chore: bump visual-retrieval-colpali deps to fix Mend CVEs#1909
Open
odosk wants to merge 4 commits into
Open
Conversation
odosk
force-pushed
the
fix/cve-deps-2026-05-07
branch
from
17002af to
018275a
Compare
odosk
force-pushed
the
fix/cve-deps-2026-05-07
branch
from
018275a to
f4380ce
Compare
odosk
force-pushed
the
fix/cve-deps-2026-05-07
branch
from
f4380ce to
6cfa859
Compare
odosk
force-pushed
the
fix/cve-deps-2026-05-07
branch
from
6cfa859 to
e1d153b
Compare
odosk
force-pushed
the
fix/cve-deps-2026-05-07
branch
from
e1d153b to
622951c
Compare
Whole-manifest sweep of visual-retrieval-colpali to resolve the 18 HIGH/CRITICAL Mend findings flagged in the 2026-05-07 rescan. Notable bumps in src/legacy-requirements.txt (full sweep, not just flagged libs): accelerate 0.34.2 -> 1.13.0 (CVE-2025-14925) python-multipart 0.0.26 -> 0.0.27 (CVE-2026-42561) torch 2.8.0 -> 2.11.0 (CVE-2025-55551, CVE-2026-24747) transformers 5.0.0 -> 4.57.6 (CVE-2024-1139[2-4], CVE-2025-1492[0,1,4,6-30]) huggingface-hub 0.36.0 -> 0.36.2 tokenizers 0.20.3 -> 0.22.2 pyproject.toml: relax `transformers==5.0.0` to `>=4.57.6,<5.0.0`. The previous `==5.0.0` pin (added by Renovate PR #1903 / commit 952bb5f) was unsatisfiable because vidore-benchmark[interpretability] 4.0.x requires `transformers<5.0.0` and the application code imports `vidore_benchmark.interpretability.torch_utils` (interpretability module was removed in vidore-benchmark 5.0.0). Reverting to the latest 4.x line yields a resolvable lockfile while still picking up the silent CVE patches that landed across 4.48 -> 4.57. Pillow remains at 10.4.0 -- transitively pinned `<11.0.0` by both colpali-engine 0.3.1 and vidore-benchmark 4.0.x. Lifting it to 12.x to clear the three pillow CVEs requires migrating off vidore-benchmark[interpretability] (used by src/backend/colpali.py and prepare_feed_deploy.py); that's a code refactor and out of scope for this dep-bump PR. Supersedes Renovate PR #1908 (python-multipart 0.0.27). No local tests run; sample-apps integration tests are too heavy for a dev box. Mend rescan after merge. Related: VESPANG-3201, VESPANG-3271
lucene-analysis-opennlp:9.12.3 transitively pulls opennlp-tools:1.9.4, which is vulnerable to CVE-2026-42440 (OOM DoS via unbounded array allocation in AbstractModelReader). The lucene version is parent-managed (${lucene.vespa.version}) and cannot be bumped here, so override the transitive opennlp-tools to 2.5.9 (the fixed 2.x release). Lucene 10.x already uses opennlp 2.5.x against the same public API surface, so the upgrade is API-compatible for the consumer. slf4j-api transitive is excluded to satisfy the no-compile-scope container enforcer rule. Also rebased onto current master (no conflicts).
odosk
force-pushed
the
fix/cve-deps-2026-05-07
branch
from
622951c to
7f6758e
Compare
CVE-2026-35611 (HIGH, CVSS 8.7) — addressable URL normalization. Fix lands in 2.9.0 per OSV/GHSA-2pj8-3823-7v5h. Resolved via 'bundle lock --update=addressable'; only adjacent change is public_suffix 5.0.4 -> 5.1.1 (constraint widened from <6.0 to <8.0 by addressable 2.9.0).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
This PR was opened + amended by an AI assistant (Claude). Please review carefully before merging.
TL;DR: Whole-manifest sweep of
visual-retrieval-colpali/+ anopennlp-toolsoverride inexamples/lucene-linguistics/going-crazy/(CVE-2026-42440) + today'saddressable 2.8.6 → 2.9.0bump in the rootGemfile.lock(covers CVE-2026-35611, VESPANG-3395). The transformers ZDI cluster (CVE-2025-14920 + 14921/14924/14926-14930) is documented below as a likely Mend FP — no upstream fix exists.Latest amendment (2026-05-22)
bundle lock --update=addressablebumpedaddressable 2.8.6 → 2.9.0to clear the new CVE-2026-35611 finding under VESPANG-3395. Only adjacent change ispublic_suffix 5.0.4 → 5.1.1(constraint widened from<6.0to<8.0by addressable 2.9.0). No downgrades.Changed Files
Gemfile.lockaddressable 2.8.6 → 2.9.0,public_suffix 5.0.4 → 5.1.1visual-retrieval-colpali/pyproject.tomltransformers==5.0.0→transformers>=4.57.6,<5.0.0(Renovate's prior text-replace pin was unsatisfiable withvidore-benchmark<5/colpali-engine 0.3.1)visual-retrieval-colpali/src/legacy-requirements.txtuv pip compile pyproject.toml -o src/legacy-requirements.txt --upgradeexamples/lucene-linguistics/going-crazy/pom.xmlopennlp-tools 1.9.4fromlucene-analysis-opennlp 9.12.3; add explicitopennlp-tools 2.5.9(with slf4j-api exclusion)Notable colpali lockfile transitions:
CVEs Addressed
torch.linalg.luweights_onlyunpickler escape; fixed 2.10.0Pillow stays at 10.4.0 because
colpali-engine 0.3.1andvidore-benchmark[interpretability] >=4.0.0,<5.0.0both requirepillow<11.0.0. The pillow CVEs needpillow>=12.1.1. Lifting requires migratingvidore-benchmarkto 5.x (deletes theinterpretabilitymodule thatsrc/backend/colpali.py:14+prepare_feed_deploy.py:67import) or bumpingcolpali-engine(which then requirestransformers>=5.3.0, same chain). Out of scope for an automated dep bump — surfacing to repo owners.Goal: get Mend's detection improved upstream; local suppression with a
VESPANG-ref is the fallback only.Likely false positive: CVE-2025-14920 (+ CVE-2025-14921, -14924, -14926..-14930) in transformers
TL;DR: ZDI advisory cluster published 2025-12-23 for transformers model-deserialization issues. NVD CPE confirms only
transformers 4.54.1vulnerable; HuggingFace has not published a patch. Mend continues flagging every transformers version including 4.57.6 (latest 4.x) and 5.9.x. We're already pinned at the highest 4.x the resolver allows.Mend identifiers
vespaai(saas-eu.mend.io) — Application:vespa-engine— Project:GH_sample-apps_mastervisual-retrieval-colpali/pyproject.toml/src/legacy-requirements.txtEvidence (reproducible)
NVD CPE for the primary CVE: a single non-ranged entry
cpe:2.3:a:huggingface:transformers:4.54.1:*with noversionEndExcluding. OSV returns no entries for transformers 5.x. The upstreamhuggingface/transformersrepo has no issue/PR/commit referencing the CVE / ZDI-25-1150 / ZDI-CAN-25423 IDs (verified viagh search issues). ZDI advisory at https://www.zerodayinitiative.com/advisories/ZDI-25-1150/ lists no vendor fix.The CVE-2025-14921..14930 cluster is the same ZDI batch — Mend reports them with the same "no fix version" signal.
Suggested improvement for Mend
Until HuggingFace patches, hold off auto-marking newer transformers versions as vulnerable when only one old CPE is confirmed, or drop confidence/severity until NVD enumerates a range. Treating "no fixed version" as "all versions vulnerable" forces consumers to suppress per-finding without evidence-based remediation.
Resolution path
Preferred: file Mend support ticket using this block. Fallback: suppress referencing
VESPANG-3395.Last verified 2026-05-22.
Supersedes
python-multipart0.0.26 → 0.0.27 invisual-retrieval-colpali) — covered.#1907is forhypencoder/requirements.txt, a different sub-app, not superseded.Implementation Notes
transformers==5.0.0pin inpyproject.toml(Renovate, commit 952bb5f) was unsatisfiable — Renovate did a surgical text replace rather than a clean recompile, andvidore-benchmark<5/colpali-engine 0.3.1both requiretransformers<5. Constraint relaxed to>=4.57.6,<5.0.0.lucene.versionresolves tolucene.vespa.versionfrom the parent (cloud-tenant-base [8,9)), so the lucene line cannot be bumped from this pom. Lucene 10.4.0's own opennlp module pinsopennlp-tools 2.5.3against the same public API that 9.12.3 uses, so 2.5.9 override is API-compatible.Verification
bundle lock --update=addressablesucceeds;Gemfile.lockshowsaddressable (2.9.0).uv pip compile pyproject.toml -o src/legacy-requirements.txt --upgradesucceeds invisual-retrieval-colpali/.mvn package -DskipTestspasses inexamples/lucene-linguistics/going-crazy/;mvn dependency:treeconfirmsopennlp-tools:jar:2.5.9resolved.sample-appsintegration tests not run locally — out of scope for automated dep bump.