chore: Update Python dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
astral-sh/ruff-pre-commit	repository	patch	v0.15.12 → v0.15.13
cedarpy	project.dependencies	patch	==4.8.1 → ==4.8.3
commitizen (changelog)	dependency-groups	minor	==4.15.1 → ==4.16.2
commitizen-tools/commitizen	repository	minor	v4.15.1 → v4.16.2
faker (changelog)	project.dependencies	minor	==40.15.0 → ==40.18.0
hypothesis (changelog)	dependency-groups	patch	==6.152.4 → ==6.152.7
litellm	project.dependencies	minor	==1.83.14 → ==1.84.0
logfire (changelog)	project.optional-dependencies	minor	==4.32.1 → ==4.33.0
mkdocs-redirects (changelog)	dependency-groups	patch	==1.2.2 → ==1.2.3
mypy (changelog)	dependency-groups	major	==1.20.2 → ==2.1.0
pytest-codspeed	dependency-groups	major	==4.5.0 → ==5.0.2
ruff (source, changelog)	dependency-groups	patch	==0.15.12 → ==0.15.13
sentence-transformers	project.optional-dependencies	minor	==5.4.1 → ==5.5.0
sentence-transformers	dependency-groups	minor	==5.4.1 → ==5.5.0
sqlglot	dependency-groups	minor	==30.7.0 → ==30.8.0
torch	project.optional-dependencies	minor	==2.11.0 → ==2.12.0
torch	dependency-groups	minor	==2.11.0 → ==2.12.0
types-pyyaml (changelog)	dependency-groups	patch	==6.0.12.20260508 → ==6.0.12.20260510
zensical (changelog)	dependency-groups	patch	==0.0.40 → ==0.0.42
zizmorcore/zizmor-pre-commit	repository	minor	v1.24.1 → v1.25.2

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)

v0.15.13

Compare Source

commitizen-tools/commitizen (commitizen)

v4.16.2

Compare Source

v4.16.2 (2026-05-15)

Fix

• tags: widen prerelease and devrelease tag regexes for SemVer2 (#​1972)

v4.16.1

Compare Source

v4.16.1 (2026-05-15)

Fix

• cz_customize: derive bump_map_major_version_zero from bump_map (#​1977)

v4.16.0

Compare Source

v4.16.0 (2026-05-12)

Feat

• hooks: support interactive hooks scripts

joke2k/faker (faker)

v40.18.0

Compare Source

See CHANGELOG.md.

v40.17.0

Compare Source

• Add am_ET phone_number provider for Ethiopia. Thanks @​jasur-py.

v40.16.0

Compare Source

• Fix duplicate phone number prefix 145 in zh_CN locale. Thanks @​r266-tec.

BerriAI/litellm (litellm)

v1.84.0

⚠️ Heads up — this release contains breaking changes.
Read the full release notes here: v1.84.0 release notes

---

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.84.0

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.84.0/cosign.pub \
  ghcr.io/berriai/litellm:v1.84.0

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

---

What's Changed

• merge main by @​Sameerlite in #​25521
• merge litellm_internal_staging by @​Sameerlite in #​25949
• merge main by @​Sameerlite in #​26304
• merge main by @​Sameerlite in #​26379
• merge main by @​Sameerlite in #​26437
• fix(redis): cache GCP IAM token to prevent async event loop blocking by @​harish-berri in #​26441
• litellm oss branch by @​krrish-berri-2 in #​26386
• fix noma v2 deepcopy crashing in build scan payload - new PR by @​omriShukrun08 in #​26605
• fix(ui): use stored-credentials endpoint for tools fetch on MCP edit page by @​ryan-crabbe-berri in #​26002
• feat(proxy): add --timeout_worker_healthcheck flag for uvicorn worker triage by @​ryan-crabbe-berri in #​26622
• fix(ci): support CircleCI rerun failed tests for local_testing jobs by @​mateo-berri in #​26461
• docs: update pull_request_template to add Linear ticket mentioning by @​mateo-berri in #​26655
• fix(pricing): GPT-5.5 Pro Pricing by @​lmcdonald-godaddy in #​26651
• feat(proxy): Add cleanup job for expired LiteLLM dashboard session keys by @​milan-berri in #​26460
• fix(ui): move 'Store Prompts in Spend Logs' toggle to Admin Settings by @​ryan-crabbe-berri in #​26631
• fix(caching): preserve prompt_tokens_details through embedding cache round-trip by @​michelligabriele in #​26653
• feat(logging): add retry settings for generic API logger by @​milan-berri in #​26645
• fix(logging): backfill streaming hidden response cost by @​milan-berri in #​26606
• fix(vertex-ai): reuse anthropic messages config instances by @​Sameerlite in #​26099
• fix(vertex): preserve items on array branches in anyOf with null + de-flake test by @​yuneng-berri in #​26675
• fix(tests): replace deprecated Bedrock Claude 3.7 Sonnet model ID by @​ryan-crabbe-berri in #​26721
• [Fix] Cache LiteLLM_Config param reads in DualCache and batch by @​Michael-RZ-Berri in #​26469
• [Feat] Lazy-load optional feature routers on first request by @​Michael-RZ-Berri in #​26534
• [Fix] Unify cost calc in success_handler dict and typed branches by @​Michael-RZ-Berri in #​26629
• Revert "[Feat] Lazy-load optional feature routers on first request" by @​krrish-berri-2 in #​26727
• [Infra] Version Bump by @​yuneng-berri in #​26728
• [Infra] Promote Internal Staging to main by @​yuneng-berri in #​26731
• ci(release): accept PEP 440 tag forms in create-release workflow by @​yuneng-berri in #​26734
• [Feat] Add gpt-image-2 support (#​26644) by @​ishaan-berri in #​26705
• feat(provider): add AIHubMix as an OpenAI-compatible provider by @​xinrui-z in #​24294
• merge internal staging by @​Sameerlite in #​26737
• merge main by @​Sameerlite in #​26742
• merge mian by @​Sameerlite in #​26745
• fix(test): scope ERROR log assertion to LiteLLM logger in test_model_alias_map by @​mateo-berri in #​26741
• merge main by @​Sameerlite in #​26757
• fix(bedrock, anthropic): translate OpenAI file content on tool-result path by @​minznerjosh in #​26710
• remove /ui/chat page by @​ishaan-berri in #​26739
• fix: add optional TCP SO_KEEPALIVE support to aiohttp's TCPConnector by @​yassinkortam in #​26730
• feat(proxy): LiteLLM headers on Google native generateContent routes by @​Sameerlite in #​25500
• feat(vector-stores): support Bedrock retrievalConfiguration passthrough by @​Sameerlite in #​26685
• feat(mcp): opt-in short-ID tool prefix to keep MCP tool names under the 60-char limit by @​mateo-berri in #​26733
• fix(proxy): self-heal Prisma read paths + harden reconnect state machine by @​yuneng-berri in #​26756
• [Fix] Redact spend logs error message by @​Michael-RZ-Berri in #​26662
• [Feat]Add support for azure entra discovery endpoint by @​Sameerlite in #​26584
• [Fix] Proxy: reconnect Prisma DB without blocking the event loop by @​yuneng-berri in #​26225
• feat(proxy): durable agent workflow run tracking via /v1/workflows/runs by @​ishaan-berri in #​26793
• chore(auth): tighten clientside api_base handling by @​stuxf in #​26518
• fix: drop sensitive locals from re-raised error messages by @​ryan-crabbe-berri in #​26823
• test(vertex-batches): set is_redirect=False on mocked retrieve response by @​yuneng-berri in #​26844
• chore(vector-stores): redact credentials in list/info/update responses; gate update by per-store access by @​stuxf in #​26489
• chore(auth): substitute alias for master key on UserAPIKeyAuth by @​stuxf in #​26484
• fix(mcp): tighten public-route detection and OAuth2 fallback gating by @​stuxf in #​26463
• [Fix] Team member null budget fallback by @​Michael-RZ-Berri in #​26809
• fix(proxy): inherit caller identity in passthrough batch managed-object by @​ryan-crabbe-berri in #​26831
• fix(proxy/auth): tighten guardrail modification permission check by @​ryan-crabbe-berri in #​26821
• [Fix] CI/Tooling: Correct min-release-age value in .npmrc files by @​yuneng-berri in #​26850
• fix(bedrock): add 1-hour cache write pricing for Claude 4.5/4.6/4.7 (Global, US) by @​mateo-berri in #​26800
• feat(proxy): add team-level search provider credentials by @​Sameerlite in #​26691
• Litellm oss staging by @​Sameerlite in #​26759
• fix(proxy/batches): forward model to retrieve_batch for bedrock by @​sruthi-sixt-26 in #​26814
• fix(passthrough): track spend for interrupted Bedrock streams by @​mateo-berri in #​26719
• merge main by @​Sameerlite in #​26855
• Litellm oss staging by @​Sameerlite in #​26852
• chore(team): audit-log team-callback admin mutations by @​stuxf in #​26859
• chore(team): close authz bypass via the available-team check by @​stuxf in #​26854
• chore(auth): harden invite-link onboarding token flow by @​stuxf in #​26843
• chore(mcp): tighten OAuth root endpoint resolution by @​stuxf in #​26840
• fix: validate aws region name by @​yassin-berriai in #​26906
• fix: drop milvus dbName and partitionNames from MILVUS_OPTIONAL_PARAMS by @​yassin-berriai in #​26910
• [Feat / Fix] Lazy loaded imports, lazy loaded front page by @​Michael-RZ-Berri in #​26802
• chore(proxy): harden request control fields by @​stuxf in #​26862
• chore(proxy): block env callback refs in key metadata by @​stuxf in #​26851
• chore(mcp): encrypt user-scoped MCP credentials at rest by @​stuxf in #​26836
• chore(mcp): SSRF guard on OAuth metadata discovery follow-up fetches by @​stuxf in #​26849
• [Fix] Replace subprocess startup-import diff with static source scan by @​Michael-RZ-Berri in #​26934
• chore(passthrough): default auth=True and drop enterprise gate on the safe option by @​stuxf in #​26827
• chore(proxy): contain UI_LOGO_PATH / LITELLM_FAVICON_URL on unauthenticated asset endpoints by @​stuxf in #​26815
• chore(cli): tighten CLI SSO session flow by @​stuxf in #​26835
• [Test] Proxy E2E: Opt In To Client Mock Response For Model Access Tests by @​yuneng-berri in #​26941
• [Fix] Responses API: Omit Empty Body On DELETE by @​yuneng-berri in #​26949
• Run pre_call_hook on Google generateContent endpoints by @​Michael-RZ-Berri in #​26914
• [Fix] Refresh Redis TTL on counter writes, skip stale in-memory in Redis by @​Michael-RZ-Berri in #​26829
• Add pagination controls to model health status by @​shivamrawat1 in #​26826
• feat(vertex_ai): propagate metadata labels to embedding, Imagen, rerank by @​Sameerlite in #​25499
• fix(anthropic): json response_format + user tools non-streaming by @​Sameerlite in #​26222
• [Infra] Bump Versions by @​yuneng-berri in #​26961
• [Infra] Promote Internal Staging to main by @​yuneng-berri in #​26962
• [Infra] Promote internal staging to main by @​yuneng-berri in #​27245
• fix(proxy): point /metrics 401 at the opt-out flag by @​yuneng-berri in #​27505
• fix(proxy): bound budget reservation per request (backport of #​27509 to 1.84.0rc2) by @​yuneng-berri in #​27539
• build(packaging): relax core runtime pins to ranges (rc2 backport of #​27241) by @​yuneng-berri in #​27545
• build(packaging): raise jinja2 floor to 3.1.6 (rc2 backport of #​27552) by @​yuneng-berri in #​27554
• cherry-pick: OpenAPI MCP extra_headers (#​27383) onto litellm_1.84.0rc2 by @​milan-berri in #​27768
• fix(proxy): always merge caller-supplied tags into request metadata by @​yuneng-berri in #​27789
• cherry-pick: reject bare str at file-input sinks (#​27762) onto litellm_1.84.0rc2 by @​yuneng-berri in #​27794
• [Fix] Lazy feature loading under SERVER_ROOT_PATH returns 404 (backport of #​27812) by @​yuneng-berri in #​27818
• [Fix] Backport /key/regenerate ownership-rebind + premium-gate guards (#​27793) by @​yuneng-berri in #​27819
• fix(proxy): expose db status on public /health/readiness (backport #​27866) by @​yuneng-berri in #​27868
• fix(ui): fetch version + debug flag from /health/readiness/details (backport #​27896) by @​yuneng-berri in #​27899
• [Infra] Build UI by @​yuneng-berri in #​27901
• chore(proxy): backport #​27898 + #​27801 to 1.84.0rc2 by @​yuneng-berri in #​27902
• fix: backport #​27892 to litellm_1.84.0rc2 by @​yuneng-berri in #​27903
• fix: backport #​27878 to litellm_1.84.0rc2 by @​yuneng-berri in #​27904
• chore: backport #​27908 to litellm_1.84.0rc2 by @​yuneng-berri in #​27909

New Contributors

• @​omriShukrun08 made their first contribution in #​26605
• @​xinrui-z made their first contribution in #​24294
• @​minznerjosh made their first contribution in #​26710
• @​yassinkortam made their first contribution in #​26730
• @​sruthi-sixt-26 made their first contribution in #​26814

Full Changelog: BerriAI/litellm@v1.83.14-stable.patch.3...v1.84.0

pydantic/logfire (logfire)

v4.33.0

Compare Source

CLI:

• feat: gateway cli command by @​ddanielcruzz in #​1915
• CLI: Use remote MCP server by @​jirikuncar in #​1884
• refactor: reuse AI tool MCP setup in prompt CLI by @​ddanielcruzz in #​1921
• Avoid raising error on prompt command without --project by @​Kludex in #​1912

Integrations:

• Support new TaskSpanData and TurnSpanData from openai-agents 0.14 by @​alexmojaki in #​1888
• Update surrealdb integration for 2.x by @​alexmojaki in #​1899
• feat: support capture parameters for asyncpg by @​thisisarko in #​1896
• perf: avoid full response model_dump in usage cost path by @​imp-joshi in #​1886

Other:

• Support OTel 1.41.0 by @​alexmojaki in #​1874
• Drop support for Python < 3.9.2 by @​alexmojaki in #​1920
• Add logfire.version to resource attributes by @​alexmojaki in #​1911
• Optionally emit configuration log after logfire.configure() by @​Kludex in #​1904
• Add level param to @logfire.instrument() by @​imp-joshi in #​1871
• Clean up DiskRetryer temp dirs on shutdown by @​alexmojaki in #​1866
• Datasets SDK: upload dataset-level + report-level evaluators by @​dmontagu in #​1879
• End open spans earlier in process shutdown to prevent dangling pending spans by @​alexmojaki in #​1890
• adding .agents for library-skills by @​adtyavrdhn in #​1894
• feat: surface X-Logfire-Warning header by @​adriangb in #​1906
• Add user agent to query client by @​Viicos in #​1875

ProperDocs/properdocs-redirects (mkdocs-redirects)

v1.2.3

Compare Source

• Warn when this plugin is being used from the mkdocs executable (ProperDocs/mkdocs-redirects#2)

  Apologies for the inconvenience. We are starting a community continuation of MkDocs under a new name ProperDocs, and plugins are our main hope regarding how we can spread the word.
  See https://github.com/ProperDocs/properdocs/discussions/33

• Drop support for Python 3.9, officially support Python 3.14

Full Changelog: ProperDocs/mkdocs-redirects@v1.2.2...v1.2.3

python/mypy (mypy)

v2.1.0

Compare Source

v2.0.0

Compare Source

CodSpeedHQ/pytest-codspeed (pytest-codspeed)

v5.0.2

Compare Source

🚀 Features

• Skip Python runtime objects in callgrind by @​not-matthias in #​122

v5.0.1

Compare Source

💼 Other

• Enable free-threaded wheels in cibuildwheel (#​121) by @​art049 in #​121

v5.0.0

Compare Source

🚀 Features

• Use instrument_hooks markers in walltime by @​GuillaumeLagrange
• Declare native extension free-thread safe (#​120) by @​art049 in #​120
• Remove cffi in favor of native extension by @​adriencaccia

⚡ Performance

• Bind callgrind start/stop directly to avoid extra frame by @​art049 in #​96

⚙️ Internals

• Ignore common compilation warnings for instrument-hooks by @​GuillaumeLagrange in #​118
• Use unsigned bash in the macos test by @​GuillaumeLagrange
• Bump pinned uv version to 0.11.14 by @​art049
• Add python 3.15 and 3.15t to test matrix by @​art049
• Add 3.14.t in test suite by @​adriencaccia
• Bump instrument-hooks (#​119) by @​not-matthias in #​119

astral-sh/ruff (ruff)

v0.15.13

Compare Source

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#​25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#​24996)

Bug fixes

• Fix F811 false positive for class methods (#​24933)
• Fix setting selection for multi-folder workspace (#​24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#​25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#​24098)

Rule changes

• Always include panic payload in panic diagnostic message (#​24873)
• Restrict PYI034 for in-place operations to enclosing class (#​24511)
• Improve error message for parameters that are declared global (#​24902)
• Update known stdlib (#​25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#​25123)

CLI

• Add TOML examples to --config help text (#​25013)
• Colorize ruff check 'All checks passed' (#​25085)

Configuration

• Increase max allowed value of line-length setting (#​24962)

Documentation

• Add D203 to rules that conflict with the formatter (#​25044)
• Clarify COM819 and formatter interaction (#​25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#​25054)
• Update number of lint rules supported (#​24942)

Other changes

• Simplify the playground's markdown template (#​24924)

Contributors

• @​MichaReiser
• @​brian-c11
• @​Andrej730
• @​denyszhak
• @​darestack
• @​sharkdp
• @​charliermarsh
• @​EkriirkE
• @​eyupcanakman
• @​Hrk84ya
• @​thernstig
• @​ntBre

huggingface/sentence-transformers (sentence-transformers)

v5.5.0: - Training Agent Skill, EmbedDistillLoss, and ADRMSELoss

Compare Source

This release ships the train-sentence-transformers Agent Skill, adds two new training losses, and brings a long list of robustness and correctness fixes.

The new train-sentence-transformers Agent Skill lets AI coding agents (Claude Code, Codex, Cursor, Gemini CLI, ...) drive end-to-end training and fine-tuning across all three model types. EmbedDistillLoss is a new embedding-level knowledge distillation loss for SentenceTransformer: it aligns a student model's embeddings with pre-computed teacher embeddings, an alternative to the score-based distillation provided by MarginMSELoss and DistillKLDivLoss. ADRMSELoss is a new listwise learning-to-rank loss for CrossEncoder from the Rank-DistiLLM paper. encode() and predict() also gain a per-call processing_kwargs override, and more.

Install this version with

# Training + Inference
pip install sentence-transformers[train]==5.5.0

# Inference only, use one of:
pip install sentence-transformers==5.5.0
pip install sentence-transformers[onnx-gpu]==5.5.0
pip install sentence-transformers[onnx]==5.5.0
pip install sentence-transformers[openvino]==5.5.0

# Multimodal dependencies (optional):
pip install sentence-transformers[image]==5.5.0
pip install sentence-transformers[audio]==5.5.0
pip install sentence-transformers[video]==5.5.0

# Or combine as needed:
pip install sentence-transformers[train,onnx,image]==5.5.0

The train-sentence-transformers Agent Skill (#​3752)

If you use an AI coding agent (Claude Code, Codex, Cursor, Gemini CLI, OpenCode, ...), you can now install the train-sentence-transformers Agent Skill and ask your agent to fine-tune a model on your data:

hf skills add train-sentence-transformers              # installs under ./.agents/skills/
hf skills add train-sentence-transformers --global     # installs under ~/.agents/skills/
hf skills add train-sentence-transformers --claude     # also symlinks into .claude/skills/

The skill gives the agent curated, version-aware guidance for training SentenceTransformer (bi-encoder), CrossEncoder (reranker), and SparseEncoder/SPLADE models, covering base model selection, loss and evaluator choice, hard-negative mining, distillation, LoRA, Matryoshka, multilingual training, static embeddings, plus a set of production-ready training template scripts. Then you can prompt your agent with things like:

"Train a multilingual sentence-transformer on Dutch legal pairs."

"Fine-tune a cross-encoder reranker on (question, answer) pairs from my dataset, mine hard negatives, and push to my Hub repo."

"Train a German sparse embedding model with high sparsity."

"Can you train a static embedding model on 100k code triplets?"

The skill lives in the repository under skills/train-sentence-transformers/ and is mirrored to the huggingface/skills marketplace on each release.

New loss: EmbedDistillLoss (#​3665)

Introduces EmbedDistillLoss (Kim et al., 2023), an embedding-level knowledge distillation loss for SentenceTransformer. Rather than distilling teacher scores (MarginMSELoss, DistillKLDivLoss), it directly aligns the student's sentence_embedding with a pre-computed teacher embedding passed via the dataset's label column. The comparison uses a configurable distance_metric, one of "cosine" (the default), "l2", or "mse". When the student and teacher dimensions differ, pass projection_dim=<teacher_dim> to add a learnable projection from the student's embedding space into the teacher's. That projection lives on the loss rather than on the saved model, so use loss.save_projection(...) / loss.load_projection(...) to reuse it across stages (e.g. like done in Arkam et al. for Jina v5). As part of this change, MSELoss is now a thin subclass of EmbedDistillLoss with distance_metric="mse", and also gains the optional projection_dim argument.

from datasets import Dataset
from sentence_transformers import SentenceTransformer, SentenceTransformerTrainer
from sentence_transformers.sentence_transformer.losses import EmbedDistillLoss

student_model = SentenceTransformer("microsoft/mpnet-base")
teacher_model = SentenceTransformer("all-mpnet-base-v2")

train_dataset = Dataset.from_dict({
    "sentence": ["It's nice weather outside today.", "He drove to work."],
})

# Pre-compute teacher embeddings once and store them as the `label` column
def add_teacher_embeddings(batch):
    return {"label": teacher_model.encode(batch["sentence"]).tolist()}

train_dataset = train_dataset.map(add_teacher_embeddings, batched=True)

loss = EmbedDistillLoss(student_model, distance_metric="cosine")

# If the student and teacher dimensions differ, add a learnable projection:
# loss = EmbedDistillLoss(student_model, distance_metric="cosine", projection_dim=768)

trainer = SentenceTransformerTrainer(
    model=student_model,
    train_dataset=train_dataset,
    loss=loss,
)
trainer.train()

See the updated model distillation examples and the loss overview for more.

New loss: ADRMSELoss for Cross Encoders (#​3690)

Introduces ADRMSELoss (Approx Discounted Rank Mean Squared Error), a listwise learning-to-rank loss for CrossEncoder from the Rank-DistiLLM paper (Schlatt et al., ECIR 2025). It computes a differentiable approximation of each document's rank via pairwise sigmoids and minimizes the nDCG-discounted squared error against the true ranks derived from the labels. It expects listwise inputs: a (query, [doc1, ..., docN]) pair plus a [score1, ..., scoreN] label list per sample (binary or continuous labels, variable document counts allowed). It's designed for LLM-distillation reranking, where the per-document scores come from a strong LLM's ordering.

from datasets import Dataset
from sentence_transformers import CrossEncoder, CrossEncoderTrainer
from sentence_transformers.cross_encoder.losses import ADRMSELoss

model = CrossEncoder("microsoft/mpnet-base")
train_dataset = Dataset.from_dict({
    "query": ["What are pandas?", "What is the capital of France?"],
    "docs": [
        ["Pandas are a kind of bear.", "Pandas are kind of like fish."],
        ["The capital of France is Paris.", "Paris is the capital of France.", "Paris is quite large."],
    ],
    "scores": [[0.95, 0.1], [0.98, 0.92, 0.2]],
})
loss = ADRMSELoss(model)

trainer = CrossEncoderTrainer(
    model=model,
    train_dataset=train_dataset,
    loss=loss,
)
trainer.train()

There's a full MS MARCO example at training_ms_marco_adrmse.py. Note that LambdaLoss generally remains the strongest loss in the listwise family. See the Cross Encoder loss overview for guidance on picking a loss.

Per-call processing_kwargs override (#​3753)

SentenceTransformer.encode() / encode_query() / encode_document(), SparseEncoder.encode(), CrossEncoder.predict(), and model.preprocess() now accept a processing_kwargs argument that overrides the processor/tokenizer kwargs configured at construction time, for a single call. It has the same nested structure as the processing_kwargs constructor argument (top-level keys text, audio, image, video, common, chat_template) and is shallow-merged on top of the instance-level settings, so you can override just one setting (e.g. max_length) and leave the rest intact.

from sentence_transformers import SentenceTransformer

model = SentenceTransformer("all-MiniLM-L6-v2")

# Override processor kwargs (e.g. max_length, truncation) for this call only:
embeddings = model.encode(
    ["a short text", "a much longer text that you want truncated more aggressively ..."],
    processing_kwargs={"text": {"max_length": 256, "truncation": True}},
)

This is especially handy for vision-language models, where you can change the image resolution per call, e.g. model.encode(images, processing_kwargs={"image": {"max_pixels": 256 * 256}}).

Smaller Features

• Allow CrossEncoder module stacks that don't start with a Transformer, and recognize a trailing Dense(module_output_name="scores") as the scoring head, by @​tomaarsen in #​3742: num_labels now reads that head's out_features, and model.config / model.model return None when there's no underlying transformers model.
• Infer that a model is an IR model on its generated model card when an InformationRetrievalEvaluator / NanoBEIREvaluator (or their sparse variants) was used during training, by @​tomaarsen in #​3741: the usage snippet then shows encode_query / encode_document, even without IR prompt names or a Router architecture.
• Warn at model-load time when the installed transformers version is too old to honor use_bidirectional_attention / is_causal flags in a model's config (e.g. for google/embeddinggemma-300m), rather than silently ignoring them, by @​tomaarsen in #​3726.

Bug Fixes

• Use the f

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Etc/UTC)

• Branch creation
  • Between 12:00 AM and 06:59 AM, only on Saturday (* 0-6 * * 6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 11 package(s) with unknown licenses.

See the Details below.

License Issues

uv.lock

Package	Version	License	Issue Type
ast-serialize	0.4.0	Null	Unknown License
cedarpy	4.8.3	Null	Unknown License
commitizen	4.16.2	Null	Unknown License
logfire	4.33.0	Null	Unknown License
mkdocs-redirects	1.2.3	Null	Unknown License
mypy	2.1.0	Null	Unknown License
properdocs	1.6.7	Null	Unknown License
ruff	0.15.13	Null	Unknown License
sentence-transformers	5.5.0	Null	Unknown License
sqlglot	30.8.0	Null	Unknown License
types-pyyaml	6.0.12.20260510	Null	Unknown License

Allowed Licenses:

MIT, MIT-0, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MPL-2.0, PSF-2.0, Unlicense, 0BSD, CC0-1.0, CC-BY-3.0, CC-BY-4.0, Python-2.0, Python-2.0.1, LicenseRef-scancode-free-unknown, LicenseRef-scancode-protobuf, LicenseRef-scancode-google-patent-license-golang, ZPL-2.1, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0-only, LGPL-3.0-or-later, BlueOak-1.0.0, OFL-1.1

Excluded from license check:

pkg:pypi/mem0ai@2.0.1, pkg:pypi/numpy@2.4.4, pkg:pypi/qdrant-client@1.17.1, pkg:pypi/posthog@7.9.12, pkg:pypi/aiohttp@3.13.5, pkg:pypi/cyclonedx-python-lib@11.7.0, pkg:pypi/fsspec@2026.3.0, pkg:pypi/griffelib@2.0.2, pkg:pypi/grpcio@1.80.0, pkg:pypi/charset-normalizer@3.4.6, pkg:pypi/wrapt@2.1.2, pkg:pypi/pytest-codspeed@4.5.0, pkg:pypi/hypothesis@6.152.4, pkg:pypi/litellm@1.83.14, pkg:pypi/openai@2.33.0, pkg:pypi/pyngrok@8.1.2, pkg:pypi/tokenizers@0.23.1, pkg:pypi/typer@0.25.0, pkg:npm/@img/sharp-wasm32@0.33.5, pkg:npm/@img/sharp-win32-ia32@0.33.5, pkg:npm/@img/sharp-win32-x64@0.33.5, pkg:npm/json-schema-typed@8.0.2, pkg:npm/victory-vendor@37.3.6, pkg:pypi/scikit-learn@1.8.0, pkg:pypi/torch@2.11.0, pkg:pypi/cuda-bindings@13.2.0, pkg:pypi/cuda-pathfinder@1.5.0, pkg:pypi/cuda-toolkit@13.0.2, pkg:pypi/nvidia-cublas@13.1.0.3, pkg:pypi/nvidia-cuda-cupti@13.0.85, pkg:pypi/nvidia-cuda-nvrtc@13.0.88, pkg:pypi/nvidia-cuda-runtime@13.0.96, pkg:pypi/nvidia-cudnn-cu13@9.19.0.56, pkg:pypi/nvidia-cufft@12.0.0.61, pkg:pypi/nvidia-cufile@1.15.1.6, pkg:pypi/nvidia-curand@10.4.0.35, pkg:pypi/nvidia-cusolver@12.0.4.66, pkg:pypi/nvidia-cusparse@12.6.3.3, pkg:pypi/nvidia-cusparselt-cu13@0.8.0, pkg:pypi/nvidia-nccl-cu13@2.28.9, pkg:pypi/nvidia-nvjitlink@13.0.88, pkg:pypi/nvidia-nvshmem-cu13@3.4.5, pkg:pypi/nvidia-nvtx@13.0.85

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/ast-serialize	0.4.0	Unknown	Unknown
pip/cedarpy	4.8.3	Unknown	Unknown
pip/commitizen	4.16.2	Unknown	Unknown
pip/faker	40.18.0	🟢 5.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 4 Found 12/30 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/hypothesis	6.152.7	Unknown	Unknown
pip/litellm	1.84.0	Unknown	Unknown
pip/logfire	4.33.0	Unknown	Unknown
pip/mkdocs-redirects	1.2.3	Unknown	Unknown
pip/mypy	2.1.0	Unknown	Unknown
pip/nvidia-cudnn-cu13	9.20.0.48	Unknown	Unknown
pip/nvidia-cusparselt-cu13	0.8.1	Unknown	Unknown
pip/nvidia-nccl-cu13	2.29.7	Unknown	Unknown
pip/properdocs	1.6.7	Unknown	Unknown
pip/pytest-codspeed	5.0.2	Unknown	Unknown
pip/ruff	0.15.13	Unknown	Unknown
pip/sentence-transformers	5.5.0	Unknown	Unknown
pip/sqlglot	30.8.0	Unknown	Unknown
pip/torch	2.12.0	Unknown	Unknown
pip/torch	2.12.0+cpu	Unknown	Unknown
pip/triton	3.7.0	Unknown	Unknown
pip/types-pyyaml	6.0.12.20260510	Unknown	Unknown
pip/zensical	0.0.42	Unknown	Unknown

Scanned Files

• uv.lock

[codspeed-hq]

Merging this PR will improve performance by 18.48%

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

#### 🎉 Hooray! `pytest-codspeed` just leveled up to 5.0.2!

A heads-up, this is a breaking change and it might affect your current performance baseline a bit. But here's the exciting part - it's packed with new, cool features and promises improved result stability 🥳!
Curious about what's new? Visit our releases page to delve into all the awesome details about this new version.

⚡ 8 improved benchmarks
✅ 25 untouched benchmarks
⏩ 21 skipped benchmarks¹

Performance Changes

	Benchmark	BASE	HEAD	Efficiency
⚡	test_rate_efficiency	19.7 µs	16.5 µs	+19.74%
⚡	test_coerce_row_timestamp_datetime	27.6 µs	24.1 µs	+14.44%
⚡	test_coerce_row_timestamp_string	24.2 µs	20.9 µs	+15.77%
⚡	test_format_iso_utc_single	34.3 µs	30.8 µs	+11.2%
⚡	test_normalize_utc	15.8 µs	12.4 µs	+28.01%
⚡	test_parse_iso_utc_single	20.2 µs	16.9 µs	+19.82%
⚡	test_compute_cost_per_1k	22.5 µs	19.2 µs	+17.1%
⚡	test_classify_severity	18.2 µs	14.9 µs	+22.52%

Tip

Curious why this is faster? Comment @codspeedbot explain why this is faster on this PR, or directly use the CodSpeed MCP with your agent.

---

_{Comparing renovate/python (0222233) with main (c29eb32)}

Footnotes

1. 21 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.15%. Comparing base (c29eb32) to head (0222233).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1929   +/-   ##
=======================================
  Coverage   85.14%   85.15%           
=======================================
  Files        1846     1846           
  Lines      107752   107752           
  Branches     9287     9287           
=======================================
+ Hits        91749    91757    +8     
+ Misses      13756    13751    -5     
+ Partials     2247     2244    -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Aureliolo]

Decision: 19 Python dependency bumps (2 major: mypy 1.20.2 -> 2.1.0, pytest-codspeed 4.5 -> 5.0.2; 1 transitively-breaking minor: litellm 1.83.14 -> 1.84.0); CI green and local uv run mypy src/ tests/ on the PR branch passes with strict mode (3816 source files, no issues).

Changelog digest:

• Covered mypy 2.0 + 2.1 (full CHANGELOG read), pytest-codspeed 4.5 -> 5.0.2 (cffi removed in favour of native extension), litellm 1.83.14 -> 1.84.0 (full release notes), logfire 4.32.1 -> 4.33.0, sentence-transformers 5.4.1 -> 5.5.0, torch 2.11 -> 2.12, plus ruff/hypothesis/faker/commitizen/sqlglot/zensical/zizmor-pre-commit/cedarpy/mkdocs-redirects/types-pyyaml/ast-pre-commit patches.
• Relevant: mypy 2.0 --strict-bytes + --local-partial-types defaults validated by local strict run + CI Type Check; pytest-codspeed 5.0 native-extension switch validated by CodSpeed benchmark job SUCCESS; litellm 1.84 transitive pin constraints (openai>=2.33, jinja2>=3.1.6, jsonschema>=4.26, aiohttp>=3.13.5, click>=8.3, pydantic>=2.13) all satisfied by existing [tool.uv].constraint-dependencies overrides in pyproject.toml; zizmor-pre-commit 1.24 -> 1.25.2 aligns local hook with CI action being bumped in #1928.
• Reviewed but not relevant: mypy 2.0 drop of --python-version 3.9 (we're on 3.14); mkdocs-redirects deprecation warning for bare mkdocs executable (we use zensical); pytest-codspeed free-threaded wheels (not yet enabled in our test matrix).

Follow-ups: separate issues for mypy --num-workers N parallel adoption (CHANGELOG claims up to 5x speedup) and sentence-transformers per-call processing_kwargs override.