RepoJournal
Hugging Face

@huggingface

Transformers, Datasets, and the open AI-model layer

Pick a date

The Wire · Showcase

TRANSFORMERS LOCKS DOWN CI PIPELINE, HUB SHIPS KEYLESS AUTH

By RepoJournal · Filed · About Hugging Face

Hugging Face hardened fork PR security with automated CI gates [ref:1] [ref:3] [ref:4] while huggingface_hub v1.19.0 enables token-free GitHub Actions via OIDC [ref:13].

The transformers repo deployed a three-phase security overhaul for untrusted fork PRs. The initial security gate [1] was instrumented with a 60-second observation window [2], then upgraded to real checks [3] that block CI infrastructure changes and run Bandit on Python files. The final layer [4] switched to targeted test ID matching in Bandit's JSON report to catch subprocess and shell injection patterns regardless of severity classification. Meanwhile, huggingface_hub 1.19.0 [5] shipped Trusted Publishers support, letting CI workflows exchange OIDC tokens for scoped Hub access without storing `HF_TOKEN` secrets. GitHub Actions is supported out of the box. LeRobot made two critical fixes to multi-GPU training [6] [7]: bumped accelerate to 1.14.0 to report slowest-rank metrics across all GPUs, and synchronized the episode-aware sampler shuffle permutation so distributed batch sharding stays consistent across ranks. A separate PR [8] relaxed dependency bounds on grpcio and protobuf to ease downstream compatibility. Documentation across hub-docs updated to reflect Trusted Publishers [9], user blocking without reports [11], and auto-generated inference provider definitions [10].

Action items

References

  1. [1] [TBC] [CI] Auto-approve PR CI for fork PRs via security gate (#46553) huggingface/transformers
  2. [2] [CI] Add 60s delay in security gate for flow observation (#46555) huggingface/transformers
  3. [3] [CI] Implement real security check in PR CI security gate (#46557) huggingface/transformers
  4. [4] [CI] Catch all shell/process execution issues in security gate via Bandit JSON report (#46560) huggingface/transformers
  5. [5] [v1.19.0] Trusted Publishers, hf:// URIs, and expose-ports for Jobs ↗ huggingface/huggingface_hub
  6. [6] feat(training): bump accelerate + use reduction types for tracked metrics in a multi rank setup ↗ huggingface/lerobot
  7. [7] fix(train): synchronize EpisodeAwareSampler shuffling across ranks and gate dataset download per node ↗ huggingface/lerobot
  8. [8] chore(deps): relax `grpcio` / `protobuf` / `wandb` bounds ↗ huggingface/lerobot
  9. [9] Trusted Publishers: use the `hf` CLI for the OIDC exchange ↗ huggingface/hub-docs
  10. [10] [Bot] Update Inference Providers documentation ↗ huggingface/hub-docs
  11. [11] docs: you can block a user without reporting them ↗ huggingface/hub-docs

FAQ

What changed in Hugging Face on June 12, 2026?
Hugging Face hardened fork PR security with automated CI gates while huggingface_hub v1.19.0 enables token-free GitHub Actions via OIDC .
What should Hugging Face teams do about it?
Review and merge transformers CI security gate PRs before next fork PR wave hits • Upgrade huggingface_hub to 1.19.0 if using GitHub Actions; set HF_OIDC_RESOURCE and permissions.id-token to enable keyless auth • Update LeRobot training pipelines to accelerate 1.14.0+ and pull the EpisodeAwareSampler fix for correct multi-GPU/multi-node behavior
Which Hugging Face repositories shipped on June 12, 2026?
huggingface/transformers, huggingface/huggingface_hub, huggingface/lerobot, huggingface/hub-docs

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.