Skip to content

chore(deps)(deps): bump the ai-frameworks group with 5 updates#11

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/ai-frameworks-48ab1c7fb4
Open

chore(deps)(deps): bump the ai-frameworks group with 5 updates#11
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/ai-frameworks-48ab1c7fb4

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Updates the requirements on tensorflow, keras, onnxruntime, onnxruntime-gpu and speechbrain to permit the latest version.
Updates tensorflow to 2.21.0

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.21.0

Release 2.21.0

TensorFlow

Breaking Changes

  • Support for Python 3.9 has been removed starting with TF 2.21.
  • The TensorBoard (TB) dependency has been removed starting with TF 2.21.

Major Features and Improvements

  • tf.lite

    • Adds int8 and int16x8 support for SQRT operator.
    • Adds int16x8 support for EQUAL and NOT_EQUAL operators.
    • Adds support for int2 type.
    • Adds support for int2/int4 in tfl.cast .
    • Adds support for SRQ int2 in tfl.fully_connected.
    • Adds support for int4 in tfl.slice.
    • Adds support for uint4 type.

  • tf.image

    • Adds JPEG XL support in decode_image.

Bug Fixes and Other Changes

  • tf.data
    • Adds NoneTensorSpec to the public API so that Nones in element_spec can be identified via isinstance(..., tf.NoneTensorSpec).

Thanks to our Contributors

This release contains contributions from many people at Google, as well as:

Aaraviitkgp, Abhijeet, Abhinav Gunjal, Abhishek, Adam Paszke, Aditya Gupta, Aditya Jha, Aditya Sharma, Adrian Kuegel, Aiden Grossman, Akarsh, Akhil Goel, Alan Kelly, Aleksa Arsic, Aleksei, Aleksei Nurmukhametov, Alex, Alexander Belyaev, Alexander Grund, Alexander Lyashuk, Alexander Shaposhnikov, Alex Pivovarov, Aliia Khasanova, Alina Sbirlea, Allan Renucci, Amelia Thurdekoos, Amit Sabne, Andrei Ivanov, Andrew Dame, Andrey Portnoy, Anish Nair, Anlun Xu, Antonio Sanchez, anuj chincholikar, Anuj Chincholikar, Aravindh Balaji, aravindhbalaji1985, Arian Arfaian, Armin Felder, Artem Belevich, Ashish Rao, Ashitesh Singh, A. Unique TensorFlower, Bart Chrzaszcz, benediktjohannes, Benjamin Chetioui, Benjamin Kramer, Berkin Ilbeyi, Bhatu, Bhavani Subramanian, Bhupendra Dubey, Bill Varcho, Bixia Zheng, Blake Hechtman, Bodhi Silberling, BruceXinXin, Bryan Massoth, Buddh Prakash, Byungchul Kim, Ce Zheng, Changhui Lin, Chao, Charles Alaras, Chase Riley Roberts, Chenhao Jiang, Chris Ashton, Chris Jones, Chris Kennelly, Christian Sigg, Chuan He, Chunlei Niu, Chun-nien Chan, Chunyu Jin, Clive Verghese, Cong Liu, Corentin Kerisit, Daniel Chen, Daniel Kuts, Daniel Ng, Daniel Sosa, Daniel Suo, Danila Malyutin, David Dunleavy, David Majnemer, David Pizzuto, Deepika Rajani, deeptanshusekhri, dependabot[bot], Deqiang Chen, Derek Murray, Dillon Sharlet, Dimitar (Mitko) Asenov, Dimitris Vardoulakis, Dirk Hornung, DottsGit, Dragan Mladjenovic, Eetu Sjöblom, Elen Kalda, Emilio Cota, Emily Fertig, Eugene Zhulenev, Eusebio Durán Montaña, Evan Brown, Ezekiel Calubaquib, Faijul Amin, Felix Wang, Fengwu Yao, Fergus Henderson, Frederic Rechtenstein, Frederik Gossen, Gabriel Gerlero, Gagan Nagaraj, gaikwadrahul8, garry00107, gaurides, George Pawelczak, Georg Stefan Schmid, gns, Goran Flegar, Graham, Grant Jensen, Greg Olechwierowicz, Gregory Pataky, Grzegorz Gawryał, Gunhyun Park, guozhong.zhuang, Haibo Huang, Hana Joo, Hariprasad Ravishankar, Harsha H S, Harshit Monish, Henning Becker, Hittanshu, Hoeseong (Hayden) Kim, Hugo Mano, Hyeontaek Lim, Ibrahim Umit Akgun, ILCSFNO, Ilia Sergachev, Ilya Tikhonovskiy, Iman Hosseini, Ionel Gog, Isha Arkatkar, isharif168, Ivo Ristovski List, Jacques Pienaar, Jae H. Yoo, Jaeyoon Jung, Jake Harmon, James Hilliard, jameslovespancakes, James Spooner, Jane Liu, Jaroslav Sevcik, Jeff Parker, Jeffrey A. Dean, Jeremy Meredith, Jialei Chen, Jian Cai, Jian Li, Jie Luo, Jim Lin, Jing Pu, Jinliang Wei, Jiya Zhang, Joel Wee, Johannes Buchner, Johannes Reifferscheid, Johnny, Jorge Gorbe Moya, Joshua Lang, Joshua Wang, Joss Briody, jparkerh, Juanli Shen, Juhyun Lee, Jun Jiang, Junwhan Ahn, Kadir Barut, Kanglan Tang, Kanish Anand, Kanvi Khanna, Karlo Basioli, Ken Franko, Kevin Chen, Kevin Gleason, Kingston Mandisodza, Koki Ibukuro, Kostiantyn Liepieshov, Krishna Haridasan, Krishna Somani, Krzysztof Kosiński, Kuy Mainwaring, lambert, Larry Lansing, Lin Chai, Lord ε Rebel, Luke Baumann, Luke Hutton, madhavmadupu, Majid Dadashi, Mani Ananth, Manjunath Gaonkar, Marcello Maggioni, Marcin Radomski, Maria Lyubimtseva, Marissa Ikonomidis, Mark Daoust, Mason Chang, Matej Aleksandrov, Mateusz Sokół, Matthias Guenther, Matthias Kramm, Matt Hurd, Matt Kreileder, Maxime France-Pillois, Maxim Ermilov, Mehrdad Khani, Melissa Weber Mendonça, MERT-CKR, Michael Goldfarb, Michael Green, Michael Kuperstein, Michael Voznesensky, Michael Whittaker, Mihai Maruseac, Mikhail Goncharov, Ming-Xu Huang, Mircea Trofin, Misha Gutman, misterBart, mmakevic-amd, Mohamed AbdElmoneim, Mohamed Amine Zghal, Mohammadreza Heydary, Mohammed Anany, mraunak, Mudit Gokhale, Nayana Thorat, Nevi, nhatle, Nhat Le, Nihar0071, Nikhil, Nikita Putikhin, Niklas Vangerow, Nitin Srinivasan, Oleg Shyshkov, Olli Lupton, Om Thakkar, Pankaj Kanwar, Parker Schuh, Paul Ganssle, Pauline Sho, Pavithra Eswaramoorthy, Pedro Gonnet, pemeliya, Penporn Koanantakool, Perry Gibson, Peter Buchlovsky, Peter Gavin, Peter Hawkins, Pham Binh, Phani Paladugula, Philipp Hack, Praneeth Mandala, Praveen Batra, psinfinity, Qingwei Zhang, Quentin Khan, Quoc Truong, QZero, Rachel Han, Raffi Khatchadourian, Ram Rachum, RasheedAli-Shaik, Raviteja Gorijala, Reed Wanderman-Milne, Reilly Grant, Renjie Wu, Richard Levasseur, Robert David, Ryan M. Lefever, Sachin M, Sagun Bajra, Sai Ganesh Muthuraman, Saksham Singh Rathore, Sannidhya Chauhan, Sayan Saha, Sean Talts, Seher Ellis, Sergei Lebedev, Sergey Kozub, Sevin Fide Varoglu, Shahriar Rouf, Shanbin Ke, Shaogang Wang, Sharad Vikram, Shawn Lu, Siddhartha Menon, Siqiao Wu, skill, Smit Hinsu, snadampal, Sohaib Iftikhar, Soowon Jeong, spiao, Srijan Upadhyay, stevemcgregory, Subham Soni, Subhankar Shah, Swachhand Lokhande, Tai Ly, TensorFlower Gardener, Terry Heo, Terry Sun, Terry Tao, Theotime Combes, Thomas Joerg, Thomas Köppe, Tiago Quelhas, TJ Xu, Toli Yevtushenko, Tomás Longeri, Tom Hennigan, Tommy Chiang, Tom Natan, Tongfei Guo, Tori Baker, Uwe L. Korn, Vadym Matsishevskyi, Vamsi Manchala, Venkat6871, Victor Stone, Ville Vesilehto, Vitalii Dziuba, Vladimir Belitskiy, Vlad Sytchenko, Volodymyr Kysenko, Wai Hon Law, wan3x, Weiyi Wang, Will Froom, William S. Moses, wondertx, Xuefei Jiang, Yang Chen, Yash Katariya, Yasir Ashfaq, yasiribmcon, Yeou Chiou, Yicheng Luo, Yi Kong, Yimei Sun, Yin Zhang, Yuchen Yao, Yue Sheng, Yulia Baturina, Yunjie Xu, Yunlong Liu, Yun Peng, Yurii Topin, Zac Cranko, Zac Mustin, Zenong Zhang, Zeyu Wang, Zhanyong Wan, Zixuan Jiang, Ziyin Huang, Zviki Nozadze

Changelog

Sourced from tensorflow's changelog.

Release 2.21.0

TensorFlow

Breaking Changes

  • Support for Python 3.9 has been removed starting with TF 2.21.
  • The TensorBoard (TB) dependency has been removed starting with TF 2.21.

Major Features and Improvements

  • tf.lite

    • Adds int8 and int16x8 support for SQRT operator.
    • Adds int16x8 support for EQUAL and NOT_EQUAL operators.
    • Adds support for int2 type.
    • Adds support for int2/int4 in tfl.cast .
    • Adds support for SRQ int2 in tfl.fully_connected.
    • Adds support for int4 in tfl.slice.
    • Adds support for uint4 type.

  • tf.image

    • Adds JPEG XL support in decode_image.

Bug Fixes and Other Changes

  • tf.data
    • Adds NoneTensorSpec to the public API so that Nones in element_spec can be identified via isinstance(..., tf.NoneTensorSpec).

Thanks to our Contributors

This release contains contributions from many people at Google, as well as:

Aaraviitkgp, Abhijeet, Abhinav Gunjal, Abhishek, Adam Paszke, Aditya Gupta, Aditya Jha, Aditya Sharma, Adrian Kuegel, Aiden Grossman, Akarsh, Akhil Goel, Alan Kelly, Aleksa Arsic, Aleksei, Aleksei Nurmukhametov, Alex, Alexander Belyaev, Alexander Grund, Alexander Lyashuk, Alexander Shaposhnikov, Alex Pivovarov, Aliia Khasanova, Alina Sbirlea, Allan Renucci, Amelia Thurdekoos, Amit Sabne, Andrei Ivanov, Andrew Dame, Andrey Portnoy, Anish Nair, Anlun Xu, Antonio Sanchez, anuj chincholikar, Anuj Chincholikar, Aravindh Balaji, aravindhbalaji1985, Arian Arfaian, Armin Felder, Artem Belevich, Ashish Rao, Ashitesh Singh, A. Unique TensorFlower, Bart Chrzaszcz, benediktjohannes, Benjamin Chetioui, Benjamin Kramer, Berkin Ilbeyi, Bhatu, Bhavani Subramanian, Bhupendra Dubey, Bill Varcho, Bixia Zheng, Blake Hechtman, Bodhi Silberling, BruceXinXin, Bryan Massoth, Buddh Prakash, Byungchul Kim, Ce Zheng, Changhui Lin, Chao, Charles Alaras, Chase Riley Roberts, Chenhao Jiang, Chris Ashton, Chris Jones, Chris Kennelly, Christian Sigg, Chuan He, Chunlei Niu, Chun-nien Chan, Chunyu Jin, Clive Verghese, Cong Liu, Corentin Kerisit, Daniel Chen, Daniel Kuts, Daniel Ng, Daniel Sosa, Daniel Suo, Danila Malyutin, David Dunleavy, David Majnemer, David Pizzuto, Deepika Rajani, deeptanshusekhri, dependabot[bot], Deqiang Chen, Derek Murray, Dillon Sharlet, Dimitar (Mitko) Asenov, Dimitris Vardoulakis, Dirk Hornung, DottsGit, Dragan Mladjenovic, Eetu Sjöblom, Elen Kalda, Emilio Cota, Emily Fertig, Eugene Zhulenev, Eusebio Durán Montaña, Evan Brown, Ezekiel Calubaquib, Faijul Amin, Felix Wang, Fengwu Yao, Fergus Henderson, Frederic Rechtenstein, Frederik Gossen, Gabriel Gerlero, Gagan Nagaraj, gaikwadrahul8, garry00107, gaurides, George Pawelczak, Georg Stefan Schmid, gns, Goran Flegar, Graham, Grant Jensen, Greg Olechwierowicz, Gregory Pataky, Grzegorz Gawryał, Gunhyun Park, guozhong.zhuang, Haibo Huang, Hana Joo, Hariprasad Ravishankar, Harsha H S, Harshit Monish, Henning Becker, Hittanshu, Hoeseong (Hayden) Kim, Hugo Mano, Hyeontaek Lim, Ibrahim Umit Akgun, ILCSFNO, Ilia Sergachev, Ilya Tikhonovskiy, Iman Hosseini, Ionel Gog, Isha Arkatkar, isharif168, Ivo Ristovski List, Jacques Pienaar, Jae H. Yoo, Jaeyoon Jung, Jake Harmon, James Hilliard, jameslovespancakes, James Spooner, Jane Liu, Jaroslav Sevcik, Jeff Parker, Jeffrey A. Dean, Jeremy Meredith, Jialei Chen, Jian Cai, Jian Li, Jie Luo, Jim Lin, Jing Pu, Jinliang Wei, Jiya Zhang, Joel Wee, Johannes Buchner, Johannes Reifferscheid, Johnny, Jorge Gorbe Moya, Joshua Lang, Joshua Wang, Joss Briody, jparkerh, Juanli Shen, Juhyun Lee, Jun Jiang, Junwhan Ahn, Kadir Barut, Kanglan Tang, Kanish Anand, Kanvi Khanna, Karlo Basioli, Ken Franko, Kevin Chen, Kevin Gleason, Kingston Mandisodza, Koki Ibukuro, Kostiantyn Liepieshov, Krishna Haridasan, Krishna Somani, Krzysztof Kosiński, Kuy Mainwaring, lambert, Larry Lansing, Lin Chai, Lord ε Rebel, Luke Baumann, Luke Hutton, madhavmadupu, Majid Dadashi, Mani Ananth, Manjunath Gaonkar, Marcello Maggioni, Marcin Radomski, Maria Lyubimtseva, Marissa Ikonomidis, Mark Daoust, Mason Chang, Matej Aleksandrov, Mateusz Sokół, Matthias Guenther, Matthias Kramm, Matt Hurd, Matt Kreileder, Maxime France-Pillois, Maxim Ermilov, Mehrdad Khani, Melissa Weber Mendonça, MERT-CKR, Michael Goldfarb, Michael Green, Michael Kuperstein, Michael Voznesensky, Michael Whittaker, Mihai Maruseac, Mikhail Goncharov, Ming-Xu Huang, Mircea Trofin, Misha Gutman, misterBart, mmakevic-amd, Mohamed AbdElmoneim, Mohamed Amine Zghal, Mohammadreza Heydary, Mohammed Anany, mraunak, Mudit Gokhale, Nayana Thorat, Nevi, nhatle, Nhat Le, Nihar0071, Nikhil, Nikita Putikhin, Niklas Vangerow, Nitin Srinivasan, Oleg Shyshkov, Olli Lupton, Om Thakkar, Pankaj Kanwar, Parker Schuh, Paul Ganssle, Pauline Sho, Pavithra Eswaramoorthy, Pedro Gonnet, pemeliya, Penporn Koanantakool, Perry Gibson, Peter Buchlovsky, Peter Gavin, Peter Hawkins, Pham Binh, Phani Paladugula, Philipp Hack, Praneeth Mandala, Praveen Batra, psinfinity, Qingwei Zhang, Quentin Khan, Quoc Truong, QZero, Rachel Han, Raffi Khatchadourian, Ram Rachum, RasheedAli-Shaik, Raviteja Gorijala, Reed Wanderman-Milne, Reilly Grant, Renjie Wu, Richard Levasseur, Robert David, Ryan M. Lefever, Sachin M, Sagun Bajra, Sai Ganesh Muthuraman, Saksham Singh Rathore, Sannidhya Chauhan, Sayan Saha, Sean Talts, Seher Ellis, Sergei Lebedev, Sergey Kozub, Sevin Fide Varoglu, Shahriar Rouf, Shanbin Ke, Shaogang Wang, Sharad Vikram, Shawn Lu, Siddhartha Menon, Siqiao Wu, skill, Smit Hinsu, snadampal, Sohaib Iftikhar, Soowon Jeong, spiao, Srijan Upadhyay, stevemcgregory, Subham Soni, Subhankar Shah, Swachhand Lokhande, Tai Ly, TensorFlower Gardener, Terry Heo, Terry Sun, Terry Tao, Theotime Combes, Thomas Joerg, Thomas Köppe, Tiago Quelhas, TJ Xu, Toli Yevtushenko, Tomás Longeri, Tom Hennigan, Tommy Chiang, Tom Natan, Tongfei Guo, Tori Baker, Uwe L. Korn, Vadym Matsishevskyi, Vamsi Manchala, Venkat6871, Victor Stone, Ville Vesilehto, Vitalii Dziuba, Vladimir Belitskiy, Vlad Sytchenko, Volodymyr Kysenko, Wai Hon Law, wan3x, Weiyi Wang, Will Froom, William S. Moses, wondertx, Xuefei Jiang, Yang Chen, Yash Katariya, Yasir Ashfaq, yasiribmcon, Yeou Chiou, Yicheng Luo, Yi Kong, Yimei Sun, Yin Zhang, Yuchen Yao, Yue Sheng, Yulia Baturina, Yunjie Xu, Yunlong Liu, Yun Peng, Yurii Topin, Zac Cranko, Zac Mustin, Zenong Zhang, Zeyu Wang, Zhanyong Wan, Zixuan Jiang, Ziyin Huang, Zviki Nozadze

Release 2.20.0

TensorFlow

Breaking Changes

  • The tensorflow-io-gcs-filesystem package is now optional, due its uncertain, and limited support. To install it alongside tensorflow, run pip install "tensorflow[gcs-filesystem]".

Major Features and Improvements

  • tf.data
    • Adds autotune.min_parallelism to tf.data.Options to enable faster input pipeline warm up.
  • tf.lite
    • LiteRT announced a new release at Google IO ‘25 that improves upon TFLite, particularly in terms of NPU and GPU hardware acceleration and performance for on-device ML and AI applications. The APIs are available in Kotlin and C++.
    • Additionally, LiteRT code base will decouple from TensorFlow repository, and tf.lite will be removed in future TensorFlow Python package. More details to follow in future release notes.

... (truncated)

Commits
  • a481b10 Merge pull request #111627 from tensorflow-jenkins/version-numbers-2.21.0-25481
  • a8f642e Update version numbers to 2.21.0
  • 3c51664 Merge pull request #111517 from tejaswin432/r2.21
  • 460d178 Update RELEASE.md with removal of TB dependency.
  • 9e2628c Update RELEASE.md with removal of TB dependency.
  • 00a1ba7 Merge pull request #111234 from psamanoelton/remove_tb_nigthly
  • 41beecf Remove tb-nigthly and replace it with protobuf.
  • 01dec74 Merge pull request #111216 from psamanoelton/remove_tb_dependency_partial_rol...
  • 9657881 Partial rollback to resolve breakage.
  • 78d130a Remove TensorBoard dependency from TensorFlow build
  • Additional commits viewable in compare view

Updates keras to 3.14.0

Release notes

Sourced from keras's releases.

v3.14.0

Highlights

  • Orbax Checkpoint Integration: Full support for Orbax checkpoints, including sharding, remote paths, and step recovery.
  • Quantization Upgrades: Added support for Activation-aware Weight Quantization (AWQ) and Asymmetric INT4 Sub-Channel Quantization.
  • Batch Renormalization in BatchNorm: Added batch renormalization feature to the BatchRenormalization layer.
  • New Optimizer: Added ScheduleFreeAdamW optimizer.
  • Gated Attention: Introduced optional Gated Attention support in MultiHeadAttention and GroupedQueryAttention layers.

New Features and Operations

Multi-Backend Operations

  • NaN-aware NumPy Operations: Added support for nanmin, nanmax, nanmean, nanmedian, nanvar, nanstd, nanprod, nanargmin, nanargmax, and nanquantile in keras.ops.numpy.
  • New Math & Linear Algebra Operators: Added nextafter, ptp, view, sinc, fmod, i0, fliplr, flipud, rad2deg, geomspace, depth_to_space, space_to_depth, and fold.

Preprocessing and Layers

  • CLAHE Layer: Added Contrast Limited Adaptive Histogram Equalization preprocessing layer.
  • Adapt Support for Iterables: Preprocessing layers now support Python iterables in the adapt() method, which allows the direct use of Grain datasets.

OpenVINO Backend Support

The OpenVINO backend received a massive update, implementing a wide array of NumPy and Neural Network operations to achieve feature parity with other backends:

  • NumPy Operations: vander, trapezoid, corrcoef, correlate, flip, diagonal, cbrt, hypot, trace, kron, argpartition, logaddexp2, ldexp, select, round, vstack, hsplit, vsplit, tile, nansum, tensordot, exp2, trunc, gcd, unravel_index, inner, cumprod, searchsorted, hanning, diagflat, norm, histogram, lcm, allclose, real, imag, isreal, kaiser, shuffle, einsum, quantile, conj, randint, in_top_k, signbit, gamma, heaviside, var, std, inv, solve, cholesky_inverse, fft, fft2, ifft2, rfft, irfft, stft, istft, scatter, binomial, unfold, QR decomposition, view, and more.
  • Neural Network Operations: Added support for separable_conv, conv_transpose, adaptive_average_pool, adaptive_max_pool, RNN, LSTM, and GRU.
  • Control Flow Operations: Implemented cond, scan, associative_scan, map, switch, fori_loop, and vectorized_map.

Bug Fixes and Improvements

Backend Specific Improvements

  • PyTorch: Dynamic shapes support in export, device selection improvements, and bug fixes to the CuDNN based LSTM and GRU implementation.
  • JAX: Improved RNG handling in FlaxLayer and JaxLayer, variable jitting improvements, and direct JAX-to-ONNX export.
  • NumPy: Enabled masking support for the NumPy backend.

Other Improvements

  • Fixed multiple symbolic shape bugs across layers like Conv1DTranspose, IndexLookup, and TextVectorization.
  • Fixed activity regularizer normalization by batch size.
  • Improved Sequential error messages for incompatible layers.
  • Minimized memory usage issues in sparse_categorical_crossentropy.

New Contributors

We would like to thank our new contributors for making their first contribution to the Keras project:

... (truncated)

Commits

Updates onnxruntime to 1.25.0

Release notes

Sourced from onnxruntime's releases.

ONNX Runtime v1.25.0

📢 Announcements & Breaking Changes

Build & Platform

  • C++20 is now required to build ONNX Runtime from source. Minimum toolchains: MSVC 19.29+, GCC 10+, Clang 10+. Users of prebuilt packages are unaffected. (#27178)
  • CUDA minimum version raised to 12.0 — CUDA 11.x is no longer supported. Users pinned to CUDA 11.x should stay on ORT 1.24.x or upgrade their CUDA toolkit/driver. (#27570)
  • ONNX upgraded to 1.21.0 (#27601)
  • sympy is now an optional dependency for Python builds. (#27200)

Execution Provider Changes

  • ArmNN EP has been removed. Users should remove any --use_armnn build flags and migrate to the MLAS/KleidiAI-backed CPU EP or QNN EP for Qualcomm hardware. (#27447)

API Version

  • ORT_API_VERSION updated to 25. (#27280)

🔒 Security Fixes

  • Fixed potential integer truncation leading to heap out-of-bounds read/write (#27544)
  • Addressed Pad Reflect vulnerability (#27652)
  • Security fix for transpose optimizer (#27555)
  • Upgraded minimatch 3.1.2 → 3.1.4 for CVE-2026-27904 (#27667)
  • Hardened shell command handling for constant strings (#27840)
  • Added validation of onnx::TensorProto data size before allocation (#27547)
  • Cleaned up external data path validation (#27539)
  • Fixed misaligned address reads for tensor attributes from raw data buffers (#27312)
  • Fixed CPU Attention overflow issue (#27822)
  • Fixed CPU LRN integer overflow issues (#27886)
  • Additional input validation hardening:
    • Tile kernel dim overflow (#27566)
    • Out-of-bounds read in cross entropy (#27568)
    • TreeEnsembleClassifier attributes (#27571)
    • AffineGrid (#27572)
    • EmbedLayerNorm position_ids (#27573)
    • RotaryEmbedding position_ids (#27597)
    • RoiAlign batch_indices (#27603)
    • MaxUnpool indices (#27432)
    • QMoECPU swiglu OOB (#27748)
    • SVMClassifier initializer (#27699)
    • Col2Im SafeInt (#27625)

✨ New Features

🔌 Execution Provider Plugin API & CUDA Plugin EP

... (truncated)

Commits
  • 7a71bc5 Cherry-pick CI/pipeline fixes for rel-1.25.0 (#28106)
  • 211edbc FF rel-1.25 to last merge prior to version bump & add first round of cherry p...
  • 57b265e [MLAS] Add depthwise with multiplier conv special kernel for NCHW data layout...
  • bec2792 Plugin EP event profiling APIs (#27649)
  • a997c4f [VitisAI] external_ep_library typo fix (#27647)
  • f2c28e2 S390x test fixes (#27404)
  • 0f43e16 [QNN-EP] Fix use-after-free of logger object (#27804)
  • f22e3a9 webgpu: Optimize DP4A SmallM MatMulNBits tiling (#27910)
  • 048e7dc [Plugin EP] Add plugin EP APIs to retrieve ONNX operator schemas (#27713)
  • e43d306 [CI] fix: missing branch specifier in schedule directive (#27914)
  • Additional commits viewable in compare view

Updates onnxruntime-gpu to 1.25.0

Release notes

Sourced from onnxruntime-gpu's releases.

ONNX Runtime v1.25.0

📢 Announcements & Breaking Changes

Build & Platform

  • C++20 is now required to build ONNX Runtime from source. Minimum toolchains: MSVC 19.29+, GCC 10+, Clang 10+. Users of prebuilt packages are unaffected. (#27178)
  • CUDA minimum version raised to 12.0 — CUDA 11.x is no longer supported. Users pinned to CUDA 11.x should stay on ORT 1.24.x or upgrade their CUDA toolkit/driver. (#27570)
  • ONNX upgraded to 1.21.0 (#27601)
  • sympy is now an optional dependency for Python builds. (#27200)

Execution Provider Changes

  • ArmNN EP has been removed. Users should remove any --use_armnn build flags and migrate to the MLAS/KleidiAI-backed CPU EP or QNN EP for Qualcomm hardware. (#27447)

API Version

  • ORT_API_VERSION updated to 25. (#27280)

🔒 Security Fixes

  • Fixed potential integer truncation leading to heap out-of-bounds read/write (#27544)
  • Addressed Pad Reflect vulnerability (#27652)
  • Security fix for transpose optimizer (#27555)
  • Upgraded minimatch 3.1.2 → 3.1.4 for CVE-2026-27904 (#27667)
  • Hardened shell command handling for constant strings (#27840)
  • Added validation of onnx::TensorProto data size before allocation (#27547)
  • Cleaned up external data path validation (#27539)
  • Fixed misaligned address reads for tensor attributes from raw data buffers (#27312)
  • Fixed CPU Attention overflow issue (#27822)
  • Fixed CPU LRN integer overflow issues (#27886)
  • Additional input validation hardening:
    • Tile kernel dim overflow (#27566)
    • Out-of-bounds read in cross entropy (#27568)
    • TreeEnsembleClassifier attributes (#27571)
    • AffineGrid (#27572)
    • EmbedLayerNorm position_ids (#27573)
    • RotaryEmbedding position_ids (#27597)
    • RoiAlign batch_indices (#27603)
    • MaxUnpool indices (#27432)
    • QMoECPU swiglu OOB (#27748)
    • SVMClassifier initializer (#27699)
    • Col2Im SafeInt (#27625)

✨ New Features

🔌 Execution Provider Plugin API & CUDA Plugin EP

... (truncated)

Commits
  • 7a71bc5 Cherry-pick CI/pipeline fixes for rel-1.25.0 (#28106)
  • 211edbc FF rel-1.25 to last merge prior to version bump & add first round of cherry p...
  • 57b265e [MLAS] Add depthwise with multiplier conv special kernel for NCHW data layout...
  • bec2792 Plugin EP event profiling APIs (#27649)
  • a997c4f [VitisAI] external_ep_library typo fix (#27647)
  • f2c28e2 S390x test fixes (#27404)
  • 0f43e16 [QNN-EP] Fix use-after-free of logger object (#27804)
  • f22e3a9 webgpu: Optimize DP4A SmallM MatMulNBits tiling (#27910)
  • 048e7dc [Plugin EP] Add plugin EP APIs to retrieve ONNX operator schemas (#27713)
  • e43d306 [CI] fix: missing branch specifier in schedule directive (#27914)
  • Additional commits viewable in compare view

Updates speechbrain to 1.1.0

Release notes

Sourced from speechbrain's releases.

v1.1.0

This major release extends SpeechBrain's support for SpeechLLMs and introduces several new features, recipes, and improvements.

Highlights

  • Feature Caching — Save extracted features (e.g. wav2vec embeddings) to disk and load them on the fly, skipping recomputation. This powers our first ASR SpeechLLM recipe on LibriSpeech, enabling LLM-based training with pre-computed embeddings.
  • New Recipes — SpeechLLM for ASR and translation, streaming SSL, FocalCodec, and SENSE models.

Along with internal improvements and bug fixes. Here follows a changelog of the main changes (omitting some minor bugfixes):

What's Changed

New Contributors

Full Changelog: speechbrain/speechbrain@v1.0.3...v1.1.0

What's Changed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the ai-frameworks group with 5 updates
0ea7028 
Updates the requirements on [tensorflow](https://github.com/tensorflow/tensorflow), [keras](https://github.com/keras-team/keras), [onnxruntime](https://github.com/microsoft/onnxruntime), [onnxruntime-gpu](https://github.com/microsoft/onnxruntime) and [speechbrain](https://github.com/speechbrain/speechbrain) to permit the latest version.

Updates `tensorflow` to 2.21.0
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](tensorflow/tensorflow@v2.15.0...v2.21.0)

Updates `keras` to 3.14.0
- [Release notes](https://github.com/keras-team/keras/releases)
- [Commits](keras-team/keras@v2.15.0...v3.14.0)

Updates `onnxruntime` to 1.25.0
- [Release notes](https://github.com/microsoft/onnxruntime/releases)
- [Changelog](https://github.com/microsoft/onnxruntime/blob/main/docs/ReleaseManagement.md)
- [Commits](microsoft/onnxruntime@v1.16.0...v1.25.0)

Updates `onnxruntime-gpu` to 1.25.0
- [Release notes](https://github.com/microsoft/onnxruntime/releases)
- [Changelog](https://github.com/microsoft/onnxruntime/blob/main/docs/ReleaseManagement.md)
- [Commits](microsoft/onnxruntime@v1.16.0...v1.25.0)

Updates `speechbrain` to 1.1.0
- [Release notes](https://github.com/speechbrain/speechbrain/releases)
- [Commits](speechbrain/speechbrain@v0.5.16...v1.1.0)

---
updated-dependencies:
- dependency-name: tensorflow
  dependency-version: 2.21.0
  dependency-type: direct:production
  dependency-group: ai-frameworks
- dependency-name: keras
  dependency-version: 3.14.0
  dependency-type: direct:production
  dependency-group: ai-frameworks
- dependency-name: onnxruntime
  dependency-version: 1.25.0
  dependency-type: direct:production
  dependency-group: ai-frameworks
- dependency-name: onnxruntime-gpu
  dependency-version: 1.25.0
  dependency-type: direct:production
  dependency-group: ai-frameworks
- dependency-name: speechbrain
  dependency-version: 1.1.0
  dependency-type: direct:production
  dependency-group: ai-frameworks
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 27, 2026

Labels

The following labels could not be found: dependencies, python, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants