dependabot[bot] opened a new pull request, #3537:
URL: https://github.com/apache/iceberg-python/pull/3537

   Bumps [huggingface-hub](https://github.com/huggingface/huggingface_hub) from 
1.18.0 to 1.19.0.
   <details>
   <summary>Release notes</summary>
   <p><em>Sourced from <a 
href="https://github.com/huggingface/huggingface_hub/releases";>huggingface-hub's
 releases</a>.</em></p>
   <blockquote>
   <h2>[v1.19.0] Trusted Publishers, hf:// URIs, and expose-ports for Jobs</h2>
   <h2>🔐 Keyless CI/CD auth via OIDC token exchange</h2>
   <p>CI workflows can now authenticate to the Hub without storing an 
<code>HF_TOKEN</code> secret, using <a 
href="https://huggingface.co/docs/hub/trusted-publishers";>Trusted 
Publishers</a>. Set <code>HF_OIDC_RESOURCE</code> to the repo (or username) you 
want to scope the token to, and <code>huggingface_hub</code> performs the OIDC 
exchange under the hood — no token, no setup code. GitHub Actions is supported 
out of the box (with <code>permissions: id-token: write</code>), and other 
providers can pass a pre-minted ID token via <code>HF_OIDC_ID_TOKEN</code>. 
Exchanged tokens are short-lived (1 hour), repo-scoped, and cached locally with 
automatic refresh.</p>
   <pre lang="yaml"><code># Publish a model without storing any HF_TOKEN secret
   - name: Push the model
     env:
       HF_OIDC_RESOURCE: acme/awesome-model
     run: hf upload acme/awesome-model ./model .
   </code></pre>
   <ul>
   <li>[Auth] Keyless CI/CD auth via OIDC token exchange by <a 
href="https://github.com/hanouticelina";><code>@​hanouticelina</code></a> in <a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4326";>#4326</a></li>
   </ul>
   <p>📚 <strong>Documentation:</strong> <a 
href="https://huggingface.co/docs/hub/trusted-publishers";>Trusted 
Publishers</a></p>
   <h2>🖥️ hf:// URIs for upload and download</h2>
   <p><code>hf upload</code> and <code>hf download</code> now accept an 
<code>hf://</code> URI in place of the positional repo ID. The URI encodes repo 
type, revision, and file path in a single string following the grammar 
<code>hf://[&lt;TYPE&gt;/]&lt;ID&gt;[@&lt;REVISION&gt;][/&lt;PATH&gt;]</code>, 
so you no longer need separate <code>--repo-type</code> and 
<code>--revision</code> flags. When a URI is provided, it is the single source 
of truth — passing <code>--repo-type</code> or <code>--revision</code> on top 
of it raises an error, and a path in the URI cannot be combined with positional 
filenames (download) or <code>path_in_repo</code> (upload).</p>
   <pre lang="bash"><code># Download a single file from a dataset at a given 
revision
   hf download 
hf://datasets/HuggingFaceM4/FineVision@refs/pr/1/data/train.parquet
   <h1>Download an entire repo</h1>
   <p>hf download hf://datasets/google/fleurs</p>
   <h1>Upload a file to a dataset on a specific branch</h1>
   <p>hf upload hf://datasets/Wauplin/my-cool-dataset@my-branch/data/train.csv 
./train.csv
   </code></pre></p>
   <ul>
   <li>[CLI] Support hf:// URIs in <code>hf upload</code> and <code>hf 
download</code> by <a 
href="https://github.com/Wauplin";><code>@​Wauplin</code></a> in <a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4297";>#4297</a></li>
   </ul>
   <p>📚 <strong>Documentation:</strong> <a 
href="https://huggingface.co/docs/huggingface_hub/main/en/guides/cli#use-an-hf-uri";>CLI
 guide — hf:// URIs</a> · <a 
href="https://huggingface.co/docs/huggingface_hub/main/en/guides/download";>Download
 guide</a> · <a 
href="https://huggingface.co/docs/huggingface_hub/main/en/guides/upload";>Upload 
guide</a></p>
   <h2>🚀 Expose job ports through the jobs proxy</h2>
   <p>Jobs can now expose container ports through the public jobs proxy using 
<code>--expose &lt;port&gt;</code> (CLI) or <code>expose=[8000]</code> (Python 
API). Each exposed port is reachable at 
<code>https://&lt;job_id&gt;--&lt;port&gt;.hf.jobs</code> and requires an HF 
token with read access to the job's namespace. This works on <code>hf jobs 
run</code>, <code>hf jobs uv run</code>, and their scheduled variants. Job 
responses now surface <code>expose_urls</code> on <code>JobStatus</code>.</p>
   <pre lang="bash"><code># Expose a web server running on port 8000
   &gt; hf jobs run --expose 8000 python:3.12 python -m http.server 8000
   ✓ Job started
     id: 6a2aa7cec4f53f9fc5aa4cff
     url: https://huggingface.co/jobs/Wauplin/6a2aa7cec4f53f9fc5aa4cff
   Hint: Exposed ports are reachable at (requires an HF token with read access 
to the job):
     https://6a2aa7cec4f53f9fc5aa4cff--8000.hf.jobs
   Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
   </code></pre>
   <!-- raw HTML omitted -->
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/b1909eb48ad5c730ebe80f0ff862b3fbd7f9ec3a";><code>b1909eb</code></a>
 Release: v1.19.0</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/fe27c47d6eb5878b89b06e0a0c75bc6d47f724f1";><code>fe27c47</code></a>
 OIDC: Include error_description in HTTP error messages (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4341";>#4341</a>)</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/68dd701057aed2dbdb5618a2956ae6178ea7dc37";><code>68dd701</code></a>
 Release: v1.19.0.rc1</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/934797e3251abac162216549e33f27f01f8a9952";><code>934797e</code></a>
 Release: v1.19.0.rc0</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/69ef7d72d9e29767e601a87c7e1e9dac6db2c02f";><code>69ef7d7</code></a>
 [Agent] Dynamic agent harness registry (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4325";>#4325</a>)</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/f6b439ce1d04a3021c39f970ab7aad2ffc5c9d3d";><code>f6b439c</code></a>
 [fix] Transient locaion error due to CDN (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4339";>#4339</a>)</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/f1f2c43615914bf9b86e4b998ed732f05a12c900";><code>f1f2c43</code></a>
 Fix ignored-pattern warning grammar in download CLI (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4337";>#4337</a>)</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/92009d498c9795bc58d7baaee32cd3d0e9d04f42";><code>92009d4</code></a>
 [Tests] Add xet/no_xet pytest markers to filter Xet vs non-Xet tests (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4336";>#4336</a>)</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/e3b6d5bd8b82dc4fedc046ffbcbf353f9c0c12f7";><code>e3b6d5b</code></a>
 [Auth] Keyless CI/CD auth via OIDC token exchange (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4326";>#4326</a>)</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/8e4ca5c3a24a8286bbe0ed3acf111e5a1ea1fcf9";><code>8e4ca5c</code></a>
 [CI] Remove .github/workflows/python-prerelease.yml (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4335";>#4335</a>)</li>
   <li>Additional commits viewable in <a 
href="https://github.com/huggingface/huggingface_hub/compare/v1.18.0...v1.19.0";>compare
 view</a></li>
   </ul>
   </details>
   <br />
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=huggingface-hub&package-manager=uv&previous-version=1.18.0&new-version=1.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot show <dependency name> ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to