[Dependency] Bump onnxruntime from 1.11.1 to 1.13.1 in /.setup/pip

[dependabot]

Bumps onnxruntime from 1.11.1 to 1.13.1.

Release notes

Sourced from onnxruntime's releases.

ONNX Runtime v1.13.1

Announcements

• Security issues addressed by this release
  1. A protobuf security issue CVE-2022-1941 that impact users who load ONNX models from untrusted sources, for example, a deep learning inference service which allows users to upload their models then runs the inferences in a shared environment.
  2. An ONNX security vulnerability that allows reading of tensor_data outside the model directory, which allows attackers to read or write arbitrary files on an affected system that loads ONNX models from untrusted sources. (#12915)
• Deprecations
  • CUDA 10.x support at source code level
  • Windows 8.x support in Nuget/C API prebuilt binaries. Support for Windows 7+ Desktop versions (including Windows servers) will be retained by building ONNX Runtime from source.
  • NUPHAR EP code is removed
• Dependency versioning updates
  • C++ 17 compiler is now required to build ORT from source. On Linux, GCC version >=7.0 is required.
  • Minimal numpy version bumped to 1.21.6 (from 1.21.0) for ONNX Runtime Python packages
  • Official ONNX Runtime GPU packages now require CUDA version >=11.6 instead of 11.4.

General

• Expose all arena configs in Python API in an extensible way
• Fix ARM64 NuGet packaging
• Fix EP allocator setup issue affecting TVM EP

Performance

• Transformers CUDA improvements
  • Quantization on GPU for BERT - notebook, documentation on QAT, transformer optimization toolchain and quantized kernels.
  • Add fused attention CUDA kernels for BERT.
  • Fuse Add (bias) and Transpose of Q/K/V into one kernel for Attention and LongformerAttention.
  • Reduce GEMM computation in LongformerAttention with a new weight format.
• General quantization (tool and kernel)
  • Quantization debugging tool - identify sensitive node/layer from accuracy drop discrepancies
  • QDQ support for dynamic quantization to consolidate quantization formats
  • New quantize API based on QuantConfig
  • New quantized operators: SoftMax, Split, Where

Execution Providers

• CUDA EP
  • Official ONNX Runtime GPU packages now require CUDA version >=11.6 instead of 11.4.
• TensorRT EP
  • Build option to link against pre-built onnx-tensorrt parser; this enables potential "no-code" TensorRT minor version upgrades and can be used to build against TensorRT 8.5 EA
  • Improved nested control flow support
  • Improve HashId generation used for uniquely identifying TRT engines. Addresses issues such as TRT Engine Cache Regeneration Issue
  • TensorRT uint8 support
• OpenVINO EP
  • OpenVINO version upgraded to 2022.2.0
  • Support for INT8 QDQ models from NNCF
  • Support for Intel 13th Gen Core Process (Raptor Lake)
  • Preview support for Intel discrete graphics cards Intel Data Center GPU Flex Series and Intel Arc GPU
  • Increased test coverage for GPU Plugin
• SNPE EP
  • Add support for Windows Dev Kit 2023
  • Nuget Package is now available
• DirectML EP
  • Update to DML 1.9.1

... (truncated)

Commits

• b353e0b Bumping up version number. (#13403)
• 95bd0e7 rel 1.13.1 cherry pick round 2 (#13390)
• 8042f72 Cjian/rel 1.13.1 cherry pick round 1 (#13372)
• ffca781 fix jetson build break caused by https://github.com/microsoft/onnxrun… (#13343)
• f4b944e increase timeout to 5 hours (#13226) (#13232)
• 832a9b2 Cjian/1.13 cherry pick round 2 (#13206)
• c0bb9d5 Cherry Picking 13124 (#13132)
• 43766ee Fix OLive build pipeline (#13114)
• 94e34ac Bugfix for SimplifiedLayerNormalization (#12975)
• 237ccc0 Remove one last nuphar reference (#13111)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: dependencies.

[codecov-commenter]

Codecov Report

Merging #687 (cb7dfe7) into master (340d2e8) will not change coverage.
The diff coverage is n/a.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff            @@
##             master     #687   +/-   ##
=========================================
  Coverage     23.24%   23.24%           
  Complexity     7789     7789           
=========================================
  Files           220      220           
  Lines         27245    27245           
  Branches         70       70           
=========================================
  Hits           6333     6333           
  Misses        20844    20844           
  Partials         68       68           

Flag	Coverage Δ
autograder	20.46% <ø> (ø)
js	28.47% <ø> (ø)
migrator	100.00% <ø> (ø)
php	20.19% <ø> (ø)
python_submitty_utils	71.65% <ø> (ø)
submitty_daemon_jobs	91.01% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[dependabot]

Superseded by #819.