dependabot[bot] opened a new pull request, #2730: URL: https://github.com/apache/iceberg-rust/pull/2730
Bumps [huggingface-hub](https://github.com/huggingface/huggingface_hub) from 1.18.0 to 1.20.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/huggingface/huggingface_hub/releases">huggingface-hub's releases</a>.</em></p> <blockquote> <h2>v1.20.1</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/huggingface/huggingface_hub/compare/v1.20.0...v1.20.1">https://github.com/huggingface/huggingface_hub/compare/v1.20.0...v1.20.1</a></p> <h2>[v1.20.0] Browser-based OAuth login, multi-commit folder uploads, and more</h2> <h2>🔒 Browser-based OAuth login</h2> <p><code>hf auth login</code> now defaults to a browser-based OAuth Device Code flow instead of asking you to copy-paste a token. The command prints a URL and a short code, you authorize in the browser, and the CLI retrieves and saves the token for you. The same applies to <code>login()</code> in Python. In an interactive terminal you still get a <code>gh</code>-style arrow-key menu to pick between browser login and pasting a token, and <code>--token</code> works exactly as before.</p> <p>OAuth tokens expire after 30 days, but they come with a refresh token: <code>get_token()</code> transparently refreshes them when less than a day of validity remains, so long-running setups keep working without re-authenticating. <code>hf auth list</code> now shows the expiry date for OAuth tokens.</p> <pre lang="bash"><code>> hf auth login ? How would you like to log in? Log in with your browser <pre><code>Open this URL in your browser: https://hf.co/oauth/device And enter the code: 52AT-FLYZ Waiting for authorization. </code></pre> <p></code></pre></p> <p>When the command is run by an AI agent, it never prompts. Instead it streams structured events so the agent can surface the URL and code to its user, then blocks until a terminal <code>auth_success</code> / <code>auth_error</code> event:</p> <pre lang="console"><code>$ hf auth login --format json {"event": "device_code", "verification_uri": "https://hf.co/oauth/device", "user_code": "52AT-FLYZ", "verification_uri_complete": "https://hf.co/oauth/device", "expires_in": 300, "interval": 5} {"event": "auth_success", "user": "celinah", "token_name": "oauth-celinah"} </code></pre> <p><code>hf auth list</code> surfaces the new expiry column:</p> <pre lang="console"><code>$ hf auth list name token expires - ------------- ----------- ------------------- my-token hf_****5678 * oauth-user hf_****1234 2026-07-09 oauth-old hf_****9999 2026-06-09 (expired) </code></pre> <p>Finally, <code>notebook_login()</code> now renders the link and code with plain <code>IPython.display.HTML</code>, dropping the <code>ipywidgets</code> dependency.</p> <ul> <li>[Auth] Browser-based OAuth login by <a href="https://github.com/hanouticelina"><code>@​hanouticelina</code></a> in <a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4354">#4354</a></li> </ul> <h2>⚡ Faster, more reliable <code>hf upload</code> for large folders</h2> <p><code>hf upload</code> and the underlying <code>upload_folder</code> have been revamped to be faster and far more robust on large folders. When <code>hf_xet</code> is installed (the default), uploads now run through a streamed, multi-commit pipeline built on the <code>XetSession</code> API: the folder is scanned and fed into a background Xet upload while previous batches are committed in parallel, and files are hashed in a single read pass while they are chunked (the old flow read every large file twice). Nothing changes in how you call it:</p> <pre lang="bash"><code></tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/huggingface/huggingface_hub/commit/5efdca0b066740c911e59feba2f14e145ff3dbfb"><code>5efdca0</code></a> Release: v1.20.1</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/0c3a0622f413923853faced000b97446194a6fae"><code>0c3a062</code></a> [Auth] Fix circular import on <code>from huggingface_hub import login</code> (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4384">#4384</a>) (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4">#4</a>...</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/8d52526f5d44cf835b9c2a9fb2e4ac03d545c8ed"><code>8d52526</code></a> Release: v1.20.0</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/9379ae35ee840fdf889147c7f21fadb32c44db03"><code>9379ae3</code></a> Release: v1.20.0.rc0</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/3b3abe38b7ae761eb1bebfb0676b5bd2b9f2a2c1"><code>3b3abe3</code></a> [Spaces] Add <code>wait_for_space</code> API and <code>hf spaces wait</code> CLI (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4380">#4380</a>)</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/e52fdef6100a9f3a5d08a146fe99910f297807e0"><code>e52fdef</code></a> [CLI] Make <code>hf jobs ssh</code> wait for job to be running (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4379">#4379</a>)</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/a0c1dfeeb1ef7468e616012149b62fd3566915b2"><code>a0c1dfe</code></a> [Jobs] Add <code>hf jobs wait</code> and <code>HfApi.wait_for_job</code> (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4345">#4345</a>)</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/558987464c237d84cd1f6e3062feff420a39b7c5"><code>5589874</code></a> [Inference Endpoints] Custom-container deploy CLI + deprecate protected endpo...</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/462d09366e5d215b72b710769326c4c7baf26f9c"><code>462d093</code></a> [CLI] Suggest creating repo/bucket on NotFound errors (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4372">#4372</a>)</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/ebe5315b56c53ad0a912d21ce9558ddc9e9f9be5"><code>ebe5315</code></a> Add new JobNotFound error (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4367">#4367</a>)</li> <li>Additional commits viewable in <a href="https://github.com/huggingface/huggingface_hub/compare/v1.18.0...v1.20.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
