Leaderboard and Visualization for RLCard

Data Analytics Lab at Texas A&M University

Last update: Dec 26, 2022

Related tags

Overview

RLCard Showdown

This is the GUI support for the RLCard project and DouZero project. RLCard-Showdown provides evaluation and visualization tools to help understand the performance of the agents. It includes a replay module, where you can analyze the replays, and a PvE module, where you can play with the AI interactively. Currently, we only support Leduc Hold'em and Dou Dizhu. The frontend is developed with React. The backend is based on Django and Flask. Have fun!

Official Website: http://www.rlcard.org
Tutorial in Jupyter Notebook: https://github.com/datamllab/rlcard-tutorial
Paper: https://www.ijcai.org/Proceedings/2020/764
Document: Click Here
Online Demo with DouZero: https://www.douzero.org/

Cite this work

Zha, Daochen, et al. "RLCard: A Platform for Reinforcement Learning in Card Games." IJCAI. 2020.

@inproceedings{zha2020rlcard,
  title={RLCard: A Platform for Reinforcement Learning in Card Games},
  author={Zha, Daochen and Lai, Kwei-Herng and Huang, Songyi and Cao, Yuanpu and Reddy, Keerthana and Vargas, Juan and Nguyen, Alex and Wei, Ruzhe and Guo, Junyu and Hu, Xia},
  booktitle={IJCAI},
  year={2020}
}

Installation

RLCard-Showdown has separated frontend and backend. The frontend is built with React and the backend is based on Django and Flask.

Prerequisite

To set up the frontend, you should make sure you have Node.js and NPM installed. Normally you just need to manually install Node.js, and the NPM package would be automatically installed together with Node.js for you. Please refer to its official website for installation of Node.js.

You can run the following commands to verify the installation

node -v
npm -v

For backend, make sure that you have Python 3.6+ and pip installed.

Install Frontend and Backend

The frontend can be installed with the help of NPM:

git clone -b master --single-branch --depth=1 https://github.com/datamllab/rlcard-showdown.git
cd rlcard-showdown
npm install

The backend of leaderboard can be installed with

pip3 install -r requirements.txt
cd server
python3 manage.py migrate
cd ..

Run RLCard-Showdown

Launch the backend of leaderboard with

cd server
python3 manage.py runserver

Download the pre-trained models in Google Drive or 百度网盘提取码: qh6s. Extract it in pve_server/pretrained.

In a new terminal, start the PvE server (i.e., human vs AI) of DouZero with

cd pve_server
python3 run_douzero.py

Alternatively, you can start the PvE server interfaced with RLCard:

cd pve_server
python3 run_dmc.py

They are conceptually the same with minor differences in state representation and training time of the pre-trained models (DouZero is fully trained with more than a month, while DMC in RLCard is only trained for hours).

Run the following command in another new terminal under the project folder to start frontend:

npm start

You can view leaderboard at http://127.0.0.1:3000/ and PvE demo of Dou Dizhu at http://127.0.0.1:3000/pve/doudizhu-demo. The backend of leaderboard will run in http://127.0.0.1:8000/. The PvE backend will run in http://127.0.0.1:5000/.

Demos

Contact Us

If you have any questions or feedback, feel free to drop an email to Songyi Huang for the frontend or Daochen Zha for backend.

Acknowledgements

We would like to thank JJ World Network Technology Co., LTD for the generous support, Chieh-An Tsai for user interface design, and Lei Pan for the help in visualizations.

Comments

Error in getting replay data

After Launching Tournaments in guide.md, I Click the replay button doudizhu-rule-v1 to watch the replay with doudizhu, BUT when i click start in http://localhost:3000/replay/doudizhu, Suddenly prompt me “Error in getting replay data”, Then prompted the following error “TypeError: Cannot read property 'length' of undefined”. The replay button of Texas Hold'em will not report an error, This is very confusing to me.

opened by Maxwell2017 4

python3 manage.py migrate not working

I am running this on Windows 10 in both Windows Poer Shell and Pycharm platform but when I run this

python3 manage.py migrate

I get these issues:

System check identified some issues:

WARNINGS:
tournament.Game: (models.W042) Auto-created primary key used when not defining a primary key type, by default 'django.db.models.AutoField'.
        HINT: Configure the DEFAULT_AUTO_FIELD setting or the TournamentConfig.default_auto_field attribute to point to a subclass of AutoField, e.g. 'django.db.model
s.BigAutoField'.
tournament.Payoff: (models.W042) Auto-created primary key used when not defining a primary key type, by default 'django.db.models.AutoField'.
        HINT: Configure the DEFAULT_AUTO_FIELD setting or the TournamentConfig.default_auto_field attribute to point to a subclass of AutoField, e.g. 'django.db.model
s.BigAutoField'.
tournament.UploadedAgent: (models.W042) Auto-created primary key used when not defining a primary key type, by default 'django.db.models.AutoField'.
        HINT: Configure the DEFAULT_AUTO_FIELD setting or the TournamentConfig.default_auto_field attribute to point to a subclass of AutoField, e.g. 'django.db.model
s.BigAutoField'.
Operations to perform:
  Apply all migrations: admin, auth, contenttypes, sessions, tournament
Running migrations:
  No migrations to apply.

This causes the server to not run properly.

Page not found (404)
Request Method:	GET
Request URL:	http://127.0.0.1:8000/
Using the URLconf defined in server.urls, Django tried these URL patterns, in this order:

tournament/
admin/
The empty path didn’t match any of these.

You’re seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard 404 page.

opened by amirfarazmand 3

cannot interact with django server when scripts are run in a remote server
Hi, I have run the following on my local computer to start a remote service:

python manage.py runserver 0.0.0.0:8000

I can visit remote_ip:8000 this way. However it shows a blank table with no records read from the database (i.e., db.sqlite3) after I type npm start. Things went perfectly fine when I serve both on my local computer (even a remote frontend and local backend combination could work).

I wonder what configurations should be done to deal with it. Thanks for your work.
opened by dennislx 2
Bump socket.io-parser from 3.3.0 to 3.3.2
Bumps socket.io-parser from 3.3.0 to 3.3.2.

Release notes

Sourced from socket.io-parser's releases.

3.3.2

Bug Fixes

prevent DoS (OOM) via massive packets (#95) (89197a0)

Links

Diff: https://github.com/Automattic/socket.io-parser/compare/3.3.1...3.3.2

3.3.1

Links

Diff: https://github.com/socketio/socket.io-parser/compare/3.3.0...3.3.1

Changelog

Sourced from socket.io-parser's changelog.

3.3.2 (2021-01-09)

Bug Fixes

prevent DoS (OOM) via massive packets (#95) (89197a0)

3.3.1 (2020-09-30)

Commits

3b0a392 chore(release): 3.3.2

89197a0 fix: prevent DoS (OOM) via massive packets (#95)

25ca624 chore(release): 3.3.1

b51b39b test: use Node.js 10 for the browser tests

4184e46 chore: bump component-emitter dependency

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump url-parse from 1.4.7 to 1.5.7
Bumps url-parse from 1.4.7 to 1.5.7.

Commits

8b3f5f2 1.5.7

ef45a13 [fix] Readd the empty userinfo to url.href (#226)

88df234 [doc] Add soft deprecation notice

78e9f2f [security] Fix nits

e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability

4c9fa23 1.5.6

7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo

e4a5807 1.5.5

193b44b [minor] Simplify whitespace regex

319851b [fix] Remove CR, HT, and LF

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump follow-redirects from 1.13.1 to 1.14.7
Bumps follow-redirects from 1.13.1 to 1.14.7.

Commits

2ede36d Release version 1.14.7 of the npm package.

8b347cb Drop Cookie header across domains.

6f5029a Release version 1.14.6 of the npm package.

af706be Ignore null headers.

d01ab7a Release version 1.14.5 of the npm package.

40052ea Make compatible with Node 17.

86f7572 Fix: clear internal timer on request abort to avoid leakage

2e1eaf0 Keep Authorization header on subdomain redirects.

2ad9e82 Carry over Host header on relative redirects (#172)

77e2a58 Release version 1.14.4 of the npm package.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
无法在 macOS M1 芯片(ARM)环境下安装

Could not find a version that satisfies the requirement onnxruntime (from -r requirements.txt (line 8)) (from versions: ) No matching distribution found for onnxruntime (from -r requirements.txt (line 8))

opened by SpaceX-Vision 1
Django administration Password??

http://127.0.0.1:8000/admin

Django administration Username: Password:

python manage.py makemigrations

File "manage.py", line 16 ) from exc ^

后台登陆，应该要怎么设置

opened by monkeycc 1
Bump tensorflow from 1.14 to 2.4.0
Bumps tensorflow from 1.14 to 2.4.0.

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.4.0

Release 2.4.0

Major Features and Improvements

tf.distribute introduces experimental support for asynchronous training of models via the tf.distribute.experimental.ParameterServerStrategy API. Please see the tutorial to learn more.

MultiWorkerMirroredStrategy is now a stable API and is no longer considered experimental. Some of the major improvements involve handling peer failure and many bug fixes. Please check out the detailed tutorial on Multi-worker training with Keras.

Introduces experimental support for a new module named tf.experimental.numpy which is a NumPy-compatible API for writing TF programs. See the detailed guide to learn more. Additional details below.

Adds Support for TensorFloat-32 on Ampere based GPUs. TensorFloat-32, or TF32 for short, is a math mode for NVIDIA Ampere based GPUs and is enabled by default.

A major refactoring of the internals of the Keras Functional API has been completed, that should improve the reliability, stability, and performance of constructing Functional models.

Keras mixed precision API tf.keras.mixed_precision is no longer experimental and allows the use of 16-bit floating point formats during training, improving performance by up to 3x on GPUs and 60% on TPUs. Please see below for additional details.

TensorFlow Profiler now supports profiling MultiWorkerMirroredStrategy and tracing multiple workers using the sampling mode API.

TFLite Profiler for Android is available. See the detailed guide to learn more.

TensorFlow pip packages are now built with CUDA11 and cuDNN 8.0.2.

Breaking Changes

TF Core:

Certain float32 ops run in lower precsion on Ampere based GPUs, including matmuls and convolutions, due to the use of TensorFloat-32. Specifically, inputs to such ops are rounded from 23 bits of precision to 10 bits of precision. This is unlikely to cause issues in practice for deep learning models. In some cases, TensorFloat-32 is also used for complex64 ops. TensorFloat-32 can be disabled by running tf.config.experimental.enable_tensor_float_32_execution(False).

The byte layout for string tensors across the C-API has been updated to match TF Core/C++; i.e., a contiguous array of tensorflow::tstring/TF_TStrings.

C-API functions TF_StringDecode, TF_StringEncode, and TF_StringEncodedSize are no longer relevant and have been removed; see core/platform/ctstring.h for string access/modification in C.

tensorflow.python, tensorflow.core and tensorflow.compiler modules are now hidden. These modules are not part of TensorFlow public API.

tf.raw_ops.Max and tf.raw_ops.Min no longer accept inputs of type tf.complex64 or tf.complex128, because the behavior of these ops is not well defined for complex types.

XLA:CPU and XLA:GPU devices are no longer registered by default. Use TF_XLA_FLAGS=--tf_xla_enable_xla_devices if you really need them, but this flag will eventually be removed in subsequent releases.

tf.keras:

The steps_per_execution argument in model.compile() is no longer experimental; if you were passing experimental_steps_per_execution, rename it to steps_per_execution in your code. This argument controls the number of batches to run during each tf.function call when calling model.fit(). Running multiple batches inside a single tf.function call can greatly improve performance on TPUs or small models with a large Python overhead.

A major refactoring of the internals of the Keras Functional API may affect code that is relying on certain internal details:

Code that uses isinstance(x, tf.Tensor) instead of tf.is_tensor when checking Keras symbolic inputs/outputs should switch to using tf.is_tensor.

Code that is overly dependent on the exact names attached to symbolic tensors (e.g. assumes there will be ":0" at the end of the inputs, treats names as unique identifiers instead of using tensor.ref(), etc.) may break.

Code that uses full path for get_concrete_function to trace Keras symbolic inputs directly should switch to building matching tf.TensorSpecs directly and tracing the TensorSpec objects.

Code that relies on the exact number and names of the op layers that TensorFlow operations were converted into may have changed.

Code that uses tf.map_fn/tf.cond/tf.while_loop/control flow as op layers and happens to work before TF 2.4. These will explicitly be unsupported now. Converting these ops to Functional API op layers was unreliable before TF 2.4, and prone to erroring incomprehensibly or being silently buggy.

Code that directly asserts on a Keras symbolic value in cases where ops like tf.rank used to return a static or symbolic value depending on if the input had a fully static shape or not. Now these ops always return symbolic values.

Code already susceptible to leaking tensors outside of graphs becomes slightly more likely to do so now.

Code that tries directly getting gradients with respect to symbolic Keras inputs/outputs. Use GradientTape on the actual Tensors passed to the already-constructed model instead.

Code that requires very tricky shape manipulation via converted op layers in order to work, where the Keras symbolic shape inference proves insufficient.

Code that tries manually walking a tf.keras.Model layer by layer and assumes layers only ever have one positional argument. This assumption doesn't hold true before TF 2.4 either, but is more likely to cause issues now.

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.4.0

Major Features and Improvements

tf.distribute introduces experimental support for asynchronous training of models via the [tf.distribute.experimental.ParameterServerStrategy] (https://www.tensorflow.org/api_docs/python/tf/distribute/experimental/ParameterServerStrategy) API. Please see the tutorial to learn more.

MultiWorkerMirroredStrategy is now a stable API and is no longer considered experimental. Some of the major improvements involve handling peer failure and many bug fixes. Please check out the detailed tutorial on [Multi-worker training with Keras] (https://www.tensorflow.org/tutorials/distribute/multi_worker_with_keras).

Introduces experimental support for a new module named [tf.experimental.numpy] (https://www.tensorflow.org/api_docs/python/tf/experimental/numpy) which is a NumPy-compatible API for writing TF programs. See the [detailed guide] (https://www.tensorflow.org/guide/tf_numpy) to learn more. Additional details below.

Adds Support for TensorFloat-32 on Ampere based GPUs. TensorFloat-32, or TF32 for short, is a math mode for NVIDIA Ampere based GPUs and is enabled by default.

A major refactoring of the internals of the Keras Functional API has been completed, that should improve the reliability, stability, and performance of constructing Functional models.

Keras mixed precision API [tf.keras.mixed_precision] (https://www.tensorflow.org/api_docs/python/tf/keras/mixed_precision?version=nightly) is no longer experimental and allows the use of 16-bit floating point formats during training, improving performance by up to 3x on GPUs and 60% on TPUs. Please see below for additional details.

TensorFlow Profiler now supports profiling MultiWorkerMirroredStrategy and tracing multiple workers using the [sampling mode API] (https://www.tensorflow.org/guide/profiler#profiling_apis).

TFLite Profiler for Android is available. See the detailed [guide] (https://www.tensorflow.org/lite/performance/measurement#trace_tensorflow_lite_internals_in_android) to learn more.

TensorFlow pip packages are now built with CUDA11 and cuDNN 8.0.2.

Breaking Changes

TF Core:

Certain float32 ops run in lower precsion on Ampere based GPUs, including

... (truncated)

Commits

582c8d2 Merge pull request #44220 from tensorflow-jenkins/relnotes-2.4.0rc0-18048

c16387f Update RELEASE.md

4cf406c Update RELEASE.md

3f35ef2 Update RELEASE.md

3647e8e Update RELEASE.md

281c7d5 Update RELEASE.md

91ec75f Update RELEASE.md

ed5ad82 Update RELEASE.md

1267bba Update RELEASE.md

13a4067 Update RELEASE.md

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump tensorflow from 1.14 to 2.3.1
Bumps tensorflow from 1.14 to 2.3.1.

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.3.1

Release 2.3.1

Bug Fixes and Other Changes

Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)

Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)

Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)

Fixes several vulnerabilities in RaggedCountSparseOutput and SparseCountSparseOutput operations (CVE-2020-15196, CVE-2020-15197, CVE-2020-15198, CVE-2020-15199, CVE-2020-15200, CVE-2020-15201)

Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)

Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)

Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)

Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)

Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)

Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)

Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)

Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)

Fixes several vulnerabilities in TFLite implementation of segment sum (CVE-2020-15212, CVE-2020-15213, CVE-2020-15214)

Updates sqlite3 to 3.33.00 to handle CVE-2020-15358.

Fixes deprecated usage of collections API

Removes scipy dependency from setup.py since TensorFlow does not need it to install the pip package

TensorFlow 2.3.0

Release 2.3.0

Major Features and Improvements

tf.data adds two new mechanisms to solve input pipeline bottlenecks and save resources:

snapshot

tf.data service.

In addition checkout the detailed guide for analyzing input pipeline performance with TF Profiler.

tf.distribute.TPUStrategy is now a stable API and no longer considered experimental for TensorFlow. (earlier tf.distribute.experimental.TPUStrategy).

TF Profiler introduces two new tools: a memory profiler to visualize your model’s memory usage over time and a python tracer which allows you to trace python function calls in your model. Usability improvements include better diagnostic messages and profile options to customize the host and device trace verbosity level.

Introduces experimental support for Keras Preprocessing Layers API (tf.keras.layers.experimental.preprocessing.*) to handle data preprocessing operations, with support for composite tensor inputs. Please see below for additional details on these layers.

TFLite now properly supports dynamic shapes during conversion and inference. We’ve also added opt-in support on Android and iOS for XNNPACK, a highly optimized set of CPU kernels, as well as opt-in support for executing quantized models on the GPU.

Libtensorflow packages are available in GCS starting this release. We have also started to release a nightly version of these packages.

The experimental Python API tf.debugging.experimental.enable_dump_debug_info() now allows you to instrument a TensorFlow program and dump debugging information to a directory on the file system. The directory can be read and visualized by a new interactive dashboard in TensorBoard 2.3 called Debugger V2, which reveals the details of the TensorFlow program including graph structures, history of op executions at the Python (eager) and intra-graph levels, the runtime dtype, shape, and numerical composistion of tensors, as well as their code locations.

Breaking Changes

Increases the minimum bazel version required to build TF to 3.1.0.

tf.data

Makes the following (breaking) changes to the tf.data.

C++ API: - IteratorBase::RestoreInternal, IteratorBase::SaveInternal, and DatasetBase::CheckExternalState become pure-virtual and subclasses are now expected to provide an implementation.

The deprecated DatasetBase::IsStateful method is removed in favor of DatasetBase::CheckExternalState.

Deprecated overrides of DatasetBase::MakeIterator and MakeIteratorFromInputElement are removed.

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.3.1

Bug Fixes and Other Changes

Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)

Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)

Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)

Fixes several vulnerabilities in RaggedCountSparseOutput and SparseCountSparseOutput operations (CVE-2020-15196, CVE-2020-15197, CVE-2020-15198, CVE-2020-15199, CVE-2020-15200, CVE-2020-15201)

Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)

Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)

Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)

Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)

Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)

Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)

Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)

Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)

Fixes several vulnerabilities in TFLite implementation of segment sum (CVE-2020-15212, CVE-2020-15213, CVE-2020-15214)

Updates sqlite3 to 3.33.00 to handle CVE-2020-15358.

Fixes deprecated usage of collections API

Removes scipy dependency from setup.py since TensorFlow does not need it to install the pip package

Release 2.2.1

... (truncated)

Commits

fcc4b96 Merge pull request #43446 from tensorflow-jenkins/version-numbers-2.3.1-16251

4cf2230 Update version numbers to 2.3.1

eee8224 Merge pull request #43441 from tensorflow-jenkins/relnotes-2.3.1-24672

0d41b1d Update RELEASE.md

d99bd63 Insert release notes place-fill

d71d3ce Merge pull request #43414 from tensorflow/mihaimaruseac-patch-1-1

9c91596 Fix missing import

f9f12f6 Merge pull request #43391 from tensorflow/mihaimaruseac-patch-4

3ed271b Solve leftover from merge conflict

9cf3773 Merge pull request #43358 from tensorflow/mm-patch-r2.3

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump tensorflow from 1.14 to 1.15.4
Bumps tensorflow from 1.14 to 1.15.4.

Release notes

Sourced from tensorflow's releases.

TensorFlow 1.15.4

Release 1.15.4

Bug Fixes and Other Changes

Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)

Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)

Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)

Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)

Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)

Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)

Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)

Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)

Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)

Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)

Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)

Updates sqlite3 to 3.33.00 to handle CVE-2020-9327, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13871, and CVE-2020-15358.

Fixes #41630 by including max_seq_length in CuDNN descriptor cache key

Pins numpy to 1.18.5 to prevent ABI breakage when compiling code that uses both NumPy and TensorFlow headers.

TensorFlow 1.15.3

Bug Fixes and Other Changes

Updates sqlite3 to 3.31.01 to handle CVE-2019-19880, CVE-2019-19244 and CVE-2019-19645

Updates curl to 7.69.1 to handle CVE-2019-15601

Updates libjpeg-turbo to 2.0.4 to handle CVE-2018-19664, CVE-2018-20330 and CVE-2019-13960

Updates Apache Spark to 2.4.5 to handle CVE-2019-10099, CVE-2018-17190 and CVE-2018-11770

TensorFlow 1.15.2

Release 1.15.2

Note that this release no longer has a single pip package for GPU and CPU. Please see #36347 for history and details

Bug Fixes and Other Changes

Fixes a security vulnerability where converting a Python string to a tf.float16 value produces a segmentation fault (CVE-2020-5215)

Updates curl to 7.66.0 to handle CVE-2019-5482 and CVE-2019-5481

Updates sqlite3 to 3.30.01 to handle CVE-2019-19646, CVE-2019-19645 and CVE-2019-16168

TensorFlow 1.15.0

Release 1.15.0

This is the last 1.x release for TensorFlow. We do not expect to update the 1.x branch with features, although we will issue patch releases to fix vulnerabilities for at least one year.

Major Features and Improvements

As announced, tensorflow pip package will by default include GPU support (same as tensorflow-gpu now) for the platforms we currently have GPU support (Linux and Windows). It will work on machines with and without Nvidia GPUs. tensorflow-gpu will still be available, and CPU-only packages can be downloaded at tensorflow-cpu for users who are concerned about package size.

TensorFlow 1.15 contains a complete implementation of the 2.0 API in its compat.v2 module. It contains a copy of the 1.15 main module (without contrib) in the compat.v1 module. TensorFlow 1.15 is able to emulate 2.0 behavior using the enable_v2_behavior() function. This enables writing forward compatible code: by explicitly importing either tensorflow.compat.v1 or tensorflow.compat.v2, you can ensure that your code works without modifications against an installation of 1.15 or 2.0.

EagerTensor now supports numpy buffer interface for tensors.

Add toggles tf.enable_control_flow_v2() and tf.disable_control_flow_v2() for enabling/disabling v2 control flow.

Enable v2 control flow as part of tf.enable_v2_behavior() and TF2_BEHAVIOR=1.

AutoGraph translates Python control flow into TensorFlow expressions, allowing users to write regular Python inside tf.function-decorated functions. AutoGraph is also applied in functions used with tf.data, tf.distribute and tf.keras APIS.

Adds enable_tensor_equality(), which switches the behavior such that:

Tensors are no longer hashable.

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 1.15.4

Bug Fixes and Other Changes

Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)

Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)

Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)

Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)

Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)

Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)

Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)

Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)

Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)

Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)

Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)

Updates sqlite3 to 3.33.00 to handle CVE-2020-9327, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13871, and CVE-2020-15358.

Fixes #41630 by including max_seq_length in CuDNN descriptor cache key

Pins numpy to 1.18.5 to prevent ABI breakage when compiling code that uses both NumPy and TensorFlow headers.

Release 2.3.0

Major Features and Improvements

tf.data adds two new mechanisms to solve input pipeline bottlenecks and save resources:

... (truncated)

Commits

df8c55c Merge pull request #43442 from tensorflow-jenkins/version-numbers-1.15.4-31571

0e8cbcb Update version numbers to 1.15.4

5b65bf2 Merge pull request #43437 from tensorflow-jenkins/relnotes-1.15.4-10691

814e8d8 Update RELEASE.md

757085e Insert release notes place-fill

e99e53d Merge pull request #43410 from tensorflow/mm-fix-1.15

bad36df Add missing import

f3f1835 No disable_tfrt present on this branch

7ef5c62 Merge pull request #43406 from tensorflow/mihaimaruseac-patch-1

abbf34a Remove import that is not needed

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump express from 4.17.1 to 4.18.2
Bumps express from 4.17.1 to 4.18.2.

Release notes

Sourced from express's releases.

4.18.2

Fix regression routing a large stack in a single route

deps: [email protected]

deps: [email protected]

perf: remove unnecessary object clone

deps: [email protected]

4.18.1

Fix hanging on large stack of sync routes

4.18.0

Add "root" option to res.download

Allow options without filename in res.download

Deprecate string and non-integer arguments to res.status

Fix behavior of null/undefined as maxAge in res.cookie

Fix handling very large stacks of sync middleware

Ignore Object.prototype values in settings through app.set/app.get

Invoke default with same arguments as types in res.format

Support proper 205 responses using res.send

Use http-errors for res.format error

deps: [email protected]

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

Add priority option

Fix expires option to reject invalid dates

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

Remove set content headers that break response

deps: [email protected]

deps: [email protected]

deps: [email protected]

Prevent loss of async hooks context

deps: [email protected]

deps: [email protected]

Fix emitted 416 error missing headers property

Limit the headers removed for 304 response

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

... (truncated)

Changelog

Sourced from express's changelog.

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: [email protected]

deps: [email protected]

perf: remove unnecessary object clone

deps: [email protected]

4.18.1 / 2022-04-29

Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

Add "root" option to res.download

Allow options without filename in res.download

Deprecate string and non-integer arguments to res.status

Fix behavior of null/undefined as maxAge in res.cookie

Fix handling very large stacks of sync middleware

Ignore Object.prototype values in settings through app.set/app.get

Invoke default with same arguments as types in res.format

Support proper 205 responses using res.send

Use http-errors for res.format error

deps: [email protected]

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

Add priority option

Fix expires option to reject invalid dates

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

Remove set content headers that break response

deps: [email protected]

deps: [email protected]

deps: [email protected]

Prevent loss of async hooks context

deps: [email protected]

deps: [email protected]

... (truncated)

Commits

8368dc1 4.18.2

61f4049 docs: replace Freenode with Libera Chat

bb7907b build: [email protected]

f56ce73 build: [email protected]

24b3dc5 deps: [email protected]

689d175 deps: [email protected]

340be0f build: [email protected]

33e8dc3 docs: use Node.js name style

644f646 build: [email protected]

ecd7572 build: [email protected]

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0
Bump qs from 6.5.2 to 6.5.3
Bumps qs from 6.5.2 to 6.5.3.

Changelog

Sourced from qs's changelog.

6.5.3

[Fix] parse: ignore __proto__ keys (#428)

[Fix] utils.merge: avoid a crash with a null target and a truthy non-array source

[Fix] correctly parse nested arrays

[Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)

[Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided

[Fix] when parseArrays is false, properly handle keys ending in []

[Fix] fix for an impossible situation: when the formatter is called with a non-string value

[Fix] utils.merge: avoid a crash with a null target and an array source

[Refactor] utils: reduce observable [[Get]]s

[Refactor] use cached Array.isArray

[Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)

[Refactor] parse: only need to reassign the var once

[Robustness] stringify: avoid relying on a global undefined (#427)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] Clean up license text so it’s properly detected as BSD-3-Clause

[Docs] Clarify the need for "arrayLimit" option

[meta] fix README.md (#399)

[meta] add FUNDING.yml

[actions] backport actions from main

[Tests] always use String(x) over x.toString()

[Tests] remove nonexistent tape option

[Dev Deps] backport from main

Commits

298bfa5 v6.5.3

ed0f5dc [Fix] parse: ignore __proto__ keys (#428)

691e739 [Robustness] stringify: avoid relying on a global undefined (#427)

1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs

12ac1c4 [meta] fix README.md (#399)

0338716 [actions] backport actions from main

5639c20 Clean up license text so it’s properly detected as BSD-3-Clause

51b8a0b add FUNDING.yml

45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...

f814a7f [Dev Deps] backport from main

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0
Bump decode-uri-component from 0.2.0 to 0.2.2
Bumps decode-uri-component from 0.2.0 to 0.2.2.

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits

a0eea46 0.2.2

980e0bf Prevent overwriting previously decoded tokens

3c8a373 0.2.1

76abc93 Switch to GitHub workflows

746ca5d Fix issue where decode throws - fixes #6

486d7e2 Update license (#1)

a650457 Tidelift tasks

66e1c28 Meta tweaks

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0
bump socket.io-parser from 3.3.0 to 3.3.3
Bumps socket.io-parser from 3.3.0 to 3.3.3.

Release notes

Sourced from socket.io-parser's releases.

3.3.2

Bug Fixes

prevent DoS (OOM) via massive packets (#95) (89197a0)

Links

Diff: https://github.com/Automattic/socket.io-parser/compare/3.3.1...3.3.2

3.3.1

Links

Diff: https://github.com/socketio/socket.io-parser/compare/3.3.0...3.3.1

Changelog

Sourced from socket.io-parser's changelog.

3.3.3 (2022-11-09)

Bug Fixes

check the format of the index of each attachment (fb21e42)

3.4.2 (2022-11-09)

Bug Fixes

check the format of the index of each attachment (04d23ce)

4.2.1 (2022-06-27)

Bug Fixes

check the format of the index of each attachment (b5d0cb7)

4.0.5 (2022-06-27)

Bug Fixes

check the format of the index of each attachment (b559f05)

4.2.0 (2022-04-17)

Features

allow the usage of custom replacer and reviver (#112) (b08bc1a)

4.1.2 (2022-02-17)

Bug Fixes

... (truncated)

Commits

cd11e38 chore(release): 3.3.3

fb21e42 fix: check the format of the index of each attachment

3b0a392 chore(release): 3.3.2

89197a0 fix: prevent DoS (OOM) via massive packets (#95)

25ca624 chore(release): 3.3.1

b51b39b test: use Node.js 10 for the browser tests

4184e46 chore: bump component-emitter dependency

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0
Bump terser from 4.4.2 to 4.8.1
Bumps terser from 4.4.2 to 4.8.1.

Changelog

Sourced from terser's changelog.

v4.8.1 (backport)

Security fix for RegExps that should not be evaluated (regexp DDOS)

v4.8.0

Support for numeric separators (million = 1_000_000) was added.

Assigning properties to a class is now assumed to be pure.

Fixed bug where yield wasn't considered a valid property key in generators.

v4.7.0

A bug was fixed where an arrow function would have the wrong size

arguments object is now considered safe to retrieve properties from (useful for length, or 0) even when pure_getters is not set.

Fixed erroneous const declarations without value (which is invalid) in some corner cases when using collapse_vars.

v4.6.13

Fixed issue where ES5 object properties were being turned into ES6 object properties due to more lax unicode rules.

Fixed parsing of BigInt with lowercase e in them.

v4.6.12

Fixed subtree comparison code, making it see that [1,[2, 3]] is different from [1, 2, [3]]

Printing of unicode identifiers has been improved

v4.6.11

Read unused classes' properties and method keys, to figure out if they use other variables.

Prevent inlining into block scopes when there are name collisions

Functions are no longer inlined into parameter defaults, because they live in their own special scope.

When inlining identity functions, take into account the fact they may be used to drop this in function calls.

Nullish coalescing operator (x ?? y), plus basic optimization for it.

Template literals in binary expressions such as + have been further optimized

v4.6.10

Do not use reduce_vars when classes are present

v4.6.9

Check if block scopes actually exist in blocks

v4.6.8

Take into account "executed bits" of classes like static properties or computed keys, when checking if a class evaluation might throw or have side effects.

v4.6.7

Some new performance gains through a AST_Node.size() method which measures a node's source code length without printing it to a string first.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0
Bump eventsource from 1.0.7 to 1.1.1
Bumps eventsource from 1.0.7 to 1.1.1.

Changelog

Sourced from eventsource's changelog.

1.1.1

Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

1.1.0

Improve performance for large messages across many chunks (#130 Trent Willis)

Add createConnection option for http or https requests (#120 Vasily Lavrov)

Support HTTP 302 redirects (#116 Ryan Bonte)

Prevent sequential errors from attempting multiple reconnections (#125 David Patty)

Add new to correct test (#111 Stéphane Alnet)

Fix reconnections attempts now happen more than once (#136 Icy Fish)

Commits

aa7a408 1.1.1

56d489e chore: rebuild polyfill

4a951e5 docs: update history for 1.1.1

f9f6416 fix: strip sensitive headers on redirect to different origin

9dd0687 1.1.0

49497ba Update history for 1.1.0 (#146)

3a38537 Update history for #136

46fe04e Merge pull request #136 from icy-fish/master

9a4190f Fix issue: reconnection only happends for 1 time after connection drops

61e1b19 test: destroy both proxied request and response on close

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0