The Wire · Showcase
TRANSFORMERS LOCKS DOWN CI PIPELINE, HUB SHIPS KEYLESS AUTH
By RepoJournal · Filed · About Hugging Face
Hugging Face hardened fork PR security with automated CI gates [ref:1] [ref:3] [ref:4] while huggingface_hub v1.19.0 enables token-free GitHub Actions via OIDC [ref:13].
The transformers repo deployed a three-phase security overhaul for untrusted fork PRs. The initial security gate [1] was instrumented with a 60-second observation window [2], then upgraded to real checks [3] that block CI infrastructure changes and run Bandit on Python files. The final layer [4] switched to targeted test ID matching in Bandit's JSON report to catch subprocess and shell injection patterns regardless of severity classification. Meanwhile, huggingface_hub 1.19.0 [5] shipped Trusted Publishers support, letting CI workflows exchange OIDC tokens for scoped Hub access without storing `HF_TOKEN` secrets. GitHub Actions is supported out of the box. LeRobot made two critical fixes to multi-GPU training [6] [7]: bumped accelerate to 1.14.0 to report slowest-rank metrics across all GPUs, and synchronized the episode-aware sampler shuffle permutation so distributed batch sharding stays consistent across ranks. A separate PR [8] relaxed dependency bounds on grpcio and protobuf to ease downstream compatibility. Documentation across hub-docs updated to reflect Trusted Publishers [9], user blocking without reports [11], and auto-generated inference provider definitions [10].
Action items
- → Review and merge transformers CI security gate PRs before next fork PR wave hits huggingface/transformers [immediate]
- → Upgrade huggingface_hub to 1.19.0 if using GitHub Actions; set HF_OIDC_RESOURCE and permissions.id-token to enable keyless auth huggingface/huggingface_hub [plan]
- → Update LeRobot training pipelines to accelerate 1.14.0+ and pull the EpisodeAwareSampler fix for correct multi-GPU/multi-node behavior huggingface/lerobot [plan]
- → Merge hub-docs Trusted Publishers guide after huggingface_hub 1.19.0 ships to keep docs in sync with SDK huggingface/hub-docs [monitor]
References
- [1] [TBC] [CI] Auto-approve PR CI for fork PRs via security gate (#46553) huggingface/transformers
- [2] [CI] Add 60s delay in security gate for flow observation (#46555) huggingface/transformers
- [3] [CI] Implement real security check in PR CI security gate (#46557) huggingface/transformers
- [4] [CI] Catch all shell/process execution issues in security gate via Bandit JSON report (#46560) huggingface/transformers
- [5] [v1.19.0] Trusted Publishers, hf:// URIs, and expose-ports for Jobs ↗ huggingface/huggingface_hub
- [6] feat(training): bump accelerate + use reduction types for tracked metrics in a multi rank setup ↗ huggingface/lerobot
- [7] fix(train): synchronize EpisodeAwareSampler shuffling across ranks and gate dataset download per node ↗ huggingface/lerobot
- [8] chore(deps): relax `grpcio` / `protobuf` / `wandb` bounds ↗ huggingface/lerobot
- [9] Trusted Publishers: use the `hf` CLI for the OIDC exchange ↗ huggingface/hub-docs
- [10] [Bot] Update Inference Providers documentation ↗ huggingface/hub-docs
- [11] docs: you can block a user without reporting them ↗ huggingface/hub-docs
FAQ
- What changed in Hugging Face on June 12, 2026?
- Hugging Face hardened fork PR security with automated CI gates while huggingface_hub v1.19.0 enables token-free GitHub Actions via OIDC .
- What should Hugging Face teams do about it?
- Review and merge transformers CI security gate PRs before next fork PR wave hits • Upgrade huggingface_hub to 1.19.0 if using GitHub Actions; set HF_OIDC_RESOURCE and permissions.id-token to enable keyless auth • Update LeRobot training pipelines to accelerate 1.14.0+ and pull the EpisodeAwareSampler fix for correct multi-GPU/multi-node behavior
- Which Hugging Face repositories shipped on June 12, 2026?
- huggingface/transformers, huggingface/huggingface_hub, huggingface/lerobot, huggingface/hub-docs