Bump tensorflow from 2.4.0 to 2.9.3

[dependabot[bot]]

Bumps tensorflow from 2.4.0 to 2.9.3.

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.9.3

Release 2.9.3

This release introduces several vulnerability fixes:

• Fixes an overflow in tf.keras.losses.poisson (CVE-2022-41887)
• Fixes a heap OOB failure in ThreadUnsafeUnigramCandidateSampler caused by missing validation (CVE-2022-41880)
• Fixes a segfault in ndarray_tensor_bridge (CVE-2022-41884)
• Fixes an overflow in FusedResizeAndPadConv2D (CVE-2022-41885)
• Fixes a overflow in ImageProjectiveTransformV2 (CVE-2022-41886)
• Fixes an FPE in tf.image.generate_bounding_box_proposals on GPU (CVE-2022-41888)
• Fixes a segfault in pywrap_tfe_src caused by invalid attributes (CVE-2022-41889)
• Fixes a CHECK fail in BCast (CVE-2022-41890)
• Fixes a segfault in TensorListConcat (CVE-2022-41891)
• Fixes a CHECK_EQ fail in TensorListResize (CVE-2022-41893)
• Fixes an overflow in CONV_3D_TRANSPOSE on TFLite (CVE-2022-41894)
• Fixes a heap OOB in MirrorPadGrad (CVE-2022-41895)
• Fixes a crash in Mfcc (CVE-2022-41896)
• Fixes a heap OOB in FractionalMaxPoolGrad (CVE-2022-41897)
• Fixes a CHECK fail in SparseFillEmptyRowsGrad (CVE-2022-41898)
• Fixes a CHECK fail in SdcaOptimizer (CVE-2022-41899)
• Fixes a heap OOB in FractionalAvgPool and FractionalMaxPool(CVE-2022-41900)
• Fixes a CHECK_EQ in SparseMatrixNNZ (CVE-2022-41901)
• Fixes an OOB write in grappler (CVE-2022-41902)
• Fixes a overflow in ResizeNearestNeighborGrad (CVE-2022-41907)
• Fixes a CHECK fail in PyFunc (CVE-2022-41908)
• Fixes a segfault in CompositeTensorVariantToComponents (CVE-2022-41909)
• Fixes a invalid char to bool conversion in printing a tensor (CVE-2022-41911)
• Fixes a heap overflow in QuantizeAndDequantizeV2 (CVE-2022-41910)
• Fixes a CHECK failure in SobolSample via missing validation (CVE-2022-35935)
• Fixes a CHECK fail in TensorListScatter and TensorListScatterV2 in eager mode (CVE-2022-35935)

TensorFlow 2.9.2

Release 2.9.2

This releases introduces several vulnerability fixes:

• Fixes a CHECK failure in tf.reshape caused by overflows (CVE-2022-35934)
• Fixes a CHECK failure in SobolSample caused by missing validation (CVE-2022-35935)
• Fixes an OOB read in Gather_nd op in TF Lite (CVE-2022-35937)
• Fixes a CHECK failure in TensorListReserve caused by missing validation (CVE-2022-35960)
• Fixes an OOB write in Scatter_nd op in TF Lite (CVE-2022-35939)
• Fixes an integer overflow in RaggedRangeOp (CVE-2022-35940)
• Fixes a CHECK failure in AvgPoolOp (CVE-2022-35941)
• Fixes a CHECK failures in UnbatchGradOp (CVE-2022-35952)
• Fixes a segfault TFLite converter on per-channel quantized transposed convolutions (CVE-2022-36027)
• Fixes a CHECK failures in AvgPool3DGrad (CVE-2022-35959)
• Fixes a CHECK failures in FractionalAvgPoolGrad (CVE-2022-35963)
• Fixes a segfault in BlockLSTMGradV2 (CVE-2022-35964)
• Fixes a segfault in LowerBound and UpperBound (CVE-2022-35965)

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.9.3

This release introduces several vulnerability fixes:

• Fixes an overflow in tf.keras.losses.poisson (CVE-2022-41887)
• Fixes a heap OOB failure in ThreadUnsafeUnigramCandidateSampler caused by missing validation (CVE-2022-41880)
• Fixes a segfault in ndarray_tensor_bridge (CVE-2022-41884)
• Fixes an overflow in FusedResizeAndPadConv2D (CVE-2022-41885)
• Fixes a overflow in ImageProjectiveTransformV2 (CVE-2022-41886)
• Fixes an FPE in tf.image.generate_bounding_box_proposals on GPU (CVE-2022-41888)
• Fixes a segfault in pywrap_tfe_src caused by invalid attributes (CVE-2022-41889)
• Fixes a CHECK fail in BCast (CVE-2022-41890)
• Fixes a segfault in TensorListConcat (CVE-2022-41891)
• Fixes a CHECK_EQ fail in TensorListResize (CVE-2022-41893)
• Fixes an overflow in CONV_3D_TRANSPOSE on TFLite (CVE-2022-41894)
• Fixes a heap OOB in MirrorPadGrad (CVE-2022-41895)
• Fixes a crash in Mfcc (CVE-2022-41896)
• Fixes a heap OOB in FractionalMaxPoolGrad (CVE-2022-41897)
• Fixes a CHECK fail in SparseFillEmptyRowsGrad (CVE-2022-41898)
• Fixes a CHECK fail in SdcaOptimizer (CVE-2022-41899)
• Fixes a heap OOB in FractionalAvgPool and FractionalMaxPool(CVE-2022-41900)
• Fixes a CHECK_EQ in SparseMatrixNNZ (CVE-2022-41901)
• Fixes an OOB write in grappler (CVE-2022-41902)
• Fixes a overflow in ResizeNearestNeighborGrad (CVE-2022-41907)
• Fixes a CHECK fail in PyFunc (CVE-2022-41908)
• Fixes a segfault in CompositeTensorVariantToComponents (CVE-2022-41909)
• Fixes a invalid char to bool conversion in printing a tensor (CVE-2022-41911)
• Fixes a heap overflow in QuantizeAndDequantizeV2 (CVE-2022-41910)
• Fixes a CHECK failure in SobolSample via missing validation (CVE-2022-35935)
• Fixes a CHECK fail in TensorListScatter and TensorListScatterV2 in eager mode (CVE-2022-35935)

Release 2.8.4

This release introduces several vulnerability fixes:

• Fixes a heap OOB failure in ThreadUnsafeUnigramCandidateSampler caused by missing validation (CVE-2022-41880)
• Fixes a segfault in ndarray_tensor_bridge (CVE-2022-41884)
• Fixes an overflow in FusedResizeAndPadConv2D (CVE-2022-41885)
• Fixes a overflow in ImageProjectiveTransformV2 (CVE-2022-41886)
• Fixes an FPE in tf.image.generate_bounding_box_proposals on GPU (CVE-2022-41888)
• Fixes a segfault in pywrap_tfe_src caused by invalid attributes (CVE-2022-41889)
• Fixes a CHECK fail in BCast (CVE-2022-41890)
• Fixes a segfault in TensorListConcat (CVE-2022-41891)
• Fixes a CHECK_EQ fail in TensorListResize (CVE-2022-41893)
• Fixes an overflow in CONV_3D_TRANSPOSE on TFLite (CVE-2022-41894)
• Fixes a heap OOB in MirrorPadGrad (CVE-2022-41895)
• Fixes a crash in Mfcc (CVE-2022-41896)
• Fixes a heap OOB in FractionalMaxPoolGrad (CVE-2022-41897)
• Fixes a CHECK fail in SparseFillEmptyRowsGrad (CVE-2022-41898)
• Fixes a CHECK fail in SdcaOptimizer (CVE-2022-41899)

... (truncated)

Commits

• a5ed5f3 Merge pull request #58584 from tensorflow/vinila21-patch-2
• 258f9a1 Update py_func.cc
• cd27cfb Merge pull request #58580 from tensorflow-jenkins/version-numbers-2.9.3-24474
• 3e75385 Update version numbers to 2.9.3
• bc72c39 Merge pull request #58482 from tensorflow-jenkins/relnotes-2.9.3-25695
• 3506c90 Update RELEASE.md
• 8dcb48e Update RELEASE.md
• 4f34ec8 Merge pull request #58576 from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...
• 6fc67e4 Replace CHECK with returning an InternalError on failing to create python tuple
• 5dbe90a Merge pull request #58570 from tensorflow/r2.9-7b174a0f2e4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[AbhinavMir]

(Can take this up is this is an actual issue!)

[kanej]

This is a great suggestion for an improvement.

What is happening is that that solc is giving an error (solc 2658). The range that solc is giving in the source code is the entire contract:

With the extension we can manipulate that source range so that it is limited to the constructor, more specifically just to the constructor keyword.

The way this would be implemented is by providing a new CompilerDiagnistic for 2658. This diagnostic would provide no code actions but transform the solc error by constraining the source range by implementing fromHardhatCompilerError, and constraining to the constructor keyword. You can see a similar move here:

https://github.com/NomicFoundation/hardhat-vscode/blob/12bb234327561fb1c6877a2ced5ea2f6fc324a45/server/src/compilerDiagnostics/diagnostics/ConstrainMutability.ts#L25

[AbhinavMir]

Thanks! I can implement this, but I'm taking a break till end of week. Could you assign it to me so I can keep a tab on it and close it this weekend?

[kanej]

Hey @AbhinavMir I have assigned it to you. Thanks and good luck.