Bump modelaudit from 0.2.42 to 0.2.47 in /services/quarantine by dependabot[bot] · Pull Request #69 · SecAI-Hub/SecAI_OS

dependabot · 2026-06-12T03:53:53Z

Bumps modelaudit from 0.2.42 to 0.2.47.

Changelog

0.2.47 (2026-06-05)

Bug Fixes

bind cache reads and writes to scanned file identity (#1458) (860adab)

redact MetaGraph evidence previews (#1473) (58139d9)

redact Torch7 evidence examples (#1467) (646857b)

0.2.46 (2026-06-05)

Bug Fixes

address runpy review edge cases (#1401) (995f978)

analyze ambiguous protobuf routing candidates (#1302) (411b6ee)

avoid ambient TensorFlow proto imports (#1406) (601003d)

avoid duplicate sharded scans and preserve metadata (#1231) (83a0ce5)

avoid framed process string false positives (#1400) (9aae65a)

avoid pickle meta-path source probing (#1493) (a31df76)

block 7z symlinks before extraction (#1462) (73152a0)

block torch.load on vulnerable prereleases (06125e5)

bound directory metadata extraction (#1470) (3dd9ceb)

bound GGUF declared collections (#1316) (3ceb138)

bound jax and flax metadata scans (#1500) (1f794df)

bound jinja sandbox render probes (#1419) (6a6534b)

bound native picklescan state simulation (#1501) (f4c9cdf)

bound OCI layer decompression (#1443) (fd76fb1)

bound Orbax directory checkpoint scanning (#1414) (22a9ffa)

bound PyTorch ZIP version probes (#1512) (196fb46)

bound SavedModel graph traversal (#1491) (b42fffb)

bound SavedModel keras metadata parsing (#1466) (b2eddc4)

cache: key advanced shard allowlists (#1248) (336148a)

cap PyTorch ZIP entry processing (#1455) (e74da5b)

ci: avoid performance gating in Windows nightly (#1264) (c01b42a)

classify incomplete CatBoost analysis correctly (388565b)

classify incomplete OCI layer scans correctly (#1291) (25aae73)

classify incomplete pickle analysis and stream coverage (#1310) (e20518f)

classify incomplete PMML analysis correctly (#1293) (a3b2cfe)

classify incomplete R serialized analysis correctly (#1312) (9439adc)

classify incomplete RKNN and Torch7 analysis correctly (#1289) (6d0ad24)

classify incomplete Skops coverage correctly (#1298) (d618584)

classify incomplete TAR member coverage correctly (#1299) (0cb11b1)

classify incomplete TorchServe analysis correctly (#1297) (f443b02)

classify incomplete weight analysis correctly (#1313) (e4138c1)

classify incomplete ZIP and Keras coverage correctly (#1300) (c350ab9)

classify PyTorch binary code patterns as findings (#1497) (e9c6c0a)

classify sevenzip probe limits as inconclusive (#1296) (d7e1ad1)

classify unavailable binary artifact reads correctly (#1305) (bc4e6b2)

classify unavailable CNTK and LightGBM reads correctly (#1303) (26fcf41)

classify unavailable Joblib reads correctly (#1309) (5b56384)

classify unavailable manifest and text reads correctly (#1307) (5b50c71)

... (truncated)

Commits

b41d7b4 chore: release main (#1516)
58139d9 fix: redact MetaGraph evidence previews (#1473)
646857b fix: redact Torch7 evidence examples (#1467)
9aca319 test(picklescan): stabilize Windows cache regressions (#1515)
860adab fix: bind cache reads and writes to scanned file identity (#1458)
4a73c06 chore: release main (#1514)
66c55cb fix: redact flax msgpack evidence (#1409)
f147ebc fix: contain SBOM symlink hashing (#1476)
196fb46 fix: bound PyTorch ZIP version probes (#1512)
440fe18 fix: flag native keras config modules (#1430)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [modelaudit](https://github.com/promptfoo/modelaudit) from 0.2.42 to 0.2.47. - [Release notes](https://github.com/promptfoo/modelaudit/releases) - [Changelog](https://github.com/promptfoo/modelaudit/blob/main/CHANGELOG.md) - [Commits](promptfoo/modelaudit@v0.2.42...v0.2.47) --- updated-dependencies: - dependency-name: modelaudit dependency-version: 0.2.47 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 12, 2026

dependabot Bot mentioned this pull request Jun 12, 2026

Bump modelaudit from 0.2.42 to 0.2.45 in /services/quarantine #29

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump modelaudit from 0.2.42 to 0.2.47 in /services/quarantine#69

Bump modelaudit from 0.2.42 to 0.2.47 in /services/quarantine#69
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/services/quarantine/modelaudit-0.2.47

dependabot Bot commented on behalf of github Jun 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 12, 2026

0.2.47 (2026-06-05)

Bug Fixes

0.2.46 (2026-06-05)

Bug Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants