Bump the pip group across 1 directory with 2 updates by dependabot[bot] · Pull Request #4 · fleetopt/fleet-optimization

dependabot · 2026-05-24T19:37:10Z

Bumps the pip group with 2 updates in the / directory: prefect and mlflow.

Updates prefect from 3.4.14 to 3.6.28.dev2

Release notes

3.6.28.dev2: Nightly Development Release

What's Changed

Bug Fixes 🐞

Skip uv pip freeze in bundle creation when a non-uv launcher is set by @devin-ai-integration[bot] in PrefectHQ/prefect#21607

Fix DNS rebinding TOCTOU bypass in validate_restricted_url by @devin-ai-integration[bot] in PrefectHQ/prefect#21591

Development & Tidiness 🧹

fix(tests): prevent aiosqlite teardown race in legacy events/out test by @devin-ai-integration[bot] in PrefectHQ/prefect#21619

Documentation 📓

docs: Add release notes for prefect-kubernetes==0.7.8 by @devin-ai-integration[bot] in PrefectHQ/prefect#21611

Uncategorized

docs: clarify that uv pip freeze is skipped only for execution launcher overrides by @github-actions[bot] in PrefectHQ/prefect#21613

Fix _UnpicklingFuture.add_done_callback swallowing deserialization errors by @saschwartz in PrefectHQ/prefect#21612

fix(tests): raise asyncpg connection_timeout in unit test mode by @devin-ai-integration[bot] in PrefectHQ/prefect#21614

Full Changelog: PrefectHQ/prefect@3.6.28.dev1...3.6.28.dev2

3.6.28.dev1: Nightly Development Release

What's Changed

Bug Fixes 🐞

fix(prefect-shell): kill whole process tree on ShellOperation cleanup by @zzstoatzz in PrefectHQ/prefect#21586

Uncategorized

docs: document SIGTERM bridge and sanitize_subprocess_env in utilities AGENTS.md by @github-actions[bot] in PrefectHQ/prefect#21604

docs: document JSDOM CSS custom property and matchMedia mocking patterns by @github-actions[bot] in PrefectHQ/prefect#21605

Full Changelog: PrefectHQ/prefect@3.6.27...3.6.28.dev1

3.6.27 - When I cancel, you cancel

Enhancements ➕➕

Remove causal ordering from task run recorder by @chuqCTC in #21458

Enable cascading cancellation for in-process subflows by @desertaxle in #21477

Relax work-pool storage CLI to allow ambient cloud credentials by @desertaxle in #21578

Bug Fixes 🐞

Bump pydocket to >=0.19.0 and drop the fakeredis pin by @chrisguidry in #21512

URL-encode credentials in dict fallback path for git clone by @devin-ai-integration in #21540

Handle missing anyio.NoEventLoopError on older anyio versions by @devin-ai-integration in #21539

Fix serve not clearing work pool config on existing deployments by @vyagubov in #21528

Add validation for malformed block document placeholder format by @kuishou68 in #21501

Handle PydanticInvalidForJsonSchema in parameter schema generation by @devin-ai-integration in #21571

Eagerly rebuild task-run submission schemas by @desertaxle in #21556

Propagate contextvars to the flow heartbeat thread by @devin-ai-integration in #21577

... (truncated)

Commits

6f89b6d fix(tests): raise asyncpg connection_timeout in unit test mode (#21614)
1589b45 fix(tests): prevent aiosqlite teardown race in legacy events/out test (#21619)
7c70ac5 Fix DNS rebinding TOCTOU bypass in validate_restricted_url (#21591)
3458636 Fix _UnpicklingFuture.add_done_callback swallowing deserialization errors (#2...
3d18732 docs: clarify that uv pip freeze is skipped only for execution launcher overr...
36207f9 Skip uv pip freeze in bundle creation when a non-uv launcher is set (#21607)
8ab8ac4 docs: Add release notes for prefect-kubernetes==0.7.8 (#21611)
6373056 fix(prefect-shell): kill whole process tree on ShellOperation cleanup (#21586)
6dd5af5 docs: document JSDOM CSS custom property and matchMedia mocking patterns (#21...
9f9bed7 fix(ui-v2): default deployment detail tab to Details to match V1 (#21601)
Additional commits viewable in compare view

Updates mlflow from 3.11.0rc1 to 3.11.1

Release notes

Sourced from mlflow's releases.

v3.11.1

MLflow 3.11.1 includes several major features and improvements.

Major New Features:

🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. Docs (#21431, #21204, #21165, #21163, #21161, @smoorjani, @serena-ruan)

💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. Docs (#21116, #21534, #21569, #21473, #21108, @TomeHirata, @copilot-swe-agent)

📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. Docs (#20607, @joelrobin18)

🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. Docs (#21494, #21495, @B-Step62)

🔧 OpenCode Tracing Integration: Debug smarter with OpenCode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. Docs (#20133, @joelrobin18)

⚡ Native UV Support for Model Dependencies: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. Docs (#20344, #20935, @debu-sinha)

🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. Docs (#21404, #21188, #20774, @WeichenXu123)

Breaking Changes:

⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing → @mlflow/core, mlflow-openai → @mlflow/openai, mlflow-anthropic → @mlflow/anthropic, mlflow-gemini → @mlflow/gemini. All packages are now at version 0.2.0. (#20792, @B-Step62)

Remove MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable (#22182, @PattaraS)

Remove litellm and gepa from genai extras (#22059, @TomeHirata)

Block / and : in Registered Model names (#21458, @Bhuvan-08)

Features:

[Evaluation] Allow MetaPromptOptimizer to work without litellm (#22233, @TomeHirata)

[Tracking] Update Databricks API calls to use new gRPC APIs instead of py4j APIs (#22205, @WeichenXu123)

[Build] Add aiohttp as a core dependency of mlflow (#22189, @TomeHirata)

[Evaluation] Extend _get_provider_instance with groq, deepseek, xai, openrouter, ollama, databricks, vertex_ai (#22148, @kriscon-db)

[UI] Move native providers to non-LiteLLM in gateway UI (#22203, @TomeHirata)

[Tracing / Tracking] Add trace_location parameter to create_experiment (#22075, @dbrx-euirim)

[Gateway] Complete Bedrock provider with Converse API support (#21999, @TomeHirata)

[Gateway] Add native Vertex AI gateway provider (#21998, @TomeHirata)

[Gateway] Add native Databricks gateway provider (#21997, @TomeHirata)

[Gateway] Add native Ollama gateway provider (#21995, @TomeHirata)

[Gateway] Add native xAI (Grok) gateway provider (#21993, @TomeHirata)

[Tracing] Use bulk upsert in log_spans() to eliminate per-span ORM overhead (#21954, @harupy)

[Tracing] Add builtin cost_per_token to remove litellm dependency for cost tracking (#22046, @TomeHirata)

[Evaluation] Remove LiteLLM hard dependency from the discovery pipeline and judge adapters (#21739, @harupy)

[Evaluation] Add pipelined predict-score execution for mlflow.genai.evaluate (#20940, @alkispoly-db)

[Tracing / Tracking] Default trace location table_prefix to experiment ID in set_experiment (#21815, @danielseong1)

[Tracking] Add default uvicorn log config with timestamps (#21838, @harupy)

[Tracing / UI] Add Session ID filter to GenAI traces table filter dropdown (#21794, @daniellok-db)

[Evaluation / UI] Add Default Credential Chain auth mode for Bedrock/SageMaker in AI Gateway (#21061, @timsolovev)

[UI] Add multi metric bar chart support (#21258, @RenzoMXD)

[Tracking] Add TCP keepalive to HTTP sessions to detect stale connections and reduce timeout hangs (#21514, @mobaniha)

[Evaluation] Add proxy URL support for make_judge (#21185, @yukimori)

[UI] Improve run group filter to use grouping criteria instead of run IDs (#21072, @daniellok-db)

[UI] Add tool selector to Tool Calls charts and fix dark mode/sizing (#20865, @B-Step62)

[UI] Graph View Traces + OpenAI (#20607, @joelrobin18)

[UI] Show run description in chart tooltip (#21580, @KaushalVachhani)

[Evaluation / Tracing / UI] Add bulk judge execution from traces table toolbar with status feedback (#21270, @PattaraS)

[Gateway] Add Redis-backed BudgetTracker for distributed gateway deployments (#21504, @TomeHirata)

... (truncated)

Changelog

Sourced from mlflow's changelog.

3.11.1 (2026-04-07)

MLflow 3.11.1 includes several major features and improvements.

Major New Features:

🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. Docs (#21431, #21204, #21165, #21163, #21161, @smoorjani, @serena-ruan)

💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. Docs (#21116, #21534, #21569, #21473, #21108, @TomeHirata, @copilot-swe-agent)

📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. Docs (#20607, @joelrobin18)

🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. Docs (#21494, #21495, @B-Step62)

🔧 OpenCode Tracing Integration: Debug smarter with OpenCode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. Docs (#20133, @joelrobin18)

⚡ Native UV Support for Model Dependencies: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. Docs (#20344, #20935, @debu-sinha)

🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. Docs (#21404, #21188, #20774, @WeichenXu123)

Breaking Changes:

⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing → @mlflow/core, mlflow-openai → @mlflow/openai, mlflow-anthropic → @mlflow/anthropic, mlflow-gemini → @mlflow/gemini. All packages are now at version 0.2.0. (#20792, @B-Step62)

Remove MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable (#22182, @PattaraS)

Remove litellm and gepa from genai extras (#22059, @TomeHirata)

Block / and : in Registered Model names (#21458, @Bhuvan-08)

Features:

[Evaluation] Allow MetaPromptOptimizer to work without litellm (#22233, @TomeHirata)

[Tracking] Update Databricks API calls to use new gRPC APIs instead of py4j APIs (#22205, @WeichenXu123)

[Build] Add aiohttp as a core dependency of mlflow (#22189, @TomeHirata)

[Evaluation] Extend _get_provider_instance with groq, deepseek, xai, openrouter, ollama, databricks, vertex_ai (#22148, @kriscon-db)

[UI] Move native providers to non-LiteLLM in gateway UI (#22203, @TomeHirata)

[Tracing / Tracking] Add trace_location parameter to create_experiment (#22075, @dbrx-euirim)

[Gateway] Complete Bedrock provider with Converse API support (#21999, @TomeHirata)

[Gateway] Add native Vertex AI gateway provider (#21998, @TomeHirata)

[Gateway] Add native Databricks gateway provider (#21997, @TomeHirata)

[Gateway] Add native Ollama gateway provider (#21995, @TomeHirata)

[Gateway] Add native xAI (Grok) gateway provider (#21993, @TomeHirata)

[Tracing] Use bulk upsert in log_spans() to eliminate per-span ORM overhead (#21954, @harupy)

[Tracing] Add builtin cost_per_token to remove litellm dependency for cost tracking (#22046, @TomeHirata)

[Evaluation] Remove LiteLLM hard dependency from the discovery pipeline and judge adapters (#21739, @harupy)

[Evaluation] Add pipelined predict-score execution for mlflow.genai.evaluate (#20940, @alkispoly-db)

[Tracing / Tracking] Default trace location table_prefix to experiment ID in set_experiment (#21815, @danielseong1)

[Tracking] Add default uvicorn log config with timestamps (#21838, @harupy)

[Tracing / UI] Add Session ID filter to GenAI traces table filter dropdown (#21794, @daniellok-db)

[Evaluation / UI] Add Default Credential Chain auth mode for Bedrock/SageMaker in AI Gateway (#21061, @timsolovev)

[UI] Add multi metric bar chart support (#21258, @RenzoMXD)

[Tracking] Add TCP keepalive to HTTP sessions to detect stale connections and reduce timeout hangs (#21514, @mobaniha)

[Evaluation] Add proxy URL support for make_judge (#21185, @yukimori)

[UI] Improve run group filter to use grouping criteria instead of run IDs (#21072, @daniellok-db)

[UI] Add tool selector to Tool Calls charts and fix dark mode/sizing (#20865, @B-Step62)

[UI] Graph View Traces + OpenAI (#20607, @joelrobin18)

[UI] Show run description in chart tooltip (#21580, @KaushalVachhani)

[Evaluation / Tracing / UI] Add bulk judge execution from traces table toolbar with status feedback (#21270, @PattaraS)

... (truncated)

Commits

09179c6 Bump version to 3.11.1 (#22400)
38d75c2 Fix DatabricksProvider to use OpenAI-compatible endpoint URLs (#22393)
0734e56 fix
46a2d4d fix
7a6b01b format
8b71fa7 Fix _lookup_model_info all-provider scan causing network latency (#22369)
deaffc1 Update model catalog CI workflow to use update_model_catalog.py (#22261)
1b87ff3 Add aiohttp as a core dependency of mlflow (#22189)
7f08e88 Normalize get_provider_name() to align with `model_prices_and_context_windo...
bd3114b Move LLM calling utilities to mlflow/genai/utils/llm_utils.py (#22234)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 2 updates in the / directory: [prefect](https://github.com/PrefectHQ/prefect) and [mlflow](https://github.com/mlflow/mlflow). Updates `prefect` from 3.4.14 to 3.6.28.dev2 - [Release notes](https://github.com/PrefectHQ/prefect/releases) - [Commits](PrefectHQ/prefect@3.4.14...3.6.28.dev2) Updates `mlflow` from 3.11.0rc1 to 3.11.1 - [Release notes](https://github.com/mlflow/mlflow/releases) - [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md) - [Commits](mlflow/mlflow@v3.11.0rc1...v3.11.1) --- updated-dependencies: - dependency-name: prefect dependency-version: 3.6.28.dev2 dependency-type: direct:production dependency-group: pip - dependency-name: mlflow dependency-version: 3.11.1 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 24, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the pip group across 1 directory with 2 updates#4

Bump the pip group across 1 directory with 2 updates#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pip-364b491fb4

dependabot Bot commented on behalf of github May 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 24, 2026

3.6.28.dev2: Nightly Development Release

What's Changed

Bug Fixes 🐞

Development & Tidiness 🧹

Documentation 📓

Uncategorized

3.6.28.dev1: Nightly Development Release

What's Changed

Bug Fixes 🐞

Uncategorized

3.6.27 - When I cancel, you cancel

v3.11.1

3.11.1 (2026-04-07)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants