From 829398abfa0a980224ecb853133d80c82876e3f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Feb 2026 17:10:10 +0000 Subject: [PATCH] build(deps): bump the actions-monthly group with 8 updates Bumps the actions-monthly group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.1.6` | `7.2.1` | | [astral-sh/ruff-action](https://github.com/astral-sh/ruff-action) | `3.5.1` | `3.6.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.31.8` | `4.32.0` | | [conda-incubator/setup-miniconda](https://github.com/conda-incubator/setup-miniconda) | `3.2.0` | `3.3.0` | | [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) | `4.7.6` | `4.8.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.1.0` | `6.2.0` | | [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) | `3.3.0` | `3.3.1` | Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v6.0.1...v6.0.2) Updates `astral-sh/setup-uv` from 7.1.6 to 7.2.1 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/681c641aba71e4a1c380be3ab5e12ad51f415867...803947b9bd8e9f986429fa0c5a41c367cd732b41) Updates `astral-sh/ruff-action` from 3.5.1 to 3.6.1 - [Release notes](https://github.com/astral-sh/ruff-action/releases) - [Commits](https://github.com/astral-sh/ruff-action/compare/57714a7c8a2e59f32539362ba31877a1957dded1...4919ec5cf1f49eff0871dbcea0da843445b837e6) Updates `github/codeql-action` from 3.31.8 to 4.32.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.31.8...v4.32.0) Updates `conda-incubator/setup-miniconda` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/conda-incubator/setup-miniconda/releases) - [Changelog](https://github.com/conda-incubator/setup-miniconda/blob/main/CHANGELOG.md) - [Commits](https://github.com/conda-incubator/setup-miniconda/compare/835234971496cad1653abb28a638a281cf32541f...fc2d68f6413eb2d87b895e92f8584b5b94a10167) Updates `JamesIves/github-pages-deploy-action` from 4.7.6 to 4.8.0 - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/9d877eea73427180ae43cf98e8914934fe157a1a...d92aa235d04922e8f08b40ce78cc5442fcfbfa2f) Updates `actions/setup-python` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/83679a892e2d95755f2dac6acb0bfd1e9ac5d548...a309ff8b426b58ec0e2a45f0f869d46889d02405) Updates `pypa/cibuildwheel` from 3.3.0 to 3.3.1 - [Release notes](https://github.com/pypa/cibuildwheel/releases) - [Changelog](https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md) - [Commits](https://github.com/pypa/cibuildwheel/compare/63fd63b352a9a8bdcc24791c9dbee952ee9a8abc...298ed2fb2c105540f5ed055e8a6ad78d82dd3a7e) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-monthly - dependency-name: astral-sh/setup-uv dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-monthly - dependency-name: astral-sh/ruff-action dependency-version: 3.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-monthly - dependency-name: github/codeql-action dependency-version: 4.32.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-monthly - dependency-name: conda-incubator/setup-miniconda dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-monthly - dependency-name: JamesIves/github-pages-deploy-action dependency-version: 4.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-monthly - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-monthly - dependency-name: pypa/cibuildwheel dependency-version: 3.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-monthly ... Signed-off-by: dependabot[bot] --- .github/workflows/backport.yml | 4 ++-- .github/workflows/bandit.yml | 8 ++++---- .github/workflows/build-docs.yml | 6 +++--- .github/workflows/build-wheel.yml | 12 ++++++------ .github/workflows/ci.yml | 4 ++-- .github/workflows/cleanup-pr-previews.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/coverage.yml | 6 +++--- .github/workflows/release-upload.yml | 2 +- .github/workflows/release.yml | 6 +++--- .github/workflows/test-wheel-linux.yml | 6 +++--- .github/workflows/test-wheel-windows.yml | 6 +++--- 12 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index a575779d56..750030b80f 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -34,7 +34,7 @@ jobs: }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Load branch name id: get-branch @@ -54,7 +54,7 @@ jobs: if: github.repository_owner == 'nvidia' && github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Load branch from environment name if: inputs.backport-branch == null diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index c9fee3938a..2e12d94796 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -20,10 +20,10 @@ jobs: security-events: write steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install uv - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 + uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 with: enable-cache: false @@ -38,10 +38,10 @@ jobs: echo "codes=$(uvx toml2json ./ruff.toml | jq -r '.lint.ignore | map(select(test("^S\\d+"))) | join(",")')" >> "$GITHUB_OUTPUT" - name: Perform Bandit Analysis using Ruff - uses: astral-sh/ruff-action@57714a7c8a2e59f32539362ba31877a1957dded1 # v3.5.1 + uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 # v3.6.1 with: args: "check --select S --ignore ${{ steps.ignore-codes.outputs.codes }} --output-format sarif --output-file results.sarif" - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@v4.32.0 with: sarif_file: results.sarif diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 356431e8e4..b24f7cc56a 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -54,7 +54,7 @@ jobs: exit 1 fi - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 ref: ${{ inputs.git-tag }} @@ -62,7 +62,7 @@ jobs: # TODO: This workflow runs on GH-hosted runner and cannot use the proxy cache - name: Set up miniforge - uses: conda-incubator/setup-miniconda@835234971496cad1653abb28a638a281cf32541f # v3.2.0 + uses: conda-incubator/setup-miniconda@fc2d68f6413eb2d87b895e92f8584b5b94a10167 # v3.3.0 with: activate-environment: cuda-python-docs environment-file: ./cuda_python/docs/environment-docs.yml @@ -259,7 +259,7 @@ jobs: - name: Deploy doc update if: ${{ github.ref_name == 'main' || inputs.is-release }} - uses: JamesIves/github-pages-deploy-action@9d877eea73427180ae43cf98e8914934fe157a1a # v4.7.6 + uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0 with: git-config-name: cuda-python-bot git-config-email: cuda-python-bot@users.noreply.github.com diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index 438cf4b14b..d5726545f3 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -40,7 +40,7 @@ jobs: (inputs.host-platform == 'win-64' && 'windows-2022') }} steps: - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -67,7 +67,7 @@ jobs: - name: Set up Python id: setup-python1 - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: # WAR: setup-python is not relocatable, and cibuildwheel hard-wires to 3.12... # see https://github.com/actions/setup-python/issues/871 @@ -150,7 +150,7 @@ jobs: cuda-version: ${{ inputs.cuda-version }} - name: Build cuda.bindings wheel - uses: pypa/cibuildwheel@63fd63b352a9a8bdcc24791c9dbee952ee9a8abc # v3.3.0 + uses: pypa/cibuildwheel@298ed2fb2c105540f5ed055e8a6ad78d82dd3a7e # v3.3.1 with: package-dir: ./cuda_bindings/ output-dir: ${{ env.CUDA_BINDINGS_ARTIFACTS_DIR }} @@ -204,7 +204,7 @@ jobs: if-no-files-found: error - name: Build cuda.core wheel - uses: pypa/cibuildwheel@63fd63b352a9a8bdcc24791c9dbee952ee9a8abc # v3.3.0 + uses: pypa/cibuildwheel@298ed2fb2c105540f5ed055e8a6ad78d82dd3a7e # v3.3.1 with: package-dir: ./cuda_core/ output-dir: ${{ env.CUDA_CORE_ARTIFACTS_DIR }} @@ -292,7 +292,7 @@ jobs: - name: Set up Python id: setup-python2 - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} @@ -383,7 +383,7 @@ jobs: rmdir $OLD_BASENAME - name: Build cuda.core wheel - uses: pypa/cibuildwheel@63fd63b352a9a8bdcc24791c9dbee952ee9a8abc # v3.3.0 + uses: pypa/cibuildwheel@298ed2fb2c105540f5ed055e8a6ad78d82dd3a7e # v3.3.1 with: package-dir: ./cuda_core/ output-dir: ${{ env.CUDA_CORE_ARTIFACTS_DIR }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 80d8cc7ba2..bf6bb8fca5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: CUDA_PREV_BUILD_VER: ${{ steps.get-vars.outputs.cuda_prev_build_ver }} steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Get CUDA build versions @@ -43,7 +43,7 @@ jobs: doc-only: ${{ steps.get-should-skip.outputs.doc_only }} steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Compute whether to skip builds and tests id: get-should-skip env: diff --git a/.github/workflows/cleanup-pr-previews.yml b/.github/workflows/cleanup-pr-previews.yml index 872b2fe37d..a0811a0de2 100644 --- a/.github/workflows/cleanup-pr-previews.yml +++ b/.github/workflows/cleanup-pr-previews.yml @@ -28,7 +28,7 @@ jobs: if: github.repository_owner == 'NVIDIA' steps: - name: Checkout repository - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 with: # Fetch all history and branches for worktree operations fetch-depth: 0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a79182b5ef..a26db389ba 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,16 +28,16 @@ jobs: build-mode: none steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8 + uses: github/codeql-action/init@f985be5b50bd175586d44aac9ac52926adf12893 # v3.31.8 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} queries: security-extended - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8 + uses: github/codeql-action/analyze@f985be5b50bd175586d44aac9ac52926adf12893 # v3.31.8 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index c7f3162ecd..1782263486 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -49,7 +49,7 @@ jobs: apt-get install -y git - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install dependencies uses: ./.github/actions/install_unix_deps @@ -75,7 +75,7 @@ jobs: echo "CUDA_PYTHON_COVERAGE=1" >> $GITHUB_ENV - name: Set up Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PY_VER }} env: @@ -151,7 +151,7 @@ jobs: path: docs/coverage/ - name: Deploy to gh-pages - uses: JamesIves/github-pages-deploy-action@9d877eea73427180ae43cf98e8914934fe157a1a # v4.7.6 + uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0 with: git-config-name: cuda-python-bot git-config-email: cuda-python-bot@users.noreply.github.com diff --git a/.github/workflows/release-upload.yml b/.github/workflows/release-upload.yml index ab69a82e7f..0894e595fc 100644 --- a/.github/workflows/release-upload.yml +++ b/.github/workflows/release-upload.yml @@ -41,7 +41,7 @@ jobs: ARCHIVE_NAME: ${{ github.event.repository.name }}-${{ inputs.git-tag }} steps: - name: Checkout Source - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 ref: ${{ inputs.git-tag }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 715d4e0bd0..68ce7c5716 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -50,7 +50,7 @@ jobs: run-id: ${{ steps.lookup-run-id.outputs.run-id }} steps: - name: Checkout Source - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # fetch-depth: 0 is required so the lookup-run-id script can access all git tags fetch-depth: 0 @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -157,7 +157,7 @@ jobs: id-token: write steps: - name: Checkout Source - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download component wheels env: diff --git a/.github/workflows/test-wheel-linux.yml b/.github/workflows/test-wheel-linux.yml index 49a0298b34..1ba20112ba 100644 --- a/.github/workflows/test-wheel-linux.yml +++ b/.github/workflows/test-wheel-linux.yml @@ -36,7 +36,7 @@ jobs: OLD_BRANCH: ${{ steps.compute-matrix.outputs.OLD_BRANCH }} steps: - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Validate Test Type run: | @@ -87,7 +87,7 @@ jobs: run: nvidia-smi - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup proxy cache uses: nv-gha-runners/setup-proxy-cache@main @@ -214,7 +214,7 @@ jobs: ls -lahR $CUDA_CORE_CYTHON_TESTS_DIR - name: Set up Python ${{ matrix.PY_VER }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.PY_VER }} env: diff --git a/.github/workflows/test-wheel-windows.yml b/.github/workflows/test-wheel-windows.yml index 488a62db16..2cc7a125e4 100644 --- a/.github/workflows/test-wheel-windows.yml +++ b/.github/workflows/test-wheel-windows.yml @@ -33,7 +33,7 @@ jobs: MATRIX: ${{ steps.compute-matrix.outputs.MATRIX }} steps: - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Validate Test Type run: | @@ -69,7 +69,7 @@ jobs: runs-on: "windows-${{ matrix.ARCH }}-gpu-${{ matrix.GPU }}-${{ matrix.DRIVER }}-${{ matrix.GPU_COUNT }}" steps: - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup proxy cache uses: nv-gha-runners/setup-proxy-cache@main @@ -201,7 +201,7 @@ jobs: Get-ChildItem -Recurse -Force $env:CUDA_CORE_CYTHON_TESTS_DIR | Select-Object Mode, LastWriteTime, Length, FullName - name: Set up Python ${{ matrix.PY_VER }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.PY_VER }}