Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump protobuf from 3.16.0 to 3.18.3 #4544

Merged
merged 16 commits into from Oct 20, 2022
Merged

Bump protobuf from 3.16.0 to 3.18.3 #4544

merged 16 commits into from Oct 20, 2022

Conversation

jcwchen
Copy link
Member

@jcwchen jcwchen commented Sep 25, 2022
edited

Description

Bump protobuf from 3.16.0 to 3.18.3 and the minimum supported Protobuf version is also bumped.

Motivation and Context

Motivated by #4541, but this PR includes more necessary updates.

@jcwchen
Bump protobuf from 3.16.0 to 3.18.3
82cd56d 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen
nit
9a98e20 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen jcwchen added run release CIs Use this label to trigger release tests in CI dependencies Pull requests that update a dependency file vulnerability labels Sep 25, 2022
@jcwchen jcwchen requested a review from a team as a code owner September 25, 2022 18:22
@jcwchen
update 3.18.3 in workflow scripts as well
b187eed 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen
use 3.19.5 instead
bb7a5db 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen
3.13.0
55975d5 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen
3.20.2
5b82792 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen
mini 3.16.0
fdaaf77 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen
mini 3.19.5
73eb7e2 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen
debug and 3.20.0
a2ffa6f 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen jcwchen changed the title Bump protobuf from 3.16.0 to 3.18.3 Bump protobuf from 3.16.0 to 3.20.2 Sep 26, 2022
@cjvolzka
Copy link
Contributor

When this is ready, is it something that would be back ported to the current 1.12 onnx release or would it wait for some future release (ie 1.13)?

@cjvolzka cjvolzka mentioned this pull request Sep 28, 2022
Closed
@jcwchen
Copy link
Member Author

jcwchen commented Sep 28, 2022
edited

When this is ready, is it something that would be back ported to the current 1.12 onnx release or would it wait for some future release (ie 1.13)?

Good question. ONNX 1.13 release will probably happen this Nov. or Dec so I would say it will only be included in future release instead of a patch release for current 1.12. However, for now I am even not sure whether this PR will be included in next 1.13 since this PR will upgrade ONNX's minimum supported version of Python Protobuf (3.12.2 -> 3.20.0). I will need more time to investigate whether it is OK for other ONNX related tools. May I understand your demand? (Is it also because of this issue https://github.com/onnx/onnx/security/dependabot/4 GHSA-8gq9-2x98-w8hf?)

@jcwchen jcwchen changed the title Bump protobuf from 3.16.0 to 3.20.2 [WIP] Bump protobuf from 3.16.0 to 3.20.2 Sep 29, 2022
@cjvolzka
Copy link
Contributor

@jcwchen I can't seem to access the link you provided. It's related to #4545 which references GHSA-8gq9-2x98-w8hf.

Basically anyone who pulls in onnx and runs a dependency scanner is going to trip up on this. For our case onnx-mlir -> onnx -> protobuf.

@jcwchen
Copy link
Member Author

jcwchen commented Sep 30, 2022

@jcwchen I can't seem to access the link you provided. It's related to #4545 which references GHSA-8gq9-2x98-w8hf.

Yes, thank you for providing the valid reference and that is the one I was talking about. I think it's good to have, but let me announce it for a while and see whether anyone has a concern about the upgrade. I will let you know when the decision is made. Thank you for waiting.

@jcwchen
try 3.19.5
47ce6db 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen
use 3.18.3
85cc78f 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen jcwchen changed the title [WIP] Bump protobuf from 3.16.0 to 3.20.2 [WIP] Bump protobuf from 3.16.0 to 3.18.3 Oct 3, 2022
@jcwchen jcwchen requested a review from a team as a code owner October 19, 2022 00:46
@jcwchen
mini 3.12.2; 3.19.5 for mac
d752b74 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen
-m pip install -q -r requirements-release.txt
00865f6 
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@jcwchen jcwchen changed the title [WIP] Bump protobuf from 3.16.0 to 3.18.3 Bump protobuf from 3.16.0 to 3.18.3 Oct 19, 2022
@jcwchen jcwchen merged commit 604af9c into onnx:main Oct 20, 2022
@jcwchen jcwchen deleted the jcw/protobuf-3.18.3 branch October 20, 2022 17:18
@jcwchen
Copy link
Member Author

jcwchen commented Oct 20, 2022

@cjvolzka FYI ONNX has bumped its used Protobuf version from 3.16.0 to 3.18.3. Thanks for waiting.

@AlexandreEichenberger
Copy link
Contributor

AlexandreEichenberger commented Oct 20, 2022
edited

@p-wysocki can we make sure that this PR will come in ONNX 1.13 release? Since it's merged, it appears that this will be the case, just wanting to make sure. Thanks.

@jcwchen jcwchen mentioned this pull request Oct 29, 2022
Merged
justinchuby pushed a commit to justinchuby/onnx that referenced this pull request Jan 27, 2023
@jcwchen @justinchuby
Bump protobuf from 3.16.0 to 3.18.3 (onnx#4544)
16c00ad 
* Bump protobuf from 3.16.0 to 3.18.3

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* nit

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* update 3.18.3 in workflow scripts as well

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* use 3.19.5 instead

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* 3.13.0

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* 3.20.2

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* mini 3.16.0

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* mini 3.19.5

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* debug and 3.20.0

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* try 3.19.5

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* use 3.18.3

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* sync version in used conda in Windows CI

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* mini 3.12.2; 3.19.5 for mac

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* -m pip install -q -r requirements-release.txt

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
broune pushed a commit to broune/onnx that referenced this pull request May 6, 2023
@jcwchen
Bump protobuf from 3.16.0 to 3.18.3 (onnx#4544)
390ca02 
* Bump protobuf from 3.16.0 to 3.18.3

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* nit

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* update 3.18.3 in workflow scripts as well

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* use 3.19.5 instead

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* 3.13.0

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* 3.20.2

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* mini 3.16.0

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* mini 3.19.5

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* debug and 3.20.0

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* try 3.19.5

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* use 3.18.3

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* sync version in used conda in Windows CI

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* mini 3.12.2; 3.19.5 for mac

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

* -m pip install -q -r requirements-release.txt

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>

Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liqunfu liqunfu liqunfu approved these changes

@gramalingam gramalingam gramalingam approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file run release CIs Use this label to trigger release tests in CI vulnerability
Projects
PR Tracker
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@jcwchen @cjvolzka @AlexandreEichenberger @liqunfu @gramalingam