pip(deps): bump huggingface-hub from 1.13.0 to 1.14.0

[dependabot]

Bumps huggingface-hub from 1.13.0 to 1.14.0.

Release notes

Sourced from huggingface-hub's releases.

[v1.14.0] Handle Spaces secrets & variables from CLI and other improvements

🖥️ Manage Space secrets and variables from the CLI

You can now manage Space secrets and environment variables directly from the command line with two new hf spaces subgroups: secrets and variables. Use hf spaces secrets to add, list, and delete write-only secrets, and hf spaces variables to add, list, and delete readable environment variables. Both add commands support multiple -s/-e flags and --secrets-file/-env-file for loading from dotenv files. On the Python side, HfApi.get_space_secrets() returns secret metadata (key, description, updated timestamp) without ever revealing values.

# List secrets (values are write-only — only keys and timestamps are shown)
$ hf spaces secrets ls username/my-space
Add secrets
$ hf spaces secrets add username/my-space -s OPENAI_API_KEY=sk-...
$ hf spaces secrets add username/my-space --secrets-file .env.secrets
Delete a secret (confirmation prompt, use --yes to skip)
$ hf spaces secrets delete username/my-space OPENAI_API_KEY --yes
List, add, and delete variables (values are readable)
$ hf spaces variables ls username/my-space
$ hf spaces variables add username/my-space -e MODEL_ID=gpt2 -e MAX_TOKENS=512
$ hf spaces variables delete username/my-space MAX_TOKENS --yes

• [CLI] Add hf spaces secrets and variables subgroups by @​davanstrien in #4170
• [CLI] Add get_space_secrets + hf spaces secrets ls by @​Wauplin in #4182

📚 Documentation: CLI guide · Manage your Space

🪣 Rsync-style trailing slash for bucket folder copies

hf buckets cp now supports rsync-style trailing slash semantics when copying folders. A trailing / on the source path copies only the folder's contents to the destination, while omitting it nests the folder itself — matching the behavior you'd expect from rsync. This makes it possible to flatten directory structures during copies, which was not possible before. Additionally, copy_files now raises an explicit EntryNotFoundError when the source path resolves to no files, instead of silently succeeding with zero operations.

# Without trailing slash: "logs" dir is nested => dst/logs/...
$ hf buckets cp hf://buckets/username/src-bucket/logs hf://buckets/username/dst/
With trailing slash: only contents of "logs" are copied => dst/...
$ hf buckets cp hf://buckets/username/src-bucket/logs/ hf://buckets/username/dst/

• [Buckets] Support rsync-style trailing slash in copy_files by @​Wauplin in #4187
• [CLI] Raise error when copy_files source doesn't exist by @​Wauplin in #4186

📚 Documentation: Buckets guide · CLI guide

💔 Breaking Change

• [CLI] Rename hf skills upgrade -> hf skills update by @​hanouticelina in #4176 — hf skills upgrade no longer exists; use hf skills update instead.
• [CLI] Add out.status() by @​hanouticelina in #4171 — status updates (spinners/progress) on hf extensions install and hf spaces dev-mode are now suppressed when using --format json, --quiet, or --format agent.

🖥️ CLI

... (truncated)

Commits

• 2ea0c83 Release: v1.14.0
• f7cffc7 Release: v1.14.0.rc0
• ac0156b style
• 32476d9 Update typer dependency version in setup.py (#4193)
• fadab7a [CLI] Raise error when copy_files source doesn't exist (#4186)
• 7c0abeb [CLI] Add get_space_secrets + hf spaces secrets ls (#4182)
• 51adb8f [Buckets] Support rsync-style trailing slash in copy_files to copy folder con...
• 22eaf89 [internal] Untrack useless files (#4191)
• 2774771 Update unit test warnings check to ignore unrelated deprecation warnings (#4188)
• 3d19907 [CLI] Support hf -v to print version (#4185)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: python. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[ttlequals0]

Rolled into #200 (merged as ed73901, shipped in v2.1.7). Closing.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.