all allocs in the Arrow tree #9488 [@wiredfool]

Reject non-numeric elements inside list coords #9526 [@hugovk]

Move variable declaration inside define #9525 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

Changelog (Pillow)

11.1.0 and newer

See GitHub Releases:

https://github.com/python-pillow/Pillow/releases

11.0.0 (2024-10-15)

Update licence to MIT-CMU #8460 [hugovk]

Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

Do not close provided file handles with libtiff when saving #8458 [radarhere]

Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

Use transparency when combining P frames from APNGs #8443 [radarhere]

Support all resampling filters when resizing I;16* images #8422 [radarhere]

Free memory on early return #8413 [radarhere]

Cast int before potentially exceeding INT_MAX #8402 [radarhere]

... (truncated)

Commits

3c41c09 12.2.0 version bump
cdaa29e Check calloc return value (#9527)
585b2f5 Check calloc return value
ecf011e Check all allocs in the Arrow tree (#9488)
cf6de8c Reject non-numeric elements inside list coords (#9526)
ffdcede Update 12.2.0 release notes (#9522)
7929d77 Added security release notes (#149)
c4f7aa5 Added security release notes
22cdb5f Move variable declaration inside define (#9525)
fc15b3b Resize tall images vertically first (#9524)
Additional commits viewable in compare view

Updates torch from 2.3.1 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

Highlights

Backwards Incompatible Changes

Deprecations

New Features

Improvements

Bug fixes

Performance

Documentation

Developers

Highlights

... (truncated)

Commits

ba56102 Cherrypick: Add the RunLLM widget to the website (#159592)
c525a02 [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (#15...
a1cb3cc [Release Only] Remove nvshmem from list of preload libraries (#158925)
c76b235 Move out super large one off foreach_copy test (#158880)
20a0e22 Revert "[Dynamo] Allow inlining into AO quantization modules (#152934)" (#158...
9167ac8 [MPS] Switch Cholesky decomp to column wise (#158237)
5534685 [MPS] Reimplement tri[ul] as Metal shaders (#158867)
d19e08d Cherry pick PR 158746 (#158801)
a6c044a [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...
620ebd0 [Dynamo] Use proper sources for constructing dataclass defaults (#158689)
Additional commits viewable in compare view

Updates transformers from 4.41.2 to 5.0.0rc3

Release notes

Sourced from transformers's releases.

Release candidate v5.0.0rc3

New models:

[GLM-4.7] GLM-Lite Supoort by @zRzRzRzRzRzRzR in huggingface/transformers#43031

[GLM-Image] AR Model Support for GLM-Image by @zRzRzRzRzRzRzR in huggingface/transformers#43100

Add LWDetr model by @sbucaille in huggingface/transformers#40991

Add LightOnOCR model implementation by @baptiste-aubertin in huggingface/transformers#41621

What's Changed

We are getting closer and closer to the official release! This RC is focused on removing more of the deprecated stuff, fixing some minors issues, doc updates.

Update Japanese README to match English version by @lilin-1 in huggingface/transformers#43069

[docs] Deploying by @stevhliu in huggingface/transformers#42263

[docs] inference engines by @stevhliu in huggingface/transformers#42932

Fix typos: Remove duplicate duplicate words words by @efeecllk in huggingface/transformers#43040

[style] Rework ruff rules and update all files by @Cyrilvallez in huggingface/transformers#43144

[CB] Minor fix in kwargs by @remi-or in huggingface/transformers#43147

[Bug] qwen2_5_omni: cap generation length to be less than the max_position_embedding in DiT by @sniper35 in huggingface/transformers#43068

Fix some deprecated practices in torch 2.9 by @Cyrilvallez in huggingface/transformers#43167

Fix Fuyu processor width dimension bug in _get_num_multimodal_tokens by @Abhinavexists in huggingface/transformers#43137

Inherit from PreTrainedTokenizerBase by @juliendenize in huggingface/transformers#43143

Generation config boolean defaults by @zucchini-nlp in huggingface/transformers#43000

Fix failing BartModelIntegrationTest by @Sai-Suraj-27 in huggingface/transformers#43160

fix failure of llava/pixtral by @sywangyi in huggingface/transformers#42985

GemmaTokenizer: remove redundant whitespace pre-tokenizer by @vaibhav-research in huggingface/transformers#43106

Support auto_doctring in Processors by @yonigozlan in huggingface/transformers#42101

Fix failing BitModelIntegrationTest by @Sai-Suraj-27 in huggingface/transformers#43164

[Fp8] Fix experts by @vasqu in huggingface/transformers#43154

Docs: improve wording for documentation build instructions by @Sailnagale in huggingface/transformers#43007

[makefile] Cleanup and improve the rules by @Cyrilvallez in huggingface/transformers#43171

Some new models added stuff that was already removed by @Cyrilvallez in huggingface/transformers#43179

Fixes and compilation warning in torchao docs by @merveenoyan in huggingface/transformers#42909

[cache] Remove all deprecated classes by @Cyrilvallez in huggingface/transformers#43168

Bump huggingface_hub minimal version by @Wauplin in huggingface/transformers#43188

Rework check_config_attributes.py by @Cyrilvallez in huggingface/transformers#43191

Fix generation config validation by @zucchini-nlp in huggingface/transformers#43175

[style] Use 'x | y' syntax for processors as well by @Wauplin in huggingface/transformers#43189

Remove deprecated objects by @Cyrilvallez in huggingface/transformers#43170

fix chunked prefill implementation issue-43082 by @marcndo in huggingface/transformers#43132

Reduce add_dates verbosity by @yonigozlan in huggingface/transformers#43184

Add support for MiniMax-M2 by @rogeryoungh in huggingface/transformers#42028

Fix failing salesforce-ctrl, xlm & gpt-neo model generation tests by @Sai-Suraj-27 in huggingface/transformers#43180

Less verbose library helpers by @Cyrilvallez in huggingface/transformers#43197

run all test files on CircleCI by @ydshieh in huggingface/transformers#43146

Clamp temperature to >=1.0 for Dia generation by @Haseebasif7 in huggingface/transformers#43029

Fix spelling typos in comments and code by @raimbekovm in huggingface/transformers#43046

[docs] llama.cpp by @stevhliu in huggingface/transformers#43185

... (truncated)

Commits

cb5079f v5.0.0rc3
d1808f2 [ci] Fixing some failing tests for important models (#43231)
3d27645 Add LightOnOCR model implementation (#41621)
77146cc fix crash in when running FSDP2+TP (#43226)
61317f5 [CB] Ensure parallel decoding test passes using FA (#43277)
1efe1a6 Fix failing PegasusX, Mvp & LED model integration tests (#43245)
e8ae373 [consistency] Ensure models are added to the _toctree.yml (#43264)
c85be98 [docs] tensorrt-llm (#43176)
38022fd [style] Fix init isort and align makefile and CI (#43260)
e977446 Fix failing Hiera, SwiftFormer & LED Model integration tests (#43225)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 3 updates in the / directory: [pillow](https://github.com/python-pillow/Pillow), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers). Updates `pillow` from 10.3.0 to 12.2.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.3.0...12.2.0) Updates `torch` from 2.3.1 to 2.8.0 - [Release notes](https://github.com/pytorch/pytorch/releases) - [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md) - [Commits](pytorch/pytorch@v2.3.1...v2.8.0) Updates `transformers` from 4.41.2 to 5.0.0rc3 - [Release notes](https://github.com/huggingface/transformers/releases) - [Commits](huggingface/transformers@v4.41.2...v5.0.0rc3) --- updated-dependencies: - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production dependency-group: pip - dependency-name: torch dependency-version: 2.8.0 dependency-type: direct:production dependency-group: pip - dependency-name: transformers dependency-version: 5.0.0rc3 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 10, 2026

This was referenced Jun 10, 2026

Bump pillow from 10.2.0 to 10.3.0 #4

Closed

Bump transformers from 4.37.1 to 4.38.0 #5

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 1 directory with 3 updates#11

Bump the pip group across 1 directory with 3 updates#11
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pip-09da00ba6a

dependabot Bot commented on behalf of github Jun 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 10, 2026

12.2.0

Documentation

Dependencies

Testing

Other changes

Changelog (Pillow)

11.1.0 and newer

11.0.0 (2024-10-15)

PyTorch 2.8.0 Release Notes

Highlights

Release candidate v5.0.0rc3

New models:

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants