Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump tensorflow from 1.14 to 2.5.2 in /sdk/tflite #35

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 3, 2021

Bumps tensorflow from 1.14 to 2.5.2.

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.5.2

Release 2.5.2

This release introduces several vulnerability fixes:

  • Fixes a code injection issue in saved_model_cli (CVE-2021-41228)
  • Fixes a vulnerability due to use of uninitialized value in Tensorflow (CVE-2021-41225)
  • Fixes a heap OOB in FusedBatchNorm kernels (CVE-2021-41223)
  • Fixes an arbitrary memory read in ImmutableConst (CVE-2021-41227)
  • Fixes a heap OOB in SparseBinCount (CVE-2021-41226)
  • Fixes a heap OOB in SparseFillEmptyRows (CVE-2021-41224)
  • Fixes a segfault due to negative splits in SplitV (CVE-2021-41222)
  • Fixes segfaults and vulnerabilities caused by accesses to invalid memory during shape inference in Cudnn* ops (CVE-2021-41221)
  • Fixes a null pointer exception when Exit node is not preceded by Enter op (CVE-2021-41217)
  • Fixes an integer division by 0 in tf.raw_ops.AllToAll (CVE-2021-41218)
  • Fixes an undefined behavior via nullptr reference binding in sparse matrix multiplication (CVE-2021-41219)
  • Fixes a heap buffer overflow in Transpose (CVE-2021-41216)
  • Prevents deadlocks arising from mutually recursive tf.function objects (CVE-2021-41213)
  • Fixes a null pointer exception in DeserializeSparse (CVE-2021-41215)
  • Fixes an undefined behavior arising from reference binding to nullptr in tf.ragged.cross (CVE-2021-41214)
  • Fixes a heap OOB read in tf.ragged.cross (CVE-2021-41212)
  • Fixes a heap OOB read in all tf.raw_ops.QuantizeAndDequantizeV* ops (CVE-2021-41205)
  • Fixes an FPE in ParallelConcat (CVE-2021-41207)
  • Fixes FPE issues in convolutions with zero size filters (CVE-2021-41209)
  • Fixes a heap OOB read in tf.raw_ops.SparseCountSparseOutput (CVE-2021-41210)
  • Fixes vulnerabilities caused by incomplete validation in boosted trees code (CVE-2021-41208)
  • Fixes vulnerabilities caused by incomplete validation of shapes in multiple TF ops (CVE-2021-41206)
  • Fixes a segfault produced while copying constant resource tensor (CVE-2021-41204)
  • Fixes a vulnerability caused by unitialized access in EinsumHelper::ParseEquation (CVE-2021-41201)
  • Fixes several vulnerabilities and segfaults caused by missing validation during checkpoint loading (CVE-2021-41203)
  • Fixes an overflow producing a crash in tf.range (CVE-2021-41202)
  • Fixes an overflow producing a crash in tf.image.resize when size is large (CVE-2021-41199)
  • Fixes an overflow producing a crash in tf.tile when tiling tensor is large (CVE-2021-41198)
  • Fixes a vulnerability produced due to incomplete validation in tf.summary.create_file_writer (CVE-2021-41200)
  • Fixes multiple crashes due to overflow and CHECK-fail in ops with large tensor shapes (CVE-2021-41197)
  • Fixes a crash in max_pool3d when size argument is 0 or negative (CVE-2021-41196)
  • Fixes a crash in tf.math.segment_* operations (CVE-2021-41195)
  • Updates curl to 7.78.0 to handle CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, and CVE-2021-22926.

TensorFlow 2.5.1

Release 2.5.1

This release introduces several vulnerability fixes:

  • Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
  • Fixes a floating point exception in SparseDenseCwiseDiv (CVE-2021-37636)
  • Fixes a null pointer dereference in CompressElement (CVE-2021-37637)
  • Fixes a null pointer dereference in RaggedTensorToTensor (CVE-2021-37638)
  • Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
  • Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.5.2

This release introduces several vulnerability fixes:

... (truncated)

Commits
  • 957590e Merge pull request #52873 from tensorflow-jenkins/relnotes-2.5.2-20787
  • 2e1d16d Update RELEASE.md
  • 2fa6dd9 Merge pull request #52877 from tensorflow-jenkins/version-numbers-2.5.2-192
  • 4807489 Merge pull request #52881 from tensorflow/fix-build-1-on-r2.5
  • d398bdf Disable failing test
  • 857ad5e Merge pull request #52878 from tensorflow/fix-build-1-on-r2.5
  • 6c2a215 Disable failing test
  • f5c57d4 Update version numbers to 2.5.2
  • e51f949 Insert release notes place-fill
  • 2620d2c Merge pull request #52863 from tensorflow/fix-build-3-on-r2.5
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 1.14 to 2.5.2.
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](tensorflow/tensorflow@v1.14.0...v2.5.2)

---
updated-dependencies:
- dependency-name: tensorflow
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants