Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the tensorflow group across 1 directory with 2 updates #582

Closed
wants to merge 1 commit into from
Closed

Bump the tensorflow group across 1 directory with 2 updates #582

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 3, 2025
edited
Loading

Bumps the tensorflow group with 2 updates in the /tensorflow directory: pillow and numpy.

Updates pillow from 11.0.0 to 11.1.0

Release notes

Sourced from pillow's releases.

11.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/11.1.0.html

Documentation

Dependencies

Testing

... (truncated)

Changelog

Sourced from pillow's changelog.

11.1.0 and newer

See GitHub Releases:

Commits

Updates numpy from 2.2.0 to 2.2.1

Release notes

Sourced from numpy's releases.

2.2.1 (DEC 21, 2024)

NumPy 2.2.1 Release Notes

NumPy 2.2.1 is a patch release following 2.2.0. It fixes bugs found after the 2.2.0 release and has several maintenance pins to work around upstream changes.

There was some breakage in downstream projects following the 2.2.0 release due to updates to NumPy typing. Because of problems due to MyPy defects, we recommend using basedpyright for type checking, it can be installed from PyPI. The Pylance extension for Visual Studio Code is also based on Pyright. Problems that persist when using basedpyright should be reported as issues on the NumPy github site.

This release supports Python 3.10-3.13.

Contributors

A total of 9 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Charles Harris
  • Joren Hammudoglu
  • Matti Picus
  • Nathan Goldbaum
  • Peter Hawkins
  • Simon Altrogge
  • Thomas A Caswell
  • Warren Weckesser
  • Yang Wang +

Pull requests merged

A total of 12 pull requests were merged for this release.

  • #27935: MAINT: Prepare 2.2.x for further development
  • #27950: TEST: cleanups
  • #27958: BUG: fix use-after-free error in npy_hashtable.cpp (#27955)
  • #27959: BLD: add missing include
  • #27982: BUG:fix compile error libatomic link test to meson.build
  • #27990: TYP: Fix falsely rejected value types in ndarray.__setitem__
  • #27991: MAINT: Don't wrap #include <Python.h> with extern "C"
  • #27993: BUG: Fix segfault in stringdtype lexsort
  • #28006: MAINT: random: Tweak module code in mtrand.pyx to fix a Cython...
  • #28007: BUG: Cython API was missing NPY_UINTP.
  • #28021: CI: pin scipy-doctest to 1.5.1
  • #28044: TYP: allow None in operand sequence of nditer

Checksums

... (truncated)

Commits
  • 7469245 Merge pull request #28047 from charris/prepare-2.2.1
  • acb051e REL: Prepare for the NumPy 2.2.1 release [wheel build]
  • 28a091a Merge pull request #28044 from charris/backport-28039
  • 723605b TST: Add test for allowing None in operand sequence passed to nditer
  • 554739e TYP: allow None in operand sequence of nditer
  • 31bc4c8 Merge pull request #28021 from charris/backport-28020
  • 32f52a3 CI: pin scipy-doctest to 1.5.1 (#28020)
  • 6219aeb Merge pull request #28007 from charris/backport-28005
  • eb7071c Merge pull request #28006 from charris/backport-28003
  • 4f82c32 BUG: Cython API was missing NPY_UINTP.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot requested a review from jitendra42 as a code owner January 3, 2025 22:13
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 3, 2025
@dependabot dependabot bot requested a review from sramakintel as a code owner January 3, 2025 22:13
@dependabot dependabot bot added the python Pull requests that update Python code label Jan 3, 2025
@dependabot dependabot bot requested a review from sharvil10 as a code owner January 3, 2025 22:13
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 3, 2025
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

License Issues

tensorflow/requirements.txt

PackageVersionLicenseIssue Type
pillow11.1.0NullUnknown License

tensorflow/serving/requirements.txt

PackageVersionLicenseIssue Type
pillow11.1.0NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/pillow 11.1.0 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
License🟢 9license file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing🟢 10project is fuzzed
Packaging🟢 10packaging workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities⚠️ 013 existing vulnerabilities detected
pip/numpy 2.2.1 🟢 8
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
CI-Tests🟢 1014 out of 14 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 10project has 95 contributing companies or organizations
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 9license file detected
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 9security policy file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/pillow 11.1.0 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
License🟢 9license file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing🟢 10project is fuzzed
Packaging🟢 10packaging workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities⚠️ 013 existing vulnerabilities detected

Scanned Files

  • tensorflow/requirements.txt
  • tensorflow/serving/requirements.txt

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@dependabot dependabot bot force-pushed the dependabot/pip/tensorflow/tensorflow-b92d84d7aa branch from ab54076 to c5ceda1 Compare January 6, 2025 13:55
@dependabot
Bump the tensorflow group across 1 directory with 2 updates
29b83e3 
Bumps the tensorflow group with 2 updates in the /tensorflow directory: [pillow](https://github.com/python-pillow/Pillow) and [numpy](https://github.com/numpy/numpy).


Updates `pillow` from 11.0.0 to 11.1.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@11.0.0...11.1.0)

Updates `numpy` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.2.0...v2.2.1)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tensorflow
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tensorflow
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/tensorflow/tensorflow-b92d84d7aa branch from c5ceda1 to 29b83e3 Compare January 13, 2025 13:49
@github-actions GitHub Actions
Copy link

Integration Test Results

Groups Tested: tensorflow/tests

Results
Test-Group Test Status
tensorflow/tests import-itex-cpu-pip PASS
tensorflow/tests import-itex-cpu-idp PASS
tensorflow/tests import-itex-xpu-pip PASS
tensorflow/tests import-itex-xpu-idp PASS
tensorflow/tests import-cpu-jupyter-pip PASS
tensorflow/tests import-cpu-jupyter-idp PASS
tensorflow/tests import-xpu-jupyter-pip PASS
tensorflow/tests import-xpu-jupyter-idp PASS
tensorflow/tests itex-cpu-pip PASS
tensorflow/tests itex-cpu-idp PASS
tensorflow/tests itex-xpu-pip PASS
tensorflow/tests itex-xpu-idp PASS
tensorflow/tests itex-xpu-jupyter-pip PASS
tensorflow/tests itex-xpu-jupyter-idp PASS

Overall Result: PASS ✅

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 20, 2025

Superseded by #607.

@dependabot dependabot bot closed this Jan 20, 2025
@dependabot dependabot bot deleted the dependabot/pip/tensorflow/tensorflow-b92d84d7aa branch January 20, 2025 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jitendra42 jitendra42 Awaiting requested review from jitendra42 jitendra42 is a code owner

@sramakintel sramakintel Awaiting requested review from sramakintel sramakintel is a code owner

@sharvil10 sharvil10 Awaiting requested review from sharvil10 sharvil10 is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants