Skip to content

feat(deps)!: migrate to transformers 5.x (fix nightly CVE-2026-4372)#68

Merged
cemililik merged 3 commits into
mainfrom
development
Jul 4, 2026
Merged

feat(deps)!: migrate to transformers 5.x (fix nightly CVE-2026-4372)#68
cemililik merged 3 commits into
mainfrom
development

Conversation

@cemililik

@cemililik cemililik commented Jul 4, 2026

Copy link
Copy Markdown
Collaborator

Why

Nightly CI has failed every night since 2026-07-02 on the supply-chain pip-audit gate. Root cause: a new advisory, transformers CVE-2026-4372 — a critical AutoModelForCausalLM.from_pretrained() RCE (malicious config.json _attn_implementation_internal downloads + executes attacker code, bypassing trust_remote_code), fixed only in transformers 5.3.0. check_pip_audit.py fails closed on its UNKNOWN OSV severity, and the old transformers<5.0.0 pin could not reach the fix.

No code was broken — the fix is to raise the pin off the 4.x line.

What

Raise the core floor to transformers>=5.3.0,<6.0.0 and cascade the co-dependencies it requires:

package new pin driver
transformers >=5.3.0,<6.0.0 CVE-2026-4372 fix
torch >=2.4.0,<3.0.0 tf5 requires torch 2.4+
huggingface_hub >=1.3.0,<2.0.0 tf5 requires hub 1.3+
peft >=0.19.0,<1.0.0 tf5 integration
accelerate >=1.4.0,<2.0.0 trl 1.0 requires 1.4+
datasets >=4.7.0,<6.0.0 trl 1.0 requires 4.7+
trl >=1.0.0,<2.0.0 tf5 compatible
requests >=2.32.2,<3.0.0 datasets 4.7 requires 2.32.2+

Code: dropped safe_serialization=True from the 3 save_pretrained sites (kwarg removed in tf5; safetensors is now the enforced default), renamed torch_dtype=dtype= at the export/synthetic from_pretrained sites (deprecated alias in tf5), refreshed the stale trl-pin comment in trainer.py.

CI: rebuilt the nightly test-min-deps floor to a co-installable tf5 minimum set.

Security: removed both now-inert transformers suppressions from pip_audit_ignores.yamlCVE-2026-1839 (fixed 5.0.0rc3) and PYSEC-2025-217/CVE-2025-14929 (OSV last-affected 5.0.0rc0). Advisory count → zero transformers (9 torch + 1 markdown remain).

⚠️ Breaking changes

  • Drops transformers 4.x. ForgeLM now requires transformers 5.x.
  • Drops Intel Mac (x86_64). tf5 requires torch>=2.4, for which PyPI publishes no x86_64-Darwin wheel. Apple Silicon / Linux / Windows unaffected. Documented in README + installation guide (EN+TR).
  • Version bumped to 0.9.0rc1.

Review

Reviewed via 4 independent review agents (correctness, dependency-resolution, docs/security, conventions). Every finding was verified against PyPI/OSV and folded in: the requests floor, the second inert suppression, the torch_dtypedtype rename, and the installation-guide platform gap.

Validation

  • ✅ 8 stdlib doc/version guards pass locally (bilingual parity, anchors, TR-links, self-contained, no-analysis-refs, site-version, sys-modules-pop, audit-event-catalog).
  • ✅ Empirical: the nightly test-latest-deps job is already green on transformers 5.13 + trl 1.7.1 + peft 0.19 + datasets 5.0 — ForgeLM's code + test suite already run on tf5.
  • ⏳ CI-gated (could not run in the authoring env): pytest, ruff, forgelm --dry-run, and the min-deps floor pip resolution + real merge/save/teacher-load paths on tf5. A manual nightly.yml dispatch after merge confirms the supply-chain gate goes green.

Follow-ups (out of scope, tracked separately)

  • Retire the numpy<2 ABI preflight + its json-output.md docs (Intel Mac scenario now dropped).
  • training.sample_packing removal (CHANGELOG promises it for 0.9.0).
  • Review the first tf5 nightly's pip-audit output for any transformers-5-specific advisories.

🤖 Generated with Claude Code

Summary by Sourcery

Raise ForgeLM’s dependency floor to transformers 5.3+ to resolve CVE-2026-4372 and align the stack and CI with the new minimum versions, introducing a breaking drop of transformers 4.x and Intel macOS (x86_64) support.

Enhancements:

  • Update core runtime dependencies (torch, transformers, huggingface_hub, peft, accelerate, datasets, trl, requests) to versions compatible with transformers 5.x.
  • Adjust model load/save call sites to use transformers 5.x APIs and defaults without changing runtime behaviour.
  • Refresh trainer configuration handling comments to reflect the trl 1.x floor and future-proof max-length detection.

CI:

  • Rebuild the nightly test-min-deps job to install an explicitly pinned transformers-5-based minimum dependency set in line with pyproject.

Documentation:

  • Document the transformers 5.x migration, dependency changes, and security impact in the CHANGELOG.
  • Update README and bilingual installation guides to require torch>=2.4.0 and note the end of Intel Mac (x86_64) support.
  • Revise English/Turkish supply-chain security docs to reflect removal of transformers pip-audit suppressions and the new transformers floor.

Chores:

  • Remove now-inert transformers entries from pip_audit_ignores.yaml and annotate that no transformers advisories are currently suppressed.

Summary by CodeRabbit

  • Bug Fixes

    • Improved compatibility when exporting and saving merged models with the latest Transformers behavior.
    • Updated model loading and training configuration to use the current dtype and max_length options.
  • Documentation

    • Updated installation prerequisites (now requires torch>=2.4.0) and clarified Intel Mac (x86_64) isn’t supported.
    • Refreshed supply-chain/pip-audit guidance and ignore details to match current advisories.
  • Chores

    • Bumped the release version and updated the minimum supported dependency set (including dropping older Transformers support).
  • Tests

    • Adjusted checks related to supply-chain ignore configuration and TRL max_length handling.

Nightly CI failed 2026-07-02..04 on the supply-chain pip-audit gate:
transformers CVE-2026-4372 (critical from_pretrained RCE, fixed in 5.3.0)
dropped, and check_pip_audit fails closed on its UNKNOWN OSV severity.
The old transformers<5.0.0 pin could not reach the fix.

Raise the core floor to transformers>=5.3.0,<6.0.0 and cascade the
co-dependencies it requires:
  torch>=2.4.0, huggingface_hub>=1.3.0,<2.0.0, peft>=0.19.0,
  accelerate>=1.4.0, datasets>=4.7.0,<6.0.0, trl>=1.0.0, requests>=2.32.2
(trl 1.0 pulls the accelerate>=1.4 / datasets>=4.7 floor; datasets 4.7
pulls requests>=2.32.2).

BREAKING CHANGE: drops transformers 4.x and Intel Mac (x86_64) support —
the latter has no torch>=2.4 wheel on PyPI. Apple Silicon, Linux and
Windows are unaffected.

- code: drop safe_serialization=True from the 3 save_pretrained sites
  (removed in tf5; safetensors is the enforced default). Rename
  torch_dtype= -> dtype= at the export/synthetic from_pretrained sites
  (deprecated alias in tf5). Refresh the stale trl-pin comment in trainer.py.
- ci: rebuild nightly test-min-deps floor to a co-installable tf5 set.
- security: remove BOTH now-inert transformers suppressions from
  pip_audit_ignores.yaml — CVE-2026-1839 (fixed 5.0.0rc3) and PYSEC-2025-217
  / CVE-2025-14929 (OSV last-affected 5.0.0rc0); update supply-chain
  advisory count to zero transformers (EN+TR).
- docs: README prerequisite (torch>=2.4, Intel Mac drop) + installation.md
  Intel Mac note (EN+TR); CHANGELOG.
- bump to 0.9.0rc1.

Reviewed via 4 parallel review agents (correctness, dep-resolution,
docs/security, conventions); their findings (requests floor, second inert
suppression, torch_dtype rename, installation-guide gap) are folded in.
Validated locally: 8 stdlib doc/version guards pass; nightly
test-latest-deps already green on tf5.13. Full pytest/ruff/pip-audit and
the min-deps floor resolution remain CI-gated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sourcery-ai

sourcery-ai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Reviewer's Guide

Migrates ForgeLM to transformers 5.x by raising dependency floors, updating nightly min-deps CI, adapting model load/save call sites to the new API, and cleaning up pip-audit ignores and documentation to reflect the new security posture and platform support (including dropping Intel macOS x86_64).

Sequence diagram for nightly min-deps CI with transformers 5 and updated pip-audit ignores

sequenceDiagram
  actor GitHubActions
  participant pip
  participant check_pip_audit_py as check_pip_audit.py
  participant pip_audit
  participant tools_pip_audit_ignores_yaml as tools/pip_audit_ignores.yaml

  GitHubActions->>pip: pip install "torch==2.4.0" "transformers==5.3.0" "huggingface_hub==1.3.0" "peft==0.19.0" "accelerate==1.4.0" "datasets==4.7.0" "trl==1.0.0"
  GitHubActions->>check_pip_audit_py: python check_pip_audit.py
  check_pip_audit_py->>pip_audit: run pip-audit
  pip_audit->>tools_pip_audit_ignores_yaml: load ignores
  tools_pip_audit_ignores_yaml-->>pip_audit: no transformers entries
  pip_audit-->>GitHubActions: report zero transformers advisories under transformers>=5.3.0 floor
Loading

File-Level Changes

Change Details Files
Raise core dependency pins for transformers and its ecosystem to the 5.x-compatible, CVE-fixed minimum versions and bump project version.
  • Updated pyproject.toml [project].dependencies to require transformers>=5.3.0,<6.0.0 plus matching floors for torch, huggingface_hub, peft, accelerate, datasets, trl, and requests.
  • Removed the numpy<2 darwin x86_64 ABI guard now that Intel Mac is not supported and torch>=2.4 ships against NumPy 2.x.
  • Bumped the project version from 0.8.1rc1 to 0.9.0rc1 and updated the CHANGELOG header to the 0.9.0 dev cycle with notes on the breaking dependency migration and platform drop.
pyproject.toml
CHANGELOG.md
Align CI nightly min-deps job with the new transformers 5.x minimum stack.
  • Reworked the nightly.yml test-min-deps installation step to pin explicit minimum versions for torch, transformers, huggingface_hub, peft, accelerate, datasets, and trl that match pyproject’s dependency floors.
  • Documented in comments that transformers 5.3.0 is the CVE-2026-4372 fix floor and that all gates are pinned explicitly to exercise the true minimums.
.github/workflows/nightly.yml
Update model load and save code to the transformers 5 API while preserving behavior.
  • Replaced use of the deprecated torch_dtype kwarg in AutoModelForCausalLM.from_pretrained with dtype at export and synthetic teacher load sites, keeping the same float16/float32 semantics.
  • Removed safe_serialization=True from all save_pretrained calls, relying on transformers 5’s enforced safetensors default to keep output format unchanged.
  • Adjusted comments in trainer.py around TRL SFTConfig max_length vs max_seq_length to reflect the new trl>=1.0.0 floor while retaining the runtime attribute detection and clarifying failure behavior.
forgelm/export.py
forgelm/synthetic.py
forgelm/merging.py
forgelm/trainer.py
Clean up pip-audit ignores and supply-chain security docs to reflect that transformers advisories are now fixed under the raised floor.
  • Removed both transformers-related suppressions (CVE-2026-1839 and PYSEC-2025-217/CVE-2025-14929) from pip_audit_ignores.yaml and replaced them with a comment explaining their removal under transformers>=5.3.0.
  • Updated English and Turkish supply-chain security reference docs to state that the ignores file now only contains torch and markdown advisories and that the transformers entries were dropped once the floor made them unreportable.
tools/pip_audit_ignores.yaml
docs/reference/supply_chain_security.md
docs/reference/supply_chain_security-tr.md
Document the Intel Mac (x86_64) platform drop and new torch prerequisite in user-facing docs.
  • Added explicit callouts in the English and Turkish installation guides that Intel Macs (x86_64) are not supported due to lack of torch>=2.4 wheels, recommending Apple Silicon, Linux, or Windows.
  • Updated README prerequisites to require torch>=2.4.0 (via transformers>=5.3.0) and to mention that Intel Macs are no longer supported, pointing to the installation guide for platform-specific notes.
docs/usermanuals/en/getting-started/installation.md
docs/usermanuals/tr/getting-started/installation.md
README.md

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Raises the project’s minimum ML dependency floors, updates Transformers 5.x call sites, removes obsolete pip-audit suppressions, and refreshes release and installation docs to match the new compatibility baseline.

Changes

Transformers 5 dependency floor migration

Layer / File(s) Summary
Dependency pin updates and version bump
pyproject.toml, .github/workflows/nightly.yml
Raises core dependency minimums, removes the Darwin x86_64 numpy guard, bumps the project version, and updates CI minimum-dependency pins to match.
Model loading and merge/save updates
forgelm/export.py, forgelm/synthetic.py, forgelm/trainer.py, forgelm/merging.py, tests/test_trainer_sft_config.py
Switches model loading to dtype=, removes safe_serialization=True from save paths, and updates TRL config handling and tests to require max_length.
Pip-audit suppression cleanup
tools/pip_audit_ignores.yaml, tests/test_check_pip_audit.py
Clears transformers suppressions and updates the validation test to check the remaining torch entry.
Changelog and documentation updates
CHANGELOG.md, README.md, docs/reference/supply_chain_security*.md, docs/usermanuals/*/getting-started/installation.md
Updates release notes and installation/security docs for the new dependency floor and Intel Mac support note.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Possibly related PRs

  • HodeTech/ForgeLM#43: Also changes the project’s PyTorch minimum version constraints and installation guidance.
  • HodeTech/ForgeLM#60: Related to the pip-audit ignore handling and validation updated here.
  • HodeTech/ForgeLM#44: Closely related to the TRL SFTConfig sequence-length kwarg handling updated in forgelm/trainer.py and its tests.
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description covers the work well, but it doesn't follow the required template headings and checklists. Rewrite it using the repository template: Summary, Changes, Type, Testing, and Checklist sections with the required bullets/checkboxes.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly states the Transformers 5.x migration and CVE fix, matching the main change.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch development

Comment @coderabbitai help to get the list of available commands.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • Now that trl is pinned at >=1.0.0,<2.0.0, consider simplifying _get_training_args_for_type by either dropping the max_seq_length fallback or explicitly keying off the installed trl version instead of attribute probing, which will make the logic clearer and easier to maintain if the API changes again.
  • Given that Intel macOS (x86_64) is now an unsupported platform due to the torch>=2.4.0 requirement, you might want to add a small runtime/platform check (e.g., early in the CLI entrypoint) to fail fast with a clear error message rather than relying solely on documentation and pip’s resolution behavior.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- Now that `trl` is pinned at `>=1.0.0,<2.0.0`, consider simplifying `_get_training_args_for_type` by either dropping the `max_seq_length` fallback or explicitly keying off the installed `trl` version instead of attribute probing, which will make the logic clearer and easier to maintain if the API changes again.
- Given that Intel macOS (x86_64) is now an unsupported platform due to the `torch>=2.4.0` requirement, you might want to add a small runtime/platform check (e.g., early in the CLI entrypoint) to fail fast with a clear error message rather than relying solely on documentation and pip’s resolution behavior.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request implements a breaking dependency migration to transformers 5.x (specifically transformers>=5.3.0,<6.0.0), which cascades several co-dependency updates including torch>=2.4.0 and trl>=1.0.0. Due to the torch upgrade, support for Intel Macs (x86_64) is dropped. The migration resolves CVE-2026-4372, allowing the removal of two previously suppressed advisories from tools/pip_audit_ignores.yaml. Code changes adapt to transformers 5.x by renaming torch_dtype to dtype and removing the deprecated safe_serialization keyword argument from model-saving sites. There are no review comments to evaluate, and I have no additional feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

cemililik and others added 2 commits July 5, 2026 00:41
…rmers suppressions

The v0.9.0 transformers-5 migration removed both transformers advisories
(CVE-2026-1839, PYSEC-2025-217) from tools/pip_audit_ignores.yaml — pip-audit
no longer reports either under the transformers>=5.3.0 pin. The structural
loader/indexing smoke test asserted CVE-2026-1839 was still present; point it
at a still-present torch entry (PYSEC-2025-191) instead.

Fixes the sole test failure in PR #68 (2845 passed, 1 failed on tf5).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Per PR #68 review: with the trl>=1.0.0,<2.0.0 floor from the transformers-5
migration, SFTConfig always exposes `max_length` (the `max_seq_length` name
was retired after trl 0.12.x), so the fallback branch was unreachable dead
code. Drive `max_length` directly, but KEEP the runtime signature check +
hard-fail so a future trl that removes/hides the parameter still fails loud
rather than silently dropping the configured sequence-length cap
(docs/standards/error-handling.md "no silent failures").

The hard-fail error message still names both parameters, so the two
future-proofing regression tests are unaffected. Removes the now-obsolete
legacy-trl-0.12.x test (that path is below the supported floor).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
forgelm/trainer.py (1)

607-642: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Verified against trl behavior — correct migration.

Confirmed max_length has been the sequence-length parameter in SFTConfig since trl 0.13 (with max_seq_length removed in 0.20.0) and remains present in the pinned trl>=1.0.0,<2.0.0 range. The runtime signature check plus hard-fail on absence correctly implements the "no silent failures" contract, and matches the accompanying tests (test_sft_config_uses_max_length_on_modern_trl, test_sft_config_raises_when_neither_seqlen_param_exposed, test_sft_config_raises_when_seqlen_only_in_kwargs).

One minor note: unlike the other trainer types (orpo, dpo, simpo, kto, grpo), which call self._apply_max_length(kwargs), the SFT branch inlines kwargs["max_length"] = self.config.model.max_length directly (Line 641) instead of reusing the helper. This is intentional given the extra signature verification, but could be tightened for consistency if desired.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@forgelm/trainer.py` around lines 607 - 642, The SFT branch in
_get_training_args_for_type is duplicating max-length assignment logic instead
of using the shared _apply_max_length helper like the other trainer types. After
the SFTConfig signature check, route the max-length setup through
self._apply_max_length(kwargs) so the SFT path stays consistent with the
orpo/dpo/simpo/kto/grpo branches while preserving the existing runtime
validation.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@forgelm/trainer.py`:
- Around line 607-642: The SFT branch in _get_training_args_for_type is
duplicating max-length assignment logic instead of using the shared
_apply_max_length helper like the other trainer types. After the SFTConfig
signature check, route the max-length setup through
self._apply_max_length(kwargs) so the SFT path stays consistent with the
orpo/dpo/simpo/kto/grpo branches while preserving the existing runtime
validation.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 67ce6039-5372-47d4-a350-9a4a884ddc8b

📥 Commits

Reviewing files that changed from the base of the PR and between 9974886 and f9c7651.

📒 Files selected for processing (2)
  • forgelm/trainer.py
  • tests/test_trainer_sft_config.py

@cemililik cemililik merged commit 5373a40 into main Jul 4, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant