Bump github.com/tensorflow/tensorflow from 1.13.1 to 1.15.5

[dependabot-preview]

⚠️ Dependabot Preview has been deactivated ⚠️

This pull request was created by Dependabot Preview, and you've upgraded to Dependabot. This means it won't respond to dependabot commands nor will it be automatically closed if a new version is found.

If you close this pull request, Dependabot will re-create it the next time it checks for updates and everything will work as expected.

---

Bumps github.com/tensorflow/tensorflow from 1.13.1 to 1.15.5.

Release notes

Sourced from github.com/tensorflow/tensorflow's releases.

TensorFlow 1.15.5

Release 1.15.5

Note that this is the last patch release for the TensorFlow 1.x series.

Bug Fixes and Other Changes

• Fixes an access to unitialized memory in Eigen code (CVE-2020-26266)
• Fixes a security vulnerability caused by lack of validation in tf.raw_ops.DataFormatVecPermute and tf.raw_ops.DataFormatDimMap (CVE-2020-26267)
• Fixes a vulnerability caused by attempting to write to immutable memory region in tf.raw_ops.ImmutableConst (CVE-2020-26268
• Fixes a CHECK-fail in LSTM with zero-length input (CVE-2020-26270)
• Fixes a security vulnerability caused by accessing heap data outside of bounds when loading a specially crafted SavedModel (CVE-2020-26271)
• Updates libjpeg-turbo to 2.0.5 to handle CVE-2020-13790.
• Updates junit to 4.13.1 to handle CVE-2020-15250.
• Updates PCRE to 8.44 to handle CVE-2019-20838 and CVE-2020-14155.
• Updates sqlite3 to 3.44.0 to keep in sync with master branch.

TensorFlow 1.15.4

Release 1.15.4

Bug Fixes and Other Changes

• Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190)
• Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
• Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)
• Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
• Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203)
• Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
• Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)
• Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)
• Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
• Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
• Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
• Updates sqlite3 to 3.33.00 to handle CVE-2020-9327, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13871, and CVE-2020-15358.
• Fixes #41630 by including max_seq_length in CuDNN descriptor cache key
• Pins numpy to 1.18.5 to prevent ABI breakage when compiling code that uses both NumPy and TensorFlow headers.

TensorFlow 1.15.3

Bug Fixes and Other Changes

• Updates sqlite3 to 3.31.01 to handle CVE-2019-19880, CVE-2019-19244 and CVE-2019-19645
• Updates curl to 7.69.1 to handle CVE-2019-15601
• Updates libjpeg-turbo to 2.0.4 to handle CVE-2018-19664, CVE-2018-20330 and CVE-2019-13960
• Updates Apache Spark to 2.4.5 to handle CVE-2019-10099, CVE-2018-17190 and CVE-2018-11770

TensorFlow 1.15.2

Release 1.15.2

Note that this release no longer has a single pip package for GPU and CPU. Please see #36347 for history and details

Bug Fixes and Other Changes

• Fixes a security vulnerability where converting a Python string to a tf.float16 value produces a segmentation fault (CVE-2020-5215)
• Updates curl to 7.66.0 to handle CVE-2019-5482 and CVE-2019-5481

Changelog

Sourced from github.com/tensorflow/tensorflow's changelog.

Release 1.15.5

Note that this is the last patch release for the TensorFlow 1.x series.

Bug Fixes and Other Changes

• Fixes an access to unitialized memory in Eigen code (CVE-2020-26266)
• Fixes a security vulnerability caused by lack of validation in tf.raw_ops.DataFormatVecPermute and tf.raw_ops.DataFormatDimMap (CVE-2020-26267)
• Fixes a vulnerability caused by attempting to write to immutable memory region in tf.raw_ops.ImmutableConst (CVE-2020-26268
• Fixes a CHECK-fail in LSTM with zero-length input (CVE-2020-26270)
• Fixes a security vulnerability caused by accessing heap data outside of bounds when loading a specially crafted SavedModel (CVE-2020-26271)
• Updates libjpeg-turbo to 2.0.5 to handle CVE-2020-13790.
• Updates junit to 4.13.1 to handle CVE-2020-15250.
• Updates PCRE to 8.44 to handle CVE-2019-20838 and CVE-2020-14155.
• Updates sqlite3 to 3.44.0 to keep in sync with master branch.

Release 2.4.0

Major Features and Improvements

• tf.distribute introduces experimental support for asynchronous training of models via the [tf.distribute.experimental.ParameterServerStrategy] (https://www.tensorflow.org/api_docs/python/tf/distribute/experimental/ParameterServerStrategy) API. Please see the tutorial to learn more.

• MultiWorkerMirroredStrategy is now a stable API and is no longer considered experimental. Some of the major improvements involve handling peer failure and many bug fixes. Please check out the detailed tutorial on [Multi-worker training with Keras] (https://www.tensorflow.org/tutorials/distribute/multi_worker_with_keras).

• Introduces experimental support for a new module named [tf.experimental.numpy] (https://www.tensorflow.org/api_docs/python/tf/experimental/numpy) which is a NumPy-compatible API for writing TF programs. See the [detailed guide] (https://www.tensorflow.org/guide/tf_numpy) to learn more. Additional details below.

• Adds Support for

Commits

• 3db52be Merge pull request #45763 from tensorflow-jenkins/relnotes-1.15.5-6556
• a788dc5 Update RELEASE.md
• da8db17 Merge pull request #46152 from tensorflow/mm-cherry-pick-sqlite-bump-on-r1.15
• a19bd42 Update SQLite to the lastest sqlite-amalgamation-3340000
• 0396c28 Disable failing test
• 89fe0ce Merge pull request #45809 from tensorflow/fix-cp-1.15
• d04c0e0 Fix bad cherrypick
• d3ea1b9 Merge pull request #45802 from tensorflow/update_path
• a6d2785 Fix import path
• 6f62fd1 Merge pull request #45530 from tensorflow/mm-cherrypick-6d7da36623b-on-r1.15
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)