build(deps): update dependency uv to v0.7.0

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
uv (source, changelog)	0.6.17 -> 0.7.0

---

Release Notes

astral-sh/uv (uv)

v0.7.0

Compare Source

This release contains various changes that improve correctness and user experience, but could break some workflows; many changes have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.

Breaking changes

• Update uv version to display and update project versions (#​12349)

  Previously, uv version displayed uv's version. Now, uv version will display or update the project's version. This interface was heavily requested and, after much consideration, we decided that transitioning the top-level command was the best option.

  Here's a brief example:

  $ uv init example
  Initialized project `example` at `./example`
  $ cd example
  $ uv version
  example 0.1.0
  $ uv version --bump major
  example 0.1.0 => 1.0.0
  $ uv version --short
  1.0.0

  If used outside of a project, uv will fallback to showing its own version still:

  $ uv version
  warning: failed to read project: No `pyproject.toml` found in current directory or any parent directory
    running `uv self version` for compatibility with old `uv version` command.
    this fallback will be removed soon, pass `--preview` to make this an error.
  
  uv 0.7.0 (4433f41c9 2025-04-29)

  As described in the warning, --preview can be used to error instead:

  $ uv version --preview
  error: No `pyproject.toml` found in current directory or any parent directory

  The previous functionality of uv version was moved to uv self version.

• Avoid fallback to subsequent indexes on authentication failure (#​12805)

  When using the first-index strategy (the default), uv will stop searching indexes for a package once it is found on a single index. Previously, uv considered a package as "missing" from an index during authentication failures, such as an HTTP 401 or HTTP 403 (normally, missing packages are represented by an HTTP 404). This behavior was motivated by unusual responses from some package indexes, but reduces the safety of uv's index strategy when authentication fails. Now, uv will consider an authentication failure as a stop-point when searching for a package across indexes. The index.ignore-error-codes option can be used to recover the existing behavior, e.g.:

  [[tool.uv.index]]
  name = "pytorch"
  url = "https://download.pytorch.org/whl/cpu"
  ignore-error-codes = [401, 403]

  Since PyTorch's indexes always return a HTTP 403 for missing packages, uv special-cases indexes on the pytorch.org domain to ignore that error code by default.

• Require the command in uvx <name> to be available in the Python environment (#​11603)

  Previously, uvx would attempt to execute a command even if it was not provided by a Python package. For example, if we presume foo is an empty Python package which provides no command, uvx foo would invoke the foo command on the PATH (if present). Now, uv will error early if the foo executable is not provided by the requested Python package. This check is not enforced when --from is used, so patterns like uvx --from foo bash -c "..." are still valid. uv also still allows uvx foo where the foo executable is provided by a dependency of foo instead of foo itself, as this is fairly common for packages which depend on a dedicated package for their command-line interface.

• Use index URL instead of package URL for keyring credential lookups (#​12651)

  When determining credentials for querying a package URL, uv previously sent the full URL to the keyring command. However, some keyring plugins expect to receive the index URL (which is usually a parent of the package URL). Now, uv requests credentials for the index URL instead. This behavior matches pip.

• Remove --version from subcommands (#​13108)

  Previously, uv allowed the --version flag on arbitrary subcommands, e.g., uv run --version. However, the --version flag is useful for other operations since uv is a package manager. Consequently, we've removed the --version flag from subcommands — it is only available as uv --version.

• Omit Python 3.7 downloads from managed versions (#​13022)

  Python 3.7 is EOL and not formally supported by uv; however, Python 3.7 was previously available for download on a subset of platforms.

• Reject non-PEP 751 TOML files in install, compile, and export commands (#​13120, #​13119)

  Previously, uv treated arbitrary .toml files passed to commands (e.g., uv pip install -r foo.toml or uv pip compile -o foo.toml) as requirements.txt-formatted files. Now, uv will error instead. If using PEP 751 lockfiles, use the standardized format for custom names instead, e.g., pylock.foo.toml.

• Ignore arbitrary Python requests in version files (#​12909)

  uv allows arbitrary strings to be used for Python version requests, in which they are treated as an executable name to search for in the PATH. However, using this form of request in .python-version files is non-standard and conflicts with pyenv-virtualenv which writes environment names to .python-version files. In this release, uv will now ignore requests that are arbitrary strings when found in .python-version files.

• Error on unknown dependency object specifiers (12811)

  The [dependency-groups] entries can include "object specifiers", e.g. set-phasers-to = ... in:

  [dependency-groups]
  foo = ["pyparsing"]
  bar = [{set-phasers-to = "stun"}]

  However, the only current spec-compliant object specifier is include-group. Previously, uv would ignore unknown object specifiers. Now, uv will error.

• Make --frozen and --no-sources conflicting options (#​12671)

  Using --no-sources always requires a new resolution and --frozen will always fail when used with it. Now, this conflict is encoded in the CLI options for clarity.

• Treat empty UV_PYTHON_INSTALL_DIR and UV_TOOL_DIR as unset (#​12907, #​12905)

  Previously, these variables were treated as set to the current working directory when set to an empty string. Now, uv will ignore these variables when empty. This matches uv's behavior for other environment variables which configure directories.

Enhancements

• Disallow mixing requirements across PyTorch indexes (#​13179)
• Add optional managed Python archive download cache (#​12175)
• Add poetry-core as a uv init build backend option (#​12781)
• Show tag hints when failing to find a compatible wheel in pylock.toml (#​13136)
• Report Python versions in pyvenv.cfg version mismatch (#​13027)

Bug fixes

• Avoid erroring on omitted wheel-only packages in pylock.toml (#​13132)
• Fix display name for uvx --version (#​13109)
• Restore handling of authentication when encountering redirects (#​13050)
• Respect build options (--no-binary et al) in pylock.toml (#​13134)
• Use upload-time rather than upload_time in uv.lock (#​13176)

Documentation

• Changed fish completions append >> to overwrite > (#​13130)
• Add pylock.toml mentions where relevant (#​13115)
• Add ROCm example to the PyTorch guide (#​13200)
• Upgrade PyTorch guide to CUDA 12.8 and PyTorch 2.7 (#​13199)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.01%. Comparing base (be767f6) to head (dd999d6).
⚠️ Report is 98 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2115      +/-   ##
==========================================
+ Coverage   97.86%   98.01%   +0.15%     
==========================================
  Files          55       55              
  Lines        5949     5949              
==========================================
+ Hits         5822     5831       +9     
+ Misses        127      118       -9     

Flag	Coverage Δ
unittests	98.01% <ø> (+0.15%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.