mirror of
https://github.com/saymrwulf/onnxruntime.git
synced 2026-05-16 21:00:14 +00:00
65 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Prathik Rao
|
134f47743e
|
bumps up version in main from 1.19 -> 1.20 (#21588)
Bump up version in main from 1.19.0 to 1.20.0 since the release branch has been cut. |
||
|
Yulong Wang
|
01df8c787d
|
[js/web] fix vulnerable version of dependencies (#21412)
### Description ``` # npm audit report socket.io 3.0.0 - 4.6.2 Severity: high socket.io has an unhandled 'error' event - https://github.com/advisories/GHSA-25hc-qcg6-38wj Depends on vulnerable versions of engine.io fix available via `npm audit fix` node_modules/socket.io ws 8.0.0 - 8.17.0 Severity: high ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q fix available via `npm audit fix` node_modules/ws engine.io 0.7.8 - 0.7.9 || 6.0.0 - 6.5.4 Depends on vulnerable versions of ws node_modules/engine.io socket.io-adapter 2.5.2 - 2.5.4 Depends on vulnerable versions of ws node_modules/socket.io-adapter 4 high severity vulnerabilities ``` |
||
|
Yang Gu
|
1473d66a00
|
[js/webgpu] Prefer adapter.info to adapter.requestAdapterInfo (#21065)
WebGPU is deprecating async adapter.requestAdapterInfo, and replacing it with sync adapter.info. Spec change: https://github.com/gpuweb/gpuweb/pull/4662 |
||
|
Jian Chen
|
4e18b0b7ce
|
Upgrade braces from 3.0.2 to 3.0.3 to fix the vulnerability (#21022) | ||
|
Yulong Wang
|
036fcd93d4
|
[js/web] optimize module export and deployment (#20165)
### Description This PR make numbers of optimizations to onnxruntime-web's module export and deployment. See each section below for more details. #### Preview > [onnxruntime-web@1.19.0-esmtest.20240513-a16cd2bd21](https://www.npmjs.com/package/onnxruntime-web/v/1.19.0-esmtest.20240513-a16cd2bd21) > ~~onnxruntime-web@1.19.0-esmtest.20240430-c7edbcc63d~~ > ~~onnxruntime-web@1.18.0-esmtest.20240428-624c681c83~~ > ~~onnxruntime-web@1.18.0-esmtest.20240411-1abb64e894~~ <details> <summary><h4>Breaking changes</h4></summary> There is no code change required, but there are a few differences regarding **code import**, **flags**, **bundler config** and **deployment steps**. #### Importing: Import table is changed. See following for details. <details> <summary><h5>Current import table:</h5></summary> | Target Name | Path for "import" or "require" | WebGL | JSEP | wasm | Proxy | Training | |------|-----|-----|-----|-----|-----|-----| | `ort` (default) | `onnxruntime-web` | ✔️ | ❌ | ✔️ | ✔️ | ❌ | | `ort.all` | `onnxruntime-web/experimental` | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | | `ort.node` | `onnxruntime-web` | ❌ | ❌ | ✔️ | ❌ | ❌ | | `ort.training` | `onnxruntime-web/training` | ❌ | ❌ | ✔️ | ✔️<sup>\[1]</sup> | ✔️ | | `ort.wasm` | `onnxruntime-web/wasm` | ❌ | ❌ | ✔️ | ✔️ | ❌ | | `ort.wasm-core` | `onnxruntime-web/wasm-core` | ❌ | ❌ | ✔️ | ❌ | ❌ | | `ort.webgl` | `onnxruntime-web/webgl` | ✔️ | ❌ | ❌ | ✔️<sup>\[2]</sup> | ❌ | | `ort.webgpu` | `onnxruntime-web/webgpu` | ❌ | ✔️ | ✔️ | ✔️ | ❌ | * [1] didn't test. may not actually work. * [2] not working. this is a mistake in build config. </details> <details> <summary><h5>Proposed update:</h5></summary> | Target Name | Path for "import" or "require" | WebGL | JSEP | wasm | Proxy | Training | |------|-----|-----|-----|-----|-----|-----| | `ort` (default) | `onnxruntime-web` | ✔️ | ❌ | ✔️ | ✔️ | ❌ | | `ort.all` | ~~`onnxruntime-web/experimental`~~<br/>`onnxruntime-web/all` | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | | `ort.node` | `onnxruntime-web` | ❌ | ❌ | ✔️ | ❌ | ❌ | | `ort.training` | `onnxruntime-web/training` | ❌ | ❌ | ✔️ | ✔️ | ✔️ | | `ort.wasm` | `onnxruntime-web/wasm` | ❌ | ❌ | ✔️ | ✔️ | ❌ | | ~~`ort.wasm-core`~~ | ~~`onnxruntime-web/wasm-core`~~ | ~~❌~~ | ~~❌~~ | ~~✔️~~ | ~~❌~~ | ~~❌~~ | | `ort.webgl` | `onnxruntime-web/webgl` | ✔️ | ❌ | ❌ | ~~✔️~~ ❌ | ❌ | | `ort.webgpu` | `onnxruntime-web/webgpu` | ❌ | ✔️ | ✔️ | ✔️ | ❌ | </details> #### Flags: The following flags are deprecated: - `env.wasm.simd` (boolean): will be ignored. SIMD is always enabled in build. The following flags changed their type: - `env.wasm.wasmPaths`: When using this flag as a string ( for the URL prefix ), nothing is changed. When using this flag as an object ( for per-file path override ), the type changed: ```diff - export interface Old_WasmFilePaths{ - 'ort-wasm.wasm'?: string; - 'ort-wasm-threaded.wasm'?: string; - 'ort-wasm-simd.wasm'?: string; - 'ort-training-wasm-simd.wasm'?: string; - 'ort-wasm-simd-threaded.wasm'?: string; - }; + export interface New_WasmFilePaths { + /** + * Specify the override path for the main .wasm file. + * + * This path should be an absolute path. + * + * If not modified, the filename of the .wasm file is: + * - `ort-wasm-simd-threaded.wasm` for default build + * - `ort-wasm-simd-threaded.jsep.wasm` for JSEP build (with WebGPU and WebNN) + * - `ort-training-wasm-simd-threaded.wasm` for training build + */ + wasm?: URL|string; + /** + * Specify the override path for the main .mjs file. + * + * This path should be an absolute path. + * + * If not modified, the filename of the .mjs file is: + * - `ort-wasm-simd-threaded.mjs` for default build + * - `ort-wasm-simd-threaded.jsep.mjs` for JSEP build (with WebGPU and WebNN) + * - `ort-training-wasm-simd-threaded.mjs` for training build + */ + mjs?: URL|string; + } ``` #### Bundler compatibility: Config changes are need for bundlers. See usage example in /js/web/test/e2e/ for Webpack, parcel and rollup. #### Deployment: - if consuming from a CDN, there is no breaking change. - if consuming from a local server, need to copy all `ort-*.wasm` and `ort-*.mjs` files (totally 6 files) in the dist folder. (previously only need to copy `ort-*.wasm` files.) </details> <details> <summary><h4>Problems</h4></summary> There are a few problems with the current module export and deployment: - Script URL cannot be correctly inferred when imported as ESM. - Workers are forcefully encoded using Blob URL, which makes onnxruntime-web not working in CSP environment and Node.js, when using proxy or multi-threading feature. - Generated JS code (by Emscripten) is encoded using `function.toString()`, which is unstable and error-prone. - When running with a different Emscripten build, always need the build step. Making it difficult to swap artifacts in deveopment/debug. </details> <details> <summary><h4>Goals</h4></summary> - Full ESM support - Support variances of ways to import. Including: - import from HTML's `<script>` tag (IIFE format, exporting to global variable `ort`) ```html <script src="https://example.com/cdn-path-to-onnxruntime-web/dist/ort.min.js"></script> ``` - import from source code inside `<script type="module">` tag (ESM) ```html <script type="module"> import * as ort from "https://example.com/cdn-path-to-onnxruntime-web/dist/ort.min.mjs"; // using 'ort' </script> ``` - import in a CommonJS project (CJS format, resolve from package.json "exports" field) ```js // myProject/main.js const ort = require('onnxruntime-web'); ``` - import in an ESM project (ESM format, resolve from package.json "exports" field) ```js // myProject/main.js (or main.mjs) import * as ort from 'onnxruntime-web'; ``` - Support popular bundlers when importing onnxruntime-web into a CJS/ESM project. - webpack (esm requires extra post-process step) - rollup - parcel (esm requires extra post-process step) - More bundlers **TBD** - Multi-threading support for Node.js NOTE: keeping single JavaScript file (the all-in-one bundle) is no longer a goal. This is because technically there is a conflict with the other requirements. </details> <details> <summary><h4>Important Design Decisions</h4></summary> - Drop support of single JavaScript output. - The current onnxruntime-web distribution uses a single JavaScript file to include all code. While there are a few benefits, it also creates problems as mentioned above. Since ESM is being used more and more widely, and browsers are making more restricted security checks and requirement, the old Blob based solution is going to be replaced. - To achieve the requirement, specifically, the CSP environment support, we have to offer a non Blob based solution. Therefore, we have to distribute multiple files and drop the single file solution. - Do not run parser/postprocess on Emscripten generated JavaScript. - Emscripten is evolving quickly so we should only depends on what's in its documentation instead of a certain implementation details. (for example, currently we patch on its code to deal with a special variable `_scriptDir`) - Keep the generated files as-is also helps to: - reduce the size of ort.min.js - make it easier to replace build artifacts when in development/debug - Drop support for non-SIMD and non-MultiThread. This helps to reduce the number of artifacts in distribution. - (fixed-sized) SIMD is supported in any mainstream JS environment. - Multi-thread as WebAssembly feature is supported in any mainstream JS environment. In some environment the feature is guarded with cross origin policy, but it can still work if not trying to create any worker. - Use ESM output for Emscripten generated JavaScript. - There are 2 ways to dynamically import classic (umd) modules and neither of them are recommended: - dynamically creating a <script> tag. This changes the HTML structure and have quite a lot of compatibility issue - use `fetch()` and `eval()`. However `eval` is strongly suggested to be avoid because there is a great perf hit. - importing ESM is super easy - just use the `import()` call. Considering ESM is widely supported in modern browsers and Node.js this is the better option. - Add Blob based solution as a fallback for cross-origin workers. - There are still wide use case of importing onnxruntime-web from CDN. In this usage, make it able create worker by using `fetch()`+`Blob` to create a same-origin Blob URL. </details> <details> <summary><h4>Distribution File Manifest</h4></summary> The distribution folder contains the following files: - WebAssembly artifacts. These files are the result of compiling the ONNX Runtime C++ code to WebAssembly by Emscripten. | File Name | Build Flags | |------|-----| | ort-wasm-simd-threaded.mjs <br/> ort-wasm-simd-threaded.wasm | `--enable_wasm_simd` <br/> `--enable_wasm_threads` | | ort-training-wasm-simd-threaded.mjs <br/> ort-training-wasm-simd-threaded.wasm | `--enable_training_apis` <br/> `--enable_wasm_simd` <br/> `--enable_wasm_threads` | | ort-wasm-simd-threaded.jsep.mjs <br/> ort-wasm-simd-threaded.jsep.wasm | `--enable_wasm_simd` <br/> `--enable_wasm_threads` <br/> `--use_jsep` <br/> `--use_webnn` | - onnxruntime-web JavaScript artifacts. These files are generated by ESBuild as the entry point for onnxruntime-web. There are multiple build targets for different use cases: | Target Name | Path for "import" or "require" | Description | |------|-----|-----| | `ort` | `onnxruntime-web` | The default target. | | `ort.all` | `onnxruntime-web/all` | The target including webgl. | | `ort.node` | `onnxruntime-web` | The default target for Node.js. | | `ort.training` | `onnxruntime-web/training` | The target including training APIs | | `ort.wasm` | `onnxruntime-web/wasm` | The target including only WebAssembly (CPU) EP | | `ort.webgl` | `onnxruntime-web/webgl` | The target including only WebGL EP | For each target, there are multiple files generated: | File Name | Description | |------|-----| | [target].js | The entry point for the target. IIFE and CommonJS format. | | [target].mjs | The entry point for the target. ESM format. | | [target].min.js <br/> [target].min.js.map | The entry point for the target. Minimized with sourcemap. IIFE and CommonJS format. | | [target].min.mjs <br/> [target].min.mjs.map | The entry point for the target. Minimized with sourcemap. ESM format. | | [target].proxy.mjs | (if appliable) The proxy ESM module for the target. | | [target].proxy.min.mjs <br/> [target].proxy.min.mjs.map | (if appliable) The proxy ESM module for the target. Minimized with sourcemap. | </details> <details> <summary><h4>Dynamic Import Explained</h4></summary> - Local Served | No Proxy: ``` [Bundle or ort.min.js] | + import()--> [ort-wasm-simd-threaded.mjs] | + WebAssembly.instantiateStreaming()--> [ort-wasm-simd-threaded.wasm] | + new Worker()--> [ort-wasm-simd-threaded.mjs (worker)] | + WebAssembly.instantiateStreaming()--> [ort-wasm-simd-threaded.wasm] ``` - Local Served | Proxy: ``` [Bundle or ort.min.js] | + import()--> [ort.proxy.min.mjs] | + new Worker()--> [ort.proxy.min.mjs (worker)] | + import()--> [ort-wasm-simd-threaded.mjs] | + WebAssembly.instantiateStreaming()--> [ort-wasm-simd-threaded.wasm] | + new Worker()--> [ort-wasm-simd-threaded.mjs (worker)] | + WebAssembly.instantiateStreaming()--> [ort-wasm-simd-threaded.wasm] ``` - Cross Origin | No Proxy: ``` [Bundle or ort.min.js] | + fetch('ort-wasm-simd-threaded.mjs') | + URL.createObjectURL(res.blob()) | + import()--> [blob:... (ort-wasm-simd-threaded)] | + WebAssembly.instantiateStreaming()--> [ort-wasm-simd-threaded.wasm] | + new Worker()--> [blob:... (ort-wasm-simd-threaded) (worker)] | + WebAssembly.instantiateStreaming()--> [ort-wasm-simd-threaded.wasm] ``` - Cross Origin | Proxy ``` [Bundle or ort.min.js] | + fetch('ort.proxy.min.mjs') | + URL.createObjectURL(res.blob()) | + import()--> [blob:... (ort.proxy)] | + new Worker()--> [blob:... (ort.proxy) (worker)] | + fetch('ort-wasm-simd-threaded.mjs') | + URL.createObjectURL(res.blob()) | + import()--> [blob:... (ort-wasm-simd-threaded)] | + WebAssembly.instantiateStreaming()--> [ort-wasm-simd-threaded.wasm] | + new Worker()--> [blob:... (ort-wasm-simd-threaded) (worker)] | + WebAssembly.instantiateStreaming()--> [ort-wasm-simd-threaded.wasm] ``` </details> |
||
|
Yi-Hong Lyu
|
b2481e3602
|
Bump up version in main from 1.18.0 to 1.19.0 (#20489)
Bump up version in main from 1.18.0 to 1.19.0 since the release branch has been cut. --------- Co-authored-by: Edward Chen <18449977+edgchen1@users.noreply.github.com> |
||
|
dependabot[bot]
|
9ca1afa25c
|
Bump protobufjs from 7.2.4 to 7.2.5 in /js/web (#20270)
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.2.4 to 7.2.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/protobufjs/protobuf.js/releases">protobufjs's releases</a>.</em></p> <blockquote> <h2>protobufjs: v7.2.5</h2> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.4...protobufjs-v7.2.5">7.2.5</a> (2023-08-21)</h2> <h3>Bug Fixes</h3> <ul> <li>crash in comment parsing (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/1890">#1890</a>) (<a href=" |
||
|
dependabot[bot]
|
afdab62f53
|
Bump follow-redirects from 1.15.4 to 1.15.6 in /js/web (#19949)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Yulong Wang
|
d69b622ef4
|
[js/web] upgrade dependency packages version (#19193)
### Description upgrade packages version. ``` # npm audit report electron 23.0.0-alpha.1 - 23.3.13 Severity: moderate ASAR Integrity bypass via filetype confusion in electron - https://github.com/advisories/GHSA-7m48-wc93-9g85 fix available via `npm audit fix --force` Will install electron@28.1.4, which is a breaking change node_modules/electron get-func-name <2.0.1 Severity: high Chaijs/get-func-name vulnerable to ReDoS - https://github.com/advisories/GHSA-4q6p-r6v2-jvc5 fix available via `npm audit fix` node_modules/get-func-name semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via `npm audit fix` node_modules/cross-spawn/node_modules/semver node_modules/global-agent/node_modules/semver node_modules/semver ``` |
||
|
Rachel Guo
|
bd9d8fb2a5
|
[ORT 1.17.0 release] Bump up version to 1.18.0 (#19170)
### Description <!-- Describe your changes. --> Bump up version to 1.18.0 since the release branch has been cut. ### Motivation and Context <!-- - Why is this change required? What problem does it solve? - If it fixes an open issue, please link to the issue here. --> Co-authored-by: rachguo <rachguo@rachguos-Mini.attlocal.net> |
||
|
dependabot[bot]
|
5373c0c730
|
Bump follow-redirects from 1.15.2 to 1.15.4 in /js/web (#19068)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.2 to 1.15.4. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Yulong Wang
|
6b0c97b43f
|
[js/web] fix typescript type check (#18343)
### Description This PR fixes the TypeScript type check. Previously, when I use esbuild to replace webpack (#17745), typescript typecheck was disabled. This causes a few TypeScript type error checked in into the code base. This PR fixes the followings: - Use "Node16" as default "module" value in tsconfig.json, because in TypeScript v5, `(module == "ES2015" && moduleResolution == "Node16")` is an invalid combination. - Set `noUnusedParameters` to true as default. in web override it to false because multiple code need to be updated ( a following-up PR will do this ) - set correct project file for 'web/lib/**/*.ts' for ESLint (otherwise WebGPU types are not populated correctly) - fix type error in file js/web/lib/wasm/jsep/webgpu/program-manager.ts - upgrade "@webgpu/types" to latest to fix type error in file js/web/lib/wasm/jsep/backend-webgpu.ts - add package script "prebuild" for web to run tsc type check - add type check in CI yml file |
||
|
Vincent Wang
|
e6301eee6a
|
Bump Up Version to 1.17.0 (#17587)
Bump up version to 1.17.0 as the 1.16.0 release branch had been branched out. |
||
|
dependabot[bot]
|
eaef485461
|
Bump electron from 23.1.2 to 23.3.13 in /js/web (#17436)
Bumps [electron](https://github.com/electron/electron) from 23.1.2 to 23.3.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/electron/electron/releases">electron's releases</a>.</em></p> <blockquote> <h2>electron v23.3.13</h2> <h1>Release Notes for v23.3.13</h1> <h2>End of Support for 23.x.y</h2> <p>Electron 23.x.y has reached end-of-support as per the project's <a href="https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy">support policy</a>. Developers and applications are encouraged to upgrade to a newer version of Electron.</p> <h2>electron v23.3.12</h2> <h1>Release Notes for v23.3.12</h1> <h2>Other Changes</h2> <ul> <li>Fixed a crash while screen sharing on Wayland with PipeWire. <a href="https://redirect.github.com/electron/electron/pull/39274">#39274</a></li> <li>Security: backported fix for CVE-2023-3732. <ul> <li>Security: backported fix for CVE-2023-3728.</li> <li>Security: backported fix for CVE-2023-3730. <a href="https://redirect.github.com/electron/electron/pull/39268">#39268</a></li> </ul> </li> </ul> <h2>electron v23.3.11</h2> <h1>Release Notes for v23.3.11</h1> <h2>Fixes</h2> <ul> <li>Fixed a crash when listing desktop capture sources on Wayland with PipeWire. <a href="https://redirect.github.com/electron/electron/pull/39116">#39116</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/39050">24</a>, <a href="https://redirect.github.com/electron/electron/pull/39051">25</a>, <a href="https://redirect.github.com/electron/electron/pull/39049">26</a>)<!-- raw HTML omitted --></li> </ul> <h2>electron v23.3.10</h2> <h1>Release Notes for v23.3.10</h1> <h2>Other Changes</h2> <ul> <li>Security: backported fix for CVE-2023-3422. <ul> <li>Security: backported fix for CVE-2023-3421.</li> <li>Security: backported fix for CVE-2023-3420.</li> <li>Security: backported fix for 1454860. <a href="https://redirect.github.com/electron/electron/pull/38948">#38948</a></li> </ul> </li> </ul> <h2>electron v23.3.9</h2> <h1>Release Notes for v23.3.9</h1> <h2>Fixes</h2> <ul> <li>Fixed <code>preload</code> script may not run in some child windows opened by <code>window.open</code>. <a href="https://redirect.github.com/electron/electron/pull/38933">#38933</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/38932">24</a>, <a href="https://redirect.github.com/electron/electron/pull/38931">25</a>, <a href="https://redirect.github.com/electron/electron/pull/38930">26</a>)<!-- raw HTML omitted --></li> <li>Fixed minimize button to be visible when all buttons reenabled. <a href="https://redirect.github.com/electron/electron/pull/38880">#38880</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/38881">24</a>, <a href="https://redirect.github.com/electron/electron/pull/38879">25</a>)<!-- raw HTML omitted --></li> </ul> <h2>electron v23.3.8</h2> <h1>Release Notes for v23.3.8</h1> <h2>Other Changes</h2> <ul> <li>Security: backported fix for CVE-2023-3215. <ul> <li>Security: backported fix for CVE-2023-3216.</li> <li>Security: backported fix for 1450536. <a href="https://redirect.github.com/electron/electron/pull/38788">#38788</a></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Yulong Wang
|
53c771f215
|
[js/common] add unit tests for onnxruntime-common (#16812)
### Description "onnxruntime-common" starts to get more and more complicated, so it's a good idea to add unit tests for it. Includes the following changes: - move `mocha` from each subfolder (js/web/, js/node/) to root (js/), so that it will be installed once and all subfolder can use. - add folder `test` in js/common/ as root folder for ort-common tests. - add sub folder `type-tests`. this folder contains a few typescript source code, which are excluded from the tsconfig.json. they are not compiled by default. instead, file `type-tests.ts` calls typescript compiler (tsc) to check for the files under this folder whether the compilation result is as expected. If tsc compiles a file successfully when a failure is expected, this is considered an failed test. - add sub folder `unit-tests`. files under this folder will be compiled by default. we use default mode of mocha (using `describe()` and `it()`) to setup test groups and cases. - update eslint rules accordingly. |
||
|
Yulong Wang
|
7dcb805ab8
|
[js/web] upgrade onnx-proto version (#16722)
### Description This change upgrades a lot of dependencies. There are 2 motivations of doing this change: - fix the security issue reported by dependabot (protobufjs Prototype Pollution vulnerability - https://github.com/advisories/GHSA-h755-8qp9-cq85) - resolve the requirement of using ONNX IR_VERSION 9 (#16638) This requires: - upgrade protobufjs to v7.2.4 - upgrade library 'onnx-proto' to consume latest ONNX release (v1.14.0). Problems: - protobufjs v7.2.4 depends on long.js v5, which does not work well with typescript (commonjs). - onnx-proto depends on this fix with a new release of long.js - long.js is in maintenance and it takes longer than expected to put in new changes Solutions: - use a patch script in `preprepare` to copy type declarations to make long.js work with typescript (commonjs) - generate onnx protobuf JS/TS files and put them under js/web/lib/onnxjs/ort-schema/protobuf folder - remove 'onnx-proto' from dependency. - apply fixes to generated onnx.d.ts |
||
|
dependabot[bot]
|
03216e2313
|
Bump socket.io-parser from 4.2.2 to 4.2.3 in /js/web (#16068) | ||
|
dependabot[bot]
|
58ee076750
|
Bump engine.io from 6.4.1 to 6.4.2 in /js/web (#15799)
Bumps [engine.io](https://github.com/socketio/engine.io) from 6.4.1 to 6.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/socketio/engine.io/releases">engine.io's releases</a>.</em></p> <blockquote> <h2>6.4.2</h2> <p>⚠️ This release contains an important security fix ⚠️</p> <p>A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:</p> <pre><code>TypeError: Cannot read properties of undefined (reading 'handlesUpgrades') at Server.onWebSocket (build/server.js:515:67) </code></pre> <p>Please upgrade as soon as possible.</p> <h3>Bug Fixes</h3> <ul> <li>include error handling for Express middlewares (<a href="https://redirect.github.com/socketio/engine.io/issues/674">#674</a>) (<a href=" |
||
|
Changming Sun
|
1fb2f2605b
|
Update VERSION_NUMBER (#15773)
### Description 1. Update VERSION_NUMBER for preparing the upcoming release. This PR's commit will not be included in the 1.15 release branch 2. Delete package/rpm/onnxruntime.spec since it was not used in past years. ### Motivation and Context Preparing the release. Fixed [AB#15311](https://aiinfra.visualstudio.com/6a833879-cd9b-44a4-a9de-adc2d818f13c/_workitems/edit/15311) |
||
|
Yulong Wang
|
14cc02c65c
|
[js/web] WebGPU backend via JSEP (#14579)
### Description
This change introduced the following new components into ONNX Runtime
Web:
- JavaScript Execution Provider (JSEP)
- Asynchronized inferencing execution powered by Emscripten's Asyncify
- WebGPU backend implemented in TypeScript
- initial implementation of kernels:
- elementwise operators (22)
- binary operators (5)
- tensor: Shape, Reshape, Transpose, Gemm
- nn: Conv, {Global}Maxpool, {Global}AveragePool
Code need to be polished. still working on it.
## Q&A
What is JSEP?
> JSEP, aka JavaScript Execution Provider, is a new ONNXRuntime
execution provider that specifically works on Web environment
(browsers). JSEP allows JavaScript code to kick in from various places
when ONNX Runtime inferences a model.
Why JSEP?
> JSEP is a hybrid mode EP that contains both C/C++ and
TypeScript/JavaScript implementation. There are 2 strong reasons why we
introduces JSEP:
> 1. the C/C++ part helps JSEP to leverage ONNX Runtime's capabilities
as much as possible including graph transformer, optimizers and also the
capabilities to fallback to CPU EP. TypeScript/JavaScript helps JSEP to
develop and debug much easier in the browser for the kernel
implementation.
> 2. the requirement of asynchronized execution from JavaScript API (eg.
`buffer.mapAsync()`) makes it impossible to run `OrtRun()` in a
synchronized context (see "async problem" section below). This is done
by using Emscripten's Asyncify.
What is WebGPU?
> WebGPU is the new GPU API that available in browser. It's one of the
only 2 APIs that currently available to access the GPU from browser (the
other is WebGL).
> WebGPU is designed with more advanced and stronger features comparing
to WebGL and is potentially solution that offer the best GPU performance
for model inferencing that currently available.
What is the async problem and why we have the problem?
> The "async problem" is a problem that you cannot call an async
function in a synchronous context. Think about the following C++ code:
> ```c
> // C-style declarations (API)
> typedef void (*ON_COMPLETE)(PVOID state, DATA *data);
> void read_data_from_file(FILEHANDLE file, ON_COMPLETE on_complete);
>
> // implementation
> DATA * my_impl_read_data_from_file_sync(FILEHANDLE file) {
> // how to implement?
> }
> ```
> The answer is, it's impossible to implement this function. Usually we
try to find a sync version API, or launch a thread to call the async
function and sync-wait on the main thread. Unfortunately, in browser
environment, neither is possible.
>
> WebGPU does not offer any synchronized API for data downloading (GPU
to CPU). This is the only operation that MUST be async. As `OrtRun()`
will eventually call into DataTransfer for copy data from GPU to CPU,
and `OrtRun()` is a synchronized function, this cannot be done in normal
way.
What is Emscripten? How is the Asyncify feature resolved the problem?
> Emscripten is the C/C++ compiler for WebAssembly. It's what we use to
compile ORT and generates the WebAssembly artifacts which runs on
browsers.
>
> Asyncify is a [compiler
feature](https://emscripten.org/docs/porting/asyncify.html) that allows
calling async functions from a synchronized context. In short, it
generates code to unwind and rewind call stack to emulate async
execution. With this feature, we are able to call the async function
inside `OrtRun()` call.
## Design Overview
**Inter-op**
JSEP is doing pretty much same thing to just another EP. It exposes an
interface for inter-op with JavaScript, which is defined in
onnxruntime/wasm/js_internal_api.js:
```js
// init JSEP
Module["jsepInit"] = function (backend, alloc, free, copy, copyAsync, createKernel, releaseKernel, run) {
Module.jsepBackend = backend;
Module.jsepAlloc = alloc;
Module.jsepFree = free;
Module.jsepCopy = copy;
Module.jsepCopyAsync = copyAsync;
Module.jsepCreateKernel = createKernel;
Module.jsepReleaseKernel = releaseKernel;
Module.jsepRun = run;
};
```
This simple JavaScript snippet defines all language barrier level
functions that requires by JSEP to achieve implementing kernels and data
transfers using JavaScript inside ONNX Runtime:
- `jsepBackend`: assign the singleton object to webassembly module
- `jsepAlloc` and `jsepFree`: implementation of data transfer's Alloc()
and Free()
- `jsepCopy`: synchronized copy ( GPU to GPU, CPU to GPU)
- `jsepCopyAsync`: asynchronized copy ( GPU to CPU)
- `jsepCreateKernel` and `jsepReleaseKernel`: a corresponding object
that maintained in JS to match lifecycle of Kernel in ORT
- `jsepRun`: OpKernel::Compute() should call into this
The abstraction above allows to tie as little as possible connections
and dependencies between C/C++ and TypeScript/JavaScript.
**Resource Management**
Lifecycle of tensor data and kernels are managed by ORT(C/C++) but the
implementation are left to JavaScript. JavaScript code are responsible
to implement the callbacks correctly.
For WebGPU, the GPU data is managed by JavaScript using a singleton map
(tensot_data_id => GPUBuffer). GPU pipeline is managed as singleton.
Shaders are managed using a singletonmap (shader_key => gpu_program),
while shader_key is generated by cache_key (OP specific, including
attributes) and input shapes.
**about data transfer**
`js::DataTransfer::CopyTensor` implemented to call either synchronized
or asynchronized copy callback, depending on the destination is GPU or
not. Emscripten's macro `EM_ASYNC_JS` is used to wrap the async function
to be called in the synchronized context.
**run kernel in JS**
Kernel class constructor calls once `jsepCreateKernel()` with an
optional per-kernel specific serialization to pass attributes into
JavaScript.
`Compute()` are implemented in a way that a metadata serialization is
performed in a base class and JavaScript code can access the data using
the Emscripten specific builtin macro `EM_ASM_*`.
**disabled features**
memory pattern is force disabled, because the WebGPU data is not
presented by a general memory model (a buffer can be represented by
offset + size).
concurrent run support is disabled. WebGPU is stateful and it also has
async function call. To support concurrent run will significantly
increase the complexity and we don't get any real benefit from it.
**prefer channels last**
JSEP prefers channels last and returns `DataLayout::NHWC` in method
`GetPreferredLayout()`. This will let the graph transformers to
preprocess the graph into a channels last form so that a more optimized
WebGPU shader can be used.
**Testing code**
It's impossible to test JSEP directly because JSEP itself does not
contain any kernel implementation. However, it has the kernel
registration which need to work together with the corresponding
JavaScript code. There are unit tests that run onnx models from
JavaScript API.
---------
Co-authored-by: Scott McKay <skottmckay@gmail.com>
|
||
|
Yulong Wang
|
f972d21e81
|
[js] upgrade dependencies and enable strict mode (#14930)
### Description
This PR includes the following changes:
- upgrade js dependencies
- enable STRICT mode for web assembly build.
- corresponding fix for cmake-js upgrade
- corresponsing fix for linter upgrade
- upgrade default typescript compile option of:
- `moduleResolution`: from `node` to `node16`
- `target`: from `es2017` to `es2020`
- fix ESM module import in commonJS source file
## change explanation
### changes to onnxruntime_webassembly.cmake
`-s WASM=1` and `-s LLD_REPORT_UNDEFINED` in latest version is
by-default and deprecated.
### changes to onnxruntime_node.cmake
The npm package `cmake-js` updated its way to find file `node.lib`.
previously it downloads this file from Node.js public release channel,
and now it generates it from a definition file.
The node.js release channel does not contain a windows/arm64 version, so
previously cmake-js will fail to download `node.lib` for that platform.
this is why we made special handling to download the unofficial binary
to build. now this is no longer needed so we removed that from the cmake
file.
### changes to tsconfig.json
`node16` module resolution supports async import and `es2020` as target
supports top level await.
|
||
|
dependabot[bot]
|
a5dab850b8
|
Bump jszip from 3.7.1 to 3.8.0 in /js/web (#14536) | ||
|
dependabot[bot]
|
7b75ebdb31
|
Bump http-cache-semantics from 4.1.0 to 4.1.1 in /js/web (#14535) | ||
|
dependabot[bot]
|
b5b70eaa8c
|
Bump ua-parser-js from 0.7.31 to 0.7.33 in /js/web (#14435) | ||
|
Rui Ren
|
eacd829d23
|
Bump ORT version number (#14226)
### Description Bump ort version after the creation of release candidate of 1.14 Co-authored-by: ruiren <ruiren@microsoft.com> |
||
|
dependabot[bot]
|
3c695f78fe
|
Bump electron from 15.5.5 to 18.3.7 in /js/web (#13617)
Bumps [electron](https://github.com/electron/electron) from 15.5.5 to 18.3.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/electron/electron/releases">electron's releases</a>.</em></p> <blockquote> <h2>electron v18.3.7</h2> <h1>Release Notes for v18.3.7</h1> <h2>Fixes</h2> <ul> <li>Fixed WCO not responding to touch events on windows. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35177">#35177</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/35176">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/35174">20</a>)<!-- raw HTML omitted --></li> <li>Fixed <code>webContents.getUserAgent()</code> incorrectly returning an empty string unless previously set. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35130">#35130</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/35151">17</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/35132">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/35131">20</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue in which calling setBounds() after e.preventDefault in a 'will-move' or 'will-resize' event wouldn't change the window's shape until the mouse button was released. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35082">#35082</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/35083">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/35084">20</a>)<!-- raw HTML omitted --></li> <li>Fixed context menu not showing all items on macOS when dock is not hidden. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35198">#35198</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/35199">19</a>)<!-- raw HTML omitted --></li> <li>None. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35171">#35171</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/35172">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/35173">20</a>)<!-- raw HTML omitted --></li> </ul> <h2>Other Changes</h2> <ul> <li>Fixed page size always being restricted to 4k on Linux arm64. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35184">#35184</a></li> <li>Security: backported fix for CVE-2022-2478. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35099">#35099</a></li> <li>Security: backported fix for chromium:1334864. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35097">#35097</a></li> </ul> <h2>electron v18.3.6</h2> <h1>Release Notes for v18.3.6</h1> <h2>Fixes</h2> <ul> <li>Fixed a crash when calling <code>BrowserWindow.setEnabled()</code>. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34973">#34973</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/34971">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34972">20</a>)<!-- raw HTML omitted --></li> <li>Fixed a potential crash when changing window settings after initializing WCO with an invalid <code>titleBarStyle</code>. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34873">#34873</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/35031">17</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34874">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34875">20</a>)<!-- raw HTML omitted --></li> <li>Fixed alwaysOnTop BrowserWindow option for X11 Linux. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34911">#34911</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/34912">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34913">20</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue where BrowserWindows on macOS were incorrectly marked as resizable. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34907">#34907</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/34906">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34433">20</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue where Windows Control Overlay buttons did not respect maximizable/minimizable/closable states of a BrowserWindow. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34720">#34720</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/34733">17</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34722">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34721">20</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue where calling <code>BrowserWindow.setRepresentedFilename</code> on macOS with <code>titlebarStyle: 'hiddenInset'</code> or <code>titlebarStyle: 'hidden'</code> inadvertently moves the traffic light location. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34847">#34847</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/34848">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34849">20</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue where some <code>BrowserWindow</code>s opened from new links wouldn't properly load URLs. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34910">#34910</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/34189">19</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue where the minimize button with WCO enabled would incorrectly be highlighted in some cases. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34838">#34838</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/34837">17</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34839">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34840">20</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue with background colors being improperly applied to <code>BrowserView</code>s on Windows. <a href="https://github-redirect.dependabot.com/electron/electron/pull/33478">#33478</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/33546">16</a>)<!-- raw HTML omitted --></li> <li>Fixed empty app_id when running under wayland. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34877">#34877</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/34878">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34879">20</a>)<!-- raw HTML omitted --></li> <li>Fixed missing Sec-CH-UA headers and empty navigator.userAgentData. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34758">#34758</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/34760">17</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34757">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/34524">20</a>)<!-- raw HTML omitted --></li> <li>Fixed symbol generation on 32-bit Windows release builds. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35096">#35096</a> <!-- raw HTML omitted -->(Also in <a href="https://github-redirect.dependabot.com/electron/electron/pull/35090">19</a>, <a href="https://github-redirect.dependabot.com/electron/electron/pull/35091">20</a>)<!-- raw HTML omitted --></li> <li>Prevent brief display of "Ozone X11" in window title on Linux. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34943">#34943</a></li> </ul> <h2>Other Changes</h2> <ul> <li>Backported fix for CVE-2022-2294. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34882">#34882</a></li> <li>Security: backported fix for 1287804. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35102">#35102</a></li> <li>Security: backported fix for 1333333. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34689">#34689</a></li> <li>Security: backported fix for 1335054. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34687">#34687</a></li> <li>Security: backported fix for 1335458. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34685">#34685</a></li> <li>Security: backported fix for 1336014. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35004">#35004</a></li> <li>Security: backported fix for 1339844. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35002">#35002</a></li> <li>Security: backported fix for 1340335. <a href="https://github-redirect.dependabot.com/electron/electron/pull/35000">#35000</a></li> <li>Security: backported fix for 1340654. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34998">#34998</a></li> <li>Security: backported fix for CVE-2022-2162. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34714">#34714</a></li> <li>Security: backported fix for CVE-2022-2295. <a href="https://github-redirect.dependabot.com/electron/electron/pull/34881">#34881</a></li> </ul> <h2>electron v18.3.5</h2> <h1>Release Notes for v18.3.5</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3a39736a2c
|
Bump json5 from 2.2.0 to 2.2.3 in /js/web (#14110) | ||
|
Yulong Wang
|
cc0a6213e4
|
[js] update versions of a few build dependencies (#13977)
### Description update versions of a few build dependencies for onnxruntime NPM packages. update nodejs version to v16.x in linux CI. v12 is too out-of-dated. see [nodejs release schedule](https://github.com/nodejs/release#release-schedule) ### Motivation and Context - upgrade to latest webpack allows using of latest Node.js LTS version. previous version of webpack does not work on Node.js v18 and it is fixed in latest version - upgrade to latest typescript, ts-loader and other dev deps to accelerate the build and bundling. - upgrade also helps to resolve security warnings that may be vulnerable in out-of-dated version |
||
|
dependabot[bot]
|
9836a4ed1e
|
Bump engine.io and socket.io in /js/web (#13723)
Bumps [engine.io](https://github.com/socketio/engine.io) and [socket.io](https://github.com/socketio/socket.io). These dependencies needed to be updated together. Updates `engine.io` from 6.1.3 to 6.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/socketio/engine.io/releases">engine.io's releases</a>.</em></p> <blockquote> <h2>6.2.1</h2> <p>⚠️ This release contains an important security fix ⚠️</p> <p>A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:</p> <pre><code>Error: read ECONNRESET at TCP.onStreamRead (internal/stream_base_commons.js:209:20) Emitted 'error' event on Socket instance at: at emitErrorNT (internal/streams/destroy.js:106:8) at emitErrorCloseNT (internal/streams/destroy.js:74:3) at processTicksAndRejections (internal/process/task_queues.js:80:21) { errno: -104, code: 'ECONNRESET', syscall: 'read' } </code></pre> <p>Please upgrade as soon as possible.</p> <h3>Bug Fixes</h3> <ul> <li>catch errors when destroying invalid upgrades (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/658">#658</a>) (<a href=" |
||
|
dependabot[bot]
|
ffdcde7cc7
|
Bump minimatch from 3.0.4 to 3.0.5 in /js/web (#13722)
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.0.5. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
8472876155
|
Bump socket.io-parser from 4.0.4 to 4.0.5 in /js/web (#13608)
Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser) from 4.0.4 to 4.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/socketio/socket.io-parser/releases">socket.io-parser's releases</a>.</em></p> <blockquote> <h2>4.0.5</h2> <h3>Bug Fixes</h3> <ul> <li>check the format of the index of each attachment (<a href=" |
||
|
dependabot[bot]
|
c358d64b0e
|
Bump loader-utils from 2.0.0 to 2.0.4 in /js/web (#13666)
Bumps [loader-utils](https://github.com/webpack/loader-utils) from 2.0.0 to 2.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack/loader-utils/releases">loader-utils's releases</a>.</em></p> <blockquote> <h2>v2.0.4</h2> <h3><a href="https://github.com/webpack/loader-utils/compare/v2.0.3...v2.0.4">2.0.4</a> (2022-11-11)</h3> <h3>Bug Fixes</h3> <ul> <li>ReDoS problem (<a href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/225">#225</a>) (<a href=" |
||
|
Jian Chen
|
397edf9918
|
Bumping up version number to 1.14.0 on main branch (#13401)
### Description Bumping up version number to 1.14.0 ### Motivation and Context <!-- - Why is this change required? What problem does it solve? - If it fixes an open issue, please link to the issue here. --> |
||
|
Yulong Wang
|
5be3e87c71
|
[js] upgrade minimist@1.2.6 (#12689) | ||
|
RandySheriffH
|
0264a9c29b
|
Bump ort version number (#11948)
* bump ort version number * update link and note url * update version to silence assert Co-authored-by: Randy Shuai <rashuai@microsoft.com> |
||
|
dependabot[bot]
|
30ac6e87fa
|
Bump terser from 5.10.0 to 5.14.2 in /js/web (#12253)
Bumps [terser](https://github.com/terser/terser) from 5.10.0 to 5.14.2. - [Release notes](https://github.com/terser/terser/releases) - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](https://github.com/terser/terser/commits) --- updated-dependencies: - dependency-name: terser dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
c0dd9be7ba
|
Bump electron from 13.6.6 to 15.5.5 in /js/web (#11884)
Bumps [electron](https://github.com/electron/electron) from 13.6.6 to 15.5.5. - [Release notes](https://github.com/electron/electron/releases) - [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md) - [Commits](https://github.com/electron/electron/compare/v13.6.6...v15.5.5) --- updated-dependencies: - dependency-name: electron dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
bc4c771078
|
Bump protobufjs from 6.10.2 to 6.11.3 in /js/web (#11723)
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 6.10.2 to 6.11.3. - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/v6.11.3/CHANGELOG.md) - [Commits](https://github.com/protobufjs/protobuf.js/compare/v6.10.2...v6.11.3) --- updated-dependencies: - dependency-name: protobufjs dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Yulong Wang
|
40d2c98e4d | [js/web] fix ORT Web dependency version mismatch | ||
|
Yulong Wang
|
a3e38d7c90
|
[js] upgrade async@3.2.3 /js/web/ (#11426) | ||
|
dependabot[bot]
|
04fe1bd2ed
|
Bump electron from 12.2.3 to 13.6.6 in /js/web (#10978)
Bumps [electron](https://github.com/electron/electron) from 12.2.3 to 13.6.6. - [Release notes](https://github.com/electron/electron/releases) - [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md) - [Commits](https://github.com/electron/electron/compare/v12.2.3...v13.6.6) --- updated-dependencies: - dependency-name: electron dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Yulong Wang
|
8dcadba670
|
[js] aggregation of recent dependabot security warnings fix (#11060)
* update package-lock.json * Bump minimist from 1.2.5 to 1.2.6 in /js/react_native Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump minimist from 1.2.5 to 1.2.6 in /js/react_native/e2e Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump plist from 3.0.4 to 3.0.5 in /js/react_native Bumps [plist](https://github.com/TooTallNate/node-plist) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/TooTallNate/node-plist/releases) - [Changelog](https://github.com/TooTallNate/plist.js/blob/master/History.md) - [Commits](https://github.com/TooTallNate/node-plist/commits) --- updated-dependencies: - dependency-name: plist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump ansi-regex from 4.1.0 to 4.1.1 in /js/react_native Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump plist from 3.0.4 to 3.0.5 in /js/react_native/e2e Bumps [plist](https://github.com/TooTallNate/node-plist) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/TooTallNate/node-plist/releases) - [Changelog](https://github.com/TooTallNate/plist.js/blob/master/History.md) - [Commits](https://github.com/TooTallNate/node-plist/commits) --- updated-dependencies: - dependency-name: plist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump ansi-regex from 4.1.0 to 4.1.1 in /js/react_native/e2e Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
e9c68d57ca
|
Bump minimist from 1.2.5 to 1.2.6 in /js/web (#11033)
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Yulong Wang
|
179406bd25
|
[JS] upgrade package-lock.json from v1 to v2 (#11039)
* upgrade package-lock.json from v1 to v2 * upgrade requirement of nodejs version to 16.x |
||
|
Chi Lo
|
8ba52b0a05
|
Bump master version to 1.12 (#10797)
* bump master version to 1.11 * bump master version to 1.12 |
||
|
Yulong Wang
|
80917342b7
|
[js] upgrade mocha@8.2.1 to 9.2.1 (#10793) | ||
|
dependabot[bot]
|
3e54f94bb0 |
Bump karma from 6.3.14 to 6.3.16 in /js/web
Bumps [karma](https://github.com/karma-runner/karma) from 6.3.14 to 6.3.16. - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](https://github.com/karma-runner/karma/compare/v6.3.14...v6.3.16) --- updated-dependencies: - dependency-name: karma dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
dependabot[bot]
|
bfb20b315d |
Bump karma from 6.3.2 to 6.3.14 in /js/web
Bumps [karma](https://github.com/karma-runner/karma) from 6.3.2 to 6.3.14. - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](https://github.com/karma-runner/karma/compare/v6.3.2...v6.3.14) --- updated-dependencies: - dependency-name: karma dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
dependabot[bot]
|
5f49f40fa5 |
Bump log4js from 6.3.0 to 6.4.0 in /js/web
Bumps [log4js](https://github.com/log4js-node/log4js-node) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/log4js-node/log4js-node/releases) - [Changelog](https://github.com/log4js-node/log4js-node/blob/master/CHANGELOG.md) - [Commits](https://github.com/log4js-node/log4js-node/compare/v6.3.0...v6.4.0) --- updated-dependencies: - dependency-name: log4js dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
dependabot[bot]
|
2a55bc2c21 |
Bump engine.io from 4.1.1 to 4.1.2 in /js/web
Bumps [engine.io](https://github.com/socketio/engine.io) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/socketio/engine.io/releases) - [Changelog](https://github.com/socketio/engine.io/blob/4.1.2/CHANGELOG.md) - [Commits](https://github.com/socketio/engine.io/compare/4.1.1...4.1.2) --- updated-dependencies: - dependency-name: engine.io dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> |