-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Downgrade onnxruntime due to security issue of mpmath #486
Conversation
Click to view CI ResultsGitHub pull request #486 of commit c9cd5fc8ea427b3e5c07687c1b918048aa8a32da, no merge conflicts. Running as SYSTEM Setting status of c9cd5fc8ea427b3e5c07687c1b918048aa8a32da to PENDING with url https://10.20.13.93:8080/job/merlin_merlin/273/console and message: 'Pending' Using context: Jenkins Building on master in workspace /var/jenkins_home/workspace/merlin_merlin using credential systems-login > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url https://github.com/NVIDIA-Merlin/Merlin # timeout=10 Fetching upstream changes from https://github.com/NVIDIA-Merlin/Merlin > git --version # timeout=10 using GIT_ASKPASS to set credentials login for merlin-systems > git fetch --tags --force --progress -- https://github.com/NVIDIA-Merlin/Merlin +refs/pull/486/*:refs/remotes/origin/pr/486/* # timeout=10 > git rev-parse c9cd5fc8ea427b3e5c07687c1b918048aa8a32da^{commit} # timeout=10 Checking out Revision c9cd5fc8ea427b3e5c07687c1b918048aa8a32da (detached) > git config core.sparsecheckout # timeout=10 > git checkout -f c9cd5fc8ea427b3e5c07687c1b918048aa8a32da # timeout=10 Commit message: "Downgrade onnxruntime due to security issue of mpmath" > git rev-list --no-walk 81428fe0f0b1e25ef8fc6a0f0bab00ac0daefa5c # timeout=10 [merlin_merlin] $ /bin/bash /tmp/jenkins3988803557015125267.sh ============================= test session starts ============================== platform linux -- Python 3.8.10, pytest-7.1.2, pluggy-1.0.0 rootdir: /var/jenkins_home/workspace/merlin_merlin/merlin plugins: anyio-3.6.1, xdist-2.5.0, forked-1.4.0, cov-3.0.0 collected 2 items |
arbitration: which initiative is this under ? |
@viswa-nvidia this is to fix the security warning we are getting on our containers with mpmath |
Documentation preview |
Click to view CI ResultsGitHub pull request #486 of commit a995ce80f908f3477b76edeb0b6d4a3afd243e13, no merge conflicts. Running as SYSTEM Setting status of a995ce80f908f3477b76edeb0b6d4a3afd243e13 to PENDING with url https://10.20.13.93:8080/job/merlin_merlin/309/console and message: 'Pending' Using context: Jenkins Building on master in workspace /var/jenkins_home/workspace/merlin_merlin using credential systems-login > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url https://github.com/NVIDIA-Merlin/Merlin # timeout=10 Fetching upstream changes from https://github.com/NVIDIA-Merlin/Merlin > git --version # timeout=10 using GIT_ASKPASS to set credentials login for merlin-systems > git fetch --tags --force --progress -- https://github.com/NVIDIA-Merlin/Merlin +refs/pull/486/*:refs/remotes/origin/pr/486/* # timeout=10 > git rev-parse a995ce80f908f3477b76edeb0b6d4a3afd243e13^{commit} # timeout=10 Checking out Revision a995ce80f908f3477b76edeb0b6d4a3afd243e13 (detached) > git config core.sparsecheckout # timeout=10 > git checkout -f a995ce80f908f3477b76edeb0b6d4a3afd243e13 # timeout=10 Commit message: "Merge branch 'main' into fix_mpmath_issue" > git rev-list --no-walk 13245f7ab276e4becb93e508dace9e1f863ef59d # timeout=10 [merlin_merlin] $ /bin/bash /tmp/jenkins17458370738669404074.sh ============================= test session starts ============================== platform linux -- Python 3.8.10, pytest-7.1.2, pluggy-1.0.0 rootdir: /var/jenkins_home/workspace/merlin_merlin/merlin plugins: anyio-3.6.1, xdist-2.5.0, forked-1.4.0, cov-3.0.0 collected 3 items |
The latest version of package 'onnxruntime' adds the new dependency 'sympy' which will introduce the security issue of 'mpmath'.
Use the build 1.11.1 as we used in 22.06