{"id":18574,"name":"tensorflow","ecosystem":"cocoapods","repository_url":null,"issues_count":8,"created_at":"2025-06-07T01:22:34.552Z","updated_at":"2025-06-07T01:22:34.552Z","purl":"pkg:cocoapods/tensorflow","unique_repositories_count":5,"unique_repositories_count_past_30_days":0,"recent_issues":[{"uuid":"1657291650","node_id":"PR_kwDOJL5CUs5iyEOC","number":3,"state":"closed","title":"Bump tensorflow from 2.11.0 to 2.11.1","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-27T23:31:58.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2023-12-26T14:31:50.000Z","updated_at":"2025-05-27T23:31:58.000Z","time_to_close":44787608,"merged_at":"2025-05-27T23:31:58.000Z","merged_by":"AsmaZgo","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"tensorflow","old_version":"2.11.0","new_version":"2.11.1","repository_url":"https://github.com/tensorflow/tensorflow"}],"path":null,"ecosystem":"cocoapods"},"body":"Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.11.0 to 2.11.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003etensorflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTensorFlow 2.11.1\u003c/h2\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md\"\u003etensorflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a3e2c692c18649329c4210cf8df2487d2028e267\"\u003e\u003ccode\u003ea3e2c69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60016\"\u003e#60016\u003c/a\u003e from tensorflow/fix-relnotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/13b85dcf966d0c94b2e5c21291be039db2dec7b9\"\u003e\u003ccode\u003e13b85dc\u003c/code\u003e\u003c/a\u003e Fix release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/48b18dbf1301f24be9f2f41189d318ce5398540a\"\u003e\u003ccode\u003e48b18db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60014\"\u003e#60014\u003c/a\u003e from tensorflow/disable-test-that-ooms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/eea48f50d6982879909bf8e0d0151bbce3f9bf4a\"\u003e\u003ccode\u003eeea48f5\u003c/code\u003e\u003c/a\u003e Disable a test that results in OOM+segfault\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a63258434247784605986cfc2b43cb3be846cf8a\"\u003e\u003ccode\u003ea632584\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60000\"\u003e#60000\u003c/a\u003e from tensorflow/venkat-patch-3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/93dea7a67df44bde557e580dfdcde5ba0a7a344d\"\u003e\u003ccode\u003e93dea7a\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a2ba9f16f0154bf93f21132878b154238d89fad6\"\u003e\u003ccode\u003ea2ba9f1\u003c/code\u003e\u003c/a\u003e Updating Release.md with Legal Language for Release Notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/fae41c76bdc760454b3e5c1d3af9b8d5a5c6c548\"\u003e\u003ccode\u003efae41c7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59998\"\u003e#59998\u003c/a\u003e from tensorflow/fix-bad-cherrypick-again\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/2757416dcd4a2d00ea36512c2ffd347030c1196b\"\u003e\u003ccode\u003e2757416\u003c/code\u003e\u003c/a\u003e Fix bad cherrypick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/c78616f4b00125c8a563e10ce6b76bea8070bdd0\"\u003e\u003ccode\u003ec78616f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59992\"\u003e#59992\u003c/a\u003e from tensorflow/fix-2.11-build\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tensorflow/tensorflow/compare/v2.11.0...v2.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow\u0026package-manager=pip\u0026previous-version=2.11.0\u0026new-version=2.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AsmaZgo/ComputerVisionDigitsClassification/network/alerts).\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/AsmaZgo/ComputerVisionDigitsClassification/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AsmaZgo%2FComputerVisionDigitsClassification/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"1640304332","node_id":"PR_kwDOB8hV_s5M4bJx","number":21,"state":"closed","title":"Bump tensorflow from 2.7.2 to 2.11.1 in /ai/tensorflow","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-17T00:04:59.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2023-03-25T01:29:17.000Z","updated_at":"2025-05-17T00:05:02.000Z","time_to_close":67732542,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"tensorflow","old_version":"2.7.2","new_version":"2.11.1","repository_url":"https://github.com/tensorflow/tensorflow"}],"path":"/ai/tensorflow","ecosystem":"cocoapods"},"body":"Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.7.2 to 2.11.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003etensorflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTensorFlow 2.11.1\u003c/h2\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTensorFlow 2.11.0\u003c/h2\u003e\n\u003ch1\u003eRelease 2.11.0\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e base class now points to the new Keras optimizer, while the old optimizers have been moved to the \u003ccode\u003etf.keras.optimizers.legacy\u003c/code\u003e namespace.\u003c/p\u003e\n\u003cp\u003eIf you find your workflow failing due to this change, you may be facing one of the following issues:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCheckpoint loading failure.\u003c/strong\u003e The new optimizer handles optimizer state differently from the old optimizer, which simplifies the logic of checkpoint saving/loading, but at the cost of breaking checkpoint backward compatibility in some cases. If you want to keep using an old checkpoint, please change your optimizer to \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e (e.g. \u003ccode\u003etf.keras.optimizer.legacy.Adam\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTF1 compatibility.\u003c/strong\u003e The new optimizer, \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e, does not support TF1 any more, so please use the legacy optimizer \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e. We highly recommend \u003ca href=\"https://www.tensorflow.org/guide/migrate\"\u003emigrating your workflow to TF2\u003c/a\u003e for stable support and new features.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOld optimizer API not found.\u003c/strong\u003e The new optimizer, \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e, has a different set of public APIs from the old optimizer. These API changes are mostly related to getting rid of slot variables and TF1 support. Please check the API documentation to find alternatives to the missing API. If you must call the deprecated API, please change your optimizer to the legacy optimizer.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLearning rate schedule access.\u003c/strong\u003e When using a \u003ccode\u003etf.keras.optimizers.schedules.LearningRateSchedule\u003c/code\u003e, the new optimizer's \u003ccode\u003elearning_rate\u003c/code\u003e property returns the current learning rate value instead of a \u003ccode\u003eLearningRateSchedule\u003c/code\u003e object as before. If you need to access the \u003ccode\u003eLearningRateSchedule\u003c/code\u003e object, please use \u003ccode\u003eoptimizer._learning_rate\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIf you implemented a custom optimizer based on the old optimizer.\u003c/strong\u003e Please set your optimizer to subclass \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e. If you want to migrate to the new optimizer and find it does not support your optimizer, please file an issue in the \u003ca href=\"https://github.com/keras-team/keras/issues\"\u003eKeras GitHub repo\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eErrors, such as \u003ccode\u003eCannot recognize variable...\u003c/code\u003e.\u003c/strong\u003e The new optimizer requires all optimizer variables to be created at the first \u003ccode\u003eapply_gradients()\u003c/code\u003e or \u003ccode\u003eminimize()\u003c/code\u003e call. If your workflow calls the optimizer to update different parts of the model in multiple stages, please call \u003ccode\u003eoptimizer.build(model.trainable_variables)\u003c/code\u003e before the training loop.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTimeout or performance loss.\u003c/strong\u003e We don't anticipate this to happen, but if you see such issues, please use the legacy optimizer, and file an issue in the Keras GitHub repo.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe old Keras optimizer will never be deleted, but will not see any new feature additions. New optimizers (for example, \u003ccode\u003etf.keras.optimizers.Adafactor\u003c/code\u003e) will only be implemented based on the new \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e base class.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003etensorflow/python/keras\u003c/code\u003e code is a legacy copy of Keras since the TensorFlow v2.7 release, and will be deleted in the v2.12 release. Please remove any import of \u003ccode\u003etensorflow.python.keras\u003c/code\u003e and use the public API with \u003ccode\u003efrom tensorflow import keras\u003c/code\u003e or \u003ccode\u003eimport tensorflow as tf; tf.keras\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMajor Features and Improvements\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md\"\u003etensorflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eRelease 2.11.0\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e now points to the new Keras optimizer, and\nold optimizers have moved to the \u003ccode\u003etf.keras.optimizers.legacy\u003c/code\u003e namespace.\nIf you find your workflow failing due to this change,\nyou may be facing one of the following issues:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCheckpoint loading failure.\u003c/strong\u003e The new optimizer handles optimizer\nstate differently from the old optimizer, which simplies the logic of\ncheckpoint saving/loading, but at the cost of breaking checkpoint\nbackward compatibility in some cases. If you want to keep using an old\ncheckpoint, please change your optimizer to\n\u003ccode\u003etf.keras.optimizers.legacy.XXX\u003c/code\u003e (e.g.\n\u003ccode\u003etf.keras.optimizers.legacy.Adam\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTF1 compatibility.\u003c/strong\u003e The new optimizer does not support TF1 any more,\nso please use the legacy optimizer \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e.\nWe highly recommend to migrate your workflow to TF2 for stable\nsupport and new features.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAPI not found.\u003c/strong\u003e The new optimizer has a different set of public APIs\nfrom the old optimizer. These API changes are mostly related to\ngetting rid of slot variables and TF1 support. Please check the API\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a3e2c692c18649329c4210cf8df2487d2028e267\"\u003e\u003ccode\u003ea3e2c69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60016\"\u003e#60016\u003c/a\u003e from tensorflow/fix-relnotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/13b85dcf966d0c94b2e5c21291be039db2dec7b9\"\u003e\u003ccode\u003e13b85dc\u003c/code\u003e\u003c/a\u003e Fix release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/48b18dbf1301f24be9f2f41189d318ce5398540a\"\u003e\u003ccode\u003e48b18db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60014\"\u003e#60014\u003c/a\u003e from tensorflow/disable-test-that-ooms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/eea48f50d6982879909bf8e0d0151bbce3f9bf4a\"\u003e\u003ccode\u003eeea48f5\u003c/code\u003e\u003c/a\u003e Disable a test that results in OOM+segfault\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a63258434247784605986cfc2b43cb3be846cf8a\"\u003e\u003ccode\u003ea632584\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60000\"\u003e#60000\u003c/a\u003e from tensorflow/venkat-patch-3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/93dea7a67df44bde557e580dfdcde5ba0a7a344d\"\u003e\u003ccode\u003e93dea7a\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a2ba9f16f0154bf93f21132878b154238d89fad6\"\u003e\u003ccode\u003ea2ba9f1\u003c/code\u003e\u003c/a\u003e Updating Release.md with Legal Language for Release Notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/fae41c76bdc760454b3e5c1d3af9b8d5a5c6c548\"\u003e\u003ccode\u003efae41c7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59998\"\u003e#59998\u003c/a\u003e from tensorflow/fix-bad-cherrypick-again\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/2757416dcd4a2d00ea36512c2ffd347030c1196b\"\u003e\u003ccode\u003e2757416\u003c/code\u003e\u003c/a\u003e Fix bad cherrypick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/c78616f4b00125c8a563e10ce6b76bea8070bdd0\"\u003e\u003ccode\u003ec78616f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59992\"\u003e#59992\u003c/a\u003e from tensorflow/fix-2.11-build\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tensorflow/tensorflow/compare/v2.7.2...v2.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow\u0026package-manager=pip\u0026previous-version=2.7.2\u0026new-version=2.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gitbuda/education/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/gitbuda/education/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitbuda%2Feducation/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"},{"uuid":"1289845760","node_id":"PR_kwDODCqOwc5M4XwA","number":13,"state":"closed","title":"Bump tensorflow from 2.5.1 to 2.11.1","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-31T05:42:35.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2023-03-25T01:10:30.000Z","updated_at":"2025-05-31T05:42:35.000Z","time_to_close":68963525,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"tensorflow","old_version":"2.5.1","new_version":"2.11.1","repository_url":"https://github.com/tensorflow/tensorflow"}],"path":null,"ecosystem":"cocoapods"},"body":"Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.5.1 to 2.11.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003etensorflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTensorFlow 2.11.1\u003c/h2\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTensorFlow 2.11.0\u003c/h2\u003e\n\u003ch1\u003eRelease 2.11.0\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e base class now points to the new Keras optimizer, while the old optimizers have been moved to the \u003ccode\u003etf.keras.optimizers.legacy\u003c/code\u003e namespace.\u003c/p\u003e\n\u003cp\u003eIf you find your workflow failing due to this change, you may be facing one of the following issues:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCheckpoint loading failure.\u003c/strong\u003e The new optimizer handles optimizer state differently from the old optimizer, which simplifies the logic of checkpoint saving/loading, but at the cost of breaking checkpoint backward compatibility in some cases. If you want to keep using an old checkpoint, please change your optimizer to \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e (e.g. \u003ccode\u003etf.keras.optimizer.legacy.Adam\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTF1 compatibility.\u003c/strong\u003e The new optimizer, \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e, does not support TF1 any more, so please use the legacy optimizer \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e. We highly recommend \u003ca href=\"https://www.tensorflow.org/guide/migrate\"\u003emigrating your workflow to TF2\u003c/a\u003e for stable support and new features.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOld optimizer API not found.\u003c/strong\u003e The new optimizer, \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e, has a different set of public APIs from the old optimizer. These API changes are mostly related to getting rid of slot variables and TF1 support. Please check the API documentation to find alternatives to the missing API. If you must call the deprecated API, please change your optimizer to the legacy optimizer.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLearning rate schedule access.\u003c/strong\u003e When using a \u003ccode\u003etf.keras.optimizers.schedules.LearningRateSchedule\u003c/code\u003e, the new optimizer's \u003ccode\u003elearning_rate\u003c/code\u003e property returns the current learning rate value instead of a \u003ccode\u003eLearningRateSchedule\u003c/code\u003e object as before. If you need to access the \u003ccode\u003eLearningRateSchedule\u003c/code\u003e object, please use \u003ccode\u003eoptimizer._learning_rate\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIf you implemented a custom optimizer based on the old optimizer.\u003c/strong\u003e Please set your optimizer to subclass \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e. If you want to migrate to the new optimizer and find it does not support your optimizer, please file an issue in the \u003ca href=\"https://github.com/keras-team/keras/issues\"\u003eKeras GitHub repo\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eErrors, such as \u003ccode\u003eCannot recognize variable...\u003c/code\u003e.\u003c/strong\u003e The new optimizer requires all optimizer variables to be created at the first \u003ccode\u003eapply_gradients()\u003c/code\u003e or \u003ccode\u003eminimize()\u003c/code\u003e call. If your workflow calls the optimizer to update different parts of the model in multiple stages, please call \u003ccode\u003eoptimizer.build(model.trainable_variables)\u003c/code\u003e before the training loop.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTimeout or performance loss.\u003c/strong\u003e We don't anticipate this to happen, but if you see such issues, please use the legacy optimizer, and file an issue in the Keras GitHub repo.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe old Keras optimizer will never be deleted, but will not see any new feature additions. New optimizers (for example, \u003ccode\u003etf.keras.optimizers.Adafactor\u003c/code\u003e) will only be implemented based on the new \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e base class.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003etensorflow/python/keras\u003c/code\u003e code is a legacy copy of Keras since the TensorFlow v2.7 release, and will be deleted in the v2.12 release. Please remove any import of \u003ccode\u003etensorflow.python.keras\u003c/code\u003e and use the public API with \u003ccode\u003efrom tensorflow import keras\u003c/code\u003e or \u003ccode\u003eimport tensorflow as tf; tf.keras\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMajor Features and Improvements\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md\"\u003etensorflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eRelease 2.11.0\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e now points to the new Keras optimizer, and\nold optimizers have moved to the \u003ccode\u003etf.keras.optimizers.legacy\u003c/code\u003e namespace.\nIf you find your workflow failing due to this change,\nyou may be facing one of the following issues:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCheckpoint loading failure.\u003c/strong\u003e The new optimizer handles optimizer\nstate differently from the old optimizer, which simplies the logic of\ncheckpoint saving/loading, but at the cost of breaking checkpoint\nbackward compatibility in some cases. If you want to keep using an old\ncheckpoint, please change your optimizer to\n\u003ccode\u003etf.keras.optimizers.legacy.XXX\u003c/code\u003e (e.g.\n\u003ccode\u003etf.keras.optimizers.legacy.Adam\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTF1 compatibility.\u003c/strong\u003e The new optimizer does not support TF1 any more,\nso please use the legacy optimizer \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e.\nWe highly recommend to migrate your workflow to TF2 for stable\nsupport and new features.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAPI not found.\u003c/strong\u003e The new optimizer has a different set of public APIs\nfrom the old optimizer. These API changes are mostly related to\ngetting rid of slot variables and TF1 support. Please check the API\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a3e2c692c18649329c4210cf8df2487d2028e267\"\u003e\u003ccode\u003ea3e2c69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60016\"\u003e#60016\u003c/a\u003e from tensorflow/fix-relnotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/13b85dcf966d0c94b2e5c21291be039db2dec7b9\"\u003e\u003ccode\u003e13b85dc\u003c/code\u003e\u003c/a\u003e Fix release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/48b18dbf1301f24be9f2f41189d318ce5398540a\"\u003e\u003ccode\u003e48b18db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60014\"\u003e#60014\u003c/a\u003e from tensorflow/disable-test-that-ooms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/eea48f50d6982879909bf8e0d0151bbce3f9bf4a\"\u003e\u003ccode\u003eeea48f5\u003c/code\u003e\u003c/a\u003e Disable a test that results in OOM+segfault\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a63258434247784605986cfc2b43cb3be846cf8a\"\u003e\u003ccode\u003ea632584\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60000\"\u003e#60000\u003c/a\u003e from tensorflow/venkat-patch-3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/93dea7a67df44bde557e580dfdcde5ba0a7a344d\"\u003e\u003ccode\u003e93dea7a\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a2ba9f16f0154bf93f21132878b154238d89fad6\"\u003e\u003ccode\u003ea2ba9f1\u003c/code\u003e\u003c/a\u003e Updating Release.md with Legal Language for Release Notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/fae41c76bdc760454b3e5c1d3af9b8d5a5c6c548\"\u003e\u003ccode\u003efae41c7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59998\"\u003e#59998\u003c/a\u003e from tensorflow/fix-bad-cherrypick-again\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/2757416dcd4a2d00ea36512c2ffd347030c1196b\"\u003e\u003ccode\u003e2757416\u003c/code\u003e\u003c/a\u003e Fix bad cherrypick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/c78616f4b00125c8a563e10ce6b76bea8070bdd0\"\u003e\u003ccode\u003ec78616f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59992\"\u003e#59992\u003c/a\u003e from tensorflow/fix-2.11-build\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tensorflow/tensorflow/compare/v2.5.1...v2.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow\u0026package-manager=pip\u0026previous-version=2.5.1\u0026new-version=2.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/PratikSavla/aio-bot/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/PratikSavla/aio-bot/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PratikSavla%2Faio-bot/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"1130771262","node_id":"PR_kwDOD6H1H85DZjM-","number":30,"state":"closed","title":"Bump tensorflow from 2.5.3 to 2.9.3 in /project/uncertainty-adversarial-paper","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-16T17:54:57.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2022-11-21T23:30:28.000Z","updated_at":"2025-05-16T17:54:57.000Z","time_to_close":78344669,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"tensorflow","old_version":"2.5.3","new_version":"2.9.3","repository_url":"https://github.com/tensorflow/tensorflow"}],"path":"/project/uncertainty-adversarial-paper","ecosystem":"cocoapods"},"body":"Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.5.3 to 2.9.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003etensorflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTensorFlow 2.9.3\u003c/h2\u003e\n\u003ch1\u003eRelease 2.9.3\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003etf.keras.losses.poisson\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887\"\u003eCVE-2022-41887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalAvgPool\u003c/code\u003e and \u003ccode\u003eFractionalMaxPool\u003c/code\u003e(\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900\"\u003eCVE-2022-41900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e in \u003ccode\u003eSparseMatrixNNZ\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901\"\u003eCVE-2022-41901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in grappler (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902\"\u003eCVE-2022-41902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eResizeNearestNeighborGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907\"\u003eCVE-2022-41907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003ePyFunc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908\"\u003eCVE-2022-41908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eCompositeTensorVariantToComponents\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909\"\u003eCVE-2022-41909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a invalid char to bool conversion in printing a tensor (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911\"\u003eCVE-2022-41911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap overflow in \u003ccode\u003eQuantizeAndDequantizeV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910\"\u003eCVE-2022-41910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e via missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eTensorListScatter\u003c/code\u003e and \u003ccode\u003eTensorListScatterV2\u003c/code\u003e in eager mode (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTensorFlow 2.9.2\u003c/h2\u003e\n\u003ch1\u003eRelease 2.9.2\u003c/h1\u003e\n\u003cp\u003eThis releases introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in tf.reshape caused by overflows (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35934\"\u003eCVE-2022-35934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB read in \u003ccode\u003eGather_nd\u003c/code\u003e op in TF Lite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35937\"\u003eCVE-2022-35937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eTensorListReserve\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35960\"\u003eCVE-2022-35960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in \u003ccode\u003eScatter_nd\u003c/code\u003e op in TF Lite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35939\"\u003eCVE-2022-35939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an integer overflow in \u003ccode\u003eRaggedRangeOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35940\"\u003eCVE-2022-35940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eAvgPoolOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35941\"\u003eCVE-2022-35941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eUnbatchGradOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35952\"\u003eCVE-2022-35952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault TFLite converter on per-channel quantized transposed convolutions (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36027\"\u003eCVE-2022-36027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eAvgPool3DGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35959\"\u003eCVE-2022-35959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eFractionalAvgPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35963\"\u003eCVE-2022-35963\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eBlockLSTMGradV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35964\"\u003eCVE-2022-35964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eLowerBound\u003c/code\u003e and \u003ccode\u003eUpperBound\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35965\"\u003eCVE-2022-35965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md\"\u003etensorflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 2.9.3\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003etf.keras.losses.poisson\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887\"\u003eCVE-2022-41887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalAvgPool\u003c/code\u003e and \u003ccode\u003eFractionalMaxPool\u003c/code\u003e(\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900\"\u003eCVE-2022-41900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e in \u003ccode\u003eSparseMatrixNNZ\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901\"\u003eCVE-2022-41901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in grappler (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902\"\u003eCVE-2022-41902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eResizeNearestNeighborGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907\"\u003eCVE-2022-41907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003ePyFunc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908\"\u003eCVE-2022-41908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eCompositeTensorVariantToComponents\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909\"\u003eCVE-2022-41909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a invalid char to bool conversion in printing a tensor (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911\"\u003eCVE-2022-41911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap overflow in \u003ccode\u003eQuantizeAndDequantizeV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910\"\u003eCVE-2022-41910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e via missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eTensorListScatter\u003c/code\u003e and \u003ccode\u003eTensorListScatterV2\u003c/code\u003e in eager mode (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eRelease 2.8.4\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a5ed5f39b675a1c6f315e0caf3ad4b38478fa571\"\u003e\u003ccode\u003ea5ed5f3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58584\"\u003e#58584\u003c/a\u003e from tensorflow/vinila21-patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/258f9a1251346d93e129c53f82d21732df6067f5\"\u003e\u003ccode\u003e258f9a1\u003c/code\u003e\u003c/a\u003e Update py_func.cc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/cd27cfb438b78a019ff8a215a9d6c58d10c062c3\"\u003e\u003ccode\u003ecd27cfb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58580\"\u003e#58580\u003c/a\u003e from tensorflow-jenkins/version-numbers-2.9.3-24474\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/3e75385ee6c9ef8f06d6848244e1421c603dd4a1\"\u003e\u003ccode\u003e3e75385\u003c/code\u003e\u003c/a\u003e Update version numbers to 2.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/bc72c39774b0a0cb38ed03e5ee09fa78103ed749\"\u003e\u003ccode\u003ebc72c39\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58482\"\u003e#58482\u003c/a\u003e from tensorflow-jenkins/relnotes-2.9.3-25695\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/3506c90f5ac0f471a6b1d60d4055b14ca3da170b\"\u003e\u003ccode\u003e3506c90\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/8dcb48e384cd3914458f3c494f1da878ae8dc6d5\"\u003e\u003ccode\u003e8dcb48e\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/4f34ec84994e63cf47c1d13748a404edd3d5a0d3\"\u003e\u003ccode\u003e4f34ec8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58576\"\u003e#58576\u003c/a\u003e from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/6fc67e408f239384d26acabc34d287911af92dc8\"\u003e\u003ccode\u003e6fc67e4\u003c/code\u003e\u003c/a\u003e Replace CHECK with returning an InternalError on failing to create python tuple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/5dbe90ad21068007cbc31a56e8ed514ec27e0b26\"\u003e\u003ccode\u003e5dbe90a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58570\"\u003e#58570\u003c/a\u003e from tensorflow/r2.9-7b174a0f2e4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tensorflow/tensorflow/compare/v2.5.3...v2.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow\u0026package-manager=pip\u0026previous-version=2.5.3\u0026new-version=2.9.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language\n- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language\n- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language\n- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language\n\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sourav22899/ee5111-estimation-theory/network/alerts).\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/sourav22899/ee5111-estimation-theory/pull/30","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourav22899%2Fee5111-estimation-theory/issues/30","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/30/packages"},{"uuid":"1458712147","node_id":"PR_kwDOD9eIec5DZbH1","number":35,"state":"closed","title":"Bump tensorflow from 2.2.0 to 2.9.3 in /codes/analysis-visualization/analyze_pycode","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-25T07:37:07.000Z","author_association":"NONE","state_reason":null,"created_at":"2022-11-21T22:53:52.000Z","updated_at":"2025-05-25T07:37:10.000Z","time_to_close":79087395,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"tensorflow","old_version":"2.2.0","new_version":"2.9.3","repository_url":"https://github.com/tensorflow/tensorflow"}],"path":"/codes/analysis-visualization/analyze_pycode","ecosystem":"cocoapods"},"body":"Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.2.0 to 2.9.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003etensorflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTensorFlow 2.9.3\u003c/h2\u003e\n\u003ch1\u003eRelease 2.9.3\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003etf.keras.losses.poisson\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887\"\u003eCVE-2022-41887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalAvgPool\u003c/code\u003e and \u003ccode\u003eFractionalMaxPool\u003c/code\u003e(\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900\"\u003eCVE-2022-41900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e in \u003ccode\u003eSparseMatrixNNZ\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901\"\u003eCVE-2022-41901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in grappler (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902\"\u003eCVE-2022-41902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eResizeNearestNeighborGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907\"\u003eCVE-2022-41907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003ePyFunc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908\"\u003eCVE-2022-41908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eCompositeTensorVariantToComponents\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909\"\u003eCVE-2022-41909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a invalid char to bool conversion in printing a tensor (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911\"\u003eCVE-2022-41911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap overflow in \u003ccode\u003eQuantizeAndDequantizeV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910\"\u003eCVE-2022-41910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e via missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eTensorListScatter\u003c/code\u003e and \u003ccode\u003eTensorListScatterV2\u003c/code\u003e in eager mode (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTensorFlow 2.9.2\u003c/h2\u003e\n\u003ch1\u003eRelease 2.9.2\u003c/h1\u003e\n\u003cp\u003eThis releases introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in tf.reshape caused by overflows (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35934\"\u003eCVE-2022-35934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB read in \u003ccode\u003eGather_nd\u003c/code\u003e op in TF Lite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35937\"\u003eCVE-2022-35937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eTensorListReserve\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35960\"\u003eCVE-2022-35960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in \u003ccode\u003eScatter_nd\u003c/code\u003e op in TF Lite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35939\"\u003eCVE-2022-35939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an integer overflow in \u003ccode\u003eRaggedRangeOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35940\"\u003eCVE-2022-35940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eAvgPoolOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35941\"\u003eCVE-2022-35941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eUnbatchGradOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35952\"\u003eCVE-2022-35952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault TFLite converter on per-channel quantized transposed convolutions (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36027\"\u003eCVE-2022-36027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eAvgPool3DGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35959\"\u003eCVE-2022-35959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eFractionalAvgPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35963\"\u003eCVE-2022-35963\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eBlockLSTMGradV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35964\"\u003eCVE-2022-35964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eLowerBound\u003c/code\u003e and \u003ccode\u003eUpperBound\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35965\"\u003eCVE-2022-35965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md\"\u003etensorflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 2.9.3\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003etf.keras.losses.poisson\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887\"\u003eCVE-2022-41887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalAvgPool\u003c/code\u003e and \u003ccode\u003eFractionalMaxPool\u003c/code\u003e(\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900\"\u003eCVE-2022-41900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e in \u003ccode\u003eSparseMatrixNNZ\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901\"\u003eCVE-2022-41901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in grappler (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902\"\u003eCVE-2022-41902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eResizeNearestNeighborGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907\"\u003eCVE-2022-41907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003ePyFunc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908\"\u003eCVE-2022-41908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eCompositeTensorVariantToComponents\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909\"\u003eCVE-2022-41909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a invalid char to bool conversion in printing a tensor (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911\"\u003eCVE-2022-41911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap overflow in \u003ccode\u003eQuantizeAndDequantizeV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910\"\u003eCVE-2022-41910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e via missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eTensorListScatter\u003c/code\u003e and \u003ccode\u003eTensorListScatterV2\u003c/code\u003e in eager mode (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eRelease 2.8.4\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a5ed5f39b675a1c6f315e0caf3ad4b38478fa571\"\u003e\u003ccode\u003ea5ed5f3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58584\"\u003e#58584\u003c/a\u003e from tensorflow/vinila21-patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/258f9a1251346d93e129c53f82d21732df6067f5\"\u003e\u003ccode\u003e258f9a1\u003c/code\u003e\u003c/a\u003e Update py_func.cc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/cd27cfb438b78a019ff8a215a9d6c58d10c062c3\"\u003e\u003ccode\u003ecd27cfb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58580\"\u003e#58580\u003c/a\u003e from tensorflow-jenkins/version-numbers-2.9.3-24474\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/3e75385ee6c9ef8f06d6848244e1421c603dd4a1\"\u003e\u003ccode\u003e3e75385\u003c/code\u003e\u003c/a\u003e Update version numbers to 2.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/bc72c39774b0a0cb38ed03e5ee09fa78103ed749\"\u003e\u003ccode\u003ebc72c39\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58482\"\u003e#58482\u003c/a\u003e from tensorflow-jenkins/relnotes-2.9.3-25695\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/3506c90f5ac0f471a6b1d60d4055b14ca3da170b\"\u003e\u003ccode\u003e3506c90\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/8dcb48e384cd3914458f3c494f1da878ae8dc6d5\"\u003e\u003ccode\u003e8dcb48e\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/4f34ec84994e63cf47c1d13748a404edd3d5a0d3\"\u003e\u003ccode\u003e4f34ec8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58576\"\u003e#58576\u003c/a\u003e from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/6fc67e408f239384d26acabc34d287911af92dc8\"\u003e\u003ccode\u003e6fc67e4\u003c/code\u003e\u003c/a\u003e Replace CHECK with returning an InternalError on failing to create python tuple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/5dbe90ad21068007cbc31a56e8ed514ec27e0b26\"\u003e\u003ccode\u003e5dbe90a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58570\"\u003e#58570\u003c/a\u003e from tensorflow/r2.9-7b174a0f2e4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tensorflow/tensorflow/compare/v2.2.0...v2.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow\u0026package-manager=pip\u0026previous-version=2.2.0\u0026new-version=2.9.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language\n- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language\n- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language\n- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language\n\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Hyacinth-YX/bili_analyze/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Hyacinth-YX/bili_analyze/pull/35","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hyacinth-YX%2Fbili_analyze/issues/35","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/35/packages"}],"issue_packages":[{"old_version":"2.11.0","new_version":"2.11.1","update_type":"patch","path":null,"pr_created_at":"2023-12-26T14:31:50.000Z","version_change":"2.11.0 → 2.11.1","issue":{"uuid":"1657291650","node_id":"PR_kwDOJL5CUs5iyEOC","number":3,"state":"closed","title":"Bump tensorflow from 2.11.0 to 2.11.1","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-27T23:31:58.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2023-12-26T14:31:50.000Z","updated_at":"2025-05-27T23:31:58.000Z","time_to_close":44787608,"merged_at":"2025-05-27T23:31:58.000Z","merged_by":"AsmaZgo","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"tensorflow","old_version":"2.11.0","new_version":"2.11.1","repository_url":"https://github.com/tensorflow/tensorflow"}],"path":null,"ecosystem":"cocoapods"},"body":"Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.11.0 to 2.11.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003etensorflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTensorFlow 2.11.1\u003c/h2\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md\"\u003etensorflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a3e2c692c18649329c4210cf8df2487d2028e267\"\u003e\u003ccode\u003ea3e2c69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60016\"\u003e#60016\u003c/a\u003e from tensorflow/fix-relnotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/13b85dcf966d0c94b2e5c21291be039db2dec7b9\"\u003e\u003ccode\u003e13b85dc\u003c/code\u003e\u003c/a\u003e Fix release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/48b18dbf1301f24be9f2f41189d318ce5398540a\"\u003e\u003ccode\u003e48b18db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60014\"\u003e#60014\u003c/a\u003e from tensorflow/disable-test-that-ooms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/eea48f50d6982879909bf8e0d0151bbce3f9bf4a\"\u003e\u003ccode\u003eeea48f5\u003c/code\u003e\u003c/a\u003e Disable a test that results in OOM+segfault\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a63258434247784605986cfc2b43cb3be846cf8a\"\u003e\u003ccode\u003ea632584\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60000\"\u003e#60000\u003c/a\u003e from tensorflow/venkat-patch-3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/93dea7a67df44bde557e580dfdcde5ba0a7a344d\"\u003e\u003ccode\u003e93dea7a\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a2ba9f16f0154bf93f21132878b154238d89fad6\"\u003e\u003ccode\u003ea2ba9f1\u003c/code\u003e\u003c/a\u003e Updating Release.md with Legal Language for Release Notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/fae41c76bdc760454b3e5c1d3af9b8d5a5c6c548\"\u003e\u003ccode\u003efae41c7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59998\"\u003e#59998\u003c/a\u003e from tensorflow/fix-bad-cherrypick-again\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/2757416dcd4a2d00ea36512c2ffd347030c1196b\"\u003e\u003ccode\u003e2757416\u003c/code\u003e\u003c/a\u003e Fix bad cherrypick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/c78616f4b00125c8a563e10ce6b76bea8070bdd0\"\u003e\u003ccode\u003ec78616f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59992\"\u003e#59992\u003c/a\u003e from tensorflow/fix-2.11-build\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tensorflow/tensorflow/compare/v2.11.0...v2.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow\u0026package-manager=pip\u0026previous-version=2.11.0\u0026new-version=2.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AsmaZgo/ComputerVisionDigitsClassification/network/alerts).\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/AsmaZgo/ComputerVisionDigitsClassification/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AsmaZgo%2FComputerVisionDigitsClassification/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.7.2","new_version":"2.11.1","update_type":"minor","path":"/ai/tensorflow","pr_created_at":"2023-03-25T01:29:17.000Z","version_change":"2.7.2 → 2.11.1","issue":{"uuid":"1640304332","node_id":"PR_kwDOB8hV_s5M4bJx","number":21,"state":"closed","title":"Bump tensorflow from 2.7.2 to 2.11.1 in /ai/tensorflow","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-17T00:04:59.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2023-03-25T01:29:17.000Z","updated_at":"2025-05-17T00:05:02.000Z","time_to_close":67732542,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"tensorflow","old_version":"2.7.2","new_version":"2.11.1","repository_url":"https://github.com/tensorflow/tensorflow"}],"path":"/ai/tensorflow","ecosystem":"cocoapods"},"body":"Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.7.2 to 2.11.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003etensorflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTensorFlow 2.11.1\u003c/h2\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTensorFlow 2.11.0\u003c/h2\u003e\n\u003ch1\u003eRelease 2.11.0\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e base class now points to the new Keras optimizer, while the old optimizers have been moved to the \u003ccode\u003etf.keras.optimizers.legacy\u003c/code\u003e namespace.\u003c/p\u003e\n\u003cp\u003eIf you find your workflow failing due to this change, you may be facing one of the following issues:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCheckpoint loading failure.\u003c/strong\u003e The new optimizer handles optimizer state differently from the old optimizer, which simplifies the logic of checkpoint saving/loading, but at the cost of breaking checkpoint backward compatibility in some cases. If you want to keep using an old checkpoint, please change your optimizer to \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e (e.g. \u003ccode\u003etf.keras.optimizer.legacy.Adam\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTF1 compatibility.\u003c/strong\u003e The new optimizer, \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e, does not support TF1 any more, so please use the legacy optimizer \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e. We highly recommend \u003ca href=\"https://www.tensorflow.org/guide/migrate\"\u003emigrating your workflow to TF2\u003c/a\u003e for stable support and new features.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOld optimizer API not found.\u003c/strong\u003e The new optimizer, \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e, has a different set of public APIs from the old optimizer. These API changes are mostly related to getting rid of slot variables and TF1 support. Please check the API documentation to find alternatives to the missing API. If you must call the deprecated API, please change your optimizer to the legacy optimizer.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLearning rate schedule access.\u003c/strong\u003e When using a \u003ccode\u003etf.keras.optimizers.schedules.LearningRateSchedule\u003c/code\u003e, the new optimizer's \u003ccode\u003elearning_rate\u003c/code\u003e property returns the current learning rate value instead of a \u003ccode\u003eLearningRateSchedule\u003c/code\u003e object as before. If you need to access the \u003ccode\u003eLearningRateSchedule\u003c/code\u003e object, please use \u003ccode\u003eoptimizer._learning_rate\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIf you implemented a custom optimizer based on the old optimizer.\u003c/strong\u003e Please set your optimizer to subclass \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e. If you want to migrate to the new optimizer and find it does not support your optimizer, please file an issue in the \u003ca href=\"https://github.com/keras-team/keras/issues\"\u003eKeras GitHub repo\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eErrors, such as \u003ccode\u003eCannot recognize variable...\u003c/code\u003e.\u003c/strong\u003e The new optimizer requires all optimizer variables to be created at the first \u003ccode\u003eapply_gradients()\u003c/code\u003e or \u003ccode\u003eminimize()\u003c/code\u003e call. If your workflow calls the optimizer to update different parts of the model in multiple stages, please call \u003ccode\u003eoptimizer.build(model.trainable_variables)\u003c/code\u003e before the training loop.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTimeout or performance loss.\u003c/strong\u003e We don't anticipate this to happen, but if you see such issues, please use the legacy optimizer, and file an issue in the Keras GitHub repo.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe old Keras optimizer will never be deleted, but will not see any new feature additions. New optimizers (for example, \u003ccode\u003etf.keras.optimizers.Adafactor\u003c/code\u003e) will only be implemented based on the new \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e base class.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003etensorflow/python/keras\u003c/code\u003e code is a legacy copy of Keras since the TensorFlow v2.7 release, and will be deleted in the v2.12 release. Please remove any import of \u003ccode\u003etensorflow.python.keras\u003c/code\u003e and use the public API with \u003ccode\u003efrom tensorflow import keras\u003c/code\u003e or \u003ccode\u003eimport tensorflow as tf; tf.keras\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMajor Features and Improvements\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md\"\u003etensorflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eRelease 2.11.0\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e now points to the new Keras optimizer, and\nold optimizers have moved to the \u003ccode\u003etf.keras.optimizers.legacy\u003c/code\u003e namespace.\nIf you find your workflow failing due to this change,\nyou may be facing one of the following issues:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCheckpoint loading failure.\u003c/strong\u003e The new optimizer handles optimizer\nstate differently from the old optimizer, which simplies the logic of\ncheckpoint saving/loading, but at the cost of breaking checkpoint\nbackward compatibility in some cases. If you want to keep using an old\ncheckpoint, please change your optimizer to\n\u003ccode\u003etf.keras.optimizers.legacy.XXX\u003c/code\u003e (e.g.\n\u003ccode\u003etf.keras.optimizers.legacy.Adam\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTF1 compatibility.\u003c/strong\u003e The new optimizer does not support TF1 any more,\nso please use the legacy optimizer \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e.\nWe highly recommend to migrate your workflow to TF2 for stable\nsupport and new features.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAPI not found.\u003c/strong\u003e The new optimizer has a different set of public APIs\nfrom the old optimizer. These API changes are mostly related to\ngetting rid of slot variables and TF1 support. Please check the API\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a3e2c692c18649329c4210cf8df2487d2028e267\"\u003e\u003ccode\u003ea3e2c69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60016\"\u003e#60016\u003c/a\u003e from tensorflow/fix-relnotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/13b85dcf966d0c94b2e5c21291be039db2dec7b9\"\u003e\u003ccode\u003e13b85dc\u003c/code\u003e\u003c/a\u003e Fix release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/48b18dbf1301f24be9f2f41189d318ce5398540a\"\u003e\u003ccode\u003e48b18db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60014\"\u003e#60014\u003c/a\u003e from tensorflow/disable-test-that-ooms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/eea48f50d6982879909bf8e0d0151bbce3f9bf4a\"\u003e\u003ccode\u003eeea48f5\u003c/code\u003e\u003c/a\u003e Disable a test that results in OOM+segfault\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a63258434247784605986cfc2b43cb3be846cf8a\"\u003e\u003ccode\u003ea632584\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60000\"\u003e#60000\u003c/a\u003e from tensorflow/venkat-patch-3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/93dea7a67df44bde557e580dfdcde5ba0a7a344d\"\u003e\u003ccode\u003e93dea7a\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a2ba9f16f0154bf93f21132878b154238d89fad6\"\u003e\u003ccode\u003ea2ba9f1\u003c/code\u003e\u003c/a\u003e Updating Release.md with Legal Language for Release Notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/fae41c76bdc760454b3e5c1d3af9b8d5a5c6c548\"\u003e\u003ccode\u003efae41c7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59998\"\u003e#59998\u003c/a\u003e from tensorflow/fix-bad-cherrypick-again\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/2757416dcd4a2d00ea36512c2ffd347030c1196b\"\u003e\u003ccode\u003e2757416\u003c/code\u003e\u003c/a\u003e Fix bad cherrypick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/c78616f4b00125c8a563e10ce6b76bea8070bdd0\"\u003e\u003ccode\u003ec78616f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59992\"\u003e#59992\u003c/a\u003e from tensorflow/fix-2.11-build\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tensorflow/tensorflow/compare/v2.7.2...v2.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow\u0026package-manager=pip\u0026previous-version=2.7.2\u0026new-version=2.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gitbuda/education/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/gitbuda/education/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitbuda%2Feducation/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"}},{"old_version":"2.5.1","new_version":"2.11.1","update_type":"minor","path":null,"pr_created_at":"2023-03-25T01:10:30.000Z","version_change":"2.5.1 → 2.11.1","issue":{"uuid":"1289845760","node_id":"PR_kwDODCqOwc5M4XwA","number":13,"state":"closed","title":"Bump tensorflow from 2.5.1 to 2.11.1","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-31T05:42:35.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2023-03-25T01:10:30.000Z","updated_at":"2025-05-31T05:42:35.000Z","time_to_close":68963525,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"tensorflow","old_version":"2.5.1","new_version":"2.11.1","repository_url":"https://github.com/tensorflow/tensorflow"}],"path":null,"ecosystem":"cocoapods"},"body":"Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.5.1 to 2.11.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003etensorflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTensorFlow 2.11.1\u003c/h2\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTensorFlow 2.11.0\u003c/h2\u003e\n\u003ch1\u003eRelease 2.11.0\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e base class now points to the new Keras optimizer, while the old optimizers have been moved to the \u003ccode\u003etf.keras.optimizers.legacy\u003c/code\u003e namespace.\u003c/p\u003e\n\u003cp\u003eIf you find your workflow failing due to this change, you may be facing one of the following issues:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCheckpoint loading failure.\u003c/strong\u003e The new optimizer handles optimizer state differently from the old optimizer, which simplifies the logic of checkpoint saving/loading, but at the cost of breaking checkpoint backward compatibility in some cases. If you want to keep using an old checkpoint, please change your optimizer to \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e (e.g. \u003ccode\u003etf.keras.optimizer.legacy.Adam\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTF1 compatibility.\u003c/strong\u003e The new optimizer, \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e, does not support TF1 any more, so please use the legacy optimizer \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e. We highly recommend \u003ca href=\"https://www.tensorflow.org/guide/migrate\"\u003emigrating your workflow to TF2\u003c/a\u003e for stable support and new features.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOld optimizer API not found.\u003c/strong\u003e The new optimizer, \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e, has a different set of public APIs from the old optimizer. These API changes are mostly related to getting rid of slot variables and TF1 support. Please check the API documentation to find alternatives to the missing API. If you must call the deprecated API, please change your optimizer to the legacy optimizer.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLearning rate schedule access.\u003c/strong\u003e When using a \u003ccode\u003etf.keras.optimizers.schedules.LearningRateSchedule\u003c/code\u003e, the new optimizer's \u003ccode\u003elearning_rate\u003c/code\u003e property returns the current learning rate value instead of a \u003ccode\u003eLearningRateSchedule\u003c/code\u003e object as before. If you need to access the \u003ccode\u003eLearningRateSchedule\u003c/code\u003e object, please use \u003ccode\u003eoptimizer._learning_rate\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIf you implemented a custom optimizer based on the old optimizer.\u003c/strong\u003e Please set your optimizer to subclass \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e. If you want to migrate to the new optimizer and find it does not support your optimizer, please file an issue in the \u003ca href=\"https://github.com/keras-team/keras/issues\"\u003eKeras GitHub repo\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eErrors, such as \u003ccode\u003eCannot recognize variable...\u003c/code\u003e.\u003c/strong\u003e The new optimizer requires all optimizer variables to be created at the first \u003ccode\u003eapply_gradients()\u003c/code\u003e or \u003ccode\u003eminimize()\u003c/code\u003e call. If your workflow calls the optimizer to update different parts of the model in multiple stages, please call \u003ccode\u003eoptimizer.build(model.trainable_variables)\u003c/code\u003e before the training loop.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTimeout or performance loss.\u003c/strong\u003e We don't anticipate this to happen, but if you see such issues, please use the legacy optimizer, and file an issue in the Keras GitHub repo.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe old Keras optimizer will never be deleted, but will not see any new feature additions. New optimizers (for example, \u003ccode\u003etf.keras.optimizers.Adafactor\u003c/code\u003e) will only be implemented based on the new \u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e base class.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003etensorflow/python/keras\u003c/code\u003e code is a legacy copy of Keras since the TensorFlow v2.7 release, and will be deleted in the v2.12 release. Please remove any import of \u003ccode\u003etensorflow.python.keras\u003c/code\u003e and use the public API with \u003ccode\u003efrom tensorflow import keras\u003c/code\u003e or \u003ccode\u003eimport tensorflow as tf; tf.keras\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMajor Features and Improvements\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md\"\u003etensorflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 2.11.1\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself \u003ca href=\"https://github.com/tensorflow/tensorflow#patching-guidelines\"\u003esteps\u003c/a\u003e. You can refer to the \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003erelease notes\u003c/a\u003e of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release also introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an FPE in TFLite in conv kernel \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27579\"\u003eCVE-2023-27579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a double free in Fractional(Max/Avg)Pool \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25801\"\u003eCVE-2023-25801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a null dereference on ParallelConcat with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25676\"\u003eCVE-2023-25676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault in Bincount with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25675\"\u003eCVE-2023-25675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in RandomShuffle with XLA enable \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25674\"\u003eCVE-2023-25674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in TensorListSplit with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25673\"\u003eCVE-2023-25673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes segmentation fault in tfg-translate \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25671\"\u003eCVE-2023-25671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in QuantizedMatMulWithBiasAndDequantize \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25670\"\u003eCVE-2023-25670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AvgPoolGrad with XLA \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25669\"\u003eCVE-2023-25669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25668\"\u003eCVE-2023-25668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a segfault when opening multiframe gif \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25667\"\u003eCVE-2023-25667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an NPE in SparseSparseMaximum \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25665\"\u003eCVE-2023-25665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes an FPE in AudioSpectrogram \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25666\"\u003eCVE-2023-25666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a heap-buffer-overflow in AvgPoolGrad  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25664\"\u003eCVE-2023-25664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a NPE in TensorArrayConcatV2  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25663\"\u003eCVE-2023-25663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Integer overflow in EditDistance  \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25662\"\u003eCVE-2023-25662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a Seg fault in \u003ccode\u003etf.raw_ops.Print\u003c/code\u003e \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25660\"\u003eCVE-2023-25660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB read in DynamicStitch \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25659\"\u003eCVE-2023-25659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a OOB Read in GRUBlockCellGrad \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25658\"\u003eCVE-2023-25658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eRelease 2.11.0\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003etf.keras.optimizers.Optimizer\u003c/code\u003e now points to the new Keras optimizer, and\nold optimizers have moved to the \u003ccode\u003etf.keras.optimizers.legacy\u003c/code\u003e namespace.\nIf you find your workflow failing due to this change,\nyou may be facing one of the following issues:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCheckpoint loading failure.\u003c/strong\u003e The new optimizer handles optimizer\nstate differently from the old optimizer, which simplies the logic of\ncheckpoint saving/loading, but at the cost of breaking checkpoint\nbackward compatibility in some cases. If you want to keep using an old\ncheckpoint, please change your optimizer to\n\u003ccode\u003etf.keras.optimizers.legacy.XXX\u003c/code\u003e (e.g.\n\u003ccode\u003etf.keras.optimizers.legacy.Adam\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTF1 compatibility.\u003c/strong\u003e The new optimizer does not support TF1 any more,\nso please use the legacy optimizer \u003ccode\u003etf.keras.optimizer.legacy.XXX\u003c/code\u003e.\nWe highly recommend to migrate your workflow to TF2 for stable\nsupport and new features.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAPI not found.\u003c/strong\u003e The new optimizer has a different set of public APIs\nfrom the old optimizer. These API changes are mostly related to\ngetting rid of slot variables and TF1 support. Please check the API\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a3e2c692c18649329c4210cf8df2487d2028e267\"\u003e\u003ccode\u003ea3e2c69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60016\"\u003e#60016\u003c/a\u003e from tensorflow/fix-relnotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/13b85dcf966d0c94b2e5c21291be039db2dec7b9\"\u003e\u003ccode\u003e13b85dc\u003c/code\u003e\u003c/a\u003e Fix release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/48b18dbf1301f24be9f2f41189d318ce5398540a\"\u003e\u003ccode\u003e48b18db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60014\"\u003e#60014\u003c/a\u003e from tensorflow/disable-test-that-ooms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/eea48f50d6982879909bf8e0d0151bbce3f9bf4a\"\u003e\u003ccode\u003eeea48f5\u003c/code\u003e\u003c/a\u003e Disable a test that results in OOM+segfault\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a63258434247784605986cfc2b43cb3be846cf8a\"\u003e\u003ccode\u003ea632584\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/60000\"\u003e#60000\u003c/a\u003e from tensorflow/venkat-patch-3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/93dea7a67df44bde557e580dfdcde5ba0a7a344d\"\u003e\u003ccode\u003e93dea7a\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a2ba9f16f0154bf93f21132878b154238d89fad6\"\u003e\u003ccode\u003ea2ba9f1\u003c/code\u003e\u003c/a\u003e Updating Release.md with Legal Language for Release Notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/fae41c76bdc760454b3e5c1d3af9b8d5a5c6c548\"\u003e\u003ccode\u003efae41c7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59998\"\u003e#59998\u003c/a\u003e from tensorflow/fix-bad-cherrypick-again\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/2757416dcd4a2d00ea36512c2ffd347030c1196b\"\u003e\u003ccode\u003e2757416\u003c/code\u003e\u003c/a\u003e Fix bad cherrypick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/c78616f4b00125c8a563e10ce6b76bea8070bdd0\"\u003e\u003ccode\u003ec78616f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tensorflow/tensorflow/issues/59992\"\u003e#59992\u003c/a\u003e from tensorflow/fix-2.11-build\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tensorflow/tensorflow/compare/v2.5.1...v2.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow\u0026package-manager=pip\u0026previous-version=2.5.1\u0026new-version=2.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/PratikSavla/aio-bot/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/PratikSavla/aio-bot/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PratikSavla%2Faio-bot/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"2.5.3","new_version":"2.9.3","update_type":"minor","path":"/project/uncertainty-adversarial-paper","pr_created_at":"2022-11-21T23:30:28.000Z","version_change":"2.5.3 → 2.9.3","issue":{"uuid":"1130771262","node_id":"PR_kwDOD6H1H85DZjM-","number":30,"state":"closed","title":"Bump tensorflow from 2.5.3 to 2.9.3 in /project/uncertainty-adversarial-paper","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-16T17:54:57.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2022-11-21T23:30:28.000Z","updated_at":"2025-05-16T17:54:57.000Z","time_to_close":78344669,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"tensorflow","old_version":"2.5.3","new_version":"2.9.3","repository_url":"https://github.com/tensorflow/tensorflow"}],"path":"/project/uncertainty-adversarial-paper","ecosystem":"cocoapods"},"body":"Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.5.3 to 2.9.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003etensorflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTensorFlow 2.9.3\u003c/h2\u003e\n\u003ch1\u003eRelease 2.9.3\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003etf.keras.losses.poisson\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887\"\u003eCVE-2022-41887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalAvgPool\u003c/code\u003e and \u003ccode\u003eFractionalMaxPool\u003c/code\u003e(\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900\"\u003eCVE-2022-41900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e in \u003ccode\u003eSparseMatrixNNZ\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901\"\u003eCVE-2022-41901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in grappler (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902\"\u003eCVE-2022-41902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eResizeNearestNeighborGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907\"\u003eCVE-2022-41907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003ePyFunc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908\"\u003eCVE-2022-41908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eCompositeTensorVariantToComponents\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909\"\u003eCVE-2022-41909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a invalid char to bool conversion in printing a tensor (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911\"\u003eCVE-2022-41911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap overflow in \u003ccode\u003eQuantizeAndDequantizeV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910\"\u003eCVE-2022-41910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e via missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eTensorListScatter\u003c/code\u003e and \u003ccode\u003eTensorListScatterV2\u003c/code\u003e in eager mode (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTensorFlow 2.9.2\u003c/h2\u003e\n\u003ch1\u003eRelease 2.9.2\u003c/h1\u003e\n\u003cp\u003eThis releases introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in tf.reshape caused by overflows (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35934\"\u003eCVE-2022-35934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB read in \u003ccode\u003eGather_nd\u003c/code\u003e op in TF Lite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35937\"\u003eCVE-2022-35937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eTensorListReserve\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35960\"\u003eCVE-2022-35960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in \u003ccode\u003eScatter_nd\u003c/code\u003e op in TF Lite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35939\"\u003eCVE-2022-35939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an integer overflow in \u003ccode\u003eRaggedRangeOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35940\"\u003eCVE-2022-35940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eAvgPoolOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35941\"\u003eCVE-2022-35941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eUnbatchGradOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35952\"\u003eCVE-2022-35952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault TFLite converter on per-channel quantized transposed convolutions (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36027\"\u003eCVE-2022-36027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eAvgPool3DGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35959\"\u003eCVE-2022-35959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eFractionalAvgPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35963\"\u003eCVE-2022-35963\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eBlockLSTMGradV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35964\"\u003eCVE-2022-35964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eLowerBound\u003c/code\u003e and \u003ccode\u003eUpperBound\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35965\"\u003eCVE-2022-35965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md\"\u003etensorflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 2.9.3\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003etf.keras.losses.poisson\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887\"\u003eCVE-2022-41887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalAvgPool\u003c/code\u003e and \u003ccode\u003eFractionalMaxPool\u003c/code\u003e(\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900\"\u003eCVE-2022-41900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e in \u003ccode\u003eSparseMatrixNNZ\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901\"\u003eCVE-2022-41901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in grappler (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902\"\u003eCVE-2022-41902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eResizeNearestNeighborGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907\"\u003eCVE-2022-41907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003ePyFunc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908\"\u003eCVE-2022-41908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eCompositeTensorVariantToComponents\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909\"\u003eCVE-2022-41909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a invalid char to bool conversion in printing a tensor (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911\"\u003eCVE-2022-41911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap overflow in \u003ccode\u003eQuantizeAndDequantizeV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910\"\u003eCVE-2022-41910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e via missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eTensorListScatter\u003c/code\u003e and \u003ccode\u003eTensorListScatterV2\u003c/code\u003e in eager mode (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eRelease 2.8.4\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a5ed5f39b675a1c6f315e0caf3ad4b38478fa571\"\u003e\u003ccode\u003ea5ed5f3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58584\"\u003e#58584\u003c/a\u003e from tensorflow/vinila21-patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/258f9a1251346d93e129c53f82d21732df6067f5\"\u003e\u003ccode\u003e258f9a1\u003c/code\u003e\u003c/a\u003e Update py_func.cc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/cd27cfb438b78a019ff8a215a9d6c58d10c062c3\"\u003e\u003ccode\u003ecd27cfb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58580\"\u003e#58580\u003c/a\u003e from tensorflow-jenkins/version-numbers-2.9.3-24474\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/3e75385ee6c9ef8f06d6848244e1421c603dd4a1\"\u003e\u003ccode\u003e3e75385\u003c/code\u003e\u003c/a\u003e Update version numbers to 2.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/bc72c39774b0a0cb38ed03e5ee09fa78103ed749\"\u003e\u003ccode\u003ebc72c39\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58482\"\u003e#58482\u003c/a\u003e from tensorflow-jenkins/relnotes-2.9.3-25695\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/3506c90f5ac0f471a6b1d60d4055b14ca3da170b\"\u003e\u003ccode\u003e3506c90\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/8dcb48e384cd3914458f3c494f1da878ae8dc6d5\"\u003e\u003ccode\u003e8dcb48e\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/4f34ec84994e63cf47c1d13748a404edd3d5a0d3\"\u003e\u003ccode\u003e4f34ec8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58576\"\u003e#58576\u003c/a\u003e from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/6fc67e408f239384d26acabc34d287911af92dc8\"\u003e\u003ccode\u003e6fc67e4\u003c/code\u003e\u003c/a\u003e Replace CHECK with returning an InternalError on failing to create python tuple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/5dbe90ad21068007cbc31a56e8ed514ec27e0b26\"\u003e\u003ccode\u003e5dbe90a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58570\"\u003e#58570\u003c/a\u003e from tensorflow/r2.9-7b174a0f2e4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tensorflow/tensorflow/compare/v2.5.3...v2.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow\u0026package-manager=pip\u0026previous-version=2.5.3\u0026new-version=2.9.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language\n- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language\n- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language\n- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language\n\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sourav22899/ee5111-estimation-theory/network/alerts).\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/sourav22899/ee5111-estimation-theory/pull/30","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourav22899%2Fee5111-estimation-theory/issues/30","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/30/packages"}},{"old_version":"2.2.0","new_version":"2.9.3","update_type":"minor","path":"/codes/analysis-visualization/analyze_pycode","pr_created_at":"2022-11-21T22:53:52.000Z","version_change":"2.2.0 → 2.9.3","issue":{"uuid":"1458712147","node_id":"PR_kwDOD9eIec5DZbH1","number":35,"state":"closed","title":"Bump tensorflow from 2.2.0 to 2.9.3 in /codes/analysis-visualization/analyze_pycode","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-25T07:37:07.000Z","author_association":"NONE","state_reason":null,"created_at":"2022-11-21T22:53:52.000Z","updated_at":"2025-05-25T07:37:10.000Z","time_to_close":79087395,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"tensorflow","old_version":"2.2.0","new_version":"2.9.3","repository_url":"https://github.com/tensorflow/tensorflow"}],"path":"/codes/analysis-visualization/analyze_pycode","ecosystem":"cocoapods"},"body":"Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.2.0 to 2.9.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/releases\"\u003etensorflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTensorFlow 2.9.3\u003c/h2\u003e\n\u003ch1\u003eRelease 2.9.3\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003etf.keras.losses.poisson\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887\"\u003eCVE-2022-41887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalAvgPool\u003c/code\u003e and \u003ccode\u003eFractionalMaxPool\u003c/code\u003e(\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900\"\u003eCVE-2022-41900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e in \u003ccode\u003eSparseMatrixNNZ\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901\"\u003eCVE-2022-41901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in grappler (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902\"\u003eCVE-2022-41902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eResizeNearestNeighborGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907\"\u003eCVE-2022-41907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003ePyFunc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908\"\u003eCVE-2022-41908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eCompositeTensorVariantToComponents\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909\"\u003eCVE-2022-41909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a invalid char to bool conversion in printing a tensor (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911\"\u003eCVE-2022-41911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap overflow in \u003ccode\u003eQuantizeAndDequantizeV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910\"\u003eCVE-2022-41910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e via missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eTensorListScatter\u003c/code\u003e and \u003ccode\u003eTensorListScatterV2\u003c/code\u003e in eager mode (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTensorFlow 2.9.2\u003c/h2\u003e\n\u003ch1\u003eRelease 2.9.2\u003c/h1\u003e\n\u003cp\u003eThis releases introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in tf.reshape caused by overflows (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35934\"\u003eCVE-2022-35934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB read in \u003ccode\u003eGather_nd\u003c/code\u003e op in TF Lite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35937\"\u003eCVE-2022-35937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eTensorListReserve\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35960\"\u003eCVE-2022-35960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in \u003ccode\u003eScatter_nd\u003c/code\u003e op in TF Lite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35939\"\u003eCVE-2022-35939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an integer overflow in \u003ccode\u003eRaggedRangeOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35940\"\u003eCVE-2022-35940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eAvgPoolOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35941\"\u003eCVE-2022-35941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eUnbatchGradOp\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35952\"\u003eCVE-2022-35952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault TFLite converter on per-channel quantized transposed convolutions (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36027\"\u003eCVE-2022-36027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eAvgPool3DGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35959\"\u003eCVE-2022-35959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failures in \u003ccode\u003eFractionalAvgPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35963\"\u003eCVE-2022-35963\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eBlockLSTMGradV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35964\"\u003eCVE-2022-35964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eLowerBound\u003c/code\u003e and \u003ccode\u003eUpperBound\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35965\"\u003eCVE-2022-35965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md\"\u003etensorflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease 2.9.3\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003etf.keras.losses.poisson\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887\"\u003eCVE-2022-41887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalAvgPool\u003c/code\u003e and \u003ccode\u003eFractionalMaxPool\u003c/code\u003e(\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900\"\u003eCVE-2022-41900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e in \u003ccode\u003eSparseMatrixNNZ\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901\"\u003eCVE-2022-41901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an OOB write in grappler (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902\"\u003eCVE-2022-41902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eResizeNearestNeighborGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907\"\u003eCVE-2022-41907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003ePyFunc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908\"\u003eCVE-2022-41908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eCompositeTensorVariantToComponents\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909\"\u003eCVE-2022-41909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a invalid char to bool conversion in printing a tensor (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911\"\u003eCVE-2022-41911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap overflow in \u003ccode\u003eQuantizeAndDequantizeV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910\"\u003eCVE-2022-41910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e failure in \u003ccode\u003eSobolSample\u003c/code\u003e via missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eTensorListScatter\u003c/code\u003e and \u003ccode\u003eTensorListScatterV2\u003c/code\u003e in eager mode (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935\"\u003eCVE-2022-35935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eRelease 2.8.4\u003c/h1\u003e\n\u003cp\u003eThis release introduces several vulnerability fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixes a heap OOB failure in \u003ccode\u003eThreadUnsafeUnigramCandidateSampler\u003c/code\u003e caused by missing validation (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880\"\u003eCVE-2022-41880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003endarray_tensor_bridge\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884\"\u003eCVE-2022-41884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eFusedResizeAndPadConv2D\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885\"\u003eCVE-2022-41885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a overflow in \u003ccode\u003eImageProjectiveTransformV2\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886\"\u003eCVE-2022-41886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an FPE in \u003ccode\u003etf.image.generate_bounding_box_proposals\u003c/code\u003e on GPU (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888\"\u003eCVE-2022-41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003epywrap_tfe_src\u003c/code\u003e caused by invalid attributes (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889\"\u003eCVE-2022-41889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eBCast\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890\"\u003eCVE-2022-41890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a segfault in \u003ccode\u003eTensorListConcat\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891\"\u003eCVE-2022-41891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK_EQ\u003c/code\u003e fail in \u003ccode\u003eTensorListResize\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893\"\u003eCVE-2022-41893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes an overflow in \u003ccode\u003eCONV_3D_TRANSPOSE\u003c/code\u003e on TFLite (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894\"\u003eCVE-2022-41894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eMirrorPadGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895\"\u003eCVE-2022-41895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a crash in \u003ccode\u003eMfcc\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896\"\u003eCVE-2022-41896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a heap OOB in \u003ccode\u003eFractionalMaxPoolGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897\"\u003eCVE-2022-41897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSparseFillEmptyRowsGrad\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898\"\u003eCVE-2022-41898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixes a \u003ccode\u003eCHECK\u003c/code\u003e fail in \u003ccode\u003eSdcaOptimizer\u003c/code\u003e (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899\"\u003eCVE-2022-41899\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/a5ed5f39b675a1c6f315e0caf3ad4b38478fa571\"\u003e\u003ccode\u003ea5ed5f3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58584\"\u003e#58584\u003c/a\u003e from tensorflow/vinila21-patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/258f9a1251346d93e129c53f82d21732df6067f5\"\u003e\u003ccode\u003e258f9a1\u003c/code\u003e\u003c/a\u003e Update py_func.cc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/cd27cfb438b78a019ff8a215a9d6c58d10c062c3\"\u003e\u003ccode\u003ecd27cfb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58580\"\u003e#58580\u003c/a\u003e from tensorflow-jenkins/version-numbers-2.9.3-24474\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/3e75385ee6c9ef8f06d6848244e1421c603dd4a1\"\u003e\u003ccode\u003e3e75385\u003c/code\u003e\u003c/a\u003e Update version numbers to 2.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/bc72c39774b0a0cb38ed03e5ee09fa78103ed749\"\u003e\u003ccode\u003ebc72c39\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58482\"\u003e#58482\u003c/a\u003e from tensorflow-jenkins/relnotes-2.9.3-25695\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/3506c90f5ac0f471a6b1d60d4055b14ca3da170b\"\u003e\u003ccode\u003e3506c90\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/8dcb48e384cd3914458f3c494f1da878ae8dc6d5\"\u003e\u003ccode\u003e8dcb48e\u003c/code\u003e\u003c/a\u003e Update RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/4f34ec84994e63cf47c1d13748a404edd3d5a0d3\"\u003e\u003ccode\u003e4f34ec8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58576\"\u003e#58576\u003c/a\u003e from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/6fc67e408f239384d26acabc34d287911af92dc8\"\u003e\u003ccode\u003e6fc67e4\u003c/code\u003e\u003c/a\u003e Replace CHECK with returning an InternalError on failing to create python tuple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tensorflow/tensorflow/commit/5dbe90ad21068007cbc31a56e8ed514ec27e0b26\"\u003e\u003ccode\u003e5dbe90a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58570\"\u003e#58570\u003c/a\u003e from tensorflow/r2.9-7b174a0f2e4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tensorflow/tensorflow/compare/v2.2.0...v2.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow\u0026package-manager=pip\u0026previous-version=2.2.0\u0026new-version=2.9.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language\n- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language\n- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language\n- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language\n\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Hyacinth-YX/bili_analyze/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Hyacinth-YX/bili_analyze/pull/35","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hyacinth-YX%2Fbili_analyze/issues/35","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/35/packages"}}]}