build: Bump mlflow by ko3n1g · Pull Request #2279 · NVIDIA-NeMo/Megatron-Bridge

ko3n1g · 2026-02-09T15:55:12Z

What does this PR do ?

Addresses a CVE

Changelog

Add specific line by line info of high level changes in this PR.

GitHub Actions CI

See the CI sectionin the Contributing doc for how to trigger the CI. A Nvidia developer will need to approve and trigger the CI for external contributors.

Before your PR is "Ready for review"

Pre checks:

Make sure you read and followed Contributor guidelines
Did you write any new necessary tests?
Did you add or update any necessary documentation?
Does the PR affect components that are optional to install? (Ex: Numba, Pynini, Apex etc)
- Reviewer: Does the PR have correct import guards for all optional libraries?

If you haven't finished some of the above items you can still open "Draft" PR.

Additional Information

Related to # (issue)

Summary by CodeRabbit

Chores
- Updated dependency versions to ensure improved compatibility and security standards.

Signed-off-by: oliver könig <okoenig@nvidia.com>

coderabbitai · 2026-02-09T15:57:58Z

📝 Walkthrough

Walkthrough

Updates dependency versions in pyproject.toml by bumping mlflow from >=3.2.0 to >=3.5.0, adding cryptography>=43.0.0,<47 to override-dependencies, and reformatting the transformer-engine entry with updated ordering.

Changes

Cohort / File(s)	Summary
Dependency Version Updates `pyproject.toml`	Bumps mlflow to >=3.5.0, adds cryptography>=43.0.0,<47 to override-dependencies, and reformats transformer-engine entry with trailing comma and reordered placement.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

build: bump TE #2059: Modifies the TransformerEngine dependency entry in pyproject.toml alongside this PR's dependency updates.

Suggested labels

r0.3.0

Suggested reviewers

chtruong814
thomasdhc

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'build: Bump mlflow' accurately reflects the main change of updating the mlflow dependency from >=3.2.0 to >=3.5.0 in pyproject.toml.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Test Results For Major Changes	✅ Passed	PR contains only minor dependency version bumps in pyproject.toml with no code logic changes, satisfying the check criteria.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch ko3n1g/build/address-cves

No actionable comments were generated in the recent review. 🎉

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

build: Bump mlflow

72e0c21

Signed-off-by: oliver könig <okoenig@nvidia.com>

ko3n1g requested a review from a team as a code owner February 9, 2026 15:55

copy-pr-bot bot had a problem deploying to nemo-ci February 9, 2026 15:55 Failure

ko3n1g added the r0.3.0 Cherry-pick label for r0.3.0 release branch label Feb 9, 2026

copy-pr-bot bot temporarily deployed to test February 9, 2026 15:56 Inactive

thomasdhc approved these changes Feb 9, 2026

View reviewed changes

copy-pr-bot bot temporarily deployed to nemo-ci February 9, 2026 16:04 Inactive

copy-pr-bot bot temporarily deployed to nemo-ci February 9, 2026 16:40 Inactive