security(deps): bump the training-dependencies group across 1 directory with 23 updates

[dependabot]

Bumps the training-dependencies group with 23 updates in the /training/rl directory:

Package	From	To
skrl	1.4.3	2.0.0
tensordict	0.11.0	0.12.1
google-auth	2.49.1	2.49.2
greenlet	3.3.2	3.4.0
msal	1.35.1	1.36.0
opentelemetry-api	1.40.0	1.41.0
opentelemetry-instrumentation	0.61b0	0.62b0
opentelemetry-instrumentation-asgi	0.61b0	0.62b0
opentelemetry-instrumentation-dbapi	0.61b0	0.62b0
opentelemetry-instrumentation-django	0.61b0	0.62b0
opentelemetry-instrumentation-fastapi	0.61b0	0.62b0
opentelemetry-instrumentation-flask	0.61b0	0.62b0
opentelemetry-instrumentation-psycopg2	0.61b0	0.62b0
opentelemetry-instrumentation-requests	0.61b0	0.62b0
opentelemetry-instrumentation-urllib	0.61b0	0.62b0
opentelemetry-instrumentation-urllib3	0.61b0	0.62b0
opentelemetry-instrumentation-wsgi	0.61b0	0.62b0
opentelemetry-proto	1.40.0	1.41.0
opentelemetry-sdk	1.40.0	1.41.0
opentelemetry-semantic-conventions	0.61b0	0.62b0
opentelemetry-util-http	0.61b0	0.62b0
pydantic	2.12.5	2.13.0
pydantic-core	2.45.0	2.46.0

Updates skrl from 1.4.3 to 2.0.0

Release notes

Sourced from skrl's releases.

skrl-v2.0.0

[2.0.0] - 2026-04-08

Summary of the most relevant features:

• RL algorithm implementations in NVIDIA Warp
• Differentiate between environment observations and states (also known as privileged observation)
• Support for MuJoCo Playground and ManiSkill environments

Added

• Implement RL algorithms in NVIDIA Warp
• Add loader and wrapper for MuJoCo Playground environments
• Add wrapper for ManiSkill environments
• Add Tabular model instantiator (epsilon-greedy variant)
• Add clip_mean_actions parameter to Gaussian and Multivariate Gaussian models
• Add render_interval option to trainers to specify the rendering interval for the environments
• Add compute_space_limits space utility to get Gymnasium spaces' limits
• Add ScopedTimer utils to measure code execution time
• Add SummaryWriter implementation to log data to TensorBoard without relying on third-party libraries
• Log agent inference and algorithm update, and environment steeping time to TensorBoard

Changed

• Update minimum supported Python version to 3.10
• Drop support for PyTorch versions prior to 1.11 (the previous supported version was 1.10)
• Call observation/state preprocessors once when computing the actions during training

Changed (breaking changes)

• Refactor the library to differentiate between environment observations and states (also known as privileged observation)
• Implement agent/multi-agent and trainer configurations using Python Data Classes
  • Unify the different learning rate settings under the learning_rate configuration
  • Rename lambda to gae_lambda
  • Remove the clip_predicted_values redundant configuration by checking for value_clip > 0
  • Remove specific exploration noise settings (initial_scale, final_scale and timesteps) in favor of generic scheduling functions
• Update tabular model definition to operate in any number of parallel environments
• Refactor multi-agent environment wrappers to support homogeneous and heterogeneous states spaces

Fixed

• Add entropy loss to the policy loss for on-policy agents/mulit-agents in JAX
• Fix time limits handling for termination and truncation signals
• Fix the randomness of the environments by seeding right after initialization (on the first reset)

Removed

• Remove NumPy backend for JAX implementation
• Remove checkpoints/models migration support from other RL libraries
• Remove support for Isaac Gym and Omniverse Isaac Gym environments (deprecated in favor of Isaac Lab)
• Remove support for Brax and DeepMind environments (in favor of MuJoCo Playground environments)
• Remove support for Bi-DexHands and robosuite environments
• Remove Isaac Gym (web viewer, inverse kinematic) and Omniverse Isaac Gym (local environment instance, inverse kinematic) utils

Changelog

Sourced from skrl's changelog.

[2.0.0] - 2026-04-08

Summary of the most relevant features:

• RL algorithm implementations in NVIDIA Warp
• Differentiate between environment observations and states (also known as privileged observation)
• Support for MuJoCo Playground and ManiSkill environments

Added

• Implement RL algorithms in NVIDIA Warp
• Add loader and wrapper for MuJoCo Playground environments
• Add wrapper for ManiSkill environments
• Add Tabular model instantiator (epsilon-greedy variant)
• Add clip_mean_actions parameter to Gaussian and Multivariate Gaussian models
• Add render_interval option to trainers to specify the rendering interval for the environments
• Add compute_space_limits space utility to get Gymnasium spaces' limits
• Add ScopedTimer utils to measure code execution time
• Add SummaryWriter implementation to log data to TensorBoard without relying on third-party libraries
• Log agent inference and algorithm update, and environment steeping time to TensorBoard

Changed

• Update minimum supported Python version to 3.10
• Drop support for PyTorch versions prior to 1.11 (the previous supported version was 1.10)
• Call observation/state preprocessors once when computing the actions during training

Changed (breaking changes)

• Refactor the library to differentiate between environment observations and states (also known as privileged observation)
• Implement agent/multi-agent and trainer configurations using Python Data Classes
  • Unify the different learning rate settings under the learning_rate configuration
  • Rename lambda to gae_lambda
  • Remove the clip_predicted_values redundant configuration by checking for value_clip > 0
  • Remove specific exploration noise settings (initial_scale, final_scale and timesteps) in favor of generic scheduling functions
• Update tabular model definition to operate in any number of parallel environments
• Refactor multi-agent environment wrappers to support homogeneous and heterogeneous states spaces

Fixed

• Add entropy loss to the policy loss for on-policy agents/mulit-agents in JAX
• Fix time limits handling for termination and truncation signals
• Fix the randomness of the environments by seeding right after initialization (on the first reset)

Removed

• Remove NumPy backend for JAX implementation
• Remove checkpoints/models migration support from other RL libraries
• Remove support for Isaac Gym and Omniverse Isaac Gym environments (deprecated in favor of Isaac Lab)
• Remove support for Brax and DeepMind environments (in favor of MuJoCo Playground environments)
• Remove support for Bi-DexHands and robosuite environments
• Remove Isaac Gym (web viewer, inverse kinematic) and Omniverse Isaac Gym (local environment instance, inverse kinematic) utils

Commits

• c29ced6 Release 2.0.0
• cb00cb5 Update CHANGELOG
• ff6426f Use warp-nn dependency for neural networks in Warp (#422)
• 22bb9db Fix setuptools package discovery (#421)
• d81196d Check for configuration compatibility in runners (#420)
• e1b600e Rename lambda_ to gae_lambda (#419)
• f6e1f39 Update Playground loader (#418)
• 67bb662 Call step preprocessor once (#403)
• 2888004 Update docs (#415)
• 5a078cf Add render_interval option to trainers to specify the rendering interval fo...
• Additional commits viewable in compare view

Updates tensordict from 0.11.0 to 0.12.1

Release notes

Sourced from tensordict's releases.

TensorDict v0.12.1

Patch release with a torch.compile bug fix.

Bug Fixes

• Fix unravel_keys inconsistency that prevented torch.compile from working correctly when called with a single key (#1674)

Installation

pip install tensordict==0.12.1

TensorDict v0.12.0

Highlights

TensorDict v0.12.0 introduces TypedTensorDict for schema-enforced tensor dictionaries, a full distributed collectives suite (broadcast, all_reduce, all_gather, scatter), TensorDictStore with Redis/Dragonfly/KeyDB backends, and major torch.compile and performance improvements. The UnbatchedTensor has been rewritten as a proper tensor subclass, and state_dict handling has been overhauled for consistency.

Breaking Changes

• UnbatchedTensor is now a __torch_dispatch__-based tensor subclass (was previously a wrapper) (#1638, #1648)
• state_dict is now flat by default, with auto-detection in load_state_dict for backwards compatibility
• TensorClass state_dict now uses logical keys

Features

• TypedTensorDict: Schema-enforced TensorDicts with type annotations, cross-class compatibility, and torch.compile support (#1657, #1659, #1660, #1662, #1663)
• TensorDictStore: Redis/Dragonfly/KeyDB-backed TensorDict with TensorClass support, lazy stack storage, and optimized indexed ops
• Distributed collectives: broadcast, all_reduce, all_gather, scatter, consolidated send/recv and init_remote/from_remote_init with UCXX transport support (#1611)
• set_printoptions: Configurable TensorDict repr with verbose mode (#1654, #1655, #1665)
• torch.func support: jacrev, jacfwd, and hessian now work with TensorDict (#1613)
• vmap with unbatched data: TensorDicts containing unbatched tensors can now be vmapped (#1625)
• TensorClass.select(as_tensordict=...) parameter (#1544)
• TensorDictBase.is_non_tensor(key) for consistent non-tensor key detection

Bug Fixes

• Fix HigherOrderOperator support in __torch_function__ (#1668)
• Fix td[key] = [] handling (#1666)
• Fix UnbatchedTensor.tolist() (#1664)
• Fix UnbatchedTensor CUDA pickling for multiprocessing (#1656)
• Fix UnbatchedTensor indexing without batch dim, GPU failures, getitem/stack (#1607, #1626, #1633)
• Fix replace() recompiles under torch.compile (#1605)
• Fix auto_batch_size regression with NonTensorStack (#1609)
• Fix NonTensorData positional args causing graph breaks under torch.compile (#1630)
• Fix state_dict error messages, params forwarding, detach
• Pin pybind11>=2.13 for Python 3.13 compatibility

... (truncated)

Commits

• 4d413dd [Release] Bump version to 0.12.1
• 2a7c2ee [BugFix] unravel_keys inconsistency bug preventing torch.compile (#1674)
• bb8825e [CI] Also disable ROCm wheel builds (tensordict is CPU-only)
• 015507b [CI] Disable CUDA wheel builds (tensordict is CPU-only) (#1672)
• 3f84f8d [CI] Fix wheel builds (#1671)
• b0ebe66 [Release] Bump version to 0.12.0 (#1670)
• 31b5ef5 [BugFix] Support HigherOrderOperator in torch_function (#1668)
• 962bf40 [BugFix] Handle td[key] = [] properly (#1666)
• fb51ac7 [Feature] set_printoptions(verbose=False) (#1665)
• 32d9fb6 [BugFix] Fix UnbatchedTensor.tolist() (#1664)
• Additional commits viewable in compare view

Updates google-auth from 2.49.1 to 2.49.2

Commits

• See full diff in compare view

Updates greenlet from 3.3.2 to 3.4.0

Changelog

Sourced from greenlet's changelog.

3.4.0 (2026-04-08)

• Publish binary wheels for RiscV 64.

• Fix multiple rare crash paths during interpreter shutdown.

  Note that this now relies on the atexit module, and introduces subtle API changes during interpreter shutdown (for example, getcurrent is no longer available once the atexit callback fires).

  See PR [#499](https://github.com/python-greenlet/greenlet/issues/499) <https://github.com/python-greenlet/greenlet/pull/499>_ by Nicolas Bouvrette.

• Address the results of an automated code audit performed by Daniel Diniz. This includes several minor correctness changes that theoretically could have been crashing bugs, but typically only in very rare circumstances.

  See PR 502 <https://github.com/python-greenlet/greenlet/pull/502>_.

• Fix several race conditions that could arise in free-threaded builds when using greenlet objects from multiple threads, some of which could lead to assertion failures or interpreter crashes.

  See issue 503 <https://github.com/python-greenlet/greenlet/issues/503>_, with thanks to Nitay Dariel and Daniel Diniz.

Commits

• df6734e Preparing release 3.4.0
• 0f86075 Merge pull request #504 from python-greenlet/freethreading-fixes
• 4596574 TLBC: crash appears to still happen on CI 3.14t ubuntu. Re-enable workaround.
• 2f4a1cf Make green_switch (python level greenlet.switch) and green_throw check for (p...
• a0c2a2a Fix unused variable warning when asserts are disabled.
• 8688581 gcc was complaining about an incomplete std::atomic type. make sure we includ...
• 449c760 Make MainGreenlet._thread_state atomic; we use it for cross thread checking a...
• f840e00 Add critical sections to greenlet attribute accessors.
• 6b281d3 test_contextvars: No need for the fallback case where contextvars isn't avail...
• f52615a Merge pull request #502 from python-greenlet/devdanzin-audit
• Additional commits viewable in compare view

Updates msal from 1.35.1 to 1.36.0

Release notes

Sourced from msal's releases.

1.36.0

What's Changed

• Fix the PoP flow in the console app by @​PetarSDimov in AzureAD/microsoft-authentication-library-for-python#887
• Add ADO CI, SDL, and release pipelines with e2e test enablement by @​RyAuld in AzureAD/microsoft-authentication-library-for-python#890
• Add documentation for Managed Identity v2 Hackathon by @​gladjohn in AzureAD/microsoft-authentication-library-for-python#885
• Potential fix for code scanning alert no. 74: Workflow does not contain permissions by @​Avery-Dunn in AzureAD/microsoft-authentication-library-for-python#884
• Added withFmi method for cca app by @​4gust in AzureAD/microsoft-authentication-library-for-python#876
• Use cryptographically secure randomness for PKCE, state, and nonce generation by @​ashok672 in AzureAD/microsoft-authentication-library-for-python#894
• Fix OIDC issuer domain spoofing in B2C host validation by @​4gust in AzureAD/microsoft-authentication-library-for-python#896

New Contributors

• @​PetarSDimov made their first contribution in AzureAD/microsoft-authentication-library-for-python#887
• @​gladjohn made their first contribution in AzureAD/microsoft-authentication-library-for-python#885

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.35.1...1.36.0

Commits

• 4a2cb98 Update sku.py
• a3ba722 Fix OIDC issuer domain spoofing in B2C host validation (#896)
• 6a92f24 Use cryptographically secure randomness for PKCE, state, and nonce generation...
• ecf515a Added withFmi method for cca app (#876)
• eb78068 Potential fix for code scanning alert no. 74: Workflow does not contain permi...
• 6de712e Add documentation for Managed Identity v2 Hackathon (#885)
• 1f71ede Add ADO CI, SDL, and release pipelines with e2e test enablement (#890)
• e4e692c Fix the PoP flow in the console app (#887)
• See full diff in compare view

Updates opentelemetry-api from 1.40.0 to 1.41.0

Changelog

Sourced from opentelemetry-api's changelog.

Version 1.41.0/0.62b0 (2026-04-09)

• opentelemetry-sdk: Add host resource detector support to declarative file configuration via detection_development.detectors[].host (#5002)
• opentelemetry-sdk: Add container resource detector support to declarative file configuration via detection_development.detectors[].container, using entry point loading of the opentelemetry-resource-detector-containerid contrib package (#5004)
• opentelemetry-sdk: Add create_tracer_provider/configure_tracer_provider to declarative file configuration, enabling TracerProvider instantiation from config files without reading env vars (#4985)
• Enabled the flake8-tidy-import plugins rules for the ruff linter. These rules throw warnings for relative imports in the modules. (#5019)
• opentelemetry-sdk: Fix AttributeError in ExplicitBucketHistogramAggregation when applied to non-Histogram instruments without explicit boundaries (#5034)
• Fix BatchLogRecordProcessor default schedule_delay_millis from 5000ms to 1000ms to comply with the OTel specification. Note: logs may be exported 5x more frequently by default (e.g. for users who don't explicitly set the OTEL_BLRP_SCHEDULE_DELAY env var). (#4998)
• opentelemetry-sdk: Add process resource detector support to declarative file configuration via detection_development.detectors[].process (#5001)
• opentelemetry-sdk: Add shared _parse_headers helper for declarative config OTLP exporters (#5021)
• opentelemetry-api: Replace a broad exception in attribute cleaning tests to satisfy pylint in the lint-opentelemetry-api CI job
• opentelemetry-sdk: Add create_meter_provider/configure_meter_provider to declarative file configuration, enabling MeterProvider instantiation from config files without reading env vars (#4987)
• opentelemetry-sdk: Add create_resource and create_propagator/configure_propagator to declarative file configuration, enabling Resource and propagator instantiation from config files without reading env vars (#4979)
• opentelemetry-sdk: Map Python CRITICAL log level to OTel FATAL severity text per the specification (#4984)
• opentelemetry-sdk: Add file configuration support with YAML/JSON loading, environment variable substitution, and schema validation against the vendored OTel config JSON schema (#4898)
• Fix intermittent CI failures in getting-started and tracecontext jobs caused by GitHub git CDN SHA propagation lag by installing contrib packages from the already-checked-out local copy instead of a second git clone (#4958)
• opentelemetry-sdk: fix type annotations on MetricReader and related types (#4938)
• opentelemetry-sdk: implement log creation metric (#4935)
• opentelemetry-sdk: implement metric reader metrics (#4970)
• opentelemetry-sdk: implement processor metrics (#5012)
• opentelemetry-sdk: upgrade vendored OTel configuration schema from v1.0.0-rc.3 to v1.0.0 (#4965)
• improve check-links ci job (#4978)
• Resolve some Pyright type errors in Span/ReadableSpan and utility stubs (#4973)
• opentelemetry-exporter-prometheus: Fix metric name prefix (#4895)
• opentelemetry-api, opentelemetry-sdk: Add deepcopy support for BoundedAttributes and BoundedList (#4934)
• opentelemetry-proto-json, opentelemetry-codegen-json: Implement custom protoc plugin to generate OTLP JSON class definitions (#4910)
• Add configurable max_export_batch_size to OTLP HTTP metrics exporter

... (truncated)

Commits

• 1a178fc [release/v1.41.x-0.62bx] Prepare release 1.41.0/0.62b0 (#5064)
• 37dea4b feat: add experimental logger configurator (#4980)
• 7c860ca misc: update version for codegen-json and proto-json packages (#5061)
• b3d98b3 [chore]: update readme (#5060)
• dbbd1bc feat(config): Add MeterProvider support for declarative config (#4987)
• 6faa58c feat(config): add host resource detector support for declarative config (#5002)
• c0cbfbd feat(config): wire container resource detector via entry point loading (#5004)
• f764e45 feat(config): Add TracerProvider support for declarative config (#4985)
• e301732 Add MikeGoldsmith to approvers (#5038)
• 8783a58 introduce alls-green action for required checks (#4988)
• Additional commits viewable in compare view

Updates opentelemetry-instrumentation from 0.61b0 to 0.62b0

Release notes

Sourced from opentelemetry-instrumentation's releases.

opentelemetry-instrumentation-openai-v2 2.3b0

• Fix AttributeError when handling LegacyAPIResponse (from with_raw_response) (#4017)
• Add support for chat completions choice count and stop sequences span attributes (#4028)
• Fix crash with streaming with_raw_response (#4033)
• Bump to 1.30.0 semconv schema: gen_ai.request.seed instead of gen_ai.openai.request.seed (#4036)

opentelemetry-instrumentation-openai-v2 2.2b0

• Fix service tier attribute names: use GEN_AI_OPENAI_REQUEST_SERVICE_TIER for request attributes and GEN_AI_OPENAI_RESPONSE_SERVICE_TIER for response attributes. (#3920)
• Added support for OpenAI embeddings instrumentation (#3461)
• Record prompt and completion events regardless of span sampling decision. (#3226)
• Filter out attributes with the value of NotGiven instances (#3760)
• Migrate off the deprecated events API to use the logs API (#3625)

opentelemetry-instrumentation-openai-agents-v2 0.1.0

• Initial barebones package skeleton: minimal instrumentor stub, version module, and packaging metadata/entry point. (#3805)
• Implement OpenAI Agents span processing aligned with GenAI semantic conventions. (#3817)
• Input and output according to GenAI spec. (#3824)

opentelemetry-instrumentation-openai-v2 2.1b0

• Coerce openai response_format to semconv format (#3073)
• Add example to opentelemetry-instrumentation-openai-v2 (#3006)
• Support for AsyncOpenAI/AsyncCompletions (#2984)
• Add metrics (#3180)

opentelemetry-instrumentation-openai-v2 2.0b0

• Use generic OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT environment variable to control if content of prompt, completion, and other messages is captured. (#2947)

• Update OpenAI instrumentation to Semantic Conventions v1.28.0: add new attributes and switch prompts and completions to log-based events. (#2925)

• Initial OpenAI instrumentation (#2759)

Changelog

Sourced from opentelemetry-instrumentation's changelog.

Version 1.41.0/0.62b0 (2026-04-09)

Added

• opentelemetry-instrumentation-asgi: Respect suppress_http_instrumentation context in ASGI middleware to skip server span creation when HTTP instrumentation is suppressed (#4375)
• opentelemetry-instrumentation-confluent-kafka: Loosen confluent-kafka upper bound to <3.0.0 (#4289)
• opentelemetry-instrumentation: Add support for wrapt 2.x (#4203)
• opentelemetry-instrumentation-psycopg2: Add parameter capture_parameters to instrumentor. (#4212)
• opentelemetry-instrumentation-botocore: Add support for instrumenting aiobotocore (#4049)
• opentelemetry-instrumentation-sqlalchemy: implement new semantic convention opt-in migration (#4110)

Fixed

• opentelemetry-docker-tests: Replace deprecated SpanAttributes from opentelemetry.semconv.trace with opentelemetry.semconv._incubating.attributes (#4339)
• opentelemetry-instrumentation-confluent-kafka: Skip recv span creation when poll() returns no message or consume() returns an empty list, avoiding empty spans on idle polls (#4349)
• Fix intermittent Core Contrib Test CI failures caused by GitHub git CDN SHA propagation lag by installing core packages from the already-checked-out local copy instead of a second git clone (#4305)
• Don't import module in unwrap if not already imported (#4321)
• opentelemetry-instrumentation-logging: Map Python CRITICAL log level to OTel FATAL severity text and WARNING to WARN (#4365)
• opentelemetry-instrumentation-logging: Add recursion guard in LoggingHandler.emit to prevent deadlock (#4302)
• opentelemetry-instrumentation-grpc: Fix bidirectional streaming RPCs raising AttributeError: 'generator' object has no attribute 'add_done_callback' (#4259)
• opentelemetry-instrumentation-aiokafka: fix Unclosed AIOKafkaProducer warning and RuntimeWarning: coroutine was never awaited in tests (#4384)
• opentelemetry-instrumentation-aiokafka: Fix compatibility with aiokafka 0.13 by calling _key_serializer/_value_serializer directly instead of the internal _serialize method whose signature changed in 0.13 from (topic, key, value) to (key, value, headers) (#4379)

Breaking changes

• opentelemetry-instrumentation-boto: Remove instrumentation (#4303)

Commits

• See full diff in compare view

Updates opentelemetry-instrumentation-asgi from 0.61b0 to 0.62b0

Changelog

Sourced from opentelemetry-instrumentation-asgi's changelog.

Version 1.41.0/0.62b0 (2026-04-09)

Added

• opentelemetry-instrumentation-asgi: Respect suppress_http_instrumentation context in ASGI middleware to skip server span creation when HTTP instrumentation is suppressed (#4375)
• opentelemetry-instrumentation-confluent-kafka: Loosen confluent-kafka upper bound to <3.0.0 (#4289)
• opentelemetry-instrumentation: Add support for wrapt 2.x (#4203)
• opentelemetry-instrumentation-psycopg2: Add parameter capture_parameters to instrumentor. (#4212)
• opentelemetry-instrumentation-botocore: Add support for instrumenting aiobotocore (#4049)
• opentelemetry-instrumentation-sqlalchemy: implement new semantic convention opt-in migration (#4110)

Fixed

• opentelemetry-docker-tests: Replace deprecated SpanAttributes from opentelemetry.semconv.trace with opentelemetry.semconv._incubating.attributes (#4339)
• opentelemetry-instrumentation-confluent-kafka: Skip recv span creation when poll() returns no message or consume() returns an empty list, avoiding empty spans on idle polls (#4349)
• Fix intermittent Core Contrib Test CI failures caused by GitHub git CDN SHA propagation lag by installing core packages from the already-checked-out local copy instead of a second git clone (#4305)
• Don't import module in unwrap if not already imported (#4321)
• opentelemetry-instrumentation-logging: Map Python CRITICAL log level to OTel FATAL severity text and WARNING to WARN (#4365)
• opentelemetry-instrumentation-logging: Add recursion guard in LoggingHandler.emit to prevent deadlock (#4302)
• opentelemetry-instrumentation-grpc: Fix bidirectional streaming RPCs raising AttributeError: 'generator' object has no attribute 'add_done_callback' (#4259)
• opentelemetry-instrumentation-aiokafka: fix Unclosed AIOKafkaProducer warning and RuntimeWarning: coroutine was never awaited in tests (#4384)
• opentelemetry-instrumentation-aiokafka: Fix compatibility with aiokafka 0.13 by calling _key_serializer/_value_serializer directly instead of the internal _serialize method whose signature changed in 0.13 from (topic, key, value) to (key, value, headers) (#4379)

Breaking changes

• opentelemetry-instrumentation-boto: Remove instrumentation (#4303)

Commits

• See full diff in compare view

Updates opentelemetry-instrumentation-dbapi from 0.61b0 to 0.62b0

Changelog

Sourced from opentelemetry-instrumentation-dbapi's changelog.

Version 1.41.0/0.62b0 (2026-04-09)

Added

• opentelemetry-instrumentation-asgi: Respect suppress_http_instrumentation context in ASGI middleware to skip server span creation when HTTP instrumentation is suppressed (#4375)
• opentelemetry-instrumentation-confluent-kafka: Loosen confluent-kafka upper bound to <3.0.0 (#4289)
• opentelemetry-instrumentation: Add support for wrapt 2.x (#4203)
• opentelemetry-instrumentation-psycopg2: Add parameter capture_parameters to instrumentor. (#4212)
• opentelemetry-instrumentation-botocore: Add support for instrumenting aiobotocore (#4049)
• opentelemetry-instrumentation-sqlalchemy: implement new semantic convention opt-in migration (#4110)

Fixed

• opentelemetry-docker-tests: Replace deprecated SpanAttributes from opentelemetry.semconv.trace with opentelemetry.semconv._incubating.attributes (#4339)
• opentelemetry-instrumentation-confluent-kafka: Skip recv span creation when poll() returns no message or consume() returns an empty list, avoiding empty spans on idle polls (#4349)
• Fix intermittent Core Contrib Test CI failures caused by GitHub git CDN SHA propagation lag by installing core packages from the already-checked-out local copy instead of a second git clone (#4305)
• Don't import module in unwrap if not already imported (#4321)
• opentelemetry-instrumentation-logging: Map Python CRITICAL log level to OTel FATAL severity text and WARNING to WARN (#4365)
• opentelemetry-instrumentation-logging: Add recursion guard in LoggingHandler.emit to prevent deadlock (#4302)
• opentelemetry-instrumentation-grpc: Fix bidirectional streaming RPCs raising AttributeError: 'generator' object has no attribute 'add_done_callback' (#4259)
• opentelemetry-instrumentation-aiokafka: fix Unclosed AIOKafkaProducer warning and RuntimeWarning: coroutine was never awaited in tests (#4384)
• opentelemetry-instrumentation-aiokafka: Fix compatibility with aiokafka 0.13 by calling _key_serializer/_value_serializer directly instead of the internal _serialize method whose signature changed in 0.13 from (topic, key, value) to (key, value, headers) (#4379)

Breaking changes

• opentelemetry-instrumentation-boto: Remove instrumentation (#4303)

Commits

• See full diff in compare view

Updates opentelemetry-instrumentation-django from 0.61b0 to 0.62b0

Changelog

Sourced from opentelemetry-instrumentation-django's changelog.

Version 1.41.0/0.62b0 (2026-04-09)

Added

• opentelemetry-instrumentation-asgi: Respect suppress_http_instrumentation context in ASGI middleware to skip server span creation when HTTP instrumentation is suppressed (#4375)
• opentelemetry-instrumentation-confluent-kafka: Loosen confluent-kafka upper bound to <3.0.0 (#4289)
• opentelemetry-instrumentation: Add support for wrapt 2.x (#4203)
• opentelemetry-instrumentation-psycopg2: Add parameter capture_parameters to instrumentor. (#4212)
• opentelemetry-instrumentation-botocore: Add support for instrumenting aiobotocore (#4049)
• opentelemetry-instrumentation-sqlalchemy: implement new semantic convention opt-in migration (#4110)

Fixed

• opentelemetry-docker-tests: Replace deprecated SpanAttributes from opentelemetry.semconv.trace with opentelemetry.semconv._incubating.attributes (#4339)
• opentelemetry-instrumentation-confluent-kafka: Skip recv span creation when poll() returns no message or consume() returns an empty list, avoiding empty spans on idle polls (#4349)
• Fix intermittent Core Contrib Test CI failures caused by GitHub git CDN SHA propagation lag by installing core packages from the already-checked-out local copy instead of a second git clone (#4305)
• Don't import module in unwrap if not already imported (#4321)
• opentelemetry-instrumentation-logging: Map Python CRITICAL log level to OTel FATAL severity text and WARNING to WARN (#4365)
• opentelemetry-instrumentation-logging: Add recursion guard in LoggingHandler.emit to prevent deadlock (#4302)
• opentelemetry-instrumentation-grpc: Fix bidirectional streaming RPCs raising AttributeError: 'generator' object has no attribute 'add_done_callback' (#4259)
• opentelemetry-instrumentation-aiokafka: fix Unclosed AIOKafkaProducer warning and RuntimeWarning: coroutine was never awaited in tests (#4384)
• opentelemetry-instrumentation-aiokafka: Fix compatibility with aiokafka 0.13 by calling _key_serializer/_value_serializer directly instead of the internal _serialize method whose signature changed in 0.13 from (topic, key, value) to (key, value, headers) (#4379)

Breaking changes

• opentelemetry-instrumentation-boto: Remove instrumentation (#4303)

Commits

• See full diff in compare view

Updates opentelemetry-instrumentation-fastapi from 0.61b0 to 0.62b0

Changelog

Sourced from opentelemetry-instrumentation-fastapi's changelog.

Version 1.41.0/0.62b0 (2026-04-09)

Added

• opentelemetry-instrumentation-asgi: Respect suppress_http_instrumentation context in ASGI middleware to skip server span creation when HTTP instrumentation is suppressed (#4375)
• opentelemetry-instrumentation-confluent-kafka: Loosen confluent-kafka upper bound to <3.0.0 (#4289)
• opentelemetry-instrumentation: Add support for wrapt 2.x (#4203)
• opentelemetry-instrumentation-psycopg2: Add parameter capture_parameters to instrumentor. (#4212)
• opentelemetry-instrumentation-botocore: Add support for instrumenting aiobotocore (#4049)
• opentelemetry-instrumentation-sqlalchemy: implement new semantic convention opt-in migration (#4110)

Fixed

• opentelemetry-docker-tests: Replace deprecated SpanAttributes from opentelemetry.semconv.trace with Description has been truncated

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 23 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 291da88.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

training/rl/pyproject.toml

Package	Version	License	Issue Type
skrl	2.0.0	Null	Unknown License
tensordict	0.12.1	Null	Unknown License

training/rl/requirements.txt

Package	Version	License	Issue Type
greenlet	3.4.0	Null	Unknown License
opentelemetry-api	1.41.0	Null	Unknown License
opentelemetry-instrumentation	0.62b0	Null	Unknown License
opentelemetry-instrumentation-asgi	0.62b0	Null	Unknown License
opentelemetry-instrumentation-dbapi	0.62b0	Null	Unknown License
opentelemetry-instrumentation-django	0.62b0	Null	Unknown License
opentelemetry-instrumentation-fastapi	0.62b0	Null	Unknown License
opentelemetry-instrumentation-flask	0.62b0	Null	Unknown License
opentelemetry-instrumentation-psycopg2	0.62b0	Null	Unknown License
opentelemetry-instrumentation-requests	0.62b0	Null	Unknown License
opentelemetry-instrumentation-urllib	0.62b0	Null	Unknown License
opentelemetry-instrumentation-urllib3	0.62b0	Null	Unknown License
opentelemetry-instrumentation-wsgi	0.62b0	Null	Unknown License
opentelemetry-proto	1.41.0	Null	Unknown License
opentelemetry-sdk	1.41.0	Null	Unknown License
opentelemetry-semantic-conventions	0.62b0	Null	Unknown License
opentelemetry-util-http	0.62b0	Null	Unknown License
pydantic	2.13.0	Null	Unknown License
skrl	2.0.0	Null	Unknown License
tensordict	0.12.1	Null	Unknown License
msal	1.36.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/skrl	2.0.0	Unknown	Unknown
pip/tensordict	0.12.1	Unknown	Unknown
pip/google-auth	2.49.2	🟢 7.3	Details Check Score Reason Maintained ⚠️ 0 project is archived Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 5 SAST tool is not run on all commits -- score normalized to 5
pip/greenlet	3.4.0	Unknown	Unknown
pip/msal	1.36.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 16 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 2 badge detected: InProgress Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Packaging 🟢 10 packaging workflow detected SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8 Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches
pip/opentelemetry-api	1.41.0	Unknown	Unknown
pip/opentelemetry-instrumentation	0.62b0	Unknown	Unknown
pip/opentelemetry-instrumentation-asgi	0.62b0	Unknown	Unknown
pip/opentelemetry-instrumentation-dbapi	0.62b0	Unknown	Unknown
pip/opentelemetry-instrumentation-django	0.62b0	Unknown	Unknown
pip/opentelemetry-instrumentation-fastapi	0.62b0	Unknown	Unknown
pip/opentelemetry-instrumentation-flask	0.62b0	Unknown	Unknown
pip/opentelemetry-instrumentation-psycopg2	0.62b0	Unknown	Unknown
pip/opentelemetry-instrumentation-requests	0.62b0	Unknown	Unknown
pip/opentelemetry-instrumentation-urllib	0.62b0	Unknown	Unknown
pip/opentelemetry-instrumentation-urllib3	0.62b0	Unknown	Unknown
pip/opentelemetry-instrumentation-wsgi	0.62b0	Unknown	Unknown
pip/opentelemetry-proto	1.41.0	Unknown	Unknown
pip/opentelemetry-sdk	1.41.0	Unknown	Unknown
pip/opentelemetry-semantic-conventions	0.62b0	Unknown	Unknown
pip/opentelemetry-util-http	0.62b0	Unknown	Unknown
pip/pydantic	2.13.0	Unknown	Unknown
pip/pydantic-core	2.46.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/skrl	2.0.0	Unknown	Unknown
pip/tensordict	0.12.1	Unknown	Unknown

Scanned Files

• training/rl/pyproject.toml
• training/rl/requirements.txt

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.80%. Comparing base (10449df) to head (291da88).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #463   +/-   ##
=======================================
  Coverage   64.80%   64.80%           
=======================================
  Files         251      251           
  Lines       15441    15441           
  Branches     2060     2060           
=======================================
  Hits        10006    10006           
  Misses       5146     5146           
  Partials      289      289           

Flag	Coverage Δ
pester	82.24% <ø> (ø)
pytest	92.40% <ø> (ø)
pytest-dataviewer	63.87% <ø> (ø)
pytest-fuzz	1.59% <ø> (ø)
vitest	51.77% <ø> (ø)

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.