Skip to content

[https://nvbugs/6207749][fix] Replace the spec with onnx>=1.21.0 in requirements.txt; mirror in `security_#14577

Merged
EmmaQiaoCh merged 1 commit into
NVIDIA:mainfrom
tensorrt-cicd:repair-bot-bug6207749
May 28, 2026
Merged

Conversation

@tensorrt-cicd
Copy link
Copy Markdown
Collaborator

@tensorrt-cicd tensorrt-cicd commented May 26, 2026
edited by coderabbitai Bot
Loading

Summary

  • Root cause: requirements.txt pins onnx>=1.18.0,<1.20.0; the <1.20.0 cap blocks resolving the fixed line onnx>=1.21.0 per GHSA-538c-55jv-c5g9.
  • Fix: Replace the spec with onnx>=1.21.0 in requirements.txt; mirror in security_scanning/pyproject.toml for consistency.
  • Automated fix generated by repair-bot

Test plan

  • Verify fix on the same GPU type as the original failure
  • Check for regressions in related tests

Links

Summary by CodeRabbit

  • Chores
    • Updated ONNX dependency to version 1.21.0 or later.

Review Change Stack

@tensorrt-cicd
[nvbugs/6207749][fix] Bump onnx to >=1.21.0 (GHSA-538c-55jv-c5g9)
227f6e6 
Drop the <1.20.0 upper-bound cap and raise the floor to 1.21.0 to pull
in the fix for GHSA-538c-55jv-c5g9. Mirror the change in
security_scanning/pyproject.toml so the security-scan pin tracks the
runtime requirement.

Signed-off-by: tensorrt-cicd <[email protected]>
@tensorrt-cicd tensorrt-cicd requested a review from a team as a code owner May 26, 2026 14:31
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 26, 2026

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 486c38e9-4c63-4d7d-98c7-a92e887a37ad

📥 Commits

Reviewing files that changed from the base of the PR and between 1f8312d and 227f6e6.

📒 Files selected for processing (2)
  • requirements.txt
  • security_scanning/pyproject.toml
📝 Walkthrough

Walkthrough

This pull request updates the ONNX library version requirement across the project. The minimum version constraint is raised from 1.18.0 to 1.21.0, removing the previous upper bound restriction of 1.20.0. This change is reflected in both the root requirements.txt and the security_scanning/pyproject.toml dependency declarations.

Changes

ONNX Dependency Update

Layer / File(s) Summary
Upgrade ONNX to version 1.21.0
requirements.txt, security_scanning/pyproject.toml		 ONNX dependency minimum version is updated to 1.21.0 in both the root requirements file and the security scanning project configuration. The prior bounded constraint (>=1.18.0,<1.20.0) is replaced with a lower bound only constraint.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title follows the required template with ticket ID and type, and accurately describes the main change: updating onnx dependency to 1.21.0 in both requirements.txt and security_scanning/pyproject.toml.
Description check ✅ Passed The description includes Root cause, Fix, and Test plan sections addressing the ONNX vulnerability (GHSA-538c-55jv-c5g9) with clear context and verification steps, matching the template structure.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@EmmaQiaoCh
Copy link
Copy Markdown
Collaborator

EmmaQiaoCh commented May 27, 2026

/bot run

@tensorrt-cicd
Copy link
Copy Markdown
Collaborator Author

tensorrt-cicd commented May 27, 2026

PR_Github #50524 [ run ] triggered by Bot. Commit: 227f6e6 Link to invocation

@tensorrt-cicd
Copy link
Copy Markdown
Collaborator Author

tensorrt-cicd commented May 27, 2026

PR_Github #50524 [ run ] completed with state SUCCESS. Commit: 227f6e6
/LLM/main/L0_MergeRequest_PR pipeline #40031 completed with status: 'FAILURE'

CI Report

⚠️ Action Required:

  • Please check the failed tests and fix your PR
  • If you cannot view the failures, ask the CI triggerer to share details
  • Once fixed, request an NVIDIA team member to trigger CI again

CI Agent Failure Analysis

Link to invocation

@EmmaQiaoCh
Copy link
Copy Markdown
Collaborator

EmmaQiaoCh commented May 28, 2026

/bot run --disable-fail-fast

@tensorrt-cicd
Copy link
Copy Markdown
Collaborator Author

tensorrt-cicd commented May 28, 2026

PR_Github #50677 [ run ] triggered by Bot. Commit: 227f6e6 Link to invocation

@tensorrt-cicd
Copy link
Copy Markdown
Collaborator Author

tensorrt-cicd commented May 28, 2026

PR_Github #50677 [ run ] completed with state SUCCESS. Commit: 227f6e6
/LLM/main/L0_MergeRequest_PR pipeline #40166 completed with status: 'SUCCESS'
Pipeline passed with automatic retried tests. Check the rerun report for details.

CI Report

Link to invocation

@EmmaQiaoCh EmmaQiaoCh self-requested a review May 28, 2026 07:49
@EmmaQiaoCh EmmaQiaoCh enabled auto-merge (squash) May 28, 2026 07:50
@EmmaQiaoCh EmmaQiaoCh merged commit e96b710 into NVIDIA:main May 28, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EmmaQiaoCh EmmaQiaoCh EmmaQiaoCh approved these changes

@yuanjingx87 yuanjingx87 yuanjingx87 approved these changes

Assignees

@tensorrt-cicd tensorrt-cicd

@chuangz0 chuangz0

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tensorrt-cicd @EmmaQiaoCh @yuanjingx87 @chuangz0