security(deps): bump the training-dependencies group in /training/rl with 7 updates

[dependabot]

Bumps the training-dependencies group in /training/rl with 7 updates:

Package	From	To
marshmallow	4.2.3	4.3.0
mlflow	3.10.1	3.11.1
azure-monitor-opentelemetry-exporter	1.0.0b50	1.0.0b51
cuda-pathfinder	1.5.1	1.5.2
mlflow-skinny	3.10.1	3.11.1
mlflow-tracing	3.10.1	3.11.1
uvicorn	0.43.0	0.44.0

Updates marshmallow from 4.2.3 to 4.3.0

Changelog

Sourced from marshmallow's changelog.

4.3.0 (2026-04-03)

Features:

• Add pre_load and post_load parameters to marshmallow.fields.Field for field-level pre- and post-processing (:issue:2787).
• Typing: improvements to marshmallow.validate (:pr:2940).

4.2.4 (2026-04-02)

Bug fixes:

• marshmallow.validate.URL and marshmallow.validate.Email accept Internationalized Domain Names (IDNs) (:issue:2821, :issue:2936). marshmallow.validate.Email also correctly rejects IDN domains with leading/trailing hyphens. Thanks :user:touhidurrr for the report.
• Typing: Fix typing of nested in marshmallow.fields.Nested (:pr:2935).

Commits

• b596fdb Bump version and update changelog
• 256f0aa Add pre/post_load parameters to Field (#2799)
• c847ad4 Typing improvements to marshmallow.validate (#2940)
• eb86322 Remove redundant docs job (#2939)
• a44ad62 Avoid infinite recursion in nesting docs (#2938)
• 3360e34 Bump version and update changelog
• 7b9ce45 Fix changelog typos and update releasing docs
• f07eadc Fix validate.Email to accept IDNs (#2937)
• 4acb783 Fix Unreachable Warning (#2935)
• 3492fae Remove redundant python-version (#2932)
• Additional commits viewable in compare view

Updates mlflow from 3.10.1 to 3.11.1

Release notes

Sourced from mlflow's releases.

v3.11.0rc1

Stripped third-party dependencies from evaluation and AI Gateway features, replacing external provider routing with built-in implementations.

v3.11.0rc0

We're excited to announce MLflow 3.11.0rc0, which includes several notable updates:

Major New Features:

• 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
• 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
• 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. (#20607, @​joelrobin18)
• 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. (#21494, #21495, @​B-Step62)
• 🔧 Opencode Tracing Integration: Debug smarter with Opencode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. (#20133, @​joelrobin18)
• ⚡ UV Package Manager Support: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. (#20344, #20935, @​debu-sinha)
• 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

• ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing → @mlflow/core, mlflow-openai → @mlflow/openai, mlflow-anthropic → @mlflow/anthropic, mlflow-gemini → @mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)

Stay tuned for the full release, which will be packed with even more features and bugfixes.

To try out this release candidate, please run:

pip install mlflow==3.11.0rc0

Changelog

Sourced from mlflow's changelog.

CHANGELOG

3.11.0 (2026-04-07)

MLflow 3.11.0 includes several major features and improvements.

Major New Features:

• 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. Docs (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
• 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. Docs (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
• 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. Docs (#20607, @​joelrobin18)
• 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. Docs (#21494, #21495, @​B-Step62)
• 🔧 OpenCode Tracing Integration: Debug smarter with OpenCode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. Docs (#20133, @​joelrobin18)
• ⚡ Native UV Support for Model Dependencies: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. Docs (#20344, #20935, @​debu-sinha)
• 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. Docs (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

• ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing → @mlflow/core, mlflow-openai → @mlflow/openai, mlflow-anthropic → @mlflow/anthropic, mlflow-gemini → @mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)
• Remove MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable (#22182, @​PattaraS)
• Remove litellm and gepa from genai extras (#22059, @​TomeHirata)
• Block / and : in Registered Model names (#21458, @​Bhuvan-08)

Features:

• [Tracking] Update Databricks API calls to use new gRPC APIs instead of py4j APIs (#22205, @​WeichenXu123)
• [Evaluation] Extend _get_provider_instance with groq, deepseek, xai, openrouter, ollama, databricks, vertex_ai (#22148, @​kriscon-db)
• [UI] Move native providers to non-LiteLLM in gateway UI (#22203, @​TomeHirata)
• [Tracing / Tracking] Add trace_location parameter to create_experiment (#22075, @​dbrx-euirim)
• [Gateway] Complete Bedrock provider with Converse API support (#21999, @​TomeHirata)
• [Gateway] Add native Vertex AI gateway provider (#21998, @​TomeHirata)
• [Gateway] Add native Databricks gateway provider (#21997, @​TomeHirata)
• [Gateway] Add native Ollama gateway provider (#21995, @​TomeHirata)
• [Gateway] Add native xAI (Grok) gateway provider (#21993, @​TomeHirata)
• [Tracing] Use bulk upsert in log_spans() to eliminate per-span ORM overhead (#21954, @​harupy)
• [Tracing] Add builtin cost_per_token to remove litellm dependency for cost tracking (#22046, @​TomeHirata)
• [Evaluation] Remove LiteLLM hard dependency from the discovery pipeline and judge adapters (#21739, @​harupy)
• [Evaluation] Add pipelined predict-score execution for mlflow.genai.evaluate (#20940, @​alkispoly-db)
• [Tracing / Tracking] Default trace location table_prefix to experiment ID in set_experiment (#21815, @​danielseong1)
• [Tracking] Add default uvicorn log config with timestamps (#21838, @​harupy)
• [Tracing / UI] Add Session ID filter to GenAI traces table filter dropdown (#21794, @​daniellok-db)
• [Evaluation / UI] Add Default Credential Chain auth mode for Bedrock/SageMaker in AI Gateway (#21061, @​timsolovev)
• [UI] Add multi metric bar chart support (#21258, @​RenzoMXD)
• [Tracking] Add TCP keepalive to HTTP sessions to detect stale connections and reduce timeout hangs (#21514, @​mobaniha)
• [Evaluation] Add proxy URL support for make_judge (#21185, @​yukimori)
• [UI] Improve run group filter to use grouping criteria instead of run IDs (#21072, @​daniellok-db)
• [UI] Add tool selector to Tool Calls charts and fix dark mode/sizing (#20865, @​B-Step62)
• [UI] Graph View Traces + OpenAI (#20607, @​joelrobin18)
• [UI] Show run description in chart tooltip (#21580, @​KaushalVachhani)
• [Evaluation / Tracing / UI] Add bulk judge execution from traces table toolbar with status feedback (#21270, @​PattaraS)

... (truncated)

Commits

• See full diff in compare view

Updates azure-monitor-opentelemetry-exporter from 1.0.0b50 to 1.0.0b51

Release notes

Sourced from azure-monitor-opentelemetry-exporter's releases.

azure-monitor-opentelemetry-exporter_1.0.0b51

1.0.0b51 (2026-04-07)

Bugs Fixed

• Added credential authentication support for customer sdkstats (#46143)

Commits

• fc2b705 Exporter release 1.0.0b51 (#46155)
• 83a443d Added credential authentication support for customer sdkstats (#46143)
• ce4549d Increment package version after release of azure-monitor-opentelemetry-export...
• See full diff in compare view

Updates cuda-pathfinder from 1.5.1 to 1.5.2

Release notes

Sourced from cuda-pathfinder's releases.

cuda-pathfinder v1.5.2

Release notes

• https://nvidia.github.io/cuda-python/cuda-pathfinder/latest/release/1.5.2-notes.html

Documentation

• https://nvidia.github.io/cuda-python/cuda-pathfinder/1.5.2/

PyPI

• https://pypi.org/project/cuda-pathfinder/1.5.2/

Conda

• https://anaconda.org/conda-forge/cuda-pathfinder/files?version=1.5.2
• conda install conda-forge::cuda-pathfinder=1.5.2

Commits

• 1696fcf docs(pathfinder): prepare 1.5.2 release notes (#1867)
• b57a674 Update context7.json (#1864)
• ac34454 [FEA]: Add support for pathfinder.find_nvidia_header_directory("profiler") ...
• 5ae423f [FEA]: Add pathfinder cudla support (.so, .h) (#1855)
• c6aea12 Publish the graph API as cuda.core.graph (#1858)
• c2f79a1 Graph node follow-ups: repr, containment, empty(), registry docs (#1859)
• 5064470 Add GraphNode identity cache for stable object round-trips (#1853)
• 5777275 Add edge mutation and MutableSet interface for graph nodes (#1850)
• See full diff in compare view

Updates mlflow-skinny from 3.10.1 to 3.11.1

Release notes

Sourced from mlflow-skinny's releases.

v3.11.0rc1

Stripped third-party dependencies from evaluation and AI Gateway features, replacing external provider routing with built-in implementations.

v3.11.0rc0

We're excited to announce MLflow 3.11.0rc0, which includes several notable updates:

Major New Features:

• 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
• 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
• 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. (#20607, @​joelrobin18)
• 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. (#21494, #21495, @​B-Step62)
• 🔧 Opencode Tracing Integration: Debug smarter with Opencode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. (#20133, @​joelrobin18)
• ⚡ UV Package Manager Support: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. (#20344, #20935, @​debu-sinha)
• 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

• ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing → @mlflow/core, mlflow-openai → @mlflow/openai, mlflow-anthropic → @mlflow/anthropic, mlflow-gemini → @mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)

Stay tuned for the full release, which will be packed with even more features and bugfixes.

To try out this release candidate, please run:

pip install mlflow==3.11.0rc0

Changelog

Sourced from mlflow-skinny's changelog.

CHANGELOG

3.11.0 (2026-04-07)

MLflow 3.11.0 includes several major features and improvements.

Major New Features:

• 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. Docs (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
• 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. Docs (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
• 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. Docs (#20607, @​joelrobin18)
• 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. Docs (#21494, #21495, @​B-Step62)
• 🔧 OpenCode Tracing Integration: Debug smarter with OpenCode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. Docs (#20133, @​joelrobin18)
• ⚡ Native UV Support for Model Dependencies: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. Docs (#20344, #20935, @​debu-sinha)
• 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. Docs (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

• ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing → @mlflow/core, mlflow-openai → @mlflow/openai, mlflow-anthropic → @mlflow/anthropic, mlflow-gemini → @mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)
• Remove MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable (#22182, @​PattaraS)
• Remove litellm and gepa from genai extras (#22059, @​TomeHirata)
• Block / and : in Registered Model names (#21458, @​Bhuvan-08)

Features:

• [Tracking] Update Databricks API calls to use new gRPC APIs instead of py4j APIs (#22205, @​WeichenXu123)
• [Evaluation] Extend _get_provider_instance with groq, deepseek, xai, openrouter, ollama, databricks, vertex_ai (#22148, @​kriscon-db)
• [UI] Move native providers to non-LiteLLM in gateway UI (#22203, @​TomeHirata)
• [Tracing / Tracking] Add trace_location parameter to create_experiment (#22075, @​dbrx-euirim)
• [Gateway] Complete Bedrock provider with Converse API support (#21999, @​TomeHirata)
• [Gateway] Add native Vertex AI gateway provider (#21998, @​TomeHirata)
• [Gateway] Add native Databricks gateway provider (#21997, @​TomeHirata)
• [Gateway] Add native Ollama gateway provider (#21995, @​TomeHirata)
• [Gateway] Add native xAI (Grok) gateway provider (#21993, @​TomeHirata)
• [Tracing] Use bulk upsert in log_spans() to eliminate per-span ORM overhead (#21954, @​harupy)
• [Tracing] Add builtin cost_per_token to remove litellm dependency for cost tracking (#22046, @​TomeHirata)
• [Evaluation] Remove LiteLLM hard dependency from the discovery pipeline and judge adapters (#21739, @​harupy)
• [Evaluation] Add pipelined predict-score execution for mlflow.genai.evaluate (#20940, @​alkispoly-db)
• [Tracing / Tracking] Default trace location table_prefix to experiment ID in set_experiment (#21815, @​danielseong1)
• [Tracking] Add default uvicorn log config with timestamps (#21838, @​harupy)
• [Tracing / UI] Add Session ID filter to GenAI traces table filter dropdown (#21794, @​daniellok-db)
• [Evaluation / UI] Add Default Credential Chain auth mode for Bedrock/SageMaker in AI Gateway (#21061, @​timsolovev)
• [UI] Add multi metric bar chart support (#21258, @​RenzoMXD)
• [Tracking] Add TCP keepalive to HTTP sessions to detect stale connections and reduce timeout hangs (#21514, @​mobaniha)
• [Evaluation] Add proxy URL support for make_judge (#21185, @​yukimori)
• [UI] Improve run group filter to use grouping criteria instead of run IDs (#21072, @​daniellok-db)
• [UI] Add tool selector to Tool Calls charts and fix dark mode/sizing (#20865, @​B-Step62)
• [UI] Graph View Traces + OpenAI (#20607, @​joelrobin18)
• [UI] Show run description in chart tooltip (#21580, @​KaushalVachhani)
• [Evaluation / Tracing / UI] Add bulk judge execution from traces table toolbar with status feedback (#21270, @​PattaraS)

... (truncated)

Commits

• See full diff in compare view

Updates mlflow-tracing from 3.10.1 to 3.11.1

Release notes

Sourced from mlflow-tracing's releases.

v3.11.0rc1

Stripped third-party dependencies from evaluation and AI Gateway features, replacing external provider routing with built-in implementations.

v3.11.0rc0

We're excited to announce MLflow 3.11.0rc0, which includes several notable updates:

Major New Features:

• 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
• 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
• 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. (#20607, @​joelrobin18)
• 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. (#21494, #21495, @​B-Step62)
• 🔧 Opencode Tracing Integration: Debug smarter with Opencode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. (#20133, @​joelrobin18)
• ⚡ UV Package Manager Support: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. (#20344, #20935, @​debu-sinha)
• 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

• ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing → @mlflow/core, mlflow-openai → @mlflow/openai, mlflow-anthropic → @mlflow/anthropic, mlflow-gemini → @mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)

Stay tuned for the full release, which will be packed with even more features and bugfixes.

To try out this release candidate, please run:

pip install mlflow==3.11.0rc0

Changelog

Sourced from mlflow-tracing's changelog.

CHANGELOG

3.11.0 (2026-04-07)

MLflow 3.11.0 includes several major features and improvements.

Major New Features:

• 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. Docs (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
• 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. Docs (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
• 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. Docs (#20607, @​joelrobin18)
• 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. Docs (#21494, #21495, @​B-Step62)
• 🔧 OpenCode Tracing Integration: Debug smarter with OpenCode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. Docs (#20133, @​joelrobin18)
• ⚡ Native UV Support for Model Dependencies: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. Docs (#20344, #20935, @​debu-sinha)
• 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. Docs (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

• ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing → @mlflow/core, mlflow-openai → @mlflow/openai, mlflow-anthropic → @mlflow/anthropic, mlflow-gemini → @mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)
• Remove MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable (#22182, @​PattaraS)
• Remove litellm and gepa from genai extras (#22059, @​TomeHirata)
• Block / and : in Registered Model names (#21458, @​Bhuvan-08)

Features:

• [Tracking] Update Databricks API calls to use new gRPC APIs instead of py4j APIs (#22205, @​WeichenXu123)
• [Evaluation] Extend _get_provider_instance with groq, deepseek, xai, openrouter, ollama, databricks, vertex_ai (#22148, @​kriscon-db)
• [UI] Move native providers to non-LiteLLM in gateway UI (#22203, @​TomeHirata)
• [Tracing / Tracking] Add trace_location parameter to create_experiment (#22075, @​dbrx-euirim)
• [Gateway] Complete Bedrock provider with Converse API support (#21999, @​TomeHirata)
• [Gateway] Add native Vertex AI gateway provider (#21998, @​TomeHirata)
• [Gateway] Add native Databricks gateway provider (#21997, @​TomeHirata)
• [Gateway] Add native Ollama gateway provider (#21995, @​TomeHirata)
• [Gateway] Add native xAI (Grok) gateway provider (#21993, @​TomeHirata)
• [Tracing] Use bulk upsert in log_spans() to eliminate per-span ORM overhead (#21954, @​harupy)
• [Tracing] Add builtin cost_per_token to remove litellm dependency for cost tracking (#22046, @​TomeHirata)
• [Evaluation] Remove LiteLLM hard dependency from the discovery pipeline and judge adapters (#21739, @​harupy)
• [Evaluation] Add pipelined predict-score execution for mlflow.genai.evaluate (#20940, @​alkispoly-db)
• [Tracing / Tracking] Default trace location table_prefix to experiment ID in set_experiment (#21815, @​danielseong1)
• [Tracking] Add default uvicorn log config with timestamps (#21838, @​harupy)
• [Tracing / UI] Add Session ID filter to GenAI traces table filter dropdown (#21794, @​daniellok-db)
• [Evaluation / UI] Add Default Credential Chain auth mode for Bedrock/SageMaker in AI Gateway (#21061, @​timsolovev)
• [UI] Add multi metric bar chart support (#21258, @​RenzoMXD)
• [Tracking] Add TCP keepalive to HTTP sessions to detect stale connections and reduce timeout han...

  Description has been truncated

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 7 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 7b5d76f.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

training/rl/pyproject.toml

Package	Version	License	Issue Type
marshmallow	4.3.0	Null	Unknown License
mlflow	3.11.1	Null	Unknown License

training/rl/requirements.txt

Package	Version	License	Issue Type
cuda-pathfinder	1.5.2	Null	Unknown License
mlflow	3.11.1	Null	Unknown License
mlflow-skinny	3.11.1	Null	Unknown License
mlflow-tracing	3.11.1	Null	Unknown License
uvicorn	0.44.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/marshmallow	4.3.0	Unknown	Unknown
pip/mlflow	3.11.1	Unknown	Unknown
pip/azure-monitor-opentelemetry-exporter	1.0.0b51	🟢 6.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices 🟢 5 badge detected: Passing Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 8 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed
pip/cuda-pathfinder	1.5.2	Unknown	Unknown
pip/mlflow	3.11.1	Unknown	Unknown
pip/mlflow-skinny	3.11.1	Unknown	Unknown
pip/mlflow-tracing	3.11.1	Unknown	Unknown
pip/uvicorn	0.44.0	Unknown	Unknown

Scanned Files

• training/rl/pyproject.toml
• training/rl/requirements.txt

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 50.48%. Comparing base (0c29148) to head (7b5d76f).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #408   +/-   ##
=======================================
  Coverage   50.48%   50.48%           
=======================================
  Files         267      267           
  Lines       18188    18188           
  Branches     1903     1903           
=======================================
  Hits         9182     9182           
  Misses       8716     8716           
  Partials      290      290           

Flag	Coverage Δ		*Carryforward flag
pester	81.21% <ø> (ø)
pytest	6.89% <ø> (ø)		Carriedforward from 0c29148
pytest-dataviewer	61.97% <ø> (ø)
vitest	50.72% <ø> (ø)

*This pull request uses carry forward flags. Click here to find out more.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.