chore(beep boop 🤖): Bump uv.lock (main) (2026-02-23)

[svcnvidia-nemo-ci]

🚀 PR to bump uv.lock in main.

🤖 This PR will be merged automatically once CI passes.

Summary by CodeRabbit

• Chores
  • Updated dependency reference with no user-visible changes or behavioral impact.

[svcnvidia-nemo-ci]

/ok to test 56266f8

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

📝 Walkthrough

Walkthrough

A submodule reference for 3rdparty/Megatron-LM is updated to point to a different commit. The update advances the tracked commit pointer from 8f1c2f8 to 7124748, with no modifications to code, logic, or control flow.

Changes

Cohort / File(s)	Summary
Submodule Reference Update 3rdparty/Megatron-LM	Updated Megatron-LM submodule pointer from commit 8f1c2f8 to 7124748.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• chore(beep boop 🤖): Bump uv.lock (main) (2026-02-17) #2399: This PR previously updated the same Megatron-LM submodule pointer to 8f1c2f8; the current PR advances it further to 7124748.
• chore(beep boop 🤖): Bump uv.lock (main) (2026-02-06) #2256: Updates the 3rdparty/Megatron-LM submodule reference (submodule pointer bump).
• chore(beep boop 🤖): Bump uv.lock (main) (2026-02-12) #2349: Updates the 3rdparty/Megatron-LM submodule pointer with a different target commit.

Suggested reviewers

• yaoyu-33
• maanug-nv

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title mentions bumping 'uv.lock' but the actual changes only update a Megatron-LM submodule reference; no uv.lock file changes are described in the summary.	Update the title to accurately reflect that this PR bumps the Megatron-LM submodule, not the uv.lock file, or verify the summary is incomplete.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Test Results For Major Changes	✅ Passed	This PR contains only minor submodule pointer updates with no functional code changes, classified as a maintenance change with low review effort.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bump-ci-container-2026-02-23-main

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@3rdparty/Megatron-LM`:
- Line 1: The submodule pointer for 3rdparty/Megatron-LM was bumped from 8f1c2f8
to 7124748 which includes the v0.15.3 security release and a new dependency
constraint changing torch to torch>=2.6.0; verify compatibility by (1)
confirming the new commit (7124748) is intended, (2) running the full test suite
and any integration tests that use Megatron-Bridge to catch runtime/API breaks,
(3) ensuring CI images and developer environments install torch>=2.6.0 or
adjusting our packaging (requirements/pyproject/CI scripts) to pin or allow
torch>=2.6.0, and (4) document the change in release notes or the PR description
so downstream integrators are aware of the security update and torch
requirement.

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9ecee6c and 56266f8.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• 3rdparty/Megatron-LM

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if the submodule path exists and is valid
if [ -d "3rdparty/Megatron-LM" ]; then
  echo "=== Submodule directory exists ==="
  # Try to get the current submodule configuration
  git config --file .gitmodules --get-regexp path | grep Megatron-LM
  echo ""
  
  # Check if it's a git repository
  if [ -d "3rdparty/Megatron-LM/.git" ]; then
    echo "=== Upstream commit range ==="
    cd 3rdparty/Megatron-LM
    git log --oneline 8f1c2f8ae53b4e3f32c0ae7f397d8b38a675eaa2..71247489edcee7d4ca9c3e944eb82683d96c9a7e 2>/dev/null || echo "Commits not found in local submodule"
    echo ""
    echo "=== Commit details for new version ==="
    git show --stat 71247489edcee7d4ca9c3e944eb82683d96c9a7e 2>/dev/null | head -30 || echo "Commit details unavailable"
  else
    echo "Submodule is not initialized (not a git repo)"
  fi
else
  echo "Submodule directory 3rdparty/Megatron-LM does not exist"
fi

Repository: NVIDIA-NeMo/Megatron-Bridge

Length of output: 209

---

🌐 Web query:

Megatron-LM GitHub commits 8f1c2f8 to 7124748 changes

💡 Result:

GitHub can’t currently render the full web diff for 8f1c2f8...7124748 (the comparison “is taking too long to generate”), but the compare page still reports the high-level scope:

• 41 commits
• 205 files changed
• 28 contributors (github.com)

To see the actual code changes, run locally in your clone:

git diff 8f1c2f8...7124748

(That exact command is what GitHub suggests for this comparison.) (github.com)

Citations:

• 1: NVIDIA/Megatron-LM@8f1c2f8...7124748
• 2: NVIDIA/Megatron-LM@8f1c2f8...7124748

---

🌐 Web query:

Megatron-LM commit 71247489edcee7d4ca9c3e944eb82683d96c9a7e release notes changes

💡 Result:

Commit 71247489edcee7d4ca9c3e944eb82683d96c9a7e (authored by github-actions[bot], dated 2026-02-23) is a maintenance “bump” commit that only updates the Python dependency lockfile:

• Commit title: chore(beep boop ): Bump (main) (2026-02-23)
• Files changed: uv.lock only
• Diff size: +70 / -70 lines (i.e., a lockfile refresh/change, not functional code changes) [1]

Release-notes summary: dependency/lockfile bump (no source-code or feature changes indicated). [1]

Sources:
[1] NVIDIA/Megatron-LM commit 7124748 (GitHub) NVIDIA/Megatron-LM@7124748

---

🌐 Web query:

Megatron-LM changelog release notes 2026 February dependency updates

💡 Result:

In February 2026, the Megatron-LM (Megatron Core) release on GitHub is NVIDIA Megatron Core 0.15.3, published Feb 6, 2026. Its release note only states that it “addresses known security issues” and does not enumerate dependency bumps. [1]

In the repo’s CHANGELOG.md for tag v0.15.3, the entry for 0.15.3 likewise contains only that security note (no dependency-update list). [2]

However, comparing the package metadata between core_v0.15.2 (Jan 8, 2026) and v0.15.3 (Feb 6, 2026) shows a concrete dependency constraint change:

• torch went from unversioned ("torch") in 0.15.2 to pinned minimum ("torch>=2.6.0") in 0.15.3. [3]

Sources: [1] [2] [3]

---

Approve pointer bump — note the v0.15.3 security release and torch version constraint change.

The submodule pointer is updated from 8f1c2f8 → 7124748. No code logic in this repo is affected locally. However, the upstream bump spans 41 commits with 205 file changes, including the recent Megatron-LM v0.15.3 release (Feb 6, 2026) which addresses security issues. Additionally, the torch dependency constraint has been updated from unversioned to torch>=2.6.0 — verify that this version requirement is compatible with Megatron-Bridge's environment and any downstream integrations.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@3rdparty/Megatron-LM` at line 1, The submodule pointer for
3rdparty/Megatron-LM was bumped from 8f1c2f8 to 7124748 which includes the
v0.15.3 security release and a new dependency constraint changing torch to
torch>=2.6.0; verify compatibility by (1) confirming the new commit (7124748) is
intended, (2) running the full test suite and any integration tests that use
Megatron-Bridge to catch runtime/API breaks, (3) ensuring CI images and
developer environments install torch>=2.6.0 or adjusting our packaging
(requirements/pyproject/CI scripts) to pin or allow torch>=2.6.0, and (4)
document the change in release notes or the PR description so downstream
integrators are aware of the security update and torch requirement.