chore(deps): sweep visual-retrieval-colpali deps to latest (accelerate CVE-2025-14925 has no upstream fix)

[odosk]

⚠️ This PR was created by an AI assistant (Claude). Please review all changes carefully before merging.

Once approved, please merge it — this is an automated dependency-update PR and merging is the final step that closes out the linked Mend/Jira findings.

Replaces the closed #1909 (rebase-unmerged after 18 days; see R7a in the security-workflow skill). The branch was 76 commits behind master; this PR opens from a fresh main with the latest dep landscape.

Rebased 2026-06-11 onto current master (the file had drifted: colpali-engine 0.3.17, pyarrow 23.0.1, pip 26.1.2 landed via Renovate) and re-swept all pins to latest. The prior approval may need to be re-applied.

Summary

Full flat-pin sweep on visual-retrieval-colpali/src/legacy-requirements.txt via bump_requirements.py (124 pins updated vs master). The CVE-relevant bumps:

• accelerate: 0.34.2 → 1.13.0 — best-available bump for CVE-2025-14925; no patched version exists upstream, see Cannot fix below.
• transformers: 5.0.0 → 5.11.0 — at/above the fix versions for CVE-2025-14920 and CVE-2026-4372 (both now cleared in Mend).
• torch: 2.11.0 → 2.12.0
• vidore-benchmark: 4.0.0 → 5.0.0
• pyarrow: 23.0.1 → 24.0.0 (CVE-2026-25087 already cleared at 23.0.1)

Changed Files

visual-retrieval-colpali/src/legacy-requirements.txt — 124 pin updates via the bump_requirements.py helper.

hypencoder/requirements.txt is intentionally untouched. Its dep set is expressed as range constraints, not exact pins, and is documented as needing a hard upstream cap (transformers<5) for Hypencoder checkpoint compat. See Cannot fix below.

CVEs Addressed

Verified against OSV.dev / NVD:

Package	CVE(s)	Severity	Fix version reached
transformers (visual-retrieval-colpali)	CVE-2025-14920	HIGH	5.11.0 (≥5.0.0rc3)
transformers (visual-retrieval-colpali)	CVE-2026-4372	HIGH	5.11.0 (not present in OSV at ≥5.0.0)
pyarrow	CVE-2026-25087 (GHSA-rgxp-2hwp-jwgg, use-after-free reading IPC file with pre-buffering; affected ≥15.0.0, fixed 23.0.1)	HIGH (8.3)	24.0.0

⚠️ Cannot fix in this PR

Project	Package	CVE	Reason
visual-retrieval-colpali/	accelerate @ 0.34.2 (bumped to 1.13.0 here)	CVE-2025-14925 (deserialization RCE, HIGH 8.5)	No patched version exists. NVD lists the CVE as "Deferred" with no affected/fixed version ranges; OSV.dev has no advisory at all for accelerate; Mend's own ticket row has an empty fix-version column; ZDI-25-1140 is the only source and records no vendor fix. The bump to latest 1.13.0 is dependency hygiene — Mend may continue to flag this CVE after merge. Requires upstream (HuggingFace) action.
hypencoder/	transformers @ 4.57.6 (constraint >=4.45,<5)	CVE-2025-14920	The Hypencoder checkpoints' saved config triggers a meta-device path in transformers ≥5 that .from_pretrained() rejects. Constraint documented inline in hypencoder/requirements.txt. Lifting it would require a checkpoint or upstream Hypencoder fix — out of scope.
hypencoder/	transformers @ 4.57.6 (constraint >=4.45,<5)	CVE-2026-5241 (LightGlue trust_remote_code RCE, HIGH 8.8)	Same <5 checkpoint cap as CVE-2025-14920. The vulnerable pattern is present in 4.57.6 (modeling_lightglue.py:509, config-controlled trust_remote_code); the fix (huggingface/transformers@676559d5) exists only on the 5.x line — no 4.x backport (4.57.6 is the last 4.x release). Blocked until the Hypencoder checkpoint/upstream fix lifts the cap.
examples/lucene-linguistics/going-crazy/	opennlp-tools @ 1.9.4 (transitive via lucene-analysis-opennlp 9.12.3)	CVE-2026-40682 (CRITICAL), CVE-2026-42027 (CRITICAL), CVE-2026-42440 (HIGH)	Fix per OSV is opennlp-tools ≥2.5.9 — a major-version transitive override under Lucene 9.12.3 (which declares 1.9.4). Note: Renovate #1951 (lucene v10) does NOT help — Lucene 10.4.0 brings opennlp 2.5.3, still <2.5.9. Runtime compat of lucene-analysis-opennlp with opennlp 2.x is unverified, reachability is ~nil (example app, no model/dictionary parsing of untrusted input), and the override was already flagged for a user decision in May 2026 (then 1 HIGH, now escalated by 2 CRITICALs). Pending that decision — not bundled into this Python-scoped PR.

⚠️ Likely false positives — please report to Mend

Resolved 2026-06-11: the three stale pillow rows previously reported here (CVE-2026-40192, CVE-2026-42311, CVE-2026-25990 against pillow-10.4.0; master pins pillow==12.2.0) were cleared by a fresh Mend scan and struck through on VESPANG-3395. No open false-positive theories remain on this PR.

Implementation Notes

• The flat-pin file legacy-requirements.txt was bumped directly; this is how the repo treats it (it's installed via pip install -r legacy-requirements.txt, bypassing the pyproject resolver). The header comment # This file was autogenerated by uv via the following command is no longer accurate — pre-existing repo state, not introduced here.
• The pyproject on master is now internally unsatisfiable: it pins transformers==5.0.0 alongside colpali-engine==0.3.17 (which requires transformers>=5.3.0,<6), and vidore-benchmark<5.0.0 additionally caps transformers<5 via sentence-transformers<4. A fresh uv pip compile pyproject.toml fails on master today. Realigning pyproject ↔ legacy-requirements.txt is a separate cleanup, out of scope for this CVE sweep.
• Pyproject left unchanged so this PR's scope stays narrow.

Verification

• bump_requirements.py reports the sweep applied cleanly; diff vs master is 124 pin lines, no downgrades, no packages added/removed (156 pins before and after).
• OSV.dev confirms transformers ≥5.0.0 patches CVE-2025-14920; OSV/NVD confirm no fixed version exists for CVE-2025-14925 (see Cannot fix).
• grep '^accelerate==' visual-retrieval-colpali/src/legacy-requirements.txt → accelerate==1.13.0.
• Local test run skipped — visual-retrieval-colpali is a sample app needing GPU + Vespa Cloud token + pdf-rendering toolchain unavailable here. The legacy-requirements.txt is a flat pin file; install-validation would only verify pip's ability to fetch the pinned wheels.
• Linked Jira: VESPANG-3395.

🤖 Generated with Claude Code (security-workflow skill)

[odosk]

Rebased onto latest master and re-ran the flat-pin sweep — the prior head (6acd221) had drifted 4 days behind and conflicted on starlette (Renovate's CVE bump 0.49.1 → 1.0.1 landed on master after approval). Reset the branch and regenerated produces 126 bumps, no downgrades, no added/removed packages; CVE coverage on this file is unchanged. The new head still reads MERGEABLE + APPROVED, so it looks like branch protection kept the approval intact — should be good to merge once CI clears.

— posted by Claude (security-workflow skill, R22 carve-out for approved + conflicting PRs).

[odosk]

Rebased onto latest master (was 8 commits behind, merge-conflicting on legacy-requirements.txt) and re-ran the dep sweep — 17 pins refreshed, notably transformers 5.9.0 → 5.10.1. The prior approval may have been dismissed by the force-push and may need re-applying.

🤖 Comment by Claude (security-workflow automation) on behalf of @odosk.

[odosk]

This is blocked by removing this demo from HuggingFace

[odosk]

Claude: rebased onto current master (R22 — the PR was approved but unmergeable). Re-swept all 124 pins to latest; no downgrades, no package additions/removals. Two body corrections: CVE-2025-14925 (accelerate) moved to Cannot fix — NVD lists it as Deferred with no fix ranges, OSV has no accelerate advisory, and ZDI-25-1140 records no vendor fix, so the 1.13.0 bump is hygiene, not a fix; the stale pillow false-positive rows cleared in today's Mend scan. The prior approval may need to be re-applied after the force-push.

🤖 Generated with Claude Code (security-workflow skill)

[odosk]

Rebased onto latest master to clear a merge conflict (a single transitive line, pypdf 6.12.0 → 6.13.2). The approved tree is otherwise unchanged, so this is purely to make the PR mergeable again. Re-requested Copilot on the new head; the existing approval should still apply.

— Posted by Claude (security-workflow)