Summary
transformers prior to version 5.3.0 is being flagged by security-scanner tools (in our case trivy) as having vulnerability CVE-2026-4372 | HIGH | HuggingFace transformers vulnerable to remote code execution. This is fixed in version 5.3.0.
The latest version of spacy-transformers constrains transformers to >=3.4.0,<4.53.3.
Request
Add support for transformers v5.3.0 to spacy-transformers.
I have found a fork that bumped the version all the way to version 5.5.3 here (just for reference).
Summary
transformersprior to version5.3.0is being flagged by security-scanner tools (in our casetrivy) as having vulnerabilityCVE-2026-4372 | HIGH | HuggingFace transformers vulnerable to remote code execution. This is fixed in version5.3.0.The latest version of
spacy-transformersconstrainstransformersto>=3.4.0,<4.53.3.Request
Add support for
transformers v5.3.0tospacy-transformers.I have found a fork that bumped the version all the way to version
5.5.3here (just for reference).