Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 2 updates #46

Closed
wants to merge 1 commit into from
Closed

Bump the pip group across 1 directory with 2 updates #46

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Aug 31, 2024

Bumps the pip group with 2 updates in the /requirements directory: onnx and opencv-python.

Updates onnx from 1.15.0 to 1.16.0

Release notes

Sourced from onnx's releases.

v1.16.0

ONNX v1.16.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

Key Updates

ai.onnx Opset 21

ai.onnx.ml Opset 4

IR Version 10

  • Added support for UINT4, INT4 types
  • GraphProto, FunctionProto, NodeProto, TensorProto added metadata_props field
  • FunctionProto added value_info field
  • FunctionProto and NodeProto added overload field to support overloaded functions.

Python Changes

  • Support registering custom OpSchemas via Python interface
  • Support Python3.12

Security Updates

  • Fix path sanitization bypass leading to arbitrary read (CVE-2024-27318)
  • Fix Out of bounds read due to lack of string termination in assert (CVE-2024-27319)

Deprecation notice

Bug fixes and infrastructure improvements

  • Enable empty list of values as attribute (#5559)
  • Add backward conversions from 18->17 for reduce ops (#5606)
  • DFT-20 version converter (#5613)
  • Fix version-converter to generate valid identifiers (#5628)
  • Reserve removed proto fields (#5643)
  • Cleanup shape inference implementation (#5596)
  • Do not use LFS64 on non-glibc linux (#5669)
  • Drop "one of" default attribute check in LabelEncoder (#5673)
  • TreeEnsemble base values for the reference implementation (#5665)
  • Parser/printer support external data format (#5688)
  • [cmake] Place export target file in the correct directory (#5677)

... (truncated)

Commits

Updates opencv-python from 4.7.0.68 to 4.8.1.78

Release notes

Sourced from opencv-python's releases.

4.8.1.78

OpenCV 4.8.1 release.

Important changes:

4.8.0.76

Adds cv2.typing to package. Close #869

4.8.0.74

Important changes:

  • #20370 Python typing stubs.
  • #23350 Fix reference counting errors in registerNewType.
  • #23399, #23436, #23138 Fixed ChAruco and diamond boards detector bindings.
  • #23371 Added bindings to allow GpuMat and Stream objects to be initialized from memory initialized in other libraries
  • #23691 np.float16 support.
  • Python bindings for RotatedRect, CV_MAKETYPE, CV_8UC(n).
  • Several build fixes for OpenCV-Python package

4.7.0.72

OpenCV 4.7.0 with various distribution bug fixes.

  • Mac OS 11 support.
  • Old Linux support with zlib version older than 1.9.
  • Package build fixes for Python 11 on Musl C based system (Alpine).

4.7.0.70

OpenCV 4.7.0 with various distribution bug fixes.

  • Mac OS 11 support.
  • Old Linux support with zlib version older than 1.9.
  • Package build fixes for Python 11 on Musl C based system (Alpine).
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 2 updates
1f8f711 
Bumps the pip group with 2 updates in the /requirements directory: [onnx](https://github.com/onnx/onnx) and [opencv-python](https://github.com/opencv/opencv-python).


Updates `onnx` from 1.15.0 to 1.16.0
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](onnx/onnx@v1.15.0...v1.16.0)

Updates `opencv-python` from 4.7.0.68 to 4.8.1.78
- [Release notes](https://github.com/opencv/opencv-python/releases)
- [Commits](https://github.com/opencv/opencv-python/commits)

---
updated-dependencies:
- dependency-name: onnx
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: opencv-python
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner August 31, 2024 00:16
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 31, 2024
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Sep 2, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/pip/requirements/pip-9e01c5869a branch September 2, 2024 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@wiktorlazarski