chore(deps): bump the gha group across 1 directory with 3 updates

[dependabot]

Bumps the gha group with 3 updates in the /packages/opentelemetry-instrumentation-transformers directory: opentelemetry-semantic-conventions-ai, flake8 and transformers.

Updates opentelemetry-semantic-conventions-ai from 0.4.11 to 0.4.12

Updates flake8 from 7.0.0 to 7.3.0

Commits

• c48217e Release 7.3.0
• f9e0f33 Merge pull request #1986 from PyCQA/document-f542
• 6bcdb62 document F542
• 70a15b8 Merge pull request #1985 from PyCQA/upgrade-deps
• 4941a3e upgrade pyflakes / pycodestyle
• 23e4005 Merge pull request #1983 from PyCQA/py314
• 019424b add support for t-strings
• 6b6f3d5 Merge pull request #1980 from PyCQA/asottile-patch-1
• 8dfa669 add rtd sphinx config
• ce34111 Merge pull request #1976 from PyCQA/document-f824
• Additional commits viewable in compare view

Updates transformers from 4.53.0 to 4.54.1

Release notes

Sourced from transformers's releases.

Patch release 4.54.1

We had quite a lot of bugs that got through! Release was a bit rushed, sorry everyone! 🤗 Mostly cache fixes, as we now have layered cache, and fixed to distributed.

• Fix Cache.max_cache_len max value for Hybrid models, @​manueldeprada, @​Cyrilvallez, #39737
• [modenbert] fix regression, @​zucchini-nlp, #39750
• Fix version issue in modeling_utils.py, @​Cyrilvallez, #39759
• Fix GPT2 with cross attention, @​zucchini-nlp, #39754
• Fix mamba regression, @​manueldeprada, #39728
• Fix: add back base model plan, @​S1ro1, #39733
• fix cache inheritance, #39748
• Fix cache-related tests, @​zucchini-nlp, #39676
• Fix Layer device placement in Caches, @​Cyrilvallez, #39732
• PATCH: add back n-dim device-mesh + fix tp trainer saving, @​S1ro1, @​SunMarc, #39693
• fix missing model._tp_size from ep refactor, @​winglian, #39688

Patch release v4.53.3

Small path release 4.53.3!

A small patch for open telemetry fixes! Sorry for the delay!

** refactor: remove set_tracer_provider and set_meter_provider calls (huggingface/transformers#39422) from @​McPatate

Patch Release v4.53.2

This patch contains the following bug fixes:

• Fix some bug for finetune and batch infer For GLM-4.1V (#39090)
• [bugfix] fix flash attention 2 unavailable error on Ascend NPU (#39166)
• Fix errors when use verl to train GLM4.1v model (#39199)
• [pagged-attention] fix off-by-1 error in pagged attention generation (#39258)
• [smollm3] add tokenizer mapping for smollm3 (#39271)
• [sliding window] revert and deprecate (#39301)
• fix Glm4v batch videos forward (#39172)
• Add a default value for position_ids in masking_utils (#39310)

Patch Release v4.53.1

This patch contains several bug fixes. The following commits are included:

• Fix: unprotected import of tp plugin (#39083)
• Fix key mapping for VLMs (#39029)
• Several fixes for Gemma3n(#39135)
• [qwen2-vl] fix FA2 inference (#39121)
• [smolvlm] fix video inference (#39147)
• Fix multimodal processor get duplicate arguments when receive kwargs for initialization (#39125)
• when delaying optimizer creation only prepare the model (#39152)
• Add packed tensor format support for flex/sdpa/eager through the mask! (#39194)

Commits

• 9c641dc v4.54.1
• b04aae7 Fix Cache.max_cache_len max value for Hybrid models (#39737)
• 0297e59 [modenbert] fix regression (#39750)
• b8e1b28 Fix version issue in modeling_utils.py (#39759)
• 166c1b4 Fix GPT2 with cross attention (#39754)
• ab2a609 Fix mamba regression (#39728)
• 3a6d13c Fix: add back base model plan (#39733)
• a033ae4 fix cache inheritance (#39748)
• 457b478 Fix cache-related tests (#39676)
• 862cb55 Fix Layer device placement in Caches (#39732)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Important

Update dependencies in pyproject.toml for opentelemetry-instrumentation-transformers package.

• Dependencies:
  • Update opentelemetry-semantic-conventions-ai from 0.4.11 to 0.4.12 in pyproject.toml.
  • Update flake8 from 7.0.0 to 7.3.0 in pyproject.toml.
  • Update transformers from 4.53.0 to 4.54.1 in pyproject.toml.

^{This description was created by for 67599ef. You can customize this summary. It will automatically update as commits are pushed.}

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 67599ef in 33 seconds. Click for details.

• Reviewed 18 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 3 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. packages/opentelemetry-instrumentation-transformers/pyproject.toml:30

• Draft comment:
  opentelemetry-semantic-conventions-ai updated from 0.4.11 to 0.4.12 as intended. Confirm that this aligns with the rest of the project dependencies.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

2. packages/opentelemetry-instrumentation-transformers/pyproject.toml:34

• Draft comment:
  flake8 is correctly bumped from 7.0.0 to 7.3.0.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

3. packages/opentelemetry-instrumentation-transformers/pyproject.toml:37

• Draft comment:
  The transformers dependency remains at ^4.51.3, but the PR description mentions updating it to 4.54.1. Please verify and update if needed.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the PR author to verify and update the dependency version, which is related to dependencies. According to the rules, I should not comment on dependency changes or ask the author to verify or update them.

Workflow ID: wflow_cs9MZnE12xTJBrbU

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.