• cefe0bf Release 6.3.0
• a534fb9 Release 6.3.0b0
• 87920c5 Add changelog for 6.3.0 (#1669)
• dd6d9c7 add slide numbering (#1654)
• 5d2c5e2 Update state filter (#1664)
• 11ea593 fix: avoid closing the script tag early by escaping a forward slash (#1665)
• 968c5fb Fix HTML templates mentioned in help docs (#1653)
• 35c4d07 Add a new output filter that excludes widgets if there is no state (#1643)
• c663c75 6.2.0
• fd1dd15 6.2.0rc2
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• cefe0bf Release 6.3.0
• a534fb9 Release 6.3.0b0
• 87920c5 Add changelog for 6.3.0 (#1669)
• dd6d9c7 add slide numbering (#1654)
• 5d2c5e2 Update state filter (#1664)
• 11ea593 fix: avoid closing the script tag early by escaping a forward slash (#1665)
• 968c5fb Fix HTML templates mentioned in help docs (#1653)
• 35c4d07 Add a new output filter that excludes widgets if there is no state (#1643)
• c663c75 6.2.0
• fd1dd15 6.2.0rc2
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tensorflow's releases.

TensorFlow 2.7.2

Release 2.7.2

This releases introduces several vulnerability fixes:

• Fixes a code injection in saved_model_cli (CVE-2022-29216)
• Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
• Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
• Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
• Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
• Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
• Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
• Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
• Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
• Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
• Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)
• Fixes a missing validation which results in undefined behavior in QuantizedConv2D (CVE-2022-29201)
• Fixes an integer overflow in SpaceToBatchND (CVE-2022-29203)
• Fixes a segfault and OOB write due to incomplete validation in EditDistance (CVE-2022-29208)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29204)
• Fixes a denial of service in tf.ragged.constant due to lack of validation (CVE-2022-29202)
• Fixes a segfault when tf.histogram_fixed_width is called with NaN values (CVE-2022-29211)
• Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)
• Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)
• Fixes a type confusion leading to CHECK-failure based denial of service (CVE-2022-29209)
• Updates curl to 7.83.1 to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115
• Updates zlib to 1.2.12 after 1.2.11 was pulled due to security issue

TensorFlow 2.7.1

Release 2.7.1

This releases introduces several vulnerability fixes:

• Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725)
• Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728)
• Fixes a heap OOB access in Dequantize (CVE-2022-21726)
• Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727)
• Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730)
• Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729)
• Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731)
• Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)
• Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733)
• Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208)
• Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567)
• Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568)

... (truncated)

Sourced from tensorflow's changelog.

Release 2.7.2

This releases introduces several vulnerability fixes:

• Fixes a code injection in saved_model_cli (CVE-2022-29216)
• Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
• Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
• Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
• Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
• Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
• Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
• Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
• Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
• Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
• Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)
• Fixes a missing validation which results in undefined behavior in QuantizedConv2D (CVE-2022-29201)
• Fixes an integer overflow in SpaceToBatchND (CVE-2022-29203)
• Fixes a segfault and OOB write due to incomplete validation in EditDistance (CVE-2022-29208)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29204)
• Fixes a denial of service in tf.ragged.constant due to lack of validation (CVE-2022-29202)
• Fixes a segfault when tf.histogram_fixed_width is called with NaN values (CVE-2022-29211)
• Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)
• Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)
• Fixes a type confusion leading to CHECK-failure based denial of service (CVE-2022-29209)
• Updates curl to 7.83.1 to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115
• Updates zlib to 1.2.12 after 1.2.11 was pulled due to security issue

Release 2.6.4

This releases introduces several vulnerability fixes:

• Fixes a code injection in saved_model_cli (CVE-2022-29216)
• Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
• Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
• Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
• Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
• Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
• Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
• Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
• Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
• Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
• Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)

... (truncated)

• dd7b8a3 Merge pull request #56034 from tensorflow-jenkins/relnotes-2.7.2-15779
• 1e7d6ea Update RELEASE.md
• 5085135 Merge pull request #56069 from tensorflow/mm-cp-52488e5072f6fe44411d70c6af09e...
• adafb45 Merge pull request #56060 from yongtang:curl-7.83.1
• 01cb1b8 Merge pull request #56038 from tensorflow-jenkins/version-numbers-2.7.2-4733
• 8c90c2f Update version numbers to 2.7.2
• 43f3cdc Update RELEASE.md
• 98b0a48 Insert release notes place-fill
• dfa5cf3 Merge pull request #56028 from tensorflow/disable-tests-on-r2.7
• 501a65c Disable timing out tests
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tensorflow's releases.

TensorFlow 2.7.2

Release 2.7.2

This releases introduces several vulnerability fixes:

• Fixes a code injection in saved_model_cli (CVE-2022-29216)
• Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
• Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
• Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
• Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
• Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
• Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
• Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
• Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
• Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
• Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)
• Fixes a missing validation which results in undefined behavior in QuantizedConv2D (CVE-2022-29201)
• Fixes an integer overflow in SpaceToBatchND (CVE-2022-29203)
• Fixes a segfault and OOB write due to incomplete validation in EditDistance (CVE-2022-29208)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29204)
• Fixes a denial of service in tf.ragged.constant due to lack of validation (CVE-2022-29202)
• Fixes a segfault when tf.histogram_fixed_width is called with NaN values (CVE-2022-29211)
• Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)
• Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)
• Fixes a type confusion leading to CHECK-failure based denial of service (CVE-2022-29209)
• Updates curl to 7.83.1 to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115
• Updates zlib to 1.2.12 after 1.2.11 was pulled due to security issue

TensorFlow 2.7.1

Release 2.7.1

This releases introduces several vulnerability fixes:

• Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725)
• Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728)
• Fixes a heap OOB access in Dequantize (CVE-2022-21726)
• Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727)
• Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730)
• Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729)
• Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731)
• Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)
• Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733)
• Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208)
• Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567)
• Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568)

... (truncated)

Sourced from tensorflow's changelog.

Release 2.7.2

This releases introduces several vulnerability fixes:

• Fixes a code injection in saved_model_cli (CVE-2022-29216)
• Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
• Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
• Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
• Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
• Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
• Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
• Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
• Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
• Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
• Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)
• Fixes a missing validation which results in undefined behavior in QuantizedConv2D (CVE-2022-29201)
• Fixes an integer overflow in SpaceToBatchND (CVE-2022-29203)
• Fixes a segfault and OOB write due to incomplete validation in EditDistance (CVE-2022-29208)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29204)
• Fixes a denial of service in tf.ragged.constant due to lack of validation (CVE-2022-29202)
• Fixes a segfault when tf.histogram_fixed_width is called with NaN values (CVE-2022-29211)
• Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)
• Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)
• Fixes a type confusion leading to CHECK-failure based denial of service (CVE-2022-29209)
• Updates curl to 7.83.1 to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115
• Updates zlib to 1.2.12 after 1.2.11 was pulled due to security issue

Release 2.6.4

This releases introduces several vulnerability fixes:

• Fixes a code injection in saved_model_cli (CVE-2022-29216)
• Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
• Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
• Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
• Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
• Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
• Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
• Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
• Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
• Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
• Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)

... (truncated)

• dd7b8a3 Merge pull request #56034 from tensorflow-jenkins/relnotes-2.7.2-15779
• 1e7d6ea Update RELEASE.md
• 5085135 Merge pull request #56069 from tensorflow/mm-cp-52488e5072f6fe44411d70c6af09e...
• adafb45 Merge pull request #56060 from yongtang:curl-7.83.1
• 01cb1b8 Merge pull request #56038 from tensorflow-jenkins/version-numbers-2.7.2-4733
• 8c90c2f Update version numbers to 2.7.2
• 43f3cdc Update RELEASE.md
• 98b0a48 Insert release notes place-fill
• dfa5cf3 Merge pull request #56028 from tensorflow/disable-tests-on-r2.7
• 501a65c Disable timing out tests
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tensorflow's releases.

TensorFlow 2.6.4

Release 2.6.4

This releases introduces several vulnerability fixes:

• Fixes a code injection in saved_model_cli (CVE-2022-29216)
• Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
• Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
• Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
• Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
• Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
• Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
• Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
• Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
• Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
• Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)
• Fixes a missing validation which results in undefined behavior in QuantizedConv2D (CVE-2022-29201)
• Fixes an integer overflow in SpaceToBatchND (CVE-2022-29203)
• Fixes a segfault and OOB write due to incomplete validation in EditDistance (CVE-2022-29208)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29204)
• Fixes a denial of service in tf.ragged.constant due to lack of validation (CVE-2022-29202)
• Fixes a segfault when tf.histogram_fixed_width is called with NaN values (CVE-2022-29211)
• Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)
• Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)
• Fixes a type confusion leading to CHECK-failure based denial of service (CVE-2022-29209)
• Updates curl to 7.83.1 to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115
• Updates zlib to 1.2.12 after 1.2.11 was pulled due to security issue

TensorFlow 2.6.3

Release 2.6.3

This releases introduces several vulnerability fixes:

• Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725)
• Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728)
• Fixes a heap OOB access in Dequantize (CVE-2022-21726)
• Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727)
• Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730)
• Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729)
• Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731)
• Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)
• Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733)
• Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208)
• Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567)
• Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568)
• Fixes a number of CHECK-failures in MapStage (CVE-2022-21734)

... (truncated)

Sourced from tensorflow's changelog.

Release 2.6.4

This releases introduces several vulnerability fixes:

• Fixes a code injection in saved_model_cli (CVE-2022-29216)
• Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
• Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
• Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
• Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
• Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
• Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
• Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
• Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
• Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
• Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)
• Fixes a missing validation which results in undefined behavior in QuantizedConv2D (CVE-2022-29201)
• Fixes an integer overflow in SpaceToBatchND (CVE-2022-29203)
• Fixes a segfault and OOB write due to incomplete validation in EditDistance (CVE-2022-29208)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29204)
• Fixes a denial of service in tf.ragged.constant due to lack of validation (CVE-2022-29202)
• Fixes a segfault when tf.histogram_fixed_width is called with NaN values (CVE-2022-29211)
• Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)
• Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)
• Fixes a type confusion leading to CHECK-failure based denial of service (CVE-2022-29209)
• Updates curl to 7.83.1 to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115
• Updates zlib to 1.2.12 after 1.2.11 was pulled due to security issue

Release 2.8.0

Major Features and Improvements

• tf.lite:

  • Added TFLite builtin op support for the following TF ops:
    • tf.raw_ops.Bucketize op on CPU.
    • tf.where op for data types tf.int32/tf.uint32/tf.int8/tf.uint8/tf.int64.
    • tf.random.normal op for output data type tf.float32 on CPU.
    • tf.random.uniform op for output data type tf.float32 on CPU.
    • tf.random.categorical op for output data type tf.int64 on CPU.

• tensorflow.experimental.tensorrt:

  • conversion_params is now deprecated inside TrtGraphConverterV2 in favor of direct arguments: max_workspace_size_bytes, precision_mode, minimum_segment_size, maximum_cached_engines, use_calibration and

... (truncated)

• 33ed2b1 Merge pull request #56102 from tensorflow/mihaimaruseac-patch-1
• e1ec480 Fix build due to importlib-metadata/setuptools
• 63f211c Merge pull request #56033 from tensorflow-jenkins/relnotes-2.6.4-6677
• 22b8fe4 Update RELEASE.md
• ec30684 Merge pull request #56070 from tensorflow/mm-cp-adafb45c781-on-r2.6
• 38774ed Merge pull request #56060 from yongtang:curl-7.83.1
• 9ef1604 Merge pull request #56036 from tensorflow-jenkins/version-numbers-2.6.4-9925
• a6526a3 Update version numbers to 2.6.4
• cb1a481 Update RELEASE.md
• 4da550f Insert release notes place-fill
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tensorflow's releases.

TensorFlow 2.6.4

Release 2.6.4

This releases introduces several vulnerability fixes:

• Fixes a code injection in saved_model_cli (CVE-2022-29216)
• Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
• Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
• Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
• Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
• Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
• Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
• Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
• Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
• Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
• Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)
• Fixes a missing validation which results in undefined behavior in QuantizedConv2D (CVE-2022-29201)
• Fixes an integer overflow in SpaceToBatchND (CVE-2022-29203)
• Fixes a segfault and OOB write due to incomplete validation in EditDistance (CVE-2022-29208)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29204)
• Fixes a denial of service in tf.ragged.constant due to lack of validation (CVE-2022-29202)
• Fixes a segfault when tf.histogram_fixed_width is called with NaN values (CVE-2022-29211)
• Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)
• Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)
• Fixes a type confusion leading to CHECK-failure based denial of service (CVE-2022-29209)
• Updates curl to 7.83.1 to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115
• Updates zlib to 1.2.12 after 1.2.11 was pulled due to security issue

TensorFlow 2.6.3

Release 2.6.3

This releases introduces several vulnerability fixes:

• Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725)
• Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728)
• Fixes a heap OOB access in Dequantize (CVE-2022-21726)
• Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727)
• Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730)
• Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729)
• Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731)
• Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)
• Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733)
• Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208)
• Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567)
• Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568)
• Fixes a number of CHECK-failures in MapStage (CVE-2022-21734)

... (truncated)

Sourced from tensorflow's changelog.

Release 2.6.4

This releases introduces several vulnerability fixes:

• Fixes a code injection in saved_model_cli (CVE-2022-29216)
• Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)
• Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)
• Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)
• Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)
• Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)
• Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)
• Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)
• Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)
• Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)
• Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)
• Fixes a missing validation which results in undefined behavior in QuantizedConv2D (CVE-2022-29201)
• Fixes an integer overflow in SpaceToBatchND (CVE-2022-29203)
• Fixes a segfault and OOB write due to incomplete validation in EditDistance (CVE-2022-29208)
• Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29204)
• Fixes a denial of service in tf.ragged.constant due to lack of validation (CVE-2022-29202)
• Fixes a segfault when tf.histogram_fixed_width is called with NaN values (CVE-2022-29211)
• Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)
• Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)
• Fixes a type confusion leading to CHECK-failure based denial of service (CVE-2022-29209)
• Updates curl to 7.83.1 to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115
• Updates zlib to 1.2.12 after 1.2.11 was pulled due to security issue

Release 2.8.0

Major Features and Improvements

• tf.lite:

  • Added TFLite builtin op support for the following TF ops:
    • tf.raw_ops.Bucketize op on CPU.
    • tf.where op for data types tf.int32/tf.uint32/tf.int8/tf.uint8/tf.int64.
    • tf.random.normal op for output data type tf.float32 on CPU.
    • tf.random.uniform op for output data type tf.float32 on CPU.
    • tf.random.categorical op for output data type tf.int64 on CPU.

• tensorflow.experimental.tensorrt:

  • conversion_params is now deprecated inside TrtGraphConverterV2 in favor of direct arguments: max_workspace_size_bytes, precision_mode, minimum_segment_size, maximum_cached_engines, use_calibration and

... (truncated)

• 33ed2b1 Merge pull request #56102 from tensorflow/mihaimaruseac-patch-1
• e1ec480 Fix build due to importlib-metadata/setuptools
• 63f211c Merge pull request #56033 from tensorflow-jenkins/relnotes-2.6.4-6677
• 22b8fe4 Update RELEASE.md
• ec30684 Merge pull request #56070 from tensorflow/mm-cp-adafb45c781-on-r2.6
• 38774ed Merge pull request #56060 from yongtang:curl-7.83.1
• 9ef1604 Merge pull request #56036 from tensorflow-jenkins/version-numbers-2.6.4-9925
• a6526a3 Update version numbers to 2.6.4
• cb1a481 Update RELEASE.md
• 4da550f Insert release notes place-fill
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from protobuf's releases.

Protocol Buffers v3.15.0

Protocol Compiler

• Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag.

C++

• MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields
• Use init_seg in MSVC to push initialization to an earlier phase.
• Runtime no longer triggers -Wsign-compare warnings.
• Fixed -Wtautological-constant-out-of-range-compare warning.
• DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
• Arena is refactored and optimized.
• Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests.
• Change the signature of Any::PackFrom() to return false on error.
• Add fast reflection getter API for strings.
• Constant initialize the global message instances
• Avoid potential for missed wakeup in UnknownFieldSet
• Now Proto3 Oneof fields have "has" methods for checking their presence in C++.
• Bugfix for NVCC
• Return early in _InternalSerialize for empty maps.
• Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter.
• Fixed protocolbuffers/protobuf#8129
• Ensure that null char symbol, package and file names do not result in a crash.
• Constant initialize the global message instances
• Pretty print 'max' instead of numeric values in reserved ranges.
• Removed remaining instances of std::is_pod, which is deprecated in C++20.
• Changes to reduce code size for unknown field handling by making uncommon cases out of line.
• Fix std::is_pod deprecated in C++20 (#7180)
• Fix some -Wunused-parameter warnings (#8053)
• Fix detecting file as directory on zOS issue #8051 (#8052)
• Don't include sys/param.h for _BYTE_ORDER (#8106)
• remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
• Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
• Fix for compiler warning issue#8145 (#8160)
• fix: support deprecated enums for GCC < 6 (#8164)
• Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)

Python

• Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer.
• MessageFactory.CreateProtoype can be overridden to customize class creation.

... (truncated)

• ae50d9b Update protobuf version
• 8260126 Update protobuf version
• c741c46 Resovled issue in the .pb.cc files
• eef2764 Resolved an issue where NO_DESTROY and CONSTINIT were in incorrect order
• 0040102 Updated collect_all_artifacts.sh for Ubuntu Xenial
• 26cb6a7 Delete root-owned files in Kokoro builds
• 1e924ef Update port_def.inc
• 9a80cf1 Update coded_stream.h
• a97c4f4 Merge pull request #8276 from haberman/php-warning
• 44cd75d Merge pull request #8282 from haberman/changelog
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from protobuf's releases.

Protocol Buffers v3.15.0

Protocol Compiler

• Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag.

C++

• MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields
• Use init_seg in MSVC to push initialization to an earlier phase.
• Runtime no longer triggers -Wsign-compare warnings.
• Fixed -Wtautological-constant-out-of-range-compare warning.
• DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
• Arena is refactored and optimized.
• Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests.
• Change the signature of Any::PackFrom() to return false on error.
• Add fast reflection getter API for strings.
• Constant initialize the global message instances
• Avoid potential for missed wakeup in UnknownFieldSet
• Now Proto3 Oneof fields have "has" methods for checking their presence in C++.
• Bugfix for NVCC
• Return early in _InternalSerialize for empty maps.
• Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter.
• Fixed protocolbuffers/protobuf#8129
• Ensure that null char symbol, package and file names do not result in a crash.
• Constant initialize the global message instances
• Pretty print 'max' instead of numeric values in reserved ranges.
• Removed remaining instances of std::is_pod, which is deprecated in C++20.
• Changes to reduce code size for unknown field handling by making uncommon cases out of line.
• Fix std::is_pod deprecated in C++20 (#7180)
• Fix some -Wunused-parameter warnings (#8053)
• Fix detecting file as directory on zOS issue #8051 (#8052)
• Don't include sys/param.h for _BYTE_ORDER (#8106)
• remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
• Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
• Fix for compiler warning issue#8145 (#8160)
• fix: support deprecated enums for GCC < 6 (#8164)
• Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)

Python

• Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer.
• MessageFactory.CreateProtoype can be overridden to customize class creation.

... (truncated)

• ae50d9b Update protobuf version
• 8260126 Update protobuf version
• c741c46 Resovled issue in the .pb.cc files
• eef2764 Resolved an issue where NO_DESTROY and CONSTINIT were in incorrect order
• 0040102 Updated collect_all_artifacts.sh for Ubuntu Xenial
• 26cb6a7 Delete root-owned files in Kokoro builds
• 1e924ef Update port_def.inc
• 9a80cf1 Update coded_stream.h
• a97c4f4 Merge pull request #8276 from haberman/php-warning
• 44cd75d Merge pull request #8282 from haberman/changelog
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tensorflow's releases.

TensorFlow 2.5.3

Release 2.5.3

Note: This is the last release in the 2.5 series.

This releases introduces several vulnerability fixes:

• Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725)
• Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728)
• Fixes a heap OOB access in Dequantize (CVE-2022-21726)
• Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727)
• Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730)
• Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729)
• Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731)
• Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)
• Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733)
• Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208)
• Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567)
• Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568)
• Fixes a number of CHECK-failures in MapStage (CVE-2022-21734)
• Fixes a division by zero in FractionalMaxPool (CVE-2022-21735)
• Fixes a number of CHECK-fails when building invalid/overflowing tensor shapes (CVE-2022-23569)
• Fixes an undefined behavior in SparseTensorSliceDataset (CVE-2022-21736)
• Fixes an assertion failure based denial of service via faulty bin count operations (CVE-2022-21737)
• Fixes a reference binding to null pointer in QuantizedMaxPool (CVE-2022-21739)
• Fixes an integer overflow leading to crash in SparseCountSparseOutput (CVE-2022-21738)
• Fixes a heap overflow in SparseCountSparseOutput (CVE-2022-21740)
• Fixes an FPE in BiasAndClamp in TFLite (CVE-2022-23557)
• Fixes an FPE in depthwise convolutions in TFLite (CVE-2022-21741)
• Fixes an integer overflow in TFLite array creation (CVE-2022-23558)
• Fixes an integer overflow in TFLite (CVE-2022-23559)
• Fixes a dangerous OOB write in TFLite (CVE-2022-23561)
• Fixes a vulnerability leading to read and write outside of bounds in TFLite (CVE-2022-23560)
• Fixes a set of vulnerabilities caused by using insecure temporary files (CVE-2022-23563)
• Fixes an integer overflow in Range resulting in undefined behavior and OOM (CVE-2022-23562)
• Fixes a vulnerability where missing validation causes tf.sparse.split to crash when axis is a tuple (CVE-2021-41206)
• Fixes a CHECK-fail when decoding resource handles from proto (CVE-2022-23564)
• Fixes a CHECK-fail with repeated AttrDef (CVE-2022-23565)
• Fixes a heap OOB write in Grappler (CVE-2022-23566)
• Fixes a CHECK-fail when decoding invalid tensors from proto (CVE-2022-23571)
• Fixes an unitialized variable access in AssignOp (CVE-2022-23573)
• Fixes an integer overflow in OpLevelCostEstimator::CalculateTensorSize (CVE-2022-23575)
• Fixes an integer overflow in OpLevelCostEstimator::CalculateOutputSize (CVE-2022-23576)
• Fixes a null dereference in GetInitOp (CVE-2022-23577)
• Fixes a memory leak when a graph node is invalid (CVE-2022-23578)
• Fixes an abort caused by allocating a vector that is too large (CVE-2022-23580)
• Fixes multiple CHECK-failures during Grappler's IsSimplifiableReshape (CVE-2022-23581)
• Fixes multiple CHECK-failures during Grappler's SafeToRemoveIdentity (CVE-2022-23579)
• Fixes multiple CHECK-failures in TensorByteSize (CVE-2022-23582)
• Fixes multiple CHECK-failures in binary ops due to type confusion (CVE-2022-23583)

... (truncated)

Sourced from tensorflow's changelog.

Release 2.5.3

This releases introduces several vulnerability fixes:

• Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725)
• Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728)
• Fixes a heap OOB access in Dequantize (CVE-2022-21726)
• Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727)
• Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730)
• Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729)
• Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731)
• Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)
• Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733)
• Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208)
• Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567)
• Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568)
• Fixes a number of CHECK-failures in MapStage (CVE-2022-21734)
• Fixes a division by zero in FractionalMaxPool (CVE-2022-21735)
• Fixes a number of CHECK-fails when building invalid/overflowing tensor shapes (CVE-2022-23569)
• Fixes an undefined behavior in SparseTensorSliceDataset (CVE-2022-21736)
• Fixes an assertion failure based denial of service via faulty bin count operations (CVE-2022-21737)
• Fixes a reference binding to null pointer in QuantizedMaxPool (CVE-2022-21739)
• Fixes an integer overflow leading to crash in SparseCountSparseOutput (CVE-2022-21738)
• Fixes a heap overflow in SparseCountSparseOutput (CVE-2022-21740)
• Fixes an FPE in BiasAndClamp in TFLite (CVE-2022-23557)
• Fixes an FPE in depthwise convolutions in TFLite (CVE-2022-21741)

... (truncated)

• 959e9b2 Merge pull request #54213 from tensorflow/fix-sanity-on-r2.5
• d05fcbc Fix sanity build
• f2526a0 Merge pull request #54205 from tensorflow/disable-flaky-tests-on-r2.5
• a5f94df Disable flaky test
• 7babe52 Merge pull request #54201 from tensorflow/cherrypick-510ae18200d0a4fad797c0bf...
• 0e5d378 Set Env Variable to override Setuptools new behavior
• fdd4195 Merge pull request #54176 from tensorflow-jenkins/relnotes-2.5.3-6805
• 4083165 Update RELEASE.md
• a2bb7f1 Merge pull request #54185 from tensorflow/cherrypick-d437dec4d549fc30f9b85c75...
• 5777ea3 Update third_party/icu/workspace.bzl
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from setuptools's releases.

v65.5.1

No release notes provided.

v65.5.0

No release notes provided.

v65.4.1

No release notes provided.

v65.4.0

No release notes provided.

v65.3.0

No release notes provided.

v65.2.0

No release notes provided.

v65.1.1

No release notes provided.

v65.1.0

No release notes provided.

v65.0.2

No release notes provided.

v65.0.1

No release notes provided.

v65.0.0

No release notes provided.

v64.0.3

No release notes provided.

v64.0.2

No release notes provided.

v64.0.1

No release notes provided.

v64.0.0

No release notes provided.

v63.4.3

No release notes provided.

v63.4.2

No release notes provided.

... (truncated)

Sourced from setuptools's changelog.

v65.5.1

Misc ^^^^

• #3638: Drop a test dependency on the mock package, always use :external+python:py:mod:unittest.mock -- by :user:hroncok
• #3659: Fixed REDoS vector in package_index.

v65.5.0

Changes ^^^^^^^

• #3624: Fixed editable install for multi-module/no-package src-layout projects.
• #3626: Minor refactorings to support distutils using stdlib logging module.

Documentation changes ^^^^^^^^^^^^^^^^^^^^^

• #3419: Updated the example version numbers to be compliant with PEP-440 on the "Specifying Your Project’s Version" page of the user guide.

Misc ^^^^

• #3569: Improved information about conflicting entries in the current working directory and editable install (in documentation and as an informational warning).
• #3576: Updated version of validate_pyproject.

v65.4.1

Misc ^^^^

• #3613: Fixed encoding errors in expand.StaticModule when system default encoding doesn't match expectations for source files.
• #3617: Merge with pypa/distutils@6852b20 including fix for pypa/distutils#181.

v65.4.0

Changes ^^^^^^^

• #3609: Merge with pypa/distutils@d82d926 including support for DIST_EXTRA_CONFIG in pypa/distutils#177.

v65.3.0

... (truncated)

• a462cb5 Bump version: 65.5.0 → 65.5.1
• de35d8b Merge pull request #3656 from bmorris3/typos
• 58e23de Update changelog. Ref #3659.
• 43a9c9b Limit the amount of whitespace to search/backtrack. Fixes #3659.
• 5791343 Add test capturing failed expectation. Ref #3659.
• 1f97905 ⚫ Fade to black.
• 6254567 Remove workaround for emacs.
• 729b180 ⚫ Fade to black.
• c068081 Typo corrections
• f777a40 Suppress deprecation warning in --rsyncdir. Workaround for #3655.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from setuptools's releases.

v65.5.1

No release notes provided.

v65.5.0

No release notes provided.

v65.4.1

No release notes provided.

v65.4.0

No release notes provided.

v65.3.0

No release notes provided.

v65.2.0

No release notes provided.

v65.1.1

No release notes provided.

v65.1.0

No release notes provided.

v65.0.2

No release notes provided.

v65.0.1

No release notes provided.

v65.0.0

No release notes provided.

v64.0.3

No release notes provided.

v64.0.2

No release notes provided.

v64.0.1

No release notes provided.

v64.0.0

No release notes provided.

v63.4.3

No release notes provided.

v63.4.2

No release notes provided.

... (truncated)

Sourced from setuptools's changelog.

v65.5.1

Misc ^^^^

• #3638: Drop a test dependency on the mock package, always use :external+python:py:mod:unittest.mock -- by :user:hroncok
• #3659: Fixed REDoS vector in package_index.

v65.5.0

Changes ^^^^^^^

• #3624: Fixed editable install for multi-module/no-package src-layout projects.
• #3626: Minor refactorings to support distutils using stdlib logging module.

Documentation changes ^^^^^^^^^^^^^^^^^^^^^

• #3419: Updated the example version numbers to be compliant with PEP-440 on the "Specifying Your Project’s Version" page of the user guide.

Misc ^^^^

• #3569: Improved information about conflicting entries in the current working directory and editable install (in documentation and as an informational warning).
• #3576: Updated version of validate_pyproject.

v65.4.1

Misc ^^^^

• #3613: Fixed encoding errors in expand.StaticModule when system default encoding doesn't match expectations for source files.
• #3617: Merge with pypa/distutils@6852b20 including fix for pypa/distutils#181.

v65.4.0

Changes ^^^^^^^

• #3609: Merge with pypa/distutils@d82d926 including support for DIST_EXTRA_CONFIG in pypa/distutils#177.

v65.3.0

... (truncated)

• a462cb5 Bump version: 65.5.0 → 65.5.1
• de35d8b Merge pull request #3656 from bmorris3/typos
• 58e23de Update changelog. Ref #3659.
• 43a9c9b Limit the amount of whitespace to search/backtrack. Fixes #3659.
• 5791343 Add test capturing failed expectation. Ref #3659.
• 1f97905 ⚫ Fade to black.
• 6254567 Remove workaround for emacs.
• 729b180 ⚫ Fade to black.
• c068081 Typo corrections
• f777a40 Suppress deprecation warning in --rsyncdir. Workaround for #3655.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from wheel's changelog.

Release Notes

UNRELEASED

• Updated vendored packaging to 22.0

0.38.4 (2022-11-09)

• Fixed PKG-INFO conversion in bdist_wheel mangling UTF-8 header values in METADATA (PR by Anderson Bravalheri)

0.38.3 (2022-11-08)

• Fixed install failure when used with --no-binary, reported on Ubuntu 20.04, by removing setup_requires from setup.cfg

0.38.2 (2022-11-05)

• Fixed regression introduced in v0.38.1 which broke parsing of wheel file names with multiple platform tags

0.38.1 (2022-11-04)

• Removed install dependency on setuptools
• The future-proof fix in 0.36.0 for converting PyPy's SOABI into a abi tag was faulty. Fixed so that future changes in the SOABI will not change the tag.

0.38.0 (2022-10-21)

• Dropped support for Python < 3.7
• Updated vendored packaging to 21.3
• Replaced all uses of distutils with setuptools
• The handling of license_files (including glob patterns and default values) is now delegated to setuptools>=57.0.0 (#466). The package dependencies were updated to reflect this change.
• Fixed potential DoS attack via the WHEEL_INFO_RE regular expression
• Fixed ValueError: ZIP does not support timestamps before 1980 when using SOURCE_DATE_EPOCH=0 or when on-disk timestamps are earlier than 1980-01-01. Such timestamps are now changed to the minimum value before packaging.

0.37.1 (2021-12-22)

• Fixed wheel pack duplicating the WHEEL contents when the build number has changed (#415)
• Fixed parsing of file names containing commas in RECORD (PR by Hood Chatham)

0.37.0 (2021-08-09)

• Added official Python 3.10 support
• Updated vendored packaging library to v20.9

... (truncated)

• 6f1608d Created a new release
• cf8f5ef Moved news item from PR #484 to its proper place
• 9ec2016 Removed install dependency on setuptools (#483)
• 747e1f6 Fixed PyPy SOABI parsing (#484)
• 7627548 [pre-commit.ci] pre-commit autoupdate (#480)
• 7b9e8e1 Test on Python 3.11 final
• a04dfef Updated the pypi-publish action
• 94bb62c Fixed docs not building due to code style changes
• d635664 Updated the codecov action to the latest version
• fcb94cd Updated version to match the release
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from wheel's changelog.

Release Notes

UNRELEASED

• Updated vendored packaging to 22.0

0.38.4 (2022-11-09)

• Fixed PKG-INFO conversion in bdist_wheel mangling UTF-8 header values in METADATA (PR by Anderson Bravalheri)

0.38.3 (2022-11-08)

• Fixed install failure when used with --no-binary, reported on Ubuntu 20.04, by removing setup_requires from setup.cfg

0.38.2 (2022-11-05)

• Fixed regression introduced in v0.38.1 which broke parsing of wheel file names with multiple platform tags

0.38.1 (2022-11-04)

• Removed install dependency on setuptools
• The future-proof fix in 0.36.0 for converting PyPy's SOABI into a abi tag was faulty. Fixed so that future changes in the SOABI will not change the tag.

0.38.0 (2022-10-21)

• Dropped support for Python < 3.7
• Updated vendored packaging to 21.3
• Replaced all uses of distutils with setuptools
• The handling of license_files (including glob patterns and default values) is now delegated to setuptools>=57.0.0 (#466). The package dependencies were updated to reflect this change.
• Fixed potential DoS attack via the WHEEL_INFO_RE regular expression
• Fixed ValueError: ZIP does not support timestamps before 1980 when using SOURCE_DATE_EPOCH=0 or when on-disk timestamps are earlier than 1980-01-01. Such timestamps are now changed to the minimum value before packaging.

0.37.1 (2021-12-22)

• Fixed wheel pack duplicating the WHEEL contents when the build number has changed (#415)
• Fixed parsing of file names containing commas in RECORD (PR by Hood Chatham)

0.37.0 (2021-08-09)

• Added official Python 3.10 support
• Updated vendored packaging library to v20.9

... (truncated)

• 6f1608d Created a new release
• cf8f5ef Moved news item from PR #484 to its proper place
• 9ec2016 Removed install dependency on setuptools (#483)
• 747e1f6 Fixed PyPy SOABI parsing (#484)
• 7627548 [pre-commit.ci] pre-commit autoupdate (#480)
• 7b9e8e1 Test on Python 3.11 final
• a04dfef Updated the pypi-publish action
• 94bb62c Fixed docs not building due to code style changes
• d635664 Updated the codecov action to the latest version
• fcb94cd Updated version to match the release
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.