Bump mlflow from 2.2.2 to 2.3.2

[dependabot[bot]]

Bumps mlflow from 2.2.2 to 2.3.2.

Release notes

Sourced from mlflow's releases.

MLflow 2.3.2 is a patch release containing the following features, bug fixes and changes:

Features:

• [Models] Add GPU support for transformers models pyfunc inference and serving (#8375, @​ankit-db)
• [Models] Disable autologging functionality for non-relevant models when training a transformers model (#8405, @​BenWilson2)
• [Models] Add support for preserving and overriding torch_dtype values in transformers pipelines (#8421, @​BenWilson2)
• [Models] Add support for Feature Extraction pipelines in the transformers flavor (#8423, @​BenWilson2)
• [Tracking] Add basic HTTP auth support for users, registered models, and experiments permissions (#8286, @​gabrielfu)

Bug Fixes:

• [Models] Fix inferred schema issue with Text2TextGeneration pipelines in the transformers flavor (#8391, @​BenWilson2)
• [Models] Change MLflow dependency pinning in logged models from a range value to an exact major and minor version (#8422, @​harupy)

Documentation updates:

• [Examples] Add signature logging to all examples and documentation (#8410, #8401, #8400, #8387 @​jerrylian-db)
• [Examples] Add sentence-transformers examples to the transformers examples suite (#8425, @​BenWilson2)
• [Docs] Add a new MLflow Quickstart documentation page (#8171, @​lobrien)
• [Docs] Add a new introduction to MLflow page (#8365, @​lobrien)
• [Docs] Add a community model pluging example and documentation for trubrics (#8371, @​jeffkayne)
• [Docs] Add gluon pyfunc example to Model flavor documentation (#8403, @​ericvincent18)
• [Docs] Add statsmodels pyfunc example to Models flavor documentation (#8394, @​ericvincent18)

MLflow 2.3.1 is a patch release containing bug fixes and a security patch for https://github.com/mlflow/mlflow/security/advisories/GHSA-83fm-w79m-64r5. If you are using mlflow server or mlflow ui, we recommend upgrading to MLflow 2.3.1 as soon as possible.

Security patches:

• [Security] Fix critical LFI attack vulnerability by disabling the ability to provide relative paths in registered model sources (#8281, @​BenWilson2)

Bug fixes:

• [Tracking] Fix an issue causing file and model uploads to hang on Databricks (#8348, @​harupy)
• [Tracking / Model Registry] Fix an issue causing file and model downloads to hang on Databricks (#8350, @​dbczumar)
• [Scoring] Fix regression in schema enforcement for model serving when using the inputs format for inference (#8326, @​BenWilson2)
• [Model Registry] Fix regression in model naming parsing where special characters were not accepted in model names (#8322, @​arpitjasa-db)
• [Recipes] Fix card rendering with the pandas profiler to handle columns containing all null values (#8263, @​sunishsheth2009)

MLflow 2.3.0 includes several major features and improvements

Features:

• [Models] Introduce a new transformers named flavor (#8236, #8181, #8086, @​BenWilson2)
• [Models] Introduce a new openai named flavor (#8191, #8155, @​harupy)
• [Models] Introduce a new langchain named flavor (#8251, #8197, @​liangz1, @​sunishsheth2009)
• [Models] Add support for Pytorch and Lightning 2.0 (#8072, @​shrinath-suresh)
• [Tracking] Add support for logging LLM input, output, and prompt artifacts (#8234, #8204, @​sunishsheth2009)
• [Tracking] Add support for HTTP Basic Auth in the MLflow tracking server (#8130, @​gabrielfu)
• [Tracking] Add support for search_model_versions to high-level fluent API (#8223, @​mariusschlegel)

... (truncated)

Changelog

Sourced from mlflow's changelog.

2.3.2 (2023-05-12)

MLflow 2.3.2 is a patch release containing the following features, bug fixes and changes:

Features:

• [Models] Add GPU support for transformers models pyfunc inference and serving (#8375, @​ankit-db)
• [Models] Disable autologging functionality for non-relevant models when training a transformers model (#8405, @​BenWilson2)
• [Models] Add support for preserving and overriding torch_dtype values in transformers pipelines (#8421, @​BenWilson2)
• [Models] Add support for Feature Extraction pipelines in the transformers flavor (#8423, @​BenWilson2)
• [Tracking] Add basic HTTP auth support for users, registered models, and experiments permissions (#8286, @​gabrielfu)

Bug Fixes:

• [Models] Fix inferred schema issue with Text2TextGeneration pipelines in the transformers flavor (#8391, @​BenWilson2)
• [Models] Change MLflow dependency pinning in logged models from a range value to an exact major and minor version (#8422, @​harupy)

Documentation updates:

• [Examples] Add signature logging to all examples and documentation (#8410, #8401, #8400, #8387 @​jerrylian-db)
• [Examples] Add sentence-transformers examples to the transformers examples suite (#8425, @​BenWilson2)
• [Docs] Add a new MLflow Quickstart documentation page (#8171, @​lobrien)
• [Docs] Add a new introduction to MLflow page (#8365, @​lobrien)
• [Docs] Add a community model plugin example and documentation for trubrics (#8371, @​jeffkayne)
• [Docs] Add gluon pyfunc example to Model flavor documentation (#8403, @​ericvincent18)
• [Docs] Add statsmodels pyfunc example to Models flavor documentation (#8394, @​ericvincent18)

Small bug fixes and documentation updates:

#8415, #8412, #8411, #8355, #8354, #8353, #8348, @​harupy; #8374, #8367, #8350, @​dbczumar; #8358 @​mrkaye97; #8392, #8362, @​smurching; #8427, #8408, #8399, #8381, @​BenWilson2; #8395, #8390, @​jerrylian-db; #8402, #8398, @​WeichenXu123; #8377, #8363, @​arpitjasa-db; #8385, @​prithvikannan; #8418, @​Jeukoh;

2.3.1 (2023-04-27)

MLflow 2.3.1 is a patch release containing the following bug fixes and changes:

Bug fixes:

• [Security] Fix critical LFI attack vulnerability by disabling the ability to provide relative paths in registered model sources (#8281, @​BenWilson2)
  • If you are using mlflow server or mlflow ui, we recommend upgrading to MLflow 2.3.1 as soon as possible. For more details, see https://github.com/mlflow/mlflow/security/advisories/GHSA-xg73-94fp-g449.
• [Tracking] Fix an issue causing file and model uploads to hang on Databricks (#8348, @​harupy)
• [Tracking / Model Registry] Fix an issue causing file and model downloads to hang on Databricks (#8350, @​dbczumar)
• [Scoring] Fix regression in schema enforcement for model serving when using the inputs format for inference (#8326, @​BenWilson2)
• [Model Registry] Fix regression in model naming parsing where special characters were not accepted in model names (#8322, @​arpitjasa-db)
• [Recipes] Fix card rendering with the pandas profiler to handle columns containing all null values (#8263, @​sunishsheth2009)

Documentation updates:

• [Docs] Add an H2O pyfunc usage example to the models documentation (#8292, @​ericvincent18)
• [Examples] Add a TensorFlow Core 2.x API usage example (#8235, @​dheerajnbhat)

... (truncated)

Commits

• f6678e4 Merge branch 'master' into branch-2.3
• 6534763 docs fixes (#8427)
• ba17e5a Add sentence transformers example (#8425)
• a0203a1 Add support for feature extraction pipelines to transformers (#8423)
• 97bda52 Add support for setting torch_dtype in transformers pipelines (#8421)
• 79598e7 fix default worker in cli 'model serve' for docs (#8418)
• f701bbc Pin mlflow version (#8422)
• 556ec01 What is mlflow? (#8365)
• 1485adc Change Python lists to numpy arrays and add model signatures in documentation...
• 4da5c6f Remove flaky assert in tests/store/artifact/test_databricks_artifact_repo.py ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #258.