From e10436c4f739c476166b31a32235dbd252499822 Mon Sep 17 00:00:00 2001
From: Beat Buesser <beat.buesser@ibm.com>
Date: Tue, 12 Aug 2025 13:08:45 +0200
Subject: [PATCH 1/2] Update testing to Keras 3.11.2 because of Dependabot
 alert no. 82 / CVE-2025-8747

Signed-off-by: Beat Buesser <beat.buesser@ibm.com>
---
 .github/workflows/ci-huggingface.yml   | 2 +-
 .github/workflows/ci-keras.yml         | 4 ++--
 .github/workflows/ci-legacy.yml        | 2 +-
 .github/workflows/ci-style-checks.yml  | 2 +-
 .github/workflows/ci-tensorflow-v2.yml | 4 ++--
 requirements_test.txt                  | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ci-huggingface.yml b/.github/workflows/ci-huggingface.yml
index 0f3262190b..2a05cc02ba 100644
--- a/.github/workflows/ci-huggingface.yml
+++ b/.github/workflows/ci-huggingface.yml
@@ -53,7 +53,7 @@ jobs:
           python -m pip install --upgrade pip setuptools wheel
           pip install -q -r <(sed '/^tensorflow/d;/^keras/d;/^torch/d;/^torchvision/d;/^torchaudio/d;/^transformers/d;/^safetensors/d' requirements_test.txt)
           pip install tensorflow==2.18.1
-          pip install keras==3.10.0
+          pip install keras==3.11.2
           pip install torch==${{ matrix.torch }} --index-url https://download.pytorch.org/whl/cpu
           pip install torchvision==${{ matrix.torchvision }} --index-url https://download.pytorch.org/whl/cpu
           pip install torchaudio==${{ matrix.torchaudio }} --index-url https://download.pytorch.org/whl/cpu
diff --git a/.github/workflows/ci-keras.yml b/.github/workflows/ci-keras.yml
index 4b259e7fa2..dc64e7d1fa 100644
--- a/.github/workflows/ci-keras.yml
+++ b/.github/workflows/ci-keras.yml
@@ -28,11 +28,11 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - name: TensorFlow-Keras 2.18.1 (Keras 3.10.0 Python 3.10)
+          - name: TensorFlow-Keras 2.18.1 (Keras 3.11.2 Python 3.10)
             framework: kerastf
             python: '3.10'
             tensorflow: 2.18.1
-            keras: 3.10.0
+            keras: 3.11.2
 
     name: ${{ matrix.name }}
     steps:
diff --git a/.github/workflows/ci-legacy.yml b/.github/workflows/ci-legacy.yml
index d41429599f..4112cc9388 100644
--- a/.github/workflows/ci-legacy.yml
+++ b/.github/workflows/ci-legacy.yml
@@ -33,7 +33,7 @@ jobs:
             framework: legacy
             python: '3.10'
             tensorflow: 2.18.1
-            keras: 3.10.0
+            keras: 3.11.2
             torch: 2.8.0
             torchvision: 0.23.0
             torchaudio: 2.8.0
diff --git a/.github/workflows/ci-style-checks.yml b/.github/workflows/ci-style-checks.yml
index c925719e0d..13c81d6a1c 100644
--- a/.github/workflows/ci-style-checks.yml
+++ b/.github/workflows/ci-style-checks.yml
@@ -44,7 +44,7 @@ jobs:
           python -m pip install --upgrade pip setuptools wheel
           pip install -q -r <(sed '/^tensorflow/d;/^keras/d' requirements_test.txt)
           pip install tensorflow==2.18.1
-          pip install keras==3.10.0
+          pip install keras==3.11.2
           pip list
 
       - name: pycodestyle
diff --git a/.github/workflows/ci-tensorflow-v2.yml b/.github/workflows/ci-tensorflow-v2.yml
index 2135c09e98..cb507a7362 100644
--- a/.github/workflows/ci-tensorflow-v2.yml
+++ b/.github/workflows/ci-tensorflow-v2.yml
@@ -28,12 +28,12 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - name: TensorFlow 2.18.1 (Keras 3.10.0 Python 3.10)
+          - name: TensorFlow 2.18.1 (Keras 3.11.2 Python 3.10)
             framework: tensorflow
             python: '3.10'
             tensorflow: 2.18.1
             tf_version: v2
-            keras: 3.10.0
+            keras: 3.11.2
 
     name: ${{ matrix.name }}
     steps:
diff --git a/requirements_test.txt b/requirements_test.txt
index 1228d24c48..0117fef592 100644
--- a/requirements_test.txt
+++ b/requirements_test.txt
@@ -25,7 +25,7 @@ multiprocess>=0.70.12
 # frameworks
 
 tensorflow==2.18.1
-keras==3.10.0
+keras==3.11.2
 
 # PyTorch
 torch==2.8.0

From 00d666bee92f68bc3a63812a6b4c02923790b0e9 Mon Sep 17 00:00:00 2001
From: Beat Buesser <beat.buesser@ibm.com>
Date: Wed, 13 Aug 2025 14:16:38 +0200
Subject: [PATCH 2/2] Update testing to Keras 3.11.2 because of Dependabot
 alert no. 82 / CVE-2025-8747

Signed-off-by: Beat Buesser <beat.buesser@ibm.com>
---
 .github/workflows/ci-legacy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-legacy.yml b/.github/workflows/ci-legacy.yml
index 4112cc9388..138acb9ad3 100644
--- a/.github/workflows/ci-legacy.yml
+++ b/.github/workflows/ci-legacy.yml
@@ -29,7 +29,7 @@ jobs:
       matrix:
         module: [attacks_1, attacks_2, estimators, defences, metrics, art]
         include:
-          - name: legacy (TensorFlow 2.18.1 Keras 3.10.0 PyTorch 2.7.0 scikit-learn 1.6.1 Python 3.10)
+          - name: legacy (TensorFlow 2.18.1 Keras 3.11.2 PyTorch 2.7.0 scikit-learn 1.6.1 Python 3.10)
             framework: legacy
             python: '3.10'
             tensorflow: 2.18.1