Update sagemaker requirement from <3,>=2 to >=3.11.0,<4

[dependabot]

Updates the requirements on sagemaker to permit the latest version.

Release notes

Sourced from sagemaker's releases.

v3.11.0

New Features

• Auto-detect subscription recipe hyperparameters in SFTTrainer for Nova Forge datamix support
• Create asymmetric ECDSA signing key in feature processor step compiler for remote function payload verification

Documentation

• Add Feature Store reference to Implement MLOps page
• Replace internal S3 URIs with user placeholders in SFT notebook

Changelog

Sourced from sagemaker's changelog.

v3.11.0 (2026-05-12)

New Features

• Auto-detect subscription recipe hyperparameters in SFTTrainer for Nova Forge datamix support
• Create asymmetric ECDSA signing key in feature processor step compiler for remote function payload verification

Documentation

• Add Feature Store reference to Implement MLOps page
• Replace internal S3 URIs with user placeholders in SFT notebook

v3.10.1 (2026-05-07)

Bug Fixes

• Fix KMS key propagation in check steps (QualityCheckStep, ClarifyCheckStep)
• Fix JumpStart network isolation in ModelBuilder
• Fix base_model_arn construction to use private hub when SAGEMAKER_HUB_NAME is set
• Fix imports for Model Customization interfaces
• Fix handling of unrecognized JumpStart container images in ModelBuilder
• Increase default timeout for training jobs

v3.10.0 (2026-05-01)

New Features

• Make _PipelineExecution a public class
• Add CodeArtifact support for ModelTrainer and FrameworkProcessor requirements.txt installation

Bug Fixes

• Fix S3 bucket operations
• Fix potential S3 path traversal
• Wire FrameworkProcessor code_location into code upload paths
• Improve subprocess exception handling in git_utils

Other

• Update service-2.json with latest public botocore service model

v3.9.0 (2026-04-23)

New Features

• Train: Add wait_timeout parameter to train() for SFT, DPO, RLAIF, RLVR, and BaseTrainer
• Evaluate: Add MLflow experiment link to eval output
• JumpStart: Allow SAGEMAKER_HUB_NAME environment variable to override the HUB_NAME constant

Bug Fixes

• HyperparameterTuner: Pass through full OutputDataConfig from ModelTrainer so kms_key_id, compression_type, and other fields are preserved
• HyperparameterTuner / ModelTrainer: Propagate environment variables that were previously dropped
• sagemaker-core: Improve error messages for waiter timeouts
• ModelBuilder: Stop overwriting user-provided HF_MODEL_ID for DJL Serving
• ModelBuilder: Keep /opt/ml/model writable when using source_code with DJL LMI
• Evaluate: Skip None hyperparameters in to_dict instead of converting them to the string "None"
• Nova: Add us-west-2 to Nova supported regions

... (truncated)

Commits

• 721a49f fix(jumpstart): ignore unknown fields in HubContentDocument to handle hub sch...
• 6b78dd7 Manual release 3.11.0 (#5848)
• e4f7058 docs(ml_ops): Add Feature Store reference to Implement MLOps page (#5845)
• bf290ff Replace internal S3 URIs with user placeholders in SFT notebook (#5704)
• 6934304 fix: create asymmetric validation key in step compiler (#5823)
• bc81f0b feat(train): Auto-detect subscription recipe hyperparameters in SFTTrainer (#...
• a3a20c7 Update version, changelog, and pyproject files for release of 3.10.1 (#5838)
• 69ed9e9 Passing kms key in mlops interfaces (#5834)
• 7ff67d5 Fix base_model_arn construction to use private hub when SAGEMAKER_HUB_NAME is...
• 1b86252 Fix/jumpstart network isolation (#5833)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)