Sourced from torch's releases.

PyTorch 2.12.1 Release, bug fix release

This release is meant to fix the following regressions and silent correctness issues:

Regression fixes

• Fix nondeterministic outputs in test_batch_invariance with FLASH_ATTN on NVIDIA B200 GPUs (#181248), fixed by updating Triton to 3.7.1 (#186814)
• Fix illegal memory access in the Triton convolution2d_bwd_weight kernel on B100/B200 (sm100) GPUs (#187081), fixed by updating Triton to 3.7.1 (#186814)
• Fix fill_ on byte-dtype views with misaligned storage offset (#186821)

Releng / Build

• Drop CPython 3.13t from the binary build matrix (#182951)

• 7269437 Update triton to 3.7.1 release (#186814)
• 88f16c2 [MPS] Fix fill_ on byte-dtype views with misaligned storage offset (#186821)
• ccf6e67 [release-only] Update version to 2.12.1 (#186813)
• 88a6dc7 Revive CUDA 12.9 nightly binary builds (#186015)
• ded5505 [CD] Drop CPython 3.13t from binary build matrix (#182951) (#186654)
• See full diff in compare view

Sourced from torchvision's releases.

TorchVision 0.27.1 Release

This is a patch release, which is compatible with PyTorch 2.12.1. There are no new features added.

• df56172 [release-only] bump version to 0.27.1
• See full diff in compare view

Sourced from ruff's releases.

0.15.17

Release Notes

Released on 2026-06-11.

Preview features

• Allow human-readable names in suppression comments (#25614)
• Fix handling of ignore comments within a disable/enable pair (#25845)
• Prioritize human-readable names in CLI output (#25869)
• Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
• [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
• [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
• [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
• [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

• Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
• [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

• [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
• [numpy] Drop autofix for np.in1d (NPY201) (#25612)
• [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

• Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

• Preserve whitespace for Quarto cell option comments (#25641)

CLI

• Allow rule names in ruff rule (#25640)

Other changes

• Fix playground diagnostics scrollbars (#25642)

Contributors

• @​SuryanshSS1011
• @​anishgirianish
• @​romero-deshaw
• @​karlhillx
• @​carljm

... (truncated)

Sourced from ruff's changelog.

0.15.17

Released on 2026-06-11.

Preview features

• Allow human-readable names in suppression comments (#25614)
• Fix handling of ignore comments within a disable/enable pair (#25845)
• Prioritize human-readable names in CLI output (#25869)
• Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
• [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
• [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
• [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
• [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

• Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
• [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

• [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
• [numpy] Drop autofix for np.in1d (NPY201) (#25612)
• [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

• Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

• Preserve whitespace for Quarto cell option comments (#25641)

CLI

• Allow rule names in ruff rule (#25640)

Other changes

• Fix playground diagnostics scrollbars (#25642)

Contributors

• @​SuryanshSS1011
• @​anishgirianish
• @​romero-deshaw
• @​karlhillx
• @​carljm
• @​ntBre

... (truncated)

• 7c645a9 Bump 0.15.17 (#25872)
• f381eb1 Prioritize human-readable names in CLI output (#25869)
• b9b4546 Minor workflow simplification (#25870)
• 1e77ba0 [ty] Move PreformattedBlockScanner to format-agnostic location. (#25856)
• 6f2b772 [ty] Preserve nominal type of enum.property instances (#25849)
• be4777c [ty] Fix site-package error when multiple versions of pythons are installed i...
• 53f6ff7 Allow human-readable names in suppression comments (#25614)
• 6740325 [ty] Restrict uncached raw signature access (#25866)
• 970b1bf Auto-update snapshots when syncing typeshed (#25841)
• 0785793 Fix handling of ignore comments within a disable/enable pair (#25845)
• Additional commits viewable in compare view

Sourced from ty's releases.

0.0.50

Release Notes

Released on 2026-06-17.

Bug fixes

• Avoid cross-TypeVar leakage in generic inference (#26099)
• Fix panic from oscillating collection-use constraints (#26031)
• Preserve type variables in fixed tuple aliases (#26041)
• Respect ParamSpec binding contexts (#25993)
• Show bare Final as a special form on hover (#26029)
• Support options in functional dataclass calls (#25989)

LSP server

• Add context-sensitive keyword completions (#26036)
• Fix wildcard import symbol range (#25740)
• Highlight decorated methods consistently (#26003)
• Preserve narrowing after qualified TYPE_CHECKING (#26051)
• Respect client's content format preference (#25957)
• Retain all diagnostic annotations in the server (#26006)
• Track unused-binding captures across nested scopes (#25536)

Diagnostics

• Fix override diagnostics for decorated methods (#25671)
• Improve duplicate-base diagnostics (#26107)
• Reject invalid dataclass flag combinations (#25985)
• Reject legacy TypeVars in PEP 695 class bases (#25975)
• Reject legacy TypeVars in PEP 695 functions (#25979)
• Respect @no_type_check in function validation (#25994)

Performance

• Avoid rebuilding unchanged specializations (#25826)
• Avoid redundant equality intersections (#26057)
• Avoid retaining empty use-def tables (#26018)
• Compact retained definition inference extras (#25838)
• Deduplicate retained scope inference types (#25846)
• Disable LRU tracking for one-shot checks (#26106)
• Fast path collection literals with exact type contexts (#25878)
• Flatten retained declaration states (#25912)
• Improve flow snapshot performance (#26012)
• Skip stub package checks in stub-free search paths (#25963)
• Speed up large-union narrowing (#26048)
• Speed up module resolution for projects with many search paths (#25962)
• Store cumulative binding end offsets (#25913)
• Use compact frozen representation for narrowing constraints (#25990)

... (truncated)

Sourced from ty's changelog.

0.0.50

Released on 2026-06-17.

Bug fixes

• Avoid cross-TypeVar leakage in generic inference (#26099)
• Fix panic from oscillating collection-use constraints (#26031)
• Preserve type variables in fixed tuple aliases (#26041)
• Respect ParamSpec binding contexts (#25993)
• Show bare Final as a special form on hover (#26029)
• Support options in functional dataclass calls (#25989)

LSP server

• Add context-sensitive keyword completions (#26036)
• Fix wildcard import symbol range (#25740)
• Highlight decorated methods consistently (#26003)
• Preserve narrowing after qualified TYPE_CHECKING (#26051)
• Respect client's content format preference (#25957)
• Retain all diagnostic annotations in the server (#26006)
• Track unused-binding captures across nested scopes (#25536)

Diagnostics

• Fix override diagnostics for decorated methods (#25671)
• Improve duplicate-base diagnostics (#26107)
• Reject invalid dataclass flag combinations (#25985)
• Reject legacy TypeVars in PEP 695 class bases (#25975)
• Reject legacy TypeVars in PEP 695 functions (#25979)
• Respect @no_type_check in function validation (#25994)

Performance

• Avoid rebuilding unchanged specializations (#25826)
• Avoid redundant equality intersections (#26057)
• Avoid retaining empty use-def tables (#26018)
• Compact retained definition inference extras (#25838)
• Deduplicate retained scope inference types (#25846)
• Disable LRU tracking for one-shot checks (#26106)
• Fast path collection literals with exact type contexts (#25878)
• Flatten retained declaration states (#25912)
• Improve flow snapshot performance (#26012)
• Skip stub package checks in stub-free search paths (#25963)
• Speed up large-union narrowing (#26048)
• Speed up module resolution for projects with many search paths (#25962)
• Store cumulative binding end offsets (#25913)
• Use compact frozen representation for narrowing constraints (#25990)

Core type checking

... (truncated)

• 8c5c8c1 Bump version to 0.0.50 (#3800)
• 42a9002 Update benchmarks for ty 0.0.50 (#3799)
• f515f25 Pass PyPI version to ty-pre-commit when triggering a release in that repo (#3...
• b669da8 Bump version to 0.0.49 (#3749)
• 79f0f51 Fixups to new AGENTS.md file (#3741)
• d621352 alex/generated workflow agents (#3740)
• See full diff in compare view

Sourced from pytest's releases.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

• #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

  If this is undesirable, move the fixture definition to a conftest.py file if possible.

  Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

• #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

  See 10819 and 14011.

• #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

  See dynamic-fixture-request-during-teardown for details.

• #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

  These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

  See parametrize-iterators for details and suggestions.

• #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

  See config-inicfg for more details.

• #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

  Use the node parameter instead for fixture scoping. This enables more robust node-based matching instead of string prefix matching. If you've used nodeid=None, pass node=session instead.

  This will be removed in pytest 10.

• #14335: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10. See hook-markers for more details.

• #14434: The --pastebin option is now deprecated.

... (truncated)

• b2522cf Prepare release version 9.1.0
• 368d2fc [refactor] Tighten SetComparisonFunction to Iterator[str] (#14587)
• ff77cd8 [refactor] Make base assertion comparisons return an iterator instead of a li...
• 0d8491a build(deps): Bump actions/stale from 10.2.0 to 10.3.0
• 4a809d9 Merge pull request #14568 from pytest-dev/register-fixture
• 5dfa385 Fix recursion traceback test to cover all styles (#14582)
• f52ff0c Add pytest.register_fixture
• a8ac094 Merge pull request #14567 from pytest-dev/more-visibility-deprecate
• e5620cd [pre-commit.ci] pre-commit autoupdate (#14577)
• 2ce9c6d Merge pull request #14540 from minbang930/fix-14533-doctest-module-fixtures
• Additional commits viewable in compare view

Sourced from huggingface-hub's releases.

[v1.19.0] Trusted Publishers, hf:// URIs, and expose-ports for Jobs

🔐 Keyless CI/CD auth via OIDC token exchange

CI workflows can now authenticate to the Hub without storing an HF_TOKEN secret, using Trusted Publishers. Set HF_OIDC_RESOURCE to the repo (or username) you want to scope the token to, and huggingface_hub performs the OIDC exchange under the hood — no token, no setup code. GitHub Actions is supported out of the box (with permissions: id-token: write), and other providers can pass a pre-minted ID token via HF_OIDC_ID_TOKEN. Exchanged tokens are short-lived (1 hour), repo-scoped, and cached locally with automatic refresh.

# Publish a model without storing any HF_TOKEN secret
- name: Push the model
  env:
    HF_OIDC_RESOURCE: acme/awesome-model
  run: hf upload acme/awesome-model ./model .

• [Auth] Keyless CI/CD auth via OIDC token exchange by @​hanouticelina in #4326

📚 Documentation: Trusted Publishers

🖥️ hf:// URIs for upload and download

hf upload and hf download now accept an hf:// URI in place of the positional repo ID. The URI encodes repo type, revision, and file path in a single string following the grammar hf://[<TYPE>/]<ID>[@<REVISION>][/<PATH>], so you no longer need separate --repo-type and --revision flags. When a URI is provided, it is the single source of truth — passing --repo-type or --revision on top of it raises an error, and a path in the URI cannot be combined with positional filenames (download) or path_in_repo (upload).

# Download a single file from a dataset at a given revision
hf download hf://datasets/HuggingFaceM4/FineVision@refs/pr/1/data/train.parquet
Download an entire repo
hf download hf://datasets/google/fleurs
Upload a file to a dataset on a specific branch
hf upload hf://datasets/Wauplin/my-cool-dataset@my-branch/data/train.csv ./train.csv

• [CLI] Support hf:// URIs in hf upload and hf download by @​Wauplin in #4297

📚 Documentation: CLI guide — hf:// URIs · Download guide · Upload guide

🚀 Expose job ports through the jobs proxy

Jobs can now expose container ports through the public jobs proxy using --expose <port> (CLI) or expose=[8000] (Python API). Each exposed port is reachable at https://<job_id>--<port>.hf.jobs and requires an HF token with read access to the job's namespace. This works on hf jobs run, hf jobs uv run, and their scheduled variants. Job responses now surface expose_urls on JobStatus.

# Expose a web server running on port 8000
> hf jobs run --expose 8000 python:3.12 python -m http.server 8000
✓ Job started
  id: 6a2aa7cec4f53f9fc5aa4cff
  url: https://huggingface.co/jobs/Wauplin/6a2aa7cec4f53f9fc5aa4cff
Hint: Exposed ports are reachable at (requires an HF token with read access to the job):
  https://6a2aa7cec4f53f9fc5aa4cff--8000.hf.jobs
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

... (truncated)

• b1909eb Release: v1.19.0
• fe27c47 OIDC: Include error_description in HTTP error messages (#4341)
• 68dd701 Release: v1.19.0.rc1
• 934797e Release: v1.19.0.rc0
• 69ef7d7 [Agent] Dynamic agent harness registry (#4325)
• f6b439c [fix] Transient locaion error due to CDN (#4339)
• f1f2c43 Fix ignored-pattern warning grammar in download CLI (#4337)
• 92009d4 [Tests] Add xet/no_xet pytest markers to filter Xet vs non-Xet tests (#4336)
• e3b6d5b [Auth] Keyless CI/CD auth via OIDC token exchange (#4326)
• 8e4ca5c [CI] Remove .github/workflows/python-prerelease.yml (#4335)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions