feat: migrate from Poetry to UV (#1176)

[ritwiktiwari]

Description

This PR fixes #1176

Summary

This PR migrates the project from Poetry to UV for dependency management:

• Removed all Poetry-specific sections from pyproject.toml (tool.poetry.* configurations)
• Updated noxfile.py to use uv export instead of poetry export
• Updated scripts/release.sh to use uv lock instead of poetry lock
• Deleted poetry.lock and generated uv.lock
• Added requires-python = ">=3.10" to project metadata
• Removed black and isort dependencies in favor of ruff for both linting and formatting
• Updated noxfile.py lint session to use ruff check and ruff format
• Updated .github/workflows/lint-pr.yml to use only ruff for linting and formatting

All GitHub workflows were already using UV, so no changes were needed there.

PR Checklist

Please ensure that:

• [ x ] The PR contains a descriptive title
• [ x ] The PR contains a descriptive summary of the changes
• [ x ] You build and test your changes before submitting a PR.
• [ x ] You have added relevant documentation
• [ x ] You have added relevant tests. We prefer integration tests wherever possible

Pre-Commit Instructions:

• [ x ] Ensure that you have run the pre-commit hooks on your PR.

Summary by CodeRabbit

• Chores
  • Switched dependency management from Poetry to uv and migrated project metadata to standard PEP 621 declarations.
  • Removed black and isort from dev tooling; consolidated linting/formatting around ruff with locked runs.
  • Updated CI and test workflows to use uv for dependency handling and streamlined lint checks.
  • Set minimum Python version to 3.10.
  • Updated release script to use uv for lock generation.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
robyn	Ready	Preview, Comment	Feb 22, 2026 6:32am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Walkthrough

Replace Poetry with UV for dependency/lockfile management across CI, nox, and release scripts; dev tooling calls updated to use uv (ruff via uv); black/isort removed from dev dependency groups and workflows.

Changes

Cohort / File(s)	Summary
CI lint workflow .github/workflows/lint-pr.yml	Switch astral-sh/setup-uv@v3 → astral-sh/setup-uv@v7; remove UV_SYSTEM_PYTHON; use uv sync --locked --only-group dev --no-install-project; run uv run --locked ruff check and uv run --locked ruff format --check instead of black/isort checks.
Nox & test orchestration noxfile.py	Replace Poetry-based export/install with uv steps (uv export, updated flags --frozen/--group/--no-hashes/--output-file); install uv where needed; remove editable -e . install and black usage; keep maturin build/test flow with updated export flags.
Project metadata & deps pyproject.toml	Add requires-python = ">=3.10"; remove [tool.poetry] block and dev deps black/isort from dependency groups; retain PEP 621 [project], ruff, pytest, and maturin configs.
Release script scripts/release.sh	Replace poetry lock with uv lock; rest of script unchanged.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant CI as CI (GitHub Actions)
    participant UV as UV Action
    participant Nox as Nox
    participant Build as Build/Test

    Dev->>CI: push PR
    CI->>UV: setup-uv@v7 (provide uv CLI)
    CI->>CI: uv sync --locked --only-group dev --no-install-project
    CI->>Nox: run nox sessions (use uv-exported requirements)
    Nox->>Build: build with maturin & run pytest
    Build->>CI: report test results / artifacts

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I swapped a Poetry quill for UV's light,
Hopped through CI lanes, my whiskers bright,
Ruff combed the fur, no black in sight,
Locks refreshed and tests take flight,
I twitch my nose — deployment's right!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: migrate from Poetry to UV' clearly summarizes the main objective of the PR.
Description check	✅ Passed	The description includes the required sections (Description, Summary) with detailed changes and follows the template structure.
Linked Issues check	✅ Passed	The PR successfully migrates from Poetry to UV by removing Poetry sections, updating tooling, and adopting UV and ruff across all relevant files [#1176].
Out of Scope Changes check	✅ Passed	All changes are directly related to the Poetry-to-UV migration objective; no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @.github/workflows/lint-pr.yml:
- Around line 23-29: The workflow currently installs ruff with "uv pip install
ruff" which bypasses the lockfile; change the CI steps to install pinned dev
dependencies from uv.lock by adding ruff to dev deps locally (via "uv add --dev
ruff") and in the workflow replace the install step with "uv sync --locked" and
replace execution lines to use the locked runner flags (e.g., use "uv run
--locked ruff check ." and "uv run --locked ruff format --check ."); update the
step names that currently reference "Install dependencies with uv" and "Run
linters" to use these locked commands so CI uses deterministic ruff versions.

In `@noxfile.py`:
- Around line 8-19: The uv export invocation in the nox session currently runs
session.run("uv", "export", "--group", "test", "--group", "dev", "--no-hashes",
"--output-file", "requirements.txt") which allows uv to re-lock the project;
update that call to include the "--frozen" flag so uv errors if uv.lock would be
modified (preventing dependency drift in tests). Locate the session.run call
that invokes "uv", "export" and add the "--frozen" argument to its parameter
list (preserving the existing flags like "--no-hashes" and "--output-file").

🧹 Nitpick comments (1)

noxfile.py (1)

46-48: Make lint session non-mutating with ruff format --check.

Currently this will reformat files in-place. Using --check exits with a non-zero status code if any files would need formatting, without modifying them—aligning with CI behavior.

♻️ Suggested change

-    session.run("ruff", "format", ".")
+    session.run("ruff", "format", "--check", ".")

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

UV package manager uv.lock file deterministic installs CI best practices

💡 Result:

Deterministic installs with uv.lock

• Commit uv.lock and treat it as the source of truth for CI/prod installs.
• In CI, prevent uv from re-locking (which can hide problems) by using:
  • uv sync --locked to validate that uv.lock matches the project metadata and error if it doesn’t. [1]
  • uv sync --frozen to install strictly from uv.lock without checking whether it’s up-to-date (useful when CI doesn’t have all workspace pyproject.toml files available). [1][2]
• Optionally add an explicit lockfile check step: uv lock --check (equivalent to “locked” validation). [1]

CI workflow best practices

• Install from the lockfile, then run tests using locked mode (so CI fails if someone changed pyproject.toml but didn’t update uv.lock):
  • uv sync --locked
  • uv run --locked pytest (same idea applies to other commands). [1]
• Prefer uv sync in CI (not uv run alone) if you want a clean, deterministic environment: uv sync performs an “exact” sync by default (removes packages not in the lockfile). [1]

Monorepos / partial checkouts / Docker

• If your CI/Docker step only has the root pyproject.toml + uv.lock (not all workspace members), use --frozen for that step, then switch to --locked once all workspace files are present. [2]

Speeding up CI: cache correctly

• Cache uv’s package artifacts, and run uv cache prune --ci at the end of the job to keep only what’s worth caching in CI (notably, keep wheels built from source; drop most prebuilt wheels). [3]
• If you use GitHub Actions, consider an action that installs uv and manages its cache keys (including support for keying off uv.lock). [5]

Prevent “lockfile drift”

• Add a pre-push hook (e.g., via pre-commit) to run uv sync --locked so developers catch an out-of-date uv.lock before CI does. [4]

Sources: uv locking/syncing semantics and flags [1], Docker/workspace guidance for --frozen vs --locked [2], CI cache pruning recommendation [3], pre-commit hook pattern [4], GitHub Actions cache tooling [5].

---

🌐 Web query:

UV "uv pip install" vs "uv add" lock file behavior

💡 Result:

• uv add <pkg> (project workflow)

  • Adds the dependency to pyproject.toml and (re)resolves the project, creating/updating uv.lock.
  • Intended for “this is a real project dependency” and to keep the manifest + lock in sync.
    Sources: Astral docs on lockfile being created/modified by uv add/uv lock/uv sync [1][2], Real Python overview [3].

• uv pip install <pkg> (pip-compatible workflow)

  • Installs into the current environment like pip, but does not manage your project’s pyproject.toml or uv.lock (it’s not the project lock workflow).
  • For reproducible installs in the pip workflow, uv expects you to use lock inputs like compiled requirements.txt / pylock.toml (and for “exact” environments, prefer uv pip sync over uv pip install).
    Sources: Astral docs on pip compile/install/sync behavior [4], Astral docs distinguishing uv.lock as project lock managed by project commands [1][2].

Rule of thumb: use uv add when you want the dependency recorded + locked for the project; use uv pip install for ad-hoc / pip-style installs (and use uv pip compile + uv pip sync if you want a locked, exactly-synced environment in the pip workflow) [4].

Sources
[1] Astral uv docs — Projects layout / lockfile (uv.lock created/updated by uv sync, uv run, explicitly by uv lock) https://docs.astral.sh/uv/concepts/projects/layout/
[2] Astral uv docs — Resolution (lockfile created/modified by uv lock, uv sync, uv add) https://docs.astral.sh/uv/concepts/resolution/
[3] Real Python — uv add creates/updates uv.lock and keeps it updated on add/remove/upgrade https://realpython.com/uv-vs-pip/
[4] Astral uv docs — Pip interface: uv pip compile, uv pip install, and why uv pip sync is needed for exact, reproducible envs https://docs.astral.sh/uv/pip/compile/

---

🌐 Web query:

UV "uv run" command how it resolves dependencies system-installed packages

💡 Result:

uv run resolves/imports packages from uv-managed environments, not from your OS “system-installed” site-packages.

• In a project, uv run … executes inside the project virtual environment (typically .venv) and first ensures that environment is up-to-date with the project’s declared dependencies before running your command. [1]
• System site-packages are not part of that environment, so packages installed via your system package manager (apt/dnf/pacman/homebrew, etc.) generally won’t be visible to uv run. If a dependency (e.g., numpy) isn’t in the uv environment, you must add/install it into the uv environment. (This “no mixing system packages with uv run env” behavior is also called out by users because uv run has no --system-site-packages equivalent.) [3]
• If you use uv run --with …, uv creates an additional ephemeral “layer” environment on top of the project environment containing the requested extra packages/versions (and they may intentionally conflict with the project’s pinned deps). This still layers on top of uv-managed envs—not system site-packages. [2]
• By default, uv run makes the minimum necessary changes to satisfy requirements; --exact makes it remove extraneous packages for an exact sync. [2]

If what you want is “use system Python + its site-packages”, that’s a different mode: --system exists on pip/tool install/run commands, but uv run itself is designed around running in the uv/project environment rather than inheriting system site-packages. [2]

Sources: [1] [2] [3]

---

Pin ruff via uv.lock for deterministic linting in CI.

uv pip install ruff bypasses the lockfile and pulls the latest release each run, causing non-deterministic formatting rules and unexpected CI failures. Instead, add ruff to your dev dependencies in pyproject.toml (via uv add --dev ruff) and use uv sync --locked in CI to install from the lockfile, then run uv run --locked ruff check .. This ensures consistent tool versions across all CI runs.

🤖 Prompt for AI Agents

In @.github/workflows/lint-pr.yml around lines 23 - 29, The workflow currently
installs ruff with "uv pip install ruff" which bypasses the lockfile; change the
CI steps to install pinned dev dependencies from uv.lock by adding ruff to dev
deps locally (via "uv add --dev ruff") and in the workflow replace the install
step with "uv sync --locked" and replace execution lines to use the locked
runner flags (e.g., use "uv run --locked ruff check ." and "uv run --locked ruff
format --check ."); update the step names that currently reference "Install
dependencies with uv" and "Run linters" to use these locked commands so CI uses
deterministic ruff versions.

[ritwiktiwari]

@sansyrox can I get a review?

[sansyrox]

Thanks for the PR @ritwiktiwari :D

Can you resolve the conflict and address the reviews by @CodeRabbit ?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

# Fetch CodeRabbit's review comments on PR `#1297`
echo "=== CodeRabbit Review Comments ==="
gh pr view 1297 --json reviewThreads --jq '.reviewThreads[] | select(.comments[0].author.login == "coderabbitai") | {path: .path, line: .line, comments: [.comments[] | {author: .author.login, body: .body, isResolved: .isResolved}]}'

echo -e "\n=== PR Status and Conflicts ==="
gh pr view 1297 --json mergeable,mergeStateStatus,statusCheckRollup --jq '{mergeable: .mergeable, mergeStateStatus: .mergeStateStatus}'

echo -e "\n=== All Review Comments Summary ==="
gh pr view 1297 --json reviewThreads --jq '.reviewThreads[] | select(.comments[0].author.login == "coderabbitai") | {path: .path, isResolved: .isResolved, firstComment: .comments[0].body[:200]}'

Length of output: 1509

---

🏁 Script executed:

#!/bin/bash

# Fetch CodeRabbit's review comments using the correct field
echo "=== All Reviews ==="
gh pr view 1297 --json reviews --jq '.reviews[] | select(.author.login == "coderabbitai") | {state: .state, body: .body[:300], submittedAt: .submittedAt}'

echo -e "\n=== Review Comments from Comments Field ==="
gh pr view 1297 --json comments --jq '.comments[] | select(.author.login == "coderabbitai") | {createdAt: .createdAt, body: .body[:300]}'

echo -e "\n=== Using REST API to get review comments ==="
gh api repos/sparckles/Robyn/pulls/1297/comments --jq '.[] | select(.user.login == "coderabbitai") | {path: .path, line: .line, body: .body[:200]}'

echo -e "\n=== Check latest reviews summary ==="
gh pr view 1297 --json latestReviews --jq '.latestReviews[] | select(.author.login == "coderabbitai") | {state: .state, submittedAt: .submittedAt}'

Length of output: 1025

---

🏁 Script executed:

#!/bin/bash

# Get full review body to see all actionable comments
echo "=== Full Review Body ==="
gh pr view 1297 --json reviews --jq '.reviews[] | select(.author.login == "coderabbitai") | .body' | head -100

echo -e "\n=== Try to get review comments via GraphQL ==="
gh api graphql -f query='
{
  repository(owner: "sparckles", name: "Robyn") {
    pullRequest(number: 1297) {
      reviews(first: 10, author: "coderabbitai") {
        nodes {
          body
          state
          comments(first: 20) {
            nodes {
              path
              line
              body
            }
          }
        }
      }
    }
  }
}'

echo -e "\n=== Check for inline review comments ==="
gh api /repos/sparckles/Robyn/pulls/1297/reviews --jq '.[] | select(.user.login == "coderabbitai") | {id: .id, state: .state, body: .body[:500]}'

Length of output: 2191

---

@sansyrox, I can help clarify what needs to be addressed!

Summary for @ritwiktiwari:

1. Merge Conflicts 🔴
The PR currently has merge conflicts that need to be resolved.

2. Actionable Review Comments 📋

I posted 2 actionable comments that should be addressed:

a) .github/workflows/lint-pr.yml (lines 23-29):

• Currently uses uv pip install ruff which bypasses the lockfile
• Should use uv sync --locked to install dependencies from uv.lock
• Should use uv run --locked ruff check . and uv run --locked ruff format --check . for deterministic versions

b) noxfile.py (lines 8-19):

• The uv export command should include the --frozen flag
• This prevents dependency drift by erroring if uv.lock would be modified during tests

3. Nitpick Comment 💡

c) noxfile.py (line 46-48):

• Consider using ruff format --check instead of ruff format to make the lint session non-mutating (won't modify files in-place)

Once the conflicts are resolved and these comments are addressed, the PR should be ready for merge! 🚀

[coderabbitai]

🧹 Nitpick comments (2)

.github/workflows/lint-pr.yml (1)

14-14: astral-sh/setup-uv@v3 is several major versions behind — update to v7.

The official astral uv documentation for GitHub Actions recommends astral-sh/setup-uv@v7, and v3 was released approximately 11 months ago with v7 being the current major version. Using a stale major version misses accumulated bug fixes and feature improvements.

♻️ Proposed fix

-      uses: astral-sh/setup-uv@v3
+      uses: astral-sh/setup-uv@v7

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/lint-pr.yml at line 14, The workflow step currently
references the outdated action version "astral-sh/setup-uv@v3"; update that
usage to "astral-sh/setup-uv@v7" in the lint-pr.yml workflow so the job uses the
current major release (and re-run CI to verify no breaking changes); locate the
step containing the string "astral-sh/setup-uv@v3" and replace it with
"astral-sh/setup-uv@v7".

noxfile.py (1)

46-49: pip install ruff in the lint session bypasses the lockfile.

The CI workflow (lint-pr.yml) now uses the lockfile-installed ruff via uv run --locked, but the nox lint session installs the latest ruff unconditionally — meaning local nox runs may use a different ruff version than CI and potentially produce different results.

Consider aligning the nox lint session with the CI approach:

♻️ Proposed refactor

 `@nox.session`(python=["3.11"])
 def lint(session):
-    session.run("pip", "install", "ruff")
-    session.run("ruff", "check", ".")
-    session.run("ruff", "format", "--check", ".")
+    session.run("pip", "install", "uv")
+    session.run(
+        "uv", "sync", "--frozen", "--only-group", "dev", "--no-install-project",
+        external=True,
+    )
+    session.run("uv", "run", "--frozen", "ruff", "check", ".", external=True)
+    session.run("uv", "run", "--frozen", "ruff", "format", "--check", ".", external=True)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@noxfile.py` around lines 46 - 49, The lint(session) nox task currently
installs ruff via pip which bypasses the lockfile; replace the unconditional
session.run("pip", "install", "ruff") and direct "ruff" invocations by invoking
the lockfile-managed runner used in CI (e.g., session.run("uv", "run",
"--locked", "ruff", ...)) so the same ruff version is used locally and in CI;
update the three calls that use "ruff" (the install line and the two
session.run("ruff", ...)) to use session.run("uv", "run", "--locked", "ruff",
<args>) instead.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/lint-pr.yml:
- Around line 20-26: The lint workflow change is correct; keep the
lockfile-pinned install and non-mutating format check as implemented: retain the
commands `uv sync --locked --only-group dev --no-install-project` and the `uv
run --locked ruff check .` plus `uv run --locked ruff format --check .` steps so
dependencies are installed from uv.lock and formatting remains a check-only
operation.

In `@noxfile.py`:
- Around line 8-21: The nox session currently installs uv and runs "uv export
--frozen --group test --group dev --no-hashes --output-file requirements.txt";
keep the --frozen flag to ensure the uv.lock cannot be silently modified (so
test dependencies remain consistent) and leave the session.run invocations (the
calls to session.run("pip", "install", "uv"/"maturin") and session.run("uv",
"export", ...)) as-is—no code changes required other than ensuring the --frozen
flag remains present.

---

Nitpick comments:
In @.github/workflows/lint-pr.yml:
- Line 14: The workflow step currently references the outdated action version
"astral-sh/setup-uv@v3"; update that usage to "astral-sh/setup-uv@v7" in the
lint-pr.yml workflow so the job uses the current major release (and re-run CI to
verify no breaking changes); locate the step containing the string
"astral-sh/setup-uv@v3" and replace it with "astral-sh/setup-uv@v7".

In `@noxfile.py`:
- Around line 46-49: The lint(session) nox task currently installs ruff via pip
which bypasses the lockfile; replace the unconditional session.run("pip",
"install", "ruff") and direct "ruff" invocations by invoking the
lockfile-managed runner used in CI (e.g., session.run("uv", "run", "--locked",
"ruff", ...)) so the same ruff version is used locally and in CI; update the
three calls that use "ruff" (the install line and the two session.run("ruff",
...)) to use session.run("uv", "run", "--locked", "ruff", <args>) instead.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

noxfile.py (1)

22-23: ⚠️ Potential issue | 🟡 Minor

pip install -e . before the maturin wheel build causes redundant Rust compilation.

pip install -e . on a maturin project uses PEP 660 editable installs (supported since v0.12.0), which invokes cargo to compile the Rust extension. That compiled artifact is then immediately discarded when maturin build (line 40) compiles the extension again and pip install --no-index --find-links=dist/ robyn (line 41) replaces it with the release wheel.

Nothing between line 23 and line 41 requires an installed robyn, so the editable install is pure overhead — roughly doubling Rust compile time per matrix entry.

🔧 Proposed fix

     session.run("pip", "install", "-r", "requirements.txt")
-    session.run("pip", "install", "-e", ".")
-
     args = [

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@noxfile.py` around lines 22 - 23, Remove the redundant editable install that
triggers a Cargo build: delete or comment out the session.run("pip", "install",
"-e", ".") call so the Rust extension is only built by maturin build and then
installed via pip install --no-index --find-links=dist/ robyn; alternatively, if
an editable install is truly needed, move session.run("pip", "install", "-e",
".") to after the maturin build / pip install --no-index --find-links=dist/
robyn sequence to avoid double compilation.

🧹 Nitpick comments (1)

noxfile.py (1)

8-8: Consider pinning the uv version for reproducible CI.

pip install uv without a version specifier will pick up the latest uv on every fresh session, meaning a breaking release could silently change --frozen / --only-group semantics between runs. Pin to a minimum known-good version (e.g. uv>=0.5,<1) or use a fixed pin.

The same applies to Line 47 in the lint session.

♻️ Proposed change

-    session.run("pip", "install", "uv")
+    session.run("pip", "install", "uv>=0.5,<1")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@noxfile.py` at line 8, The pip install call uses an unpinned package
("session.run(\"pip\", \"install\", \"uv\")"), which makes CI non-reproducible;
change the install invocation(s) to pin a safe version (for example "uv>=0.5,<1"
or a fixed exact version) so the same release is used every run, and update both
occurrences (the current session.run("pip", "install", "uv") and the identical
call in the lint session) to use the pinned specifier.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@noxfile.py`:
- Around line 22-23: Remove the redundant editable install that triggers a Cargo
build: delete or comment out the session.run("pip", "install", "-e", ".") call
so the Rust extension is only built by maturin build and then installed via pip
install --no-index --find-links=dist/ robyn; alternatively, if an editable
install is truly needed, move session.run("pip", "install", "-e", ".") to after
the maturin build / pip install --no-index --find-links=dist/ robyn sequence to
avoid double compilation.

---

Duplicate comments:
In `@noxfile.py`:
- Around line 10-21: The command invocation in session.run now includes the
correct "--frozen" flag for "uv export", which enforces lockfile consistency; no
code change is required—keep the call in the noxfile (the session.run that runs
"uv", "export", "--frozen", "--group", "test", "--group", "dev", "--no-hashes",
"--output-file", "requirements.txt") as-is since it will error on uv.lock drift.

---

Nitpick comments:
In `@noxfile.py`:
- Line 8: The pip install call uses an unpinned package ("session.run(\"pip\",
\"install\", \"uv\")"), which makes CI non-reproducible; change the install
invocation(s) to pin a safe version (for example "uv>=0.5,<1" or a fixed exact
version) so the same release is used every run, and update both occurrences (the
current session.run("pip", "install", "uv") and the identical call in the lint
session) to use the pinned specifier.

[ritwiktiwari]

@sansyrox I've addressed all comments