Skip to content

deps: Bump the runtime group across 1 directory with 5 updates#17

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/runtime-505e6a6a6a
Open

deps: Bump the runtime group across 1 directory with 5 updates#17
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/runtime-505e6a6a6a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown

Bumps the runtime group with 5 updates in the / directory:

Package From To
torch 2.12.1 2.13.0
transformers 5.13.0 5.13.1
huggingface-hub 1.22.0 1.23.0
pypdf 5.9.0 6.14.2
langchain-text-splitters 0.3.11 1.1.2

Updates torch from 2.12.1 to 2.13.0

Release notes

Sourced from torch's releases.

PyTorch 2.13.0 Release Notes

Highlights

For more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.

Tracked Regressions

ROCm wheels break torch.compile on CPU in environments without a GPU

Running a torch==2.13.0+rocm7.2 wheel in an environment where no GPU is available (torch.cuda.is_available() is False) breaks torch.compile on the CPU path: the first compile raises RuntimeError: Can't detect vectorized ISA for CPU (#189194). This is a regression from torch==2.12.1+rocm7.2, which compiles CPU code fine (detecting e.g. VecAVX2) in the same setup. The 2.13 ROCm wheel appears to rely on something present in the ROCm builder image to detect the CPU vectorized ISA, so it works when run on a ROCm image but fails on a plain CPU-only image.

Workaround: run the +rocm wheel on a ROCm image, or install a standard CPU/CUDA build for GPU-less environments.

Backwards Incompatible Changes

  • Stop building CPython 3.13t (free-threaded) binaries (#182951)

    Upstream pypa/manylinux removed CPython 3.13t (free-threaded) on 2026-05-07, because 3.13t was experimental and has been superseded by the now-non-experimental CPython 3.14t. As a result, PyTorch 2.13 no longer ships cp313t wheels (Linux, Triton, and related artifacts). Users on the free-threaded interpreter should move to Python 3.14t.

    PyTorch 2.12:

    # cp313t (free-threaded 3.13) wheels were available
    python3.13t -m pip install torch

    PyTorch 2.13:

... (truncated)

Commits
  • cf30153 [release/2.13] Strip +PTX from CUDA arch list on release/RC builds (#188914) ...
  • 3e3e24b [release/2.13] Restrict cuda-bindings to Python < 3.15 for CUDA 12.9 builds (...
  • 7986b06 [release/2.13] Bump binary build timeout 280 -> 400 minutes (#188551)
  • 0bdbc26 [release/2.13] Add CUDA 12.9 to TORCH_CUDA_ARCH_LIST tables (#188443)
  • 9cabb45 [release/2.13] Update manywheel docker image pin to 78e737ad (#188409)
  • 78e737a [release/2.13] Revert "Tighten generalized scatter graph target (#184075)" (#...
  • 0bb9b5b [release/2.13] Revert "dynamo: round-trip torch.cuda.stream ctx mgr across gr...
  • aaac2bf [release/2.13] Revert "[Reland] Port D104346887/PR 182675 for index_add fast ...
  • 9330813 Fix build_with_debinfo.py broken by CONFIGURE_DEPENDS globbing (#188192)
  • 4e077a7 Remove setuptools upper bound (#188190)
  • Additional commits viewable in compare view

Updates transformers from 5.13.0 to 5.13.1

Release notes

Sourced from transformers's releases.

Patch release v5.13.1

This patch is focused on enabling transformers for the latest release of vllm!

  • Be more defensive with remap_legacy_layer_types for custom models (#47245) from @​hmellor
  • Fix custom code which doesn't know about the new linear layer type names (#47174) from @​hmellor
  • Fix case where _LazyAutoMapping.register is passed a str key (#47148) from @​hmellor
Commits
  • 4626421 v5.13.1
  • bef013c Be more defensive with remap_legacy_layer_types for custom models (#47245)
  • 8bbbe24 Fix custom code which doesn't know about the new linear layer type names (#47...
  • c782b84 Fix case where _LazyAutoMapping.register is passed a str key (#47148)
  • See full diff in compare view

Updates huggingface-hub from 1.22.0 to 1.23.0

Release notes

Sourced from huggingface-hub's releases.

[v1.23.0] Space templates, CLI extension updates & smoother Xet downloads

🚀 Create Spaces from templates

You can now seed a new Space from one of the official Hub templates (JupyterLab, a Gradio chatbot, a Streamlit app, etc.) instead of starting from an empty repo. List what's available with the new list_space_templates() API or the hf spaces templates CLI command, then pass a template's repo_id (or its short name) to create_repo(..., space_template=...) or hf repos create --type space --template. The Space SDK is inferred from the template, and templates recommended as private (like JupyterLab) are created privately by default unless you explicitly choose a visibility.

# List available templates
$ hf spaces templates
NAME        REPO_ID                             SDK     PREFERRED_PRIVATE
----------- ----------------------------------- ------- -----------------
Streamlit   streamlit/streamlit-template-space  docker
JupyterLab  SpacesExamples/jupyterlab           docker  ✔
Create a Space from a template
$ hf repos create my-jupyterlab --type space --template jupyterlab
✓ Repo created
repo_id: Wauplin/my-jupyterlab
url: https://huggingface.co/spaces/Wauplin/my-jupyterlab

>>> from huggingface_hub import create_repo
>>> create_repo("my-jupyterlab", repo_type="space", space_template="jupyterlab")

🔌 Update installed CLI extensions

A new hf extensions update command brings your installed CLI extensions to their latest published version on GitHub. Pass a name to update a single extension, or run it with no argument to check every installed extension and update the ones that are behind. Updates are applied in place — Python extensions reuse their existing venv and binary extensions are overwritten — so a failed update no longer leaves the extension uninstalled, and extensions that are already up to date are simply skipped.

# Update a single extension (accepts <name>, hf-<name> or OWNER/hf-<name>)
hf extensions update hf-claude
Check every installed extension and update the outdated ones
hf extensions update

📶 Smoother Xet download progress with dual bars

Xet downloads now show two progress bars so you can tell a transfer is alive even on a slow connection. The transfer bar advances as bytes arrive over the network, while the reconstruction bar tracks real progress as buffered chunks are written to disk — previously the single bar could sit at 0% for a long time while data was actually arriving. The dual bars are wired into single-file downloads (hf_hub_download), snapshot_download (where parallel file downloads feed the repo-level transfer and reconstruction bars), the hf download CLI, and bucket downloads.

big.bin: downloading bytes:   |  52.4MB     1.2MB/s
big.bin: reconstructing file: |  52.4MB / 105MB     800kB/s
</tr></table> 

... (truncated)

Commits
  • 0c92853 Release: v1.23.0
  • 6bc5aa0 Release: v1.23.0.rc0
  • 0815693 [CLI] Generate hf-cli skill locally instead of downloading from bucket (#4199)
  • 923acb0 [Utils] Add get_cached_repo_tree utility (#4513)
  • 7625ea3 Expose snapshot_path on IncompleteSnapshotError (#4500)
  • c5a110d [CLI] Add --pipeline-tag, --gated, --apps filters to hf models ls (#4512)
  • b63ed5b [Utils] Treat backslashes as path separators in filter_repo_objects (#4506)
  • 6d40d9c docs: drop /new from Inference Endpoints web interface links (#4509)
  • ed48426 [CI] Fix expand property type tests (#4510)
  • 790120b Support creating a Space from a template (#4504)
  • Additional commits viewable in compare view

Updates pypdf from 5.9.0 to 6.14.2

Release notes

Sourced from pypdf's releases.

Version 6.14.2, 2026-06-23

What's new

Security (SEC)

Full Changelog

Version 6.14.1, 2026-06-23

What's new

Security (SEC)

Full Changelog

Version 6.14.0, 2026-06-22

What's new

Security (SEC)

New Features (ENH)

Robustness (ROB)

Full Changelog

Version 6.13.3, 2026-06-17

What's new

Security (SEC)

Performance Improvements (PI)

Robustness (ROB)

Maintenance (MAINT)

Full Changelog

Version 6.13.2, 2026-06-10

What's new

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.14.2, 2026-06-23

Security (SEC)

  • Avoid infinite loops for incomplete ASCII85 and ASCIIHex inline images (#3892)

Full Changelog

Version 6.14.1, 2026-06-23

Security (SEC)

  • Detect end of stream during inline image end marker detection (#3891)

Full Changelog

Version 6.14.0, 2026-06-22

Security (SEC)

  • Apply general limit for requested image size (#3888)
  • Speed up recovery when reading broken cross-reference table (#3887)

New Features (ENH)

  • Check whether image is displayed on a given page (#3738)

Robustness (ROB)

  • Several fixes

Full Changelog

Version 6.13.3, 2026-06-17

Security (SEC)

  • Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (#3871)

Performance Improvements (PI)

  • Avoid per-pixel getpixel loop for 1-bit indexed images (#3854)

Robustness (ROB)

  • Several fixes

Maintenance (MAINT)

  • Make mypy assert messages consistent (#3849)

Full Changelog

Version 6.13.2, 2026-06-10

Security (SEC)

  • Detect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (#3847)

Robustness (ROB)

... (truncated)

Commits
  • 2266ee8 REL: 6.14.2
  • 5a33a46 SEC: Avoid infinite loops for incomplete ASCII85 and ASCIIHex inline images (...
  • 1ee4e58 REL: 6.14.1
  • ec3b145 SEC: Detect end of stream during inline image end marker detection (#3891)
  • c6cd82e ROB: Tolerate malformed inline image settings in _read_inline_image (#3889)
  • 0ae42ba ROB: Tolerate malformed page label entries in get_label_from_nums (#3884)
  • 50617b5 ROB: Tolerate malformed Tm operand count in extract_text (#3877)
  • 86e5a82 MAINT: Improve readability (#3874)
  • 83cb25f DEV: Fix sample files commit
  • 06588ec REL: 6.14.0
  • Additional commits viewable in compare view

Updates langchain-text-splitters from 0.3.11 to 1.1.2

Release notes

Sourced from langchain-text-splitters's releases.

langchain-text-splitters==1.1.2

Changes since langchain-text-splitters==1.1.1

release(text-splitters): 1.1.2 (#36822) fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (#36821) chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (#36797) chore(deps): bump pytest to 9.0.3 (#36801) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (#36714) chore: add comment explaining pygments>=2.20.0 (#36570) release(core): 1.2.26 (#36511) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) fix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (#35079) feat(text-splitters): support spacy tests with Python 3.14 (#36198) fix(infra): correct lint_diff relative paths in package makefiles (#36333) chore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (#36238) chore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (#36237) chore(partners): bump langchain-core min to 1.2.21 (#36183) chore(text-splitters): bump nltk in lock file (#36112) ci: suppress pytest streaming output in CI (#36092) chore(text-splitters): speed up ci (#36050) ci: avoid unnecessary dep installs in lint targets (#36046) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (#35856) chore: bump locks, lint (#35985) perf(.github): set a timeout on get min versions HTTP calls (#35851) chore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (#35774) chore: bump the minor-and-patch group across 3 directories with 3 updates (#35589) chore: bump the other-deps group across 3 directories with 2 updates (#35512) chore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (#35449) chore: bump the other-deps group across 3 directories with 2 updates (#35407)

Commits
  • 58c4e5b release(text-splitters): 1.1.2 (#36822)
  • c289bf1 fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...
  • b7447c6 fix(infra): skip serdes tests in min-version release step (#36818)
  • 41c0cc5 release(openai): 1.1.14 (#36820)
  • 0516156 fix(openai): use SSRF-safe transport for image token counting (#36819)
  • 338aa81 fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#3...
  • 51e9548 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (#36797)
  • e85c418 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (#36798)
  • 789126e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (#36799)
  • 937b3eb chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (#36800)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the runtime group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [torch](https://github.com/pytorch/pytorch) | `2.12.1` | `2.13.0` |
| [transformers](https://github.com/huggingface/transformers) | `5.13.0` | `5.13.1` |
| [huggingface-hub](https://github.com/huggingface/huggingface_hub) | `1.22.0` | `1.23.0` |
| [pypdf](https://github.com/py-pdf/pypdf) | `5.9.0` | `6.14.2` |
| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.2` |



Updates `torch` from 2.12.1 to 2.13.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.12.1...v2.13.0)

Updates `transformers` from 5.13.0 to 5.13.1
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v5.13.0...v5.13.1)

Updates `huggingface-hub` from 1.22.0 to 1.23.0
- [Release notes](https://github.com/huggingface/huggingface_hub/releases)
- [Commits](huggingface/huggingface_hub@v1.22.0...v1.23.0)

Updates `pypdf` from 5.9.0 to 6.14.2
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@5.9.0...6.14.2)

Updates `langchain-text-splitters` from 0.3.11 to 1.1.2
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-text-splitters==0.3.11...langchain-text-splitters==1.1.2)

---
updated-dependencies:
- dependency-name: torch
  dependency-version: 2.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: runtime
- dependency-name: transformers
  dependency-version: 5.13.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: runtime
- dependency-name: huggingface-hub
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: runtime
- dependency-name: pypdf
  dependency-version: 6.14.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: runtime
- dependency-name: langchain-text-splitters
  dependency-version: 1.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: runtime
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants