Update dependencies (#3750)

* update dependency to resolve some CVEs

* update version string to 1.6.3rc0

* update premerge workflow

* add setuptools version constraint

* apply setuptools constraint to dev dependency

Author: yunchu

.github/workflows/codeql.yml

@@ -15,8 +15,7 @@ on:
   push:
     branches:
       - develop
-      - releases
-      - v2
+      - releases/**
   pull_request:
     types:
       - opened
@@ -61,7 +60,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -72,6 +71,16 @@ jobs:
           # queries: security-extended,security-and-quality
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
         with:
           category: "/language:${{matrix.language}}"
+      - name: Generate Security Report
+        uses: rsdmike/github-security-report-action@a149b24539044c92786ec39af8ba38c93496495d # v3.0.4
+        with:
+          template: report
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: GitHub Upload Release Artifacts
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        with:
+          name: codeql-report
+          path: "./report.pdf"

.github/workflows/daily.yml

@@ -30,7 +30,7 @@ jobs:
           - task: "visprompt"
             test_dir: "tests/e2e/cli/visual_prompting"
     name: E2E-Test-py310-${{ matrix.task }}
-    uses: ./.github/workflows/run_tests_in_tox.yml
+    uses: ./.github/workflows/run_tests_in_tox_custom.yml
     with:
       python-version: "3.10"
       toxenv-pyver: "py310"

.github/workflows/pre_merge.yml

@@ -15,12 +15,12 @@ on:
 # Declare default permissions as read only.
 permissions: read-all
 
+concurrency:
+  group: ${{ github.workflow }}-PreMerge-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   Code-Quality-Checks:
-    # This is what will cancel the job concurrency
-    concurrency:
-      group: ${{ github.workflow }}-Linting-${{ github.event.pull_request.number || github.ref }}
-      cancel-in-progress: true
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout repository
@@ -46,11 +46,7 @@ jobs:
           - python-version: "3.9"
             tox-env: "py39"
     name: Unit-Test-with-Python${{ matrix.python-version }}
-    # This is what will cancel the job concurrency
-    concurrency:
-      group: ${{ github.workflow }}-Unit-${{ github.event.pull_request.number || github.ref }}-${{ matrix.tox-env }}
-      cancel-in-progress: true
-    uses: ./.github/workflows/run_tests_in_tox.yml
+    uses: ./.github/workflows/run_tests_in_tox_custom.yml
     with:
       python-version: ${{ matrix.python-version }}
       toxenv-pyver: ${{ matrix.tox-env }}
@@ -61,10 +57,10 @@ jobs:
       artifact-prefix: "unit-test-results"
   Coverage-Test:
     needs: Code-Quality-Checks
-    concurrency:
-      group: ${{ github.workflow }}-Coverage-${{ github.event.pull_request.number || github.ref }}}
-      cancel-in-progress: true
-    runs-on: [self-hosted, linux, x64, dev]
+    runs-on: [otx-gpu-a10g-1]
+    container:
+      image: 219678651685.dkr.ecr.eu-west-1.amazonaws.com/ote-ci:11.7.1.2-devel-ubuntu20.04
+      options: "--runtime=nvidia --env-file=/home/runner/.nvidia.env --ipc=host"
     steps:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -126,11 +122,7 @@ jobs:
           - task: "visprompt"
             test_dir: "tests/integration/cli/visual_prompting"
     name: Integration-Test-py310-${{ matrix.task }}
-    # This is what will cancel the job concurrency
-    concurrency:
-      group: ${{ github.workflow }}-Integration-${{ github.event.pull_request.number || github.ref }}-${{ matrix.task }}
-      cancel-in-progress: true
-    uses: ./.github/workflows/run_tests_in_tox.yml
+    uses: ./.github/workflows/run_tests_in_tox_custom.yml
     with:
       python-version: "3.10"
       toxenv-pyver: "py310"

.github/workflows/run_tests_in_tox_custom.yml

@@ -23,7 +23,7 @@ on:
         default: false
       runs-on:
         type: string
-        default: "['self-hosted', 'Linux', 'X64', 'dev']"
+        default: "['otx-gpu-a10g-1']"
       task:
         type: string
         default: "undefined"
@@ -35,7 +35,7 @@ on:
         default: "pt1"
       container-options:
         type: string
-        default: "--runtime=nvidia --env-file=/home/runner/.nvidia.env --shm-size=24g"
+        default: "--runtime=nvidia --env-file=/home/runner/.nvidia.env --ipc=host"
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -46,7 +46,7 @@ jobs:
     # https://github.com/orgs/community/discussions/11692
     runs-on: ${{ fromJson(inputs.runs-on) }}
     container:
-      image: 219678651685.dkr.ecr.eu-central-1.amazonaws.com/ote-ci:11.7.1.1-devel-ubuntu20.04
+      image: 219678651685.dkr.ecr.eu-west-1.amazonaws.com/ote-ci:11.7.1.2-devel-ubuntu20.04
       options: ${{ inputs.container-options }}
     timeout-minutes: ${{ inputs.timeout-minutes }}
     steps: