Bump hf-xet from 1.4.3 to 1.5.0 in /.github/actions/download-models

[dependabot]

Bumps hf-xet from 1.4.3 to 1.5.0.

Release notes

Sourced from hf-xet's releases.

[hf-xet v1.5.0] Session based API

Replaces the old upload_files / download_files / hash_files Python functions with a new object-oriented API that exposes XetSession and its child objects directly as PyO3 classes. This gives Python callers full control over session lifecycle, connection pooling, and progress reporting.

The previous module-level functions are kept under hf_xet/src/legacy/ and remain importable as from hf_xet import upload_files etc., but now emit DeprecationWarning.

New Python API

import hf_xet
Optional: create a custom config (immutable; use .with_config() to derive updates)
config = hf_xet.XetConfig().with_config("data.max_concurrent_file_ingestion", 8)
Create session; config is optional (defaults to XetConfig() with HF_XET_* env overrides)
session = hf_xet.XetSession(config=config)
Upload — multiple files, bytes, and streaming within one commit
with session.new_upload_commit(
endpoint="https://cas.xethub.hf.co",
token="jwt", token_expiry_unix_secs=9999999999,
token_refresh_url="https://…/xet-write-token/main",
token_refresh_headers={"Authorization": "Bearer hf_…"},
) as commit:
h1 = commit.start_upload_file("/path/to/model.bin")
h2 = commit.start_upload_file("/path/to/tokenizer.json", sha256="f2358d9a…")
h3 = commit.start_upload_bytes(b"...", name="config.json")
with commit.start_upload_stream(name="big.bin") as stream:
for chunk in produce_chunks():
    stream.write(chunk)

on normal exit: wait_to_finish() is called automatically
on exception:   abort() is called automatically
SHA-256 sentinels
commit.start_upload_file("/path/to/model.bin", sha256=hf_xet.COMPUTE_SHA256)  # default
commit.start_upload_file("/path/to/model.bin", sha256=hf_xet.SKIP_SHA256)     # skip
Progress callback — receives (GroupProgressReport, dict[UniqueID, ItemProgressReport])
def on_progress(group, items):
bar.n = group.total_bytes_completed
bar.refresh()
with session.new_upload_commit(
token_refresh_url="https://…/xet-write-token/main",
token_refresh_headers={"Authorization": "Bearer hf_…"},
progress_callback=on_progress,
progress_interval_ms=100,
) as commit:
commit.start_upload_file("/path/to/model.bin")
</tr></table>

... (truncated)

Commits

• 6ed5a00 Bump rustls-webpki from 0.103.10 to 0.103.13 (#823)
• 1629992 Add context manager for upload stream (#825)
• 9e804c2 Remove unnecessary UniqueId -> UniqueID type alias (#824)
• 23ec294 Expose XetSession APIs to Python (#792)
• d40f96b Fix spelling typos in comments and docs (#826)
• 18ebe48 Bump hf_xet rand to 0.10 (#811)
• 145b819 feat: expose CAS client factory and chunk cache re-exports (#730)
• 8df04e8 Potential fix for a couple of crates release issues (#806)
• b43c0ae Move XetRuntime model away from thread-local statics (#801)
• 7e91d1c Upgrade testing capability for GC simulations (#786)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)