Skip to content

Bump tensorflow-gpu from 2.1.2 to 2.7.2#14

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/tensorflow-gpu-2.7.2
Closed

Bump tensorflow-gpu from 2.1.2 to 2.7.2#14
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/tensorflow-gpu-2.7.2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 26, 2022

Bumps tensorflow-gpu from 2.1.2 to 2.7.2.

Release notes

Sourced from tensorflow-gpu's releases.

TensorFlow 2.7.2

Release 2.7.2

This releases introduces several vulnerability fixes:

TensorFlow 2.7.0-rc0

Release 2.7.0

Breaking Changes

  • tf.keras:

    • The methods Model.fit(), Model.predict(), and Model.evaluate() will no longer uprank input data of shape (batch_size,) to become (batch_size, 1). This enables Model subclasses to process scalar data in their train_step()/test_step()/predict_step() methods.
      Note that this change may break certain subclassed models. You can revert back to the previous behavior by adding upranking yourself in the train_step()/test_step()/predict_step() methods, e.g. if x.shape.rank == 1: x = tf.expand_dims(x, axis=-1). Functional models as well as Sequential models built with an explicit input shape are not affected.
    • The methods Model.to_yaml() and keras.models.model_from_yaml have been replaced to raise a RuntimeError as they can be abused to cause arbitrary code execution. It is recommended to use JSON serialization instead of YAML, or, a better alternative, serialize to H5.
    • LinearModel and WideDeepModel are moved to the tf.compat.v1.keras.models. namespace (tf.compat.v1.keras.models.LinearModel and tf.compat.v1.keras.models.WideDeepModel), and their experimental endpoints (tf.keras.experimental.models.LinearModel and tf.keras.experimental.models.WideDeepModel) are being deprecated.
    • RNG behavior change for all tf.keras.initializers classes. For any class constructed with a fixed seed, it will no longer generate same value when invoked multiple times. Instead, it will return different value, but a determinisitic sequence. This change will make the initialize behavior align between v1 and v2.

  • tf.lite:

    • Rename fields SignatureDef table in schema to maximize the parity with TF SavedModel's Signature concept.
    • Deprecate Makefile builds. Makefile users need to migrate their builds to CMake or Bazel. Please refer to the Build TensorFlow Lite with CMake and Build TensorFlow Lite for ARM boards for the migration.
    • Deprecate tflite::OpResolver::GetDelegates. The list returned by TfLite's BuiltinOpResolver::GetDelegates is now always empty. Instead, recommend using new method tflite::OpResolver::GetDelegateCreators in order to achieve lazy initialization on TfLite delegate instances.

... (truncated)

Changelog

Sourced from tensorflow-gpu's changelog.

Release 2.7.2

This releases introduces several vulnerability fixes:

Release 2.6.4

This releases introduces several vulnerability fixes:

  • Fixes a code injection in saved_model_cli (CVE-2022-29216)
  • Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
  • Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
  • Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
  • Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
  • Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
  • Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
  • Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
  • Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
  • Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
  • Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
  • Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
  • Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
  • Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
  • Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)

... (truncated)

Commits
  • dd7b8a3 Merge pull request #56034 from tensorflow-jenkins/relnotes-2.7.2-15779
  • 1e7d6ea Update RELEASE.md
  • 5085135 Merge pull request #56069 from tensorflow/mm-cp-52488e5072f6fe44411d70c6af09e...
  • adafb45 Merge pull request #56060 from yongtang:curl-7.83.1
  • 01cb1b8 Merge pull request #56038 from tensorflow-jenkins/version-numbers-2.7.2-4733
  • 8c90c2f Update version numbers to 2.7.2
  • 43f3cdc Update RELEASE.md
  • 98b0a48 Insert release notes place-fill
  • dfa5cf3 Merge pull request #56028 from tensorflow/disable-tests-on-r2.7
  • 501a65c Disable timing out tests
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump tensorflow-gpu from 2.1.2 to 2.7.2
5aae40e 
Bumps [tensorflow-gpu](https://github.com/tensorflow/tensorflow) from 2.1.2 to 2.7.2.
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](tensorflow/tensorflow@v2.1.2...v2.7.2)

---
updated-dependencies:
- dependency-name: tensorflow-gpu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 26, 2022
@dependabot dependabot bot mentioned this pull request May 26, 2022
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 21, 2022

Superseded by #18.

@dependabot dependabot bot closed this Nov 21, 2022
@dependabot dependabot bot deleted the dependabot/pip/tensorflow-gpu-2.7.2 branch November 21, 2022 21:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants