Bump mlflow from 1.27.0 to 2.3.1

[dependabot[bot]]

Bumps mlflow from 1.27.0 to 2.3.1.

Release notes

Sourced from mlflow's releases.

MLflow 2.3.1 is a patch release containing bug fixes and a security patch for https://github.com/mlflow/mlflow/security/advisories/GHSA-83fm-w79m-64r5. If you are using mlflow server or mlflow ui, we recommend upgrading to MLflow 2.3.1 as soon as possible.

Security patches:

• [Security] Fix critical LFI attack vulnerability by disabling the ability to provide relative paths in registered model sources (#8281, @​BenWilson2)

Bug fixes:

• [Tracking] Fix an issue causing file and model uploads to hang on Databricks (#8348, @​harupy)
• [Tracking / Model Registry] Fix an issue causing file and model downloads to hang on Databricks (#8350, @​dbczumar)
• [Scoring] Fix regression in schema enforcement for model serving when using the inputs format for inference (#8326, @​BenWilson2)
• [Model Registry] Fix regression in model naming parsing where special characters were not accepted in model names (#8322, @​arpitjasa-db)
• [Recipes] Fix card rendering with the pandas profiler to handle columns containing all null values (#8263, @​sunishsheth2009)

MLflow 2.3.0 includes several major features and improvements

Features:

• [Models] Introduce a new transformers named flavor (#8236, #8181, #8086, @​BenWilson2)
• [Models] Introduce a new openai named flavor (#8191, #8155, @​harupy)
• [Models] Introduce a new langchain named flavor (#8251, #8197, @​liangz1, @​sunishsheth2009)
• [Models] Add support for Pytorch and Lightning 2.0 (#8072, @​shrinath-suresh)
• [Tracking] Add support for logging LLM input, output, and prompt artifacts (#8234, #8204, @​sunishsheth2009)
• [Tracking] Add support for HTTP Basic Auth in the MLflow tracking server (#8130, @​gabrielfu)
• [Tracking] Add support for search_model_versions to high-level fluent API (#8223, @​mariusschlegel)
• [Artifacts] Add support for parallelized artifact downloads (#8116, @​apurva-koti)
• [Artifacts] Add support for parallelized artifact uploads for AWS (#8003, @​harupy)
• [Artifacts] Add content type headers to artifact upload requests for the HttpArtifactRepository (#8048, @​WillEngler)
• [Model Registry] Added alias support to MLflow client (#8164, #8094, #8055 @​arpitjasa-db)
• [UI] Add support for custom domain git providers (#7933, @​gusghrlrl101)
• [Scoring] Add plugin support for customization of MLflow serving endpoints (#7757, @​jmahlik)
• [Scoring] Add support to MLflow serving that allows configuration of multiple inference workers (#8035, @​M4nouel)
• [Sagemaker] Add support for asynchronous inference configuration on Sagemaker (#8009, @​thomasbell1985)
• [Build] Remove shap as a core dependency of MLflow (#8199, @​jmahlik)

Bug fixes:

• [Models] Fix a bug with tensorflow autologging for models with multiple inputs (#8097, @​jaume-ferrarons)
• [Recipes] Fix a bug with Pandas 2.0 updates for profiler rendering of datetime types (#7925, @​sunishsheth2009)
• [Tracking] Prevent exceptions from being raised if a parameter is logged with an existing key whose value is identical to the logged parameter (#8038, @​AdamStelmaszczyk)
• [Tracking] Fix an issue with deleting experiments in the FileStore backend (#8178, @​mariusschlegel)
• [Tracking] Fix a UI bug where the "Source Run" field in the Model Version page points to an incorrect set of artifacts (#8156, @​WeichenXu123)
• [Tracking] Fix a bug wherein renaming a run reverts its current lifecycle status to UNFINISHED (#8154, @​WeichenXu123)
• [Tracking] Fix a bug where a file URI could be used as a model version source (#8126, @​harupy)
• [Projects] Fix an issue with MLflow projects that have submodules contained within a project (#8050, @​kota-iizuka)
• [Examples] Fix lightning hyperparameter tuning examples (#8039, @​BenWilson2)
• [Server-infra] Fix bug with Cache-Control headers for static server files (#8016, @​jmahlik)

Documentation updates:

... (truncated)

Changelog

Sourced from mlflow's changelog.

2.3.1 (2023-04-27)

MLflow 2.3.1 is a patch release containing the following bug fixes and changes:

Bug fixes:

• [Security] Fix critical LFI attack vulnerability by disabling the ability to provide relative paths in registered model sources (#8281, @​BenWilson2)
  • If you are using mlflow server or mlflow ui, we recommend upgrading to MLflow 2.3.1 as soon as possible. For more details, see https://github.com/mlflow/mlflow/security/advisories/GHSA-xg73-94fp-g449.
• [Tracking] Fix an issue causing file and model uploads to hang on Databricks (#8348, @​harupy)
• [Tracking / Model Registry] Fix an issue causing file and model downloads to hang on Databricks (#8350, @​dbczumar)
• [Scoring] Fix regression in schema enforcement for model serving when using the inputs format for inference (#8326, @​BenWilson2)
• [Model Registry] Fix regression in model naming parsing where special characters were not accepted in model names (#8322, @​arpitjasa-db)
• [Recipes] Fix card rendering with the pandas profiler to handle columns containing all null values (#8263, @​sunishsheth2009)

Documentation updates:

• [Docs] Add an H2O pyfunc usage example to the models documentation (#8292, @​ericvincent18)
• [Examples] Add a TensorFlow Core 2.x API usage example (#8235, @​dheerajnbhat)

Small bug fixes and documentation updates:

#8324, #8325, @​smurching; #8313, @​dipanjank; #8323, @​liangz1; #8331, #8328, #8319, #8316, #8308, #8293, #8289, #8283, #8284, #8285, #8282, #8241, #8270, #8272, #8271, #8268, @​harupy; #8312, #8294, #8295, #8279, #8267, @​BenWilson2; #8290, @​jinzhang21; #8257, @​WeichenXu123; #8307, @​arpitjasa-db

2.3.0 (2023-04-18)

MLflow 2.3.0 includes several major features and improvements

Features:

• [Models] Introduce a new transformers named flavor (#8236, #8181, #8086, @​BenWilson2)
• [Models] Introduce a new openai named flavor (#8191, #8155, @​harupy)
• [Models] Introduce a new langchain named flavor (#8251, #8197, @​liangz1, @​sunishsheth2009)
• [Models] Add support for Pytorch and Lightning 2.0 (#8072, @​shrinath-suresh)
• [Tracking] Add support for logging LLM input, output, and prompt artifacts (#8234, #8204, @​sunishsheth2009)
• [Tracking] Add support for HTTP Basic Auth in the MLflow tracking server (#8130, @​gabrielfu)
• [Tracking] Add search_model_versions to the fluent API (#8223, @​mariusschlegel)
• [Artifacts] Add support for parallelized artifact downloads (#8116, @​apurva-koti)
• [Artifacts] Add support for parallelized artifact uploads for AWS (#8003, @​harupy)
• [Artifacts] Add content type headers to artifact upload requests for the HttpArtifactRepository (#8048, @​WillEngler)
• [Model Registry] Add alias support for logged models within Model Registry (#8164, #8094, #8055 @​arpitjasa-db)
• [UI] Add support for custom domain git providers (#7933, @​gusghrlrl101)
• [Scoring] Add plugin support for customization of MLflow serving endpoints (#7757, @​jmahlik)
• [Scoring] Add support to MLflow serving that allows configuration of multiple inference workers (#8035, @​M4nouel)
• [Sagemaker] Add support for asynchronous inference configuration on Sagemaker (#8009, @​thomasbell1985)
• [Build] Remove shap as a core dependency of MLflow (#8199, @​jmahlik)

Bug fixes:

• [Models] Fix a bug with tensorflow autologging for models with multiple inputs (#8097, @​jaume-ferrarons)
• [Recipes] Fix a bug with Pandas 2.0 updates for profiler rendering of datetime types (#7925, @​sunishsheth2009)

... (truncated)

Commits

• 95dc319 Make a short sleep to avoid busy waiting (#8354)
• cb5cc36 Use separate thread pool executors when uploading chunks to avoid deadlock (#...
• 2b50b88 Revert (#8351)
• af38edf Handle slashes in _validate_non_local_source_contains_relative_paths (#8338)
• 9e35947 Remove virtualenv environment if we encounter unexpected error (#8328)
• 2470fd1 Create a new request session in each process (#8331)
• b7d8406 Merge branch 'master' into branch-2.3
• cef03da Fix regression in schema enforcement (#8326)
• ef7b6ed Update parse model URI to prevent breaking old cases while supporting aliases...
• 64270e2 Improve UC model registry client error messages when specifying nonexistent s...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)