huggingface-hub 1.19.0

[v1.19.0] Trusted Publishers, hf:// URIs, and expose-ports for Jobs

on Python PyPI

🔐 Keyless CI/CD auth via OIDC token exchange

CI workflows can now authenticate to the Hub without storing an HF_TOKEN secret, using Trusted Publishers. Set HF_OIDC_RESOURCE to the repo (or username) you want to scope the token to, and huggingface_hub performs the OIDC exchange under the hood — no token, no setup code. GitHub Actions is supported out of the box (with permissions: id-token: write), and other providers can pass a pre-minted ID token via HF_OIDC_ID_TOKEN. Exchanged tokens are short-lived (1 hour), repo-scoped, and cached locally with automatic refresh.

# Publish a model without storing any HF_TOKEN secret
- name: Push the model
  env:
    HF_OIDC_RESOURCE: acme/awesome-model
  run: hf upload acme/awesome-model ./model .

• [Auth] Keyless CI/CD auth via OIDC token exchange by @hanouticelina in #4326

📚 Documentation: Trusted Publishers

🖥️ hf:// URIs for upload and download

hf upload and hf download now accept an hf:// URI in place of the positional repo ID. The URI encodes repo type, revision, and file path in a single string following the grammar hf://[<TYPE>/]<ID>[@<REVISION>][/<PATH>], so you no longer need separate --repo-type and --revision flags. When a URI is provided, it is the single source of truth — passing --repo-type or --revision on top of it raises an error, and a path in the URI cannot be combined with positional filenames (download) or path_in_repo (upload).

# Download a single file from a dataset at a given revision
hf download hf://datasets/HuggingFaceM4/FineVision@refs/pr/1/data/train.parquet

# Download an entire repo
hf download hf://datasets/google/fleurs

# Upload a file to a dataset on a specific branch
hf upload hf://datasets/Wauplin/my-cool-dataset@my-branch/data/train.csv ./train.csv

• [CLI] Support hf:// URIs in hf upload and hf download by @Wauplin in #4297

📚 Documentation: CLI guide — hf:// URIs · Download guide · Upload guide

🚀 Expose job ports through the jobs proxy

Jobs can now expose container ports through the public jobs proxy using --expose <port> (CLI) or expose=[8000] (Python API). Each exposed port is reachable at https://<job_id>--<port>.hf.jobs and requires an HF token with read access to the job's namespace. This works on hf jobs run, hf jobs uv run, and their scheduled variants. Job responses now surface expose_urls on JobStatus.

# Expose a web server running on port 8000
> hf jobs run --expose 8000 python:3.12 python -m http.server 8000
✓ Job started
  id: 6a2aa7cec4f53f9fc5aa4cff
  url: https://huggingface.co/jobs/Wauplin/6a2aa7cec4f53f9fc5aa4cff
Hint: Exposed ports are reachable at (requires an HF token with read access to the job):
  https://6a2aa7cec4f53f9fc5aa4cff--8000.hf.jobs
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

from huggingface_hub import run_job
run_job(image="python:3.12", command=["python", "-m", "http.server", "8000"], expose=[8000])

• [Jobs] Add --expose option to expose job ports through the jobs proxy by @XciD in #4316

📚 Documentation: Jobs guide

🖥️ CLI

• [CLI] Suppress hints in quiet output mode by @davanstrien in #4310
• [CLI] Agent-friendly hints + examples for hf jobs by @davanstrien in #4308
• [CLI] Accept web URLs in bucket CLI commands by @Wauplin in #4315

⚡ XetSession API migration

All Xet upload and download code has been migrated from the old function-based hf_xet API to the new session-based XetSession API (hf-xet >= 1.5.0). A global singleton get_xet_session() provides fork-safe, thread-safe, and SIGINT-safe session reuse across all call sites — repo commits, hf_hub_download, bucket uploads/downloads, and snapshot_download all share the same underlying Tokio runtime. Token refresh is now handled through a centralized xet_connection_info_refresh_url() builder, and progress reporting follows the new (group_report, item_reports) contract.

• Use the new XetSession API by @seanses in #4116

🔧 Other QoL Improvements

• [Auth] Take google colab token from env first by @Wauplin in #4323 — get_token() now checks HF_TOKEN/HUGGING_FACE_HUB_TOKEN and the on-disk token file before the Colab secrets vault, so an explicit login() or env variable always wins over the notebook's stored secret.
• [Agent] Dynamic agent harness registry by @Wauplin in #4325 — Agent harness detection now fetches the registry from GET /api/agent-harnesses instead of using a hardcoded list, with a 24-hour on-disk cache and in-process caching for hot paths.

🐛 Bug and typo fixes

• [Fix] Remove private _MISSING_TYPE import from dataclasses module by @xsuchy in #4322 — fixes ImportError on Python 3.15 where dataclasses._MISSING_TYPE was removed upstream.
• Fix ignored-pattern warning grammar in download CLI by @wunianze666-netizen in #4337 — corrects "have being" to "have been" in hf download warning output.
• [fix] Transient location error due to CDN by @Wauplin in #4339 — fixes flaky test_get_hf_file_metadata_from_a_lfs_file by accepting cdn.hf.co in addition to xethub.hf.co in the redirect URL check.

🏗️ Internal

• Post-release: bump version to 1.19.0.dev0 by @huggingface-hub-bot[bot] in #4313
• [CI] Run tests on internal workers by @Wauplin in #4321
• [Tests] Add xet/no_xet pytest markers to filter Xet vs non-Xet tests by @Wauplin in #4336
• Bump the actions group with 6 updates by @dependabot[bot] in #4332
• chore: update release.yml by @hf-security-analysis[bot] in #4334
• [CI] Remove .github/workflows/python-prerelease.yml by @Wauplin in #4335