build(deps): bump the pip-minor-patch-updates group across 2 directories with 7 updates

[dependabot]

Bumps the pip-minor-patch-updates group with 3 updates in the / directory: mypy, pre-commit and ruff.
Bumps the pip-minor-patch-updates group with 4 updates in the /src/sample_pytorch_gpu_project/.devcontainer directory: torch, torchvision, mlflow and azureml-mlflow.

Updates mypy from 1.18.2 to 1.19.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Drop Support for Python 3.9

Mypy no longer supports running with Python 3.9, which has reached end-of-life. When running mypy with Python 3.10+, it is still possible to type check code that needs to support Python 3.9 with the --python-version 3.9 argument. Support for this will be dropped in the first half of 2026!

Contributed by Marc Mueller (PR 20156).

Mypy 1.19

We’ve just uploaded mypy 1.19.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Python 3.9 Support Ending Soon

This is the last mypy feature release that supports Python 3.9, which reached end of life in October 2025.

Performance Improvements

• Switch to a more dynamic SCC processing logic (Ivan Levkivskyi, PR 20053)
• Speed up type aliases (Ivan Levkivskyi, PR 19810)

Fixed‑Format Cache Improvements

Mypy uses a cache by default to speed up incremental runs by reusing partial results from earlier runs. Mypy 1.18 added a new binary fixed-format cache representation as an experimental feature. The feature is no longer experimental, and we are planning to enable it by default in a future mypy release (possibly 1.20), since it's faster and uses less space than the original, JSON-based cache format. Use --fixed-format-cache to enable the fixed-format cache.

Mypy now has an extra dependency on the librt PyPI package, as it's needed for cache serialization and deserialization.

Mypy ships with a tool to convert fixed-format cache files to the old JSON format. Example of how to use this:

$ python -m mypy.exportjson .mypy_cache/.../my_module.data.ff

... (truncated)

Commits

• 0f068c9 Remove +dev
• 6d5cf52 Various updates to 1.19 changelog (#20304)
• 3c81308 Add draft version of 1.19 release notes (#20296)
• 1999a20 [mypyc] librt base64: use existing SIMD CPU dispatch by customizing build fla...
• 1b94fbb [mypyc] Fix vtable pointer with inherited dunder new (#20302)
• 13369cb [mypyc] Fix crash on super in generator (#20291)
• a087a58 Update import map when new modules added (#20271)
• 35e843c [mypyc] Add efficient librt.base64.b64decode (#20263)
• 094f66d [mypyc] Add repr to AssignmentTarget subclasses (#20258)
• 0738db3 Do not push partial types to the binder (#20202)
• Additional commits viewable in compare view

Updates pre-commit from 4.3.0 to 4.5.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

pre-commit v4.4.0

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Commits

• 1af6c8f v4.5.0
• 3358a3b Merge pull request #3585 from pre-commit/hazmat
• bdf6879 add pre-commit hazmat
• e436690 Merge pull request #3584 from pre-commit/exitstack
• 8d34f95 use ExitStack instead of start + stop
• 9c7ea88 Merge pull request #3583 from pre-commit/forward-compat-map-manifest
• 844dacc add forward-compat error message
• 6a1d543 Merge pull request #3582 from pre-commit/move-gc-back
• 66278a9 move logic for gc back to commands.gc
• 1b32c50 Merge pull request #3579 from pre-commit/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates ruff from 0.14.3 to 0.14.7

Release notes

Sourced from ruff's releases.

0.14.7

Release Notes

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

Contributors

• @​mikeleppane
• @​senekor
• @​ShaharNaveh
• @​JumboBear
• @​prakhar1144
• @​tsvikas
• @​danparizher
• @​chirizxc
• @​AlexWaygood
• @​MichaReiser

Install ruff 0.14.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.7

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

Contributors

• @​mikeleppane
• @​senekor
• @​ShaharNaveh
• @​JumboBear
• @​prakhar1144
• @​tsvikas
• @​danparizher
• @​chirizxc
• @​AlexWaygood
• @​MichaReiser

0.14.6

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)

... (truncated)

Commits

• ecab623 Bump 0.14.7 (#21684)
• 42f1521 [ty] Generic types aliases (implicit and PEP 613) (#21553)
• 594b7b0 [ty] Preserve quoting style when autofixing TypedDict keys (#21682)
• b5b4917 [ty] Fix override of final method summary (#21681)
• 0084e94 [ty] Fix subtyping of type[Any] / type[T] and protocols (#21678)
• 566c959 [ty] Rename ReferenceRequestHandler file (#21680)
• 8bcfc19 [ty] Implement typing.final for methods (#21646)
• c534bfa [ty] Implement patterns and typevars in the LSP (#21671)
• 5e1b2ee [ty] implement rendering of .. code:: lang in docstrings (#21665)
• 98681b9 [ty] Add db parameter to Parameters::new method (#21674)
• Additional commits viewable in compare view

Updates torch from 2.9.0 to 2.9.1

Release notes

Sourced from torch's releases.

PyTorch 2.9.1 Release, bug fix release

This release is meant to fix the following issues (regressions / silent correctness):

Tracked Regressions

Significant Memory Regression in F.conv3d with bfloat16 Inputs in PyTorch 2.9.0 (#166643) This release provides work around this issue. If you are impacted please install nvidia-cudnn package version 9.15+ from pypi. (#166480) (#167111)

Torch.compile

Fix Inductor bug when compiling Gemma (#165601) Fix InternalTorchDynamoError in bytecode_transformation (#166036) Fix silent correctness error_on_graph_break bug where non-empty checkpoint results in unwanted graph break resumption (#166586) Improve performance by avoiding recompilation with mark_static_address with cudagraphs (#162208) Improve performance by caching get_free_symbol_uses in torch inductor (#166338) Fix fix registration design for inductor graph partition for vLLM (#166458) (#165815) (#165514) Fix warning spamming in torch.compile (#166993) Fix exception related to uninitialized tracer_output variable (#163169) Fix crash in torch.bmm and torch.compile with PyTorch release 2.9.0 (#166457)

Other

Fix warning spamming on new APIs to control TF32 behavior (#166956) Fix distributed crash with non-contiguous gather inputs (#166181) Fix indexing on large tensor causes invalid configuration argument (#166974) Fix numeric issue in CUDNN_ATTENTION (#166912) (#166570) Fix symmetric memory issue with fused_scaled_matmul_reduce_scatter (#165086) Improve libtorch stable ABI documentation (#163899) Fix image display on pypi project description section (#166404)

Commits

• d38164a Enable Doc builds for: Minor Releases RCs. Minor and Patch Releases final RC ...
• b002562 Add doc for Symmetric Memory (#167477)
• 5811a8d [cuDNN][SDPA][Convolution] Expose cuDNN runtime version in CUDA hooks (#167327)
• f36c764 [dynamo][ez] Initialize tracer_output to None by default. (#167366)
• 6877288 Change forkserver test to only run below 3.13.8 (#167361)
• 9976b77 Cherry-pick LibTorch Stable ABI documentation (#167112 #166661 #163899) (#167...
• e6bcbbe [Inductor] No longer throw error in bmm out_dtype lowering due to tem… (#166922)
• 8f658d7 don't produce invalid grid configs (#166973) (#167158)
• 3d27d95 [GraphPartition] cache get_free_symbol_uses (#166338) (#166994)
• a06141f Delete deprecated fp32 precision warnings (#166956) (#166998)
• Additional commits viewable in compare view

Updates torchvision from 0.24.0 to 0.24.1

Release notes

Sourced from torchvision's releases.

TorchVision 0.24.1 Release

This is a patch release, which is compatible with PyTorch 2.9.1. There are no new features added.

Commits

• d801a34 [release-only] bump version to 0.24.1
• See full diff in compare view

Updates mlflow from 3.5.1 to 3.6.0

Release notes

Sourced from mlflow's releases.

v3.6.0

MLflow 3.6.0 includes several major features and improvements for AI Observability, Experiment UI, Agent Evaluation and Deployment.

• 🔗 Full OpenTelemetry Support in OSS Server: MLflow now offers comprehensive OpenTelemetry integration, allowing you to ingest OpenTelemetry traces into MLflow and use both SDK seamlessly together. (#18540, #18532, #18357, @​B-Step62, @​serena-ruan)
• 💬 Session-level View in Trace UI: New chat sessions tab provides a dedicated view for organizing and analyzing related traces at the session level, making it easier to track conversational workflows. (#18594, @​daniellok-db)
• 🧭 New experiment tab bar: The experiment tab navigation bar has been moved from the top of the page to the left side. As MLflow continues to grow, this layout provides more room to add new tabs while keeping everything easy to find. (#18594, @​daniellok-db)
• 🚀 New Supported Frameworks in TypeScript Tracing SDK: Auto-tracing support for Vercel AI SDK, Gemini, Anthropic, Mastra in TypeScript, expanding MLflow's observability capabilities across popular JavaScript/TypeScript frameworks. (#18402, @​B-Step62)
• 💰 Tracking Judge Cost and Traces: Comprehensive tracking of LLM judge evaluation costs and traces, providing visibility into evaluation expenses and performance with automatic cost calculation and rendering. (#18481, #18484, @​B-Step62)
• ⚙️ Agent Server: New agent server infrastructure for managing and deploying scoring agents with enhanced orchestration capabilities. (#18596, @​bbqiu)

Breaking changes:

• Deprecate pmdarima, promptflow, diviner flavors (#18597, #18577, @​copilot-swe-agent)
• Drop numbering suffix (_1, _2, ...) from span names (#18531, @​serena-ruan)

Features

• [Evaluation] Support structured outputs in make_judge (#18529, @​TomeHirata)
• [Evaluation] Agent-as-a-judge support for default Databricks endpoint (#18709, @​smoorjani)
• [Evaluation] Frontend adjustments for handle judge traces (#18485, @​B-Step62)
• [Evaluation] Record judge traces (#18484, @​B-Step62)
• [Evaluation] [ML-57683] Add search_traces tool for agentic judge (#18228, @​dbrx-euirim)
• [Evaluation] Record and render LLM judge cost (#18481, @​B-Step62)
• [Evaluation] Add support for profile usage in Databricks Agents dataset API operat… (#18431, @​BenWilson2)
• [Evaluation] Add description property to Scorer interface (#18383, @​alkispoly-db)
• [Evaluation] Add mlflow scorers register-llm-judge CLI command (#18330, @​alkispoly-db)
• [Evaluation] Allow passing empty scorer list for manual result comparison (#18265, @​B-Step62)
• [Evaluation] Add CLI command to list registered scorers by experiment (#18255, @​alkispoly-db)
• [Evaluation] Log assessments to DSPy eval traces (#18136, @​B-Step62)
• [Evaluation] Add mlflow traces eval CLI command (#18069, @​alkispoly-db)
• [Tracing] Add documentation for new tracing integrations (Otel) (#18691, @​B-Step62)
• [Tracing] Display trace metadata (#18609, @​B-Step62)
• [Tracing] Support automatically tracking session ID for LangGraph (#18608, @​B-Step62)
• [Tracing / Tracking] Add RLIKE operator support for trace search (#18591, @​serena-ruan)
• [Tracing] Attributes translation for OTel clients (#18532, @​serena-ruan)
• [Tracing] [Vercel #3] Implement auto-tracing logic for Vercel AI SDK (#18402, @​B-Step62)
• [Tracing] Minor clean up for the trace summary view (#18436, @​B-Step62)
• [Tracing] Support search by span details for traces in OSS MLflow server (#17918, @​serena-ruan)
• [UI] UI: Support filtering by span content / type / name (#18683, @​dbczumar)
• [UI] Add chat sessions tab (#18594, @​daniellok-db)
• [UI] Child Parent Link (#17248, @​joelrobin18)
• [Tracking] Make Pytorch lightning autologging support logging model signature (#18510, @​WeichenXu123)
• [Tracking] Add support for using the same DB for tracking and auth (#18384, @​BenWilson2)
• [Tracking] Job backend: Support creating virtual python environment for job execution (#18111, @​WeichenXu123)
• [Model Registry / Tracking] Add deprecation warnings for filesystem backends (#18524, @​harupy)
• [Model Registry] Allow for skipping pip installation while packing environment for model serving (#18448, @​juntai-zheng)
• [Models] Support Langchain 1.x (#18490, @​BenWilson2)
• [Models] Use UBJSON format as default for XGBoost models (#18420, @​harupy)
• [Scoring] Introduce Agent Server (#18596, @​bbqiu)
• [Deployment] Add configuration option for long-running deployments client requests (#18363, @​BenWilson2)
• [Gateway] Make Openai provider supporting streamed function calling response (#18367, @​WeichenXu123)

... (truncated)

Changelog

Sourced from mlflow's changelog.

3.6.0 (2025-11-07)

MLflow 3.6.0 includes several major features and improvements for AI Observability, Experiment UI, Agent Evaluation and Deployment.

• 🔗 Full OpenTelemetry Support in OSS Server: MLflow now offers comprehensive OpenTelemetry integration, allowing you to ingest OpenTelemetry traces into MLflow and use both SDK seamlessly together. (#18540, #18532, #18357, @​B-Step62, @​serena-ruan)
• 💬 Session-level View in Trace UI: New chat sessions tab provides a dedicated view for organizing and analyzing related traces at the session level, making it easier to track conversational workflows. (#18594, @​daniellok-db)
• 🧭 New experiment tab bar: The experiment tab navigation bar has been moved from the top of the page to the left side. As MLflow continues to grow, this layout provides more room to add new tabs while keeping everything easy to find. (#18594, @​daniellok-db)
• 🚀 New Supported Frameworks in TypeScript Tracing SDK: Auto-tracing support for Vercel AI SDK, Gemini, Anthropic, Mastra in TypeScript, expanding MLflow's observability capabilities across popular JavaScript/TypeScript frameworks. (#18402, @​B-Step62)
• 💰 Tracking Judge Cost and Traces: Comprehensive tracking of LLM judge evaluation costs and traces, providing visibility into evaluation expenses and performance with automatic cost calculation and rendering. (#18481, #18484, @​B-Step62)
• ⚙️ Agent Server: New agent server infrastructure for managing and deploying scoring agents with enhanced orchestration capabilities. (#18596, @​bbqiu)

Breaking changes:

• Deprecate pmdarima, promptflow, diviner flavors (#18597, #18577, @​copilot-swe-agent)
• Drop numbering suffix (_1, _2, ...) from span names (#18531, @​serena-ruan)

Features:

• [Tracing] Add RLIKE operator support for trace search (#18591, @​serena-ruan)
• [Tracing] Attributes translation for OpenTelemetry clients (#18532, @​serena-ruan)
• [Tracing] Implement auto-tracing logic for Vercel AI SDK (#18402, @​B-Step62)
• [Tracing] Anthropic Typescript SDK (#18189, @​joelrobin18)
• [Tracing] Support search by span details for traces in OSS MLflow server (#17918, @​serena-ruan)
• [Tracing] Minor clean up for the trace summary view (#18436, @​B-Step62)
• [Tracing] Log assessments to DSPy eval traces (#18136, @​B-Step62)
• [Tracking] Add support for using the same DB for tracking and auth (#18384, @​BenWilson2)
• [Tracking] Make Pytorch lightning autologging support logging model signature (#18510, @​WeichenXu123)
• [Tracking] Make mlflow.pytorch pyfunc loader supporting pytorch forecasting model (#18428, @​WeichenXu123)
• [Tracking] Job backend: Support creating virtual python environment for job execution (#18111, @​WeichenXu123)
• [Evaluation] Add search_traces tool for agentic judge (#18228, @​dbrx-euirim)
• [Evaluation] Record and render LLM judge cost (#18481, @​B-Step62)
• [Evaluation] Frontend adjustments for handle judge traces (#18485, @​B-Step62)
• [Evaluation] Record judge traces (#18484, @​B-Step62)
• [Evaluation] Add support for profile usage in Databricks Agents dataset API operat… (#18431, @​BenWilson2)
• [Evaluation] Add mlflow traces eval CLI command (#18069, @​alkispoly-db)
• [Evaluation] Add mlflow scorers register-llm-judge CLI command (#18330, @​alkispoly-db)
• [Evaluation] Add description property to Scorer interface (#18383, @​alkispoly-db)
• [Evaluation] Allow passing empty scorer list for manual result comparison (#18265, @​B-Step62)
• [Scoring] Introduce Agent Server (#18596, @​bbqiu)
• [UI] Add chat sessions tab (#18594, @​daniellok-db)
• [UI] Child Parent Link (#17248, @​joelrobin18)
• [Models] Use UBJSON format as default for XGBoost models (#18420, @​harupy)
• [Models] Support Langchain 1.x (#18490, @​BenWilson2)
• [Model Registry] Add deprecation warnings for filesystem backends (#18524, @​harupy)
• [Model Registry] Allow for skipping pip installation while packing environment for model serving (#18448, @​juntai-zheng)
• [Gateway] Add configuration option for long-running deployments client requests (#18363, @​BenWilson2)
• [Gateway] Make Openai, Anthropic, Gemini provider supporting streamed function calling response (#18367, #18328, #18294, @​WeichenXu123)
• [Gateway] Add traffic route to multiple endpoints (#18064, @​WeichenXu123)
• [Docs] Add Sticky Header to CodeBlock in MLflow/DOCS Code Examples (#18508, @​PavithraNelluri)
• [Build / Evaluation] Add CLI command to list registered scorers by experiment (#18255, @​alkispoly-db)

... (truncated)

Commits

• d7e0aa6 Run python3 dev/update_mlflow_versions.py pre-release ... (#18738)
• def0e3c revert conflict override
• fe6a898 Add telemetry tracking for AI command usage (#18595)
• 286d06d Refactor Judge utils (#18622)
• cc27fe7 Don't require structured outputs for make_judge (#18643)
• 8b900fa Support structured outputs in make_judge (#18529)
• 4640b2e Add chat conversion for Otel GenAI Semconv (#18731)
• 1fe2182 Fix eval result button link (#18667)
• cc87812 Add FireworksAI to Model Providers Tracing Integrations (#18678)
• 547de48 Search traces docs update (#18687)
• Additional commits viewable in compare view

Updates azureml-mlflow from 1.60.0 to 1.61.0

Commits

• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
azureml-mlflow	[< 1.61, > 1.60.0]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[fujikosu]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.