Bump tensorflow from 2.8.1 to 2.9.3 in /cvat/requirements (#5338)
Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.8.1 to 2.9.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tensorflow/tensorflow/releases">tensorflow's releases</a>.</em></p> <blockquote> <h2>TensorFlow 2.9.3</h2> <h1>Release 2.9.3</h1> <p>This release introduces several vulnerability fixes:</p> <ul> <li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887">CVE-2022-41887</a>)</li> <li>Fixes a heap OOB failure in <code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880">CVE-2022-41880</a>)</li> <li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884">CVE-2022-41884</a>)</li> <li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885">CVE-2022-41885</a>)</li> <li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886">CVE-2022-41886</a>)</li> <li>Fixes an FPE in <code>tf.image.generate_bounding_box_proposals</code> on GPU (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888">CVE-2022-41888</a>)</li> <li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid attributes (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889">CVE-2022-41889</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890">CVE-2022-41890</a>)</li> <li>Fixes a segfault in <code>TensorListConcat</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891">CVE-2022-41891</a>)</li> <li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893">CVE-2022-41893</a>)</li> <li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894">CVE-2022-41894</a>)</li> <li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895">CVE-2022-41895</a>)</li> <li>Fixes a crash in <code>Mfcc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896">CVE-2022-41896</a>)</li> <li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897">CVE-2022-41897</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SparseFillEmptyRowsGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898">CVE-2022-41898</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899">CVE-2022-41899</a>)</li> <li>Fixes a heap OOB in <code>FractionalAvgPool</code> and <code>FractionalMaxPool</code>(<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900">CVE-2022-41900</a>)</li> <li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901">CVE-2022-41901</a>)</li> <li>Fixes an OOB write in grappler (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902">CVE-2022-41902</a>)</li> <li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907">CVE-2022-41907</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908">CVE-2022-41908</a>)</li> <li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909">CVE-2022-41909</a>)</li> <li>Fixes a invalid char to bool conversion in printing a tensor (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911">CVE-2022-41911</a>)</li> <li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910">CVE-2022-41910</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code> and <code>TensorListScatterV2</code> in eager mode (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> </ul> <h2>TensorFlow 2.9.2</h2> <h1>Release 2.9.2</h1> <p>This releases introduces several vulnerability fixes:</p> <ul> <li>Fixes a <code>CHECK</code> failure in tf.reshape caused by overflows (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35934">CVE-2022-35934</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> <li>Fixes an OOB read in <code>Gather_nd</code> op in TF Lite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35937">CVE-2022-35937</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>TensorListReserve</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35960">CVE-2022-35960</a>)</li> <li>Fixes an OOB write in <code>Scatter_nd</code> op in TF Lite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35939">CVE-2022-35939</a>)</li> <li>Fixes an integer overflow in <code>RaggedRangeOp</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35940">CVE-2022-35940</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>AvgPoolOp</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35941">CVE-2022-35941</a>)</li> <li>Fixes a <code>CHECK</code> failures in <code>UnbatchGradOp</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35952">CVE-2022-35952</a>)</li> <li>Fixes a segfault TFLite converter on per-channel quantized transposed convolutions (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36027">CVE-2022-36027</a>)</li> <li>Fixes a <code>CHECK</code> failures in <code>AvgPool3DGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35959">CVE-2022-35959</a>)</li> <li>Fixes a <code>CHECK</code> failures in <code>FractionalAvgPoolGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35963">CVE-2022-35963</a>)</li> <li>Fixes a segfault in <code>BlockLSTMGradV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35964">CVE-2022-35964</a>)</li> <li>Fixes a segfault in <code>LowerBound</code> and <code>UpperBound</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35965">CVE-2022-35965</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md">tensorflow's changelog</a>.</em></p> <blockquote> <h1>Release 2.9.3</h1> <p>This release introduces several vulnerability fixes:</p> <ul> <li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887">CVE-2022-41887</a>)</li> <li>Fixes a heap OOB failure in <code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880">CVE-2022-41880</a>)</li> <li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884">CVE-2022-41884</a>)</li> <li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885">CVE-2022-41885</a>)</li> <li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886">CVE-2022-41886</a>)</li> <li>Fixes an FPE in <code>tf.image.generate_bounding_box_proposals</code> on GPU (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888">CVE-2022-41888</a>)</li> <li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid attributes (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889">CVE-2022-41889</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890">CVE-2022-41890</a>)</li> <li>Fixes a segfault in <code>TensorListConcat</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891">CVE-2022-41891</a>)</li> <li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893">CVE-2022-41893</a>)</li> <li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894">CVE-2022-41894</a>)</li> <li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895">CVE-2022-41895</a>)</li> <li>Fixes a crash in <code>Mfcc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896">CVE-2022-41896</a>)</li> <li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897">CVE-2022-41897</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SparseFillEmptyRowsGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898">CVE-2022-41898</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899">CVE-2022-41899</a>)</li> <li>Fixes a heap OOB in <code>FractionalAvgPool</code> and <code>FractionalMaxPool</code>(<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900">CVE-2022-41900</a>)</li> <li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901">CVE-2022-41901</a>)</li> <li>Fixes an OOB write in grappler (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902">CVE-2022-41902</a>)</li> <li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907">CVE-2022-41907</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908">CVE-2022-41908</a>)</li> <li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909">CVE-2022-41909</a>)</li> <li>Fixes a invalid char to bool conversion in printing a tensor (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911">CVE-2022-41911</a>)</li> <li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910">CVE-2022-41910</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code> and <code>TensorListScatterV2</code> in eager mode (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> </ul> <h1>Release 2.8.4</h1> <p>This release introduces several vulnerability fixes:</p> <ul> <li>Fixes a heap OOB failure in <code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880">CVE-2022-41880</a>)</li> <li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884">CVE-2022-41884</a>)</li> <li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885">CVE-2022-41885</a>)</li> <li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886">CVE-2022-41886</a>)</li> <li>Fixes an FPE in <code>tf.image.generate_bounding_box_proposals</code> on GPU (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888">CVE-2022-41888</a>)</li> <li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid attributes (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889">CVE-2022-41889</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890">CVE-2022-41890</a>)</li> <li>Fixes a segfault in <code>TensorListConcat</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891">CVE-2022-41891</a>)</li> <li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893">CVE-2022-41893</a>)</li> <li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894">CVE-2022-41894</a>)</li> <li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895">CVE-2022-41895</a>)</li> <li>Fixes a crash in <code>Mfcc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896">CVE-2022-41896</a>)</li> <li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897">CVE-2022-41897</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SparseFillEmptyRowsGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898">CVE-2022-41898</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899">CVE-2022-41899</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="maina5ed5f39b6"><code>a5ed5f3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58584">#58584</a> from tensorflow/vinila21-patch-2</li> <li><a href="258f9a1251"><code>258f9a1</code></a> Update py_func.cc</li> <li><a href="cd27cfb438"><code>cd27cfb</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58580">#58580</a> from tensorflow-jenkins/version-numbers-2.9.3-24474</li> <li><a href="3e75385ee6"><code>3e75385</code></a> Update version numbers to 2.9.3</li> <li><a href="bc72c39774"><code>bc72c39</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58482">#58482</a> from tensorflow-jenkins/relnotes-2.9.3-25695</li> <li><a href="3506c90f5a"><code>3506c90</code></a> Update RELEASE.md</li> <li><a href="8dcb48e384"><code>8dcb48e</code></a> Update RELEASE.md</li> <li><a href="4f34ec8499"><code>4f34ec8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58576">#58576</a> from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...</li> <li><a href="6fc67e408f"><code>6fc67e4</code></a> Replace CHECK with returning an InternalError on failing to create python tuple</li> <li><a href="5dbe90ad21"><code>5dbe90a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58570">#58570</a> from tensorflow/r2.9-7b174a0f2e4</li> <li>Additional commits viewable in <a href="https://github.com/tensorflow/tensorflow/compare/v2.8.1...v2.9.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/opencv/cvat/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot]
3 years ago
committed by
GitHub
parent
969d1e0fdf
commit
bc079c3129
Loading…
Reference in New Issue