dependabot[bot] opened a new pull request, #3488: URL: https://github.com/apache/iceberg-python/pull/3488
Bumps [huggingface-hub](https://github.com/huggingface/huggingface_hub) from 1.17.0 to 1.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/huggingface/huggingface_hub/releases";>huggingface-hub's releases</a>.</em></p> <blockquote> <h2>[v1.18.0] Unified file copying, web URL support, and storage usage</h2> <h2>🖥️ Unified <code>hf cp</code> command</h2> <p>A single <code>hf cp</code> command now handles all file-copy workflows (upload a local file, download from the Hub, or copy between two remote locations) with consistent <code>hf://</code> URI syntax for both repositories and buckets. It is also available as <code>hf repos cp</code> and <code>hf buckets cp</code>; all three aliases are identical, so you can use whichever reads best for your workflow. You can stream from stdin (<code>-</code>) or to stdout (<code>-</code>), and a trailing <code>/</code> on the source path gives you rsync-style semantics (copy the folder contents, not the folder itself). Note that remote-to-remote copies only work within the same <a href="https://huggingface.co/docs/hub/storage-regions";>storage region</a>, and bucket-to-repo is not yet supported.</p> <pre lang="bash"><code># Upload a local file to a repo hf cp ./model.safetensors hf://username/my-model/model.safetensors <h1>Download a file to stdout</h1> <p>hf cp hf://username/my-model/config.json - | jq .</p> <h1>Copy between two Hub repos</h1> <p>hf cp hf://username/source-model/config.json hf://username/dest-model/config.json </code></pre></p> <p>📚 <strong>Documentation:</strong> <a href="https://huggingface.co/docs/huggingface_hub/main/en/guides/cli#copy-files";>CLI guide — Copy files</a></p> <ul> <li>[CLI] Add unified <code>hf cp</code> command (aliased as <code>hf repos cp</code> and <code>hf buckets cp</code>) by <a href="https://github.com/Wauplin";><code>@​Wauplin</code></a> in <a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4295";>#4295</a></li> </ul> <h2>:egg: Easter egg:explore your storage usage</h2> <!-- raw HTML omitted --> <ul> <li>[CLI] Easter egg: city skyline in <code>hf repos ls</code> by <a href="https://github.com/Wauplin";><code>@​Wauplin</code></a> in <a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4287";>#4287</a></li> </ul> <h2>🔗 Paste web URLs directly</h2> <p><code>parse_hf_uri</code> now accepts Hugging Face <strong>web URLs</strong> so you can paste a link straight into the CLI or the library and it "just works".</p> <pre lang="bash"><code># Copy-paste a URL from the website hf cp https://huggingface.co/nvidia/LocateAnything-3B/blob/main/config.json - | jq '.architectures' </code></pre> <p>📚 <strong>Documentation:</strong> <a href="https://huggingface.co/docs/huggingface_hub/main/en/package_reference/hf_uris#web-urls";>HF URIs — Web URLs</a></p> <ul> <li>[URIs] Parse web URLs in <code>parse_hf_uri</code> + add <code>HfUri.to_url</code> by <a href="https://github.com/Wauplin";><code>@​Wauplin</code></a> in <a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4296";>#4296</a></li> </ul> <h2>🚨 Breaking change</h2> <p>On Lustre, GPFS, and some NFS mounts, <code>flock(2)</code> silently succeeds for every caller, which means <code>filelock</code> provides no mutual exclusion. When multiple <code>hf_hub_download</code> calls race for the same file, they can append to the same <code>.incomplete</code> file and silently corrupt the blob cache. This release fixes that by always downloading to a fresh temporary file instead of resuming an incomplete one, making the download path safe even when file locking is broken. <code>filelock</code> is still used as a "best-effort" hint to avoid unnecessary duplicate downloads, but correctness no longer depends on it. <strong>This is a breaking change: resuming a previously failed partial download is no longer possible. However, file resumability was already a niche use case only applicable when <code>hf_xet</code> is disabled.</strong></p> <ul> <li>[Fix] Make concurrent downloads safe even when file locking is broken by <a href="https://github.com/Wauplin";><code>@​Wauplin</code></a> in <a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4306";>#4306</a></li> </ul> <h2>🖥️ CLI</h2> <ul> <li>[CLI] inline enum choices in the generated CLI skill by <a href="https://github.com/hanouticelina";><code>@​hanouticelina</code></a> in <a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4299";>#4299</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/huggingface/huggingface_hub/commit/64e53566ec136eb8e2a30d02639d6407e95d746f";><code>64e5356</code></a> Release: v1.18.0</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/b1c4c20a24d2246cad2b209c83ea854ebbe317ea";><code>b1c4c20</code></a> Release: v1.18.0.rc0</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/c505f7755a780c9be9e9764b350575ddff460baa";><code>c505f77</code></a> [Fix] Make concurrent downloads safe even when file locking is broken (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4306";>#4306</a>)</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/d04c3b2083a07e34cbb6914c366edca0fd00a8ab";><code>d04c3b2</code></a> [URIs] Parse web URLs in <code>parse_hf_uri</code> + add <code>HfUri.to_url</code> (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4296";>#4296</a>)</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/0e57086dcefff2d6939cfb29e93d34a9cb57441e";><code>0e57086</code></a> Bump the actions group with 2 updates (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4309";>#4309</a>)</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/e628f153cd3ddc528f2f4211908de950571eff1d";><code>e628f15</code></a> [Download] Probe umask next to incomplete file instead of two levels above de...</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/f4a91c2e3da71fc9c49dfc479ded07433466a1d3";><code>f4a91c2</code></a> [CLI] inline enum choices in the generated CLI skill (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4299";>#4299</a>)</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/1138933105930098fbd4d51a384e1baafb0b90ec";><code>1138933</code></a> [Docs] Mention storage region limitation for server-side copy (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4302";>#4302</a>)</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/26a6df1abfdca37ddd380a1e3c926db20ee35477";><code>26a6df1</code></a> [Docs] Document missing parameters in hf_hub_url and preupload_lfs_files (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4300";>#4300</a>)</li> <li><a href="https://github.com/huggingface/huggingface_hub/commit/c6dfc6d86a061566542287f1a2d35f30982ae371";><code>c6dfc6d</code></a> [Docs] Document missing endpoint and template_str parameters (<a href="https://redirect.github.com/huggingface/huggingface_hub/issues/4298";>#4298</a>)</li> <li>Additional commits viewable in <a href="https://github.com/huggingface/huggingface_hub/compare/v1.17.0...v1.18.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
