Skip to content

build: bump onnxruntime-gpu from 1.24.4 to 1.25.0#138

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/main/onnxruntime-gpu-1.25.0
Open

build: bump onnxruntime-gpu from 1.24.4 to 1.25.0#138
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/main/onnxruntime-gpu-1.25.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026
edited
Loading

Bumps onnxruntime-gpu from 1.24.4 to 1.25.0.

Release notes

Sourced from onnxruntime-gpu's releases.

ONNX Runtime v1.25.0

📢 Announcements & Breaking Changes

Build & Platform

  • C++20 is now required to build ONNX Runtime from source. Minimum toolchains: MSVC 19.29+, GCC 10+, Clang 10+. Users of prebuilt packages are unaffected. (#27178)
  • CUDA minimum version raised to 12.0 — CUDA 11.x is no longer supported. Users pinned to CUDA 11.x should stay on ORT 1.24.x or upgrade their CUDA toolkit/driver. (#27570)
  • ONNX upgraded to 1.21.0 (#27601)
  • sympy is now an optional dependency for Python builds. (#27200)

Execution Provider Changes

  • ArmNN EP has been removed. Users should remove any --use_armnn build flags and migrate to the MLAS/KleidiAI-backed CPU EP or QNN EP for Qualcomm hardware. (#27447)

API Version

  • ORT_API_VERSION updated to 25. (#27280)

🔒 Security Fixes

  • Fixed potential integer truncation leading to heap out-of-bounds read/write (#27544)
  • Addressed Pad Reflect vulnerability (#27652)
  • Security fix for transpose optimizer (#27555)
  • Upgraded minimatch 3.1.2 → 3.1.4 for CVE-2026-27904 (#27667)
  • Hardened shell command handling for constant strings (#27840)
  • Added validation of onnx::TensorProto data size before allocation (#27547)
  • Cleaned up external data path validation (#27539)
  • Fixed misaligned address reads for tensor attributes from raw data buffers (#27312)
  • Fixed CPU Attention overflow issue (#27822)
  • Fixed CPU LRN integer overflow issues (#27886)
  • Additional input validation hardening:
    • Tile kernel dim overflow (#27566)
    • Out-of-bounds read in cross entropy (#27568)
    • TreeEnsembleClassifier attributes (#27571)
    • AffineGrid (#27572)
    • EmbedLayerNorm position_ids (#27573)
    • RotaryEmbedding position_ids (#27597)
    • RoiAlign batch_indices (#27603)
    • MaxUnpool indices (#27432)
    • QMoECPU swiglu OOB (#27748)
    • SVMClassifier initializer (#27699)
    • Col2Im SafeInt (#27625)

✨ New Features

🔌 Execution Provider Plugin API & CUDA Plugin EP

... (truncated)

Commits
  • 7a71bc5 Cherry-pick CI/pipeline fixes for rel-1.25.0 (#28106)
  • 211edbc FF rel-1.25 to last merge prior to version bump & add first round of cherry p...
  • 57b265e [MLAS] Add depthwise with multiplier conv special kernel for NCHW data layout...
  • bec2792 Plugin EP event profiling APIs (#27649)
  • a997c4f [VitisAI] external_ep_library typo fix (#27647)
  • f2c28e2 S390x test fixes (#27404)
  • 0f43e16 [QNN-EP] Fix use-after-free of logger object (#27804)
  • f22e3a9 webgpu: Optimize DP4A SmallM MatMulNBits tiling (#27910)
  • 048e7dc [Plugin EP] Add plugin EP APIs to retrieve ONNX operator schemas (#27713)
  • e43d306 [CI] fix: missing branch specifier in schedule directive (#27914)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 24, 2026
@dependabot dependabot Bot requested a review from BKDDFS as a code owner April 24, 2026 16:27
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 24, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 24, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dependabot
build: bump onnxruntime-gpu from 1.24.4 to 1.25.0
ee0b80a 
Bumps [onnxruntime-gpu](https://github.com/microsoft/onnxruntime) from 1.24.4 to 1.25.0.
- [Release notes](https://github.com/microsoft/onnxruntime/releases)
- [Changelog](https://github.com/microsoft/onnxruntime/blob/main/docs/ReleaseManagement.md)
- [Commits](microsoft/onnxruntime@v1.24.4...v1.25.0)

---
updated-dependencies:
- dependency-name: onnxruntime-gpu
  dependency-version: 1.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/main/onnxruntime-gpu-1.25.0 branch from a04231e to ee0b80a Compare April 25, 2026 07:47
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 25, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BKDDFS BKDDFS Awaiting requested review from BKDDFS BKDDFS is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants