From 5781086c64826fc77ff35af71c0d48259d43f4b2 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 17:50:20 -0600
Subject: [PATCH 1/4] Update condaforge/miniforge3 Docker tag to v24.9.2 (#208)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Lamb <jaylamb20@gmail.com>
Co-authored-by: Bradley Dice <bdice@bradleydice.com>
---
 ci-conda.Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-conda.Dockerfile b/ci-conda.Dockerfile
index 0d76e9b..c33a1db 100644
--- a/ci-conda.Dockerfile
+++ b/ci-conda.Dockerfile
@@ -22,7 +22,7 @@ usermod -g conda root
 EOF
 
 # Ownership & permissions based on https://docs.anaconda.com/anaconda/install/multi-user/#multi-user-anaconda-installation-on-linux
-COPY --from=condaforge/miniforge3:24.9.0-0 --chown=root:conda --chmod=770 /opt/conda /opt/conda
+COPY --from=condaforge/miniforge3:24.9.2-0 --chown=root:conda --chmod=770 /opt/conda /opt/conda
 
 # Ensure new files are created with group write access & setgid. See https://unix.stackexchange.com/a/12845
 RUN chmod g+ws /opt/conda

From 39aa63d9799dbc9b8268cbbffb2f4d0b39192e67 Mon Sep 17 00:00:00 2001
From: Bradley Dice <bdice@bradleydice.com>
Date: Tue, 17 Dec 2024 13:23:33 -0600
Subject: [PATCH 2/4] Add certifi to CI images (#218)

---
 ci-conda.Dockerfile    | 10 ++++--
 ci-wheel.Dockerfile    | 74 ++++++++++++++++++++++++++++++++++++------
 citestwheel.Dockerfile | 56 ++++++++++++++++++++++++++------
 3 files changed, 118 insertions(+), 22 deletions(-)

diff --git a/ci-conda.Dockerfile b/ci-conda.Dockerfile
index c33a1db..03d2023 100644
--- a/ci-conda.Dockerfile
+++ b/ci-conda.Dockerfile
@@ -113,17 +113,20 @@ case "${LINUX_VER}" in
     apt-get update
     apt-get upgrade -y
     apt-get install -y --no-install-recommends \
+      ca-certificates \
       curl \
       file \
       unzip \
       wget \
       gcc \
       g++
-    rm -rf "/var/lib/apt/lists/*"
+    update-ca-certificates
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
     ;;
   "rockylinux"*)
     yum -y update
     yum -y install --setopt=install_weak_deps=False \
+      ca-certificates \
       file \
       unzip \
       wget \
@@ -131,6 +134,7 @@ case "${LINUX_VER}" in
       yum-utils \
       gcc \
       gcc-c++
+    update-ca-trust extract
     yum clean all
     ;;
   *)
@@ -162,7 +166,7 @@ case "${CUDA_VER}" in
         # apt will not work correctly if it thinks it needs the build-essential dependency
         # so we patch it out with a sed command
         sed -i 's/, build-essential//g' /var/lib/dpkg/status
-        rm -rf "/var/lib/apt/lists/*"
+        rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
         ;;
       "rockylinux"*)
         yum -y update
@@ -209,6 +213,8 @@ RUN <<EOF
 rapids-mamba-retry install -y \
   anaconda-client \
   boa \
+  ca-certificates \
+  certifi \
   conda-package-handling \
   dunamai \
   git \
diff --git a/ci-wheel.Dockerfile b/ci-wheel.Dockerfile
index fbc5dd5..8b30496 100644
--- a/ci-wheel.Dockerfile
+++ b/ci-wheel.Dockerfile
@@ -34,11 +34,37 @@ case "${LINUX_VER}" in
     echo 'APT::Update::Error-Mode "any";' > /etc/apt/apt.conf.d/warnings-as-errors
     apt update -y
     apt install -y \
-      debianutils build-essential software-properties-common \
-      jq wget gcc zlib1g-dev libbz2-dev \
-      libssl-dev libreadline-dev libsqlite3-dev libffi-dev curl git libncurses5-dev \
-      libnuma-dev openssh-client libcudnn8-dev zip libopenblas-dev liblapack-dev \
-      protobuf-compiler autoconf automake libtool cmake yasm libopenslide-dev libcurl4-openssl-dev
+      autoconf \
+      automake \
+      build-essential \
+      ca-certificates \
+      cmake \
+      curl \
+      debianutils \
+      gcc \
+      git \
+      jq \
+      libbz2-dev \
+      libcudnn8-dev \
+      libcurl4-openssl-dev \
+      libffi-dev \
+      liblapack-dev \
+      libncurses5-dev \
+      libnuma-dev \
+      libopenblas-dev \
+      libopenslide-dev \
+      libreadline-dev \
+      libsqlite3-dev \
+      libssl-dev \
+      libtool \
+      openssh-client \
+      protobuf-compiler \
+      software-properties-common \
+      wget \
+      yasm \
+      zip \
+      zlib1g-dev
+    update-ca-certificates
     add-apt-repository ppa:git-core/ppa
     add-apt-repository ppa:ubuntu-toolchain-r/test
     apt update -y
@@ -46,17 +72,44 @@ case "${LINUX_VER}" in
     add-apt-repository -r ppa:git-core/ppa
     add-apt-repository -r ppa:ubuntu-toolchain-r/test
     update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 90 --slave /usr/bin/g++ g++ /usr/bin/g++-9 --slave /usr/bin/gcov gcov /usr/bin/gcov-9
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
     ;;
   "rockylinux"*)
     dnf update -y
     dnf install -y epel-release
     dnf update -y
     dnf install -y \
-      which wget gcc zlib-devel bzip2 bzip2-devel readline-devel sqlite \
-      sqlite-devel xz xz-devel libffi-devel curl git ncurses-devel numactl \
-      numactl-devel openssh-clients libcudnn8-devel zip jq openslide-devel \
-      protobuf-compiler autoconf automake libtool dnf-plugins-core cmake libcurl-devel
+      autoconf \
+      automake \
+      bzip2 \
+      bzip2-devel \
+      ca-certificates \
+      cmake \
+      curl \
+      dnf-plugins-core \
+      gcc \
+      git \
+      jq \
+      libcudnn8-devel \
+      libcurl-devel \
+      libffi-devel \
+      libtool \
+      ncurses-devel \
+      numactl \
+      numactl-devel \
+      openslide-devel \
+      openssh-clients \
+      protobuf-compiler \
+      readline-devel \
+      sqlite \
+      sqlite-devel \
+      wget \
+      which \
+      xz \
+      xz-devel \
+      zip \
+      zlib-devel
+    update-ca-trust extract
     dnf config-manager --set-enabled powertools
     dnf install -y blas-devel lapack-devel
     dnf -y install gcc-toolset-11-gcc gcc-toolset-11-gcc-c++
@@ -134,6 +187,7 @@ pyenv global ${PYTHON_VER}
 python -m pip install --upgrade pip
 python -m pip install \
   auditwheel \
+  certifi \
   conda-package-handling \
   dunamai \
   patchelf \
diff --git a/citestwheel.Dockerfile b/citestwheel.Dockerfile
index becac73..02f1327 100644
--- a/citestwheel.Dockerfile
+++ b/citestwheel.Dockerfile
@@ -46,12 +46,30 @@ case "${LINUX_VER}" in
     fi
 
     apt-get install -y --no-install-recommends \
-      wget curl git jq ssh \
-      make build-essential libssl-dev zlib1g-dev \
-      libbz2-dev libreadline-dev libsqlite3-dev wget \
-      curl llvm libncursesw5-dev xz-utils tk-dev unzip \
-      libxml2-dev libxmlsec1-dev libffi-dev liblzma-dev \
-      "${tzdata_pkgs[@]}"
+      "${tzdata_pkgs[@]}" \
+      build-essential \
+      ca-certificates \
+      curl \
+      git \
+      jq \
+      libbz2-dev \
+      libffi-dev \
+      liblzma-dev \
+      libncursesw5-dev \
+      libreadline-dev \
+      libsqlite3-dev \
+      libssl-dev \
+      libxml2-dev \
+      libxmlsec1-dev \
+      llvm \
+      make \
+      ssh \
+      tk-dev \
+      unzip \
+      wget \
+      xz-utils \
+      zlib1g-dev
+    update-ca-certificates
     rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
     ;;
   "rockylinux"*)
@@ -59,9 +77,25 @@ case "${LINUX_VER}" in
     dnf install -y epel-release
     dnf update -y
     dnf install -y \
-      which wget gcc zlib-devel bzip2 bzip2-devel readline-devel sqlite \
-      sqlite-devel xz xz-devel libffi-devel curl git ncurses-devel \
-      jq dnf-plugins-core
+      bzip2 \
+      bzip2-devel \
+      ca-certificates \
+      curl \
+      dnf-plugins-core \
+      gcc \
+      git \
+      jq \
+      libffi-devel \
+      ncurses-devel \
+      readline-devel \
+      sqlite \
+      sqlite-devel \
+      wget \
+      which \
+      xz \
+      xz-devel \
+      zlib-devel
+    update-ca-trust extract
     dnf clean all
     pushd tmp
     wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz
@@ -99,7 +133,9 @@ COPY --from=aws-cli /usr/local/bin/ /usr/local/bin/
 RUN <<EOF
 pyenv global ${PYTHON_VER}
 python -m pip install --upgrade pip
-python -m pip install "rapids-dependency-file-generator==1.*"
+python -m pip install \
+  certifi \
+  'rapids-dependency-file-generator==1.*'
 pyenv rehash
 EOF
 

From a1fd1fb1ba129cdee367a2fc5606328635b283b7 Mon Sep 17 00:00:00 2001
From: Bradley Dice <bdice@bradleydice.com>
Date: Mon, 6 Jan 2025 09:45:26 -0600
Subject: [PATCH 3/4] Update dependencies (#225)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 versions.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/versions.yaml b/versions.yaml
index fd2a44e..af313c8 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -3,10 +3,10 @@
 # prefer sticking with a stable version until a specific reason to update arises.
 SCCACHE_VER: 0.7.7
 # renovate: datasource=github-releases depName=cli/cli
-GH_CLI_VER: 2.63.0
+GH_CLI_VER: 2.64.0
 # renovate: datasource=pypi depName=codecov-cli
-CODECOV_VER: 9.0.4
+CODECOV_VER: 9.1.1
 # renovate: datasource=docker depName=mikefarah/yq versioning=docker
-YQ_VER: 4.44.5
+YQ_VER: 4.44.6
 # renovate: datasource=docker depName=amazon/aws-cli versioning=docker
-AWS_CLI_VER: 2.22.8
+AWS_CLI_VER: 2.22.28

From 8312f41003e8633a3117feca3fd90778f6d5a41e Mon Sep 17 00:00:00 2001
From: Bradley Dice <bdice@bradleydice.com>
Date: Mon, 6 Jan 2025 10:02:09 -0600
Subject: [PATCH 4/4] Revert "Enable 'quiet: true' in condarc" (#220)

Co-authored-by: James Lamb <jlamb@nvidia.com>
---
 context/condarc.tmpl | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/context/condarc.tmpl b/context/condarc.tmpl
index b33f107..a8142ba 100644
--- a/context/condarc.tmpl
+++ b/context/condarc.tmpl
@@ -13,4 +13,12 @@ conda-build:
   output_folder: $RAPIDS_CONDA_BLD_OUTPUT_DIR
 number_channel_notices: 0
 always_yes: true
-quiet: true
+
+# threads to use when downloading and reading repodata
+repodata_threads: 1
+
+# threads to use when downloading packages
+fetch_threads: 1
+
+# default for all other multi-threaded operations
+default_threads: 1