chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.5.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
ghcr.io/astral-sh/uv	stage	minor	0.4.28 -> 0.5.0

---

Release Notes

astral-sh/uv (ghcr.io/astral-sh/uv)

v0.5.0

Compare Source

Since the launch of Python version, project, and tool management capabilities back in August, we've seen extraordinary adoption of uv. We've been iterating rapidly since then: adding new features, fixing bugs, and improving the user experience. Despite moving quickly, stability and compatibility has been a major focus — we've made thirty releases since our last breaking change. Consequently, we've accumulated various changes that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.

Breaking

• Use base executable to set virtualenv Python path (#​8481)

  Previously, uv canonicalized the path to the Python executable when setting the Python path in created virtual environments. This behavior had several undesirable effects: it would bypass stabilized version directories (as constructed by Homebrew) and it was not consistent with the Python standard library's behavior. Now, uv uses the sys._base_executable path.

• Use XDG (i.e. ~/.local/bin) instead of the Cargo home directory in the installer (#​8420)

  Previously, uv's installer used $CARGO_HOME or ~/.cargo/bin for its target install directory. It's been a longstanding complaint that uv uses this directory, as there's no relationship to Cargo. Now, uv will be installed into $XDG_BIN_HOME, $XDG_DATA_HOME/../bin, or ~/.local/bin (in that order). Note that $UV_INSTALL_DIR can always be used to override the target directory.

• Discover and respect .python-version files in parent directories (#​6370)

  Previously, uv only read .python-version files from the working directory. Now, uv will check parent directories for .python-version files; however uv will not search for .python-version files beyond project boundaries. The new behavior is better aligned with that of pyenv and Rye.

• Error when disallowed settings are defined in uv.toml (#​8550)

  Some settings can only be defined in the pyproject.toml. Previously, uv would ignore these settings when present in the uv.toml. Now, uv will error to avoid confusion about why the settings are not respeced.

• Implement PEP 440-compliant local version semantics (#​8797)

  Previously, uv's implementation of local versions (e.g. 2.0+cpu) was not compliant with the specification due to the technical complexity of implementing the local version semantics in the PubGrub algorithm. Thanks to the work of @​ericmarkmartin, uv now has a spec-compliant implementation. Namely, uv will now allow a request for torch==2.1.0 to install [email protected]+cpu regardless of whether [email protected] (without a local tag) actually exists.

• Treat the base Conda environment as a system environment (#​7691)

  Previously, uv would not distinguish between the base and other Conda environments. Now, uv uses CONDA_DEFAULT_ENV and the names base and default to determine if an environment active via CONDA_PREFIX is the base environment. If the base environment is active, the --system flag must be used to mutate it.

• Do not allow pre-releases when the != operator is used (#​7974)

  Previously, uv would use the presence of a pre-release specifier in a version specifier as an opt-in to allow pre-release versions during resolution. The new behavior does not allow pre-releases when an inequals operator is used, e.g., != 2.0a1.

• Prefer USERPROFILE over FOLDERID_Profile when selecting a home directory on Windows (#​8048)

  This change is a side-effect of switching from the directories crate to etcetera for determining canonical system paths. If USERPROFILE is not set, the behavior will be unchanged.

• Improve interactions between color environment variables and CLI options (#​8215)

  Previously, uv would respect the FORCE_COLOR and NO_COLOR environment variables over the --color flag. Now, when the --color flag is explicitly provided, uv will respect it over the environment variables.

• Make allow-insecure-host a global option (#​8476)

  Previously, this option was only available in some parts of uv. Now, --allow-insecure-host can be provided to any command. For consistency, the allow-insecure-host setting has been removed from the [tool.uv.pip] configuration in favor of [tool.uv].

• Only write .python-version files during uv init for workspace members if the version differs (#​8897)

  Previously, uv would create a .python-version file for workspace members during uv init. Now, uv will only do so if the version differs from the .python-version file in the workspace root since uv will respect .python-version files in parent directories.

Enhancements

• Add uv tree --outdated (#​8893)
• Add armv8l alias for armv7l to support arm 32-bit compatibility mode (#​8881)
• Add support for pip list --outdated (#​8872)
• Allow semicolons directly after direct URLs (#​8836)
• Enable support for arbitrary git transports (#​8769)
• Improve Python discovery source messages (#​8890)
• Show dedicated error for trailing ; on URL and path requirements (#​8835)
• Add progress bar for uv cache clean (#​8857)
• Warn on failure to query system configuration file (#​8829)

Preview features

• Add support for building basic source distributions with the experimental uv build backend (#​8886)

Bug fixes

• Respect dynamic version updates in uv lock (#​8867)
• Respect fork markers in --resolution-mode=lowest-direct (#​8839)

Documentation

• Add further examples of git+https support (#​8841)
• Add installer variables to environment reference (#​8874)
• Add note on private classifier (#​8783)
• Update pip-and-uv strictness example (#​8822)
• Fix uv python install docs to use an existing PyPy version (#​8845)
• Document how to mimic --verbose with RUST_LOG (#​8858)

v0.4.30

Compare Source

Enhancements

• Add support for .env and custom env files in uv run (#​8811)
• Add support for --all-packages in uv run, uv sync, and uv export (#​8742, #​8741, #​8739)
• Allow use of --frozen with --all-packages in uv sync and uv export (#​8760)
• Show full error chain on tool upgrade failures (#​8753)
• Add --check-url to uv publish to check for existing distributions during upload (#​8531)
• Suggest using --check-url when --skip-existing is used (#​8803)

Bug fixes

• Allow incompatible requires-python for source distributions with static metadata (#​8768)
• Allow managed downloads with --python-preference system (#​8808)
• Avoid error for --group defined in non-root workspace member (#​8734)
• Avoid showing dependency group annotations on workspace members in tree (#​8730)
• Do not error when the Python bin directory is missing on uv python uninstall (#​8725)
• Include member groups when locking workspace (#​8736)
• Fix bug where python_version < '0' could appear in a final resolution (#​8759)
• Sanitize filenames during zip extraction (#​8732)
• Switch to RFC 9110 compatible format for exclude newer requests (#​8752)

Preview features

• Add support for installing versioned Python executables on Windows (#​8663)
• Improve interactions with existing Python executables during install (#​8733)

Rust API

• Extend BaseClient to accept extra middleware (#​8807)
• Add From for FlatDistributions struct (#​8800)

Documentation

• Fix environment variable name in providing credentials section (#​8740)
• Fix add httpx example with real git branch (#​8756)
• Fix indentation in projects.md (#​8772)
• Fix link to publish guide in README (#​8720)
• Generate environment variables documentation from code (#​8493)
• Improve and fix some documents (#​8749)
• Improve environment variables document (#​8777)

v0.4.29

Compare Source

Enhancements

• Sort errors during display in uv python install (#​8684)
• Update resolver to use disjointness checks instead of marker equality (#​8661)
• Add riscv64 to supported Python platform tags (#​8660)

Bug fixes

• Fix hard and soft float libc detection for managed Python distributions on ARM (#​8498)
• Handle cycles in uv pip tree (#​8689)
• Respect dependency group markers in uv export (#​8659)
• Support transitive dependencies in Git workspaces (#​8665)
• Use portable paths for subdirectories in lock URLs (#​8707)
• Update uv init --virtual to imply --no-package (#​8595)

Preview

• Install versioned Python executables into the bin directory during uv python install (Unix only) (#​8458)

Documentation

• Clarify relationship between specifiers and requires-python range (#​8688)
• Fix broken link in docs (#​8552)
• Fix outdated documentation on Requires-Python (#​8679)
• Add Google Artifact Registry index authentication guide (#​8579)

---

Configuration

📅 Schedule: Branch creation - "before 4am on Wednesday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ API	spectral	1		0	1.21s
⚠️ BASH	bash-exec	6		1	0.03s
✅ BASH	shellcheck	6		0	0.19s
✅ BASH	shfmt	6	0	0	0.91s
✅ COPYPASTE	jscpd	yes		no	4.26s
✅ DOCKERFILE	hadolint	128		0	15.33s
✅ JSON	jsonlint	20		0	0.2s
✅ JSON	v8r	22		0	29.46s
⚠️ MARKDOWN	markdownlint	266	0	297	32.27s
✅ MARKDOWN	markdown-table-formatter	266	0	0	155.89s
⚠️ PYTHON	bandit	212		66	3.61s
✅ PYTHON	black	212	0	0	6.45s
✅ PYTHON	flake8	212		0	3.71s
✅ PYTHON	isort	212	0	0	1.87s
✅ PYTHON	mypy	212		0	21.3s
✅ PYTHON	pylint	212		0	31.88s
✅ PYTHON	ruff	212	0	0	0.95s
✅ REPOSITORY	checkov	yes		no	51.25s
✅ REPOSITORY	git_diff	yes		no	0.82s
⚠️ REPOSITORY	grype	yes		24	15.88s
✅ REPOSITORY	secretlint	yes		no	15.95s
✅ REPOSITORY	trivy	yes		no	23.9s
✅ REPOSITORY	trivy-sbom	yes		no	0.68s
⚠️ REPOSITORY	trufflehog	yes		1	10.73s
✅ SPELL	cspell	713		0	11.79s
⚠️ SPELL	lychee	348		10	7.65s
✅ XML	xmllint	3	0	0	0.8s
✅ YAML	prettier	160	0	0	5.07s
✅ YAML	v8r	102		0	187.53s
✅ YAML	yamllint	161		0	2.58s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by