Bump GitHub Actions dependencies

[wallentx]

Bumps the github-actions group with 2 updates: actions/checkout, actions/setup-python.

actions/checkout

Updates actions/checkout from 4 to 7 across 3 workflow entries.

Investigation: Compatibility & Safety Details

• Caution Detail: Version 7 blocks checkout of fork PRs under pull_request_target or workflow_run by default.
• Safety: The workflows do not use these event triggers.

Release notes

v7.0.0

What's Changed

• block checking out fork pr for pull_request_target and workflow_run by @aiqiaoy in block checking out fork pr for pull_request_target and workflow_run actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @dependabot[bot] in Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in Bump flatted from 3.3.1 to 3.4.2 actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @dependabot[bot] in Bump js-yaml from 4.1.0 to 4.2.0 actions/checkout#2461
• Bump @actions/core and @actions/tool-cache and Remove uuid by @dependabot[bot] in Bump @actions/core and @actions/tool-cache and Remove uuid actions/checkout#2459
• upgrade module to esm and update dependencies by @aiqiaoy in upgrade module to esm and update dependencies actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in Bump the minor-npm-dependencies group across 1 directory with 3 updates actions/checkout#2462
• getting ready for checkout v7 release by @aiqiaoy in getting ready for checkout v7 release actions/checkout#2464
• update error wording by @aiqiaoy in update error wording actions/checkout#2467

New Contributors

• @aiqiaoy made their first contribution in block checking out fork pr for pull_request_target and workflow_run actions/checkout#2454

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

• Update changelog by @ericsciple in Update changelog actions/checkout#2357
• fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in fix: expand merge commit SHA regex and add SHA-256 test cases actions/checkout#2414
• Fix checkout init for SHA-256 repositories by @yaananth in Fix checkout init for SHA-256 repositories actions/checkout#2439
• Update changelog for v6.0.3 by @yaananth in Update changelog for v6.0.3 actions/checkout#2446

New Contributors

• @yaananth made their first contribution in fix: expand merge commit SHA regex and add SHA-256 test cases actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in Fix tag handling: preserve annotations and explicit fetch-tags actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @ericsciple in Update all references from v5 and v4 to v6 actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @ericsciple in Add worktree support for persist-credentials includeIf actions/checkout#2327
• Clarify v6 README by @ericsciple in Clarify v6 README actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @salmanmkc in Update README to include Node.js 24 support details and requirements actions/checkout#2248
• Persist creds to a separate file by @ericsciple in Persist creds to a separate file actions/checkout#2286
• v6-beta by @ericsciple in v6-beta actions/checkout#2298
• update readme/changelog for v6 by @ericsciple in update readme/changelog for v6 actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @ericsciple in Port v6 cleanup to v5 actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @salmanmkc in Update actions checkout to use node 24 actions/checkout#2226
• Prepare v5.0.0 release by @salmanmkc in Prepare v5.0.0 release actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

Changelog

Sourced from actions/checkout's changelog.

v7.0.0

• Block checking out fork PR for pull_request_target and workflow_run by @aiqiaoy in block checking out fork pr for pull_request_target and workflow_run actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @dependabot[bot] in Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in Bump flatted from 3.3.1 to 3.4.2 actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @dependabot[bot] in Bump js-yaml from 4.1.0 to 4.2.0 actions/checkout#2461
• Bump @actions/core and @actions/tool-cache and Remove uuid by @dependabot[bot] in Bump @actions/core and @actions/tool-cache and Remove uuid actions/checkout#2459
• upgrade module to esm and update dependencies by @aiqiaoy in upgrade module to esm and update dependencies actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in Bump the minor-npm-dependencies group across 1 directory with 3 updates actions/checkout#2462

v6.0.3

• Fix checkout init for SHA-256 repositories by @yaananth in Fix checkout init for SHA-256 repositories actions/checkout#2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in fix: expand merge commit SHA regex and add SHA-256 test cases actions/checkout#2414

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in Fix tag handling: preserve annotations and explicit fetch-tags actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @ericsciple in Add worktree support for persist-credentials includeIf actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @ericsciple in Persist creds to a separate file actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @salmanmkc in Update README to include Node.js 24 support details and requirements actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @ericsciple in Port v6 cleanup to v5 actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @salmanmkc in Update actions checkout to use node 24 actions/checkout#2226

Commits

Sourced from actions/checkout's commit history.

• 9f26565 Update actions checkout to use node 24 (#2226)
• 08c6903 Prepare v5.0.0 release (#2238)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 069c695 Persist creds to a separate file (#2286)
• 71cf226 v6-beta (#2298)
• 1af3b93 update readme/changelog for v6 (#2311)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• 8e8c483 Clarify v6 README (#2328)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (#2355)
• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 0c366fd Update changelog (#2357)
• 900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
• 1cce339 Fix checkout init for SHA-256 repositories (#2439)
• df4cb1c Update changelog for v6.0.3 (#2446)
• f9e715a block checking out fork pr for pull_request_target and workflow_run (#2454)
• 0f9f3aa Bump actions/publish-immutable-action (#2458)
• 7d09575 Bump flatted from 3.3.1 to 3.4.2 (#2460)
• 130a169 Bump js-yaml from 4.1.0 to 4.2.0 (#2461)
• 537c7ef Bump @actions/core and @actions/tool-cache and Remove uuid (#2459)
• d914b26 upgrade module to esm and update dependencies (#2463)
• f028218 Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)
• 1044a6d getting ready for checkout v7 release (#2464)
• 9c091bb update error wording (#2467)
  See full diff in compare view.

actions/setup-python

Updates actions/setup-python from 5 to 6 across 1 workflow entry.

Release notes

v6.3.0

What's Changed

Enhancement

• Add RHEL support and include Linux distro in cache keys by @priyagupta108 in Add RHEL support and include Linux distro in cache keys actions/setup-python#1323
• Fix pip cache error handling on Windows by @priyagupta108 in Fix pip cache error handling on Windows. actions/setup-python#1040

Dependency update

• Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in Bump minimatch from 3.1.2 to 3.1.5 actions/setup-python#1281
• Upgrade actions dependencies by @gowridurgad with @copilot in Upgrade @actions dependencies actions/setup-python#1303
• Upgrade @actions/cache to 5.1.0, log cache write denied by @jasongin in Bump @actions/cache to 5.1.0, log cache write denied actions/setup-python#1324
• Upgrade dependency versions and test workflow configuration by @HarithaVattikuti in Update dependency versions and test workflow configuration actions/setup-python#1322

Documentation

• Update advanced-usage.md by @Dunky-Z in Update advanced-usage.md actions/setup-python#811

New Contributors

• @gowridurgad with @copilot made their first contribution in Upgrade @actions dependencies actions/setup-python#1303
• @jasongin made their first contribution in Bump @actions/cache to 5.1.0, log cache write denied actions/setup-python#1324
• @Dunky-Z made their first contribution in Update advanced-usage.md actions/setup-python#811

Full Changelog: actions/setup-python@v6...v6.3.0

v6.2.0

What's Changed

Dependency Upgrades

• Upgrade dependencies to Node 24 compatible versions by @salmanmkc in Upgrade @actions dependencies to Node 24 compatible versions actions/setup-python#1259
• Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @dependabot in Bump urllib3 from 2.5.0 to 2.6.0 in /__tests__/data actions/setup-python#1253 and Bump urllib3 from 2.6.0 to 2.6.3 in /__tests__/data actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

What's Changed

Enhancements:

• Add support for pip-install input by @gowridurgad in Add support for pip-install input actions/setup-python#1201
• Add graalpy early-access and windows builds by @timfel in Add graalpy early-access and windows builds actions/setup-python#880

Dependency and Documentation updates:

• Enhanced wording and updated example usage for allow-prereleases by @yarikoptic in Improve wording and "fix example" (remove 3.13) on testing against pre-release actions/setup-python#979
• Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @dependabot in Bump urllib3 from 1.26.19 to 2.5.0 in /__tests__/data and document breaking changes in v6 actions/setup-python#1139
• Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @dependabot in Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md actions/setup-python#1094
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @dependabot in Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input actions/setup-python#1199
• Upgrade requests from 2.32.2 to 2.32.4 by @dependabot in Bump requests from 2.32.2 to 2.32.4 in /__tests__/data actions/setup-python#1130
• Upgrade prettier from 3.5.3 to 3.6.2 by @dependabot in Bump prettier from 3.5.3 to 3.6.2 actions/setup-python#1234
• Upgrade @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @dependabot in Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel actions/setup-python#1235

New Contributors

• @yarikoptic made their first contribution in Improve wording and "fix example" (remove 3.13) on testing against pre-release actions/setup-python#979

Full Changelog: actions/setup-python@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

• Upgrade to node 24 by @salmanmkc in Upgrade to node 24 actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

• Add support for pip-version by @priyagupta108 in Add support for pip-version  actions/setup-python#1129
• Enhance reading from .python-version by @krystof-k in Enhance reading from .python-version actions/setup-python#787
• Add version parsing from Pipfile by @aradkdj in Add version parsing from Pipfile actions/setup-python#1067

Bug fixes:

• Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in Clarify pythonLocation behavior for PyPy and GraalPy in environment variables actions/setup-python#1183
• Change missing cache directory error to warning by @aparnajyothi-y in Change missing cache directory error to warning  actions/setup-python#1182
• Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in Add Architecture-Specific PATH Management for Python with --user Flag on Windows actions/setup-python#1122
• Include python version in PyPy python-version output by @cdce8p in Include python version in PyPy python-version output actions/setup-python#1110
• Update docs: clarification on pip authentication with setup-python by @priya-kinthali in Update docs: clarification on pip authentication with setup-python actions/setup-python#1156

Dependency updates:

• Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in Bump idna from 2.9 to 3.7 in /__tests__/data actions/setup-python#843
• Upgrade form-data to fix critical vulnerabilities Remove an invalid character Solvik/netbox-agent#182 & TypeError: list indices must be integers or slices, not str Solvik/netbox-agent#183 by @aparnajyothi-y in Bump form-data to fix critical vulnerabilities #182 & #183 actions/setup-python#1163
• Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download actions/setup-python#1165
• Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in Bump actions/checkout from 4 to 5 actions/setup-python#1181
• Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in Bump @actions/tool-cache from 2.0.1 to 2.0.2 actions/setup-python#1095

New Contributors

• @krystof-k made their first contribution in Enhance reading from .python-version actions/setup-python#787
• @cdce8p made their first contribution in Include python version in PyPy python-version output actions/setup-python#1110
• @aradkdj made their first contribution in Add version parsing from Pipfile actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

Changelog

No changelog file was found for actions/setup-python.

actions-snitch looked for CHANGELOG.md, changelog.md, CHANGES.md, and HISTORY.md.

Commits

Sourced from actions/setup-python's commit history.

• 5db1cf9 Enhance reading from .python-version (#787)
• 5fa0ee6 Bump @actions/tool-cache from 2.0.1 to 2.0.2 (#1095)
• e9c40fb Add support for pip-version (#1129)
• 1264885 Enhance cache-dependency-path handling to support files outside the workspace root (#1128)
• 532b046 Add Architecture-Specific PATH Management for Python with --user Flag on Windows (#1122)
• 88ffd4d Include python version in PyPy python-version output (#1110)
• 3c6f142 update documentation (#1156)
• 36da51d Add version parsing from Pipfile (#1067)
• 03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
• fbeb884 Bump form-data to fix critical vulnerabilities Remove an invalid character Solvik/netbox-agent#182 & TypeError: list indices must be integers or slices, not str Solvik/netbox-agent#183 (#1163)
• 9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download (#1165)
• f62a0e2 Change missing cache directory error to warning (#1182)
• 5b668cf Bump actions/checkout from 4 to 5 (#1181)
• 65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables (#1183)
• 3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the workspace root" (#1186)
• e797f83 Upgrade to node 24 (#1164)
• 4267e28 Bump urllib3 from 1.26.19 to 2.5.0 in /tests/data and document breaking changes in v6 (#1139)
• 2e3e4b1 Add support for pip-install input (#1201)
• 18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-release (#979)
• bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
• cfd55ca graalpy: add graalpy early-access and windows builds (#880)
• 443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input (#1199)
• 97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
• bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
• 83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel (#1235)
• 4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
• bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
• a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
• 28f2168 Bump minimatch from 3.1.2 to 3.1.5 (#1281)
• c8813ba Upgrade @actions dependencies and update licenses (#1303)
• ... and 9 more commits.
  See full diff in compare view.

_{Findings and PR created by actions-snitch.}

[Copilot]

Pull request overview

This PR updates the GitHub Actions used by the CI workflow to newer major versions, keeping the repository’s automation dependencies current.

Changes:

• Bump actions/checkout from v4 to v7 in all jobs within the test workflow.
• Bump actions/setup-python from v5 to v6 for the Python matrix test job.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[thinkmassive]

Thanks for making an attempt here @wallentx. One issue is we don't use master from this repo. Originally we deployed from the fgpu branch, and now it looks like the default is ethan (var is consumed by this task). So this is best retargeted at ethan rather than master.

On the bump itself: checkout v4 to v7 and setup-python v5 to v6 are fine. The one v7 caveat (blocking fork-PR checkout under pull_request_target/workflow_run) doesn't apply since we don't use those triggers.

The red CI here isn't caused by this workflow YAML change (as you already know, it's pre-existing):

• ruff check/format fail on the current tree, handled in style: Format code and logging calls for readability #5.
• tests (3.8 to 3.13) fail because tests.sh does an unpinned git clone of netbox-community/netbox-docker and pulls latest, then authenticates with the legacy v1 token 0123456789.... NetBox >=4.5 defaults to v2 tokens and rejects it: 403 {'detail': 'Invalid v1 token'}. Same harness exists unchanged on Solvik upstream, so it's inherited drift, not your change. Possibly fixable on our side by pinning netbox-docker to a pre-4.5 tag (separate PR).

tl;dr: the bump is good, just point it at the real prod branch; the failing matrix is a known harness issue we'll fix separately.

@ereinha3 gets the final call on merging here because he's most familiar with this project