Bump mlflow from 2.22.1 to 3.5.0 in /llm-service in the uv group across 1 directory

[dependabot]

Bumps the uv group with 1 update in the /llm-service directory: mlflow.

Updates mlflow from 2.22.1 to 3.5.0

Release notes

Sourced from mlflow's releases.

v3.5.0

MLflow 3.5.0 includes several major features and improvements!

Major Features

• 🤖 Tracing support for Claude Code SDK: MLflow now provides a tracing integration for both the Claude Code CLI and SDK! Configure the autologging integration to track your prompts, Claude's responses, tool calls, and more. Check out this doc page to get started. (#18022, @​smoorjani)
• 🎯 Flexible Prompt Optimization API: Introduced a new flexible API for prompt optimization with support for model switching and the GEPA algorithm, enabling more efficient prompt tuning with fewer rollouts. See the documentation to get started. (#18183, #18031, @​TomeHirata)
• 🎨 Enhanced UI Onboarding: Improved in-product onboarding experience with trace quickstart drawer and updated homepage guidance to help users discover MLflow's latest features. (#18098, #18187, @​B-Step62)
• 🔐 Security Middleware for Tracking Server: Added a security middleware layer to protect against DNS rebinding, CORS attacks, and other security threats. Read the documentation for configuration details. (#17910, @​BenWilson2)

Features

• [Tracing / Tracking] Add unlink_traces_from_run batch operation (#18316, @​harupy)
• [Tracing] Add batch trace link/unlink operations to DatabricksTracingRestStore (#18295, @​harupy)
• [Tracking] Claude Code SDK autologging support (#18022, @​smoorjani)
• [Tracing] Add support for reading trace configuration from environment variables (#17792, @​joelrobin18)
• [Tracking] Mistral tracing improvements (#16370, @​joelrobin18)
• [Tracking] Gemini token count tracking (#16248, @​joelrobin18)
• [Tracking] Gemini streaming support (#16249, @​joelrobin18)
• [Tracking] CrewAI token count tracking with documentation updates (#16373, @​joelrobin18)
• [Evaluation] Allow passing empty scorer list for manual result comparison (#18265, @​B-Step62)
• [Evaluation] Log assessments to DSPy evaluation traces (#18136, @​B-Step62)
• [Evaluation] Add support for trace inputs to built-in scorers (#17943, @​BenWilson2)
• [Evaluation] Add synonym handling for built-in scorers (#17980, @​BenWilson2)
• [Evaluation] Add span timing tool for Agent Judges (#17948, @​BenWilson2)
• [Evaluation] Allow disabling evaluation sample check (#18032, @​B-Step62)
• [Evaluation] Reduce verbosity of SIMBA optimizer logs when aligning judges (#17795, @​BenWilson2)
• [Evaluation] Add __repr__ method for Judges (#17794, @​BenWilson2)
• [Prompts] Add prompt registry support to MLflow webhooks (#17640, @​harupy)
• [Prompts] Prompt Registry Chat UI (#17334, @​joelrobin18)
• [UI] Delete parent and child runs together (#18052, @​joelrobin18)
• [UI] Added move to top, move to bottom for charts (#17742, @​joelrobin18)
• [Tracking] Use sampling data for run comparison to improve performance (#17645, @​lkuo)
• [Tracking] Add optional 'outputs' column for evaluation dataset records (#17735, @​WeichenXu123)
• [Tracking] Job backend execution (#17676, #18012, #18070, #18071, #18112, #18049, @​WeichenXu123)

Bug Fixes

• [Tracing] Fix parent run resolution mechanism for LangChain (#17273, @​B-Step62)
• [Tracing] Add client-side retry for get_trace to improve reliability (#18224, @​B-Step62)
• [Tracing] Fix OpenTelemetry dual export (#18163, @​B-Step62)
• [Tracing] Suppress false warnings from span logging (#18092, #18276, @​B-Step62)
• [Tracing] Fix OpenTelemetry resource attributes not propagating correctly (#18019, @​xiaosha007)
• [Tracing] Fix DSPy prompt display (#17988, @​B-Step62)
• [Tracing] Fix usage aggregation to avoid ancestor duplication (#17921, @​TomeHirata)
• [Tracing] Fix double counting in Strands tracing (#17855, @​joelrobin18)
• [Tracing] Fix to_predict_fn to handle traces without tags field (#17784, @​harupy)
• [Tracing] URL-encode trace tag keys in delete_trace_tag to prevent 404 errors (#18232, @​copilot-swe-agent)
• [Tracking] Fix Claude Code autologging inputs not displaying (#17858, @​smoorjani)
• [Tracking] Fix runs with 0-valued metrics not appearing in experiment list contour plots (#17916, @​WeichenXu123)

... (truncated)

Commits

• 77b2695 Run python3 dev/update_mlflow_versions.py pre-release ... (#18355)
• fc2fb36 Revert "Add atomicity to job_start API (#18226)"
• e7b2177 Revert "Fix response handling in log_spans (#18280)" (#18349)
• 5d86ffe Create set_databricks_monitoring_sql_warehouse_id API (#18346)
• 250985f Fetch config after adding first record (#18338)
• ad0aad1 Fix log_metrics slowness for get run (#18241)
• 05a0111 Increase max height of params/metrics boxes (#18306)
• 3e24457 Implement lazy logger initialization in claude_code.tracing (#18339)
• 892bed1 Add github feature requests on the GenAI doc (#18342)
• f605177 Minor comment fix for extract_retrieval_context_from_trace (#18331)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.