build(deps): Bump the pip group across 2 directories with 7 updates

[dependabot]

Bumps the pip group with 7 updates in the / directory:

Package	From	To
ipython	7.34.0	8.10.0
torch	2.5.0	2.7.1
gunicorn	22.0.0	23.0.0
jinja2	3.1.4	3.1.6
keras	3.6.0	3.9.0
protobuf	4.25.5	4.25.8
requests	2.32.3	2.32.4

Bumps the pip group with 5 updates in the /backend directory:

Package	From	To
gunicorn	22.0.0	23.0.0
jinja2	3.1.4	3.1.6
keras	3.6.0	3.9.0
protobuf	4.25.5	4.25.8
requests	2.32.3	2.32.4

Updates ipython from 7.34.0 to 8.10.0

Commits

• 15ea1ed release 8.10.0
• 560ad10 DOC: Update what's new for 8.10 (#13939)
• 7557ade DOC: Update what's new for 8.10
• 385d693 Merge pull request from GHSA-29gw-9793-fvw7
• e548ee2 Swallow potential exceptions from showtraceback() (#13934)
• 0694b08 MAINT: mock slowest test. (#13885)
• 8655912 MAINT: mock slowest test.
• a011765 Isolate the attack tests with setUp and tearDown methods
• c7a9470 Add some regression tests for this change
• fd34cf5 Swallow potential exceptions from showtraceback()
• Additional commits viewable in compare view

Updates torch from 2.5.0 to 2.7.1

Release notes

Sourced from torch's releases.

PyTorch 2.7.1 Release, bug fix release

This release is meant to fix the following issues (regressions / silent correctness):

Torch.compile

Fix Excessive cudagraph re-recording for HF LLM models (#152287) Fix torch.compile on some HuggingFace models (#151154) Fix crash due to Exception raised inside torch.autocast (#152503) Improve Error logging in torch.compile (#149831) Mark mutable custom operators as cacheable in torch.compile (#151194) Implement workaround for a graph break with older version einops (#153925) Fix an issue with tensor.view(dtype).copy_(...) (#151598)

Flex Attention

Fix assertion error due to inductor permuting inputs to flex attention (#151959) Fix performance regression on nanogpt speedrun (#152641)

Distributed

Fix extra CUDA context created by barrier (#149144) Fix an issue related to Distributed Fused Adam in Rocm/APEX when using nccl_ub feature (#150010) Add a workaround random hang in non-blocking API mode in NCCL 2.26 (#154055)

MacOS

Fix MacOS compilation error with Clang 17 (#151316) Fix binary kernels produce incorrect results when one of the tensor arguments is from a wrapped scalar on MPS devices (#152997)

Other

Improve PyTorch Wheel size due to introduction of addition of 128 bit vectorization (#148320) (#152396) Fix fmsub function definition (#152075) Fix Floating point exception in torch.mkldnn_max_pool2d (#151848) Fix abnormal inference output with XPU:1 device (#153067) Fix Illegal Instruction Caused by grid_sample on Windows (#152613) Fix ONNX decomposition does not preserve custom CompositeImplicitAutograd ops (#151826) Fix error with dynamic linking of libgomp library (#150084) Fix segfault in profiler with Python 3.13 (#153848)

PyTorch 2.7.0 Release Notes

• Highlights
• Tracked Regressions
• Backwards Incompatible Changes
• Deprecations
• New Features
• Improvements
• Bug fixes
• Performance
• Documentation
• Developers

Highlights

... (truncated)

Commits

• e2d141d set thread_work_size to 4 for unrolled kernel (#154541)
• 1214198 [c10d] Fix extra CUDA context created by barrier (#152834)
• 790cc2f [c10d] Add more tests to prevent extra context (#154179)
• 62ea99a [CI] Remove the xpu env source for linux binary validate (#154409)
• 941732c [ROCm] Added unit test to test the cuda_pluggable allocator (#154135)
• 769d5da [binary builds] Linux aarch64 CUDA builds. Make sure tag is set correctly (#1...
• 306ba12 Fix uint view copy (#151598) (#154121)
• 1ae9953 [ROCm] Update CUDAPluggableAllocator.h (#1984) (#153974)
• 4a815ed ci: Set minimum cmake version for halide build (#154122)
• 4c7314e [Dynamo] Fix einops regression (#154053)
• Additional commits viewable in compare view

Updates gunicorn from 22.0.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

• minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
• worker_class parameter accepts a class (:pr:3079)
• fix deadlock if request terminated during chunked parsing (:pr:2688)
• permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
• permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
• sdist generation now explicitly excludes sphinx build folder (:pr:3257)
• decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
• raise correct Exception when encounting invalid chunked requests (:pr:3258)
• the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
• include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

• The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
• Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
• Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

• refuse requests where the uri field is empty (:pr:3255)
• refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
• remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
• If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits

• 411986d fix doc
• 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
• e75c353 Merge pull request #3189 from pajod/patch-py36
• 9357b28 keep document user in access_log_format setting
• 79fdef0 bump to 23.0.0
• 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
• 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
• 256d474 docs: revert duped directive
• ffa48b5 test: default change was intentional
• 52538ca docs: recommend SCRIPT_NAME=/subfolder
• Additional commits viewable in compare view

Updates jinja2 from 3.1.4 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. #2032
• Calling sync render for an async template uses asyncio.run. #1952
• Avoid unclosed auto_aiter warnings. #1960
• Return an aclose-able AsyncGenerator from Template.generate_async. #1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
• Avoid leaving async generators unclosed in blocks, includes and extends. #1960
• The runtime uses the correct concat function for the current environment when calling block references. #1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
• |int filter handles OverflowError from scientific notation. #1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
• Fix copy/pickle support for the internal missing object. #2027
• Environment.overlay(enable_async) is applied correctly. #2061
• The error message from FileSystemLoader includes the paths that were searched. #1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
• Improve annotations for methods returning copies. #1880
• urlize does not add mailto: to values like @a@b. #1870
• Tests decorated with @pass_context can be used with the |select filter. #1624
• Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
• Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
• Calling sync render for an async template uses asyncio.run. :pr:1952
• Avoid unclosed auto_aiter warnings. :pr:1960
• Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
• Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
• The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
• |int filter handles OverflowError from scientific notation. :issue:1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
• Fix copy/pickle support for the internal missing object. :issue:2027
• Environment.overlay(enable_async) is applied correctly. :pr:2061
• The error message from FileSystemLoader includes the paths that were searched. :issue:1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
• Improve annotations for methods returning copies. :pr:1880
• urlize does not add mailto: to values like @a@b. :pr:1870

... (truncated)

Commits

• 1520688 release version 3.1.6
• 90457bb Merge commit from fork
• 065334d attr filter uses env.getattr
• 033c200 start version 3.1.6
• bc68d4e use global contributing guide (#2070)
• 247de5e use global contributing guide
• ab8218c use project advisory link instead of global
• b4ffc8f release version 3.1.5 (#2066)
• 877f6e5 release version 3.1.5
• 8d58859 remove test pypi
• Additional commits viewable in compare view

Updates keras from 3.6.0 to 3.9.0

Release notes

Sourced from keras's releases.

Keras 3.9.0

New features

• Add new Keras rematerialization API: keras.RematScope and keras.remat. It can be used to turn on rematerizaliation for certain layers in fine-grained manner, e.g. only for layers larger than a certain size, or for a specific set of layers, or only for activations.
• Increase op coverage for OpenVINO backend.
• New operations:
  • keras.ops.rot90
  • keras.ops.rearrange (Einops-style)
  • keras.ops.signbit
  • keras.ops.polar
  • keras.ops.image.perspective_transform
  • keras.ops.image.gaussian_blur
• New layers:
  • keras.layers.RMSNormalization
  • keras.layers.AugMix
  • keras.layers.CutMix
  • keras.layers.RandomInvert
  • keras.layers.RandomErasing
  • keras.layers.RandomGaussianBlur
  • keras.layers.RandomPerspective
• Minor additions:
  • Add support for dtype argument to JaxLayer and FlaxLayer layers
  • Add boolean input support to BinaryAccuracy metric
  • Add antialias argument to keras.layers.Resizing layer.
• Security fix: disallow object pickling in saved npz model files (numpy format). Thanks to Peng Zhou for reporting the vulnerability.

New Contributors

• @​harshaljanjani made their first contribution in keras-team/keras#20745
• @​doncarlos999 made their first contribution in keras-team/keras#20641
• @​sonali-kumari1 made their first contribution in keras-team/keras#20775
• @​jurca made their first contribution in keras-team/keras#20810
• @​zskendall made their first contribution in keras-team/keras#20805
• @​apehex made their first contribution in keras-team/keras#20803
• @​nikolasavic3 made their first contribution in keras-team/keras#20896
• @​ibraaaa made their first contribution in keras-team/keras#20926
• @​AsVoider made their first contribution in keras-team/keras#20921
• @​abheesht17 made their first contribution in keras-team/keras#20932
• @​Mohamed-Ashraf273 made their first contribution in keras-team/keras#20934
• @​kuanxian1 made their first contribution in keras-team/keras#20951
• @​praveenhosdrug123 made their first contribution in keras-team/keras#20916

Full Changelog: keras-team/keras@v3.8.0...v3.9.0

Keras 3.8.0

New: OpenVINO backend

OpenVINO is now available as an infererence-only Keras backend. You can start using it by setting the backend field to "openvino" in your keras.json config file.

... (truncated)

Commits

• eb1f844 Fix Discretization serialization when num_bins is used. (#20971)
• 19b1418 Enable cuDNN RNNs when dropout is set and training=True (#20983)
• 465a3d2 Update version number
• 2688bfc Fix docstring
• ff427e5 [Keras Ops and Layer] Add keras.ops.rms_norm() and keras.layers.RMSNormalizat...
• f7115c2 Fix PyTorch stateful RNN/LSTM gradient computation error resolves #20875 (#20...
• 7a7bca6 [OpenVINO backend] Support numpy.append (#20951)
• c356cae Bump the github-actions group with 3 updates (#20975)
• 0902ff4 [OpenVino BackEnd]support np.count_nonzero for ov BackEnd (#20945)
• 21c8997 Make gaussian_blur to use scipy convolve2d (#20974)
• Additional commits viewable in compare view

Updates protobuf from 4.25.5 to 4.25.8

Commits

• a4cbdd3 Updating version.json and repo version numbers to: 25.8
• 29445be Merge pull request #21880 from shaod2/py-25
• cc13b69 Remove debugging code and add EOLs
• d31100c Manually backport recursion limit enforcement to 25.x
• 88a3b90 Change pre-22 poison pill to only log once per affected message type. (#21754)
• 320eafa Weaken vulnerable gencode poison pills to warning by default.
• f584fe3 Merge branch 'protocolbuffers:25.x' into 25.x
• c710036 Update test_upb.yml to use ubuntu-22
• 9721758 Fix missing trailing newline.
• cca7b28 Update test_upb.yml to use ubuntu-22
• Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

Commits

• 021dc72 Polish up release tooling for last manual release
• 821770e Bump version and add release notes for v2.32.4
• 59f8aa2 Add netrc file search information to authentication documentation (#6876)
• 5b4b64c Add more tests to prevent regression of CVE 2024 47081
• 7bc4587 Add new test to check netrc auth leak (#6962)
• 96ba401 Only use hostname to do netrc lookup instead of netloc
• 7341690 Merge pull request #6951 from tswast/patch-1
• 6716d7c remove links
• a7e1c74 Update docs/conf.py
• c799b81 docs: fix dead links to kenreitz.org
• Additional commits viewable in compare view

Updates gunicorn from 22.0.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

• minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
• worker_class parameter accepts a class (:pr:3079)
• fix deadlock if request terminated during chunked parsing (:pr:2688)
• permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
• permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
• sdist generation now explicitly excludes sphinx build folder (:pr:3257)
• decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
• raise correct Exception when encounting invalid chunked requests (:pr:3258)
• the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
• include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

• The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
• Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
• Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

• refuse requests where the uri field is empty (:pr:3255)
• refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
• remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
• If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits

• 411986d fix doc
• 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
• e75c353 Merge pull request #3189 from pajod/patch-py36
• 9357b28 keep document user in access_log_format setting
• 79fdef0 bump to 23.0.0
• 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
• 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
• 256d474 docs: revert duped directive
• ffa48b5 test: default change was intentional
• 52538ca docs: recommend SCRIPT_NAME=/subfolder
• Additional commits viewable in compare view

Updates jinja2 from 3.1.4 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. #2032
• Calling sync render for an async template uses asyncio.run. #1952
• Avoid unclosed auto_aiter warnings. #1960
• Return an aclose-able AsyncGenerator from Template.generate_async. #1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
• Avoid leaving async generators unclosed in blocks, includes and extends. #1960
• The runtime uses the correct concat function for the current environment when calling block references. #1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
• |int filter handles OverflowError from scientific notation. #1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
• Fix copy/pickle support for the internal missing object. #2027
• Environment.overlay(enable_async) is applied correctly. #2061
• The error message from FileSystemLoader includes the paths that were searched. #1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
• Improve annotations for methods returning copies. #1880
• urlize does not add mailto: to values like @a@b. #1870
• Tests decorated with @pass_context can be used with the |select filter. #1624
• Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
• Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
• Calling sync render for an async template uses asyncio.run. :pr:1952
• Avoid unclosed auto_aiter warnings. :pr:1960
• Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
• Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
• The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
• |int filter handles OverflowError from scientific notation. :issue:1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
• Fix copy/pickle support for the internal missing object. :issue:2027
• Environment.overlay(enable_async) is applied correctly. :pr:2061
• The error message from FileSystemLoader includes the paths that were searched. :issue:1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
• Improve annotations for methods returning copies. :pr:1880
• urlize does not add mailto: to values like @a@b. :pr:1870

... (truncated)

Commits

• 1520688 release version 3.1.6
• 90457bb Merge commit from fork
• 065334d attr filter uses env.getattr
• 033c200 start version 3.1.6
• bc68d4e use global contributing guide (#2070)
• 247de5e use global contributing guide
• ab8218c use project advisory link instead of global
• b4ffc8f release version 3.1.5 (#2066)
• 877f6e5 release version 3.1.5
• 8d58859 remove test pypi
• Additional commits viewable in compare view

Updates keras from 3.6.0 to 3.9.0

Release notes

Sourced from keras's releases.

Keras 3.9.0

New features

• Add new Keras rematerialization API: keras.RematScope and keras.remat. It can be used to turn on rematerizaliation for certain layers in fine-grained manner, e.g. only for layers larger than a certain size, or for a specific set of layers, or only for activations.
• Increase op coverage for OpenVINO backend.
• New operations:
  • keras.ops.rot90
  • keras.ops.rearrange (Einops-style)
  • keras.ops.signbit
  • keras.ops.polar
  • keras.ops.image.perspective_transform
  • keras.ops.image.gaussian_blur
• New layers:
  • keras.layers.RMSNormalization
  • keras.layers.AugMix
  • keras.layers.CutMix
  • keras.layers.RandomInvert
  • keras.layers.RandomErasing
  • keras.layers.RandomGaussianBlur
  • keras.layers.RandomPerspective
• Minor additions:
  • Add support for dtype argument to JaxLayer and FlaxLayer layers
  • Add boolean input support to BinaryAccuracy metric
  • Add antialias argument to keras.layers.Resizing layer.
• Security fix: disallow object pickling in saved npz model files (numpy format). Thanks to Peng Zhou for reporting the vulnerability.

New Contributors

• @​harshaljanjani made their first contribution in keras-team/keras#20745
• @​doncarlos999 made their first contribution in keras-team/keras#20641
• @​sonali-kumari1 made their first contribution in keras-team/keras#20775
• @​jurca made their first contribution in keras-team/keras#20810
• @​zskendall made their first contribution in keras-team/keras#20805
• @​apehex made their first contribution in keras-team/keras#20803
• @​nikolasavic3 made their first contribution in keras-team/keras#20896
• @​ibraaaa made their first contribution in keras-team/keras#20926
• @​AsVoider made their first contribution in keras-team/keras#20921
• @​abheesht17 made their first contribution in keras-team/keras#20932
• @​Mohamed-Ashraf273 made their first contribution in keras-team/keras#20934
• @​kuanxian1 made their first contribution in keras-team/keras#20951
• @​praveenhosdrug123 made their first contribution in keras-team/keras#20916

Full Changelog: keras-team/keras@v3.8.0...v3.9.0

Keras 3.8.0

New: OpenVINO backend

OpenVINO is now available as an infererence-only Keras backend. You can start using it by setting the backend field to "openvino" in your keras.json config file.

... (truncated)

Commits

• eb1f844 Fix Discretization serialization when num_bins is used. (#20971)
• 19b1418 Enable cuDNN RNNs when dropout is set and training=True (#20983)
• 465a3d2 Update version number
• 2688bfc Fix docstring
• ff427e5 [Keras Ops and Layer] Add keras.ops.rms_norm() and keras.layers.RMSNormalizat...
• f7115c2 Fix PyTorch stateful RNN/LSTM gradient computation error resolves #20875 (#20...
• 7a7bca6 [OpenVINO backend] Support numpy.append (#20951)
• c356cae Bump the github-actions group with 3 updates (#20975)
• 0902ff4 [OpenVino BackEnd]support np.count_nonzero for ov BackEnd (#20945)
• 21c8997 Make gaussian_blur to use scipy convolve2d (#20974)
• Additional commits viewable in compare view

Updates protobuf from 4.25.5 to 4.25.8

Commits

• a4cbdd3 Updating version.json and repo version numbers to: 25.8
• 29445be Merge pull request #21880 from shaod2/py-25
• cc13b69 Remove debugging code and add EOLs
• d31100c Manually backport recursion limit enforcement to 25.x
• 88a3b90 Change pre-22 poison pill to only log once per affected message type. (#21754)
• 320eafa Weaken vulnerable gencode poison pills to warning by default.
• f584fe3 Merge branch 'protocolbuffers:25.x' into 25.x
• c710036 Update test_upb.yml to use ubuntu-22
• 9721758 Fix missing trailing newline.
• cca7b28 Update test_upb.yml to use ubuntu-22
• Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (