### Motivation and context

Integration of YOLOv7 as a serverless nuclio function that can be used
for auto-labeling. YoloV7 is the SOTA at the time of this PR therefore
it would make sense to support it in CVAT. The integration is quite
simple into CVAT as docker based on Ultralytics YoloV5 with coco
pretrained model (https://github.com/WongKinYiu/yolov7) and a docker
image (https://hub.docker.com/r/ultralytics/yolov5).

related issue: #5548 

### How has this been tested?

Automatic annotation was run using YOLOv7 on a custom dataset.
The serverless function was deployed using

```
nuctl deploy --project-name cvat \
  --path serverless/onnx/WongKinYiu/yolov7/nuclio \
  --volume `pwd`/serverless/common:/opt/nuclio/common \
  --platform local
```

Then using the 'Automatic annotation' action the function was tested and
the auto-generated labels were controlled to check that no coordinates
misfit is happening.

### Use custom model:
1. Export your model with NMS for image resolution of 640x640
(preferable).
2. Copy your custom model yolov7-custom.onnx to /serverless/common
3. Modify function.yaml file according to your labels.
4. Modify model_handler.py as follow:
```
 self.model_path = "yolov7-custom.onnx"
```
Co-authored-by: NNikita Manovich <nikita@cvat.ai>
Co-authored-by: Nyasakova-anastasia <yasakova_anastasiya@mail.ru>

Some customers are using it and it leads to problems.

In my understanding of https://github.com/nuclio/nuclio/issues/1821, the
Nuctl (1.8.14) CLI is looking for a path that is only valid on a Linux
environment, which it does not find when running via Git Bash (even when
using the Windows version of Nuctl). However, installing CVAT onto a
Linux VM allows Nuctl to locate this path and operate normally. I
initially found this when setting up CVAT myself on Git Bash as per the
given instructions for Windows 10.

(I am still learning how to use GitHub as far as pull requests / forks /
etc work, sorry if this is not the right way to approach this change.
Please let me know if I've missed something important.)

### How has this been tested?
This is only a change to instructions, but I did test this on multiple
machines . As long as the machine is capable of running a Linux kernel
it shouldn't run into any issues.

Added separate workflow that search cache, it will allow us to remove
duplication of this logic in `main.yml`, `full.yml` and `schedule.yml`

! This solution won't work if PR changes search-cache.yml, but this
workflow is supposed to almost never change

This will let users to run their PyTorch code without network access,
provided that they have already cached the data.

### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
Unit tests.

Turns out that #5456 had a nasty side effect. Session hooks are called
when pytest is run with `--collect-only` (even though no tests are
actually run in this case), and Visual Studio Code periodically runs
`pytest --collect-only` in order to learn what tests exist in the
project. As a result, it keeps restarting the services and restoring the
database in the background.

Work around this by skipping all logic in the hooks if `--collect-only`
is in the options.

Task configurator documentation page updated:
- Converted content into tables
- Updated screenshot
- Added description of new fields and functions

I was supposed to do this in #5524 when I was removing them everywhere
else, but I didn't think to search the documentation. Compose override
files must have the same format as the base file, otherwise Docker
Compose rejects them.

Fixes #5544.

<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md)
guide. -->

- Propagate backward description added to the doc
- Related screenshots updated

### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->

### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->

### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [ ] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md)
file
- [x] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation)
accordingly
- [ ] I have added tests to cover my changes
- [ ] I have linked related issues ([read github docs](

https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))
- [ ] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning),

[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning)
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning))

### License

- [ ] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the
project.
  Feel free to contact the maintainers if that's a concern.
Co-authored-by: NBoris Sekachev <boris.sekachev@yandex.ru>

Extracted from https://github.com/opencv/cvat/pull/5083

- Added a default arg for task data uploading
- Added an option to wait for the data processing in task data uploading
- Moved data splitting by requests for TUS closer to the point of use

The main problem is the circular dependency between `session.ts` and
`annotations.ts`. To fix it, split the second half of `session.ts` into
a separate file, like what is currently done with `project.ts` and
`project-implementation.ts`.

<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md)
guide. -->

<!-- Provide a general summary of your changes in the Title above -->

### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->

### How has this been tested?
Manual testing.
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->

### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- ~~[ ] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md)
file~~
- ~~[ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation)
accordingly~~
- ~~[ ] I have added tests to cover my changes~~
- ~~[ ] I have linked related issues ([read github docs](

https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))~~
- ~~[ ] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning),

[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning)
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning))~~

### License

- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the
project.
  Feel free to contact the maintainers if that's a concern.
Co-authored-by: NNikita Manovich <nikita@cvat.ai>

Follow up for #5538 

The previous fix fixed the situation for local environments, but broke
the CI. This PR tries to use another way.

<h3>Snyk has created this PR to fix one or more vulnerable packages in
the `pip` dependencies of this project.</h3>



#### Changes included in this PR

- Changes to the following files to upgrade the vulnerable dependencies
to a fixed version:
    - cvat/requirements/base.txt


<details>
<summary>⚠️ <b>Warning</b></summary>

```
Jinja2 3.1.2 requires MarkupSafe, which is not installed.
h5py 3.6.0 requires numpy, which is not installed.
azure-storage-blob 12.13.0 requires cryptography, which is not installed.

```
</details>


#### Vulnerabilities that will be fixed





##### By pinning:
Severity | Priority Score (*) | Issue | Upgrade | Breaking Change |
Exploit Maturity

:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------
![high
severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png
"high severity") | **619/1000** <br/> **Why?** Has a fix available, CVSS
8.1 | Remote Code Execution (RCE)
<br/>[SNYK-PYTHON-GITPYTHON-3113858](https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858)
| `gitpython:` <br> `3.1.27 -> 3.1.30` <br> | No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.




Some vulnerabilities couldn't be fully fixed and so Snyk will still find
them when the project is tested again. This may be because the
vulnerability existed within more than one direct dependency, but not
all of the affected dependencies could be upgraded.


Check the changes in this PR to ensure they won't cause issues with your
project.



------------



**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open fix PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJjZDU3YzgyZi1mMDFiLTRmOTktYmVhYi1iNGMwZGMwYjkxNDQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImNkNTdjODJmLWYwMWItNGY5OS1iZWFiLWI0YzBkYzBiOTE0NCJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/cvat/project/4bbc4b80-3fb9-4009-a7bb-51016d44946b?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)

🛠 [Adjust project
settings](https://app.snyk.io/org/cvat/project/4bbc4b80-3fb9-4009-a7bb-51016d44946b?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)

📚 [Read more about Snyk's upgrade and patch
logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)

[//]: #
(snyk:metadata:{"prId":"cd57c82f-f01b-4f99-beab-b4c0dc0b9144","prPublicId":"cd57c82f-f01b-4f99-beab-b4c0dc0b9144","dependencies":[{"name":"gitpython","from":"3.1.27","to":"3.1.30"}],"packageManager":"pip","projectPublicId":"4bbc4b80-3fb9-4009-a7bb-51016d44946b","projectUrl":"https://app.snyk.io/org/cvat/project/4bbc4b80-3fb9-4009-a7bb-51016d44946b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-PYTHON-GITPYTHON-3113858"],"upgrade":[],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"priorityScoreList":[619]})

---

**Learn how to fix vulnerabilities with free interactive lessons:**

🦉 [Remote Code Execution
(RCE)](https://learn.snyk.io/lessons/malicious-code-injection/python/?loc&#x3D;fix-pr)

Add ability to create task with `filename_pattern` by cli.

All of which are about old-style imports.

This PR fixes a problem with local running of tests introduced in #5498.
When running tests locally, there can be multiple tags available, while
we need the `dev` tag, which should be created right before tests are
executed.

- Added the missing image tag in the docker run command

This is useful for people whose home directory is too small/not fast
enough. It also lets us make the tests less hacky.

Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/json5/json5/releases">json5's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.2</h2>
<ul>
<li>Fix: Properties with the name <code>__proto__</code> are added to
objects and arrays.
(<a
href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>)
This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/json5/json5/blob/main/CHANGELOG.md">json5's
changelog</a>.</em></p>
<blockquote>
<h3>v2.2.2 [<a
href="https://github.com/json5/json5/tree/v2.2.2">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.1...v2.2.2">diff</a>]</h3>
<ul>
<li>Fix: Properties with the name <code>__proto__</code> are added to
objects and arrays.
(<a
href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>)
This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/json5/json5/commit/14f8cb186e8abdfaccf6527171da7b1224374650"><code>14f8cb1</code></a>
2.2.2</li>
<li><a
href="https://github.com/json5/json5/commit/10cc7ca9169b59c5e0f5afc03dbd870cd06bcc46"><code>10cc7ca</code></a>
docs: update CHANGELOG for v2.2.2</li>
<li><a
href="https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8"><code>7774c10</code></a>
fix: add <strong>proto</strong> to objects and arrays</li>
<li><a
href="https://github.com/json5/json5/commit/edde30abd8b22facf2c06c72586b9f6edf12700d"><code>edde30a</code></a>
Readme: slight tweak to intro</li>
<li><a
href="https://github.com/json5/json5/commit/97286f8bd542c89dcee096bc05dd28ed2dfc1e16"><code>97286f8</code></a>
Improve example in readme</li>
<li><a
href="https://github.com/json5/json5/commit/d720b4fe4ad800b726da6b0f43c8454c4310fe8d"><code>d720b4f</code></a>
Improve readme (e.g. explain JSON5 better!) (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/291">#291</a>)</li>
<li><a
href="https://github.com/json5/json5/commit/910ce25914ed366a39a610b17bcd581b5da02d32"><code>910ce25</code></a>
docs: fix spelling of Aseem</li>
<li><a
href="https://github.com/json5/json5/commit/2aab4dd2a7c212dd4af7b91f29aa315c20251b92"><code>2aab4dd</code></a>
test: require tap as t in cli tests</li>
<li><a
href="https://github.com/json5/json5/commit/6d426865cec0ba7e20d4a98341e61cf26176b8fb"><code>6d42686</code></a>
test: remove mocha syntax from tests</li>
<li><a
href="https://github.com/json5/json5/commit/4798b9dbde850c8e84e59ac58ba2894ef184434d"><code>4798b9d</code></a>
docs: update installation and usage for modules</li>
<li>Additional commits viewable in <a
href="https://github.com/json5/json5/compare/v2.2.1...v2.2.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json5&package-manager=npm_and_yarn&previous-version=2.2.1&new-version=2.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/opencv/cvat/network/alerts).

</details>
Signed-off-by: Ndependabot[bot] <support@github.com>
Co-authored-by: Ndependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Also, migrate to the version less Compose file format.

Compose V1 is EOL:
<https://www.docker.com/blog/announcing-compose-v2-general-availability/>.

- Added explanatory messages for actions denied for user limits
- Fixed few rules and checks
- Upgraded OPA version

Fix `Error: UPGRADE FAILED: error validating "": error validating data:
unknown object type "nil" in Secret.stringData.redis-password`

It's possible to specify only the manifest file and filename pattern for
creating task with cloud storage data.
The special characters supported now for the pattern are `*`, `?`,
`[seq]`, `[!seq]`.
Please see
[here](https://github.com/opencv/cvat/blob/8898a8b2647514dd6f3f6ce83745b1ca8ef72bce/tests/python/rest_api/test_tasks.py#L686)
for some examples of how to use this functionality.
Co-authored-by: NMaxim Zhiltsov <zhiltsov.max35@gmail.com>

Co-authored-by: NMaxim Zhiltsov <zhiltsov.max35@gmail.com>
Co-authored-by: NKirill Sizov <kirill.sizov@cvat.ai>

- Updated package versions
- Extended server version list in SDK to 2.4 for the public instance

Related: #5225 

External services are not available when we execute in Helm.

- Added a way to mark REST API tests that require external services to
run
- Changed the way of filtering tests in Helm tests

Currently, we can't execute external service mocks in tests, and we
ignore related tests in the Helm
execution command. But this command may be outdated, because Helm tests
are not executed in each PR.
This PR allows to indicate related tests and filter them out without the
need to synchronize the CI command.

- Removed extra update methods from schema
- Fixed Webhooks endpoints
- Fixed Webhooks enum names

OPA can take some time to load rules, but our tests don't wait for OPA,
and start right after the server is loaded.
Sometimes it works, but in other times the tests may fail because OPA is
still loading the rules.
This PR allows to wait for OPA during the test suite startup.

Improved image preview loading for **Tasks**, **Jobs** and **Projects**
views
Backend behaviour change: creating image previews by request and storing
them in the cache
Added corresponding endpoints:
tasks/{id}/preview
projects/{id}/preview
jobs/{id}/preview

Demonstration(added random 0-1s delay for demo purposes):
https://user-images.githubusercontent.com/41117609/208106321-951b8647-6e6b-452e-910c-31c4d0b8682d.mp4
https://user-images.githubusercontent.com/41117609/208106339-2d3a5a7b-d422-4b27-9e76-08729022e1ca.mp4