Skip to content

chore(deps): bump onnxruntime from 1.24.2 to 1.24.3 in /requirements/ci#2844

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/requirements/ci/onnxruntime-1.24.3
Open

chore(deps): bump onnxruntime from 1.24.2 to 1.24.3 in /requirements/ci#2844
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/requirements/ci/onnxruntime-1.24.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 5, 2026

Bumps onnxruntime from 1.24.2 to 1.24.3.

Release notes

Sourced from onnxruntime's releases.

ONNX Runtime v1.24.3

This is a patch release for ONNX Runtime 1.24, containing bug fixes, security improvements, performance enhancements, and execution provider updates.

Security Fixes

  • Core: Fixed GatherCopyData integer truncation leading to heap out-of-bounds read/write. (#27444)
  • Core: Fixed RoiAlign heap out-of-bounds read via unchecked batch_indices. (#27543)
  • Core: Prevent heap OOB from maliciously crafted Lora Adapters. (#27518)
  • Core: Fixed out-of-bounds access for Resize operation. (#27419)

Bug Fixes

  • Core: Fixed GatherND division by zero when batch dimensions mismatch. (#27090)
  • Core: Fixed validation for external data paths for models loaded from bytes. (#27430)
  • Core: Fixed SkipLayerNorm fusion incorrectly applied when gamma/beta are not 1D. (#27459)
  • Core: Fixed double-free in TRT EP custom op domain Release functions. (#27471)
  • Core: Fixed QMoE CPU Operator. (#27360)
  • Core: Fixed MatmulNBits prepacking scales. (#27412)
  • Python: Fixed refcount bug in map input conversion that caused shutdown segfault. (#27413)
  • NuGet: Fixed DllImportResolver. (#27397)
  • NuGet: Added OrtEnv.DisableDllImportResolver to prevent fatal error on resolver conflict. (#27535)

Performance Improvements

  • Core: QMoE CPU performance update (up to 4x on 4-bit). (#27364)
  • Core: Fixed O(n²) model load time for TreeEnsemble with categorical feature chains. (#27391)

Execution Provider Updates

  • NvTensorRtRtx EP:
    • Avoid repetitive creation of fp4/fp8 native-custom-op domains. (#27192)
    • Added missing override specifiers to suppress warnings. (#27288)
    • DQ→MatMulNBits fusion transformer. (#27466)
  • WebGPU:
    • Used embedded WASM module in Blob URL workers when wasmBinary is provided. (#27318)
    • Fixed usage of wasmBinary together with a blob URL for .mjs. (#27411)
    • Removed the unhelpful "Unknown CPU vendor" warning. (#27399)
    • Allows new memory info name for WebGPU. (#27475)
  • MLAS:
    • Added DynamicQGemm function pointers and ukernel interface. (#27403)
    • Fixed error where bytes is not assigned for dynamic qgemm pack b size. (#27421)
  • VitisAI EP: Removed s_kernel_registry_vitisaiep.reset() in deinitialize_vitisai_ep(). (#27295)
  • Plugin EPs: Added "library_path" metadata entry to OrtEpDevice instances for plugin and provider bridge EPs. (#27522)

Build and Infrastructure

  • Pipelines:
    • Build Windows ARM64X binaries as part of packaging pipeline. (#27316)
    • Moved JAR testing pipelines to canonical pipeline template. (#27480)
  • Python: Enabled Python 3.14 CI and upgraded dependencies. (#27401)
  • Build: Suppressed spurious Array Out of Bounds warnings produced by GCC 14.2 compiler on Linux builds. (#27454)
  • Build: Fixed -Warray-bounds build error in MLAS on clang 17+. (#27499)
  • Telemetry: Added/Updated telemetry events. (#27356)
  • Config: Increased kMaxValueLength to 8192. (#27521)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump onnxruntime from 1.24.2 to 1.24.3 in /requirements/ci
20336fa 
Bumps [onnxruntime](https://github.com/microsoft/onnxruntime) from 1.24.2 to 1.24.3.
- [Release notes](https://github.com/microsoft/onnxruntime/releases)
- [Changelog](https://github.com/microsoft/onnxruntime/blob/main/docs/ReleaseManagement.md)
- [Commits](microsoft/onnxruntime@v1.24.2...v1.24.3)

---
updated-dependencies:
- dependency-name: onnxruntime
  dependency-version: 1.24.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 5, 2026
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

ONNX Script Review Board
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants