Bump azure-ai-evaluation from 1.2.0 to 1.4.0

[dependabot]

Bumps azure-ai-evaluation from 1.2.0 to 1.4.0.

Release notes

Sourced from azure-ai-evaluation's releases.

azure-ai-evaluation_1.4.0

1.4.0 (2025-03-27)

Features Added

• Enhanced binary evaluation results with customizable thresholds

  • Added threshold support for QA and ContentSafety evaluators
  • Evaluation results now include both the score and threshold values
  • Configurable threshold parameter allows custom binary classification boundaries
  • Default thresholds provided for backward compatibility
  • Quality evaluators use "higher is better" scoring (score ≥ threshold is positive)
  • Content safety evaluators use "lower is better" scoring (score ≤ threshold is positive)

• New Built-in evaluator called CodeVulnerabilityEvaluator is added.

  • It provides capabilities to identify the following code vulnerabilities.
    • path-injection
    • sql-injection
    • code-injection
    • stack-trace-exposure
    • incomplete-url-substring-sanitization
    • flask-debug
    • clear-text-logging-sensitive-data
    • incomplete-hostname-regexp
    • server-side-unvalidated-url-redirection
    • weak-cryptographic-algorithm
    • full-ssrf
    • bind-socket-all-network-interfaces
    • client-side-unvalidated-url-redirection
    • likely-bugs
    • reflected-xss
    • clear-text-storage-sensitive-data
    • tarslip
    • hardcoded-credentials
    • insecure-randomness
  • It also supports multiple coding languages such as (Python, Java, C++, C#, Go, Javascript, SQL)

• New Built-in evaluator called UngroundedAttributesEvaluator is added.

  • It evaluates ungrounded inference of human attributes for a given query, response, and context for a single-turn evaluation only,

  • where query represents the user query and response represents the AI system response given the provided context.

  • Ungrounded Attributes checks for whether a response is first, ungrounded, and checks if it contains information about protected class

  • or emotional state of a person.

  • It identifies the following attributes:

    • emotional_state
    • protected_class
    • groundedness

• New Built-in evaluators for Agent Evaluation (Preview)

  • IntentResolutionEvaluator - Evaluates the intent resolution of an agent's response to a user query.
  • ResponseCompletenessEvaluator - Evaluates the response completeness of an agent's response to a user query.
  • TaskAdherenceEvaluator - Evaluates the task adherence of an agent's response to a user query.

... (truncated)

Commits

• 21d868d Work around release build due to whl_no_aio test environment (#40313)
• a0ab10d Minor fixes to RedTeam (#40310)
• a51d0a4 [ServiceBus] revert link credit calc to cumulative (#40300)
• 433a737 [AutoRelease] t2-search-2025-02-17-53579(can only be merged by SDK owner) (#3...
• b87fc53 [AutoRelease] t2-edgezones-2025-04-01-86237(can only be merged by SDK owner) ...
• 0c603b1 [AutoRelease] t2-hybridconnectivity-2025-04-01-11021(can only be merged by SD...
• 588cf58 [AutoRelease] t2-hybridconnectivity-2025-02-18-60259(can only be merged by SD...
• 0b0345a [SDK generation pipeline] fix version logic (#40305)
• a31440d [AutoRelease] t2-weightsandbiases-2025-03-31-21903(can only be merged by SDK ...
• d3145b6 [AutoRelease] t2-arizeaiobservabilityeval-2025-03-31-95383(can only be merged...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #131.