build(deps): bump keras from 3.8.0 to 3.12.2

[dependabot]

Bumps keras from 3.8.0 to 3.12.2.

Release notes

Sourced from keras's releases.

v3.12.2

Saving & Reloading

• Harden path and link resolution when extracting files from archives (#22194 & #22839)
  • Fixed based folder used when validating files extracted from ZIP and TAR archives.
  • Fixed link resolution bug when validating links extracted from TAR archives.
  • Fixed path confusion bug when validating files extracted from ZIP and TAR archives (including .keras files).
  • Added path validation when extracting assets from Orbax checkpoints.
• Harden H5 validation code and apply it to legacy .h5 files (#22801)
  • Disallow external links and virtual datasets in H5 files.
  • Also apply all the validation to the legacy .h5 file extraction.
• Improve validation and error reporting in functional model deserialization (#22800)
  • Detect loops in the graph when deserializing a functional model.
  • Improve error reporting for missing nodes in the graph.

Other Fixes

• Fix lazy module import for h5py
  • Fixed lazy module import handling for h5py to ensure correct and safe validation behavior when the package is lazy-loaded.
• Remove deprecated openvino.runtime import (#21826)

What's Changed

• Patch fix 3.12.2 by @​sachinprasadhs in keras-team/keras#22850

Full Changelog: keras-team/keras@v3.12.1...v3.12.2

v3.12.1

Security Fixes & Hardening

This release introduces critical security hardening for model loading and saving, alongside improvements to the JAX backend metadata handling.

• Disallow TFSMLayer deserialization in safe_mode (#22035)

  • Previously, TFSMLayer could load external TensorFlow SavedModels during deserialization without respecting Keras safe_mode. This could allow the execution of attacker-controlled graphs during model invocation.
  • TFSMLayer now enforces safe_mode by default. Deserialization via from_config() will raise a ValueError unless safe_mode=False is explicitly passed or keras.config.enable_unsafe_deserialization() is called.

• Fix Denial of Service (DoS) in KerasFileEditor (#21880)

  • Introduces validation for HDF5 dataset metadata to prevent "shape bomb" attacks.
  • Hardens the .keras file editor against malicious metadata that could cause dimension overflows or unbounded memory allocation (unbounded numpy allocation of multi-gigabyte tensors).

• Block External Links in HDF5 files (#22057)

  • Keras now explicitly disallows external links within HDF5 files during loading. This prevents potential security risks where a weight file could point to external system datasets.
  • Includes improved verification for H5 Groups and Datasets to ensure they are local and valid.

Saving & Serialization

• Improved H5IOStore Integrity (#22057)
  • Refactored H5IOStore and ShardedH5IOStore to remove unused, unverified methods.
  • Fixed key-ordering logic in sharded HDF5 stores to ensure consistent state loading across different environments.

---

Acknowledgments

... (truncated)

Commits

• 8f987f1 Patch fix 3.12.2 (#22850)
• f704c88 3.12.1 cherry pick changes for patch release. (#22081)
• adbfd13 Add warning to set_backend and more detailed example. (#21787)
• 70598b7 Fix typo in Distiller docstring
• eecd34f Fix: keras.ops.quantile works with tf graph execution (#21782)
• c2bc6cf Suport keras.op.view() to view the same data bitwise at a new dtype (#21763)
• 10b51ce Make confusion metrics compilable. (#21775)
• 18f79d6 Fix negative index handling in MultiHeadAttention attention_axes (#21721)
• 18e0364 Support for extracting volume patches (#21759)
• dc5e42c fix sas metrics in jax fit (#21765)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.