Submodule upgrades

[dtronmans]

Purpose

• Submodules commit hashes were old and are upgraded in this PR
• ultralytics package is now a required package for yolov5
• Match DetectV26, SegmentV26 and PoseV26 heads to match updated Ultralytics heads

Specification

Dependencies & Potential Impact

Deployment Plan

Testing & Validation

Summary by CodeRabbit

• Chores
  • Added requests>=2.32.2 as a new dependency
  • Updated bundled YOLO submodule references
• Refactor
  • Improved end-to-end NMS-free box decoding for detection
  • Refined segmentation prototype and mask coefficient handling
  • Reworked pose keypoint decoding for more consistent decoding behavior

[github-actions]

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines	Covered	Coverage	Threshold	Status
31880	6865	22%	0%	🟢

New Files

No new covered files...

Modified Files

File	Coverage	Status
tools/modules/heads.py	51%	🟢
tools/yolo/yolov5_exporter.py	80%	🟢
TOTAL	65%	🟢

updated for commit: e569cc6 by action🐍

[github-actions]

Test Results

  6 files    6 suites   23m 14s ⏱️
 26 tests  26 ✅ 0 💤 0 ❌
156 runs  156 ✅ 0 💤 0 ❌

Results for commit e569cc6.

♻️ This comment has been updated with latest results.

[coderabbitai]

📝 Walkthrough

Walkthrough

DFL-based box decoding is applied across DetectV26, SegmentV26, and PoseV26 heads, with regression outputs reshaped to 4 * reg_max. PoseV26._kpts_decode is refactored to drop bs and decode keypoints via sigmoid and linear transforms. yolov5_exporter.py prepends the local ultralytics path to sys.path, both submodules are bumped, and requests>=2.32.2 is added.

Changes

YOLOv26 DFL Decoding and Infrastructure Updates

Layer / File(s)	Summary
Submodule bumps, ultralytics sys.path fix, and requests dependency requirements.txt, tools/yolo/yolov5, tools/yolo/ultralytics, tools/yolo/yolov5_exporter.py	yolov5 and ultralytics submodule SHAs are updated to newer commits. yolov5_exporter.py prepends the local ultralytics/ subdirectory to sys.path. requests>=2.32.2 is added to requirements.txt.
DetectV26 DFL-based box decoding tools/modules/heads.py	DetectV26.forward reshapes box regression to 4 * reg_max and class scores to (bs, nc, -1). _get_decode_boxes runs self.dfl(preds["boxes"]) before dist2bbox and strides scaling.
SegmentV26 forward and proto update tools/modules/heads.py	SegmentV26.forward reshapes box regression to 4 * reg_max, class scores to (bs, nc, -1), and mask coefficients to (bs, nm, -1). _get_proto calls self.proto(x) directly without the return_semseg argument.
PoseV26 forward and _kpts_decode refactor tools/modules/heads.py	PoseV26.forward reshapes box regression to 4 * reg_max, class scores to (bs, nc, -1), and raw keypoints to (bs, nk, -1) via cv4_kpts. _kpts_decode drops the bs parameter and decodes x/y linearly using self.anchors/self.strides, applying sigmoid for visibility when ndim == 3.

Sequence Diagram(s)

sequenceDiagram
  participant forward as DetectV26/SegmentV26/PoseV26 forward
  participant dfl as self.dfl
  participant dist2bbox as dist2bbox
  participant kpts_decode as _kpts_decode

  rect rgba(70, 130, 180, 0.5)
    note over forward,dist2bbox: Box decoding (all V26 heads)
    forward->>forward: reshape boxes to 4*reg_max, cls to (bs,nc,-1)
    forward->>dfl: preds["boxes"]
    dfl-->>forward: decoded box deltas
    forward->>dist2bbox: decoded deltas + anchors
    dist2bbox-->>forward: scaled bboxes
  end

  rect rgba(180, 100, 60, 0.5)
    note over forward,kpts_decode: Keypoint decoding (PoseV26 only)
    forward->>forward: reshape kpts to (bs,nk,-1) per level
    forward->>kpts_decode: kpts_cat (concatenated levels)
    kpts_decode->>kpts_decode: sigmoid visibility (ndim==3)
    kpts_decode->>kpts_decode: linear map x/y via anchors+strides
    kpts_decode-->>forward: (bs, nk, num_anchors)
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐇 Hops through the boxes, four times reg_max wide,
DFL transforms the deltas with geometric pride,
The proto no longer needs semseg returned,
Keypoints decoded — a fresh lesson learned!
With submodules bumped and requests in tow,
This rabbit's detection is ready to go. 🎯

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Submodule upgrades' accurately reflects the main changes in the PR, which involve updating submodule references (ultralytics and yolov5) and aligning related code changes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/upgrade-submodules

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@requirements.txt`:
- Line 19: Update the requests package version constraint in requirements.txt
from `requests>=2.32.2` to `requests>=2.33.0` to patch known security
vulnerabilities (CVE-2024-47081 and CVE-2026-25645). Additionally, verify
whether the requests dependency is actually declared as a requirement by yolov5
or if this is an independent project dependency, as yolov5's submodule does not
appear to declare requests as a dependency.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7793a473-b1b0-4bf0-8064-287852ff0dc6

📥 Commits

Reviewing files that changed from the base of the PR and between 53e72eb and da031c6.

⛔ Files ignored due to path filters (1)

• media/coverage_badge.svg is excluded by !**/*.svg

📒 Files selected for processing (5)

• requirements.txt
• tools/modules/heads.py
• tools/yolo/ultralytics
• tools/yolo/yolov5
• tools/yolo/yolov5_exporter.py

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tools/modules/heads.py (1)

830-846: 💤 Low value

Consider deriving bs from input tensor to reduce parameter coupling.

The bs parameter is used only at line 846 for the view operation, but it can be derived directly from kpts.shape[0]. This would make the method signature cleaner and avoid potential mismatches if caller passes an incorrect batch size.

-    def _kpts_decode(self, bs, kpts):
+    def _kpts_decode(self, kpts):
         """Decode keypoints from raw predictions to pixel coordinates.
 
         Emulate ultralytics.nn.modules.head.Pose26.kpts_decode.
 
         Args:
             kpts: Raw keypoint predictions (bs, nk, num_anchors)
 
         Returns:
             Decoded keypoints (bs, nk, num_anchors) with x, y in pixel coords
         """
         ndim = self.kpt_shape[1]
         num_kpts = self.kpt_shape[0]
+        bs = kpts.shape[0]
         num_anchors = kpts.shape[2]

And update the call site at line 825:

-        kpts_decoded = self._kpts_decode(bs, kpts_cat)
+        kpts_decoded = self._kpts_decode(kpts_cat)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tools/modules/heads.py` around lines 830 - 846, The _kpts_decode method
currently accepts bs as a parameter but can derive it directly from the input
tensor to reduce coupling. Remove the bs parameter from the _kpts_decode method
signature and instead derive it as bs = kpts.shape[0] at the beginning of the
method. Then update the call site at line 825 where _kpts_decode is invoked to
pass only the kpts argument instead of passing both bs and kpts.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tools/modules/heads.py`:
- Line 744: The method call to self.proto() is passing an unsupported
return_semantic parameter that is not accepted by the Proto26.forward() method.
Remove the return_semantic=False keyword argument from the self.proto() call,
leaving only the x parameter to be passed to the method.

---

Nitpick comments:
In `@tools/modules/heads.py`:
- Around line 830-846: The _kpts_decode method currently accepts bs as a
parameter but can derive it directly from the input tensor to reduce coupling.
Remove the bs parameter from the _kpts_decode method signature and instead
derive it as bs = kpts.shape[0] at the beginning of the method. Then update the
call site at line 825 where _kpts_decode is invoked to pass only the kpts
argument instead of passing both bs and kpts.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2491bfb9-41d9-4d1d-a5f9-2f19481e2603

📥 Commits

Reviewing files that changed from the base of the PR and between da031c6 and e569cc6.

📒 Files selected for processing (1)

• tools/modules/heads.py