Skip to content

Bump onnx to 1.22.0 and protobuf to 6.33.5 to fix security CVEs#29606

Merged
kunal-vaishnavi merged 1 commit into
mainfrom
user/sushraja/fix_stale_packages
Jul 8, 2026
Merged

Bump onnx to 1.22.0 and protobuf to 6.33.5 to fix security CVEs#29606
kunal-vaishnavi merged 1 commit into
mainfrom
user/sushraja/fix_stale_packages

Conversation

@sushraja-msft

Copy link
Copy Markdown
Contributor

Update pinned dependencies in the llama and phi2 transformer model requirements to their patched versions, clearing the flagged 1ES Component Governance alerts.

Package changes:

  • onnx: 1.18.0 -> 1.22.0 (llama, phi2)
  • protobuf: 4.25.8 -> 6.33.5 (llama)

onnx 1.18.0 -> 1.22.0 (patched in 1.21.0) resolves:

  • CVE-2026-27489: path traversal via symlink (arbitrary file read)
  • CVE-2026-34445: unsafe setattr in ExternalDataInfo (object property overwrite via crafted model)
  • CVE-2026-28500: onnx.hub.load() trust-check bypass via silent=True
  • GHSA-q56x-g2fj-4rj6: TOCTOU arbitrary file read/write in save_external_data

protobuf 4.25.8 -> 6.33.5 resolves:

  • CVE-2026-0994: recursion-depth bypass in json_format.ParseDict() causing DoS (no fix in the 4.25.x line; patched in 5.29.6 / 6.33.5)

Versions align with the onnx==1.22.0 / protobuf==6.33.5 pairing already used across the repo's CI and transformers-test requirements.

Files:

  • onnxruntime/python/tools/transformers/models/llama/requirements.txt
  • onnxruntime/python/tools/transformers/models/phi2/requirements.txt

Update pinned dependencies in the llama and phi2 transformer model
requirements to their patched versions, clearing the flagged 1ES
Component Governance alerts.

Package changes:
- onnx: 1.18.0 -> 1.22.0 (llama, phi2)
- protobuf: 4.25.8 -> 6.33.5 (llama)

onnx 1.18.0 -> 1.22.0 (patched in 1.21.0) resolves:
- CVE-2026-27489: path traversal via symlink (arbitrary file read)
- CVE-2026-34445: unsafe setattr in ExternalDataInfo (object property
  overwrite via crafted model)
- CVE-2026-28500: onnx.hub.load() trust-check bypass via silent=True
- GHSA-q56x-g2fj-4rj6: TOCTOU arbitrary file read/write in
  save_external_data

protobuf 4.25.8 -> 6.33.5 resolves:
- CVE-2026-0994: recursion-depth bypass in json_format.ParseDict()
  causing DoS (no fix in the 4.25.x line; patched in 5.29.6 / 6.33.5)

Versions align with the onnx==1.22.0 / protobuf==6.33.5 pairing already
used across the repo's CI and transformers-test requirements.

Files:
- onnxruntime/python/tools/transformers/models/llama/requirements.txt
- onnxruntime/python/tools/transformers/models/phi2/requirements.txt
@kunal-vaishnavi kunal-vaishnavi enabled auto-merge (squash) July 7, 2026 23:08
@kunal-vaishnavi kunal-vaishnavi merged commit c4f1961 into main Jul 8, 2026
88 checks passed
@kunal-vaishnavi kunal-vaishnavi deleted the user/sushraja/fix_stale_packages branch July 8, 2026 00:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants