Sourced from safetensors's releases.

v0.8.0

News

safetensors joins the PyTorch foundation!

Read more on that: https://huggingface.co/blog/safetensors-joins-pytorch-foundation

What's changed

Safetensors 0.8.0 brings direct to Metal loading on Apple Silicon, GIL-free serialization, broader hardware and dtype coverage, and a stronger Python API.

Breaking

The serialize and serialize_file functions now release the GIL during writes, enabling true multithreaded saves from Python. Their input contract has also changed: tensor metadata is now passed via a TensorSpec class (exported from safetensors) instead of plain dicts, making API more explicit and robust to misinputs. This is a breaking change for anyone calling the low-level serialize / serialize_file API directly; the high-level wrappers (safetensors.torch, safetensors.numpy, safetensors.paddle) are updated internally and their public API is unchanged.

The minimum supported Python version is now 3.10 (was 3.9). Python 3.9 reached end-of-life in October 2025.

TensorIndexer::Narrow now carries a step: NonZeroUsize parameter, so a slice is now start:stop:step. This is a fix as this silent error was hidden behind the Storage::Torch variant which offloaded slicing logic to torch directly.

CI

On the platform side, this release adds Windows ARM64 wheel builds, riscv64 Linux wheels, and CI has been hardened with pinned GitHub Actions SHAs.

Also dropped the anaconda CI we had as there's already an automatic tracker via conda-forge.

New features

• Direct MPS load on Apple Silicon: tensors are directly loaded in an MTLBuffer and handed to the frameworks that support it (only torch atm) via DLPack, skipping needless copies.
• New backend parameter introduced, for the addition of the pread backend. We now support loading files via pread(2) syscall instead of just mmap. Useful for specific archs/platforms.
• get_slice now handles ellipsis [...] and strided slices [:, ::8] wherever safetensors does the slicing itself (pread for any framework, MPS, and mmap outside torch/paddle), which silently dropped the step or rejected ... before.
• MUSA device support for MooreThreads GPUs.
• New dtype support includes float8_e4m3fnuz and float8_e5m2fnuz (AMD FNUZ FP8 formats).
• The reader is now explicitly lenient about leading whitespace in the JSON header, which keeps the door open for future page-aligned writes.

Improvements/perf

• File writes on macOS now use F_NOCACHE for direct I/O, yielding roughly 30% faster save_file on Apple Silicon.
• The packaging dependency has been dropped from the [torch] extra, replaced by a simple hasattr probe for efficiency.

What's Changed

• Add arm64 windows support by @​finnagin in safetensors/safetensors#678
• feat(backend): support musa backend for MooreThreads GPU by @​caizhi-mt in safetensors/safetensors#671
• add gil free serialize_file(serialize_file_threadable) by @​TomQunChao in safetensors/safetensors#679
• refactor: remove outdated comment by @​McPatate in safetensors/safetensors#685
• feat: add direct io write fast path on macos by @​McPatate in safetensors/safetensors#687
• fix: keep dropped reference to tensor moved from gpu to cpu by @​McPatate in safetensors/safetensors#689
• feat: bump torch to 2.4 by @​McPatate in safetensors/safetensors#710
• Contribution guide security by @​LysandreJik in safetensors/safetensors#712

... (truncated)

Sourced from safetensors's changelog.

0.8.0-dev.0 → 0.8.0

Update lockfiles again:
cargo check
cd bindings/python && uv lock
</code></pre>
<p>Commit:</p>
<pre><code>Set version to 0.8.0
</code></pre>
<p>The Python version is not set in <code>pyproject.toml</code> directly — maturin reads it from <code>bindings/python/Cargo.toml</code> at build time.</p>
<h3>4. Create the release on GitHub</h3>
<p>Go to the <a href="https://github.com/huggingface/safetensors/releases">GitHub Releases page</a> and draft a new release:</p>
<ul>
<li><strong>Choose the release branch</strong> (e.g. <code>git_v0.8.0</code>)</li>
<li><strong>Create a new tag</strong> on publish: <code>v0.8.0</code></li>
<li><strong>Generate release notes</strong> from the previous tag (e.g. <code>v0.7.0</code>)</li>
<li>Add any notable highlights at the top of the generated notes</li>
</ul>
<p>Structure for manual notes:</p>
<pre lang="markdown"><code>## Breaking changes
- ...
New features

...

Bug fixes

...

Internal / CI

...

</code></pre>

<p>Click <strong>Publish release</strong>. This creates the tag, which triggers the three release workflows.</p>

<h3>5. Monitor the CI</h3>

<p>The tag triggers two workflow runs in the <a href="https://github.com/huggingface/safetensors/actions&quot;&gt;Actions tab</a>:</p>

<ul>

<li><strong>CI</strong> (Python release) — builds wheels for every platform × Python version, uploads to PyPI. Can take up to over 30 minutes.</li>

</ul>

<!-- raw HTML omitted -->

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>

<ul>

<li><a href="https://github.com/safetensors/safetensors/commit/a406ca3e7a90598be0cd05a50069cb9bf5ef6ba6&quot;&gt;&lt;code&gt;a406ca3&lt;/code&gt;&lt;/a> fix(release): move crates.io to trusted publisher OIDC</li>

<li><a href="https://github.com/safetensors/safetensors/commit/d0368d14c0a417fb2ca2a6627e9513d17f74f9b7&quot;&gt;&lt;code&gt;d0368d1&lt;/code&gt;&lt;/a> feat: <code>0.8.0</code></li>

<li><a href="https://github.com/safetensors/safetensors/commit/5ec3ec14c506d09598df6d96f36cd9a4ea94aafa&quot;&gt;&lt;code&gt;5ec3ec1&lt;/code&gt;&lt;/a> fix(release): move to pypi trusted publisher OIDC (<a href="https://redirect.github.com/huggingface/safetensors/issues/778&quot;&gt;#778&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/safetensors/safetensors/commit/e37dc536ce598ef1d71a9ad712987571f2f05808&quot;&gt;&lt;code&gt;e37dc53&lt;/code&gt;&lt;/a> feat: bump main to <code>0.9.0-dev.0</code> (<a href="https://redirect.github.com/huggingface/safetensors/issues/777&quot;&gt;#777&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/safetensors/safetensors/commit/6e32aa7b029d323238233110c1cdecae22cbe564&quot;&gt;&lt;code&gt;6e32aa7&lt;/code&gt;&lt;/a> refactor: replace <code>_host_alias_storage</code> w/ <code>MTLBuffer</code> (<a href="https://redirect.github.com/huggingface/safetensors/issues/767&quot;&gt;#767&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/safetensors/safetensors/commit/24b0b2857fef49be734b9ab72ce97c09bb25f5b9&quot;&gt;&lt;code&gt;24b0b28&lt;/code&gt;&lt;/a> fix: write to tempfile + rename to preserve mmap source (<a href="https://redirect.github.com/huggingface/safetensors/issues/764&quot;&gt;#764&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/safetensors/safetensors/commit/73132135947275c5dda135438e4c2e4bd70a2b10&quot;&gt;&lt;code&gt;7313213&lt;/code&gt;&lt;/a> Update free-threading tests for Python 3.14 (<a href="https://redirect.github.com/huggingface/safetensors/issues/699&quot;&gt;#699&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/safetensors/safetensors/commit/e9091e13ec359e9e5b8b45413fcbe340444dde1c&quot;&gt;&lt;code&gt;e9091e1&lt;/code&gt;&lt;/a> feat: add <code>backend</code> with pread file (<a href="https://redirect.github.com/huggingface/safetensors/issues/760&quot;&gt;#760&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/safetensors/safetensors/commit/1b0fe9c6acf3ac2ec7f4a0fd13bccfc0b65ce765&quot;&gt;&lt;code&gt;1b0fe9c&lt;/code&gt;&lt;/a> fix(ci): security audit slack message format (<a href="https://redirect.github.com/huggingface/safetensors/issues/757&quot;&gt;#757&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/safetensors/safetensors/commit/7efac22872a53ae3b30a15f8e786404322f10458&quot;&gt;&lt;code&gt;7efac22&lt;/code&gt;&lt;/a> [MPS] Fast load of the tensors (<a href="https://redirect.github.com/huggingface/safetensors/issues/756&quot;&gt;#756&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/huggingface/safetensors/compare/v0.7.0...v0.8.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)