Skip to content

Build(deps): Bump the uv group across 1 directory with 2 updates#2028

Closed
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/uv/pipelines/matrix/uv-1ad2da6f31
Closed

Build(deps): Bump the uv group across 1 directory with 2 updates#2028
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/uv/pipelines/matrix/uv-1ad2da6f31

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jan 13, 2026
edited
Loading

Bumps the uv group with 2 updates in the /pipelines/matrix directory: mlflow and torch.

Updates mlflow from 2.20.3 to 3.5.0rc0

Release notes

Sourced from mlflow's releases.

v3.5.0rc0

MLflow 3.5.0rc0 includes several major features and improvements

Major new features:

  • 🤖 Tracing support for Claude Code SDK: MLflow now provides a tracing integration for both the Claude Code CLI and SDK! Configure the autologging integration to track your prompts, Claude's responses, tool calls, and more. Check out this doc page to get started. (#18022, @​smoorjani)
  • Improved UI homepage: The MLflow UI's homepage has been updated to help you get started with more of our latest features. This page will be updated regularly moving forward, allowing you to get more in-product guidance. (#18098, @​B-Step62)
  • 🗂️ Evaluation datasets UI integration: In MLflow 3.4.0, we released backend support for creating evaluation datasets for GenAI applications. In this release, we've added a new tab to the MLflow Experiment UI, allowing you to create, manage, and export traces to your datasets without having to write a line of code. (#18110, @​daniellok-db)
  • 🧮 GEPA support for prompt optimization: MLflow's prompt optimization feature now supports the GEPA algorithm, allowing you to achieve higher performing prompts with less rollouts. For instructions on how to get started with prompt optimization, visit this doc page! (#18031, @​TomeHirata)
  • 🔐 Security middleware layer for tracking server: MLflow now ships with a security middleware layer by default, allowing you to protect against DNS rebinding, CORS attacks, and more. Read the documentation here to learn how to configure these options. (#17910, @​BenWilson2)

Stay tuned for the full release, which will be packed with more features and bugfixes.

To try out this release candidate, please run:

pip install mlflow==3.5.0rc0

v3.4.0

MLflow 3.4.0rc0 includes several major features and improvements

Major New Features

  • 📊 OpenTelemetry Metrics Export: MLflow now exports span-level statistics as OpenTelemetry metrics, providing enhanced observability and monitoring capabilities for traced applications. (#17325, @​dbczumar)
  • 🤖 MCP Server Integration: Introducing the Model Context Protocol (MCP) server for MLflow, enabling AI assistants and LLMs to interact with MLflow programmatically. (#17122, @​harupy)
  • 🧑‍⚖️ Custom Judges API: New make_judge API enables creation of custom evaluation judges for assessing LLM outputs with domain-specific criteria. (#17647, @​BenWilson2, @​dbczumar, @​alkispoly-db, @​smoorjani)
  • 📈 Correlations Backend: Implemented backend infrastructure for storing and computing correlations between experiment metrics using NPMI (Normalized Pointwise Mutual Information). (#17309, #17368, @​BenWilson2)
  • 🗂️ Evaluation Datasets: MLflow now supports storing and versioning evaluation datasets directly within experiments for reproducible model assessment. (#17447, @​BenWilson2)
  • 🔗 Databricks Backend for MLflow Server: MLflow server can now use Databricks as a backend, enabling seamless integration with Databricks workspaces. (#17411, @​nsthorat)
  • 🤖 Claude Autologging: Automatic tracing support for Claude AI interactions, capturing conversations and model responses. (#17305, @​smoorjani)
  • 🌊 Strands Agent Tracing: Added comprehensive tracing support for Strands agents, including automatic instrumentation for agent workflows and interactions. (#17151, @​joelrobin18)
  • 🧪 Experiment Types in UI: MLflow now introduces experiment types, helping reduce clutter between classic ML/DL and GenAI features. MLflow auto-detects the type, but you can easily adjust it via a selector next to the experiment name. (#17605, @​daniellok-db)

Features:

... (truncated)

Changelog

Sourced from mlflow's changelog.

3.5.0rc0 (2025-10-08)

MLflow 3.5.0rc0 includes several major features and improvements

Major new features:

  • 🤖 Tracing support for Claude Code SDK: MLflow now provides a tracing integration for both the Claude Code CLI and SDK! Configure the autologging integration to track your prompts, Claude's responses, tool calls, and more. Check out this doc page to get started. (#18022, @​smoorjani)
  • Improved UI homepage: The MLflow UI's homepage has been updated to help you get started with more of our latest features. This page will be updated regularly moving forward, allowing you to get more in-product guidance.
  • 🗂️ Evaluation datasets UI integration: In MLflow 3.4.0, we released backend support for creating evaluation datasets for GenAI applications. In this release, we've added a new tab to the MLflow Experiment UI, allowing you to create, manage, and export traces to your datasets without having to write a line of code.
  • 🧮 GEPA support for prompt optimization: MLflow's prompt optimization feature now supports the GEPA algorithm, allowing you to achieve higher performing prompts with less rollouts. For instructions on how to get started with prompt optimization, visit this doc page!
  • 🔐 Security middleware layer for tracking server: MLflow now ships with a security middleware layer by default, allowing you to protect against DNS rebinding, CORS attacks, and more. Read the documentation here to learn how to configure these options.

Stay tuned for the full release, which will be packed with more features and bugfixes.

To try out this release candidate, please run:

pip install mlflow==3.5.0rc0

3.4.0rc0 (2025-09-11)

MLflow 3.4.0rc0 includes several major features and improvements

Major New Features

  • 📊 OpenTelemetry Metrics Export: MLflow now exports span-level statistics as OpenTelemetry metrics, providing enhanced observability and monitoring capabilities for traced applications. (#17325, @​dbczumar)
  • 🤖 MCP Server Integration: Introducing the Model Context Protocol (MCP) server for MLflow, enabling AI assistants and LLMs to interact with MLflow programmatically. (#17122, @​harupy)
  • 🧑‍⚖️ Custom Judges API: New make_judge API enables creation of custom evaluation judges for assessing LLM outputs with domain-specific criteria. (#17647, @​BenWilson2, @​dbczumar, @​alkispoly-db, @​smoorjani)
  • 📈 Correlations Backend: Implemented backend infrastructure for storing and computing correlations between experiment metrics using NPMI (Normalized Pointwise Mutual Information). (#17309, #17368, @​BenWilson2)
  • 🗂️ Evaluation Datasets: MLflow now supports storing and versioning evaluation datasets directly within experiments for reproducible model assessment. (#17447, @​BenWilson2)
  • 🔗 Databricks Backend for MLflow Server: MLflow server can now use Databricks as a backend, enabling seamless integration with Databricks workspaces. (#17411, @​nsthorat)
  • 🤖 Claude Autologging: Automatic tracing support for Claude AI interactions, capturing conversations and model responses. (#17305, @​smoorjani)
  • 🌊 Strands Agent Tracing: Added comprehensive tracing support for Strands agents, including automatic instrumentation for agent workflows and interactions. (#17151, @​joelrobin18)
  • 🧪 Experiment Types in UI: MLflow now introduces experiment types, helping reduce clutter between classic ML/DL and GenAI features. MLflow auto-detects the type, but you can easily adjust it via a selector next to the experiment name. (#17605, @​daniellok-db)

Features:

... (truncated)

Commits
  • 19c618c Run python3 dev/update_mlflow_versions.py pre-release ... (#18181)
  • 13115e4 Support GEPA in mlflow.genai.optimize_prompt (#18031)
  • fa83107 Run python3 dev/update_ml_package_versions.py (#18177)
  • 16fc22f Add uv lock call after pyproject.toml generation in DEV branch (#18180)
  • be2125a Run python3 dev/update_requirements.py && python3 bin/... (#18176)
  • 2fd3145 Dump sql_warehouse_id into trace UI mimebundle (#18165)
  • 5cb6a95 Replace Docker with uv in tests/test_import.py for faster test execution (#18...
  • eaadd39 Add support for trace inputs to built-in scorers (#17943)
  • 30f2f55 Add B012 (jump-statement-in-finally) rule to ruff configuration (#18170)
  • 97ac7e1 Increase MAX_DOCSTRING_LENGTH_RATIO to 1.25 and remove redundant test docstri...
  • Additional commits viewable in compare view

Updates torch from 2.7.1 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

Highlights

... (truncated)

Commits
  • ba56102 Cherrypick: Add the RunLLM widget to the website (#159592)
  • c525a02 [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (#15...
  • a1cb3cc [Release Only] Remove nvshmem from list of preload libraries (#158925)
  • c76b235 Move out super large one off foreach_copy test (#158880)
  • 20a0e22 Revert "[Dynamo] Allow inlining into AO quantization modules (#152934)" (#158...
  • 9167ac8 [MPS] Switch Cholesky decomp to column wise (#158237)
  • 5534685 [MPS] Reimplement tri[ul] as Metal shaders (#158867)
  • d19e08d Cherry pick PR 158746 (#158801)
  • a6c044a [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...
  • 620ebd0 [Dynamo] Use proper sources for constructing dataclass defaults (#158689)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jan 13, 2026
@dependabot dependabot Bot requested a review from a team as a code owner January 13, 2026 20:10
@dependabot dependabot Bot requested a review from matwasilewski January 13, 2026 20:10
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jan 13, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/pipelines/matrix/uv-1ad2da6f31 branch from 94da319 to 9cbfaeb Compare January 21, 2026 15:48
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jan 22, 2026

Dependabot couldn't access the repository. Because of this, Dependabot cannot update this pull request.

@dependabot
Build(deps): Bump the uv group across 1 directory with 2 updates
05a1e7e 
Bumps the uv group with 2 updates in the /pipelines/matrix directory: [mlflow](https://github.com/mlflow/mlflow) and [torch](https://github.com/pytorch/pytorch).


Updates `mlflow` from 2.20.3 to 3.5.0rc0
- [Release notes](https://github.com/mlflow/mlflow/releases)
- [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md)
- [Commits](mlflow/mlflow@v2.20.3...v3.5.0rc0)

Updates `torch` from 2.7.1 to 2.8.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.7.1...v2.8.0)

---
updated-dependencies:
- dependency-name: mlflow
  dependency-version: 3.5.0rc0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: torch
  dependency-version: 2.8.0
  dependency-type: direct:production
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/pipelines/matrix/uv-1ad2da6f31 branch from 9cbfaeb to 05a1e7e Compare January 27, 2026 16:59
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 11, 2026

This pull request has been automatically marked as stale because it has had no activity in the last 14 days.

If this PR is still relevant:

  • Please update it to the latest main/master branch
  • Address any existing review comments
  • Leave a comment to keep it open

Otherwise, it will be closed in 2 weeks if no further activity occurs.

@github-actions github-actions Bot added the stale label Feb 11, 2026
@github-actions github-actions Bot removed the stale label Feb 12, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 27, 2026

This pull request has been automatically marked as stale because it has had no activity in the last 14 days.

If this PR is still relevant:

  • Please update it to the latest main/master branch
  • Address any existing review comments
  • Leave a comment to keep it open

Otherwise, it will be closed in 2 weeks if no further activity occurs.

@github-actions github-actions Bot added the stale label Feb 27, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 14, 2026

This pull request has been automatically closed because it has been stale for 90 days with no activity.

If you believe this is still relevant, please feel free to reopen it or create a new PR.

@github-actions github-actions Bot closed this Mar 14, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 14, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/uv/pipelines/matrix/uv-1ad2da6f31 branch March 14, 2026 00:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matwasilewski matwasilewski Awaiting requested review from matwasilewski matwasilewski is a code owner automatically assigned from everycure-org/core-maintainers

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Dashing-Nelson