Bump the tensorflow group across 1 directory with 6 updates

[dependabot]

Bumps the tensorflow group with 6 updates in the /tensorflow directory:

Package	From	To
tensorflow	2.15.0	2.17.0
pillow	10.3.0	10.4.0
jupyterlab	4.3.0a0	4.3.0a2
notebook	7.3.0a0	7.3.0a1
numpy	2.0.0	2.0.1
tensorflow-serving-api	2.16.1	2.17.0

Updates tensorflow from 2.15.0 to 2.17.0

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.17.0

Release 2.17.0

TensorFlow

Breaking Changes

• GPU
  • Support for NVIDIA GPUs with compute capability 5.x (Maxwell generation) has been removed from TF binary distributions (Python wheels).

Major Features and Improvements

• Add is_cpu_target_available, which indicates whether or not TensorFlow was built with support for a given CPU target. This can be useful for skipping target-specific tests if a target is not supported.

• tf.data

  • Support data.experimental.distribued_save. distribued_save uses tf.data service (https://www.tensorflow.org/api_docs/python/tf/data/experimental/service) to write distributed dataset snapshots. The call is non-blocking and returns without waiting for the snapshot to finish. Setting wait=True to tf.data.Dataset.load allows the snapshots to be read while they are being written.

Bug Fixes and Other Changes

• GPU

  • Support for NVIDIA GPUs with compute capability 8.9 (e.g. L4 & L40) has been added to TF binary distributions (Python wheels).

• Replace DebuggerOptions of TensorFlow Quantizer, and migrate to DebuggerConfig of StableHLO Quantizer.

• Add TensorFlow to StableHLO converter to TensorFlow pip package.

• TensorRT support: this is the last release supporting TensorRT. It will be removed in the next release.

• NumPy 2.0 support: TensorFlow is going to support NumPy 2.0 in the next release. It may break some edge cases of TensorFlow API usage.

• tf.lite

  • Quantization for FullyConnected layer is switched from per-tensor to per-channel scales for dynamic range quantization use case (float32 inputs / outputs and int8 weights). The change enables new quantization schema globally in the converter and inference engine. The new behaviour can be disabled via experimental flag converter._experimental_disable_per_channel_quantization_for_dense_layers = True.
  • C API:
    • The experimental TfLiteRegistrationExternal type has been renamed as TfLiteOperator, and likewise for the corresponding API functions.
  • The Python TF Lite Interpreter bindings now have an option experimental_default_delegate_latest_features to enable all default delegate features.
  • Flatbuffer version update:
    • GetTemporaryPointer() bug fixed.

• tf.data

  • Add wait to tf.data.Dataset.load. If True, for snapshots written with distributed_save, it reads the snapshot while it is being written. For snapshots written with regular save, it waits for the snapshot until it's finished. The default is False for backward compatibility. Users of distributed_save are recommended to set it to True.

• tf.tpu.experimental.embedding.TPUEmbeddingV2

  • Add compute_sparse_core_stats for sparse core users to profile the data with this API to get the max_ids and max_unique_ids. These numbers will be needed to configure the sparse core embedding mid level api.
  • Remove the preprocess_features method since that's no longer needed.

Thanks to our Contributors

This release contains contributions from many people at Google, as well as:

Abdulaziz Aloqeely, Ahmad-M-Al-Khateeb, Akhil Goel, akhilgoe, Alexander Pivovarov, Amir Samani, Andrew Goodbody, Andrey Portnoy, Ashiq Imran, Ben Olson, Chao, Chase Riley Roberts, Clemens Giuliani, dependabot[bot], Dimitris Vardoulakis, Dragan Mladjenovic, ekuznetsov139, Elfie Guo, Faijul Amin, Gauri1 Deshpande, Georg Stefan Schmid, guozhong.zhuang, Hao Wu, Haoyu (Daniel), Harsha H S, Harsha Hs, Harshit Monish, Ilia Sergachev, Jane Liu, Jaroslav Sevcik, Jinzhe Zeng, Justin Dhillon, Kaixi Hou, Kanvi Khanna, LakshmiKalaKadali, Learning-To-Play, lingzhi98, Lu Teng, Matt Bahr, Max Ren, Meekail Zain, Mmakevic-Amd, mraunak, neverlva, nhatle, Nicola Ferralis, Olli Lupton, Om Thakkar, orangekame3, ourfor, pateldeev, Pearu Peterson, pemeliya, Peng Sun, Philipp Hack, Pratik Joshi, prrathi, rahulbatra85, Raunak, redwrasse, Robert Kalmar, Robin Zhang, RoboSchmied, Ruturaj Vaidya, sachinmuradi, Shawn Wang, Sheng Yang, Surya, Thibaut Goetghebuer-Planchon, Thomas Preud'Homme, tilakrayal, Tj Xu, Trevor Morris, wenchenvincent, Yimei Sun, zahiqbal, Zhu Jianjiang, Zoranjovanovic-Ns

TensorFlow 2.17.0-rc1

Release 2.17.0

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.17.0

TensorFlow

Breaking Changes

• GPU
  • Support for NVIDIA GPUs with compute capability 5.x (Maxwell generation) has been removed from TF binary distributions (Python wheels).

Major Features and Improvements

• Add is_cpu_target_available, which indicates whether or not TensorFlow was built with support for a given CPU target. This can be useful for skipping target-specific tests if a target is not supported.

• tf.data

  • Support data.experimental.distribued_save. distribued_save uses tf.data service (https://www.tensorflow.org/api_docs/python/tf/data/experimental/service) to write distributed dataset snapshots. The call is non-blocking and returns without waiting for the snapshot to finish. Setting wait=True to tf.data.Dataset.load allows the snapshots to be read while they are being written.

Bug Fixes and Other Changes

• GPU

  • Support for NVIDIA GPUs with compute capability 8.9 (e.g. L4 & L40) has been added to TF binary distributions (Python wheels).

• Replace DebuggerOptions of TensorFlow Quantizer, and migrate to DebuggerConfig of StableHLO Quantizer.

• Add TensorFlow to StableHLO converter to TensorFlow pip package.

• TensorRT support: this is the last release supporting TensorRT. It will be removed in the next release.

• NumPy 2.0 support: TensorFlow is going to support NumPy 2.0 in the next release. It may break some edge cases of TensorFlow API usage.

• tf.lite

  • Quantization for FullyConnected layer is switched from per-tensor to per-channel scales for dynamic range quantization use case (float32 inputs / outputs and int8 weights). The change enables new quantization schema globally in the converter and inference engine. The new behaviour can be disabled via experimental flag converter._experimental_disable_per_channel_quantization_for_dense_layers = True.
  • C API:
    • The experimental TfLiteRegistrationExternal type has been renamed as TfLiteOperator, and likewise for the corresponding API functions.
  • The Python TF Lite Interpreter bindings now have an option experimental_default_delegate_latest_features to enable all default delegate features.
  • Flatbuffer version update:
    • GetTemporaryPointer() bug fixed.

• tf.data

  • Add wait to tf.data.Dataset.load. If True, for snapshots written with distributed_save, it reads the snapshot while it is being written. For snapshots written with regular save, it waits for the snapshot until it's finished. The default is False for backward compatibility. Users of distributed_save are recommended to set it to True.

• tf.tpu.experimental.embedding.TPUEmbeddingV2

  • Add compute_sparse_core_stats for sparse core users to profile the data with this API to get the max_ids and max_unique_ids. These numbers will be needed to configure the sparse core embedding mid level api.
  • Remove the preprocess_features method since that's no longer needed.

Thanks to our Contributors

This release contains contributions from many people at Google, as well as:

Abdulaziz Aloqeely, Ahmad-M-Al-Khateeb, Akhil Goel, akhilgoe, Alexander Pivovarov, Amir Samani, Andrew Goodbody, Andrey Portnoy, Ashiq Imran, Ben Olson, Chao, Chase Riley Roberts, Clemens Giuliani, dependabot[bot], Dimitris Vardoulakis, Dragan Mladjenovic, ekuznetsov139, Elfie Guo, Faijul Amin, Gauri1 Deshpande, Georg Stefan Schmid, guozhong.zhuang, Hao Wu, Haoyu (Daniel), Harsha H S, Harsha Hs, Harshit Monish, Ilia Sergachev, Jane Liu, Jaroslav Sevcik, Jinzhe Zeng, Justin Dhillon, Kaixi Hou, Kanvi Khanna, LakshmiKalaKadali, Learning-To-Play, lingzhi98, Lu Teng, Matt Bahr, Max Ren, Meekail Zain, Mmakevic-Amd, mraunak, neverlva, nhatle, Nicola Ferralis, Olli Lupton, Om Thakkar, orangekame3, ourfor, pateldeev, Pearu Peterson, pemeliya, Peng Sun, Philipp Hack, Pratik Joshi, prrathi, rahulbatra85, Raunak, redwrasse, Robert Kalmar, Robin Zhang, RoboSchmied, Ruturaj Vaidya, sachinmuradi, Shawn Wang, Sheng Yang, Surya, Thibaut Goetghebuer-Planchon, Thomas Preud'Homme, tilakrayal, Tj Xu, Trevor Morris, wenchenvincent, Yimei Sun, zahiqbal, Zhu Jianjiang, Zoranjovanovic-Ns

Release 2.16.2

Bug Fixes and Other Changes

... (truncated)

Commits

• ad6d8cc Merge pull request #71345 from tensorflow-jenkins/version-numbers-2.17.0-6959
• 8ca87bf Update version numbers to 2.17.0
• b3dcff9 Merge pull request #70600 from tensorflow/r2.17-2d72742d40f
• 742ccbb Add tensorflow support for 16k page sizes on arm64
• 8581151 Merge pull request #70475 from tensorflow-jenkins/version-numbers-2.17.0rc1-8204
• d6b2aa0 Update version numbers to 2.17.0-rc1
• bb8057c Merge pull request #70454 from vladbelit/gcs_trailing_dot_undo
• 72f4b02 Fix issues with TF GCS operations not working in certain environments.
• 6ed0a1a Merge pull request #70358 from tensorflow/r2.17-b24db0b2a85
• ffca2f5 Add back xla/stream_executor:cuda_platform to tf_additional_binary_deps.
• Additional commits viewable in compare view

Updates pillow from 10.3.0 to 10.4.0

Release notes

Sourced from pillow's releases.

10.4.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.4.0.html

Changes

• Raise FileNotFoundError if show_file() path does not exist #8178 [@​radarhere]
• Improved reading 16-bit TGA images with colour #7965 [@​Yay295]
• Fixed processing multiple JPEG EXIF markers #8127 [@​radarhere]
• Do not preserve EXIFIFD tag by default when saving TIFF images #8110 [@​radarhere]
• Added ImageFont.load_default_imagefont() #8086 [@​radarhere]
• Added Image.WARN_POSSIBLE_FORMATS #8063 [@​radarhere]
• Do not presume "xmp" info simply because "XML:com.adobe.xmp" info exists #8173 [@​radarhere]
• Remove zero-byte end padding when parsing any XMP data #8171 [@​radarhere]
• Do not detect Ultra HDR images as MPO #8056 [@​radarhere]
• Raise SyntaxError specific to JP2 #8146 [@​Yay295]
• Do not use first frame duration for other frames when saving APNG images #8104 [@​radarhere]
• Consider I;16 pixel size when using a 1 mode mask #8112 [@​radarhere]
• When saving multiple PNG frames, convert to mode rather than raw mode #8087 [@​radarhere]
• Added byte support to FreeTypeFont #8141 [@​radarhere]
• Allow float center for rotate operations #8114 [@​radarhere]
• Do not read layers immediately when opening PSD images #8039 [@​radarhere]
• Restore original thread state #8065 [@​radarhere]
• Read IM and TIFF images as RGB, rather than RGBX #7997 [@​radarhere]
• Only preserve TIFF IPTC_NAA_CHUNK tag if type is BYTE or UNDEFINED #7948 [@​radarhere]
• Prevent extra EPS header validations #8144 [@​Yay295]
• Clarify ImageDraw2 error message when size is missing #8165 [@​radarhere]
• Support unpacking more rawmodes to RGBA palettes #7966 [@​radarhere]
• Removed support for Qt 5 #8159 [@​radarhere]
• Improve ImageFont.freetype support for XDG directories on Linux #8135 [@​mamg22]
• Improved consistency of XMP handling #8069 [@​radarhere]
• Use pkg-config to help find libwebp and raqm #8142 [@​radarhere]
• Renamed C transform2 to transform #8113 [@​radarhere]
• Updated nasm to 2.16.03 #7990 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #8100 [@​pre-commit-ci]
• Updated ImageCms.createProfile colorTemp default and docstring #8096 [@​radarhere]
• Added ImageDraw circle() #8085 [@​void4]
• Don't reuse variable name #8082 [@​Yay295]
• Use functools.cached_property in GifImagePlugin #8037 [@​radarhere]
• Add mypy target to Makefile #8077 [@​Yay295]
• Added Python 3.13 beta wheels #8071 [@​radarhere]
• Parse _version contents instead of using exec() #8050 [@​radarhere]
• Lint fixes #8068 [@​radarhere]
• Fix type errors #8064 [@​radarhere]
• Added MPEG accept function #7999 [@​radarhere]
• Added more modes to Image.MODES #7984 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #8044 [@​pre-commit-ci]
• Do not use percent format in strings #8045 [@​radarhere]
• Changed string formatting to f-strings #8043 [@​mrKazzila]
• Removed direct invocation of setup.py #8027 [@​radarhere]
• Update ExifTags.py #8020 [@​CTimmerman]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.4.0 (2024-07-01)

• Raise FileNotFoundError if show_file() path does not exist #8178 [radarhere]

• Improved reading 16-bit TGA images with colour #7965 [Yay295, radarhere]

• Deprecate non-image ImageCms modes #8031 [radarhere]

• Fixed processing multiple JPEG EXIF markers #8127 [radarhere]

• Do not preserve EXIFIFD tag by default when saving TIFF images #8110 [radarhere]

• Added ImageFont.load_default_imagefont() #8086 [radarhere]

• Added Image.WARN_POSSIBLE_FORMATS #8063 [radarhere]

• Remove zero-byte end padding when parsing any XMP data #8171 [radarhere]

• Do not detect Ultra HDR images as MPO #8056 [radarhere]

• Raise SyntaxError specific to JP2 #8146 [Yay295, radarhere]

• Do not use first frame duration for other frames when saving APNG images #8104 [radarhere]

• Consider I;16 pixel size when using a 1 mode mask #8112 [radarhere]

• When saving multiple PNG frames, convert to mode rather than raw mode #8087 [radarhere]

• Added byte support to FreeTypeFont #8141 [radarhere]

• Allow float center for rotate operations #8114 [radarhere]

• Do not read layers immediately when opening PSD images #8039 [radarhere]

... (truncated)

Commits

• 9b4fae7 10.4.0 version bump
• b55d74b Update CHANGES.rst [ci skip]
• 8daf550 Merge pull request #8178 from radarhere/imageshow
• c6d8c58 Merge pull request #7965 from Yay295/patch-3
• c9ec76a Raise FileNotFoundError if show_file() path does not exist
• b48d175 Update CHANGES.rst [ci skip]
• 4d6dff3 Merge pull request #8031 from radarhere/imagingcms_modes
• 70b3815 Merge pull request #8127 from radarhere/multiple_exif_markers
• 88cd6d4 Rearranged comments
• 41426a6 Merge pull request #8110 from radarhere/exififd
• Additional commits viewable in compare view

Updates jupyterlab from 4.3.0a0 to 4.3.0a2

Release notes

Sourced from jupyterlab's releases.

v4.3.0a2

4.3.0a2

(Full Changelog)

Enhancements made

• Adopt the --jp-border-radius CSS variable in missing input fields #16568 (@​joaopalmeiro)
• Set the background color for the hover state of the New Launcher button #16551 (@​joaopalmeiro)
• Adopt theme CSS variables for generic input fields #16548 (@​joaopalmeiro)
• Update the CSS variable used for notebook cell shadows #16546 (@​joaopalmeiro)
• Scope CSS rules to a new .jp-ThemedContainer class #16519 (@​fcollonval)
• Filebrowser filter below breadcrumbs #16446 (@​JasonWeill)
• Add checkbox to skip showing the kernel restart dialog #16265 (@​NexVeridian)

Bugs fixed

• Update JupyterLab wordmark color #16567 (@​joaopalmeiro)
• Standardize Property Inspector placeholder according to TOC #16566 (@​joaopalmeiro)
• Fix license table CSS selector to apply the selected row styles #16547 (@​joaopalmeiro)
• Fix settings editor missing plugins with transform step or registered late #16523 (@​krassowski)
• Add customisation options to prevent inline completer resizing aggressively #16507 (@​krassowski)
• Improve focus styling #16496 (@​fcollonval)

Maintenance and upkeep improvements

• Fix galata update action #16560 (@​krassowski)
• Restore previous benchmark run conditions #16559 (@​krassowski)
• Bump the pip group with 2 updates #16540 (@​dependabot)
• Bump the actions group with 2 updates #16539 (@​dependabot)

Documentation improvements

• Scope CSS rules to a new .jp-ThemedContainer class #16519 (@​fcollonval)

Contributors to this release

(GitHub contributors page for this release)

@​dependabot | @​fcollonval | @​g547315 | @​gabalafou | @​github-actions | @​j264415 | @​JasonWeill | @​joaopalmeiro | @​jtpio | @​jupyterlab-probot | @​krassowski | @​NexVeridian | @​pre-commit-ci | @​welcome

v4.3.0a1

4.3.0a1

(Full Changelog)

... (truncated)

Changelog

Sourced from jupyterlab's changelog.

4.3.0a2

(Full Changelog)

Enhancements made

• Adopt the --jp-border-radius CSS variable in missing input fields #16568 (@​joaopalmeiro)
• Set the background color for the hover state of the New Launcher button #16551 (@​joaopalmeiro)
• Adopt theme CSS variables for generic input fields #16548 (@​joaopalmeiro)
• Update the CSS variable used for notebook cell shadows #16546 (@​joaopalmeiro)
• Scope CSS rules to a new .jp-ThemedContainer class #16519 (@​fcollonval)
• Filebrowser filter below breadcrumbs #16446 (@​JasonWeill)
• Add checkbox to skip showing the kernel restart dialog #16265 (@​NexVeridian)

Bugs fixed

• Update JupyterLab wordmark color #16567 (@​joaopalmeiro)
• Standardize Property Inspector placeholder according to TOC #16566 (@​joaopalmeiro)
• Fix license table CSS selector to apply the selected row styles #16547 (@​joaopalmeiro)
• Fix settings editor missing plugins with transform step or registered late #16523 (@​krassowski)
• Add customisation options to prevent inline completer resizing aggressively #16507 (@​krassowski)
• Improve focus styling #16496 (@​fcollonval)

Maintenance and upkeep improvements

• Fix galata update action #16560 (@​krassowski)
• Restore previous benchmark run conditions #16559 (@​krassowski)
• Bump the pip group with 2 updates #16540 (@​dependabot)
• Bump the actions group with 2 updates #16539 (@​dependabot)

Documentation improvements

• Scope CSS rules to a new .jp-ThemedContainer class #16519 (@​fcollonval)

Contributors to this release

(GitHub contributors page for this release)

@​dependabot | @​fcollonval | @​g547315 | @​gabalafou | @​github-actions | @​j264415 | @​JasonWeill | @​joaopalmeiro | @​jtpio | @​jupyterlab-probot | @​krassowski | @​NexVeridian | @​pre-commit-ci | @​welcome

4.3.0a1

(Full Changelog)

New features added

• Notebook minimap in the virtual scrollbar #16432 (@​krassowski)

... (truncated)

Commits

• 8043984 [ci skip] Publish 4.3.0a2
• 6d4e299 Standardize Property Inspector placeholder according to TOC (#16566)
• 2ee9b76 Adopt the --jp-border-radius variable in missing input fields (#16568)
• 9eb9b49 Update JupyterLab wordmark color (#16567)
• 88a1c9d Restore previous run conditions (#16559)
• c449011 Fix galata update action (#16560)
• 16887de Merge pull request from GHSA-5j4v-pr82-qg68
• 8515c5e Scope CSS rules to a new .jp-ThemedContainer class (#16519)
• 0ca4b71 Set the background color for the hover state of the New Launcher button (#16551)
• e048f27 Improve focus styling (#16496)
• Additional commits viewable in compare view

Updates notebook from 7.3.0a0 to 7.3.0a1

Release notes

Sourced from notebook's releases.

v7.3.0a1

7.3.0a1

(Full Changelog)

Enhancements made

• Update to JupyterLab 4.3.0a1 #7416 (@​jtpio)

Bugs fixed

• Remove pseudoelement obstructing the cell collapser #7392 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio | @​krassowski

Changelog

Sourced from notebook's changelog.

7.3.0a1

(Full Changelog)

Enhancements made

• Update to JupyterLab 4.3.0a1 #7416 (@​jtpio)

Bugs fixed

• Remove pseudoelement obstructing the cell collapser #7392 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio | @​krassowski

Commits

• 53b3820 Publish 7.3.0a1
• ff2b822 Update to JupyterLab 4.3.0a1 (#7416)
• fffe390 Remove pseudoelement obstructing the cell collapser (#7392)
• See full diff in compare view

Updates numpy from 2.0.0 to 2.0.1

Release notes

Sourced from numpy's releases.

v2.0.1

NumPy 2.0.1 Release Notes

NumPy 2.0.1 is a maintenance release that fixes bugs and regressions discovered after the 2.0.0 release. NumPy 2.0.1 is the last planned release in the 2.0.x series, 2.1.0rc1 should be out shortly.

The Python versions supported by this release are 3.9-3.12.

NOTE: Do not use the GitHub generated "Source code" files listed in the "Assets", they are garbage.

Improvements

np.quantile with method closest_observation chooses nearest even order statistic

This changes the definition of nearest for border cases from the nearest odd order statistic to nearest even order statistic. The numpy implementation now matches other reference implementations.

(gh-26656)

Contributors

A total of 15 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• @​vahidmech +
• Alex Herbert +
• Charles Harris
• Giovanni Del Monte +
• Leo Singer
• Lysandros Nikolaou
• Matti Picus
• Nathan Goldbaum
• Patrick J. Roddy +
• Raghuveer Devulapalli
• Ralf Gommers
• Rostan Tabet +
• Sebastian Berg
• Tyler Reddy
• Yannik Wicke +

Pull requests merged

A total of 24 pull requests were merged for this release.

• #26711: MAINT: prepare 2.0.x for further development
• #26792: TYP: fix incorrect import in ma/extras.pyi stub
• #26793: DOC: Mention '1.25' legacy printing mode in set_printoptions
• #26794: DOC: Remove mention of NaN and NAN aliases from constants

... (truncated)

Commits

• 4c9f431 Merge pull request #27000 from charris/prepare-2.0.1
• 0e70e00 REL: Prepare for the NumPy 2.0.1 release [wheel build]
• 4d10ffc Merge pull request #26995 from charris/backport-26985
• 764b667 BUG: Add object cast to avoid warning with limited API
• 9be6ad6 Merge pull request #26971 from charris/backport-26935
• 6d950e9 BUG: fix f2py tests to work with v2 API
• 89630c0 Merge pull request #26962 from charris/backport-26919
• 88fa840 TST: Apply test suggestion by Nathan for rlstrip fixes
• a9da01e BUG,MAINT: Fix utf-8 character stripping memory access
• 6afbbf8 Merge pull request #26963 from charris/backport-26930
• Additional commits viewable in compare view

Updates tensorflow-serving-api from 2.16.1 to 2.17.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

tensorflow/serving/requirements.txt

Package	Version	License	Issue Type
tensorflow-serving-api	2.17.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/jupyterlab	4.3.0a2	🟢 5.7	Details Check Score Reason Code-Review 🟢 8 Found 24/28 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
pip/notebook	7.3.0a1	🟢 4.2	Details Check Score Reason Maintained 🟢 10 23 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during GetBranch(7.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 12 existing vulnerabilities detected
pip/pillow	10.4.0	🟢 7.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected
pip/tensorflow	2.17.0	🟢 7.9	Details Check Score Reason Binary-Artifacts 🟢 7 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 22 out of 23 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Contributors 🟢 10 project has 21 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/numpy	2.0.1	🟢 8.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 11 out of 11 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 95 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/pillow	10.4.0	🟢 7.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected
pip/tensorflow	2.17.0	🟢 7.9	Details Check Score Reason Binary-Artifacts 🟢 7 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 22 out of 23 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Contributors 🟢 10 project has 21 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/tensorflow-serving-api	2.17.0	Unknown	Unknown
pip/tensorflow	2.17.0	🟢 7.9	Details Check Score Reason Binary-Artifacts 🟢 7 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 9 22 out of 23 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Contributors 🟢 10 project has 21 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Manifest Files

tensorflow/jupyter-requirements.txt

• [email protected]
• [email protected]
• [email protected]
• [email protected]

tensorflow/requirements.txt

• [email protected]
• [email protected]
• [email protected]
• [email protected]

tensorflow/serving/requirements.txt

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

tensorflow/xpu-requirements.txt

• [email protected]
• [email protected]

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.