Skip to content
This repository has been archived by the owner on Aug 25, 2024. It is now read-only.

Bump tensorflow-gpu from 1.8 to 1.15.5 #26

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jul 30, 2024

Bumps tensorflow-gpu from 1.8 to 1.15.5.

Release notes

Sourced from tensorflow-gpu's releases.

TensorFlow 1.15.5

Release 1.15.5

Note that this is the last patch release for the TensorFlow 1.x series.

Bug Fixes and Other Changes

  • Fixes an access to unitialized memory in Eigen code (CVE-2020-26266)
  • Fixes a security vulnerability caused by lack of validation in tf.raw_ops.DataFormatVecPermute and tf.raw_ops.DataFormatDimMap (CVE-2020-26267)
  • Fixes a vulnerability caused by attempting to write to immutable memory region in tf.raw_ops.ImmutableConst (CVE-2020-26268
  • Fixes a CHECK-fail in LSTM with zero-length input (CVE-2020-26270)
  • Fixes a security vulnerability caused by accessing heap data outside of bounds when loading a specially crafted SavedModel (CVE-2020-26271)
  • Updates libjpeg-turbo to 2.0.5 to handle CVE-2020-13790.
  • Updates junit to 4.13.1 to handle CVE-2020-15250.
  • Updates PCRE to 8.44 to handle CVE-2019-20838 and CVE-2020-14155.
  • Updates sqlite3 to 3.44.0 to keep in sync with master branch.

TensorFlow 1.15.4

Release 1.15.4

Bug Fixes and Other Changes

Changelog

Sourced from tensorflow-gpu's changelog.

Release 1.15.5

Note that this is the last patch release for the TensorFlow 1.x series.

Bug Fixes and Other Changes

  • Fixes an access to unitialized memory in Eigen code (CVE-2020-26266)
  • Fixes a security vulnerability caused by lack of validation in tf.raw_ops.DataFormatVecPermute and tf.raw_ops.DataFormatDimMap (CVE-2020-26267)
  • Fixes a vulnerability caused by attempting to write to immutable memory region in tf.raw_ops.ImmutableConst (CVE-2020-26268
  • Fixes a CHECK-fail in LSTM with zero-length input (CVE-2020-26270)
  • Fixes a security vulnerability caused by accessing heap data outside of bounds when loading a specially crafted SavedModel (CVE-2020-26271)
  • Updates libjpeg-turbo to 2.0.5 to handle CVE-2020-13790.
  • Updates junit to 4.13.1 to handle CVE-2020-15250.
  • Updates PCRE to 8.44 to handle CVE-2019-20838 and CVE-2020-14155.
  • Updates sqlite3 to 3.44.0 to keep in sync with master branch.

Release 2.4.0

## Major Features and Improvements

... (truncated)

Commits
  • 3db52be Merge pull request #45763 from tensorflow-jenkins/relnotes-1.15.5-6556
  • a788dc5 Update RELEASE.md
  • da8db17 Merge pull request #46152 from tensorflow/mm-cherry-pick-sqlite-bump-on-r1.15
  • a19bd42 Update SQLite to the lastest sqlite-amalgamation-3340000
  • 0396c28 Disable failing test
  • 89fe0ce Merge pull request #45809 from tensorflow/fix-cp-1.15
  • d04c0e0 Fix bad cherrypick
  • d3ea1b9 Merge pull request #45802 from tensorflow/update_path
  • a6d2785 Fix import path
  • 6f62fd1 Merge pull request #45530 from tensorflow/mm-cherrypick-6d7da36623b-on-r1.15
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
tensorflow-gpu [>= 2.a, < 3]

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [tensorflow-gpu](https://github.com/tensorflow/tensorflow) from 1.8 to 1.15.5.
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](tensorflow/tensorflow@v1.8.0...v1.15.5)

---
updated-dependencies:
- dependency-name: tensorflow-gpu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants