Bump the tensorflow group across 1 directory with 4 updates

[dependabot]

Bumps the tensorflow group with 4 updates in the /tensorflow directory: tensorflow, pillow, jupyterlab and notebook.

Updates tensorflow from 2.15.0 to 2.17.0

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.17.0

Release 2.17.0

TensorFlow

Breaking Changes

• GPU
  • Support for NVIDIA GPUs with compute capability 5.x (Maxwell generation) has been removed from TF binary distributions (Python wheels).

Major Features and Improvements

• Add is_cpu_target_available, which indicates whether or not TensorFlow was built with support for a given CPU target. This can be useful for skipping target-specific tests if a target is not supported.

• tf.data

  • Support data.experimental.distribued_save. distribued_save uses tf.data service (https://www.tensorflow.org/api_docs/python/tf/data/experimental/service) to write distributed dataset snapshots. The call is non-blocking and returns without waiting for the snapshot to finish. Setting wait=True to tf.data.Dataset.load allows the snapshots to be read while they are being written.

Bug Fixes and Other Changes

• GPU

  • Support for NVIDIA GPUs with compute capability 8.9 (e.g. L4 & L40) has been added to TF binary distributions (Python wheels).

• Replace DebuggerOptions of TensorFlow Quantizer, and migrate to DebuggerConfig of StableHLO Quantizer.

• Add TensorFlow to StableHLO converter to TensorFlow pip package.

• TensorRT support: this is the last release supporting TensorRT. It will be removed in the next release.

• NumPy 2.0 support: TensorFlow is going to support NumPy 2.0 in the next release. It may break some edge cases of TensorFlow API usage.

• tf.lite

  • Quantization for FullyConnected layer is switched from per-tensor to per-channel scales for dynamic range quantization use case (float32 inputs / outputs and int8 weights). The change enables new quantization schema globally in the converter and inference engine. The new behaviour can be disabled via experimental flag converter._experimental_disable_per_channel_quantization_for_dense_layers = True.
  • C API:
    • The experimental TfLiteRegistrationExternal type has been renamed as TfLiteOperator, and likewise for the corresponding API functions.
  • The Python TF Lite Interpreter bindings now have an option experimental_default_delegate_latest_features to enable all default delegate features.
  • Flatbuffer version update:
    • GetTemporaryPointer() bug fixed.

• tf.data

  • Add wait to tf.data.Dataset.load. If True, for snapshots written with distributed_save, it reads the snapshot while it is being written. For snapshots written with regular save, it waits for the snapshot until it's finished. The default is False for backward compatibility. Users of distributed_save are recommended to set it to True.

• tf.tpu.experimental.embedding.TPUEmbeddingV2

  • Add compute_sparse_core_stats for sparse core users to profile the data with this API to get the max_ids and max_unique_ids. These numbers will be needed to configure the sparse core embedding mid level api.
  • Remove the preprocess_features method since that's no longer needed.

Thanks to our Contributors

This release contains contributions from many people at Google, as well as:

Abdulaziz Aloqeely, Ahmad-M-Al-Khateeb, Akhil Goel, akhilgoe, Alexander Pivovarov, Amir Samani, Andrew Goodbody, Andrey Portnoy, Ashiq Imran, Ben Olson, Chao, Chase Riley Roberts, Clemens Giuliani, dependabot[bot], Dimitris Vardoulakis, Dragan Mladjenovic, ekuznetsov139, Elfie Guo, Faijul Amin, Gauri1 Deshpande, Georg Stefan Schmid, guozhong.zhuang, Hao Wu, Haoyu (Daniel), Harsha H S, Harsha Hs, Harshit Monish, Ilia Sergachev, Jane Liu, Jaroslav Sevcik, Jinzhe Zeng, Justin Dhillon, Kaixi Hou, Kanvi Khanna, LakshmiKalaKadali, Learning-To-Play, lingzhi98, Lu Teng, Matt Bahr, Max Ren, Meekail Zain, Mmakevic-Amd, mraunak, neverlva, nhatle, Nicola Ferralis, Olli Lupton, Om Thakkar, orangekame3, ourfor, pateldeev, Pearu Peterson, pemeliya, Peng Sun, Philipp Hack, Pratik Joshi, prrathi, rahulbatra85, Raunak, redwrasse, Robert Kalmar, Robin Zhang, RoboSchmied, Ruturaj Vaidya, sachinmuradi, Shawn Wang, Sheng Yang, Surya, Thibaut Goetghebuer-Planchon, Thomas Preud'Homme, tilakrayal, Tj Xu, Trevor Morris, wenchenvincent, Yimei Sun, zahiqbal, Zhu Jianjiang, Zoranjovanovic-Ns

TensorFlow 2.17.0-rc1

Release 2.17.0

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.17.0

TensorFlow

Breaking Changes

Known Caveats

Major Features and Improvements

Bug Fixes and Other Changes

• GPU

  • Support for NVIDIA GPUs with compute capability 8.9 (e.g. L4 & L40) has been added to TF binary distributions (Python wheels).

• Replace DebuggerOptions of TensorFlow Quantizer, and migrate to DebuggerConfig of StableHLO Quantizer.

• Add TensorFlow to StableHLO converter to TensorFlow pip package.

• TensorRT support: this is the last release supporting TensorRT. It will be removed in the next release.

• NumPy 2.0 support: TensorFlow is going to support NumPy 2.0 in the next release. It may break some edge cases of TensorFlow API usage.

Keras

Breaking Changes

• GPU
  • Support for NVIDIA GPUs with compute capability 5.x (Maxwell generation) has been removed from TF binary distributions (Python wheels).

... (truncated)

Commits

• ad6d8cc Merge pull request #71345 from tensorflow-jenkins/version-numbers-2.17.0-6959
• 8ca87bf Update version numbers to 2.17.0
• b3dcff9 Merge pull request #70600 from tensorflow/r2.17-2d72742d40f
• 742ccbb Add tensorflow support for 16k page sizes on arm64
• 8581151 Merge pull request #70475 from tensorflow-jenkins/version-numbers-2.17.0rc1-8204
• d6b2aa0 Update version numbers to 2.17.0-rc1
• bb8057c Merge pull request #70454 from vladbelit/gcs_trailing_dot_undo
• 72f4b02 Fix issues with TF GCS operations not working in certain environments.
• 6ed0a1a Merge pull request #70358 from tensorflow/r2.17-b24db0b2a85
• ffca2f5 Add back xla/stream_executor:cuda_platform to tf_additional_binary_deps.
• Additional commits viewable in compare view

Updates pillow from 10.3.0 to 10.4.0

Release notes

Sourced from pillow's releases.

10.4.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.4.0.html

Changes

• Raise FileNotFoundError if show_file() path does not exist #8178 [@​radarhere]
• Improved reading 16-bit TGA images with colour #7965 [@​Yay295]
• Fixed processing multiple JPEG EXIF markers #8127 [@​radarhere]
• Do not preserve EXIFIFD tag by default when saving TIFF images #8110 [@​radarhere]
• Added ImageFont.load_default_imagefont() #8086 [@​radarhere]
• Added Image.WARN_POSSIBLE_FORMATS #8063 [@​radarhere]
• Do not presume "xmp" info simply because "XML:com.adobe.xmp" info exists #8173 [@​radarhere]
• Remove zero-byte end padding when parsing any XMP data #8171 [@​radarhere]
• Do not detect Ultra HDR images as MPO #8056 [@​radarhere]
• Raise SyntaxError specific to JP2 #8146 [@​Yay295]
• Do not use first frame duration for other frames when saving APNG images #8104 [@​radarhere]
• Consider I;16 pixel size when using a 1 mode mask #8112 [@​radarhere]
• When saving multiple PNG frames, convert to mode rather than raw mode #8087 [@​radarhere]
• Added byte support to FreeTypeFont #8141 [@​radarhere]
• Allow float center for rotate operations #8114 [@​radarhere]
• Do not read layers immediately when opening PSD images #8039 [@​radarhere]
• Restore original thread state #8065 [@​radarhere]
• Read IM and TIFF images as RGB, rather than RGBX #7997 [@​radarhere]
• Only preserve TIFF IPTC_NAA_CHUNK tag if type is BYTE or UNDEFINED #7948 [@​radarhere]
• Prevent extra EPS header validations #8144 [@​Yay295]
• Clarify ImageDraw2 error message when size is missing #8165 [@​radarhere]
• Support unpacking more rawmodes to RGBA palettes #7966 [@​radarhere]
• Removed support for Qt 5 #8159 [@​radarhere]
• Improve ImageFont.freetype support for XDG directories on Linux #8135 [@​mamg22]
• Improved consistency of XMP handling #8069 [@​radarhere]
• Use pkg-config to help find libwebp and raqm #8142 [@​radarhere]
• Renamed C transform2 to transform #8113 [@​radarhere]
• Updated nasm to 2.16.03 #7990 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #8100 [@​pre-commit-ci]
• Updated ImageCms.createProfile colorTemp default and docstring #8096 [@​radarhere]
• Added ImageDraw circle() #8085 [@​void4]
• Don't reuse variable name #8082 [@​Yay295]
• Use functools.cached_property in GifImagePlugin #8037 [@​radarhere]
• Add mypy target to Makefile #8077 [@​Yay295]
• Added Python 3.13 beta wheels #8071 [@​radarhere]
• Parse _version contents instead of using exec() #8050 [@​radarhere]
• Lint fixes #8068 [@​radarhere]
• Fix type errors #8064 [@​radarhere]
• Added MPEG accept function #7999 [@​radarhere]
• Added more modes to Image.MODES #7984 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #8044 [@​pre-commit-ci]
• Do not use percent format in strings #8045 [@​radarhere]
• Changed string formatting to f-strings #8043 [@​mrKazzila]
• Removed direct invocation of setup.py #8027 [@​radarhere]
• Update ExifTags.py #8020 [@​CTimmerman]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.4.0 (2024-07-01)

• Raise FileNotFoundError if show_file() path does not exist #8178 [radarhere]

• Improved reading 16-bit TGA images with colour #7965 [Yay295, radarhere]

• Deprecate non-image ImageCms modes #8031 [radarhere]

• Fixed processing multiple JPEG EXIF markers #8127 [radarhere]

• Do not preserve EXIFIFD tag by default when saving TIFF images #8110 [radarhere]

• Added ImageFont.load_default_imagefont() #8086 [radarhere]

• Added Image.WARN_POSSIBLE_FORMATS #8063 [radarhere]

• Remove zero-byte end padding when parsing any XMP data #8171 [radarhere]

• Do not detect Ultra HDR images as MPO #8056 [radarhere]

• Raise SyntaxError specific to JP2 #8146 [Yay295, radarhere]

• Do not use first frame duration for other frames when saving APNG images #8104 [radarhere]

• Consider I;16 pixel size when using a 1 mode mask #8112 [radarhere]

• When saving multiple PNG frames, convert to mode rather than raw mode #8087 [radarhere]

• Added byte support to FreeTypeFont #8141 [radarhere]

• Allow float center for rotate operations #8114 [radarhere]

• Do not read layers immediately when opening PSD images #8039 [radarhere]

... (truncated)

Commits

• 9b4fae7 10.4.0 version bump
• b55d74b Update CHANGES.rst [ci skip]
• 8daf550 Merge pull request #8178 from radarhere/imageshow
• c6d8c58 Merge pull request #7965 from Yay295/patch-3
• c9ec76a Raise FileNotFoundError if show_file() path does not exist
• b48d175 Update CHANGES.rst [ci skip]
• 4d6dff3 Merge pull request #8031 from radarhere/imagingcms_modes
• 70b3815 Merge pull request #8127 from radarhere/multiple_exif_markers
• 88cd6d4 Rearranged comments
• 41426a6 Merge pull request #8110 from radarhere/exififd
• Additional commits viewable in compare view

Updates jupyterlab from 4.3.0a0 to 4.3.0a2

Release notes

Sourced from jupyterlab's releases.

v4.3.0a2

4.3.0a2

(Full Changelog)

Enhancements made

• Adopt the --jp-border-radius CSS variable in missing input fields #16568 (@​joaopalmeiro)
• Set the background color for the hover state of the New Launcher button #16551 (@​joaopalmeiro)
• Adopt theme CSS variables for generic input fields #16548 (@​joaopalmeiro)
• Update the CSS variable used for notebook cell shadows #16546 (@​joaopalmeiro)
• Scope CSS rules to a new .jp-ThemedContainer class #16519 (@​fcollonval)
• Filebrowser filter below breadcrumbs #16446 (@​JasonWeill)
• Add checkbox to skip showing the kernel restart dialog #16265 (@​NexVeridian)

Bugs fixed

• Update JupyterLab wordmark color #16567 (@​joaopalmeiro)
• Standardize Property Inspector placeholder according to TOC #16566 (@​joaopalmeiro)
• Fix license table CSS selector to apply the selected row styles #16547 (@​joaopalmeiro)
• Fix settings editor missing plugins with transform step or registered late #16523 (@​krassowski)
• Add customisation options to prevent inline completer resizing aggressively #16507 (@​krassowski)
• Improve focus styling #16496 (@​fcollonval)

Maintenance and upkeep improvements

• Fix galata update action #16560 (@​krassowski)
• Restore previous benchmark run conditions #16559 (@​krassowski)
• Bump the pip group with 2 updates #16540 (@​dependabot)
• Bump the actions group with 2 updates #16539 (@​dependabot)

Documentation improvements

• Scope CSS rules to a new .jp-ThemedContainer class #16519 (@​fcollonval)

Contributors to this release

(GitHub contributors page for this release)

@​dependabot | @​fcollonval | @​g547315 | @​gabalafou | @​github-actions | @​j264415 | @​JasonWeill | @​joaopalmeiro | @​jtpio | @​jupyterlab-probot | @​krassowski | @​NexVeridian | @​pre-commit-ci | @​welcome

v4.3.0a1

4.3.0a1

(Full Changelog)

... (truncated)

Changelog

Sourced from jupyterlab's changelog.

4.3.0a2

(Full Changelog)

Enhancements made

• Adopt the --jp-border-radius CSS variable in missing input fields #16568 (@​joaopalmeiro)
• Set the background color for the hover state of the New Launcher button #16551 (@​joaopalmeiro)
• Adopt theme CSS variables for generic input fields #16548 (@​joaopalmeiro)
• Update the CSS variable used for notebook cell shadows #16546 (@​joaopalmeiro)
• Scope CSS rules to a new .jp-ThemedContainer class #16519 (@​fcollonval)
• Filebrowser filter below breadcrumbs #16446 (@​JasonWeill)
• Add checkbox to skip showing the kernel restart dialog #16265 (@​NexVeridian)

Bugs fixed

• Update JupyterLab wordmark color #16567 (@​joaopalmeiro)
• Standardize Property Inspector placeholder according to TOC #16566 (@​joaopalmeiro)
• Fix license table CSS selector to apply the selected row styles #16547 (@​joaopalmeiro)
• Fix settings editor missing plugins with transform step or registered late #16523 (@​krassowski)
• Add customisation options to prevent inline completer resizing aggressively #16507 (@​krassowski)
• Improve focus styling #16496 (@​fcollonval)

Maintenance and upkeep improvements

• Fix galata update action #16560 (@​krassowski)
• Restore previous benchmark run conditions #16559 (@​krassowski)
• Bump the pip group with 2 updates #16540 (@​dependabot)
• Bump the actions group with 2 updates #16539 (@​dependabot)

Documentation improvements

• Scope CSS rules to a new .jp-ThemedContainer class #16519 (@​fcollonval)

Contributors to this release

(GitHub contributors page for this release)

@​dependabot | @​fcollonval | @​g547315 | @​gabalafou | @​github-actions | @​j264415 | @​JasonWeill | @​joaopalmeiro | @​jtpio | @​jupyterlab-probot | @​krassowski | @​NexVeridian | @​pre-commit-ci | @​welcome

4.3.0a1

(Full Changelog)

New features added

• Notebook minimap in the virtual scrollbar #16432 (@​krassowski)

... (truncated)

Commits

• 8043984 [ci skip] Publish 4.3.0a2
• 6d4e299 Standardize Property Inspector placeholder according to TOC (#16566)
• 2ee9b76 Adopt the --jp-border-radius variable in missing input fields (#16568)
• 9eb9b49 Update JupyterLab wordmark color (#16567)
• 88a1c9d Restore previous run conditions (#16559)
• c449011 Fix galata update action (#16560)
• 16887de Merge pull request from GHSA-5j4v-pr82-qg68
• 8515c5e Scope CSS rules to a new .jp-ThemedContainer class (#16519)
• 0ca4b71 Set the background color for the hover state of the New Launcher button (#16551)
• e048f27 Improve focus styling (#16496)
• Additional commits viewable in compare view

Updates notebook from 7.3.0a0 to 7.3.0a1

Release notes

Sourced from notebook's releases.

v7.3.0a1

7.3.0a1

(Full Changelog)

Enhancements made

• Update to JupyterLab 4.3.0a1 #7416 (@​jtpio)

Bugs fixed

• Remove pseudoelement obstructing the cell collapser #7392 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio | @​krassowski

Changelog

Sourced from notebook's changelog.

7.3.0a1

(Full Changelog)

Enhancements made

• Update to JupyterLab 4.3.0a1 #7416 (@​jtpio)

Bugs fixed

• Remove pseudoelement obstructing the cell collapser #7392 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio | @​krassowski

Commits

• 53b3820 Publish 7.3.0a1
• ff2b822 Update to JupyterLab 4.3.0a1 (#7416)
• fffe390 Remove pseudoelement obstructing the cell collapser (#7392)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/jupyterlab	4.3.0a2	🟢 5.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 21/26 approved changesets -- score normalized to 8 License 🟢 9 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected SAST 🟢 10 SAST tool is run on all commits Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
pip/notebook	7.3.0a1	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Maintained 🟢 10 28 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during GetBranch(7.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 12 existing vulnerabilities detected
pip/jupyterlab	4.3.0a0	🟢 5.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 21/26 approved changesets -- score normalized to 8 License 🟢 9 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected SAST 🟢 10 SAST tool is run on all commits Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
pip/notebook	7.3.0a0	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Maintained 🟢 10 28 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during GetBranch(7.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 12 existing vulnerabilities detected
pip/pillow	10.4.0	🟢 7.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 15/16 approved changesets -- score normalized to 9 License 🟢 9 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected
pip/tensorflow	2.17.0	🟢 7.8	Details Check Score Reason Binary-Artifacts 🟢 7 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 22 out of 23 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Contributors 🟢 10 project has 21 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/pillow	10.3.0	🟢 7.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 15/16 approved changesets -- score normalized to 9 License 🟢 9 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected
pip/tensorflow	2.15.0	🟢 7.8	Details Check Score Reason Binary-Artifacts 🟢 7 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 22 out of 23 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Contributors 🟢 10 project has 21 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/pillow	10.4.0	🟢 7.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 15/16 approved changesets -- score normalized to 9 License 🟢 9 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected
pip/tensorflow	2.17.0	🟢 7.8	Details Check Score Reason Binary-Artifacts 🟢 7 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 22 out of 23 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Contributors 🟢 10 project has 21 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/pillow	10.3.0	🟢 7.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 15/16 approved changesets -- score normalized to 9 License 🟢 9 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected
pip/tensorflow	2.16.1	🟢 7.8	Details Check Score Reason Binary-Artifacts 🟢 7 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 22 out of 23 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Contributors 🟢 10 project has 21 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/tensorflow	2.17.0	🟢 7.8	Details Check Score Reason Binary-Artifacts 🟢 7 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 22 out of 23 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Contributors 🟢 10 project has 21 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/tensorflow	2.15.0	🟢 7.8	Details Check Score Reason Binary-Artifacts 🟢 7 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 22 out of 23 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Contributors 🟢 10 project has 21 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Manifest Files

tensorflow/jupyter-requirements.txt

• jupyterlab@4.3.0a2
• notebook@7.3.0a1
• jupyterlab@4.3.0a0
• notebook@7.3.0a0

tensorflow/requirements.txt

• pillow@10.4.0
• tensorflow@2.17.0
• pillow@10.3.0
• tensorflow@2.15.0

tensorflow/serving/requirements.txt

• pillow@10.4.0
• tensorflow@2.17.0
• pillow@10.3.0
• tensorflow@2.16.1

tensorflow/xpu-requirements.txt

• tensorflow@2.17.0
• tensorflow@2.15.0

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.