chore(deps): bump the sdk-python group across 1 directory with 2 updates

[dependabot]

Bumps the sdk-python group with 2 updates in the /sdk/python/runtime directory: python and astral-sh/uv.

Updates python from 3.12-slim to 3.13-slim

Updates astral-sh/uv from 0.4.18 to 0.4.25

Release notes

Sourced from astral-sh/uv's releases.

0.4.24

Release Notes

Bug fixes

• Fix Python executable name in Windows free-threaded Python distributions (#8310)
• Redact index credentials from lockfile sources (#8307)
• Respect UV_INDEX_ rather than UV_HTTP_BASIC_ as documented (#8306)
• Improve sources deserialization errors (#8308)

Documentation

• Correct pytorch-to-torch reference in docs (#8291)

Install uv 0.4.24

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.4.24/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy ByPass -c "irm https://github.com/astral-sh/uv/releases/download/0.4.24/uv-installer.ps1 | iex"

Download uv 0.4.24

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
uv-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
uv-i686-pc-windows-msvc.zip	x86 Windows	checksum
uv-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
uv-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
uv-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
uv-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum
uv-s390x-unknown-linux-gnu.tar.gz	S390x Linux	checksum
uv-x86_64-unknown-linux-gnu.tar.gz	x64 Linux	checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz	ARMv7 Linux	checksum
uv-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum
uv-i686-unknown-linux-musl.tar.gz	x86 MUSL Linux	checksum
uv-x86_64-unknown-linux-musl.tar.gz	x64 MUSL Linux	checksum
uv-arm-unknown-linux-musleabihf.tar.gz	ARMv6 MUSL Linux (Hardfloat)	checksum
uv-armv7-unknown-linux-musleabihf.tar.gz	ARMv7 MUSL Linux	checksum

0.4.23

... (truncated)

Changelog

Sourced from astral-sh/uv's changelog.

0.4.25

Enhancements

• Add support for uv pip show --files (#8369)
• Don't prefetch unreachable packages (#8246)
• Remove tool.uv.sources table if it is empty (#8365)
• Modify cache versioning to support backwards compatibility (#8386)

Configuration

• Add support for UV_FROZEN and UV_LOCKED (#8340)

Bug fixes

• Allow dashes and underscores in custom index names (#8339)
• Avoid panic when Git dependencies are included in fork markers (#8388)
• Check existing source by normalized name before uv add and uv remove (#8359)
• Fix bug where username from authentication cache could be ignored (#8345)
• Fix to respect comments positioning in pyproject.toml on change (#8384)
• Redact index sources in uv.lock (#8333)
• Use correct indentation when project table contains open bracket comment (#8387)
• Only remove a source from [tool.uv.sources] if it is no long being referenced (#8366)
• Modify uv pip list and uv tree to print to stdout regardless of --quiet flag (#8392)

Error messages

• Improve help message for missing self update invocations (#8337)
• Log .netrc parsing errors (#8364)
• Remove trailing newlines in error messages (#8322)
• Use a dedicated message for incompatible Python versions in wheel ABI tags (#8363)
• Remove commands available in the top-level from the suggested subcommand error (#8316)

Release

• Run release builds for macos-x86_64 on macos-14 runners (#8327)

0.4.24

Bug fixes

• Fix Python executable name in Windows free-threaded Python distributions (#8310)
• Redact index credentials from lockfile sources (#8307)
• Respect UV_INDEX_ rather than UV_HTTP_BASIC_ as documented (#8306)
• Improve sources deserialization errors (#8308)

Documentation

• Correct pytorch-to-torch reference in docs (#8291)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The following labels could not be found: kind/dependencies, area/sdk/python.

[dependabot]

Superseded by #168.