build(deps): bump the minor-and-patch group across 1 directory with 21 updates

[dependabot]

Bumps the minor-and-patch group with 21 updates in the / directory:

Package	From	To
anthropic	0.25.0	0.105.2
certifi	2026.2.25	2026.5.20
click	8.3.1	8.4.1
fastapi	0.110.0	0.136.3
filelock	3.25.2	3.29.0
fsspec	2026.2.0	2026.4.0
hf-xet	1.4.2	1.5.0
httptools	0.7.1	0.8.0
huggingface-hub	1.7.2	1.17.0
idna	3.11	3.17
markdown-it-py	4.0.0	4.2.0
packaging	26.0	26.2
pydantic	2.12.5	2.13.4
pydantic-core	2.41.5	2.47.0
pygments	2.19.2	2.20.0
pytest	9.0.2	9.0.3
pytz	2026.1.post1	2026.2
tokenizers	0.22.2	0.23.1
typer	0.24.1	0.26.5
uvicorn	0.29.0	0.48.0
watchfiles	1.1.1	1.2.0

Updates anthropic from 0.25.0 to 0.105.2

Release notes

Sourced from anthropic's releases.

v0.105.2

0.105.2 (2026-05-29)

Full Changelog: v0.105.1...v0.105.2

v0.105.1

0.105.1 (2026-05-29)

Full Changelog: v0.105.0...v0.105.1

Chores

• internal: use Trusted Publishing for PyPI releases (1d04fc5)

v0.105.0

0.105.0 (2026-05-28)

Full Changelog: v0.104.1...v0.105.0

Features

• api: Add support for claude-opus-4-8, mid-conversation system blocks, and usage.output_tokens_details (f18b014)
• support custom file size caps (#1825) (7e5f944)

Chores

• examples: rename managed-agents private-sandbox-worker to self-hosted-sandbox-worker (#1822) (750f956)

Documentation

• replace literal newlines (8f7f6c0)

v0.104.1

0.104.1 (2026-05-21)

Full Changelog: v0.104.0...v0.104.1

Bug Fixes

• streaming: carry encrypted_content through beta compaction accumulator (#1821) (f7a720c)

v0.104.0

0.104.0 (2026-05-21)

Full Changelog: v0.103.1...v0.104.0

Features

... (truncated)

Changelog

Sourced from anthropic's changelog.

0.105.2 (2026-05-29)

Full Changelog: v0.105.1...v0.105.2

0.105.1 (2026-05-29)

Full Changelog: v0.105.0...v0.105.1

Chores

• internal: use Trusted Publishing for PyPI releases (1d04fc5)

0.105.0 (2026-05-28)

Full Changelog: v0.104.1...v0.105.0

Features

• api: Add support for claude-opus-4-8, mid-conversation system blocks, and usage.output_tokens_details (f18b014)
• support custom file size caps (#1825) (7e5f944)

Chores

• examples: rename managed-agents private-sandbox-worker to self-hosted-sandbox-worker (#1822) (750f956)

Documentation

• replace literal newlines (8f7f6c0)

0.104.1 (2026-05-21)

Full Changelog: v0.104.0...v0.104.1

Bug Fixes

• streaming: carry encrypted_content through beta compaction accumulator (#1821) (f7a720c)

0.104.0 (2026-05-21)

Full Changelog: v0.103.1...v0.104.0

Features

• api: Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (80d0fdf)

0.103.1 (2026-05-19)

Full Changelog: v0.103.0...v0.103.1

... (truncated)

Commits

• ddd43b7 release: 0.105.2
• 6213e77 ci: grant id-token permission for PyPI trusted publishing (#1837)
• d88cede release: 0.105.1
• 2ace39f codegen metadata
• 24fe7d6 chore(internal): use Trusted Publishing for PyPI releases
• c1d9307 codegen metadata
• 9eaf324 codegen metadata
• 43b5b1f Update CHANGELOG.md
• daca1ac release: 0.105.0
• 2b82676 feat(api): Add support for claude-opus-4-8, mid-conversation system blocks, a...
• Additional commits viewable in compare view

Updates certifi from 2026.2.25 to 2026.5.20

Commits

• d7ea151 2026.05.20 (#413)
• 5dddfb0 2026.04.22 (#410)
• f99eccd Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#404)
• 918bed0 Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#405)
• 0a49067 Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#403)
• acf6ce8 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#398)
• feb0ed2 Bump actions/download-artifact from 7.0.0 to 8.0.0 (#397)
• d9c11a5 Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#396)
• See full diff in compare view

Updates click from 8.3.1 to 8.4.1

Release notes

Sourced from click's releases.

8.4.1

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-1 Milestone: https://github.com/pallets/click/milestone/32?closed=1

• get_parameter_source() is available during eager callbacks and type conversion again. #3458 #3484
• Zsh completion scripts parse correctly on Windows. #3277 # 3466
• Shell completion of Choice Enum values produces a valid completion result. #3015
• Fix empty byte-string handling in echo. #3487
• Fix closed file error with echo_via_pager. #3449

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.4.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-0 Milestone https://github.com/pallets/click/milestone/30

• ParamType typing improvements. #3371

  • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
  • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
  • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
  • :class:CompositeParamType and the number-range base are now generic with abstract methods.

• Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. #3372

• Parameter typing improvements. #2805

  • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
  • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
  • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

• Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior.

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.4.1

Released 2026-05-21

• get_parameter_source() is available during eager callbacks and type conversion again. :issue:3458 :issue:3484
• Zsh completion scripts parse correctly on Windows. :issue:3277 :pr:3466
• Shell completion of Choice Enum values produces a valid completion result. :issue:3015
• Fix empty byte-string handling in echo. :issue:3487
• Fix closed file error with echo_via_pager. :issue:3449

Version 8.4.0

Released 2026-05-17

• :class:ParamType typing improvements. :pr:3371

  • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
  • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
  • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
  • :class:CompositeParamType and the number-range base are now generic with abstract methods.

• Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. :pr:3372

• :class:Parameter typing improvements. :pr:2805

  • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
  • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
  • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

• Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior. :issue:2745 :pr:3364

• Auto-detect type=UNPROCESSED for flag_value of non-basic types (not str, int, float, or bool), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously type=click.UNPROCESSED had to be set explicitly. :issue:2012 :pr:3363

... (truncated)

Commits

• 6eeb50e release version 8.4.1
• 67921d5 change log and doc fixes (#3495)
• 9c41f46 Fix changelog and version admonitions
• 6cb3477 fix skip condition
• 5ee8e31 fix I/O operation on closed file error with CliRunner and echo_via_pager (#3482)
• becbde5 pager doesn't close std streams
• a5f5aa6 Handle empty bytes in echo (#3493)
• 4d3db84 handle empty bytes in echo
• d42f15b Fix get_parameter_source() during type conversion and eager callbacks (#3484)
• 0baa8db Document ctx.params bypass with test and doc
• Additional commits viewable in compare view

Updates fastapi from 0.110.0 to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

• ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

0.136.2

Refactors

• ♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR #15588 by @​tiangolo.

Docs

• 📝 Document --entrypoint CLI option. PR #15464 by @​YuriiMotov.
• 📝 Update and simplify docs about help and management. PR #15583 by @​tiangolo.
• 📝 Add docs references to central contributing docs. PR #15580 by @​tiangolo.
• 📝 Update security policy. PR #15577 by @​tiangolo.
• 🍱 Update sponsors: TalorData image. PR #15562 by @​tiangolo.
• 📝 Update docs, simplify usage of admonitions, only default ones. PR #15553 by @​tiangolo.
• 📝 Fix image URLs in index.md. PR #15534 by @​YuriiMotov.
• ✏️ Fix Azkaban spelling typo in virtual-environments.md‎. PR #15463 by @​isaacbernat.
• 💄 Improve layout and styling. PR #15462 by @​alejsdev.
• 💄 Refactor opinions section with interactive tabs and new logos. PR #15458 by @​alejsdev.
• 📝 Add FastAPI Conf '26 announcement to docs. PR #15457 by @​alejsdev.

Translations

• 🌐 Improve translation consistency in ‎docs/pt/docs/advanced/generate-clients.md‎. PR #15456 by @​Will-thom.
• 🌐 Update translations for ja (update-outdated). PR #15530 by @​tiangolo.
• 🌐 Update translations for uk (update-outdated). PR #15529 by @​tiangolo.
• 🌐 Update translations for pt (update-outdated). PR #15528 by @​tiangolo.
• 🌐 Update translations for de (update-outdated). PR #15527 by @​tiangolo.
• 🌐 Update translations for tr (update-outdated). PR #15526 by @​tiangolo.
• 🌐 Update translations for ko (update-outdated). PR #15525 by @​tiangolo.
• 🌐 Update translations for zh-hant (update-outdated). PR #15524 by @​tiangolo.
• 🌐 Update translations for fr (update-outdated). PR #15522 by @​tiangolo.
• 🌐 Update translations for es (update-outdated). PR #15523 by @​tiangolo.
• 🌐 Update translations for zh (update-outdated). PR #15520 by @​tiangolo.
• 🌐 Update translations for ru (update-outdated). PR #15521 by @​tiangolo.
• 🌐 Fix typos in Spanish LLM-prompt. PR #15472 by @​crr004.

Internal

• ✅ Update tests, don't double dispose the engine. PR #15587 by @​tiangolo.
• ⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR #13583 by @​dikos1337.
• 🔥 Remove config files now in central GitHub repo. PR #15585 by @​tiangolo.
• ⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR #15502 by @​dependabot[bot].
• ⬆ Bump idna from 3.11 to 3.15. PR #15565 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR #15571 by @​dependabot[bot].
• 🔧 Migrate docs from MkDocs to Zensical. PR #15563 by @​tiangolo.
• 🔒️ Only allow team members to modify dependencies. PR #15548 by @​svlandeg.

... (truncated)

Commits

• 8206485 🔖 Release version 0.136.3
• c910e01 📝 Update release notes
• 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
• 22b02e2 🔖 Release version 0.136.2
• 3b252a2 📝 Update release notes
• c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
• cb83b83 📝 Update release notes
• 00f805c ✅ Update tests, don't double dispose the engine (#15587)
• 3675137 📝 Update release notes
• 7b57e42 📝 Document --entrypoint CLI option (#15464)
• Additional commits viewable in compare view

Updates filelock from 3.25.2 to 3.29.0

Release notes

Sourced from filelock's releases.

3.29.0

What's Changed

• 🐛 fix(async): use single-thread executor for lock consistency by @​gaborbernat in tox-dev/filelock#533
• ✨ feat(soft): enable stale lock detection on Windows by @​gaborbernat in tox-dev/filelock#534

Full Changelog: tox-dev/filelock@3.28.0...3.29.0

3.28.0

What's Changed

• 🐛 fix(ci): unbreak release workflow, publish to PyPI again by @​gaborbernat in tox-dev/filelock#529

Full Changelog: tox-dev/filelock@3.27.0...3.28.0

3.27.0

What's Changed

• ✨ feat(rw): add SoftReadWriteLock for NFS and HPC clusters by @​gaborbernat in tox-dev/filelock#528

Full Changelog: tox-dev/filelock@3.26.1...3.27.0

3.26.1

What's Changed

• 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handling by @​naarob in tox-dev/filelock#518

New Contributors

• @​naarob made their first contribution in tox-dev/filelock#518

Full Changelog: tox-dev/filelock@3.26.0...3.26.1

3.26.0

What's Changed

• 🔒 ci(workflows): add zizmor security auditing by @​gaborbernat in tox-dev/filelock#517
• 🔧 fix(ci): restore git credentials for release job by @​gaborbernat in tox-dev/filelock#520
• ✨ feat(soft): add PID inspection and lock breaking by @​gaborbernat in tox-dev/filelock#524

Full Changelog: tox-dev/filelock@3.25.2...3.26.0

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.29.0 (2026-04-19)

---

• ✨ feat(soft): enable stale lock detection on Windows :pr:534
• 🐛 fix(async): use single-thread executor for lock consistency :pr:533
• build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:530 - by :user:dependabot[bot]

---

3.28.0 (2026-04-14)

---

• 🐛 fix(ci): unbreak release workflow, publish to PyPI again :pr:529

---

3.26.1 (2026-04-09)

---

• 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handling :pr:518 - by :user:naarob
• build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:525 - by :user:dependabot[bot]

---

3.26.0 (2026-04-06)

---

• ✨ feat(soft): add PID inspection and lock breaking :pr:524
• [pre-commit.ci] pre-commit autoupdate :pr:523 - by :user:pre-commit-ci[bot]
• build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 :pr:522 - by :user:dependabot[bot]
• Remove persist-credentials: false from release job :pr:520
• [pre-commit.ci] pre-commit autoupdate :pr:519 - by :user:pre-commit-ci[bot]
• 🔒 ci(workflows): add zizmor security auditing :pr:517
• [pre-commit.ci] pre-commit autoupdate :pr:516 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:514 - by :user:pre-commit-ci[bot]

---

3.25.2 (2026-03-11)

---

• 🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:513

---

3.25.1 (2026-03-09)

---

• [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
• 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511

... (truncated)

Commits

• 469b47f Release 3.29.0
• e85d072 ✨ feat(soft): enable stale lock detection on Windows (#534)
• f5ee171 🐛 fix(async): use single-thread executor for lock consistency (#533)
• 2a95458 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#530)
• 55de20c Release 3.28.0
• 476b0e4 🐛 fix(ci): unbreak release workflow, publish to PyPI again (#529)
• 824713e ✨ feat(rw): add SoftReadWriteLock for NFS and HPC clusters (#528)
• 9879de9 [pre-commit.ci] pre-commit autoupdate (#527)
• 4cfab49 Release 3.26.1
• 734c9f2 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handli...
• Additional commits viewable in compare view

Updates fsspec from 2026.2.0 to 2026.4.0

Commits

• 8fdedd1 Merge branch 'master' of https://github.com/fsspec/filesystem_spec
• 8205d0d Release (#2027)
• 50bfba2 Merge branch 'master' of https://github.com/fsspec/filesystem_spec
• f58bc85 Revert "DEP: de-duplicate and sort optional dependencies (#2021)" (#2026)
• c6c7b40 Revert "DEP: de-duplicate and sort optional dependencies (#2021)"
• 3bc67f8 DEP: de-duplicate and sort optional dependencies (#2021)
• 0b290bf docs: add URL handling note to HTTPFileSystem class docstring (#2024)
• b33a2d6 ci: install downstream systems like gcsfs before testing so the _version.py...
• e9e7a5b Delegate DirFileSystem delete and write_text (#2022)
• 105d614 fix: use encode_url() in _pipe_file for consistency (#2023)
• Additional commits viewable in compare view

Updates hf-xet from 1.4.2 to 1.5.0

Release notes

Sourced from hf-xet's releases.

[hf-xet v1.5.0] Session based API

Replaces the old upload_files / download_files / hash_files Python functions with a new object-oriented API that exposes XetSession and its child objects directly as PyO3 classes. This gives Python callers full control over session lifecycle, connection pooling, and progress reporting.

The previous module-level functions are kept under hf_xet/src/legacy/ and remain importable as from hf_xet import upload_files etc., but now emit DeprecationWarning.

New Python API

import hf_xet
Optional: create a custom config (immutable; use .with_config() to derive updates)
config = hf_xet.XetConfig().with_config("data.max_concurrent_file_ingestion", 8)
Create session; config is optional (defaults to XetConfig() with HF_XET_* env overrides)
session = hf_xet.XetSession(config=config)
Upload — multiple files, bytes, and streaming within one commit
with session.new_upload_commit(
endpoint="https://cas.xethub.hf.co",
token="jwt", token_expiry_unix_secs=9999999999,
token_refresh_url="https://…/xet-write-token/main",
token_refresh_headers={"Authorization": "Bearer hf_…"},
) as commit:
h1 = commit.start_upload_file("/path/to/model.bin")
h2 = commit.start_upload_file("/path/to/tokenizer.json", sha256="f2358d9a…")
h3 = commit.start_upload_bytes(b"...", name="config.json")
with commit.start_upload_stream(name="big.bin") as stream:
for chunk in produce_chunks():
    stream.write(chunk)

on normal exit: wait_to_finish() is called automatically
on exception:   abort() is called automatically
SHA-256 sentinels
commit.start_upload_file("/path/to/model.bin", sha256=hf_xet.COMPUTE_SHA256)  # default
commit.start_upload_file("/path/to/model.bin", sha256=hf_xet.SKIP_SHA256)     # skip
Progress callback — receives (GroupProgressReport, dict[UniqueID, ItemProgressReport])
def on_progress(group, items):
bar.n = group.total_bytes_completed
bar.refresh()
with session.new_upload_commit(
token_refresh_url="https://…/xet-write-token/main",
token_refresh_headers={"Authorization": "Bearer hf_…"},
progress_callback=on_progress,
progress_interval_ms=100,
) as commit:
commit.start_upload_file("/path/to/model.bin")
</tr></table>

... (truncated)

Commits

• 6ed5a00 Bump rustls-webpki from 0.103.10 to 0.103.13 (#823)
• 1629992 Add context manager for upload stream (#825)
• 9e804c2 Remove unnecessary UniqueId -> UniqueID type alias (#824)
• 23ec294 Expose XetSession APIs to Python (#792)
• d40f96b Fix spelling typos in comments and docs (#826)
• 18ebe48 Bump hf_xet rand to 0.10 (#811)
• 145b819 feat: expose CAS client factory and chunk cache re-exports (#730)
• 8df04e8 Potential fix for a couple of crates release issues (#806)
• b43c0ae Move XetRuntime model away from thread-local statics (#801)
• 7e91d1c Upgrade testing capability for GC simulations (#786)
• Additional commits viewable in compare view

Updates httptools from 0.7.1 to 0.8.0

Release notes

Sourced from httptools's releases.

v0.8.0

Changes

• Add http-parser and llhttp licenses into the wheels (#135) (by @​justeph in c398a157)

• Mark cython module as free-threading compatible (#139) (by @​kumaraditya303 in 28d1db15)

• Fix all typing issues (#134) (by @​Kludex in a9bda0ed)

• Bump llhttp to 9.4.1 (#145) (by @​fantix in e3e8d71e)

• Security: fix URL truncation issue (#144) (by @​fantix in a0283f07 for #142)

• Allow building with latest setuptools (#138) (by @​OldManYellsAtCloud in c403ad1a)

Commits

• cf10ce6 httptools 0.8.0
• a0283f0 security: fix URL truncation issue (#144)
• 05e6b8e ci: add freethreading 3.14 to the CI matrix (#146)
• e3e8d71 Bump llhttp to 9.4.1 (#145)
• a9bda0e Fix all typing issues (#134)
• 28d1db1 mark cython module as free-threading compatible (#139)
• c403ad1 Allow building with latest setuptools (#138)
• c398a15 Add http-parser and llhttp licenses into the wheels (#135)
• 4cfdabd ci: fix release workflow (#132)
• ef71da9 Post-release version bump
• See full diff in compare view

Updates huggingface-hub from 1.7.2 to 1.17.0

Release notes

Sourced from huggingface-hub's releases.

[v1.17.0] Cross-repo copies, ssh to Spaces, smarter CLI tables

📋 Copy files between repositories

You can now copy files or entire folders between different repositories on the Hub — model to model, model to dataset, any combination — without downloading or re-uploading data. CommitOperationCopy accepts src_repo_id and src_repo_type for cross-repo sources, and LFS blobs are deduplicated server-side via the /lfs-files/duplicate endpoint. Non-LFS files are fetched from the source repo and committed as regular payloads. copy_files and hf buckets cp now support repo-to-repo in addition to the existing bucket destinations.

>>> from huggingface_hub import copy_files
Copy an entire folder
>>> copy_files(
...     "hf://datasets/username/source-dataset/data/",
...     "hf://datasets/username/target-dataset/data/",
... )

• [Copy] Support cross-repo file copies by @​Wauplin in #4203

📚 Documentation: Upload guide — Copy files between repositories

🖥️ SSH into a Space with hf spaces ssh

A new hf spaces ssh command opens an SSH session directly into a Space's Dev Mode container. If Dev Mode is not enabled yet, the CLI prompts you to enable it. You can also use --dry-run to print the SSH command without running it, or -i to forward a specific key. Your SSH public key must be registered in your HF user settings.

# SSH into a Space
$ hf spaces ssh username/my-space
Print the SSH command without running it
$ hf spaces ssh username/my-space --dry-run

• [CLI] Add hf spaces ssh by @​gary149 in #4241

📚 Documentation: CLI guide — SSH into a Space | Spaces guide — SSH into a Space

📂 List all your repos with hf repos ls

A new hf repos ls command lists all your repositories — models, datasets, spaces, and buckets — with storage size and percentage of namespace total, sorted by storage usage. It supports --type, --search, --namespace, and --limit (default 30, --limit 0 for all), plus the standard --format family.

# List all your repos
$ hf repos ls
List all datasets under org with JSON output
$ hf repos ls --namespace my-org --type dataset --limit 0 --format json | jq '.[].id'

• [CLI] Add hf repos ls command by @​Wauplin in #4283

📚 Documentation: CLI guide — List repos | Repository guide — List your repositories

... (truncated)

Commits

• b529493 Release: v1.17.0
• e2f95ef Release: v1.17.0.rc0
• 06d2a3f [CLI] Add hf repos ls command (#4283)
• 714044e [Docs] Document missing parameters in lfs, hf_file_system, and repocard_data ...
• 5e8e940 [CLI] Auto right-align numeric columns in human table output (#4288)
• bb09fa4 [Copy] Support cross-repo file copies (#4203)
• b17ab0c [CLI] Drop legacy printing helpers from _cli_utils.py (#4285)
• 5c7920e [CLI] Migrate hf lfs-enable-largefiles, hf extensions, hf version to `o...
• ffc07b6 [Jobs] Decouple Job hardware from Spaces, auto-sync enums with Hub API (#4266)
• c06e976 [CLI] Auto-fit human tables to terminal width (#4251)
• Additional commits viewable in compare view

Updates idna from 3.11 to 3.17

Changelog

Sourced from idna's changelog.

3.17 (2026-05-28)

• Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
• Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.

3.16 (2026-05-22)

• Add a command-line interface (python -m idna, also available as the idna script). Encodes or decodes one or more domains supplied as arguments or on standard input, with options to select A-label or U-label output and control error handling.
• Raise the minimum supported Python version to 3.9
• Various code quality improvements

3.15 (2026-05-12)

• Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
• Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
• Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
• Allow flit_core 4.x in the build backend.
• Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
• Add Dependabot configuration for GitHub Actions.
• Convert README and HISTORY from reStructuredText to Markdown.
• Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

• Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

3.13 (2026-04-22)

... (truncated)

Commits

• f48619c Release 3.17
• 7421ba8 Pre-release 3.17rc0
• 22ebb73 Merge pull request #251 from kjd/structure-optimizations
• 2a7ac0a Drop redundant parallel-arrays comment from uts46data
• 354eee9 Apply ruff format to uts46data.py
• 8c34ffc Refactor uts46data into parallel arrays
• 1189629 Range-encode joining_types for compact representation
• f90b87a Generic length limit for functions
• d6ffd28 Merge pull request #247 from kjd/release-3.16
• 6d1a0de Release 3.16
• Additional commits viewable in compare view

Updates markdown-it-py from 4.0.0 to 4.2.0

Release notes

Sourced from markdown-it-py's releases.

v4.2.0

What's Changed

• ✨ Add make_fence_rule() factory for configurable fence markers by @​chrisjsewell in executablebooks/markdown-it-py#394
• 🚀 RELEASE v4.2.0 by @​chrisjsewell in executablebooks/markdown-it-py#395

Full Changelog: executablebooks/markdown-it-py@v4.1.0...v4.2.0

v4.1.0

What's Changed

• ✨ Add --stdin option to CLI by @​mcepl in executablebooks/markdown-it-py#379
• Add AGENTS.md and copilot-setup-steps workflow by @​Copilot in executablebooks/markdown-it-py#380
• 🔧 Add typing to Scanner by @​Alunderin ...

  Description has been truncated