Disallow pickle loading in npz files.

hertschuh · tensorflower-gardener · commit c79cc0ef7df3 · 2025-06-03T11:05:46.000-07:00
PiperOrigin-RevId: 766740730
diff --git a/tf_keras/saving/saving_lib.py b/tf_keras/saving/saving_lib.py
@@ -639,7 +639,7 @@ def __init__(self, root_path, archive=None, mode="r"):
                 self.f = archive.open(root_path, mode="r")
             else:
                 self.f = open(root_path, mode="rb")
-            self.contents = np.load(self.f, allow_pickle=True)
+            self.contents = np.load(self.f, allow_pickle=False)
 
     def make(self, path):
         if not path:
