Merge remote-tracking branch 'origin/main' into dev_1.8.0

Author: Beat Buesser

.github/workflows/ci-deepspeech-v2.yml

@@ -29,4 +29,4 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/deepspeech-v2
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2.0.3
+        uses: codecov/codecov-action@v2.1.0

.github/workflows/ci-deepspeech-v3.yml

@@ -29,4 +29,4 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/deepspeech-v3
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2.0.3
+        uses: codecov/codecov-action@v2.1.0

.github/workflows/ci-legacy.yml

@@ -84,4 +84,4 @@ jobs:
       - name: Run ${{ matrix.name }} ${{ matrix.module }} Tests
         run: ./run_tests.sh ${{ matrix.framework }} ${{ matrix.module }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2.0.2
+        uses: codecov/codecov-action@v2.1.0

.github/workflows/ci-lingvo.yml

@@ -60,4 +60,4 @@ jobs:
       - name: Run ${{ matrix.name }} Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2.0.3
+        uses: codecov/codecov-action@v2.1.0

.github/workflows/ci-mxnet.yml

@@ -49,4 +49,4 @@ jobs:
       - name: Run ${{ matrix.name }} ${{ matrix.module }} Tests
         run: ./run_tests.sh ${{ matrix.framework }} ${{ matrix.module }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2.0.3
+        uses: codecov/codecov-action@v2.1.0

.github/workflows/ci-pytorch-object-detectors.yml

@@ -48,4 +48,4 @@ jobs:
       - name: Run Test Action - test_pytorch_faster_rcnn
         run: pytest --cov-report=xml --cov=art --cov-append -q -vv tests/estimators/object_detection/test_pytorch_faster_rcnn.py --framework=pytorch --durations=0
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2.0.3
+        uses: codecov/codecov-action@v2.1.0

.github/workflows/ci-tf-faster-rcnn.yml

@@ -29,4 +29,4 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/tf-faster-rcnn
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v1.5.0
+        uses: codecov/codecov-action@v2.1.0

.github/workflows/ci.yml

@@ -123,4 +123,4 @@ jobs:
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2.0.3
+        uses: codecov/codecov-action@v2.1.0

CONTRIBUTING.md

@@ -8,13 +8,7 @@ Adversarial Robustness Toolbox so that others may evaluate it fairly in their ow
 Bug fixes can be initiated through GitHub pull requests. When making code contributions to the Adversarial Robustness 
 Toolbox, we ask that you follow the `PEP 8` coding standard and that you provide unit tests for the new features.
 
-## Development install
-
-We provide a specific set of dependencies that we test and develop against, namely `requirements.txt`. In a virtual
-environment install ART for development in the following way:
-```bash
-pip install -r requirements.txt
-```
+Contributions of new features must include unit test covering at least 80% of the new statements.
 
 ## Validating Git Commits
 This project uses [DCO](https://developercertificate.org/). Be sure to sign off your commits using the `-s` flag or 

SECURITY.md

@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting a Vulnerability
+(Following https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md)
+
+Please email reports about any security related issues you find to [email protected]. This mail is delivered to a small team maintaining the Trusted-AI projects. Your email will be acknowledged within a few business day, and you'll receive a more detailed response to your email within 7 days indicating the next steps in handling your report.
+
+Please use a descriptive subject line for your report email. After the initial reply to your report, the team will endeavor to keep you informed of the progress being made towards a fix and announcement.
+
+In addition, please include the following information along with your report:
+
+Your name and affiliation (if any).
+A description of the technical details of the vulnerabilities. It is very important to let us know how we can reproduce your findings.
+An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your report quickly, especially if the issue is complex.
+Whether this vulnerability public or known to third parties. If it is, please provide details.
+If you believe that an existing (public) issue is security-related, please send an email to [email protected]. The email should include the issue ID and a short description of why it should be handled according to this security policy.
+
+We apply the following disclosure process:
+
+When a report is received, we confirm the issue and determine its severity.
+If we know of specific third-party services or software based on ART that require mitigation before publication, those projects will be notified.
+An advisory is prepared (but not published) which details the problem and steps for mitigation.
+The vulnerability is fixed and potential workarounds are identified.
+Wherever possible, the fix is also prepared for the branches corresponding to all releases of ART at most one year old. We will attempt to commit these fixes as soon as possible, and as close together as possible.
+
+Patch releases are published for all fixed released versions and the advisory is published.
+
+Note that each version of ART is supported for only 1 year after the release.