Skip to content

Update huggingface-hub requirement from >=1.5.0 to >=1.20.0#8

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/huggingface-hub-gte-1.20.0
Open

Update huggingface-hub requirement from >=1.5.0 to >=1.20.0#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/huggingface-hub-gte-1.20.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown

Updates the requirements on huggingface-hub to permit the latest version.

Release notes

Sourced from huggingface-hub's releases.

[v1.20.0] Browser-based OAuth login, multi-commit folder uploads, and more

🔒 Browser-based OAuth login

hf auth login now defaults to a browser-based OAuth Device Code flow instead of asking you to copy-paste a token. The command prints a URL and a short code, you authorize in the browser, and the CLI retrieves and saves the token for you. The same applies to login() in Python. In an interactive terminal you still get a gh-style arrow-key menu to pick between browser login and pasting a token, and --token works exactly as before.

OAuth tokens expire after 30 days, but they come with a refresh token: get_token() transparently refreshes them when less than a day of validity remains, so long-running setups keep working without re-authenticating. hf auth list now shows the expiry date for OAuth tokens.

> hf auth login
? How would you like to log in? Log in with your browser
Open this URL in your browser:
    https://hf.co/oauth/device
And enter the code: 52AT-FLYZ
Waiting for authorization.

When the command is run by an AI agent, it never prompts. Instead it streams structured events so the agent can surface the URL and code to its user, then blocks until a terminal auth_success / auth_error event:

$ hf auth login --format json
{"event": "device_code", "verification_uri": "https://hf.co/oauth/device", "user_code": "52AT-FLYZ", "verification_uri_complete": "https://hf.co/oauth/device", "expires_in": 300, "interval": 5}
{"event": "auth_success", "user": "celinah", "token_name": "oauth-celinah"}

hf auth list surfaces the new expiry column:

$ hf auth list
  name          token       expires
- ------------- ----------- -------------------
  my-token      hf_****5678
* oauth-user    hf_****1234 2026-07-09
  oauth-old     hf_****9999 2026-06-09 (expired)

Finally, notebook_login() now renders the link and code with plain IPython.display.HTML, dropping the ipywidgets dependency.

⚡ Faster, more reliable hf upload for large folders

hf upload and the underlying upload_folder have been revamped to be faster and far more robust on large folders. When hf_xet is installed (the default), uploads now run through a streamed, multi-commit pipeline built on the XetSession API: the folder is scanned and fed into a background Xet upload while previous batches are committed in parallel, and files are hashed in a single read pass while they are chunked (the old flow read every large file twice). Nothing changes in how you call it:

hf upload <repo-id> <path/to/folder>

... (truncated)

Commits
  • 8d52526 Release: v1.20.0
  • 9379ae3 Release: v1.20.0.rc0
  • 3b3abe3 [Spaces] Add wait_for_space API and hf spaces wait CLI (#4380)
  • e52fdef [CLI] Make hf jobs ssh wait for job to be running (#4379)
  • a0c1dfe [Jobs] Add hf jobs wait and HfApi.wait_for_job (#4345)
  • 5589874 [Inference Endpoints] Custom-container deploy CLI + deprecate protected endpo...
  • 462d093 [CLI] Suggest creating repo/bucket on NotFound errors (#4372)
  • ebe5315 Add new JobNotFound error (#4367)
  • d1b847d Bump codecov/codecov-action from 6.0.1 to 7.0.0 in the actions group (#4373)
  • 2580f87 [CI] Do not fail on tmp repo deletion (#4371)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Update huggingface-hub requirement from >=1.5.0 to >=1.20.0
eaf0c20 
Updates the requirements on [huggingface-hub](https://github.com/huggingface/huggingface_hub) to permit the latest version.
- [Release notes](https://github.com/huggingface/huggingface_hub/releases)
- [Commits](huggingface/huggingface_hub@v1.5.0...v1.20.0)

---
updated-dependencies:
- dependency-name: huggingface-hub
  dependency-version: 1.20.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 18, 2026
@dependabot dependabot Bot mentioned this pull request Jun 18, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants