Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove coremltools submodule *security vulnerability* and copy the coreml model schema #10424

Merged
merged 3 commits into from
Jan 28, 2022
Merged

Remove coremltools submodule *security vulnerability* and copy the coreml model schema #10424

merged 3 commits into from
Jan 28, 2022

Conversation

guoyu-wang
Copy link
Contributor

Description: Remove coremltools submodule and copy the coreml model schema

Motivation and Context

  • coremltools contains protobuf 3.3.0 (https://github.com/apple/coremltools/blob/main/deps/protobuf/js/package.json), which is marked as security vulnerability need to be address ASAP
  • Although we don't use the javascript part of coremltools, there is no way we can partially sync the coremltools repo
  • Since we are only using coreml model schemas, copied them into our repo and added a readme on how to update them
  • Removed coremltools submodule

edgchen1
edgchen1 reviewed Jan 28, 2022
View reviewed changes
onnxruntime/core/providers/coreml/mlmodel_format/README.md

# Core ML Model Format Schema version history
## [coremltools 4.0](https://github.com/apple/coremltools/releases/tag/4.0)
[Core ML Model Format Specification](https://github.com/apple/coremltools/tree/4.0/mlmodel/format)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this reflect the current content of this directory?
nit: could we use a more permanent link? https://github.com/apple/coremltools/tree/523d5e03d86c26267ee6bdf17dd20f6ce6bdadd7/mlmodel/format

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think 4.0 is a tag. Usually a tag won't change.

@guoyu-wang guoyu-wang merged commit 5f0ba31 into master Jan 28, 2022
@guoyu-wang guoyu-wang deleted the gwang-msft/coreml-security branch January 28, 2022 20:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snnn snnn snnn approved these changes

@edgchen1 edgchen1 edgchen1 approved these changes

@skottmckay skottmckay Awaiting requested review from skottmckay

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@guoyu-wang @snnn @edgchen1