Bump modelaudit from 0.2.42 to 0.2.49 in /services/quarantine by dependabot[bot] · Pull Request #78 · SecAI-Hub/SecAI_OS

dependabot · 2026-06-26T03:53:40Z

Bumps modelaudit from 0.2.42 to 0.2.49.

Changelog

0.2.49 (2026-06-25)

Bug Fixes

picklescan: restore Windows call-graph detection via cross-view stat identity (#1715) (51c0074)

0.2.48 (2026-06-24)

Bug Fixes

accept gzip-framed NeMo archives (#1634) (7be6b46)

audit dependencies for source changes (#1535) (bf1e109)

avoid exact-budget cloud pickle false positives (#1595) (350baa0)

bind direct shard cache to siblings (#1543) (45bf167)

bound executorch zip scanning (#1546) (ff9e1ae)

bound jinja scalar range render probes (#1553) (c00542e)

bound joblib decompression output (#1522) (98f41b1)

bound keras zip config traversal (#1555) (6e6ba57)

bound manifest jinja collection traversal (#1561) (23b6ca2)

bound OCI layer extraction budgets (#1566) (5f96b42)

bound picklescan pytorch zip members (#1569) (322c01b)

bound protocol0 line operands (#1534) (95e27df)

bound sevenzip member name collection (#1574) (fb36ad8)

bound stream analysis reads (#1525) (d44deb8)

bound weight distribution tensor extraction (#1581) (dc0051c)

calibrate legacy PyTorch storage persistent IDs (#1652) (4a28b7f)

calibrate onnx custom domain findings (149cde4)

calibrate validated ONNX alternate framing (59ec990)

ci: raise test job timeout for instrumented main lane (#1625) (94e98ca)

clarify and enforce telemetry privacy (#1592) (33186db)

classify pytorch zip symlink targets (#1573) (c7e1699)

classify tar link escapes as symlinks (#1578) (edb65b2)

classify text sidecar security findings (#1465) (a3a561c)

cli: make streaming dry runs non-executing (c0059d8)

close authorization evidence redaction gaps (#1596) (4606b59)

close JIT replay review gaps (#1519) (69928bc)

close network redaction follow-up gaps (#1518) (c6fa017)

cloud: bound directory analysis before download (#1621) (7bf4531)

constrain direct sharded symlink expansion (#1463) (9a9f1df)

contain cloud object download paths (#1541) (17efed9)

contain mlflow download return paths (#1563) (4239134)

contextualize SafeTensors license metadata (#1661) (0904a91)

deduplicate onnx custom domain findings (#1656) (2bca0c0)

deps: require msgpack 1.2.1 (#1705) (d028a15)

deps: update rust crate pyo3 to 0.29.0 [security] (#1677) (a2fe49c)

detect explicit keras get_file tar extraction (#1556) (e15963f)

detect flax msgpack byte keys (#1548) (e640403)

detect operator archive Python execution paths (#1538) (ae81048)

detect pickle binunicode8 setitem abuse (#1524) (43d2fb8)

disable unsafe metadata deserialization (#1523) (5cf4945)

... (truncated)

Commits

a111878 chore: release main (#1716)
51c0074 fix(picklescan): restore Windows call-graph detection via cross-view stat ide...
9c33437 test(picklescan): make path-importer bounds and FIFO test cross-platform (#1714)
a5536a9 chore: release main (#1713)
887d1c3 chore(deps): update dependency py7zr to v1.1.3 [security] (#1708)
6caa259 perf(hashing): read in 8 MB chunks instead of 8 KB (#1709)
d028a15 fix(deps): require msgpack 1.2.1 (#1705)
c52b914 fix: harden streamed TAR and NeMo inspection (#1665)
9edbaba fix: harden large tokenizer JSON EOF ownership proof (#1695)
8a55653 fix(picklescan): safely filter inert URL metadata (#1658)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [modelaudit](https://github.com/promptfoo/modelaudit) from 0.2.42 to 0.2.49. - [Release notes](https://github.com/promptfoo/modelaudit/releases) - [Changelog](https://github.com/promptfoo/modelaudit/blob/main/CHANGELOG.md) - [Commits](promptfoo/modelaudit@v0.2.42...v0.2.49) --- updated-dependencies: - dependency-name: modelaudit dependency-version: 0.2.49 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 26, 2026

dependabot Bot mentioned this pull request Jun 26, 2026

Bump modelaudit from 0.2.42 to 0.2.47 in /services/quarantine #69

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump modelaudit from 0.2.42 to 0.2.49 in /services/quarantine#78

Bump modelaudit from 0.2.42 to 0.2.49 in /services/quarantine#78
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/services/quarantine/modelaudit-0.2.49

dependabot Bot commented on behalf of github Jun 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 26, 2026

0.2.49 (2026-06-25)

Bug Fixes

0.2.48 (2026-06-24)

Bug Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants