Skip to content

Bump google-cloud-aiplatform to force upgrade of litellm#66632

Open
jscheffl wants to merge 2 commits intoapache:mainfrom
jscheffl:bugfix/bump-google-cloud-aiplatform-for-litellm
Open

Bump google-cloud-aiplatform to force upgrade of litellm#66632
jscheffl wants to merge 2 commits intoapache:mainfrom
jscheffl:bugfix/bump-google-cloud-aiplatform-for-litellm

Conversation

@jscheffl
Copy link
Copy Markdown
Contributor

@jscheffl jscheffl commented May 9, 2026
edited
Loading

Sine a while we carry the transitive litellm vulnerability in Dependabot. This PR attempts to bump google-cloud-aiplatform in order to ensure a non vulnerable transitive dependency is enforced.

Not sure why but as a trade we need to lower the click dependency from >=8.3.0 to >=8.1.8 - is this acceptable as a trade?

This refers to to upgrade in click by @eladkal in #61613

Let's see if CI turns green...

Was generative AI tooling used to co-author this PR?
  • Yes (please specify the tool below)
  • Read the Pull Request Guidelines for more information. Note: commit author/co-author name and email in commits become permanently public when merged.
  • For fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
  • When adding dependency, check compliance with the ASF 3rd Party License Policy.
  • For significant user-facing changes create newsfragment: {pr_number}.significant.rst, in airflow-core/newsfragments. You can add this file in a follow-up commit after the PR is created so you know the PR number.

@jscheffl jscheffl added the full tests needed We need to run full set of tests for this PR to merge label May 9, 2026
@jscheffl jscheffl requested a review from potiuk as a code owner May 9, 2026 18:34
@jscheffl jscheffl added the all versions If set, the CI build will be forced to use all versions of Python/K8S/DBs label May 9, 2026
@boring-cyborg boring-cyborg Bot added area:dev-tools area:providers backport-to-v3-2-test Mark PR with this label to backport to v3-2-test branch kind:documentation provider:google Google (including GCP) related issues labels May 9, 2026
@jscheffl jscheffl force-pushed the bugfix/bump-google-cloud-aiplatform-for-litellm branch from c5cc4c7 to f0074af Compare May 9, 2026 20:04
@potiuk
Copy link
Copy Markdown
Member

potiuk commented May 9, 2026

It is pretty strange with 8.1.8 though.. Let me take a look

@jscheffl
Copy link
Copy Markdown
Contributor Author

jscheffl commented May 9, 2026
edited
Loading

It is pretty strange with 8.1.8 though.. Let me take a look

It is litellm which exactly pins this version :-(
image

--> https://github.com/BerriAI/litellm/blob/v1.83.7-stable/pyproject.toml#L32

mhm... on un-released "main" they have releaxed meanwhile... https://github.com/BerriAI/litellm/blob/litellm_internal_staging/pyproject.toml#L24 (and pin is even still existing on RC1 of 1.84)

@jscheffl jscheffl force-pushed the bugfix/bump-google-cloud-aiplatform-for-litellm branch 3 times, most recently from 15858cd to 561815e Compare May 10, 2026 17:17
potiuk
potiuk reviewed May 10, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@potiuk potiuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since they are going to relax soon - It looks fine :)

@jscheffl jscheffl force-pushed the bugfix/bump-google-cloud-aiplatform-for-litellm branch from 561815e to 07a02f7 Compare May 10, 2026 20:16
@jscheffl jscheffl force-pushed the bugfix/bump-google-cloud-aiplatform-for-litellm branch from 07a02f7 to 61eea23 Compare May 11, 2026 05:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@potiuk potiuk potiuk approved these changes

@ashb ashb Awaiting requested review from ashb ashb is a code owner

@gopidesupavan gopidesupavan Awaiting requested review from gopidesupavan gopidesupavan is a code owner

@amoghrajesh amoghrajesh Awaiting requested review from amoghrajesh amoghrajesh is a code owner

@bugraoz93 bugraoz93 Awaiting requested review from bugraoz93 bugraoz93 is a code owner

@jason810496 jason810496 Awaiting requested review from jason810496 jason810496 is a code owner

@jedcunningham jedcunningham Awaiting requested review from jedcunningham jedcunningham is a code owner

@ephraimbuddy ephraimbuddy Awaiting requested review from ephraimbuddy ephraimbuddy is a code owner

@choo121600 choo121600 Awaiting requested review from choo121600 choo121600 is a code owner

@vatsrahul1001 vatsrahul1001 Awaiting requested review from vatsrahul1001 vatsrahul1001 is a code owner

@shahar1 shahar1 Awaiting requested review from shahar1 shahar1 is a code owner

Assignees

No one assigned

Labels

all versions If set, the CI build will be forced to use all versions of Python/K8S/DBs area:dev-tools area:providers backport-to-v3-2-test Mark PR with this label to backport to v3-2-test branch full tests needed We need to run full set of tests for this PR to merge kind:documentation provider:google Google (including GCP) related issues

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jscheffl @potiuk