[Snyk] Upgrade @tensorflow/tfjs-converter from 3.12.0 to 4.4.0

[snyk-bot]

Snyk has created this PR to upgrade @tensorflow/tfjs-converter from 3.12.0 to 4.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 14 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2023-04-06.

Release notes

Package name: @tensorflow/tfjs-converter

• 4.4.0 - 2023-04-06
  

  Core (4.3.0 ==> 4.4.0)

  Misc

  • Update monorepo to 4.4.0. (#7549).
  • Support string flag (#7509). Thanks, @ axinging.
  • webgpu: upgrade webgpu/types (#7528). Thanks, @ qjia7.
  • Fix missing isTypedArray when mixing versions of @ tensorflow packages (#7489).

  Data (4.3.0 ==> 4.4.0)

  Misc

  • Update monorepo to 4.4.0. (#7549).

  Layers (4.3.0 ==> 4.4.0)

  Misc

  • Update monorepo to 4.4.0. (#7549).
  • RandomHeight Preprocessing Layer (#7483). Thanks, @ RWallie.
  • BaseRandomLayer Abstract Layer and RandomWidth Preprocessing Layer (#7345). Thanks, @ RWallie.

  Converter (4.3.0 ==> 4.4.0)

  Misc

  • Update monorepo to 4.4.0. (#7549).
  • Fix graph executor to not dispose output tensors (#7505). Thanks, @ chunnienc.

  Node (4.3.0 ==> 4.4.0)

  Bug fixes

  • [tfjs-node] fixed summary writer memory leak (#7490).

  Misc

  • Update monorepo to 4.4.0. (#7549).
  • Fix missing isTypedArray when mixing versions of @ tensorflow packages (#7489).
  • [tfjs-node] Encode jpeg (#7484).

  Wasm (4.3.0 ==> 4.4.0)

  Security

  • build(deps-dev): bump webpack in /tfjs-backend-wasm/starter/webpack (#7476). Thanks, @ dependabot[bot].

  Misc

  • Update monorepo to 4.4.0. (#7549).

  Cpu (4.3.0 ==> 4.4.0)

  Misc

  • Update monorepo to 4.4.0. (#7549).
  • [cpu] Cast pixel to number in maxpool utils (#7534).

  Webgl (4.3.0 ==> 4.4.0)

  Misc

  • Update monorepo to 4.4.0. (#7549).
• 4.3.0 - 2023-03-17
  Read more
• 4.2.0 - 2023-01-03
  Read more
• 4.1.0 - 2022-11-20
  

  Core (4.0.0 ==> 4.1.0)

  Bug fixes

  • [ops ] guard shape for decimal and negative values (#7014).

  Misc

  • Update monorepo to 4.1.0. (#7058).
  • Move flag ENGINE_COMPILE_ONLY (#7019). Thanks, @ Linchenn.
  • Make Tensor explicitly implement TensorInfo (#7007).
  • Turn on the noImplicitOverride tsconfig option (#7009).
  • Cleanup and standardize package.json scripts of Bazel packages (#7005).
  • Use a template literal type for kernel registry key (#6976).
  • [wasm] Fix AvgPool and MaxPool for 1x1 kernels (#6969).

  Data (4.0.0 ==> 4.1.0)

  Misc

  • Update monorepo to 4.1.0. (#7058).
  • Turn on the noImplicitOverride tsconfig option (#7009).
  • Cleanup and standardize package.json scripts of Bazel packages (#7005).

  Layers (4.0.0 ==> 4.1.0)

  Misc

  • Update monorepo to 4.1.0. (#7058).
  • Turn on the noImplicitOverride tsconfig option (#7009).
  • Cleanup and standardize package.json scripts of Bazel packages (#7005).
  • cleanup conv class definitions (#6947). Thanks, @ vladmandic.
  • Move fitLoop and fitTensors into the LayersModel class (#6859).
  • Fix incorrect import path in center crop layer (#6946).
  • CenterCrop Layer (#6875). Thanks, @ AdamLang96.

  Converter (4.0.0 ==> 4.1.0)

  Misc

  • Update lockfiles branch tfjs_4.1.0_lockfiles lock files. (#7068).
  • Update monorepo to 4.1.0. (#7058).
  • Support dump with graphmodel.execute (#6953). Thanks, @ axinging.
  • Cleanup and standardize package.json scripts of Bazel packages (#7005).
  • Implement InitializeTableV2 (#6985).
  • Add support for RaggedGather/Range/TensorToTensor conversion (#6968).
  • Add null check for signature inputs outputs (#6978).
  • Add predictAsync function to support async structured outputs (#6975).
  • Use assertIn instead of assertTrue in python tests (#6958).

  Node (4.0.0 ==> 4.1.0)

  Misc

  • Update lockfiles branch tfjs_4.1.0_lockfiles lock files. (#7068).
  • Update monorepo to 4.1.0. (#7058).

  Wasm (4.0.0 ==> 4.1.0)

  Misc

  • Update lockfiles branch tfjs_4.1.0_lockfiles lock files. (#7068).
  • Update monorepo to 4.1.0. (#7058).
  • Bump loader-utils in /tfjs-backend-wasm/starter/webpack (#7052). Thanks, @ dependabot[bot].
  • Bump loader-utils in /tfjs-backend-wasm/starter/webpack (#7023). Thanks, @ dependabot[bot].
  • Turn on the noImplicitOverride tsconfig option (#7009).
  • Cleanup and standardize package.json scripts of Bazel packages (#7005).
  • implement isNaN for wasm (#6998).
  • added reciprocal op support for wasm (#6992).
  • [wasm] Fix AvgPool and MaxPool for 1x1 kernels (#6969).

  Cpu (4.0.0 ==> 4.1.0)

  Misc

  • Update monorepo to 4.1.0. (#7058).
  • Turn on the noImplicitOverride tsconfig option (#7009).
  • Cleanup and standardize package.json scripts of Bazel packages (#7005).

  Webgl (4.0.0 ==> 4.1.0)

  Bug fixes

  • Use VAOs for save+restore of vertexAttribPointer state between different webgl programs. (#6913). Thanks, @ kdashg.
  • fix (#6930). Thanks, @ Linchenn.

  Misc

  • Update lockfiles branch tfjs_4.1.0_lockfiles lock files. (#7068).
  • Update monorepo to 4.1.0. (#7058).
  • [webgl] Donot release tensor texture at reading (#6932). Thanks, @ axinging.
  • Remove @ types/webgl2 since they are included in lib/dom (#7038).
  • Move flag ENGINE_COMPILE_ONLY (#7019). Thanks, @ Linchenn.
  • Turn on the noImplicitOverride tsconfig option (#7009).
  • Cleanup and standardize package.json scripts of Bazel packages (#7005).
• 4.0.0 - 2022-10-13
  Read more
• 3.21.0 - 2022-10-06
  Read more
• 3.20.0 - 2022-08-23
  Read more
• 3.19.0 - 2022-07-22
  Read more
• 3.18.0 - 2022-05-20
  Read more
• 3.17.0 - 2022-05-12
• 3.16.0 - 2022-04-19
• 3.15.0 - 2022-03-22
• 3.14.0 - 2022-03-03
• 3.13.0 - 2022-01-12
• 3.12.0 - 2021-12-08

from @tensorflow/tfjs-converter GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[guardrails]

⚠️ We detected 11 security issues in this pull request:

Insecure File Management (1)

Severity	Details	Docs
High	Title: Path Traversal from user input Spot-the-Hole/functions/index.js Line 562 in 3e2bfe5 path.join(os.tmpdir(), path.basename(req.files.file[0].fieldname)),	📚

More info on how to fix Insecure File Management in JavaScript.

---

Vulnerable Libraries (9)

Severity	Details
High	[email protected] (t) upgrade to: >2.28.4-alpha.1 || >3.5.2
High	[email protected] (t) upgrade to: >2.2.1
Critical	[email protected] (t) upgrade to: >=1.2.6
Medium	pkg:npm/@tensorflow/[email protected]@3.21.1 (t) - no patch available
High	pkg:npm/[email protected]@2.6.2 (t) - no patch available
Medium	pkg:npm/@tensorflow/[email protected]@2.6.7 (t) - no patch available
High	pkg:npm/[email protected]@0.3.1 (t) - no patch available
Informational	pkg:npm/[email protected]@10.8.5 (t) - no patch available
Medium	pkg:npm/[email protected]@2.6.7 (t) - no patch available

More info on how to fix Vulnerable Libraries in JavaScript.

---

Insecure Use of Crypto (1)

Severity	Details	Docs
Medium	Title: Insecure use of random generator Spot-the-Hole/functions/index.js Line 204 in 3e2bfe5 result += characters.charAt(Math.floor(Math.random() * charactersLength));	📚

More info on how to fix Insecure Use of Crypto in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[stale]

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.

[stale]

Automatically closed due to lack of recent activity. Tag @aravindvnair99 to reopen. Thank you for your contributions.