Merge pull request #17 from NVIDIA-ISAAC-ROS/release-4.4

jaiveersinghNV · web-flow · commit 1f0c77deb1f3 · 2026-04-30T19:53:38.000-07:00
Isaac ROS 4.4
diff --git a/SECURITY.md b/SECURITY.md
@@ -2,7 +2,7 @@
 
 NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories managed through our organization.
 
-If you need to report a security issue, please use the appropriate contact points outlined below. **Please do not report security vulnerabilities through GitHub.**
+If you need to report a security issue, please use the appropriate contact points outlined below. **Please do not report security vulnerabilities through GitHub.** If a potential security issue is inadvertently reported via a public issue or pull request, NVIDIA maintainers may limit public discussion and redirect the reporter to the appropriate private disclosure channels.
 
 ## Reporting Potential Security Vulnerability in an NVIDIA Product
 
@@ -11,11 +11,11 @@ To report a potential security vulnerability in any NVIDIA product:
 - E-Mail: psirt@nvidia.com
     - We encourage you to use the following PGP key for secure email communication: [NVIDIA public PGP Key for communication](https://www.nvidia.com/en-us/security/pgp-key)
     - Please include the following information:
-      - Product/Driver name and version/branch that contains the vulnerability
-      - Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
-      - Instructions to reproduce the vulnerability
-      - Proof-of-concept or exploit code
-      - Potential impact of the vulnerability, including how an attacker could exploit the vulnerability
+   	 - Product/Driver name and version/branch that contains the vulnerability
+     - Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
+   	 - Instructions to reproduce the vulnerability
+   	 - Proof-of-concept or exploit code
+   	 - Potential impact of the vulnerability, including how an attacker could exploit the vulnerability
 
 While NVIDIA currently does not have a bug bounty program, we do offer acknowledgement when an externally reported security issue is addressed under our coordinated vulnerability disclosure policy. Please visit our [Product Security Incident Response Team (PSIRT)](https://www.nvidia.com/en-us/security/psirt-policies/) policies page for more information.
 
diff --git a/config/pip_shim_constraints.txt b/config/pip_shim_constraints.txt
@@ -297,7 +297,7 @@ pytorch-lightning==2.6.0
 pytransform3d==3.14.3
 pytz==2025.2
 pyxdg==0.28
-PyYAML==6.0.1
+PyYAML==6.0.3
 pyzmq==24.0.1
 qt-dotgraph==2.7.5
 qt-gui==2.7.5
@@ -383,7 +383,7 @@ s3transfer==0.16.0
 safetensors==0.7.0
 scikit-image==0.25.2
 scikit-learn==1.8.0
-SciPy==1.11.4
+SciPy==1.16.2
 semver==2.10.2
 sensor-msgs==5.3.6
 sensor-msgs-py==5.3.6
@@ -405,7 +405,7 @@ stereo-msgs==5.3.6
 svg.path==7.0
 sympy==1.14.0
 tabulate==0.9.0
-tensordict==0.10.0
+tensordict==0.11.0
 tensorrt==10.13.3.9
 termcolor==1.1.0
 textual==6.8.0
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,10 @@
+isaac-ros-cli (2.3.0-1) noble; urgency=low
+
+  * Refresh pip shim constraints, including PyYAML, SciPy, and tensordict.
+  * Add new rosdep mappings for Isaac ROS 4.4 packages.
+
+ -- Isaac ROS Maintainers <isaac-ros-maintainers@nvidia.com>  Thu, 30 Apr 2026 12:00:00 +0000
+
 isaac-ros-cli (2.2.0-1) noble; urgency=low
 
   * Support SIPL and Eagle CoE camera workflows.
diff --git a/debian/prerm b/debian/prerm
@@ -12,28 +12,28 @@ set -e
 case "$1" in
     remove)
         echo "Removing Isaac ROS virtual environment..."
-        
+
         VENV_PATH="/var/lib/isaac-ros-cli/isaac-ros"
         if [ -d "$VENV_PATH" ]; then
             rm -rf "$VENV_PATH"
             echo "Isaac ROS virtual environment removed from $VENV_PATH"
         fi
-        
+
         # Remove the parent directory if it's empty
         PARENT_DIR="/var/lib/isaac-ros-cli"
         if [ -d "$PARENT_DIR" ] && [ -z "$(ls -A "$PARENT_DIR")" ]; then
             rmdir "$PARENT_DIR"
             echo "Removed empty directory $PARENT_DIR"
         fi
         ;;
-        
+
     upgrade|deconfigure)
         # Don't remove venv on upgrade, only on actual removal
         ;;
-        
+
     failed-upgrade)
         ;;
-        
+
     *)
         echo "prerm called with unknown argument \`$1'" >&2
         exit 1
diff --git a/docker/Dockerfile.isaac_ros b/docker/Dockerfile.isaac_ros
@@ -47,7 +47,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     && curl -fsSL https://isaac.download.nvidia.com/isaac-ros/repos.key | gpg --dearmor | tee -a $k > /dev/null \
     && f="/etc/apt/sources.list.d/nvidia-isaac-ros.list" \
     && touch $f \
-    && s="deb [signed-by=$k] https://isaac.download.nvidia.com/isaac-ros/release-4.3 $(lsb_release -cs)${ISAAC_DEBIAN_DISTRO_SUFFIX} ${ISAAC_DEBIAN_COMPONENTS}" \
+    && s="deb [signed-by=$k] https://isaac.download.nvidia.com/isaac-ros/release-4.4 $(lsb_release -cs)${ISAAC_DEBIAN_DISTRO_SUFFIX} ${ISAAC_DEBIAN_COMPONENTS}" \
     && (grep -qxF "$s" $f || echo "$s" | tee -a $f) \
     && apt-get update
 
diff --git a/docker/packaging/isaac-ros-dgx-spark.pref b/docker/packaging/isaac-ros-dgx-spark.pref
@@ -17,7 +17,6 @@
 # Pin DGX Spark packages to the Isaac debian repository so they are always
 # sourced from Isaac builds rather than any other configured apt repository
 # (e.g. JetPack / L4T feeds).
-#
 Package: deepstream-tegra vpi-dev libnvvpi4
 Pin: origin isaac.download.nvidia.com
 Pin-Priority: 1001
diff --git a/docker/rosdep/extra_rosdeps.yaml b/docker/rosdep/extra_rosdeps.yaml
diff --git a/scripts/run_dev/build_image_layers.py b/scripts/run_dev/build_image_layers.py
