Security vuln update from Dependabot alerts (#635)

* Security vuln update from Dependabot alerts

* formatting

* pin onnx for now?

* Update setup.py

* ordering?

* reverting

* putting onnx in pipeline for now to test

* ordering

* an experiment that will def fail

* reverting to the last working try

.github/workflows/pythonapp.yml

@@ -77,6 +77,7 @@ jobs:
         python -m pip install .[extra,onnx,sparkml]
         pip install git+https://github.com/onnx/sklearn-onnx.git
         python -m pip install pandas
+        pip install onnx==1.12.0
     - name: Install TVM from pypi if Ubuntu
       if: ${{ startsWith(matrix.os, 'ubuntu') }}
       run: python -m pip install apache-tvm==0.10.0

setup.py

@@ -27,7 +27,7 @@ install_requires = [
     "torch>1.7.0",
     "psutil",
     "dill",
-    "protobuf>=3.20.0,<=3.20.1",
+    "protobuf>=3.20.2",
 ]
 onnx_requires = [
     "onnxruntime>=1.0.0",