Bump the pip group across 1 directory with 3 updates

[dependabot]

Bumps the pip group with 3 updates in the / directory: requests, gradio and transformers.

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

Commits

• 021dc72 Polish up release tooling for last manual release
• 821770e Bump version and add release notes for v2.32.4
• 59f8aa2 Add netrc file search information to authentication documentation (#6876)
• 5b4b64c Add more tests to prevent regression of CVE 2024 47081
• 7bc4587 Add new test to check netrc auth leak (#6962)
• 96ba401 Only use hostname to do netrc lookup instead of netloc
• 7341690 Merge pull request #6951 from tswast/patch-1
• 6716d7c remove links
• a7e1c74 Update docs/conf.py
• c799b81 docs: fix dead links to kenreitz.org
• Additional commits viewable in compare view

Updates gradio from 5.25.2 to 5.31.0

Changelog

Sourced from gradio's changelog.

5.31.0

Features

• #11229 231ccfe - Chatbot autoscroll fix. Thanks @​dawoodkhan82!
• #11224 834e92c - Fix re-rendering with key when setting a value to None. Thanks @​aliabid94!
• #10832 d457438 - Screen recording. Thanks @​dawoodkhan82!

Fixes

• #11236 3a7750c - Add padding param to gr.Markdown. Thanks @​hannahblair!
• #11238 13c8510 - Fix DeepLink Query Parameters. Thanks @​freddyaboulton!
• #11228 0b7f753 - Improve slider alignment. Thanks @​hannahblair!
• #11227 4099700 - Check file validity even if preprocess=False. Thanks @​freddyaboulton!
• #11230 62a8d97 - Fix Model3D camera_position param. Thanks @​dawoodkhan82!
• #11231 78a3854 - Fix MCP server mounted path. Thanks @​abidlabs!
• #11244 ed97e39 - Ensure show_indices works as expected in gr.JSON. Thanks @​hannahblair!
• #11232 8ea7ce7 - Provide a workaround for the MCP integration for endpoints that have gr.State components. Thanks @​abidlabs!
• #11246 bfb9bcf - Remove Deep Link events from API page. Thanks @​freddyaboulton!

5.30.0

Features

• #11177 3068196 - Improved, smoother fullscreen mode for components. Thanks @​aliabid94!
• #11155 30a1d9e - Improvements to MCP page. Thanks @​abidlabs!
• #11192 a03736f - Add undo and redo to the ImageEditor component. Thanks @​pngwn!
• #11047 6d4b8a7 - Implement custom i18n. Thanks @​hannahblair!

Fixes

• #11221 5f3e84d - Ensure Clear sort works as expected. Thanks @​hannahblair!
• #11117 9b976b7 - Raise UI error if video not playable in the browser. Thanks @​freddyaboulton!
• #11222 b2a93e1 - Add xethub bridge to host whitelist. Thanks @​abidlabs!
• #11202 53688a2 - Fix Deep Link Issue. Thanks @​freddyaboulton!
• #11206 c196ac2 - Render key fixes. Thanks @​aliabid94!
• #11218 2f1c9d5 - for Interface, have DeepLink disabled by default and then enable it after first submission. Thanks @​freddyaboulton!

5.29.1

Features

• #11185 e64b83b - Evaluate index variable in argument description. Thanks @​emmanuel-ferdman!
• #11173 d023b2e - Adds docs for gr.api() which were previously missing from the website. Thanks @​abidlabs!
• #11159 cb9f21b - chore: Support Path type for the favicon. Thanks @​wdroz!
• #11183 ab0fbb3 - Plot brushing prevents chart refresh. Thanks @​aliabid94!
• #11156 a1d436f - Lazy import pandas in native_plot.py. Thanks @​whitphx!
• #11129 d5ddd85 - Ocean theme quickfix. Thanks @​aliabid94!

Fixes

... (truncated)

Commits

• 16c9b24 chore: update versions (#11226)
• ed97e39 Ensure show_indices works as expected in gr.JSON (#11244)
• bfb9bcf Remove Deep Link events from API page (#11246)
• 3a7750c Add padding param to gr.Markdown (#11236)
• 8ea7ce7 Provide a workaround for the MCP integration for endpoints that have `gr.Stat...
• 13c8510 Fix DeepLink Query Parameters (#11238)
• 4099700 Check file validity even if preprocess=False (#11227)
• 62a8d97 Fix Model3D camera_position param (#11230)
• 78a3854 Fix MCP server mounted path (#11231)
• 0b7f753 Improve slider alignment (#11228)
• Additional commits viewable in compare view

Updates transformers from 4.49.0 to 4.51.0

Release notes

Sourced from transformers's releases.

v4.51.0: Llama 4, Phi4-Multimodal, DeepSeek-v3, Qwen3

New Model Additions

Llama 4

Llama 4, developed by Meta, introduces a new auto-regressive Mixture-of-Experts (MoE) architecture.This generation includes two models:

• The highly capable Llama 4 Maverick with 17B active parameters out of ~400B total, with 128 experts.
• The efficient Llama 4 Scout also has 17B active parameters out of ~109B total, using just 16 experts.

Both models leverage early fusion for native multimodality, enabling them to process text and image inputs. Maverick and Scout are both trained on up to 40 trillion tokens on data encompassing 200 languages (with specific fine-tuning support for 12 languages including Arabic, Spanish, German, and Hindi).

For deployment, Llama 4 Scout is designed for accessibility, fitting on a single server-grade GPU via on-the-fly 4-bit or 8-bit quantization, while Maverick is available in BF16 and FP8 formats. These models are released under the custom Llama 4 Community License Agreement, available on the model repositories

Getting started with Llama 4 using transformers is straightforward. Make sure you have transformers v4.51.0 or later installed:

pip install -U transformers[hf_xet]

Here's a quick example using the instruction-tuned Maverick model responding about two images, using tensor parallel for maximum speed. You need to run this script on an instance with 8 GPUs, using a command like:

torchrun –nproc-per-instance=8 script.py

from transformers import AutoProcessor, Llama4ForConditionalGeneration
import torch
model_id = "meta-llama/Llama-4-Maverick-17B-128E-Instruct"
processor = AutoProcessor.from_pretrained(model_id)
model = Llama4ForConditionalGeneration.from_pretrained(
model_id,
attn_implementation="flex_attention",
device_map="auto",
torch_dtype=torch.bfloat16,
)
url1 = "https://huggingface.co/datasets/huggingface/documentation-images/resolve/0052a70beed5bf71b92610a43a52df6d286cd5f3/diffusers/rabbit.jpg"
url2 = "https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/datasets/cat_style_layout.png"
messages = [
{
"role": "user",
"content": [
{"type": "image", "url": url1},
{"type": "image", "url": url2},
{"type": "text", "text": "Can you describe how these two images are similar, and how they differ?"},
]
},
</tr></table>

... (truncated)

Commits

• 0720e20 Release: v4.51.0
• 25b7f27 Add llama4 (#37307)
• aa40fda Hf Xet extra (#37305)
• e945715 Fix deepspeed loading (part 2) (#37306)
• 84aa13d Fix deepspeed loading (#37281)
• 0ef339f Update OpenAI GPT model card (#37255)
• 46d7391 Updated T5 model card with standardized format (#37261)
• 579135a Updated model card for distilbert (#37157)
• 8cd57eb mobilebert model card update (#37256)
• ebe47ce Fix: Unexpected Keys, Improve run_compressed, Rename Test Folder (#37077)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.