Bump mlflow from 1.27.0 to 2.22.2 in /machine-learning/ml-ops-in-a-box

[dependabot]

Bumps mlflow from 1.27.0 to 2.22.2.

Release notes

Sourced from mlflow's releases.

v2.22.2

Lightweight patch release to backport #15970 to v2.22.2.

v2.22.1

MLflow 2.22.1 includes several major features and improvements

Features:

• [Scoring] For DBConnect client, make spark_udf support DBR 15.4 and DBR dedicated cluster (#15938, @​WeichenXu123)

Bug fixes:

• [Model Registry] Log Resources from SystemAuthPolicy in CreateModelVersion (#15485, @​aravind-segu)
• [Tracking] Trace search: Avoid spawning threads for span fetching if include_spans=False (#, @​dbczumar)

Documentation updates:

• [Docs] Spark UDF Doc update (#15586, @​WeichenXu123)

Small bug fixes and documentation updates:

#15523, #15728, @​TomeHirata; #13997, #16025, #15647, #16030, @​harupy; #15786, @​rahuja23; #15703, @​joelrobin18; #15612, @​serena-ruan; #16031, @​daniellok-db; #15841, @​frontsideair; #15807, @​B-Step62

MLflow 2.22.0 brings important bug fixes and improves the UI and tracking capabilities.

Features:

• [Tracking] Supported tracing for OpenAI Responses API (#15240, @​B-Step62)
• [Tracking] Introduced get_last_active_trace_id, which affects model serving/monitoring logic (#15233, @​B-Step62)
• [Tracking] Introduced async export for Databricks traces (default behavior) (#15163, @​B-Step62)
• [AI Gateway] Added Gemini embeddings support with corresponding unit tests (#15017, @​joelrobin18)
• [Tracking / SQLAlchemy] MySQL SSL connections are now supported with client certs (#14839, @​aksylumoed)
• [Models] Added Optuna storage utility for enabling parallel hyperparameter tuning (#15243, @​XiaohanZhangCMU)
• [Artifacts] Added support for Azure Data Lake Storage (ADLS) artifact repositories (#14723, @​serena-ruan)
• [UI] Artifact views for text now auto-refresh in the UI (#14939, @​joelrobin18)

Bug Fixes:

• [Tracking / UI] Fixed serialization for structured output in langchain_tracer + added unit tests (#14971, @​joelrobin18)
• [Server-infra] Enforced password validation for authentication (min. 8 characters) (#15287, @​WeichenXu123)
• [Deployments] Resolved an issue with the OpenAI Gateway adapter (#15286, @​WeichenXu123)
• [Artifacts / Tracking / Server-infra] Normalized paths by stripping trailing slashes (#15016, @​tarek7669)
• [Tags] Fixed bug where tag values containing ": " were being truncated (#14896, @​harupy)

Small bug fixes and documentation updates:

#15396, #15379, #15292, #15305, #15078, #15251, #15267, #15208, #15104, #15045, #15084, #15055, #15056, #15048, #14946, #14956, #14903, #14854, #14830, @​serena-ruan; #15417, #15256, #15186, #15007, @​TomeHirata; #15119, @​bbqiu; #15413, #15314, #15311, #15303, #15301, #15288, #15275, #15269, #15272, #15268, #15262, #15266, #15264, #15261, #15252, #15249, #15244, #15236, #15235, #15237, #15140, #14982, #14898, #14893, #14861, #14870, #14853, #14849, #14813, #14822, @​harupy; #15333, #15298, #15300, #15156, #15019, #14957, @​B-Step62; #15313, #15297, #14880, @​daniellok-db; #15066, #15074, #14913, @​joelrobin18; #15232, @​kbolashev; #15242, @​dbczumar; #15210, #15178, @​WeichenXu123; #15187, #15177, @​hubertzub-db; #15059, #15070, #15050, #15012, #14959, #14918, #15005, #14965, #14858, #14930, #14927, #14786, #14883, #14863, #14852, #14788, @​Gumichocopengin8; #15134, #15129, #15120, #15117, #15002, #14997, #14996, #14998, #14975, #14874, @​mlflow-automation; #14920, #14919, @​jaceklaskowski

MLflow 2.21.3 includes a few bug fixes and feature updates.

... (truncated)

Changelog

Sourced from mlflow's changelog.

CHANGELOG

3.4.0rc0 (2025-09-11)

MLflow 3.4.0rc0 includes several major features and improvements

Major New Features

• 📊 OpenTelemetry Metrics Export: MLflow now exports span-level statistics as OpenTelemetry metrics, providing enhanced observability and monitoring capabilities for traced applications. (#17325, @​dbczumar)
• 🤖 MCP Server Integration: Introducing the Model Context Protocol (MCP) server for MLflow, enabling AI assistants and LLMs to interact with MLflow programmatically. (#17122, @​harupy)
• 🧑‍⚖️ Custom Judges API: New make_judge API enables creation of custom evaluation judges for assessing LLM outputs with domain-specific criteria. (#17647, @​BenWilson2, @​dbczumar, @​alkispoly-db, @​smoorjani)
• 📈 Correlations Backend: Implemented backend infrastructure for storing and computing correlations between experiment metrics using NPMI (Normalized Pointwise Mutual Information). (#17309, #17368, @​BenWilson2)
• 🗂️ Evaluation Datasets: MLflow now supports storing and versioning evaluation datasets directly within experiments for reproducible model assessment. (#17447, @​BenWilson2)
• 🔗 Databricks Backend for MLflow Server: MLflow server can now use Databricks as a backend, enabling seamless integration with Databricks workspaces. (#17411, @​nsthorat)
• 🤖 Claude Autologging: Automatic tracing support for Claude AI interactions, capturing conversations and model responses. (#17305, @​smoorjani)
• 🌊 Strands Agent Tracing: Added comprehensive tracing support for Strands agents, including automatic instrumentation for agent workflows and interactions. (#17151, @​joelrobin18)

Features:

• [Evaluation] Add ability to pass tags via dataframe in mlflow.genai.evaluate (#17549, @​smoorjani)
• [Evaluation] Add custom judge model support for Safety and RetrievalRelevance builtin scorers (#17526, @​dbrx-euirim)
• [Tracing] Add AI commands as MCP prompts for LLM interaction (#17608, @​nsthorat)
• [Tracing] Add MLFLOW_ENABLE_OTLP_EXPORTER environment variable (#17505, @​dbczumar)
• [Tracing] Support OTel and MLflow dual export (#17187, @​dbczumar)
• [Tracing] Make set_destination use ContextVar for thread safety (#17219, @​B-Step62)
• [CLI] Add MLflow commands CLI for exposing prompt commands to LLMs (#17530, @​nsthorat)
• [CLI] Add 'mlflow runs link-traces' command (#17444, @​nsthorat)
• [CLI] Add 'mlflow runs create' command for programmatic run creation (#17417, @​nsthorat)
• [CLI] Add MLflow traces CLI command with comprehensive search and management capabilities (#17302, @​nsthorat)
• [CLI] Add --env-file flag to all MLflow CLI commands (#17509, @​nsthorat)
• [Tracking] Backend for storing scorers in MLflow experiments (#17090, @​WeichenXu123)
• [Model Registry] Allow cross-workspace copying of model versions between WMR and UC (#17458, @​arpitjasa-db)
• [Models] Add automatic Git-based model versioning for GenAI applications (#17076, @​harupy)
• [Models] Improve WheeledModel._download_wheels safety (#17004, @​serena-ruan)
• [Projects] Support resume run for Optuna hyperparameter optimization (#17191, @​lu-wang-dl)
• [Scoring] Add MLFLOW_DEPLOYMENT_CLIENT_HTTP_REQUEST_TIMEOUT environment variable (#17252, @​dbczumar)
• [UI] Add ability to hide/unhide all finished runs in Chart view (#17143, @​joelrobin18)
• [Telemetry] Add MLflow OSS telemetry for invoke_custom_judge_model (#17585, @​dbrx-euirim)

Bug fixes:

• [Evaluation] Implement DSPy LM interface for default Databricks model serving (#17672, @​smoorjani)
• [Evaluation] Fix aggregations incorrectly applied to legacy scorer interface (#17596, @​BenWilson2)
• [Evaluation] Add Unity Catalog table source support for mlflow.evaluate (#17546, @​BenWilson2)
• [Evaluation] Fix custom prompt judge encoding issues with custom judge models (#17584, @​dbrx-euirim)
• [Tracking] Fix OpenAI autolog to properly reconstruct Response objects from streaming events (#17535, @​WeichenXu123)
• [Tracking] Add basic authentication support in TypeScript SDK (#17436, @​kevin-lyn)
• [Tracking] Update scorer endpoints to v3.0 API specification (#17409, @​WeichenXu123)
• [Tracking] Fix scorer status handling in MLflow tracking backend (#17379, @​WeichenXu123)
• [Tracking] Fix missing source-run information in UI (#16682, @​WeichenXu123)

... (truncated)

Commits

• fb8a67c Bump version to 2.22.2 (#17456)
• 25c14d2 Validate gateway_path in gateway_proxy_handler (#15970)
• 491aac5 Run python3 dev/update_mlflow_versions.py pre-release ... (#16108)
• 3473e28 Spark UDF Doc update (#15586)
• c7a323d Update tests/pyfunc/docker/test_docker.py
• 07b3a0c Fix hugginface incompatibility (#15523)
• 35d7c71 Avoid pandas 2.3.0
• e3f9a85 pin huggingface_hub
• de5008b Unpin huggingface-hub (#13997)
• ad862e9 fix pytest
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
pip/mlflow	2.22.2	🟢 5.8	Details Check Score Reason Code-Review 🟢 8 Found 18/21 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ -1 internal error: internal error: invalid Dockerfile License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Packaging 🟢 10 packaging workflow detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 404 existing vulnerabilities detected

Scanned Files

• machine-learning/ml-ops-in-a-box/requirements.txt