New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump protobuf from 3.16.0 to 3.18.3 #4544
Conversation
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
4774d97
to
a2ffa6f
Compare
When this is ready, is it something that would be back ported to the current 1.12 onnx release or would it wait for some future release (ie 1.13)? |
Good question. ONNX 1.13 release will probably happen this Nov. or Dec so I would say it will only be included in future release instead of a patch release for current 1.12. However, for now I am even not sure whether this PR will be included in next 1.13 since this PR will upgrade ONNX's minimum supported version of Python Protobuf (3.12.2 -> 3.20.0). I will need more time to investigate whether it is OK for other ONNX related tools. May I understand your demand? (Is it also because of this issue |
@jcwchen I can't seem to access the link you provided. It's related to #4545 which references GHSA-8gq9-2x98-w8hf. Basically anyone who pulls in onnx and runs a dependency scanner is going to trip up on this. For our case onnx-mlir -> onnx -> protobuf. |
Yes, thank you for providing the valid reference and that is the one I was talking about. I think it's good to have, but let me announce it for a while and see whether anyone has a concern about the upgrade. I will let you know when the decision is made. Thank you for waiting. |
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
6288a55
to
d752b74
Compare
Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
@cjvolzka FYI ONNX has bumped its used Protobuf version from 3.16.0 to 3.18.3. Thanks for waiting. |
@p-wysocki can we make sure that this PR will come in ONNX 1.13 release? Since it's merged, it appears that this will be the case, just wanting to make sure. Thanks. |
* Bump protobuf from 3.16.0 to 3.18.3 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * nit Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * update 3.18.3 in workflow scripts as well Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * use 3.19.5 instead Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * 3.13.0 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * 3.20.2 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * mini 3.16.0 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * mini 3.19.5 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * debug and 3.20.0 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * try 3.19.5 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * use 3.18.3 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * sync version in used conda in Windows CI Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * mini 3.12.2; 3.19.5 for mac Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * -m pip install -q -r requirements-release.txt Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
* Bump protobuf from 3.16.0 to 3.18.3 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * nit Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * update 3.18.3 in workflow scripts as well Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * use 3.19.5 instead Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * 3.13.0 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * 3.20.2 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * mini 3.16.0 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * mini 3.19.5 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * debug and 3.20.0 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * try 3.19.5 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * use 3.18.3 Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * sync version in used conda in Windows CI Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * mini 3.12.2; 3.19.5 for mac Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> * -m pip install -q -r requirements-release.txt Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com> Signed-off-by: Chun-Wei Chen <jacky82226@gmail.com>
Description
Bump protobuf from 3.16.0 to 3.18.3 and the minimum supported Protobuf version is also bumped.
Motivation and Context
Motivated by #4541, but this PR includes more necessary updates.