diff --git a/Dockerfile b/Dockerfile
index faddf741..1d7a1926 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-ARG PYTORCH_CUDA_VERSION=2.0.1-cuda11.7-cudnn8
+ARG PYTORCH_CUDA_VERSION=2.9.0-cuda12.8-cudnn9
 FROM pytorch/pytorch:${PYTORCH_CUDA_VERSION}-runtime
 LABEL org.opencontainers.image.source=https://github.com/criticalml-uw/TamperBench
 
@@ -19,7 +19,7 @@ RUN apt-get update -q \
     && rm -rf /var/lib/apt/lists/*
 
 # Install uv
-COPY --from=ghcr.io/astral-sh/uv:0.8.17-python3.10-alpine /usr/local/bin/uv /usr/local/bin/uv
+COPY --from=ghcr.io/astral-sh/uv:0.10.0-python3.10-alpine /usr/local/bin/uv /usr/local/bin/uv
 
 # Don't run as root, instead run as non-root user that can still use
 # passwordless sudo for admin privileges
@@ -34,24 +34,24 @@ RUN addgroup --gid ${GROUPID} ${USERNAME} \
     && chown -R ${USERNAME}:${USERNAME} "/workspace"
 USER ${USERNAME}
 
-# uv will install into VIRTUAL_ENV. We add VIRTUAL_ENV to the path so that users
-# of image can use `python` rather than `uv run python`.
-ENV VIRTUAL_ENV=/workspace/TamperBench/.venv
-ENV PATH="$VIRTUAL_ENV/bin:/home/dev/.local/bin:$PATH"
-
-# Copy package installation files
-COPY --chown=${USERNAME}:${USERNAME} pyproject.toml uv.lock /workspace/TamperBench/
-
-# Create venv and install dependencies
-# Run Pyright so its Node.js package gets installed
-RUN cd /workspace/TamperBench \
-    && mkdir -p src/tamperbench \
-    && touch src/tamperbench/__init__.py \
-    && uv sync --frozen \
-    && rm -rf "${HOME}/.cache" \
-    && basedpyright . \
-    && cd .. \
-    && rm -rf TamperBench
+# Pre-bake dependencies into a venv at /home/dev/.venv. The repo itself is not
+# included in the image as we usually want to clone it and checkout `main` or a
+# specific commit.
+# After cloning, symlink the pre-built venv into the repo so that tools
+# (basedpyright, IDEs, uv) find it at the conventional .venv location:
+#   ln -s /home/dev/.venv /workspace/TamperBench/.venv
+ENV PATH="/home/dev/.venv/bin:/home/dev/.local/bin:$PATH"
+# Create venv and install dependencies (but not the project itself).
+# The cache mount keeps uv's download cache out of the image but persists it
+# across builds. UV_LINK_MODE=copy is needed because hardlinks into the cache
+# mount would dangle in the final image.
+RUN --mount=type=cache,target=/home/dev/.cache/uv,uid=${USERID},gid=${GROUPID} \
+    --mount=type=bind,source=uv.lock,target=uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    UV_PROJECT_ENVIRONMENT=/home/dev/.venv UV_LINK_MODE=copy \
+    uv sync --locked --no-install-project
+
+WORKDIR /workspace
 
 # Default command to run -- may be changed at runtime
 CMD ["/bin/bash"]
diff --git a/Makefile b/Makefile
index bfdaae7a..fb268cf8 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-VERSION ?= 0.0.1
+VERSION ?= 0.0.2
 FULL_IMAGE_NAME = ghcr.io/criticalml-uw/tamperbench:$(VERSION)
 
 .PHONY: docker-build devbox cpu large
diff --git a/k8s/devbox.yaml b/k8s/devbox.yaml
index 68776b67..b3df77d2 100644
--- a/k8s/devbox.yaml
+++ b/k8s/devbox.yaml
@@ -37,6 +37,7 @@ spec:
               cd "/workspace/TamperBench"
               git pull
               git checkout {COMMIT_HASH}
+              ln -s /home/dev/.venv .venv
               git submodule update --recursive
               uv sync
               sleep {SLEEP_TIME}