Build(deps): Bump the uv group across 1 directory with 2 updates

[dependabot]

Bumps the uv group with 2 updates in the /pipelines/matrix directory: mlflow and torch.

Updates mlflow from 2.20.3 to 3.5.0

Release notes

Sourced from mlflow's releases.

v3.5.0

MLflow 3.5.0 includes several major features and improvements!

Major Features

• 🤖 Tracing support for Claude Code SDK: MLflow now provides a tracing integration for both the Claude Code CLI and SDK! Configure the autologging integration to track your prompts, Claude's responses, tool calls, and more. Check out this doc page to get started. (#18022, @​smoorjani)
• 🎯 Flexible Prompt Optimization API: Introduced a new flexible API for prompt optimization with support for model switching and the GEPA algorithm, enabling more efficient prompt tuning with fewer rollouts. See the documentation to get started. (#18183, #18031, @​TomeHirata)
• 🎨 Enhanced UI Onboarding: Improved in-product onboarding experience with trace quickstart drawer and updated homepage guidance to help users discover MLflow's latest features. (#18098, #18187, @​B-Step62)
• 🔐 Security Middleware for Tracking Server: Added a security middleware layer to protect against DNS rebinding, CORS attacks, and other security threats. Read the documentation for configuration details. (#17910, @​BenWilson2)

Features

• [Tracing / Tracking] Add unlink_traces_from_run batch operation (#18316, @​harupy)
• [Tracing] Add batch trace link/unlink operations to DatabricksTracingRestStore (#18295, @​harupy)
• [Tracking] Claude Code SDK autologging support (#18022, @​smoorjani)
• [Tracing] Add support for reading trace configuration from environment variables (#17792, @​joelrobin18)
• [Tracking] Mistral tracing improvements (#16370, @​joelrobin18)
• [Tracking] Gemini token count tracking (#16248, @​joelrobin18)
• [Tracking] Gemini streaming support (#16249, @​joelrobin18)
• [Tracking] CrewAI token count tracking with documentation updates (#16373, @​joelrobin18)
• [Evaluation] Allow passing empty scorer list for manual result comparison (#18265, @​B-Step62)
• [Evaluation] Log assessments to DSPy evaluation traces (#18136, @​B-Step62)
• [Evaluation] Add support for trace inputs to built-in scorers (#17943, @​BenWilson2)
• [Evaluation] Add synonym handling for built-in scorers (#17980, @​BenWilson2)
• [Evaluation] Add span timing tool for Agent Judges (#17948, @​BenWilson2)
• [Evaluation] Allow disabling evaluation sample check (#18032, @​B-Step62)
• [Evaluation] Reduce verbosity of SIMBA optimizer logs when aligning judges (#17795, @​BenWilson2)
• [Evaluation] Add __repr__ method for Judges (#17794, @​BenWilson2)
• [Prompts] Add prompt registry support to MLflow webhooks (#17640, @​harupy)
• [Prompts] Prompt Registry Chat UI (#17334, @​joelrobin18)
• [UI] Delete parent and child runs together (#18052, @​joelrobin18)
• [UI] Added move to top, move to bottom for charts (#17742, @​joelrobin18)
• [Tracking] Use sampling data for run comparison to improve performance (#17645, @​lkuo)
• [Tracking] Add optional 'outputs' column for evaluation dataset records (#17735, @​WeichenXu123)
• [Tracking] Job backend execution (#17676, #18012, #18070, #18071, #18112, #18049, @​WeichenXu123)

Bug Fixes

• [Tracing] Fix parent run resolution mechanism for LangChain (#17273, @​B-Step62)
• [Tracing] Add client-side retry for get_trace to improve reliability (#18224, @​B-Step62)
• [Tracing] Fix OpenTelemetry dual export (#18163, @​B-Step62)
• [Tracing] Suppress false warnings from span logging (#18092, #18276, @​B-Step62)
• [Tracing] Fix OpenTelemetry resource attributes not propagating correctly (#18019, @​xiaosha007)
• [Tracing] Fix DSPy prompt display (#17988, @​B-Step62)
• [Tracing] Fix usage aggregation to avoid ancestor duplication (#17921, @​TomeHirata)
• [Tracing] Fix double counting in Strands tracing (#17855, @​joelrobin18)
• [Tracing] Fix to_predict_fn to handle traces without tags field (#17784, @​harupy)
• [Tracing] URL-encode trace tag keys in delete_trace_tag to prevent 404 errors (#18232, @​copilot-swe-agent)
• [Tracking] Fix Claude Code autologging inputs not displaying (#17858, @​smoorjani)
• [Tracking] Fix runs with 0-valued metrics not appearing in experiment list contour plots (#17916, @​WeichenXu123)

... (truncated)

Changelog

Sourced from mlflow's changelog.

3.5.0 (2025-10-16)

MLflow 3.5.0 includes several major features and improvements!

Major Features

• ⚙️ Job Execution Backend: Introduced a new job execution backend infrastructure for running asynchronous tasks with individual execution pools, job search capabilities, and transient error handling. (#17676, #18012, #18070, #18071, #18112, #18049, @​WeichenXu123)
• 🎯 Flexible Prompt Optimization API: Introduced a new flexible API for prompt optimization with support for model switching and the GEPA algorithm, enabling more efficient prompt tuning with fewer rollouts. See the documentation to get started. (#18183, #18031, @​TomeHirata)
• 🎨 Enhanced UI Onboarding: Improved in-product onboarding experience with trace quickstart drawer and updated homepage guidance to help users discover MLflow's latest features. (#18098, #18187, @​B-Step62)
• 🔐 Security Middleware for Tracking Server: Added a security middleware layer to protect against DNS rebinding, CORS attacks, and other security threats. Read the documentation for configuration details. (#17910, @​BenWilson2)

Features

• [Tracing / Tracking] Add unlink_traces_from_run batch operation (#18316, @​harupy)
• [Tracing] Add batch trace link/unlink operations to DatabricksTracingRestStore (#18295, @​harupy)
• [Tracking] Claude Code SDK autologging support (#18022, @​smoorjani)
• [Tracing] Add support for reading trace configuration from environment variables (#17792, @​joelrobin18)
• [Tracking] Mistral tracing improvements (#16370, @​joelrobin18)
• [Tracking] Gemini token count tracking (#16248, @​joelrobin18)
• [Tracking] Gemini streaming support (#16249, @​joelrobin18)
• [Tracking] CrewAI token count tracking with documentation updates (#16373, @​joelrobin18)
• [Evaluation] Allow passing empty scorer list for manual result comparison (#18265, @​B-Step62)
• [Evaluation] Log assessments to DSPy evaluation traces (#18136, @​B-Step62)
• [Evaluation] Add support for trace inputs to built-in scorers (#17943, @​BenWilson2)
• [Evaluation] Add synonym handling for built-in scorers (#17980, @​BenWilson2)
• [Evaluation] Add span timing tool for Agent Judges (#17948, @​BenWilson2)
• [Evaluation] Allow disabling evaluation sample check (#18032, @​B-Step62)
• [Evaluation] Reduce verbosity of SIMBA optimizer logs when aligning judges (#17795, @​BenWilson2)
• [Evaluation] Add __repr__ method for Judges (#17794, @​BenWilson2)
• [Prompts] Add prompt registry support to MLflow webhooks (#17640, @​harupy)
• [Prompts] Prompt Registry Chat UI (#17334, @​joelrobin18)
• [UI] Delete parent and child runs together (#18052, @​joelrobin18)
• [UI] Added move to top, move to bottom for charts (#17742, @​joelrobin18)
• [Tracking] Use sampling data for run comparison to improve performance (#17645, @​lkuo)
• [Tracking] Add optional 'outputs' column for evaluation dataset records (#17735, @​WeichenXu123)

Bug Fixes

• [Tracing] Fix parent run resolution mechanism for LangChain (#17273, @​B-Step62)
• [Tracing] Add client-side retry for get_trace to improve reliability (#18224, @​B-Step62)
• [Tracing] Fix OpenTelemetry dual export (#18163, @​B-Step62)
• [Tracing] Suppress false warnings from span logging (#18092, #18276, @​B-Step62)
• [Tracing] Fix OpenTelemetry resource attributes not propagating correctly (#18019, @​xiaosha007)
• [Tracing] Fix DSPy prompt display (#17988, @​B-Step62)
• [Tracing] Fix usage aggregation to avoid ancestor duplication (#17921, @​TomeHirata)
• [Tracing] Fix double counting in Strands tracing (#17855, @​joelrobin18)
• [Tracing] Fix to_predict_fn to handle traces without tags field (#17784, @​harupy)
• [Tracing] URL-encode trace tag keys in delete_trace_tag to prevent 404 errors (#18232, @​copilot-swe-agent)
• [Tracking] Fix Claude Code autologging inputs not displaying (#17858, @​smoorjani)
• [Tracking] Fix runs with 0-valued metrics not appearing in experiment list contour plots (#17916, @​WeichenXu123)

... (truncated)

Commits

• 77b2695 Run python3 dev/update_mlflow_versions.py pre-release ... (#18355)
• fc2fb36 Revert "Add atomicity to job_start API (#18226)"
• e7b2177 Revert "Fix response handling in log_spans (#18280)" (#18349)
• 5d86ffe Create set_databricks_monitoring_sql_warehouse_id API (#18346)
• 250985f Fetch config after adding first record (#18338)
• ad0aad1 Fix log_metrics slowness for get run (#18241)
• 05a0111 Increase max height of params/metrics boxes (#18306)
• 3e24457 Implement lazy logger initialization in claude_code.tracing (#18339)
• 892bed1 Add github feature requests on the GenAI doc (#18342)
• f605177 Minor comment fix for extract_retrieval_context_from_trace (#18331)
• Additional commits viewable in compare view

Updates torch from 2.7.1 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

• Highlights
• Backwards Incompatible Changes
• Deprecations
• New Features
• Improvements
• Bug fixes
• Performance
• Documentation
• Developers

Highlights

... (truncated)

Commits

• ba56102 Cherrypick: Add the RunLLM widget to the website (#159592)
• c525a02 [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (#15...
• a1cb3cc [Release Only] Remove nvshmem from list of preload libraries (#158925)
• c76b235 Move out super large one off foreach_copy test (#158880)
• 20a0e22 Revert "[Dynamo] Allow inlining into AO quantization modules (#152934)" (#158...
• 9167ac8 [MPS] Switch Cholesky decomp to column wise (#158237)
• 5534685 [MPS] Reimplement tri[ul] as Metal shaders (#158867)
• d19e08d Cherry pick PR 158746 (#158801)
• a6c044a [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...
• 620ebd0 [Dynamo] Use proper sources for constructing dataclass defaults (#158689)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #2094.