build(deps-dev): bump the pip-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the pip-dependencies group with 3 updates in the / directory: webdav4[fsspec], dvc and huggingface-hub.

Updates webdav4[fsspec] from 0.10.0 to 0.11.0

Release notes

Sourced from webdav4[fsspec]'s releases.

v0.11.0

What's Changed

• always run test for lower bound and upstream by @​skshetry in skshetry/webdav4#182
• Bump peaceiris/actions-gh-pages from 3 to 4 by @​dependabot[bot] in skshetry/webdav4#183
• Bump furo from 2024.5.6 to 2024.7.18 by @​dependabot[bot] in skshetry/webdav4#185
• remove types-pkg-resources by @​skshetry in skshetry/webdav4#193
• Bump mypy from 1.10.1 to 1.11.1 by @​dependabot[bot] in skshetry/webdav4#189
• Update myst-parser requirement from <4,>=3 to >=3,<5 by @​dependabot[bot] in skshetry/webdav4#191
• Bump furo from 2024.7.18 to 2024.8.6 by @​dependabot[bot] in skshetry/webdav4#192
• Update sphinx requirement from <8,>=7 to >=7,<9 by @​dependabot[bot] in skshetry/webdav4#190
• Bump mypy from 1.11.1 to 1.11.2 by @​dependabot[bot] in skshetry/webdav4#195
• update deps by @​skshetry in skshetry/webdav4#210
• update docs dependencies by @​skshetry in skshetry/webdav4#211

Full Changelog: skshetry/webdav4@v0.10.0...v0.11.0

Commits

• 88c8f9c udpate docs dependencies (#211)
• 35cc20a update deps (#210)
• e9b8fbd Bump mypy from 1.11.1 to 1.11.2 (#195)
• 93599ca Update sphinx requirement from <8,>=7 to >=7,<9 (#190)
• 0807785 Bump furo from 2024.7.18 to 2024.8.6 (#192)
• 0b407da Update myst-parser requirement from <4,>=3 to >=3,<5 (#191)
• 2e2bd70 Bump mypy from 1.10.1 to 1.11.1 (#189)
• 7d38791 remove types-pkg-resources (#193)
• ef3f097 Bump furo from 2024.5.6 to 2024.7.18 (#185)
• ef8510a cleanup GHA workflow, pre-commit hooks
• Additional commits viewable in compare view

Updates dvc from 3.66.1 to 3.67.0

Release notes

Sourced from dvc's releases.

3.67.0

What's Changed

• Support pathspec v1 by @​cpburnz in treeverse/dvc#10951
• fix: replace deprecated parseAll with parse_all in interpolate.py by @​ritoban23 in treeverse/dvc#10971
• Update dvc-data version to 3.18.2 by @​skshetry in treeverse/dvc#10962

New Contributors

• @​ChillarAnand made their first contribution in treeverse/dvc#10963
• @​ritoban23 made their first contribution in treeverse/dvc#10971
• @​cpburnz made their first contribution in treeverse/dvc#10951

Full Changelog: treeverse/dvc@3.66.1...3.67.0

Commits

• e40e378 build(deps): bump actions/download-artifact from 7 to 8 (#11006)
• b1aaeb9 build(deps): bump actions/upload-artifact from 6 to 7 (#11007)
• dcf6f48 bench: add version constraint for pathspec (#10986)
• c6c680d Support pathspec v1 (#10951)
• 1e8962b Remove boto3 from metadata copying in hook-dvc.py (#10983)
• 0f2361f fix(benchmarks): pin dulwich<1.0.0 for DVC versions before 3.44.0 (#10979)
• e9c0a99 [pre-commit.ci] pre-commit autoupdate (#10975)
• 3c71fdb fix: replace deprecated parseAll with parse_all in interpolate.py (#10971)
• 04cbd40 [pre-commit.ci] pre-commit autoupdate (#10967)
• 5725780 refactor: drop stale exceptions related to dvc machine (#10963)
• Additional commits viewable in compare view

Updates huggingface-hub from 1.4.1 to 1.7.1

Release notes

Sourced from huggingface-hub's releases.

[v1.7.0] pip-installable CLI extensions and multiple QoL improvements

This release brings major improvements to the hf CLI with extension discoverability, unified list commands, and multiple QoL improvements in the CLI.

🎉 The Homebrew formula of the Hugging Face CLI has been renamed to hf. Existing users just need to run brew update - Homebrew handles the rename automatically. New users can install with brew install hf.

🧩 CLI Extensions: pip-installable packages and discoverability

The hf CLI extensions system gets a major upgrade in this release. Extensions can now be full Python packages (with a pyproject.toml) installed in isolated virtual environments, in addition to the existing shell script approach. This means extension authors can use Python dependencies without conflicting with the user's system. The install command auto-detects whether a GitHub repo is a script or a Python package and handles both transparently.

A new hf extensions search command lets users discover available extensions directly from the terminal by querying GitHub repositories tagged with the hf-extension topic. Results are sorted by stars and show whether each extension is already installed locally. Additionally, a comprehensive guide on how to build, publish, and make extensions discoverable has been added to the documentation.

# Install a Python-based extension
hf extensions install alvarobartt/hf-mem
Discover available extensions
hf extensions search
NAME   REPO                    STARS DESCRIPTION                         INSTALLED

claude hanouticelina/hf-claude     2 Extension for hf CLI to launch... yes
agents hanouticelina/hf-agents       HF extension to run local coding...

• [CLI] Add pip installable repos support to hf extensions by @​Wauplin in #3892
• [CLI] Add hf extensions search command by @​julien-c in #3905
• [Docs] How to build a CLI extension guide by @​Wauplin in #3908

📚 Documentation: Create a CLI extension

🔐 hf auth login CLI update

A new --force flag lets you explicitly go through the full login flow again when needed, for example to switch tokens.

# Already logged in — returns immediately
hf auth login
Force re-login to switch tokens
hf auth login --force

• Default to skipping login if already logged in and add --force flag by @​hanouticelina in #3920

📚 Documentation: CLI guide

📦 Xet optimizations and fixes

hf-xet has been bumped to v1.4.2 with some optimizations:

• Avoid duplicate sha256 computation when uploading to a model/dataset repo
• Skip sha256 computation when uploading to a bucket

... (truncated)

Commits

• 9b518ff Release: v1.7.1
• 4171dde Merge branch 'v1.7-release' of github.com:huggingface/huggingface_hub into v1...
• f2d9fd3 Merge branch 'main' into v1.7-release
• 787603e feat: pass skip_sha256=True to hf_xet for bucket uploads (#3900)
• 72871b9 Prepare for v1.8.0 release (#3927)
• 3770383 Release: v1.7.0
• c062fb7 Merge branch 'main' into v1.7-release
• 141fcfd feat: pass pre-computed SHA-256 to hf_xet upload (#3876)
• f945c6f Validate release notes have no extra PRs from other releases (#3926)
• c94df18 Release: v1.7.0.rc1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions