ci: bump the all-actions group with 5 updates

[dependabot]

Bumps the all-actions group with 5 updates:

Package	From	To
actions/checkout	4	6
astral-sh/setup-uv	7.6.0	8.1.0
actions/cache	5.0.4	5.0.5
cloudflare/wrangler-action	3.14.1	3.15.0
NVIDIA-NeMo/FW-CI-templates/.github/workflows/_semantic_pull_request.yml	0.88.1	0.93.0

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Updates astral-sh/setup-uv from 7.6.0 to 8.1.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.1.0 🌈 New input no-project

Changes

This add the a new boolean input no-project. It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements

• Add input no-project in combination with activate-environment @​eifinger (#856)

🧰 Maintenance

• fix: grant contents:write to validate-release job @​eifinger (#860)
• Add a release-gate step to the release workflow @​zanieb (#859)
• Draft commitish releases @​eifinger (#858)
• Add action-types.yml to instructions @​eifinger (#857)
• chore: update known checksums for 0.11.7 @github-actions[bot] (#853)
• Refactor version resolving @​eifinger (#852)
• chore: update known checksums for 0.11.6 @github-actions[bot] (#850)
• chore: update known checksums for 0.11.5 @github-actions[bot] (#845)
• chore: update known checksums for 0.11.4 @github-actions[bot] (#843)
• Add a release workflow @​zanieb (#839)
• chore: update known checksums for 0.11.3 @github-actions[bot] (#836)

📚 Documentation

• Update ignore-nothing-to-cache documentation @​eifinger (#833)
• Pin setup-uv docs to v8 @​eifinger (#829)

⬆️ Dependency updates

• chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @dependabot[bot] (#855)

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

... (truncated)

Commits

• 0880764 fix: grant contents:write to validate-release job (#860)
• 717d6ab Add a release-gate step to the release workflow (#859)
• 5a911eb Draft commitish releases (#858)
• 080c31e Add action-types.yml to instructions (#857)
• b3e97d2 Add input no-project in combination with activate-environment (#856)
• 7dd591d chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#855)
• 1541b77 chore: update known checksums for 0.11.7 (#853)
• cdfb2ee Refactor version resolving (#852)
• cb84d12 chore: update known checksums for 0.11.6 (#850)
• 1912cc6 chore: update known checksums for 0.11.5 (#845)
• Additional commits viewable in compare view

Updates actions/cache from 5.0.4 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in actions/cache#1747

Full Changelog: actions/cache@v5...v5.0.5

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

• 27d5ce7 Merge pull request #1747 from actions/yacaovsnc/update-dependency
• f280785 licensed changes
• 619aeb1 npm run build generated dist files
• bcf16c2 Update ts-http-runtime to 0.3.5
• See full diff in compare view

Updates cloudflare/wrangler-action from 3.14.1 to 3.15.0

Release notes

Sourced from cloudflare/wrangler-action's releases.

v3.15.0

Minor Changes

• #426 febbda6 Thanks @​WillTaylorDev! - Support version ranges and tags in wranglerVersion input. You can now set wranglerVersion to values like 4, ^4.0.0, 4.x, or latest instead of only exact versions like 4.81.0.

Changelog

Sourced from cloudflare/wrangler-action's changelog.

Changelog

3.15.0

Minor Changes

• #426 febbda6 Thanks @​WillTaylorDev! - Support version ranges and tags in wranglerVersion input. You can now set wranglerVersion to values like 4, ^4.0.0, 4.x, or latest instead of only exact versions like 4.81.0.

3.14.1

Patch Changes

• #358 cd6314a Thanks @​penalosa! - Use secret bulk instead of deprecated secret:bulk command

3.14.0

Minor Changes

• #351 4ff07f4 Thanks @​Maximo-Guk! - Use wrangler outputs for version upload and wrangler deploy

Patch Changes

• #350 e209094 Thanks @​Maximo-Guk! - Handle failures in createGitHubDeployment and createGitHubJobSummary

3.13.1

Patch Changes

• #345 e819570 Thanks @​Maximo-Guk! - fix: Pages GitHub Deployment not triggering

3.13.0

Minor Changes

• #325 cada7a6 Thanks @​Maximo-Guk! - Add GitHub deployments and job summaries for parity with pages-action

• #334 9fed19a Thanks @​Maximo-Guk! - Bump default wrangler version to 3.90.0

3.12.1

Patch Changes

• #319 59c04629408d58978884fadd18755f1a15f96157 Thanks @​Maximo-Guk! - Fixes #317: Generate a new output directory with a randomUUID in the tmpDir, so that when the action is executed multiple times, we use the artifacts from that run, opposed to the artifacts from a previous run.

3.12.0

Minor Changes

• #312 122ee5cf5b66847e0b6cfa67ecd9e03e38a67a42 Thanks @​Maximo-Guk! - This reapplies 303 add parity with pages-action for pages deploy outputs. Thanks @​courtney-sims! - Support pages-deployment-id, pages-environment, pages-deployment-alias-url and deployment-url outputs for Pages deploys when wrangler version is >=3.81.0. deployment-alias-url was also deprecated in favour of pages-deployment-alias.

... (truncated)

Commits

• 9acf94a Automatic compilation
• d181764 Merge pull request #427 from cloudflare/changeset-release/main
• 0501554 Version Packages
• d8f3eaa Merge pull request #426 from cloudflare/willtaylor/escalation-963-support-ver...
• febbda6 Support version ranges and tags in wranglerVersion input
• See full diff in compare view

Updates NVIDIA-NeMo/FW-CI-templates/.github/workflows/_semantic_pull_request.yml from 0.88.1 to 0.93.0

Release notes

Sourced from NVIDIA-NeMo/FW-CI-templates/.github/workflows/_semantic_pull_request.yml's releases.

v0.93.0

0.93.0 (2026-04-16)

Features

• Bump workflow (#455) (47578e0)

v0.92.0

0.92.0 (2026-04-16)

Features

• Add extra-no-build-isolation-packages input (#453) (72d1163)

v0.91.0

0.91.0 (2026-04-15)

Features

• add reusable _sync_skills workflow and CLAUDE.md (#448) (eea9f2f)

Bug Fixes

• Revert waiting-for-customer label (#451) (4fdba94)

v0.90.0

0.90.0 (2026-04-14)

Features

• add waiting-for-customer label management (#449) (fcdf2f7)

v0.89.0

0.89.0 (2026-04-14)

Features

• add waiting-for-customer label management to follow-up issues script (#446) (ccdc488)

Changelog

Sourced from NVIDIA-NeMo/FW-CI-templates/.github/workflows/_semantic_pull_request.yml's changelog.

Changelog

0.93.0 (2026-04-16)

Features

• Bump workflow (#455) (47578e0)

0.92.0 (2026-04-16)

Features

• Add extra-no-build-isolation-packages input (#453) (72d1163)

0.91.0 (2026-04-15)

Features

• add reusable _sync_skills workflow and CLAUDE.md (#448) (eea9f2f)

Bug Fixes

• Revert waiting-for-customer label (#451) (4fdba94)

0.90.0 (2026-04-14)

Features

• add waiting-for-customer label management (#449) (fcdf2f7)

0.89.0 (2026-04-14)

Features

• add waiting-for-customer label management to follow-up issues script (#446) (ccdc488)

0.88.1 (2026-04-09)

Bug Fixes

• set NO_VCS_VERSION=1 in wheel build step (#443) (881f284)

0.88.0 (2026-04-03)

... (truncated)

Commits

• 38cee3a chore(main): release 0.93.0 (#456)
• 47578e0 feat: Bump workflow (#455)
• 7afc5a5 chore(main): release 0.92.0 (#454)
• 72d1163 feat: Add extra-no-build-isolation-packages input (#453)
• db3df8b chore(main): release 0.91.0 (#452)
• eea9f2f feat: add reusable _sync_skills workflow and CLAUDE.md (#448)
• 4fdba94 fix: Revert waiting-for-customer label (#451)
• 7a04fb4 chore(main): release 0.90.0 (#450)
• fcdf2f7 feat: add waiting-for-customer label management (#449)
• 63ee9e3 chore(main): release 0.89.0 (#447)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions