Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[js/web] upgrade onnx-proto version #16722

Merged
merged 1 commit into from
Jul 18, 2023
Merged

[js/web] upgrade onnx-proto version #16722

merged 1 commit into from
Jul 18, 2023

Conversation

fs-eire
Copy link
Contributor

@fs-eire fs-eire commented Jul 15, 2023
edited
Loading

Description

This change upgrades a lot of dependencies. There are 2 motivations of doing this change:

This requires:

  • upgrade protobufjs to v7.2.4
  • upgrade library 'onnx-proto' to consume latest ONNX release (v1.14.0).

Problems:

  • protobufjs v7.2.4 depends on long.js v5, which does not work well with typescript (commonjs).
  • onnx-proto depends on this fix with a new release of long.js
  • long.js is in maintenance and it takes longer than expected to put in new changes

Solutions:

  • use a patch script in preprepare to copy type declarations to make long.js work with typescript (commonjs)
  • generate onnx protobuf JS/TS files and put them under js/web/lib/onnxjs/ort-schema/protobuf folder - remove 'onnx-proto' from dependency.
  • apply fixes to generated onnx.d.ts

@fs-eire fs-eire merged commit 7dcb805 into main Jul 18, 2023
@fs-eire fs-eire deleted the fs-eire/web-upgrade-onnx-proto-ver branch July 18, 2023 23:36
@fs-eire fs-eire mentioned this pull request Jan 2, 2024
Open
siweic0 pushed a commit to siweic0/onnxruntime-web that referenced this pull request May 9, 2024
@fs-eire
[js/web] upgrade onnx-proto version (microsoft#16722)
b65909a 
### Description
This change upgrades a lot of dependencies. There are 2 motivations of
doing this change:
- fix the security issue reported by dependabot (protobufjs Prototype
Pollution vulnerability -
GHSA-h755-8qp9-cq85)
 - resolve the requirement of using ONNX IR_VERSION 9 (microsoft#16638)


This requires:
- upgrade protobufjs to v7.2.4
- upgrade library 'onnx-proto' to consume latest ONNX release (v1.14.0).

Problems:
- protobufjs v7.2.4 depends on long.js v5, which does not work well with
typescript (commonjs).
- onnx-proto depends on this fix with a new release of long.js
- long.js is in maintenance and it takes longer than expected to put in
new changes

Solutions:
- use a patch script in `preprepare` to copy type declarations to make
long.js work with typescript (commonjs)
- generate onnx protobuf JS/TS files and put them under
js/web/lib/onnxjs/ort-schema/protobuf folder - remove 'onnx-proto' from
dependency.
- apply fixes to generated onnx.d.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@satyajandhyala satyajandhyala satyajandhyala approved these changes

@guschmue guschmue guschmue approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fs-eire @guschmue @satyajandhyala