From 191d56d6768aeb1a571f077409aec1a6a57ead22 Mon Sep 17 00:00:00 2001 From: Adam Pocock Date: Fri, 4 Feb 2022 10:48:57 -0500 Subject: [PATCH] Bumping to TF 2.7.1, protobuf 3.19.4, error-prone 2.10.0 --- pom.xml | 2 +- tensorflow-core/pom.xml | 4 +++- tensorflow-core/tensorflow-core-api/WORKSPACE | 6 +++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index f4f1b18928b..102d51e0149 100644 --- a/pom.xml +++ b/pom.xml @@ -42,7 +42,7 @@ 5.6.2 1.21 2.7 - 2.6.0 + 2.10.0 true true true diff --git a/tensorflow-core/pom.xml b/tensorflow-core/pom.xml index d2a3e9d393d..54b8ab8372f 100644 --- a/tensorflow-core/pom.xml +++ b/tensorflow-core/pom.xml @@ -40,8 +40,10 @@ Match version used by TensorFlow, in https://github.com/tensorflow/tensorflow/blob/master/tensorflow/workspace2.bzl#L567 (but for the currently used release, not master) + + Bumped to newer version to patch a CVE only present in protobuf-java --> - 3.9.2 + 3.19.2 ${javacpp.platform}${javacpp.platform.extension} false diff --git a/tensorflow-core/tensorflow-core-api/WORKSPACE b/tensorflow-core/tensorflow-core-api/WORKSPACE index 8be7695be78..0ac4d82a193 100644 --- a/tensorflow-core/tensorflow-core-api/WORKSPACE +++ b/tensorflow-core/tensorflow-core-api/WORKSPACE @@ -18,10 +18,10 @@ http_archive( patch_args = ["-p1"], patch_cmds = ["grep -rl 'java_package' tensorflow/core | xargs sed -i.bak 's/^\(.* java_package = \"org\.tensorflow\.\)\(.*\"\)/\\1proto.\\2'/"], urls = [ - "https://github.com/tensorflow/tensorflow/archive/refs/tags/v2.7.0.tar.gz", + "https://github.com/tensorflow/tensorflow/archive/refs/tags/v2.7.1.tar.gz", ], - sha256 = "bb124905c7fdacd81e7c842b287c169bbf377d29c74c9dacc04f96c9793747bb", - strip_prefix = "tensorflow-2.7.0" + sha256 = "abebe2cf5ca379e18071693ca5f45b88ade941b16258a21cc1f12d77d5387a21", + strip_prefix = "tensorflow-2.7.1" ) # START: Upstream TensorFlow dependencies