From f04ce8191ab87699ef33b257604405c12f866940 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Feb 2023 11:03:03 +0000
Subject: [PATCH 1/9] Bump numpy from 1.22.4 to 1.24.2

Bumps [numpy](https://github.com/numpy/numpy) from 1.22.4 to 1.24.2.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](https://github.com/numpy/numpy/compare/v1.22.4...v1.24.2)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 5afa510..f6b2469 100644
--- a/setup.py
+++ b/setup.py
@@ -57,7 +57,7 @@ def read(file_name):
 
     python_requires='>=3.8',
     install_requires=[
-        'numpy==1.22.4',
+        'numpy==1.24.2',
         'tensorflow==2.11.0',
         'Pillow==9.3.0',
         'tqdm==4.64.1',

From 34ea46c5a6c1104f30875bf58c7ab144ef7b47cd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Mar 2023 11:59:46 +0000
Subject: [PATCH 2/9] Bump tqdm from 4.64.1 to 4.65.0

Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.64.1 to 4.65.0.
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](https://github.com/tqdm/tqdm/compare/v4.64.1...v4.65.0)

---
updated-dependencies:
- dependency-name: tqdm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 5afa510..f256f12 100644
--- a/setup.py
+++ b/setup.py
@@ -60,7 +60,7 @@ def read(file_name):
         'numpy==1.22.4',
         'tensorflow==2.11.0',
         'Pillow==9.3.0',
-        'tqdm==4.64.1',
+        'tqdm==4.65.0',
         'six==1.16.0'
     ]
 )

From f60b05e4d119e49ed441199b91ede1d2bb89607f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Apr 2023 11:58:02 +0000
Subject: [PATCH 3/9] Bump pillow from 9.3.0 to 9.5.0

Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.3.0 to 9.5.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/9.3.0...9.5.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 5afa510..159df66 100644
--- a/setup.py
+++ b/setup.py
@@ -59,7 +59,7 @@ def read(file_name):
     install_requires=[
         'numpy==1.22.4',
         'tensorflow==2.11.0',
-        'Pillow==9.3.0',
+        'Pillow==9.5.0',
         'tqdm==4.64.1',
         'six==1.16.0'
     ]

From a3a6e79d82e85e038b73030673cc29171ad258ab Mon Sep 17 00:00:00 2001
From: Lucas Brito <lucas.brito@agi.com.br>
Date: Mon, 13 Nov 2023 14:12:57 -0300
Subject: [PATCH 4/9] ci: add security checker

---
 .github/workflows/bandit.yml    | 51 +++++++++++++++++++++++++++++++++
 .github/workflows/greetings.yml | 10 +++----
 2 files changed, 56 insertions(+), 5 deletions(-)
 create mode 100644 .github/workflows/bandit.yml

diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
new file mode 100644
index 0000000..1177aa1
--- /dev/null
+++ b/.github/workflows/bandit.yml
@@ -0,0 +1,51 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# Bandit is a security linter designed to find common security issues in Python code.
+# This action will run Bandit on your codebase.
+# The results of the scan will be found under the Security tab of your repository.
+
+# https://github.com/marketplace/actions/bandit-scan is ISC licensed, by abirismyname
+# https://pypi.org/project/bandit/ is Apache v2.0 licensed, by PyCQA
+
+name: Bandit
+on:
+  push:
+    branches: ["master"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ["master"]
+  schedule:
+    - cron: "0 10 * * 5"
+
+jobs:
+  bandit:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Bandit Scan
+        uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c
+        with: # optional arguments
+          # exit with 0, even with results found
+          exit_zero: true # optional, default is DEFAULT
+          # Github token of the repository (automatically created by Github)
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information.
+          # File or directory to run bandit on
+          # path: # optional, default is .
+          # Report only issues of a given severity level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
+          # level: # optional, default is UNDEFINED
+          # Report only issues of a given confidence level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
+          # confidence: # optional, default is UNDEFINED
+          # comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)
+          # excluded_paths: # optional, default is DEFAULT
+          # comma-separated list of test IDs to skip
+          # skips: # optional, default is DEFAULT
+          # path to a .bandit file that supplies command line arguments
+          # ini_path: # optional, default is DEFAULT
diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml
index 6d163fd..fb97858 100644
--- a/.github/workflows/greetings.yml
+++ b/.github/workflows/greetings.yml
@@ -9,8 +9,8 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-    - uses: actions/first-interaction@v1
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        issue-message: 'Thanks for contributing this issue! We will be replying soon.'
-        pr-message: 'Thanks for contributing this PR! We will validade soon.'
+      - uses: actions/first-interaction@v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          issue-message: "Thanks for contributing this issue! We will be replying soon."
+          pr-message: "Thanks for contributing this PR! We will validade soon."

From 1fad76d635e69b56ff0c41cc966d7bce70e04d3e Mon Sep 17 00:00:00 2001
From: Lucas Brito <lucas.brito@agi.com.br>
Date: Mon, 13 Nov 2023 14:13:52 -0300
Subject: [PATCH 5/9] style: indentation

---
 README.md | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 411eaa8..a551a20 100644
--- a/README.md
+++ b/README.md
@@ -3,19 +3,22 @@
 [![Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/AlvaroCavalcante/auto_annotate/blob/master/assets/auto_annotate_example.ipynb)
 
 # Auto Annotation Tool for TensorFlow Object Detection
+
 Are you tired to label your images by hand when working with object detection? Have hundreds or thousands of images to label? Then this project will make your life easier, just create some annotations and let the machine do the rest for you!
 
 # Contents
+
 - [How it works](#how)
 - [Prerequisites](#prerequisites)
 - [Installation](#installation)
 - [Usage](#usage)
-    - [Command line](#command-line)
-    - [Code](#code)
-    - [Google Colab](#colab)
+  - [Command line](#command-line)
+  - [Code](#code)
+  - [Google Colab](#colab)
 - [Contribute](#contribute)
 
 # 🤔 How it works <a id="how"></a>
+
 This auto annotation tool is based on the idea of a semi-supervised architecture, where a model trained with a small amount of labeled data is used to produce the new labels for the rest of the dataset.
 
 As simple as that, the library uses an initial and simplified object detection model to generate the XML files with the image annotations (considering the PASCAL VOC format).
@@ -24,6 +27,7 @@ Besides that, it's possible to define a confidence threshold for the detector, a
 If you want to know more technical details about the project, please, refer to my [Medium article](https://medium.com/p/acf410a600b8#9e0e-aaa30a9f4b7a).
 
 # 📝 Prerequisites <a id="prerequisites"></a>
+
 To use this library you will need a pre-trained object detection model with a subsample of your dataset. As a semi-supervised solution, it's impossible to avoid manual annotation, but you'll need to label just a small amount of your data.
 
 It's hard to determine the number of images to label manually, once it depends on the complexity of your problem. If you want to detect dogs and cats and have 2000 images in your dataset, for example, probably 200 images are enough (100 per class). On the other hand, if you have dozens of classes or objects that are hard to detect, you should need more manual annotations to see the benefits of the semi-supervised approach.
@@ -31,15 +35,19 @@ It's hard to determine the number of images to label manually, once it depends o
 After training this initial model, export your best checkpoint to the [SavedModel](https://www.tensorflow.org/guide/saved_model) format and you'll be ready to use the auto annotation tool!
 
 # 💾 Installation <a id="installation"></a>
-It's recommended to use a Python [virtual environment](https://docs.python.org/3/library/venv.html) to avoid any compatibility issue with your TensorFlow version. 
+
+It's recommended to use a Python [virtual environment](https://docs.python.org/3/library/venv.html) to avoid any compatibility issue with your TensorFlow version.
 
 In your environment, you can install the project using pip:
-```
-$ pip install auto-annotate
+
+```bash
+pip install auto-annotate
 ```
 
-# 👨‍🔬	Usage <a id="usage"></a>
+# 👨‍🔬 Usage <a id="usage"></a>
+
 You can use this tool either from the command line or directly in your Python code. For both, you'll have the same set of parameters:
+
 - saved_model_path: The path of the **saved_model** folder with the initial model.
 - label_map_path: The path of the **label_map.pbtxt** file.
 - imgs_path: The path of the folder with your dataset images to label.
@@ -47,16 +55,21 @@ You can use this tool either from the command line or directly in your Python co
 - threshold: Confidence threshold to accept the detections made by the model. the defaults is 0.5.
 
 ## Command line <a id="command-line"></a>
+
 To use this tool from the command line, you just need to run:
-```
+
+```bash
 python -m auto_annotate --label_map_path /example/label_map.pbtxt \
 --saved_model_path /example/saved_model \
 --imgs_path /example/dataset_images \
 --xml_path /example/dataset_labels \
 --threshold 0.65
 ```
+
 ## Code <a id="code"></a>
+
 To use this tool from your Python code, check the following code snippet:
+
 ```python
 from auto_annotate import AutoAnnotate
 
@@ -71,12 +84,13 @@ ann_tool.generate_annotations()
 ```
 
 ## Google Colab <a id="colab"></a>
+
 For a complete working example, you can refer to this [Google Colab Notebook](https://colab.research.google.com/drive/14qgA9IUYCVAALJmJabvQ9sDxrKxEezwP?usp=sharing), where I share the details about installlation and setup.
 
 # 🤝 Contribute <a id="contribute"></a>
+
 Contributions are welcome! Feel free to open a new issue if you have any problem to use the library of find a bug!
 
 You can also use the [discussions](https://github.com/AlvaroCavalcante/auto_annotate/discussions) section to suggest improvements and ask questions! If you find this library useful, don't forget to give it a :star: or support the project:
 
 <a href='https://ko-fi.com/V7V4HQG1E' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://storage.ko-fi.com/cdn/kofi3.png?v=3' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>
-

From f3894de41f29e7bde406501c1707fdff805301d7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Jan 2024 12:06:10 +0000
Subject: [PATCH 6/9] Bump the pip group across 1 directories with 2 updates

Bumps the pip group with 2 updates in the /. directory: [tensorflow](https://github.com/tensorflow/tensorflow) and [pillow](https://github.com/python-pillow/Pillow).


Updates `tensorflow` from 2.11.0 to 2.11.1
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](https://github.com/tensorflow/tensorflow/compare/v2.11.0...v2.11.1)

Updates `pillow` from 9.5.0 to 10.0.1
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/9.5.0...10.0.1)

---
updated-dependencies:
- dependency-name: tensorflow
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: pillow
  dependency-type: direct:production
  dependency-group: pip-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 setup.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup.py b/setup.py
index 6014f7c..e9a93a5 100644
--- a/setup.py
+++ b/setup.py
@@ -58,9 +58,9 @@ def read(file_name):
     python_requires='>=3.8',
     install_requires=[
         'numpy==1.24.2',
-        'tensorflow==2.11.0',
+        'tensorflow==2.11.1',
         'tqdm==4.65.0',
-        'Pillow==9.5.0',
+        'Pillow==10.0.1',
         'six==1.16.0'
     ]
 )

From 8748da97519c61938f2c1474c8b61d898dc6e5c7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jan 2024 11:14:07 +0000
Subject: [PATCH 7/9] Bump actions/checkout from 2 to 4

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/bandit.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
index 1177aa1..c3f0557 100644
--- a/.github/workflows/bandit.yml
+++ b/.github/workflows/bandit.yml
@@ -29,7 +29,7 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Bandit Scan
         uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c
         with: # optional arguments

From 1d9df1b60824e69df65c2768182b5af872563a0f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jan 2024 11:17:35 +0000
Subject: [PATCH 8/9] Bump tqdm from 4.65.0 to 4.66.1

Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.65.0 to 4.66.1.
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](https://github.com/tqdm/tqdm/compare/v4.65.0...v4.66.1)

---
updated-dependencies:
- dependency-name: tqdm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index e9a93a5..ca59116 100644
--- a/setup.py
+++ b/setup.py
@@ -59,7 +59,7 @@ def read(file_name):
     install_requires=[
         'numpy==1.24.2',
         'tensorflow==2.11.1',
-        'tqdm==4.65.0',
+        'tqdm==4.66.1',
         'Pillow==10.0.1',
         'six==1.16.0'
     ]

From e9e8db354eb918c0ce1a21311644c865f4d226fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jan 2024 11:18:11 +0000
Subject: [PATCH 9/9] Bump numpy from 1.24.2 to 1.26.3

Bumps [numpy](https://github.com/numpy/numpy) from 1.24.2 to 1.26.3.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](https://github.com/numpy/numpy/compare/v1.24.2...v1.26.3)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index e9a93a5..9c2c094 100644
--- a/setup.py
+++ b/setup.py
@@ -57,7 +57,7 @@ def read(file_name):
 
     python_requires='>=3.8',
     install_requires=[
-        'numpy==1.24.2',
+        'numpy==1.26.3',
         'tensorflow==2.11.1',
         'tqdm==4.65.0',
         'Pillow==10.0.1',