Skip to content

[Enhancement] Loosen protobuf version criteria for onnx upgrade #1759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 15, 2023
Merged

[Enhancement] Loosen protobuf version criteria for onnx upgrade #1759

merged 1 commit into from
Feb 15, 2023

Conversation

goodsong81
Copy link

Motivation

  • onnx<1.13.0 has high security issue (GHSA-ffxj-547x-5j7c)
  • Python packages depending on mmdeploy cannot upgrade onnx as
    • onnx==1.13.0 depends on protobuf>=3.20.2
    • mmdeploy depends on protobuf<=3.20.1

Modification

  • Suggesting [protobuf<=3.20.2] for quick solution

Checklist

  1. Pre-commit or other linting tools are used to fix the potential lint issues.
  2. The modification is covered by complete unit tests. If not, please add more unit tests to ensure the correctness.
  3. If the modification has a dependency on downstream projects of a newer version, this PR should be tested with all supported versions of downstream projects.
  4. The documentation has been modified accordingly, like docstring or example tutorials.

Loosen protobuf version criteria for onnx upgrade
e84f4c9 
- onnx<1.13.0 has high security issue
  (GHSA-ffxj-547x-5j7c)

- Python packages depending on mmdeploy cannot upgrade onnx as
  - onnx==1.13.0 depends on protobuf>=3.20.2
  - mmdeploy depends on protobuf<=3.20.1

- Suggesting [protobuf<=3.20.2] for quick solution

Signed-off-by: Songki Choi <[email protected]>
@CLAassistant
Copy link

CLAassistant commented Feb 14, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

RunningLeon
RunningLeon approved these changes Feb 15, 2023
View reviewed changes
Copy link
Collaborator

@RunningLeon RunningLeon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@RunningLeon RunningLeon merged commit fa9aaa9 into open-mmlab:master Feb 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grimoire grimoire grimoire approved these changes

@RunningLeon RunningLeon RunningLeon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@goodsong81 @CLAassistant @grimoire @RunningLeon