2025ww18 dependencies update (#64)

Maxim-Doronin · dependabot[bot] · web-flow · commit a30fcdafd94d · 2025-05-02T21:42:28.000+01:00
* Bump onnxruntime in /.github/actions/compile-models Bumps [onnxruntime](https://github.com/microsoft/onnxruntime) from 1.21.0 to 1.21.1. - [Release notes](https://github.com/microsoft/onnxruntime/releases) - [Changelog](https://github.com/microsoft/onnxruntime/blob/main/docs/ReleaseManagement.md) - [Commits](https://github.com/microsoft/onnxruntime/commits) --- updated-dependencies: - dependency-name: onnxruntime dependency-version: 1.21.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump advanced-security/filter-sarif from 1.0.0 to 1.0.1 Bumps [advanced-security/filter-sarif](https://github.com/advanced-security/filter-sarif) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/advanced-security/filter-sarif/releases) - [Commits](advanced-security/filter-sarif@bc96d9f...f3b8118) --- updated-dependencies: - dependency-name: advanced-security/filter-sarif dependency-version: 1.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump actions/upload-artifact from 4.6.1 to 4.6.2 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.1 to 4.6.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.1...ea165f8) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 4.6.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github/codeql-action from 3.28.15 to 3.28.16 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.15 to 3.28.16. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@45775bd...28deaed) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.16 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump actions/download-artifact from 4.2.1 to 4.3.0 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.2.1 to 4.3.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@95815c3...d3f86a1) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump setuptools from 75.8.2 to 80.0.0 in /.github Bumps [setuptools](https://github.com/pypa/setuptools) from 75.8.2 to 80.0.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v75.8.2...v80.0.0) --- updated-dependencies: - dependency-name: setuptools dependency-version: 80.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Lower bound for patchelf * Bump pytorch version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/actions/compile-models/requirements.in b/.github/actions/compile-models/requirements.in
@@ -2,8 +2,8 @@
 
 # Core
 transformers>=4.51.1
-torch==2.6.0+cpu
-torchvision==0.21.0+cpu
+torch==2.7.0+cpu
+torchvision==0.22.0+cpu
 onnx>=1.17.0
 onnxruntime>=1.21.0
 onnxruntime-tools>=1.7.0
diff --git a/.github/actions/compile-models/requirements.txt b/.github/actions/compile-models/requirements.txt
diff --git a/.github/requirements-dev.in b/.github/requirements-dev.in
@@ -1,4 +1,4 @@
-setuptools>=70.1,<75.9
+setuptools>=70.1,<80.1
 wheel>=0.38.1
 build<1.3
-patchelf<=0.17.2.1; sys_platform == 'linux' and platform_machine == 'x86_64'
+patchelf>=0.16.1.0,<=0.17.2.1; sys_platform == 'linux' and platform_machine == 'x86_64'
diff --git a/.github/requirements-dev.txt b/.github/requirements-dev.txt
@@ -7,7 +7,7 @@
 build==1.2.2.post1 \
     --hash=sha256:1d61c0887fa860c01971625baae8bdd338e517b836a2f70dd1f7aa3a6b2fc5b5 \
     --hash=sha256:b36993e92ca9375a219c99e606a122ff365a760a2d4bba0caa09bd5278b608b7
-    # via -r .github/requirements-dev.in
+    # via -r requirements-dev.in
 colorama==0.4.6 \
     --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
     --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
@@ -16,27 +16,26 @@ packaging==24.2 \
     --hash=sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 \
     --hash=sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f
     # via build
-patchelf==0.17.2.1; \
-    sys_platform == 'linux' and platform_machine == 'x86_64' \
+patchelf==0.17.2.1 ; sys_platform == "linux" and platform_machine == "x86_64" \
     --hash=sha256:3c8d58f0e4c1929b1c7c45ba8da5a84a8f1aa6a82a46e1cfb2e44a4d40f350e5 \
     --hash=sha256:a6eb0dd452ce4127d0d5e1eb26515e39186fa609364274bc1b0b77539cfa7031 \
     --hash=sha256:a9e6ebb0874a11f7ed56d2380bfaa95f00612b23b15f896583da30c2059fcfa8 \
     --hash=sha256:ccb266a94edf016efe80151172c26cff8c2ec120a57a1665d257b0442784195d \
     --hash=sha256:d1a9bc0d4fd80c038523ebdc451a1cce75237cfcc52dbd1aca224578001d5927 \
     --hash=sha256:f47b5bdd6885cfb20abdd14c707d26eb6f499a7f52e911865548d4aa43385502 \
     --hash=sha256:fc329da0e8f628bd836dfb8eaf523547e342351fa8f739bf2b3fe4a6db5a297c
-    # via -r .github/requirements-dev.in
+    # via -r requirements-dev.in
 pyproject-hooks==1.2.0 \
     --hash=sha256:1e859bd5c40fae9448642dd871adf459e5e2084186e8d2c2a79a824c970da1f8 \
     --hash=sha256:9e5c6bfa8dcc30091c74b0cf803c81fdd29d94f01992a7707bc97babb1141913
     # via build
 wheel==0.45.1 \
     --hash=sha256:661e1abd9198507b1409a20c02106d9670b2576e916d58f520316666abca6729 \
     --hash=sha256:708e7481cc80179af0e556bbf0cc00b8444c7321e2700b8d8580231d13017248
-    # via -r .github/requirements-dev.in
+    # via -r requirements-dev.in
 
 # The following packages are considered to be unsafe in a requirements file:
-setuptools==75.8.2 \
-    --hash=sha256:4880473a969e5f23f2a2be3646b2dfd84af9028716d398e46192f84bc36900d2 \
-    --hash=sha256:558e47c15f1811c1fa7adbd0096669bf76c1d3f433f58324df69f3f5ecac4e8f
-    # via -r .github/requirements-dev.in
+setuptools==80.0.0 \
+    --hash=sha256:a38f898dcd6e5380f4da4381a87ec90bd0a7eec23d204a5552e80ee3cab6bd27 \
+    --hash=sha256:c40a5b3729d58dd749c0f08f1a07d134fb8a0a3d7f87dc33e7c5e1f762138650
+    # via -r requirements-dev.in
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -33,13 +33,13 @@ jobs:
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
       with:
         category: "/language:${{matrix.language}}"
 
diff --git a/.github/workflows/job_build_mlir_linux.yml b/.github/workflows/job_build_mlir_linux.yml
@@ -146,7 +146,7 @@ jobs:
 
       - name: Initialize CodeQL
         if: ${{ !steps.cache-restore.outputs.cache-hit && inputs.with-codeql }}
-        uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
         with:
           languages: c-cpp
           build-mode: manual
@@ -233,7 +233,7 @@ jobs:
       - name: Perform CodeQL Analysis
         id: codeql-analyze
         if: ${{ !steps.cache-restore.outputs.cache-hit && inputs.with-codeql }}
-        uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
         with:
           category: "/language:c-cpp"
           output: ${{ env.CODEQL_OUTPUTS }}
@@ -243,7 +243,7 @@ jobs:
       - name: Filter CodeQL results
         id: codeql-filtered-analyze
         if: ${{ !steps.cache-restore.outputs.cache-hit && inputs.with-codeql }}
-        uses: advanced-security/filter-sarif@bc96d9fb9338c5b48cc440b1b4d0a350b26a20db # Release 1.0
+        uses: advanced-security/filter-sarif@f3b8118a9349d88f7b1c0c488476411145b6270d # Release 1.0
         with:
           input: ${{ env.CODEQL_OUTPUTS }}/cpp.sarif
           output: ${{ env.CODEQL_OUTPUTS }}/filtered-results.sarif
@@ -256,7 +256,7 @@ jobs:
 
       - name: Upload CodeQL SARIF
         if: ${{ !steps.cache-restore.outputs.cache-hit && inputs.with-codeql }}
-        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
         with:
           sarif_file: ${{ env.CODEQL_OUTPUTS }}/filtered-results.sarif
           checkout_path: ${{ env.NPU_COMPILER_REPO }}
diff --git a/.github/workflows/job_tests_compilation_linux.yml b/.github/workflows/job_tests_compilation_linux.yml
@@ -59,7 +59,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Download artifacts
-        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
         with:
           name: ${{ inputs.install-package }}
           path: ${{ env.INSTALL_PACKAGE_DIR }}
diff --git a/.github/workflows/job_tests_unit_mlir_linux.yml b/.github/workflows/job_tests_unit_mlir_linux.yml
@@ -42,7 +42,7 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Download artifacts
-        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
         with:
           name: ${{ inputs.install-package }}
           path: ${{ env.OPENVINO_INSTALL_DIR }}
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -33,13 +33,13 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # 3.28.15
+        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # 3.28.17
         with:
           sarif_file: results.sarif
