build(deps): bump the minor-and-patch group with 22 updates

[dependabot]

Bumps the minor-and-patch group with 22 updates:

Package	From	To
anthropic	0.25.0	0.109.1
certifi	2026.2.25	2026.5.20
click	8.3.1	8.4.1
fastapi	0.110.0	0.137.0
filelock	3.25.2	3.29.4
fsspec	2026.2.0	2026.4.0
hf-xet	1.4.2	1.5.1
httptools	0.7.1	0.8.0
huggingface-hub	1.7.2	1.19.0
idna	3.11	3.18
markdown-it-py	4.0.0	4.2.0
packaging	26.0	26.2
pydantic	2.12.5	2.13.4
pydantic-core	2.41.5	2.47.0
pygments	2.19.2	2.20.0
pytest	9.0.2	9.1.0
pytz	2026.1.post1	2026.2
tokenizers	0.22.2	0.23.1
tqdm	4.67.3	4.68.2
typer	0.24.1	0.26.7
uvicorn	0.29.0	0.49.0
watchfiles	1.1.1	1.2.0

Updates anthropic from 0.25.0 to 0.109.1

Release notes

Sourced from anthropic's releases.

v0.109.1

0.109.1 (2026-06-09)

Full Changelog: v0.109.0...v0.109.1

Bug Fixes

• api: add frontier_llm refusal category (d3a806b)

v0.109.0

0.109.0 (2026-06-09)

Full Changelog: v0.108.0...v0.109.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (47633bf)

v0.108.0

0.108.0 (2026-06-09)

Full Changelog: v0.107.1...v0.108.0

Features

• api: add support for claude-mythos-5 and claude-fable-5, with support for server-side fallbacks on refusal (6b76649)
• client: adds client-side fallbacks middleware for API providers that do not support server-side fallbacks (6b76649)

v0.107.1

0.107.1 (2026-06-07)

Full Changelog: v0.107.0...v0.107.1

Bug Fixes

• foundry: send x-api-key header for API-key auth (#62) (1338141), closes #1661

v0.107.0

0.107.0 (2026-06-06)

Full Changelog: v0.106.0...v0.107.0

Features

• api: small updates to Managed Agents types (72923f9)

v0.106.0

0.106.0 (2026-06-05)

Full Changelog: v0.105.2...v0.106.0

... (truncated)

Changelog

Sourced from anthropic's changelog.

0.109.1 (2026-06-09)

Full Changelog: v0.109.0...v0.109.1

Bug Fixes

• api: add frontier_llm refusal category (d3a806b)

0.109.0 (2026-06-09)

Full Changelog: v0.108.0...v0.109.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (47633bf)

0.108.0 (2026-06-09)

Full Changelog: v0.107.1...v0.108.0

Features

• api: add support for claude-mythos-5 and claude-fable-5, with support for server-side fallbacks on refusal (6b76649)
• client: adds client-side fallbacks middleware for API providers that do not support server-side fallbacks (6b76649)

0.107.1 (2026-06-07)

Full Changelog: v0.107.0...v0.107.1

Bug Fixes

• foundry: send x-api-key header for API-key auth (#62) (1338141), closes #1661

0.107.0 (2026-06-06)

Full Changelog: v0.106.0...v0.107.0

Features

• api: small updates to Managed Agents types (72923f9)

0.106.0 (2026-06-05)

Full Changelog: v0.105.2...v0.106.0

Features

• api: mark Claude Opus 4.1 as deprecated (85068cc)

... (truncated)

Commits

• 992f11c release: 0.109.1
• 2ff6aee fix(api): add frontier_llm refusal category
• 42704bc release: 0.109.0
• 79c22fc feat(api): add support for Managed Agents deployments and environment variabl...
• 402be64 release: 0.108.0 (#1667)
• 260e687 release: 0.107.1
• 49c5395 fix(foundry): send x-api-key header for API-key auth (#62)
• 4ceca72 release: 0.107.0
• 3a6f9d9 feat(api): small updates to Managed Agents types
• 6a70c9f release: 0.106.0
• Additional commits viewable in compare view

Updates certifi from 2026.2.25 to 2026.5.20

Commits

• d7ea151 2026.05.20 (#413)
• 5dddfb0 2026.04.22 (#410)
• f99eccd Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#404)
• 918bed0 Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#405)
• 0a49067 Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#403)
• acf6ce8 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#398)
• feb0ed2 Bump actions/download-artifact from 7.0.0 to 8.0.0 (#397)
• d9c11a5 Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#396)
• See full diff in compare view

Updates click from 8.3.1 to 8.4.1

Release notes

Sourced from click's releases.

8.4.1

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-1 Milestone: https://github.com/pallets/click/milestone/32?closed=1

• get_parameter_source() is available during eager callbacks and type conversion again. #3458 #3484
• Zsh completion scripts parse correctly on Windows. #3277 # 3466
• Shell completion of Choice Enum values produces a valid completion result. #3015
• Fix empty byte-string handling in echo. #3487
• Fix closed file error with echo_via_pager. #3449

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.4.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-0 Milestone https://github.com/pallets/click/milestone/30

• ParamType typing improvements. #3371

  • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
  • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
  • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
  • :class:CompositeParamType and the number-range base are now generic with abstract methods.

• Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. #3372

• Parameter typing improvements. #2805

  • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
  • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
  • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

• Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior.

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.4.1

Released 2026-05-21

• get_parameter_source() is available during eager callbacks and type conversion again. {issue}3458 {pr}3484
• Zsh completion scripts parse correctly on Windows. {issue}3277 {pr}3466
• Shell completion of Enum values used as Choice options produces a valid completion result. {issue}3015 {pr}3471
• Fix empty byte-string handling in echo. {issue}3487 {pr}3493
• Fix closed file error with echo_via_pager. {issue}3449 {pr}3482
• Fix open_url on Windows when the file path contains spaces. {issue}2994 {pr}3478

Version 8.4.0

Released 2026-05-17

• {class}ParamType typing improvements. {pr}3371

  • {class}ParamType is now a generic abstract base class, parameterized by its converted value type.
  • {meth}~ParamType.convert return types are narrowed on all concrete types (str for {class}STRING, int for {class}INT, etc.).
  • {meth}~ParamType.to_info_dict returns specific {class}~typing.TypedDict subclasses instead of dict[str, Any].
  • {class}CompositeParamType and the number-range base are now generic with abstract methods.

• Refactor convert_type to extract type inference into a private _guess_type helper, and add {func}typing.overload signatures. {pr}3372

• {class}Parameter typing improvements. {pr}2805

  • {class}Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
  • {attr}Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
  • The ctx parameter of {meth}Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

• Split string values from default_map for parameters with nargs > 1 or {class}Tuple type, matching environment variable behavior. {issue}2745 {pr}3364

• Auto-detect type=UNPROCESSED for flag_value of non-basic types

... (truncated)

Commits

• 6eeb50e release version 8.4.1
• 67921d5 change log and doc fixes (#3495)
• 9c41f46 Fix changelog and version admonitions
• 6cb3477 fix skip condition
• 5ee8e31 fix I/O operation on closed file error with CliRunner and echo_via_pager (#3482)
• becbde5 pager doesn't close std streams
• a5f5aa6 Handle empty bytes in echo (#3493)
• 4d3db84 handle empty bytes in echo
• d42f15b Fix get_parameter_source() during type conversion and eager callbacks (#3484)
• 0baa8db Document ctx.params bypass with test and doc
• Additional commits viewable in compare view

Updates fastapi from 0.110.0 to 0.137.0

Release notes

Sourced from fastapi's releases.

0.137.0

Breaking Changes

• ♻️ Refactor internals to preserve APIRouter and APIRoute instances. PR #15745 by @​tiangolo.

Unblocks ✨ SO MANY THINGS ✨

Before this, router.include_router(other_router) would take each path operation from other_router and "clone" it, or recreate it from scratch.

This would mean that in the end there was only one top level router, part of the app.

The way it is structured here is that there are a few additional classes to handle intermediate metadata for router and route inclusion. That way the information of "router X includes Y and Y includes Z" is stored somewhere, without affecting (recreating / clonning) the final route.

Non Objectives

Dependencies for 404: previously I intended to support dependencies that would be executed even for 404, but that would conflict with the fact that a router could not find a match, but the next router did find a match. Executing dependencies in the router that did not find a match would not make sense, they could consume the request, body, etc. This original idea was discarded.

Specific Breaking Changes

Now router.routes is no longer a plain list of APIRoute objects, it can contain these intermediate objects that can contain additional routers, forming a tree.

Any logic that depended on iterating on the router.routes directly would be affected, that logic cannot expect to be able to extract data from a plain list of routes, as it's no longer a plain list but a tree.

Additionally, any logic that iterated on router.routes to modify them would now also see these new objects, and would not see all the routes in the app.

router.routes should be considered an internal implementation detail, only passed around to the FastAPI functions that need it.

Features

• Adding routes (path operations) after a router is included now works, they are reflected as they are not copied.
• Including subrouter in mainrouter can be done before adding routes (path operations) to subrouter, because now the the entire object is stored instead of copying the routes.
• As routes are not copied, in some cases that might save some memory.

Alpha Features

This is not documented yet, so it's not officially supported yet and could change in the future.

But, as APIRoute and APIRouter instances are now preserved, they could be customized.

APIRouter has two new methods, .matches() and .handle(), counterpart to the existing ones in APIRoute. With this a router could customize how it matches and handles requests. For example, it could match only requests that include some specific header, for example for handling versions in headers.

Still, for now, consider this very experimental and potentially changing and breaking in the future.

Future Features Enabled

• Custom APIRoute subclasses (undocumented, but alraedy works as desccribed above)
• Custom APIRouter subclasses (undocumented, but already works as described above)
• Dependencies per router
• Exception handlers per router
• Middleware per router

... (truncated)

Commits

• 9a9c4ad 🔖 Release version 0.137.0 (#15748)
• c6d5897 📝 Update release notes
• 31d097f 📝 Update release notes (#15747)
• ba609a8 📝 Update release notes
• 8e1d774 ♻️ Refactor internals to preserve APIRouter and APIRoute instances (#15745)
• 016ab76 📝 Update release notes
• e2fcd55 🔧 Update sponsors: remove TalorData (#15744)
• d3e6a29 📝 Update release notes
• e4b6a36 🔧 Update sponsors: remove ExoFlare (#15736)
• 944fb70 📝 Update release notes
• Additional commits viewable in compare view

Updates filelock from 3.25.2 to 3.29.4

Release notes

Sourced from filelock's releases.

3.29.4

What's Changed

• verify inode in break_lock_file before unlinking a stale lock by @​dxbjavid in tox-dev/filelock#561
• keep the read/write heartbeat alive on a transient touch error by @​dxbjavid in tox-dev/filelock#562

Full Changelog: tox-dev/filelock@3.29.3...3.29.4

3.29.3

What's Changed

• 🔧 ci(release): publish to PyPI on tag push by @​gaborbernat in tox-dev/filelock#557
• validate pid range in _parse_lock_holder by @​dxbjavid in tox-dev/filelock#556
• 🐛 fix(ci): restore release environment on tag job by @​gaborbernat in tox-dev/filelock#559
• 🐛 fix(ci): publish from release.yaml on tag push by @​gaborbernat in tox-dev/filelock#560

Full Changelog: tox-dev/filelock@3.29.2...3.29.3

3.29.2

What's Changed

• open marker reads non-blocking to refuse attacker-placed fifo by @​dxbjavid in tox-dev/filelock#549
• 🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks by @​gaborbernat in tox-dev/filelock#551
• check hostname in is_lock_held_by_us by @​dxbjavid in tox-dev/filelock#553

Full Changelog: tox-dev/filelock@3.29.1...3.29.2

3.29.1

What's Changed

• docs: fix API docs of release() by @​MrAnno in tox-dev/filelock#540
• docs: clarify per-thread scope of FileLock configuration by @​Gares95 in tox-dev/filelock#543
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#542
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#544
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#545
• 🐛 fix(soft): refuse to follow symlinks when reading the lock file by @​dxbjavid in tox-dev/filelock#548

New Contributors

• @​MrAnno made their first contribution in tox-dev/filelock#540
• @​Gares95 made their first contribution in tox-dev/filelock#543
• @​lphuc2250gma made their first contribution in tox-dev/filelock#542
• @​dxbjavid made their first contribution in tox-dev/filelock#548

... (truncated)

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.29.4 (2026-06-13)

---

• keep the read/write heartbeat alive on a transient touch error :pr:562 - by :user:dxbjavid
• verify inode in break_lock_file before unlinking a stale lock :pr:561 - by :user:dxbjavid

---

3.29.3 (2026-06-10)

---

• 🐛 fix(ci): restore release environment on tag job :pr:559
• validate pid range in _parse_lock_holder :pr:556 - by :user:dxbjavid
• 🔧 ci(release): publish to PyPI on tag push :pr:557
• build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 :pr:558 - by :user:dependabot[bot]

---

3.29.2 (2026-06-10)

---

• build(deps): bump actions/checkout from 6.0.2 to 6.0.3 :pr:555 - by :user:dependabot[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:554 - by :user:pre-commit-ci[bot]
• check hostname in is_lock_held_by_us :pr:553 - by :user:dxbjavid
• 🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks :pr:551
• open marker reads non-blocking to refuse attacker-placed fifo :pr:549 - by :user:dxbjavid

---

3.29.1 (2026-06-03)

---

• 🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:548 - by :user:dxbjavid
• [pre-commit.ci] pre-commit autoupdate :pr:547 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:546 - by :user:pre-commit-ci[bot]
• chore: improve filelock maintenance path :pr:545 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:544 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:542 - by :user:lphuc2250gma
• docs: clarify per-thread scope of FileLock configuration :pr:543 - by :user:Gares95
• [pre-commit.ci] pre-commit autoupdate :pr:541 - by :user:pre-commit-ci[bot]
• docs: fix API docs of release() :pr:540 - by :user:MrAnno
• [pre-commit.ci] pre-commit autoupdate :pr:539 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:538 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:537 - by :user:pre-commit-ci[bot]
• build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:536 - by :user:dependabot[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:535 - by :user:pre-commit-ci[bot]

---

... (truncated)

Commits

• f3c11c0 Release 3.29.4
• 5d663ee keep the read/write heartbeat alive on a transient touch error (#562)
• 406d0a2 verify inode in break_lock_file before unlinking a stale lock (#561)
• 85e73d7 🐛 fix(ci): publish from release.yaml on tag push (#560)
• f86dcb1 Release 3.29.3
• 643bdbe 🐛 fix(ci): restore release environment on tag job (#559)
• 7a8f74a validate pid range in _parse_lock_holder (#556)
• d1d49a0 🔧 ci(release): publish to PyPI on tag push (#557)
• b37e162 build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 (#558)
• d9216de Release 3.29.2
• Additional commits viewable in compare view

Updates fsspec from 2026.2.0 to 2026.4.0

Commits

• 8fdedd1 Merge branch 'master' of https://github.com/fsspec/filesystem_spec
• 8205d0d Release (#2027)
• 50bfba2 Merge branch 'master' of https://github.com/fsspec/filesystem_spec
• f58bc85 Revert "DEP: de-duplicate and sort optional dependencies (#2021)" (#2026)
• c6c7b40 Revert "DEP: de-duplicate and sort optional dependencies (#2021)"
• 3bc67f8 DEP: de-duplicate and sort optional dependencies (#2021)
• 0b290bf docs: add URL handling note to HTTPFileSystem class docstring (#2024)
• b33a2d6 ci: install downstream systems like gcsfs before testing so the _version.py...
• e9e7a5b Delegate DirFileSystem delete and write_text (#2022)
• 105d614 fix: use encode_url() in _pipe_file for consistency (#2023)
• Additional commits viewable in compare view

Updates hf-xet from 1.4.2 to 1.5.1

Release notes

Sourced from hf-xet's releases.

[hf-xet v1.5.1] Progress Reporting Improvement

Problems addressed

• Missing final progress update — Progress was only emitted on a fixed poll interval, so the last snapshot could be skipped when upload/download finished between ticks (e.g. UI stuck below 100%).

• Panic on shutdown — The background progress thread used Python::attach while the interpreter was tearing down, which can panic when the GIL is no longer available.

Full Changelog: huggingface/xet-core@1.5.0...v1.5.1

[hf-xet v1.5.0] Session based API

Replaces the old upload_files / download_files / hash_files Python functions with a new object-oriented API that exposes XetSession and its child objects directly as PyO3 classes. This gives Python callers full control over session lifecycle, connection pooling, and progress reporting.

The previous module-level functions are kept under hf_xet/src/legacy/ and remain importable as from hf_xet import upload_files etc., but now emit DeprecationWarning.

New Python API

import hf_xet
Optional: create a custom config (immutable; use .with_config() to derive updates)
config = hf_xet.XetConfig().with_config("data.max_concurrent_file_ingestion", 8)
Create session; config is optional (defaults to XetConfig() with HF_XET_* env overrides)
session = hf_xet.XetSession(config=config)
Upload — multiple files, bytes, and streaming within one commit
with session.new_upload_commit(
endpoint="https://cas.xethub.hf.co",
token="jwt", token_expiry_unix_secs=9999999999,
token_refresh_url="https://…/xet-write-token/main",
token_refresh_headers={"Authorization": "Bearer hf_…"},
) as commit:
h1 = commit.start_upload_file("/path/to/model.bin")
h2 = commit.start_upload_file("/path/to/tokenizer.json", sha256="f2358d9a…")
h3 = commit.start_upload_bytes(b"...", name="config.json")
with commit.start_upload_stream(name="big.bin") as stream:
for chunk in produce_chunks():
    stream.write(chunk)

on normal exit: wait_to_finish() is called automatically
on exception:   abort() is called automatically
SHA-256 sentinels
commit.start_upload_file("/path/to/model.bin", sha256=hf_xet.COMPUTE_SHA256)  # default
commit.start_upload_file("/path/to/model.bin", sha256=hf_xet.SKIP_SHA256)     # skip
Progress callback — receives (GroupProgressReport, dict[UniqueID, ItemProgressReport])
def on_progress(group, items):
bar.n = group.total_bytes_completed
bar.refresh()
</tr></table>

... (truncated)

Commits

• 9dc8c18 Try to fix sdist release due to LICENSE missing from tarball root directory (...
• 1c96264 chore: bump russh from 0.60 to 0.61 (#852)
• f71ac39 Update hf-xet to 1.5.1 (#866)
• c2c1772 hf-xet BackgroundProgress poller with condvar shutdown and final callback (#856)
• 624209d fix: debug assertions for deserialized MerkleHashSubtree (#864)
• 7ff7082 fix(chunk-windows): fold stable-boundary extension into ChunkWindowBuilder (#...
• a369688 Bump russh for cargo audit CI check (#860)
• 21aab77 ci(release): publish PEP 740 attestations to PyPI for hf-xet (#848)
• 5a75a71 feat: expose FileUploadSession low-level functions (#855)
• 40f9530 feat: range aware file write (#717)
• Additional commits viewable in compare view

Updates httptools from 0.7.1 to 0.8.0

Release notes

Sourced from httptools's releases.

v0.8.0

Changes

• Add http-parser and llhttp licenses into the wheels (#135) (by @​justeph in c398a157)

• Mark cython module as free-threading compatible (#139) (by @​kumaraditya303 in 28d1db15)

• Fix all typing issues (#134) (by @​Kludex in a9bda0ed)

• Bump llhttp to 9.4.1 (#145) (by @​fantix in e3e8d71e)

• Security: fix URL truncation issue (#144) (by @​fantix in a0283f07 for #142)

• Allow building with latest setuptools (#138) (by @​OldManYellsAtCloud in c403ad1a)

Commits

• cf10ce6 httptools 0.8.0
• a0283f0 security: fix URL truncation issue (#144)
• 05e6b8e ci: add freethreading 3.14 to the CI matrix (#146)
• e3e8d71 Bump llhttp to 9.4.1 (#145)
• a9bda0e Fix all typing issues (#134)
• 28d1db1 mark cython module as free-threading compatible (#139)
• c403ad1 Allow building with latest setuptools (#138)
• c398a15 Add http-parser and llhttp licenses into the wheels (#135)
• 4cfdabd ci: fix release workflow (#132)
• ef71da9 Post-release version bump
• See full diff in compare view

Updates huggingface-hub from 1.7.2 to 1.19.0

Release notes

Sourced from huggingface-hub's releases.

[v1.19.0] Trusted Publishers, hf:// URIs, and expose-ports for Jobs

🔐 Keyless CI/CD auth via OIDC token exchange

CI workflows can now authenticate to the Hub without storing an HF_TOKEN secret, using Trusted Publishers. Set HF_OIDC_RESOURCE to the repo (or username) you want to scope the token to, and huggingface_hub performs the OIDC exchange under the hood — no token, no setup code. GitHub Actions is supported out of the box (with permissions: id-token: write), and other providers can pass a pre-minted ID token via HF_OIDC_ID_TOKEN. Exchanged tokens are short-lived (1 hour), repo-scoped, and cached locally with automatic refresh.

# Publish a model without storing any HF_TOKEN secret
- name: Push the model
  env:
    HF_OIDC_RESOURCE: acme/awesome-model
  run: hf upload acme/awesome-model ./model .

• [Auth] Keyless CI/CD auth via OIDC token exchange by @​hanouticelina in #4326

📚 Documentation: Trusted Publishers

🖥️ hf:// URIs for upload and download

hf upload and hf download now accept an hf:// URI in place of the positional repo ID. The URI encodes repo type, revision, and file path in a single string following the grammar hf://[<TYPE>/]<ID>[@<REVISION>][/<PATH>], so you no longer need separate --repo-type and --revision flags. When a URI is provided, it is the single source of truth — passing --repo-type or --revision on top of it raises an error, and a path in the URI cannot be combined with positional filenames (download) or path_in_repo (upload).

# Download a single file from a dataset at a given revision
hf download hf://datasets/HuggingFaceM4/FineVision@refs/pr/1/data/train.parquet
Download an entire repo
hf download hf://datasets/google/fleurs
Upload a file to a dataset on a specific branch
hf upload hf://datasets/Wauplin/my-cool-dataset@my-branch/data/train.csv ./train.csv

• [CLI] Support hf:// URIs in hf upload and hf download by @​Wauplin in #4297

📚 Documentation: CLI guide — hf:// URIs · Download guide · Upload guide

🚀 Expose job ports through the jobs proxy

Jobs can now expose container ports through the public jobs proxy using --expose <port> (CLI) or expose=[8000] (Python API). Each exposed port is reachable at https://<job_id>--<port>.hf.jobs and requires an HF token with read access to the job's namespace. This works on hf jobs run, hf jobs uv run, and their scheduled variants. Job responses now surface expose_urls on JobStatus.

# Expose a web server running on port 8000
> hf jobs run --expose 8000 python:3.12 python -m http.server 8000
✓ Job started
  id: 6a2aa7cec4f53f9fc5aa4cff
  url: https://huggingface.co/jobs/Wauplin/6a2aa7cec4f53f9fc5aa4cff
Hint: Exposed ports are reachable at (requires an HF token with read access to the job):
  https://6a2aa7cec4f53f9fc5aa4cff--8000.hf.jobs
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

... (truncated)

Commits

• b1909eb Release: v1.19.0
• fe27c47 OIDC: Include error_description in HTTP error messages (#4341)
• 68dd701 Release: v1.19.0.rc1
• 934797e Release: v1.19.0.rc0
• 69ef7d7 [Agent] Dynamic agent harness registry (#4325)
• f6b439c [fix] Transient locaion error due to CDN (#4339)
• f1f2c43 Fix ignored-pattern warning grammar in download CLI (#4337)
• 92009d4 [Tests] Add xet/no_xet pytest markers to filter Xet vs non-Xet tests (#4336)
• e3b6d5b [Auth] Keyless CI/CD auth via OIDC token exchange (#4326)
• 8e4ca5c [CI] Remove .github/workflows/python-prerelease.yml (#4335)
• Additional commits viewable in compare view

Updates idna from 3.11 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

• When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

3.17 (2026-05-28)

• Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
• Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.

3.16 (2026-05-22)

• Add a command-line interface (python -m idna, also available as the idna script). Encodes or decodes one or more domains supplied as arguments or on standard input, with options to select A-label or U-label output and control error handling.
• Raise the minimum supported Python version to 3.9
• Various code quality improvements

3.15 (2026-05-12)

• Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
• Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
• Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
• Allow flit_core 4.x in the build backend.
• Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
• Add Dependabot configuration for GitHub Actions.
• Convert README and HISTORY from reStructuredText to Markdown.
• Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

• Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass

... (truncated)

Commits

• f39ea90 Release 3.18
• 40f4e40 Pre-release 3.18rc0
• 1a5bf80 Merge pull request #253 from kjd/lenient-decode
• 5bbb26f Merge branch 'master' into lenient-decode
• c532bae Rename decode() lenient= option to display= (issue #248)
• 0b1758b Merge pull request #252 from kjd/release-3.17
• f48619c Release 3.17
• 7421ba8 Pre-release 3.17rc0
• 22ebb73 Merge pull request #251 from kjd/structure-optimizations
• 2a7ac0a Drop redundant parallel-arrays comment from uts46data
• Additional commits viewable in compare view

Updates markdown-it-py from 4.0.0 to 4.2.0

Release notes

Sourced from markdown-it-py's releases.

v4.2.0

What's Changed

• ✨ Add make_fence_rule() factory for configurable fence markers by @​chrisjsewell in executablebooks/markdown-it-py#394
• 🚀 RELEASE v4.2.0 by @​chrisjsewell in executablebooks/markdown-it-py#395

Full Changelog: executablebooks/markdown-it-py@v4.1.0...v4.2.0

v4.1.0

What's Changed

• ✨ Add --stdin option to CLI by @​mcepl in executablebooks/markdown-it-py#379
• Add AGENTS.md and copilot-setup-steps workflow by @​Copilot in executablebooks/markdown-it-py#380
• 🔧 Add typing to Scanner by @​Alunderin in executablebooks/markdown-it-py#382Description has been truncated