dependabot[bot] opened a new pull request, #2730:
URL: https://github.com/apache/iceberg-rust/pull/2730

   Bumps [huggingface-hub](https://github.com/huggingface/huggingface_hub) from 
1.18.0 to 1.20.1.
   <details>
   <summary>Release notes</summary>
   <p><em>Sourced from <a 
href="https://github.com/huggingface/huggingface_hub/releases";>huggingface-hub's
 releases</a>.</em></p>
   <blockquote>
   <h2>v1.20.1</h2>
   <p><strong>Full Changelog</strong>: <a 
href="https://github.com/huggingface/huggingface_hub/compare/v1.20.0...v1.20.1";>https://github.com/huggingface/huggingface_hub/compare/v1.20.0...v1.20.1</a></p>
   <h2>[v1.20.0] Browser-based OAuth login, multi-commit folder uploads, and 
more</h2>
   <h2>🔒 Browser-based OAuth login</h2>
   <p><code>hf auth login</code> now defaults to a browser-based OAuth Device 
Code flow instead of asking you to copy-paste a token. The command prints a URL 
and a short code, you authorize in the browser, and the CLI retrieves and saves 
the token for you. The same applies to <code>login()</code> in Python. In an 
interactive terminal you still get a <code>gh</code>-style arrow-key menu to 
pick between browser login and pasting a token, and <code>--token</code> works 
exactly as before.</p>
   <p>OAuth tokens expire after 30 days, but they come with a refresh token: 
<code>get_token()</code> transparently refreshes them when less than a day of 
validity remains, so long-running setups keep working without 
re-authenticating. <code>hf auth list</code> now shows the expiry date for 
OAuth tokens.</p>
   <pre lang="bash"><code>&gt; hf auth login
   ? How would you like to log in? Log in with your browser
   <pre><code>Open this URL in your browser:
       https://hf.co/oauth/device
   
   And enter the code: 52AT-FLYZ
   
   Waiting for authorization.
   </code></pre>
   <p></code></pre></p>
   <p>When the command is run by an AI agent, it never prompts. Instead it 
streams structured events so the agent can surface the URL and code to its 
user, then blocks until a terminal <code>auth_success</code> / 
<code>auth_error</code> event:</p>
   <pre lang="console"><code>$ hf auth login --format json
   {&quot;event&quot;: &quot;device_code&quot;, &quot;verification_uri&quot;: 
&quot;https://hf.co/oauth/device&quot;, &quot;user_code&quot;: 
&quot;52AT-FLYZ&quot;, &quot;verification_uri_complete&quot;: 
&quot;https://hf.co/oauth/device&quot;, &quot;expires_in&quot;: 300, 
&quot;interval&quot;: 5}
   {&quot;event&quot;: &quot;auth_success&quot;, &quot;user&quot;: 
&quot;celinah&quot;, &quot;token_name&quot;: &quot;oauth-celinah&quot;}
   </code></pre>
   <p><code>hf auth list</code> surfaces the new expiry column:</p>
   <pre lang="console"><code>$ hf auth list
     name          token       expires
   - ------------- ----------- -------------------
     my-token      hf_****5678
   * oauth-user    hf_****1234 2026-07-09
     oauth-old     hf_****9999 2026-06-09 (expired)
   </code></pre>
   <p>Finally, <code>notebook_login()</code> now renders the link and code with 
plain <code>IPython.display.HTML</code>, dropping the <code>ipywidgets</code> 
dependency.</p>
   <ul>
   <li>[Auth] Browser-based OAuth login by <a 
href="https://github.com/hanouticelina";><code>@​hanouticelina</code></a> in <a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4354";>#4354</a></li>
   </ul>
   <h2>âš¡ Faster, more reliable <code>hf upload</code> for large folders</h2>
   <p><code>hf upload</code> and the underlying <code>upload_folder</code> have 
been revamped to be faster and far more robust on large folders. When 
<code>hf_xet</code> is installed (the default), uploads now run through a 
streamed, multi-commit pipeline built on the <code>XetSession</code> API: the 
folder is scanned and fed into a background Xet upload while previous batches 
are committed in parallel, and files are hashed in a single read pass while 
they are chunked (the old flow read every large file twice). Nothing changes in 
how you call it:</p>
   <pre lang="bash"><code>&lt;/tr&gt;&lt;/table&gt; 
   </code></pre>
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/5efdca0b066740c911e59feba2f14e145ff3dbfb";><code>5efdca0</code></a>
 Release: v1.20.1</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/0c3a0622f413923853faced000b97446194a6fae";><code>0c3a062</code></a>
 [Auth] Fix circular import on <code>from huggingface_hub import login</code> 
(<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4384";>#4384</a>)
 (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4";>#4</a>...</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/8d52526f5d44cf835b9c2a9fb2e4ac03d545c8ed";><code>8d52526</code></a>
 Release: v1.20.0</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/9379ae35ee840fdf889147c7f21fadb32c44db03";><code>9379ae3</code></a>
 Release: v1.20.0.rc0</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/3b3abe38b7ae761eb1bebfb0676b5bd2b9f2a2c1";><code>3b3abe3</code></a>
 [Spaces] Add <code>wait_for_space</code> API and <code>hf spaces wait</code> 
CLI (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4380";>#4380</a>)</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/e52fdef6100a9f3a5d08a146fe99910f297807e0";><code>e52fdef</code></a>
 [CLI] Make <code>hf jobs ssh</code> wait for job to be running (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4379";>#4379</a>)</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/a0c1dfeeb1ef7468e616012149b62fd3566915b2";><code>a0c1dfe</code></a>
 [Jobs] Add <code>hf jobs wait</code> and <code>HfApi.wait_for_job</code> (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4345";>#4345</a>)</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/558987464c237d84cd1f6e3062feff420a39b7c5";><code>5589874</code></a>
 [Inference Endpoints] Custom-container deploy CLI + deprecate protected 
endpo...</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/462d09366e5d215b72b710769326c4c7baf26f9c";><code>462d093</code></a>
 [CLI] Suggest creating repo/bucket on NotFound errors (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4372";>#4372</a>)</li>
   <li><a 
href="https://github.com/huggingface/huggingface_hub/commit/ebe5315b56c53ad0a912d21ce9558ddc9e9f9be5";><code>ebe5315</code></a>
 Add new JobNotFound error (<a 
href="https://redirect.github.com/huggingface/huggingface_hub/issues/4367";>#4367</a>)</li>
   <li>Additional commits viewable in <a 
href="https://github.com/huggingface/huggingface_hub/compare/v1.18.0...v1.20.1";>compare
 view</a></li>
   </ul>
   </details>
   <br />
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=huggingface-hub&package-manager=uv&previous-version=1.18.0&new-version=1.20.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot show <dependency name> ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to