dependabot[bot] opened a new pull request, #972: URL: https://github.com/apache/opennlp/pull/972
Bumps `onnxruntime.version` from 1.24.2 to 1.24.3. Updates `com.microsoft.onnxruntime:onnxruntime` from 1.24.2 to 1.24.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/onnxruntime/releases";>com.microsoft.onnxruntime:onnxruntime's releases</a>.</em></p> <blockquote> <h2>ONNX Runtime v1.24.3</h2> <p>This is a patch release for ONNX Runtime 1.24, containing bug fixes, security improvements, performance enhancements, and execution provider updates.</p> <h2>Security Fixes</h2> <ul> <li><strong>Core</strong>: Fixed GatherCopyData integer truncation leading to heap out-of-bounds read/write. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27444";>#27444</a>)</li> <li><strong>Core</strong>: Fixed RoiAlign heap out-of-bounds read via unchecked batch_indices. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27543";>#27543</a>)</li> <li><strong>Core</strong>: Prevent heap OOB from maliciously crafted Lora Adapters. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27518";>#27518</a>)</li> <li><strong>Core</strong>: Fixed out-of-bounds access for Resize operation. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27419";>#27419</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li><strong>Core</strong>: Fixed GatherND division by zero when batch dimensions mismatch. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27090";>#27090</a>)</li> <li><strong>Core</strong>: Fixed validation for external data paths for models loaded from bytes. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27430";>#27430</a>)</li> <li><strong>Core</strong>: Fixed SkipLayerNorm fusion incorrectly applied when gamma/beta are not 1D. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27459";>#27459</a>)</li> <li><strong>Core</strong>: Fixed double-free in TRT EP custom op domain Release functions. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27471";>#27471</a>)</li> <li><strong>Core</strong>: Fixed QMoE CPU Operator. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27360";>#27360</a>)</li> <li><strong>Core</strong>: Fixed MatmulNBits prepacking scales. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27412";>#27412</a>)</li> <li><strong>Python</strong>: Fixed refcount bug in map input conversion that caused shutdown segfault. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27413";>#27413</a>)</li> <li><strong>NuGet</strong>: Fixed DllImportResolver. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27397";>#27397</a>)</li> <li><strong>NuGet</strong>: Added <code>OrtEnv.DisableDllImportResolver</code> to prevent fatal error on resolver conflict. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27535";>#27535</a>)</li> </ul> <h2>Performance Improvements</h2> <ul> <li><strong>Core</strong>: QMoE CPU performance update (up to 4x on 4-bit). (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27364";>#27364</a>)</li> <li><strong>Core</strong>: Fixed O(n²) model load time for TreeEnsemble with categorical feature chains. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27391";>#27391</a>)</li> </ul> <h2>Execution Provider Updates</h2> <ul> <li><strong>NvTensorRtRtx EP</strong>: <ul> <li>Avoid repetitive creation of fp4/fp8 native-custom-op domains. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27192";>#27192</a>)</li> <li>Added missing override specifiers to suppress warnings. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27288";>#27288</a>)</li> <li>DQ→MatMulNBits fusion transformer. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27466";>#27466</a>)</li> </ul> </li> <li><strong>WebGPU</strong>: <ul> <li>Used embedded WASM module in Blob URL workers when <code>wasmBinary</code> is provided. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27318";>#27318</a>)</li> <li>Fixed usage of <code>wasmBinary</code> together with a blob URL for <code>.mjs</code>. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27411";>#27411</a>)</li> <li>Removed the unhelpful "Unknown CPU vendor" warning. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27399";>#27399</a>)</li> <li>Allows new memory info name for WebGPU. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27475";>#27475</a>)</li> </ul> </li> <li><strong>MLAS</strong>: <ul> <li>Added DynamicQGemm function pointers and ukernel interface. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27403";>#27403</a>)</li> <li>Fixed error where bytes is not assigned for dynamic qgemm pack b size. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27421";>#27421</a>)</li> </ul> </li> <li><strong>VitisAI EP</strong>: Removed <code>s_kernel_registry_vitisaiep.reset()</code> in <code>deinitialize_vitisai_ep()</code>. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27295";>#27295</a>)</li> <li><strong>Plugin EPs</strong>: Added "library_path" metadata entry to <code>OrtEpDevice</code> instances for plugin and provider bridge EPs. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27522";>#27522</a>)</li> </ul> <h2>Build and Infrastructure</h2> <ul> <li><strong>Pipelines</strong>: <ul> <li>Build Windows ARM64X binaries as part of packaging pipeline. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27316";>#27316</a>)</li> <li>Moved JAR testing pipelines to canonical pipeline template. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27480";>#27480</a>)</li> </ul> </li> <li><strong>Python</strong>: Enabled Python 3.14 CI and upgraded dependencies. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27401";>#27401</a>)</li> <li><strong>Build</strong>: Suppressed spurious Array Out of Bounds warnings produced by GCC 14.2 compiler on Linux builds. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27454";>#27454</a>)</li> <li><strong>Build</strong>: Fixed <code>-Warray-bounds</code> build error in MLAS on clang 17+. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27499";>#27499</a>)</li> <li><strong>Telemetry</strong>: Added/Updated telemetry events. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27356";>#27356</a>)</li> <li><strong>Config</strong>: Increased <code>kMaxValueLength</code> to 8192. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27521";>#27521</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/onnxruntime/commit/3a728b75062256951b6e19ce718907cf1a1d4cf0";><code>3a728b7</code></a> ORT 1.24.3 release cherry pick round 4 (<a href="https://redirect.github.com/microsoft/onnxruntime/issues/27558";>#27558</a>)</li> <li><a href="https://github.com/microsoft/onnxruntime/commit/dd6a8546ab88c47db73f139854eb25130ef27c9e";><code>dd6a854</code></a> ORT 1.24.3 release cherry pick round 3 (<a href="https://redirect.github.com/microsoft/onnxruntime/issues/27501";>#27501</a>)</li> <li><a href="https://github.com/microsoft/onnxruntime/commit/15c006bd76d7af722fd71921611583d8834e9338";><code>15c006b</code></a> ORT 1.24.3 release cherry pick round 2 (<a href="https://redirect.github.com/microsoft/onnxruntime/issues/27492";>#27492</a>)</li> <li><a href="https://github.com/microsoft/onnxruntime/commit/ee26608ab699fd98c71df4ddff58720fe7ec54db";><code>ee26608</code></a> ORT 1.24.3 release cherry pick round 1 (<a href="https://redirect.github.com/microsoft/onnxruntime/issues/27476";>#27476</a>)</li> <li>See full diff in <a href="https://github.com/microsoft/onnxruntime/compare/v1.24.2...v1.24.3";>compare view</a></li> </ul> </details> <br /> Updates `com.microsoft.onnxruntime:onnxruntime_gpu` from 1.24.2 to 1.24.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/onnxruntime/releases";>com.microsoft.onnxruntime:onnxruntime_gpu's releases</a>.</em></p> <blockquote> <h2>ONNX Runtime v1.24.3</h2> <p>This is a patch release for ONNX Runtime 1.24, containing bug fixes, security improvements, performance enhancements, and execution provider updates.</p> <h2>Security Fixes</h2> <ul> <li><strong>Core</strong>: Fixed GatherCopyData integer truncation leading to heap out-of-bounds read/write. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27444";>#27444</a>)</li> <li><strong>Core</strong>: Fixed RoiAlign heap out-of-bounds read via unchecked batch_indices. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27543";>#27543</a>)</li> <li><strong>Core</strong>: Prevent heap OOB from maliciously crafted Lora Adapters. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27518";>#27518</a>)</li> <li><strong>Core</strong>: Fixed out-of-bounds access for Resize operation. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27419";>#27419</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li><strong>Core</strong>: Fixed GatherND division by zero when batch dimensions mismatch. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27090";>#27090</a>)</li> <li><strong>Core</strong>: Fixed validation for external data paths for models loaded from bytes. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27430";>#27430</a>)</li> <li><strong>Core</strong>: Fixed SkipLayerNorm fusion incorrectly applied when gamma/beta are not 1D. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27459";>#27459</a>)</li> <li><strong>Core</strong>: Fixed double-free in TRT EP custom op domain Release functions. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27471";>#27471</a>)</li> <li><strong>Core</strong>: Fixed QMoE CPU Operator. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27360";>#27360</a>)</li> <li><strong>Core</strong>: Fixed MatmulNBits prepacking scales. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27412";>#27412</a>)</li> <li><strong>Python</strong>: Fixed refcount bug in map input conversion that caused shutdown segfault. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27413";>#27413</a>)</li> <li><strong>NuGet</strong>: Fixed DllImportResolver. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27397";>#27397</a>)</li> <li><strong>NuGet</strong>: Added <code>OrtEnv.DisableDllImportResolver</code> to prevent fatal error on resolver conflict. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27535";>#27535</a>)</li> </ul> <h2>Performance Improvements</h2> <ul> <li><strong>Core</strong>: QMoE CPU performance update (up to 4x on 4-bit). (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27364";>#27364</a>)</li> <li><strong>Core</strong>: Fixed O(n²) model load time for TreeEnsemble with categorical feature chains. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27391";>#27391</a>)</li> </ul> <h2>Execution Provider Updates</h2> <ul> <li><strong>NvTensorRtRtx EP</strong>: <ul> <li>Avoid repetitive creation of fp4/fp8 native-custom-op domains. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27192";>#27192</a>)</li> <li>Added missing override specifiers to suppress warnings. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27288";>#27288</a>)</li> <li>DQ→MatMulNBits fusion transformer. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27466";>#27466</a>)</li> </ul> </li> <li><strong>WebGPU</strong>: <ul> <li>Used embedded WASM module in Blob URL workers when <code>wasmBinary</code> is provided. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27318";>#27318</a>)</li> <li>Fixed usage of <code>wasmBinary</code> together with a blob URL for <code>.mjs</code>. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27411";>#27411</a>)</li> <li>Removed the unhelpful "Unknown CPU vendor" warning. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27399";>#27399</a>)</li> <li>Allows new memory info name for WebGPU. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27475";>#27475</a>)</li> </ul> </li> <li><strong>MLAS</strong>: <ul> <li>Added DynamicQGemm function pointers and ukernel interface. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27403";>#27403</a>)</li> <li>Fixed error where bytes is not assigned for dynamic qgemm pack b size. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27421";>#27421</a>)</li> </ul> </li> <li><strong>VitisAI EP</strong>: Removed <code>s_kernel_registry_vitisaiep.reset()</code> in <code>deinitialize_vitisai_ep()</code>. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27295";>#27295</a>)</li> <li><strong>Plugin EPs</strong>: Added "library_path" metadata entry to <code>OrtEpDevice</code> instances for plugin and provider bridge EPs. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27522";>#27522</a>)</li> </ul> <h2>Build and Infrastructure</h2> <ul> <li><strong>Pipelines</strong>: <ul> <li>Build Windows ARM64X binaries as part of packaging pipeline. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27316";>#27316</a>)</li> <li>Moved JAR testing pipelines to canonical pipeline template. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27480";>#27480</a>)</li> </ul> </li> <li><strong>Python</strong>: Enabled Python 3.14 CI and upgraded dependencies. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27401";>#27401</a>)</li> <li><strong>Build</strong>: Suppressed spurious Array Out of Bounds warnings produced by GCC 14.2 compiler on Linux builds. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27454";>#27454</a>)</li> <li><strong>Build</strong>: Fixed <code>-Warray-bounds</code> build error in MLAS on clang 17+. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27499";>#27499</a>)</li> <li><strong>Telemetry</strong>: Added/Updated telemetry events. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27356";>#27356</a>)</li> <li><strong>Config</strong>: Increased <code>kMaxValueLength</code> to 8192. (<a href="https://redirect.github.com/microsoft/onnxruntime/pull/27521";>#27521</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/onnxruntime/commit/3a728b75062256951b6e19ce718907cf1a1d4cf0";><code>3a728b7</code></a> ORT 1.24.3 release cherry pick round 4 (<a href="https://redirect.github.com/microsoft/onnxruntime/issues/27558";>#27558</a>)</li> <li><a href="https://github.com/microsoft/onnxruntime/commit/dd6a8546ab88c47db73f139854eb25130ef27c9e";><code>dd6a854</code></a> ORT 1.24.3 release cherry pick round 3 (<a href="https://redirect.github.com/microsoft/onnxruntime/issues/27501";>#27501</a>)</li> <li><a href="https://github.com/microsoft/onnxruntime/commit/15c006bd76d7af722fd71921611583d8834e9338";><code>15c006b</code></a> ORT 1.24.3 release cherry pick round 2 (<a href="https://redirect.github.com/microsoft/onnxruntime/issues/27492";>#27492</a>)</li> <li><a href="https://github.com/microsoft/onnxruntime/commit/ee26608ab699fd98c71df4ddff58720fe7ec54db";><code>ee26608</code></a> ORT 1.24.3 release cherry pick round 1 (<a href="https://redirect.github.com/microsoft/onnxruntime/issues/27476";>#27476</a>)</li> <li>See full diff in <a href="https://github.com/microsoft/onnxruntime/compare/v1.24.2...v1.24.3";>compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
