Skip to content

Build(deps): Bump the pip group across 2 directories with 2 updates#2226

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pipelines/core_entities/pip-e047871e69
Open

Build(deps): Bump the pip group across 2 directories with 2 updates#2226
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pipelines/core_entities/pip-e047871e69

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the pip group with 1 update in the /pipelines/core_entities directory: pyspark.
Bumps the pip group with 2 updates in the /pipelines/matrix directory: pyspark and mlflow.

Updates pyspark from 3.5.1 to 3.5.2

Commits
  • bb7846d Preparing Spark release v3.5.2-rc5
  • d13808c [SPARK-49099][SQL][FOLLOWUP][3.5] recover tests in DDLSuite
  • f2e2601 [SPARK-49099][SQL] CatalogManager.setCurrentNamespace should respect custom s...
  • b33a3ee [SPARK-48791][CORE][FOLLOW-UP][3.5] Fix regression caused by immutable conver...
  • 98eaaa5 [SPARK-49094][SQL] Fix ignoreCorruptFiles non-functioning for hive orc impl w...
  • 0008bd1 [SPARK-49000][SQL][3.5] Fix "select count(distinct 1) from t" where t is empt...
  • 4f9dbc3 [SPARK-49066][SQL][TESTS][3.5] Refactor OrcEncryptionSuite and make `spark....
  • a1e7fb1 [SPARK-49065][SQL] Rebasing in legacy formatters/parsers must support non JVM...
  • 94558f6 Revert "[SPARK-49000][SQL] Fix "select count(distinct 1) from t" where t is e...
  • 36f9a4b Revert "[SPARK-49066][SQL][TESTS] Refactor OrcEncryptionSuite and make `spa...
  • Additional commits viewable in compare view

Updates pyspark from 3.5.1 to 3.5.2

Commits
  • bb7846d Preparing Spark release v3.5.2-rc5
  • d13808c [SPARK-49099][SQL][FOLLOWUP][3.5] recover tests in DDLSuite
  • f2e2601 [SPARK-49099][SQL] CatalogManager.setCurrentNamespace should respect custom s...
  • b33a3ee [SPARK-48791][CORE][FOLLOW-UP][3.5] Fix regression caused by immutable conver...
  • 98eaaa5 [SPARK-49094][SQL] Fix ignoreCorruptFiles non-functioning for hive orc impl w...
  • 0008bd1 [SPARK-49000][SQL][3.5] Fix "select count(distinct 1) from t" where t is empt...
  • 4f9dbc3 [SPARK-49066][SQL][TESTS][3.5] Refactor OrcEncryptionSuite and make `spark....
  • a1e7fb1 [SPARK-49065][SQL] Rebasing in legacy formatters/parsers must support non JVM...
  • 94558f6 Revert "[SPARK-49000][SQL] Fix "select count(distinct 1) from t" where t is e...
  • 36f9a4b Revert "[SPARK-49066][SQL][TESTS] Refactor OrcEncryptionSuite and make `spa...
  • Additional commits viewable in compare view

Updates mlflow from 2.20.3 to 3.11.1

Release notes

Sourced from mlflow's releases.

v3.11.1

MLflow 3.11.1 includes several major features and improvements.

Major New Features:

  • 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. Docs (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
  • 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. Docs (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
  • 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. Docs (#20607, @​joelrobin18)
  • 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. Docs (#21494, #21495, @​B-Step62)
  • 🔧 OpenCode Tracing Integration: Debug smarter with OpenCode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. Docs (#20133, @​joelrobin18)
  • Native UV Support for Model Dependencies: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. Docs (#20344, #20935, @​debu-sinha)
  • 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. Docs (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

  • ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing@mlflow/core, mlflow-openai@mlflow/openai, mlflow-anthropic@mlflow/anthropic, mlflow-gemini@mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)
  • Remove MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable (#22182, @​PattaraS)
  • Remove litellm and gepa from genai extras (#22059, @​TomeHirata)
  • Block / and : in Registered Model names (#21458, @​Bhuvan-08)

Features:

... (truncated)

Changelog

Sourced from mlflow's changelog.

3.11.1 (2026-04-07)

MLflow 3.11.1 includes several major features and improvements.

Major New Features:

  • 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. Docs (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
  • 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. Docs (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
  • 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. Docs (#20607, @​joelrobin18)
  • 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. Docs (#21494, #21495, @​B-Step62)
  • 🔧 OpenCode Tracing Integration: Debug smarter with OpenCode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. Docs (#20133, @​joelrobin18)
  • Native UV Support for Model Dependencies: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. Docs (#20344, #20935, @​debu-sinha)
  • 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. Docs (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

  • ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing@mlflow/core, mlflow-openai@mlflow/openai, mlflow-anthropic@mlflow/anthropic, mlflow-gemini@mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)
  • Remove MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable (#22182, @​PattaraS)
  • Remove litellm and gepa from genai extras (#22059, @​TomeHirata)
  • Block / and : in Registered Model names (#21458, @​Bhuvan-08)

Features:

... (truncated)

Commits
  • 09179c6 Bump version to 3.11.1 (#22400)
  • 38d75c2 Fix DatabricksProvider to use OpenAI-compatible endpoint URLs (#22393)
  • 0734e56 fix
  • 46a2d4d fix
  • 7a6b01b format
  • 8b71fa7 Fix _lookup_model_info all-provider scan causing network latency (#22369)
  • deaffc1 Update model catalog CI workflow to use update_model_catalog.py (#22261)
  • 1b87ff3 Add aiohttp as a core dependency of mlflow (#22189)
  • 7f08e88 Normalize get_provider_name() to align with `model_prices_and_context_windo...
  • bd3114b Move LLM calling utilities to mlflow/genai/utils/llm_utils.py (#22234)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Build(deps): Bump the pip group across 2 directories with 2 updates
5474dfa 
Bumps the pip group with 1 update in the /pipelines/core_entities directory: [pyspark](https://github.com/apache/spark).
Bumps the pip group with 2 updates in the /pipelines/matrix directory: [pyspark](https://github.com/apache/spark) and [mlflow](https://github.com/mlflow/mlflow).


Updates `pyspark` from 3.5.1 to 3.5.2
- [Commits](apache/spark@v3.5.1...v3.5.2)

Updates `pyspark` from 3.5.1 to 3.5.2
- [Commits](apache/spark@v3.5.1...v3.5.2)

Updates `mlflow` from 2.20.3 to 3.11.1
- [Release notes](https://github.com/mlflow/mlflow/releases)
- [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md)
- [Commits](mlflow/mlflow@v2.20.3...v3.11.1)

---
updated-dependencies:
- dependency-name: pyspark
  dependency-version: 3.5.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyspark
  dependency-version: 3.5.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: mlflow
  dependency-version: 3.11.1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 8, 2026 19:53
@dependabot dependabot Bot requested a review from lvijnck June 8, 2026 19:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lvijnck lvijnck Awaiting requested review from lvijnck lvijnck is a code owner automatically assigned from everycure-org/core-maintainers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants