Bump tensorflow from 2.7.0 to 2.10.1 #112

Closed

dependabot[bot] wants to merge 1 commits from dependabot-pip-tensorflow-2.10.1 into master

pull from: dependabot-pip-tensorflow-2.10.1

merge into: CalvinBackup:master

CalvinBackup:master

CalvinBackup:dependabot-pip-opencv-contrib-python-headless-4.7.0.72

CalvinBackup:dependabot-pip-numpy-1.24.2

CalvinBackup:dependabot-pip-pyqt5-5.15.9

CalvinBackup:dependabot-pip-cython-0.29.33

CalvinBackup:dependabot-pip-pillow-9.4.0

CalvinBackup:dependabot-pip-tensorflow-macos-2.11.0

CalvinBackup:dependabot-pip-tensorflow-2.11.0

Conversation 2 Commits 1 Files Changed 4

+4 -4

dependabot[bot] commented 2022-11-16 23:02:12 +01:00 (Migrated from github.com)

Copy Link

Copy Source

Bumps tensorflow from 2.7.0 to 2.10.1.

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.10.1

Release 2.10.1

This release introduces several vulnerability fixes:

• Fixes an OOB seg fault in DynamicStitch due to missing validation (CVE-2022-41883)
• Fixes an overflow in tf.keras.losses.poisson (CVE-2022-41887)
• Fixes a heap OOB failure in ThreadUnsafeUnigramCandidateSampler caused by missing validation (CVE-2022-41880)
• Fixes a segfault in ndarray_tensor_bridge (CVE-2022-41884)
• Fixes an overflow in FusedResizeAndPadConv2D (CVE-2022-41885)
• Fixes a overflow in ImageProjectiveTransformV2 (CVE-2022-41886)
• Fixes an FPE in tf.image.generate_bounding_box_proposals on GPU (CVE-2022-41888)
• Fixes a segfault in pywrap_tfe_src caused by invalid attributes (CVE-2022-41889)
• Fixes a CHECK fail in BCast (CVE-2022-41890)
• Fixes a segfault in TensorListConcat (CVE-2022-41891)
• Fixes a CHECK_EQ fail in TensorListResize (CVE-2022-41893)
• Fixes an overflow in CONV_3D_TRANSPOSE on TFLite (CVE-2022-41894)
• Fixes a heap OOB in MirrorPadGrad (CVE-2022-41895)
• Fixes a crash in Mfcc (CVE-2022-41896)
• Fixes a heap OOB in FractionalMaxPoolGrad (CVE-2022-41897)
• Fixes a CHECK fail in SparseFillEmptyRowsGrad (CVE-2022-41898)
• Fixes a CHECK fail in SdcaOptimizer (CVE-2022-41899)
• Fixes a heap OOB in FractionalAvgPool and FractionalMaxPool(CVE-2022-41900)
• Fixes a CHECK_EQ in SparseMatrixNNZ (CVE-2022-41901)
• Fixes an OOB write in grappler (CVE-2022-41902)
• Fixes a overflow in ResizeNearestNeighborGrad (CVE-2022-41907)
• Fixes a CHECK fail in PyFunc (CVE-2022-41908)
• Fixes a segfault in CompositeTensorVariantToComponents (CVE-2022-41909)
• Fixes a invalid char to bool conversion in printing a tensor (CVE-2022-41911)
• Fixes a heap overflow in QuantizeAndDequantizeV2 (CVE-2022-41910)
• Fixes a CHECK failure in SobolSample via missing validation (CVE-2022-35935)
• Fixes a CHECK fail in TensorListScatter and TensorListScatterV2 in eager mode (CVE-2022-35935)

TensorFlow 2.10.0

Release 2.10.0

Breaking Changes

• Causal attention in keras.layers.Attention and keras.layers.AdditiveAttention is now specified in the call() method via the use_causal_mask argument (rather than in the constructor), for consistency with other layers.
• Some files in tensorflow/python/training have been moved to tensorflow/python/tracking and tensorflow/python/checkpoint. Please update your imports accordingly, the old files will be removed in Release 2.11.
• tf.keras.optimizers.experimental.Optimizer will graduate in Release 2.11, which means tf.keras.optimizers.Optimizer will be an alias of tf.keras.optimizers.experimental.Optimizer. The current tf.keras.optimizers.Optimizer will continue to be supported as tf.keras.optimizers.legacy.Optimizer, e.g.,tf.keras.optimizers.legacy.Adam. Most users won't be affected by this change, but please check the API doc if any API used in your workflow is changed or deprecated, and make adaptions. If you decide to keep using the old optimizer, please explicitly change your optimizer to tf.keras.optimizers.legacy.Optimizer.
• RNG behavior change for tf.keras.initializers. Keras initializers will now use stateless random ops to generate random numbers.
  • Both seeded and unseeded initializers will always generate the same values every time they are called (for a given variable shape). For unseeded initializers (seed=None), a random seed will be created and assigned at initializer creation (different initializer instances get different seeds).
  • An unseeded initializer will raise a warning if it is reused (called) multiple times. This is because it would produce the same values each time, which may not be intended.

Deprecations

• The C++ tensorflow::Code and tensorflow::Status will become aliases of respectively absl::StatusCode and absl::Status in some future release.
  • Use tensorflow::OkStatus() instead of tensorflow::Status::OK().
  • Stop constructing Status objects from tensorflow::error::Code.

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.10.1

This release introduces several vulnerability fixes:

• Fixes an OOB seg fault in DynamicStitch due to missing validation (CVE-2022-41883)
• Fixes an overflow in tf.keras.losses.poisson (CVE-2022-41887)
• Fixes a heap OOB failure in ThreadUnsafeUnigramCandidateSampler caused by missing validation (CVE-2022-41880)
• Fixes a segfault in ndarray_tensor_bridge (CVE-2022-41884)
• Fixes an overflow in FusedResizeAndPadConv2D (CVE-2022-41885)
• Fixes a overflow in ImageProjectiveTransformV2 (CVE-2022-41886)
• Fixes an FPE in tf.image.generate_bounding_box_proposals on GPU (CVE-2022-41888)
• Fixes a segfault in pywrap_tfe_src caused by invalid attributes (CVE-2022-41889)
• Fixes a CHECK fail in BCast (CVE-2022-41890)
• Fixes a segfault in TensorListConcat (CVE-2022-41891)
• Fixes a CHECK_EQ fail in TensorListResize (CVE-2022-41893)
• Fixes an overflow in CONV_3D_TRANSPOSE on TFLite (CVE-2022-41894)
• Fixes a heap OOB in MirrorPadGrad (CVE-2022-41895)
• Fixes a crash in Mfcc (CVE-2022-41896)
• Fixes a heap OOB in FractionalMaxPoolGrad (CVE-2022-41897)
• Fixes a CHECK fail in SparseFillEmptyRowsGrad (CVE-2022-41898)
• Fixes a CHECK fail in SdcaOptimizer (CVE-2022-41899)
• Fixes a heap OOB in FractionalAvgPool and FractionalMaxPool(CVE-2022-41900)
• Fixes a CHECK_EQ in SparseMatrixNNZ (CVE-2022-41901)
• Fixes an OOB write in grappler (CVE-2022-41902)
• Fixes a overflow in ResizeNearestNeighborGrad (CVE-2022-41907)
• Fixes a CHECK fail in PyFunc (CVE-2022-41908)
• Fixes a segfault in CompositeTensorVariantToComponents (CVE-2022-41909)
• Fixes a invalid char to bool conversion in printing a tensor (CVE-2022-41911)
• Fixes a heap overflow in QuantizeAndDequantizeV2 (CVE-2022-41910)
• Fixes a CHECK failure in SobolSample via missing validation (CVE-2022-35935)
• Fixes a CHECK fail in TensorListScatter and TensorListScatterV2 in eager mode (CVE-2022-35935)

Release 2.10.0

Breaking Changes

• Causal attention in keras.layers.Attention and keras.layers.AdditiveAttention is now specified in the call() method via the use_causal_mask argument (rather than in the constructor), for consistency with other layers.
• Some files in tensorflow/python/training have been moved to tensorflow/python/tracking and tensorflow/python/checkpoint. Please update your imports accordingly, the old files will be removed in Release 2.11.
• tf.keras.optimizers.experimental.Optimizer will graduate in Release 2.11, which means tf.keras.optimizers.Optimizer will be an alias of tf.keras.optimizers.experimental.Optimizer. The current tf.keras.optimizers.Optimizer will continue to be supported as tf.keras.optimizers.legacy.Optimizer, e.g.,tf.keras.optimizers.legacy.Adam. Most users won't be affected by this change, but please check the API doc if any API used in your workflow is changed or deprecated, and make adaptions. If you decide to keep using the old optimizer, please explicitly change your optimizer to tf.keras.optimizers.legacy.Optimizer.
• RNG behavior change for tf.keras.initializers. Keras initializers will now use stateless random ops to generate random numbers.
  • Both seeded and unseeded initializers will always generate the same values every time they are called (for a given variable shape). For unseeded initializers (seed=None), a random seed will be created and assigned at initializer creation (different initializer instances get different seeds).
  • An unseeded initializer will raise a warning if it is reused (called) multiple times. This is because it would produce the same values each time, which may not be intended.

Deprecations

• The C++ tensorflow::Code and tensorflow::Status will become aliases of respectively absl::StatusCode and absl::Status in some future release.
  • Use tensorflow::OkStatus() instead of tensorflow::Status::OK().
  • Stop constructing Status objects from tensorflow::error::Code.
  • One MUST NOT access tensorflow::errors::Code fields. Accessing tensorflow::error::Code fields is fine.
    • Use the constructors such as tensorflow::errors:InvalidArgument to create status using an error code without accessing it.

... (truncated)

Commits

• fdfc646 Merge pull request #58581 from tensorflow-jenkins/version-numbers-2.10.1-4527
• 319f094 Update version numbers to 2.10.1
• 7c857b8 Merge pull request #58475 from tensorflow-jenkins/relnotes-2.10.1-6649
• 6f133da Update RELEASE.md
• 3982264 Merge pull request #58573 from tensorflow/r2.10-f856d02e532
• f425d38 Merge pull request #58571 from tensorflow/r2.10-7b174a0f2e4
• dbe4291 Merge pull request #58569 from tensorflow/r2.10-216525144ee
• 965517a Merge pull request #58565 from tensorflow/r2.10-af4a6a3c8b9
• c09738e Merge pull request #58564 from tensorflow/r2.10-9f03a9d3baf
• 3da111c Merge pull request #58561 from tensorflow/r2.10-8310bf8dd18
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.7.0 to 2.10.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tensorflow/tensorflow/releases">tensorflow's releases</a>.</em></p> <blockquote> <h2>TensorFlow 2.10.1</h2> <h1>Release 2.10.1</h1> <p>This release introduces several vulnerability fixes:</p> <ul> <li>Fixes an OOB seg fault in <code>DynamicStitch</code> due to missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41883">CVE-2022-41883</a>)</li> <li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887">CVE-2022-41887</a>)</li> <li>Fixes a heap OOB failure in <code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880">CVE-2022-41880</a>)</li> <li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884">CVE-2022-41884</a>)</li> <li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885">CVE-2022-41885</a>)</li> <li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886">CVE-2022-41886</a>)</li> <li>Fixes an FPE in <code>tf.image.generate_bounding_box_proposals</code> on GPU (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888">CVE-2022-41888</a>)</li> <li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid attributes (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889">CVE-2022-41889</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890">CVE-2022-41890</a>)</li> <li>Fixes a segfault in <code>TensorListConcat</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891">CVE-2022-41891</a>)</li> <li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893">CVE-2022-41893</a>)</li> <li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894">CVE-2022-41894</a>)</li> <li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895">CVE-2022-41895</a>)</li> <li>Fixes a crash in <code>Mfcc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896">CVE-2022-41896</a>)</li> <li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897">CVE-2022-41897</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SparseFillEmptyRowsGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898">CVE-2022-41898</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899">CVE-2022-41899</a>)</li> <li>Fixes a heap OOB in <code>FractionalAvgPool</code> and <code>FractionalMaxPool</code>(<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900">CVE-2022-41900</a>)</li> <li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901">CVE-2022-41901</a>)</li> <li>Fixes an OOB write in grappler (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902">CVE-2022-41902</a>)</li> <li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907">CVE-2022-41907</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908">CVE-2022-41908</a>)</li> <li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909">CVE-2022-41909</a>)</li> <li>Fixes a invalid char to bool conversion in printing a tensor (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911">CVE-2022-41911</a>)</li> <li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910">CVE-2022-41910</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code> and <code>TensorListScatterV2</code> in eager mode (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> </ul> <h2>TensorFlow 2.10.0</h2> <h1>Release 2.10.0</h1> <h2>Breaking Changes</h2> <ul> <li>Causal attention in <code>keras.layers.Attention</code> and <code>keras.layers.AdditiveAttention</code> is now specified in the <code>call()</code> method via the <code>use_causal_mask</code> argument (rather than in the constructor), for consistency with other layers.</li> <li>Some files in <code>tensorflow/python/training</code> have been moved to <code>tensorflow/python/tracking</code> and <code>tensorflow/python/checkpoint</code>. Please update your imports accordingly, the old files will be removed in Release 2.11.</li> <li><code>tf.keras.optimizers.experimental.Optimizer</code> will graduate in Release 2.11, which means <code>tf.keras.optimizers.Optimizer</code> will be an alias of <code>tf.keras.optimizers.experimental.Optimizer</code>. The current <code>tf.keras.optimizers.Optimizer</code> will continue to be supported as <code>tf.keras.optimizers.legacy.Optimizer</code>, e.g.,<code>tf.keras.optimizers.legacy.Adam</code>. Most users won't be affected by this change, but please check the <a href="https://www.tensorflow.org/api_docs/python/tf/keras/optimizers/experimental">API doc</a> if any API used in your workflow is changed or deprecated, and make adaptions. If you decide to keep using the old optimizer, please explicitly change your optimizer to <code>tf.keras.optimizers.legacy.Optimizer</code>.</li> <li>RNG behavior change for <code>tf.keras.initializers</code>. Keras initializers will now use stateless random ops to generate random numbers. <ul> <li>Both seeded and unseeded initializers will always generate the same values every time they are called (for a given variable shape). For unseeded initializers (<code>seed=None</code>), a random seed will be created and assigned at initializer creation (different initializer instances get different seeds).</li> <li>An unseeded initializer will raise a warning if it is reused (called) multiple times. This is because it would produce the same values each time, which may not be intended.</li> </ul> </li> </ul> <h2>Deprecations</h2> <ul> <li>The C++ <code>tensorflow::Code</code> and <code>tensorflow::Status</code> will become aliases of respectively <code>absl::StatusCode</code> and <code>absl::Status</code> in some future release. <ul> <li>Use <code>tensorflow::OkStatus()</code> instead of <code>tensorflow::Status::OK()</code>.</li> <li>Stop constructing <code>Status</code> objects from <code>tensorflow::error::Code</code>.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tensorflow/tensorflow/blob/v2.10.1/RELEASE.md">tensorflow's changelog</a>.</em></p> <blockquote> <h1>Release 2.10.1</h1> <p>This release introduces several vulnerability fixes:</p> <ul> <li>Fixes an OOB seg fault in <code>DynamicStitch</code> due to missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41883">CVE-2022-41883</a>)</li> <li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887">CVE-2022-41887</a>)</li> <li>Fixes a heap OOB failure in <code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880">CVE-2022-41880</a>)</li> <li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884">CVE-2022-41884</a>)</li> <li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885">CVE-2022-41885</a>)</li> <li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886">CVE-2022-41886</a>)</li> <li>Fixes an FPE in <code>tf.image.generate_bounding_box_proposals</code> on GPU (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888">CVE-2022-41888</a>)</li> <li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid attributes (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889">CVE-2022-41889</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890">CVE-2022-41890</a>)</li> <li>Fixes a segfault in <code>TensorListConcat</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891">CVE-2022-41891</a>)</li> <li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893">CVE-2022-41893</a>)</li> <li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894">CVE-2022-41894</a>)</li> <li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895">CVE-2022-41895</a>)</li> <li>Fixes a crash in <code>Mfcc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896">CVE-2022-41896</a>)</li> <li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897">CVE-2022-41897</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SparseFillEmptyRowsGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898">CVE-2022-41898</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899">CVE-2022-41899</a>)</li> <li>Fixes a heap OOB in <code>FractionalAvgPool</code> and <code>FractionalMaxPool</code>(<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900">CVE-2022-41900</a>)</li> <li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901">CVE-2022-41901</a>)</li> <li>Fixes an OOB write in grappler (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902">CVE-2022-41902</a>)</li> <li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907">CVE-2022-41907</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908">CVE-2022-41908</a>)</li> <li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909">CVE-2022-41909</a>)</li> <li>Fixes a invalid char to bool conversion in printing a tensor (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911">CVE-2022-41911</a>)</li> <li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910">CVE-2022-41910</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code> and <code>TensorListScatterV2</code> in eager mode (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> </ul> <h1>Release 2.10.0</h1> <h2>Breaking Changes</h2> <ul> <li>Causal attention in <code>keras.layers.Attention</code> and <code>keras.layers.AdditiveAttention</code> is now specified in the <code>call()</code> method via the <code>use_causal_mask</code> argument (rather than in the constructor), for consistency with other layers.</li> <li>Some files in <code>tensorflow/python/training</code> have been moved to <code>tensorflow/python/tracking</code> and <code>tensorflow/python/checkpoint</code>. Please update your imports accordingly, the old files will be removed in Release 2.11.</li> <li><code>tf.keras.optimizers.experimental.Optimizer</code> will graduate in Release 2.11, which means <code>tf.keras.optimizers.Optimizer</code> will be an alias of <code>tf.keras.optimizers.experimental.Optimizer</code>. The current <code>tf.keras.optimizers.Optimizer</code> will continue to be supported as <code>tf.keras.optimizers.legacy.Optimizer</code>, e.g.,<code>tf.keras.optimizers.legacy.Adam</code>. Most users won't be affected by this change, but please check the <a href="https://www.tensorflow.org/api_docs/python/tf/keras/optimizers/experimental">API doc</a> if any API used in your workflow is changed or deprecated, and make adaptions. If you decide to keep using the old optimizer, please explicitly change your optimizer to <code>tf.keras.optimizers.legacy.Optimizer</code>.</li> <li>RNG behavior change for <code>tf.keras.initializers</code>. Keras initializers will now use stateless random ops to generate random numbers. <ul> <li>Both seeded and unseeded initializers will always generate the same values every time they are called (for a given variable shape). For unseeded initializers (<code>seed=None</code>), a random seed will be created and assigned at initializer creation (different initializer instances get different seeds).</li> <li>An unseeded initializer will raise a warning if it is reused (called) multiple times. This is because it would produce the same values each time, which may not be intended.</li> </ul> </li> </ul> <h2>Deprecations</h2> <ul> <li>The C++ <code>tensorflow::Code</code> and <code>tensorflow::Status</code> will become aliases of respectively <code>absl::StatusCode</code> and <code>absl::Status</code> in some future release. <ul> <li>Use <code>tensorflow::OkStatus()</code> instead of <code>tensorflow::Status::OK()</code>.</li> <li>Stop constructing <code>Status</code> objects from <code>tensorflow::error::Code</code>.</li> <li>One MUST NOT access <code>tensorflow::errors::Code</code> fields. Accessing <code>tensorflow::error::Code</code> fields is fine. <ul> <li>Use the constructors such as <code>tensorflow::errors:InvalidArgument</code> to create status using an error code without accessing it.</li> </ul> </li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tensorflow/tensorflow/commit/fdfc646704c37bdf450525f6ced9d80df86e4993"><code>fdfc646</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58581">#58581</a> from tensorflow-jenkins/version-numbers-2.10.1-4527</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/319f094d0b23520e2631c900e66e0c28baf84e74"><code>319f094</code></a> Update version numbers to 2.10.1</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/7c857b832b3d8a098036c599694b0326cb47710b"><code>7c857b8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58475">#58475</a> from tensorflow-jenkins/relnotes-2.10.1-6649</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/6f133da37e8c64d6fe07d5f3f4085f0425914539"><code>6f133da</code></a> Update RELEASE.md</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/3982264cbd19a790e83dd51c700526964d22b47a"><code>3982264</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58573">#58573</a> from tensorflow/r2.10-f856d02e532</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/f425d38dce6a0c6898436facadf7abaafa8f1e91"><code>f425d38</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58571">#58571</a> from tensorflow/r2.10-7b174a0f2e4</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/dbe4291f41645499a266970aea8446e3e99c2110"><code>dbe4291</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58569">#58569</a> from tensorflow/r2.10-216525144ee</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/965517a717099c331d18dff056154ffaf5a8a7f7"><code>965517a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58565">#58565</a> from tensorflow/r2.10-af4a6a3c8b9</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/c09738e3c8c45d64a9762193aa8f4fac91599bff"><code>c09738e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58564">#58564</a> from tensorflow/r2.10-9f03a9d3baf</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/3da111c58fcbf34b74b524b5122fe75f3ee32e78"><code>3da111c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58561">#58561</a> from tensorflow/r2.10-8310bf8dd18</li> <li>Additional commits viewable in <a href="https://github.com/tensorflow/tensorflow/compare/v2.7.0...v2.10.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

chychkan (Migrated from github.com) reviewed 2022-11-16 23:02:12 +01:00

dependabot[bot] commented 2022-11-18 23:03:50 +01:00 (Migrated from github.com)

Copy Link

Copy Source

Superseded by #113.

Superseded by #113.

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No Reviewers

chychkan

Labels

Clear labels

bug

Something isn't working

dependencies

Pull requests that update a dependency file

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

placeholder

Keeping open for more changes

question

Further information is requested

stale issue

No activity in 30 days

wontfix

This will not be worked on

No Label dependencies

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

CalvinBackup (Calvin Backup)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: CalvinBackup/DeepFaceLab_MacOS#112