Skip to content

ci(deps): Bump astral-sh/setup-uv from 3 to 7#1

Closed
dependabot[bot] wants to merge 13 commits into
mainfrom
dependabot/github_actions/astral-sh/setup-uv-7
Closed

ci(deps): Bump astral-sh/setup-uv from 3 to 7#1
dependabot[bot] wants to merge 13 commits into
mainfrom
dependabot/github_actions/astral-sh/setup-uv-7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown

Bumps astral-sh/setup-uv from 3 to 7.

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.2.1 🌈 update known checksums up to 0.9.28

Changes

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

v7.0.0 🌈 node24 and a lot of bugfixes

Changes

This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.

This release also removes the deprecated input server-url which was used to download uv releases from a different server. The manifest-file input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.

Fixes

  • The action now respects when the environment variable UV_CACHE_DIR is already set and does not overwrite it. It now also finds cache-dir settings in config files if you set them.
  • Some users encountered problems that cache pruning took forever because they had some uv processes running in the background. Starting with uv version 0.8.24 this action uses uv cache prune --ci --force to ignore the running processes
  • If you just want to install uv but not have it available in path, this action now respects UV_NO_MODIFY_PATH
  • Some other actions also set the env var UV_CACHE_DIR. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.

Improvements

If you are using minimum version specifiers for the version of uv to install for example

[tool.uv]
required-version = ">=0.8.17"

This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo to determine the highest matching candidate for the version specifier, which took much more time.

If you are using other specifiers like 0.8.x this action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.

🚨 Breaking changes

... (truncated)

Commits
  • 37802ad Fetch uv from Astral's mirror by default (#809)
  • 9f00d18 chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 (#808)
  • fd8f376 Switch to ESM for source and test, use CommonJS for dist (#806)
  • f9070de Bump deps (#805)
  • cadb67b chore: update known checksums for 0.10.10 (#804)
  • e06108d Use astral-sh/versions as primary version provider (#802)
  • 0f6ec07 docs: replace copilot instructions with AGENTS.md (#794)
  • 821e5c9 docs: add cross-client dependabot rollup skill (#793)
  • 6ee6290 chore(deps): bump versions (#792)
  • 9f332a1 Add riscv64 architecture support to platform detection (#791)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

vardhjain and others added 13 commits June 14, 2026 22:31
@vardhjain @claude
Initial commit: production-grade Person Re-ID pipeline (Market-1501)
09a191f 
ResNet-50 + BNNeck strong baseline (Luo et al., "Bag of Tricks") implemented
as a clean, installable `reid` package:

- Data: Market-1501 dataset, identity-balanced PK sampler, transforms.
- Model: ResNet-50 backbone, GeM pooling, last_stride=1, BNNeck head.
- Losses: label-smoothed cross-entropy, batch-hard/soft-margin triplet,
  optional center loss, combined ReIDLoss.
- Engine: Trainer with AMP, LR warmup (multistep/cosine), best-by-mAP ckpt.
- Eval: cached features, flip-TTA, L2-normalized cosine retrieval, CMC/mAP,
  k-reciprocal re-ranking.
- Tooling: typed YAML config, pytest suite, ruff, mypy, GitHub Actions CI,
  Docker, pre-commit, Gradio demo, visualizations.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
chore: add Code of Conduct and Security policy
23c0c37 
Adopt the Contributor Covenant 2.1 (resolving the broken link from CONTRIBUTING.md) and add SECURITY.md with private vulnerability-reporting channels and deployment safety notes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
fix(data): make RandomIdentitySampler.__len__ stable and batch-aligned
b76b414 
Compute the epoch length once at construction as the number of complete PK batches times the batch size, and stop mutating self.length inside __iter__. Previously len(sampler) was an upper-bound estimate that changed after the first iteration, so len(dataloader) was wrong on epoch 0 and inconsistent thereafter.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
test: cover schedulers, checkpoint I/O, device resolution, and reporting
939ff07 
Add pure-CPU unit tests for the previously-untested engine schedulers (warmup endpoints, milestone decay, cosine annealing, factory dispatch), checkpoint save/load round-trips and classifier-size inference, device CPU-fallback, and the results-table renderer.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
docs: add badges, Results section, and a Colab training notebook
bb5ea22 
Add CI/license/Python/PyTorch/ruff badges and a Results table (reference strong-baseline figures with placeholders for measured numbers). Add notebooks/train_colab.ipynb for one-click GPU reproduction, linked from the README. Fix the stale 'make install' comment and record the changes in CHANGELOG.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
fix(notebooks): make Colab setup robust to install/location issues
51eea7b 
Replace the brittle clone+install cells with one setup cell that locates the project root (or clones it), installs the package, and puts src/ on sys.path and PYTHONPATH so 'import reid' resolves in both the kernel and the !python subprocesses. Prevents ModuleNotFoundError: No module named 'reid' when the package isn't installed or the code lives outside the repo root.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
build(docker): pin uv image version and add a HEALTHCHECK
032ed5e 
Replace ghcr.io/astral-sh/uv:latest (which contradicted the 'pinned' comment) with an exact version (0.11.21) for reproducible image builds, and add a HEALTHCHECK that verifies the Gradio server answers on port 7860.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
ci: add a wheel build-and-install job
54fd3ba 
Run 'uv build' and install the resulting wheel into a clean venv, verifying 'import reid' works from the packaged distribution (guards the src-layout packaging and console-script entry points) and uploading the sdist/wheel as artifacts. Verified locally that the wheel ships both reid/ and scripts/.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
fix(engine): reset evaluator feature cache before each periodic eval
bdf13a7 
Trainer._run_evaluation reused the Evaluator's cached query/gallery features (Evaluator._ensure_features early-returns on the cache), so every periodic eval after the first computed mAP against the FIRST epoch's features. mAP stayed frozen and best-by-mAP locked best.pth to the earliest evaluated epoch. Reset the cache before each in-loop eval so metrics reflect the current weights and best.pth tracks the true best epoch. Found by the pre-training correctness audit.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
fix: harden data parsing, memory pinning, and the demo (pre-training …
d8b47c1 
…audit)

camid regex uses \d+ (future-proof beyond nine cameras; identical on Market-1501); DataLoader pin_memory is derived from torch.cuda.is_available() instead of hardcoded True; the Gradio demo skips unreadable gallery images and gains an optional --auth flag with an off-loopback warning. All non-result-affecting hardening from the audit.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
test(data): assert PK sampler len is a stable batch-aligned upper bound
02b021a 
len(sampler) is now a construction-time estimate (the __len__ mutation was removed), so it is not the exact yielded count: under random identity selection the sampler can strand a few groups, making the yield <= len(sampler). The old 'len(sampler) == len(indices)' assertion relied on the removed mutation and was flaky across RNG states (only surfaced in the full suite). Assert the real invariant instead.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vardhjain @claude
chore: rename project to secondsight
5765823 
Rebrand from person-reid-market1501 across the distribution name, GitHub URLs (README badges, project URLs, CITATION, Colab link), Docker image name, Makefile, and docs. The import package (reid) and all behavior are unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dependabot
ci(deps): Bump astral-sh/setup-uv from 3 to 7
1db37b7 
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 3 to 7.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@v3...v7)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vardhjain vardhjain closed this Jun 16, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/github_actions/astral-sh/setup-uv-7 branch June 16, 2026 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vardhjain