Skip to content

Bump huggingface-hub from 0.30.1 to 1.22.0#72

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/huggingface-hub-1.22.0
Open

Bump huggingface-hub from 0.30.1 to 1.22.0#72
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/huggingface-hub-1.22.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown

Bumps huggingface-hub from 0.30.1 to 1.22.0.

Release notes

Sourced from huggingface-hub's releases.

[v1.22.0] Sandboxes, faster downloads, and a rebuilt CLI

🖥️ Sandboxes: isolated cloud machines on top of Jobs

Sandboxes are isolated cloud machines you can spin up in seconds, run commands in with live-streamed output, and move files in and out of — all from Python or the CLI. They are built entirely on top of Jobs: under the hood a sandbox is just a Job running a tiny static server, so any Docker image with /bin/sh works and it inherits Jobs' billing, hardware flavors, and namespace permissions for free. Two flavors are available: Sandbox.create for a dedicated VM (GPU workloads, untrusted code, full isolation) and SandboxPool to pack many cheap CPU sandboxes into a few shared host VMs for fan-out workloads like RL rollouts. This release also adds background processes (sbx.run(..., background=True) / hf sandbox spawn) and a port proxy (Sandbox.proxy_url_for) so you can reach a server running inside a sandbox from the outside over HTTP or WebSocket.

from huggingface_hub import Sandbox
with Sandbox.create(image="python:3.12") as sbx:   # ready in ~6s
sbx.files.write("/app/main.py", "print(40 + 2)")
print(sbx.run("python /app/main.py").stdout)    # 42

# Create, run, copy files, and terminate from the terminal
hf sandbox create
hf sandbox exec <id> -- python -c "print('hi')"
hf sandbox cp data.csv <id>:/data/data.csv
hf sandbox kill <id>
  • [Sandbox] Add Sandbox API and hf sandbox CLI on top of Jobs by @​Wauplin in #4350
  • [Sandbox] Background processes + proxy to reach in-sandbox servers by @​Wauplin in #4444

📚 Documentation: Sandboxes guide, Sandbox reference

⚡ Faster snapshot downloads with a tree cache

snapshot_download now caches a repository's file listing on disk under a new trees/ folder, so re-downloading a commit that's already cached costs a single network call — resolving the branch or tag to a commit hash — instead of one metadata request per file. The listing is immutable per commit and shared by both snapshot_download and hf_hub_download; for Xet-enabled files it also skips the per-file HEAD /resolve request entirely, rebuilding the metadata from the cached listing. As a deliberate side effect of the completeness check, when the Hub can't be reached and the local snapshot is missing requested files, snapshot_download now raises IncompleteSnapshotError instead of silently returning a partial folder.

  • [Download] Cache repo tree listing on disk in snapshot_download by @​Wauplin in #4394

📚 Documentation: Manage your cache

🛠️ CLI rebuilt on Click (drops Typer)

The entire hf CLI now runs on a small in-house layer over Click 8.x instead of Typer, which had vendored Click in a way that broke the CLI's custom help rendering, error enrichment, and shell completion — and forced capping typer<0.26. The migration preserves existing behavior: --help output is byte-identical, the generated cli.md reference is unchanged apart from a header comment, and shell completion now uses Click's native completion. The public typer_factory helper is kept so downstream libraries like transformers that register their own commands keep working.

💔 Breaking Change

  • [Upload] Deprecate upload_large_folder (API + CLI) by @​Wauplin in #4414upload_large_folder and hf upload-large-folder are now deprecated in favor of upload_folder / hf upload, which handle very large and resumable uploads out of the box.
  • Make filter_repo_objects pattern matching case-sensitive on all platforms by @​Sreekant13 in #4435allow_patterns/ignore_patterns now match case-sensitively on every OS (aligned with case-sensitive Hub paths). On Windows this is a behavior change: patterns like *.PDF no longer match file.pdf.
  • [Inference Providers] Remove dead inference providers by @​hanouticelina in #4447 — removes six providers no longer routed by the Hub (black-forest-labs, clarifai, hyperbolic, nebius, nvidia, sambanova) — docs

🖥️ CLI

  • [CLI] Add hf discussions edit by @​Wauplin in #4415docs
  • [CLI] hf cache: surface & prune incomplete downloads by @​Wauplin in #4416hf cache ls now flags leftover .incomplete files and hf cache prune removes them automatically — docs

... (truncated)

Commits
  • 5db966a Release: v1.22.0
  • 1d6e7d0 Release: v1.22.0.rc0
  • 8f03d83 Expose base_model filter param on get_dataset_leaderboard (#4474)
  • cc4e7cc [Http] Support standard Retry-After header in http_backoff (#4460)
  • 7b53d23 [CLI] Add a minimal Click framework for the CLI (#4462)
  • 4db84d0 Docs: Jobs are no longer Pro-only — update availability note in jobs guide (#...
  • a139277 Accept two-letter byte units (KB/MB/GB/TB/PB) in parse_size (#4468)
  • 28aecd9 Fix KeyError in get_dataset_leaderboard when entry has no source (#4473)
  • f70f00d Remove Usage command lists from CLI module docstrings (#4472)
  • 031d002 [CLI] Expose out singleton publicly + add out.log method (#4471)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [huggingface-hub](https://github.com/huggingface/huggingface_hub) from 0.30.1 to 1.22.0.
- [Release notes](https://github.com/huggingface/huggingface_hub/releases)
- [Commits](huggingface/huggingface_hub@v0.30.1...v1.22.0)

---
updated-dependencies:
- dependency-name: huggingface-hub
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants