Skip to content

build(deps): bump huggingface-hub from 1.14.0 to 1.22.0 in /search-api#193

Merged
saagpatel merged 1 commit into
masterfrom
dependabot/pip/search-api/huggingface-hub-1.22.0
Jul 7, 2026
Merged

build(deps): bump huggingface-hub from 1.14.0 to 1.22.0 in /search-api#193
saagpatel merged 1 commit into
masterfrom
dependabot/pip/search-api/huggingface-hub-1.22.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps huggingface-hub from 1.14.0 to 1.22.0.

Release notes

Sourced from huggingface-hub's releases.

[v1.22.0] Sandboxes, faster downloads, and a rebuilt CLI

🖥️ Sandboxes: isolated cloud machines on top of Jobs

Sandboxes are isolated cloud machines you can spin up in seconds, run commands in with live-streamed output, and move files in and out of — all from Python or the CLI. They are built entirely on top of Jobs: under the hood a sandbox is just a Job running a tiny static server, so any Docker image with /bin/sh works and it inherits Jobs' billing, hardware flavors, and namespace permissions for free. Two flavors are available: Sandbox.create for a dedicated VM (GPU workloads, untrusted code, full isolation) and SandboxPool to pack many cheap CPU sandboxes into a few shared host VMs for fan-out workloads like RL rollouts. This release also adds background processes (sbx.run(..., background=True) / hf sandbox spawn) and a port proxy (Sandbox.proxy_url_for) so you can reach a server running inside a sandbox from the outside over HTTP or WebSocket.

from huggingface_hub import Sandbox
with Sandbox.create(image="python:3.12") as sbx:   # ready in ~6s
sbx.files.write("/app/main.py", "print(40 + 2)")
print(sbx.run("python /app/main.py").stdout)    # 42

# Create, run, copy files, and terminate from the terminal
hf sandbox create
hf sandbox exec <id> -- python -c "print('hi')"
hf sandbox cp data.csv <id>:/data/data.csv
hf sandbox kill <id>
  • [Sandbox] Add Sandbox API and hf sandbox CLI on top of Jobs by @​Wauplin in #4350
  • [Sandbox] Background processes + proxy to reach in-sandbox servers by @​Wauplin in #4444

📚 Documentation: Sandboxes guide, Sandbox reference

⚡ Faster snapshot downloads with a tree cache

snapshot_download now caches a repository's file listing on disk under a new trees/ folder, so re-downloading a commit that's already cached costs a single network call — resolving the branch or tag to a commit hash — instead of one metadata request per file. The listing is immutable per commit and shared by both snapshot_download and hf_hub_download; for Xet-enabled files it also skips the per-file HEAD /resolve request entirely, rebuilding the metadata from the cached listing. As a deliberate side effect of the completeness check, when the Hub can't be reached and the local snapshot is missing requested files, snapshot_download now raises IncompleteSnapshotError instead of silently returning a partial folder.

  • [Download] Cache repo tree listing on disk in snapshot_download by @​Wauplin in #4394

📚 Documentation: Manage your cache

🛠️ CLI rebuilt on Click (drops Typer)

The entire hf CLI now runs on a small in-house layer over Click 8.x instead of Typer, which had vendored Click in a way that broke the CLI's custom help rendering, error enrichment, and shell completion — and forced capping typer<0.26. The migration preserves existing behavior: --help output is byte-identical, the generated cli.md reference is unchanged apart from a header comment, and shell completion now uses Click's native completion. The public typer_factory helper is kept so downstream libraries like transformers that register their own commands keep working.

💔 Breaking Change

  • [Upload] Deprecate upload_large_folder (API + CLI) by @​Wauplin in #4414upload_large_folder and hf upload-large-folder are now deprecated in favor of upload_folder / hf upload, which handle very large and resumable uploads out of the box.
  • Make filter_repo_objects pattern matching case-sensitive on all platforms by @​Sreekant13 in #4435allow_patterns/ignore_patterns now match case-sensitively on every OS (aligned with case-sensitive Hub paths). On Windows this is a behavior change: patterns like *.PDF no longer match file.pdf.
  • [Inference Providers] Remove dead inference providers by @​hanouticelina in #4447 — removes six providers no longer routed by the Hub (black-forest-labs, clarifai, hyperbolic, nebius, nvidia, sambanova) — docs

🖥️ CLI

  • [CLI] Add hf discussions edit by @​Wauplin in #4415docs
  • [CLI] hf cache: surface & prune incomplete downloads by @​Wauplin in #4416hf cache ls now flags leftover .incomplete files and hf cache prune removes them automatically — docs

... (truncated)

Commits
  • 5db966a Release: v1.22.0
  • 1d6e7d0 Release: v1.22.0.rc0
  • 8f03d83 Expose base_model filter param on get_dataset_leaderboard (#4474)
  • cc4e7cc [Http] Support standard Retry-After header in http_backoff (#4460)
  • 7b53d23 [CLI] Add a minimal Click framework for the CLI (#4462)
  • 4db84d0 Docs: Jobs are no longer Pro-only — update availability note in jobs guide (#...
  • a139277 Accept two-letter byte units (KB/MB/GB/TB/PB) in parse_size (#4468)
  • 28aecd9 Fix KeyError in get_dataset_leaderboard when entry has no source (#4473)
  • f70f00d Remove Usage command lists from CLI module docstrings (#4472)
  • 031d002 [CLI] Expose out singleton publicly + add out.log method (#4471)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [huggingface-hub](https://github.com/huggingface/huggingface_hub) from 1.14.0 to 1.22.0.
- [Release notes](https://github.com/huggingface/huggingface_hub/releases)
- [Commits](huggingface/huggingface_hub@v1.14.0...v1.22.0)

---
updated-dependencies:
- dependency-name: huggingface-hub
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: intake. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added security dependencies Pull requests that update a dependency file labels Jul 6, 2026
@saagpatel saagpatel merged commit 4a94191 into master Jul 7, 2026
19 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/search-api/huggingface-hub-1.22.0 branch July 7, 2026 07:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file security

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant