Skip to content

Bump onnx from 1.12.0 to 1.22.0#21

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/onnx-1.22.0
Open

Bump onnx from 1.12.0 to 1.22.0#21
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/onnx-1.22.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown

Bumps onnx from 1.12.0 to 1.22.0.

Release notes

Sourced from onnx's releases.

v1.22.0

ONNX v1.22.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

What's Changed

Breaking Changes and Deprecations

Spec and Operator

Two new operators LinearAttention-27 and CausalConvWithState-27 were introduced.

Reference Implementation

Utilities and Tools

Build, CI and Tests

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note

Medium Risk
Large semver jump in a core ML serialization library used transitively for ONNX inference; possible install or runtime incompatibility with onnxruntime, NudeNet, or protobuf pins without application code changes.

Overview
Dependabot bumps the pinned onnx package in requirements.txt from 1.12.0 to 1.22.0 (the only code change in this PR).

onnx is not imported directly in the repo; it sits in the lockfile as a transitive dependency for stacks like NudeNet / onnxruntime and related ML tooling. ONNX 1.22 adds new operators and includes breaking spec changes (e.g. qk_matmul_output_mode ordering) across many intermediate releases since 1.12.

Reviewers should confirm pip check / CI install still pass and that ONNX-based inference (e.g. NudeNet’s .onnx classifier) behaves as before with the pinned onnxruntime==1.18.0 and protobuf==3.19.6.

Reviewed by Cursor Bugbot for commit 5952cc2. Bugbot is set up for automated code reviews on this repo. Configure here.

Bumps [onnx](https://github.com/onnx/onnx) from 1.12.0 to 1.22.0.
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](onnx/onnx@v1.12.0...v1.22.0)

---
updated-dependencies:
- dependency-name: onnx
  dependency-version: 1.22.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 10, 2026

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 5952cc2. Configure here.

Comment thread requirements.txt
oauthlib==3.2.2
omegaconf==2.3.0
onnx==1.12.0
onnx==1.22.0

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Onnx bump breaks dependency pins

High Severity

Bumping onnx to 1.22.0 without updating other pins leaves requirements.txt internally inconsistent: onnx 1.22 requires protobuf ≥4.25.1, ml-dtypes ≥0.5.4, typing_extensions ≥4.15.0, and Python ≥3.10, while the file still pins older versions and CI still tests 3.8–3.9.

Additional Locations (2)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 5952cc2. Configure here.

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Risk: medium. Not approving: Bugbot reported an unresolved high-severity dependency pin conflict (onnx==1.22.0 vs pinned protobuf, ml-dtypes, typing_extensions, and Python 3.8–3.9 CI). Human review needed to reconcile pins or reject the bump; reviewers assigned.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@cursor
cursor Bot requested a review from YLGH July 10, 2026 04:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants