Skip to content

Bump the all group across 1 directory with 6 updates#292

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/uv/all-6c26f84c0e
Open

Bump the all group across 1 directory with 6 updates#292
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/uv/all-6c26f84c0e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the all group with 5 updates in the / directory:

Package From To
torch 2.12.1 2.13.0
ruff 0.15.17 0.15.20
ty 0.0.50 0.0.57
pytest 9.1.0 9.1.1
huggingface-hub 1.19.0 1.22.0

Updates torch from 2.12.1 to 2.13.0

Release notes

Sourced from torch's releases.

PyTorch 2.13.0 Release Notes

Highlights

For more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.

Tracked Regressions

ROCm wheels break torch.compile on CPU in environments without a GPU

Running a torch==2.13.0+rocm7.2 wheel in an environment where no GPU is available (torch.cuda.is_available() is False) breaks torch.compile on the CPU path: the first compile raises RuntimeError: Can't detect vectorized ISA for CPU (#189194). This is a regression from torch==2.12.1+rocm7.2, which compiles CPU code fine (detecting e.g. VecAVX2) in the same setup. The 2.13 ROCm wheel appears to rely on something present in the ROCm builder image to detect the CPU vectorized ISA, so it works when run on a ROCm image but fails on a plain CPU-only image.

Workaround: run the +rocm wheel on a ROCm image, or install a standard CPU/CUDA build for GPU-less environments.

Backwards Incompatible Changes

  • Stop building CPython 3.13t (free-threaded) binaries (#182951)

    Upstream pypa/manylinux removed CPython 3.13t (free-threaded) on 2026-05-07, because 3.13t was experimental and has been superseded by the now-non-experimental CPython 3.14t. As a result, PyTorch 2.13 no longer ships cp313t wheels (Linux, Triton, and related artifacts). Users on the free-threaded interpreter should move to Python 3.14t.

    PyTorch 2.12:

    # cp313t (free-threaded 3.13) wheels were available
    python3.13t -m pip install torch

    PyTorch 2.13:

... (truncated)

Commits
  • cf30153 [release/2.13] Strip +PTX from CUDA arch list on release/RC builds (#188914) ...
  • 3e3e24b [release/2.13] Restrict cuda-bindings to Python < 3.15 for CUDA 12.9 builds (...
  • 7986b06 [release/2.13] Bump binary build timeout 280 -> 400 minutes (#188551)
  • 0bdbc26 [release/2.13] Add CUDA 12.9 to TORCH_CUDA_ARCH_LIST tables (#188443)
  • 9cabb45 [release/2.13] Update manywheel docker image pin to 78e737ad (#188409)
  • 78e737a [release/2.13] Revert "Tighten generalized scatter graph target (#184075)" (#...
  • 0bb9b5b [release/2.13] Revert "dynamo: round-trip torch.cuda.stream ctx mgr across gr...
  • aaac2bf [release/2.13] Revert "[Reland] Port D104346887/PR 182675 for index_add fast ...
  • 9330813 Fix build_with_debinfo.py broken by CONFIGURE_DEPENDS globbing (#188192)
  • 4e077a7 Remove setuptools upper bound (#188190)
  • Additional commits viewable in compare view

Updates torchvision from 0.27.1 to 0.28.0

Release notes

Sourced from torchvision's releases.

TorchVision 0.28.0 Release

TorchVision 0.28 is out with some small enhancement and bug-fixes:

Enhancements

  • [transforms] Let wrap() preserve metadata for custom TVTensor subclasses (#9490)
  • [transforms] Allow strings for interpolation param in resize transforms (#9461)

Bug fixes

  • [transforms] Fix F.resize on tv_tensors.Mask to honor NEAREST_EXACT interpolation. Previously the interpolation argument was ignored for mask inputs (resize_mask hardcoded NEAREST), so NEAREST_EXACT silently produced plain NEAREST output (#9497)
  • [io] Fix a GIF decoder bug on malformed GIFs that could write outside the allocated tensor's memory (#9520)

Contributors

🎉 We're grateful for our community, which helps us improve Torchvision by submitting issues and PRs, and providing feedback and suggestions. The following persons have contributed patches for this release:

Andrey Talman, Benson Ma, Jason Fried, Joanne Yun, Nicolas Hug

Commits

Updates ruff from 0.15.17 to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

... (truncated)

Commits
  • f82a36b Bump 0.15.20 (#26376)
  • af32943 Improve the summarise-ecosystem-results skill (#26378)
  • 485ebab Remove RUF076 name from schema (#26371)
  • ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
  • 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
  • f703f21 Allow human-readable names in rule selectors (#25887)
  • 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
  • dbe6e98 [ty] Infer definite equality comparison results (#26337)
  • e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
  • 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
  • Additional commits viewable in compare view

Updates ty from 0.0.50 to 0.0.57

Release notes

Sourced from ty's releases.

0.0.57

Release Notes

Released on 2026-07-07.

Bug fixes

  • Detect async generator expressions containing await (#26568)
  • Preserve exhaustive gradual match patterns (#26523)

LSP server

  • Fix selection range behavior for strings (#26532)
  • Recognize that dedent ends doctest block when parsing docstrings for signature help (#26552)
  • Render reStructuredText hyperlinks as Markdown in hover docstrings (#25907)
  • Update __slots__ string when renaming an attribute (#26438)

Documentation

  • Document PYTHONPATH support in module discovery (#3889)

Library support

  • Add support for extra arguments in Pydantic model constructors (#26520)
  • Detect Pydantic model configurations (#26573)
  • Distinguish lax and strict mode for Pydantic models (#26587)

Core type checking

  • Fix subtyping/assignability for @property protocol members (#25332)
  • Narrow isinstance against intersections containing invalid member (#26545)
  • Narrow match subjects through structural patterns (#25942)
  • Preserve generic functools.partial signatures (#24583)
  • Preserve generic variadic callback semantics (#26521)
  • Preserve invariant materialization on generic specializations (#26578)
  • Preserve literal enum member names (#26592)

Performance

  • Avoid exponential invariant constraint paths (#26538)
  • Batch parallel jobs when finding references (#26534)
  • Build module names directly in CompactString (#26546)
  • Elide default use-def state (#26398)
  • Reuse owned buffers for string literals (#26547)
  • Use ICF for macOS release builds (#3709)
  • Use cached class literal lookup for is_subclass_of (#26585)

Contributors

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.57

Released on 2026-07-07.

Bug fixes

  • Detect async generator expressions containing await (#26568)
  • Preserve exhaustive gradual match patterns (#26523)

LSP server

  • Fix selection range behavior for strings (#26532)
  • Recognize that dedent ends doctest block when parsing docstrings for signature help (#26552)
  • Render reStructuredText hyperlinks as Markdown in hover docstrings (#25907)
  • Update __slots__ string when renaming an attribute (#26438)

Documentation

  • Document PYTHONPATH support in module discovery (#3889)

Library support

  • Add support for extra arguments in Pydantic model constructors (#26520)
  • Detect Pydantic model configurations (#26573)
  • Distinguish lax and strict mode for Pydantic models (#26587)

Core type checking

  • Fix subtyping/assignability for @property protocol members (#25332)
  • Narrow isinstance against intersections containing invalid member (#26545)
  • Narrow match subjects through structural patterns (#25942)
  • Preserve generic functools.partial signatures (#24583)
  • Preserve generic variadic callback semantics (#26521)
  • Preserve invariant materialization on generic specializations (#26578)
  • Preserve literal enum member names (#26592)

Performance

  • Avoid exponential invariant constraint paths (#26538)
  • Batch parallel jobs when finding references (#26534)
  • Build module names directly in CompactString (#26546)
  • Elide default use-def state (#26398)
  • Reuse owned buffers for string literals (#26547)
  • Use ICF for macOS release builds (#3709)
  • Use cached class literal lookup for is_subclass_of (#26585)

Contributors

... (truncated)

Commits

Updates pytest from 9.1.0 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.
Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates huggingface-hub from 1.19.0 to 1.22.0

Release notes

Sourced from huggingface-hub's releases.

[v1.22.0] Sandboxes, faster downloads, and a rebuilt CLI

🖥️ Sandboxes: isolated cloud machines on top of Jobs

Sandboxes are isolated cloud machines you can spin up in seconds, run commands in with live-streamed output, and move files in and out of — all from Python or the CLI. They are built entirely on top of Jobs: under the hood a sandbox is just a Job running a tiny static server, so any Docker image with /bin/sh works and it inherits Jobs' billing, hardware flavors, and namespace permissions for free. Two flavors are available: Sandbox.create for a dedicated VM (GPU workloads, untrusted code, full isolation) and SandboxPool to pack many cheap CPU sandboxes into a few shared host VMs for fan-out workloads like RL rollouts. This release also adds background processes (sbx.run(..., background=True) / hf sandbox spawn) and a port proxy (Sandbox.proxy_url_for) so you can reach a server running inside a sandbox from the outside over HTTP or WebSocket.

from huggingface_hub import Sandbox
with Sandbox.create(image="python:3.12") as sbx:   # ready in ~6s
sbx.files.write("/app/main.py", "print(40 + 2)")
print(sbx.run("python /app/main.py").stdout)    # 42

# Create, run, copy files, and terminate from the terminal
hf sandbox create
hf sandbox exec <id> -- python -c "print('hi')"
hf sandbox cp data.csv <id>:/data/data.csv
hf sandbox kill <id>
  • [Sandbox] Add Sandbox API and hf sandbox CLI on top of Jobs by @​Wauplin in #4350
  • [Sandbox] Background processes + proxy to reach in-sandbox servers by @​Wauplin in #4444

📚 Documentation: Sandboxes guide, Sandbox reference

⚡ Faster snapshot downloads with a tree cache

snapshot_download now caches a repository's file listing on disk under a new trees/ folder, so re-downloading a commit that's already cached costs a single network call — resolving the branch or tag to a commit hash — instead of one metadata request per file. The listing is immutable per commit and shared by both snapshot_download and hf_hub_download; for Xet-enabled files it also skips the per-file HEAD /resolve request entirely, rebuilding the metadata from the cached listing. As a deliberate side effect of the completeness check, when the Hub can't be reached and the local snapshot is missing requested files, snapshot_download now raises IncompleteSnapshotError instead of silently returning a partial folder.

  • [Download] Cache repo tree listing on disk in snapshot_download by @​Wauplin in #4394

📚 Documentation: Manage your cache

🛠️ CLI rebuilt on Click (drops Typer)

The entire hf CLI now runs on a small in-house layer over Click 8.x instead of Typer, which had vendored Click in a way that broke the CLI's custom help rendering, error enrichment, and shell completion — and forced capping typer<0.26. The migration preserves existing behavior: --help output is byte-identical, the generated cli.md reference is unchanged apart from a header comment, and shell completion now uses Click's native completion. The public typer_factory helper is kept so downstream libraries like transformers that register their own commands keep working.

💔 Breaking Change

  • [Upload] Deprecate upload_large_folder (API + CLI) by @​Wauplin in #4414upload_large_folder and hf upload-large-folder are now deprecated in favor of upload_folder / hf upload, which handle very large and resumable uploads out of the box.
  • Make filter_repo_objects pattern matching case-sensitive on all platforms by @​Sreekant13 in #4435allow_patterns/ignore_patterns now match case-sensitively on every OS (aligned with case-sensitive Hub paths). On Windows this is a behavior change: patterns like *.PDF no longer match file.pdf.
  • [Inference Providers] Remove dead inference providers by @​hanouticelina in #4447 — removes six providers no longer routed by the Hub (black-forest-labs, clarifai, hyperbolic, nebius, nvidia, sambanova) — docs

🖥️ CLI

  • [CLI] Add hf discussions edit by @​Wauplin in #4415docs
  • [CLI] hf cache: surface & prune incomplete downloads by @​Wauplin in #4416hf cache ls now flags leftover .incomplete files and hf cache prune removes them automatically — docs

... (truncated)

Commits
  • 5db966a Release: v1.22.0
  • 1d6e7d0 Release: v1.22.0.rc0
  • 8f03d83 Expose base_model filter param on get_dataset_leaderboard (#4474)
  • cc4e7cc [Http] Support standard Retry-After header in http_backoff (#4460)
  • 7b53d23 [CLI] Add a minimal Click framework for the CLI (#4462)
  • 4db84d0 Docs: Jobs are no longer Pro-only — update availability note in jobs guide (#...
  • a139277 Accept two-letter byte units (KB/MB/GB/TB/PB) in parse_size (#4468)
  • 28aecd9 Fix KeyError in get_dataset_leaderboard when entry has no source (#4473)
  • f70f00d Remove Usage command lists from CLI module docstrings (#4472)
  • 031d002 [CLI] Expose out singleton publicly + add out.log method (#4471)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [torch](https://github.com/pytorch/pytorch) | `2.12.1` | `2.13.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.17` | `0.15.20` |
| [ty](https://github.com/astral-sh/ty) | `0.0.50` | `0.0.57` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.1.0` | `9.1.1` |
| [huggingface-hub](https://github.com/huggingface/huggingface_hub) | `1.19.0` | `1.22.0` |



Updates `torch` from 2.12.1 to 2.13.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.12.1...v2.13.0)

Updates `torchvision` from 0.27.1 to 0.28.0
- [Release notes](https://github.com/pytorch/vision/releases)
- [Commits](pytorch/vision@v0.27.1...v0.28.0)

Updates `ruff` from 0.15.17 to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.20)

Updates `ty` from 0.0.50 to 0.0.57
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.50...0.0.57)

Updates `pytest` from 9.1.0 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.1.0...9.1.1)

Updates `huggingface-hub` from 1.19.0 to 1.22.0
- [Release notes](https://github.com/huggingface/huggingface_hub/releases)
- [Commits](huggingface/huggingface_hub@v1.19.0...v1.22.0)

---
updated-dependencies:
- dependency-name: torch
  dependency-version: 2.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: torchvision
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ty
  dependency-version: 0.0.57
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: huggingface-hub
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 16, 2026
@dependabot
dependabot Bot requested a review from ESultanik as a code owner July 16, 2026 11:46
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants