chore(deps): bump the sdk-python group across 1 directory with 2 updates

[dependabot]

Bumps the sdk-python group with 2 updates in the /sdk/python/runtime directory: python and astral-sh/uv.

Updates python from 3.12-slim to 3.13-slim

Updates astral-sh/uv from 0.4.18 to 0.5.1

Release notes

Sourced from astral-sh/uv's releases.

0.5.1

Release Notes

Enhancements

• Allow installation of manylinux wheels on riscv64 (#8934)

Bug fixes

• Build source distributions at top-level of cache (#8905)
• Allow non-registry dependencies in uv pip list --outdated (#8939)
• Compute superset of existing and required hashes when healing cache (#8955)
• Enable uv to replace and delete itself on Windows (#8914)
• Remove source distribution filename from cache (#8907)
• Respect --index-url in uv pip list (#8942)
• Respect comma-separated extras in --with (#8946)

Documentation

• Add uninstall note for previous versions (#8937)
• Remove some missed references to ~/.cargo/bin (#8936)
• Split README's install code block into 3 (#8853)

Install uv 0.5.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.5.1/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy ByPass -c "irm https://github.com/astral-sh/uv/releases/download/0.5.1/uv-installer.ps1 | iex"

Download uv 0.5.1

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
uv-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
uv-i686-pc-windows-msvc.zip	x86 Windows	checksum
uv-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
uv-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
uv-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
uv-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum
uv-s390x-unknown-linux-gnu.tar.gz	S390x Linux	checksum

... (truncated)

Changelog

Sourced from astral-sh/uv's changelog.

0.5.1

Enhancements

• Allow installation of manylinux wheels on riscv64 (#8934)

Bug fixes

• Build source distributions at top-level of cache (#8905)
• Allow non-registry dependencies in uv pip list --outdated (#8939)
• Compute superset of existing and required hashes when healing cache (#8955)
• Enable uv to replace and delete itself on Windows (#8914)
• Remove source distribution filename from cache (#8907)
• Respect --index-url in uv pip list (#8942)
• Respect comma-separated extras in --with (#8946)

Documentation

• Add uninstall note for previous versions (#8937)
• Remove some missed references to ~/.cargo/bin (#8936)
• Split README's install code block into 3 (#8853)

0.5.0

Since the launch of Python version, project, and tool management capabilities back in August, we've seen extraordinary adoption of uv. We've been iterating rapidly: adding new features, fixing bugs, and improving the user experience. Despite moving quickly, stability and compatibility have been a major focus — we've made thirty releases since our last breaking change. Consequently, we've accumulated various changes that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.

Breaking

• Use base executable to set virtualenv Python path (#8481)

  Previously, uv canonicalized the path to the Python executable when setting the Python path in created virtual environments. This behavior had several undesirable effects: it would bypass stabilized version directories (as constructed by Homebrew) and it was not consistent with the Python standard library's behavior. Now, uv uses the sys._base_executable path.

• Use XDG (i.e. ~/.local/bin) instead of the Cargo home directory in the installer (#8420)

  Previously, uv's installer used $CARGO_HOME or ~/.cargo/bin for its target install directory. It's been a longstanding complaint that uv uses this directory, as there's no relationship to Cargo. Now, uv will be installed into $XDG_BIN_HOME, $XDG_DATA_HOME/../bin, or ~/.local/bin (in that order). Note that $UV_INSTALL_DIR can always be used to override the target directory.

• Discover and respect .python-version files in parent directories (#6370)

  Previously, uv only read .python-version files from the working directory. Now, uv will check parent directories for .python-version files; however uv will not search for .python-version files beyond project boundaries. The new behavior is better aligned with that of pyenv and Rye.

• Error when disallowed settings are defined in uv.toml (#8550)

  Some settings can only be defined in the pyproject.toml. Previously, uv would ignore these settings when present in the uv.toml. Now, uv will error to avoid confusion about why the settings are not respeced.

• Implement PEP 440-compliant local version semantics (#8797)

  Previously, uv's implementation of local versions (e.g. 2.0+cpu) was not compliant with the specification due to the technical complexity of implementing the local version semantics in the PubGrub algorithm. Thanks to the work of @​ericmarkmartin, uv now has a spec-compliant implementation. Namely, uv will now allow a request for torch==2.1.0 to install [email protected]+cpu regardless of whether [email protected] (without a local tag) actually exists.

• Treat the base Conda environment as a system environment (#7691)

  Previously, uv would not distinguish between the base and other Conda environments. Now, uv uses CONDA_DEFAULT_ENV and the names base and default to determine if an environment active via CONDA_PREFIX is the base environment. If the base environment is active, the --system flag must be used to mutate it.

• Do not allow pre-releases when the != operator is used (#7974)

  Previously, uv would use the presence of a pre-release specifier in a version specifier as an opt-in to allow pre-release versions during resolution. The new behavior does not allow pre-releases when an inequals operator is used, e.g., != 2.0a1.

• Prefer USERPROFILE over FOLDERID_Profile when selecting a home directory on Windows (#8048)

... (truncated)

Commits

• f399a52 Bump to 0.5.1 (#8959)
• 7f9ab17 Upgrade to cargo-dist 0.25.2-prerelease.3 (#8958)
• ccfc49e Move "from PyPI" install message to above the relevant code block (#8906)
• b5a3d09 Respect comma-separated extras in --with (#8946)
• 0b5a061 Compute superset of existing and required hashes when healing cache (#8955)
• f29634b Wait longer for index updates in publish test (#8950)
• a11d27b Allow installation of manylinux wheels on riscv64 (#8934)
• 04c445a Respect --index-url in uv pip list (#8942)
• 0b4e5cf Allow non-registry dependencies in uv pip list --outdated (#8939)
• 7835ce0 Fix prune_unzipped test on main (#8938)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The following labels could not be found: kind/dependencies, area/sdk/python.

[dependabot]

Superseded by #185.