Skip to content

Comments

chore(deps): [fsi-quant-assistant] Update dependency google-cloud-aiplatform [SECURITY]#350

Open
renovate-bot wants to merge 1 commit intoGoogleCloudPlatform:mainfrom
renovate-bot:renovate/pypi-google-cloud-aiplatform-vulnerability
Open

chore(deps): [fsi-quant-assistant] Update dependency google-cloud-aiplatform [SECURITY]#350
renovate-bot wants to merge 1 commit intoGoogleCloudPlatform:mainfrom
renovate-bot:renovate/pypi-google-cloud-aiplatform-vulnerability

Conversation

@renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Feb 22, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
google-cloud-aiplatform 1.127.01.133.0 age confidence
google-cloud-aiplatform 1.137.01.138.0 age confidence
google-cloud-aiplatform ==1.74.0==1.133.0 age confidence
google-cloud-aiplatform ==1.101.0==1.133.0 age confidence
google-cloud-aiplatform ==1.75.0==1.133.0 age confidence
google-cloud-aiplatform ==1.48.0==1.133.0 age confidence
google-cloud-aiplatform 1.135.01.136.0 age confidence
google-cloud-aiplatform 1.133.01.134.0 age confidence

GitHub Vulnerability Alerts

CVE-2026-2472

Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).

This vulnerability was patched and no customer action is needed.

Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)

CVE-2026-2472 / GHSA-qv8j-hgpc-vrq8

More information

Details

Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.

Severity

  • CVSS Score: Unknown
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

CVE-2026-2473 / GHSA-wh2j-26j7-9728

More information

Details

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).

This vulnerability was patched and no customer action is needed.

Severity

  • CVSS Score: Unknown
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

googleapis/python-aiplatform (google-cloud-aiplatform)

v1.133.0

Compare Source

Features
  • Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
  • GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
  • GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
  • Support Developer Connect in AE (04f1771)
Bug Fixes
  • Add None check for agent_info in evals.py (c8c0f0f)
  • GenAI client(evals) - Fix TypeError in _build_generate_content_config (be2eaaa)
  • Make project_number to project_id mapping fail-open. (f1c8458)
  • Replace asyncio.run with create_task in ADK async thread mains. (83f4076)
  • Replace asyncio.run with create_task in ADK async thread mains. (8c876ef)
  • Require uri or staging bucket configuration for saving model to Vertex Experiment. (5448f06)
  • Return embedding metadata if available (d9c6eb1)
  • Update examples_dataframe type to PandasDataFrame in Prompt Optimizer. (a2564cc)

v1.132.0

Compare Source

Features
  • Add Lustre support to the Vertex Training Custom Job API (71747e8)
  • Add Lustre support to the Vertex Training Custom Job API (71747e8)
Documentation
  • A comment for field restart_job_on_worker_restart in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)
  • A comment for field timeout in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)

v1.131.0

Compare Source

Features
  • Allow list of events to be passed to AdkApp.async_stream_query (dd8840a)
  • GenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (4114728)
  • Updates the ADK template to direct structured JSON logs to standard output. (a65ec29)
Bug Fixes
  • Fix RagManagedVertexVectorSearch when using backend_config (df0976e)
  • GenAI Client(evals) - patch for vulnerability in visualization (8a00d43)

v1.130.0

Compare Source

Features
  • A new field min_gpu_driver_version is added to message .google.cloud.aiplatform.v1beta1.MachineSpec (26dfdfe)
  • Adding RagManagedVertexVectorSearch Vector DB option for RAG corpuses to SDK (da79e21)
  • Expose FullFineTunedResources for full fine tuned deployments (26dfdfe)
  • Expose zone when creating a FeatureOnlineStore (26dfdfe)
  • GenAI Client(evals) - Add support to local agent run for agent eval (30e41d0)
  • GenAI SDK client(memory): Add PurgeMemories (95eb10f)
  • Introduce RagManagedVertexVectorSearch as a new vector db option (26dfdfe)
Documentation
  • Update ReplicatedVoiceConfig.mime_type comment (26dfdfe)
  • Update ReplicatedVoiceConfig.mime_type comment (26dfdfe)

v1.129.0

Compare Source

⚠ BREAKING CHANGES
  • An existing field transfer_to_agent is removed from message .google.cloud.aiplatform.v1beta1.EventActions
  • updating bigtable_metadata field name in FeatureOnlineStore
  • updating enableDirectBigtableAccess field name in FeatureOnlineStore`
  • updating bigtable_metadata field name in FeatureView
Features
  • Add gpu_partition_size in machine_spec v1 api (e0bc3d8)
  • Add ReplicatedVoiceConfig to VoiceConfig to enable Gemini TTS voice replication (e0bc3d8)
  • Add ReplicatedVoiceConfig to VoiceConfig to enable Gemini TTS voice replication (e0bc3d8)
  • Add EmbedContent method v1 (e0bc3d8)
  • Add EmbedContent method v1beta1 (e0bc3d8)
  • Add FunctionResponsePart and excluded_predefined_functions in ComputerUse (e0bc3d8)
  • Add FunctionResponsePart and excluded_predefined_functions in ComputerUse (e0bc3d8)
  • Add new fields SUCCESSFULLY_DEPLOYED and FAILED_TO_DEPLOY to DeploymentStage (e0bc3d8)
  • Add new fields SUCCESSFULLY_DEPLOYED and FAILED_TO_DEPLOY to DeploymentStage (e0bc3d8)
  • Add order_by to list_events (e0bc3d8)
  • Add support for developer connect based deployment (e0bc3d8)
  • Add support for developer connect based deployment (e0bc3d8)
  • Continuous Tuning (e0bc3d8)
  • Enable Vertex Model Garden Managed OSS Fine Tuning. (26b7e51)
  • GenAI Client(evals) - Add location override parameter to run_inference and evaluate methods (b867043)
  • GenAI Client(evals) - support setting autorater generation config for predefined rubric metrics (9304f15)
  • GenAI SDK client(multimodal) - Support Assess Tuning Resource for multimodal dataset. (bc26160)
  • GenAI SDK client(sessions): Add label to Sessions (837c8ea)
Bug Fixes
  • Add OTel cloud.provider attribute to AdkTemplate (7d3bcdd)
  • Add support for app in _init_session (d9f6c58)
  • An existing field transfer_to_agent is removed from message .google.cloud.aiplatform.v1beta1.EventActions (e0bc3d8)
  • Correlate traces with logs in Cloud Trace panel on adk deploy agent_engine (9301551)
  • Enable from vertexai.types import TypeName without needing to run from vertexai import types first (46285bf)
  • Enable from vertexai.types import TypeName without needing to run from vertexai import types first (f4a6cbe)
  • Gen AI SDK client - Fix bug in GCS bucket creation for new agent engines. (8d4ce38)
  • GenAI SDK client(eval) - Reorder the params to put the Config param at the last place. (e8b12cb)
  • Save artifact in init_session (2a43e9b)
  • Update default input and output modes in create_agent_card (7ca4226)
  • Updating bigtable_metadata field name in FeatureOnlineStore (e0bc3d8)
  • Updating bigtable_metadata field name in FeatureView (e0bc3d8)
  • Updating enableDirectBigtableAccess field name in FeatureOnlineStore` (e0bc3d8)
Documentation
  • A comment for field filter in message .google.cloud.aiplatform.v1beta1.ListSessionsRequest is changed (e0bc3d8)
  • A comment for field package_spec in message .google.cloud.aiplatform.v1.ReasoningEngineSpec is changed (e0bc3d8)
  • A comment for field package_spec in message .google.cloud.aiplatform.v1beta1.ReasoningEngineSpec is changed (e0bc3d8)
  • A comment for message ReasoningEngineSpec is changed (e0bc3d8)
  • A comment for message ReasoningEngineSpec is changed (e0bc3d8)
  • Fix idle_scaledown_period minimum from 3600 to 300 (5 minutes) (e0bc3d8)
  • Remove comments for a non public feature (e0bc3d8)
Miscellaneous Chores

v1.128.0

Compare Source

Features
  • GenAI Client(evals) - Add pass_rate to AggregatedMetricResult and calculate it for adaptive rubric metrics. (1f1f67e)
  • GenAI SDK client - Support build options in Agent Engine GCS Deployment. (28499a9)
  • GenAI SDK client - Support build options in Agent Engine source-based Deployment. (f7e718f)
  • GenAI SDK client(multimodal) - Support Assemble feature on the multimodal datasets. (2195411)
Bug Fixes
  • Fix the change runner behavior back to sync function in streaming_agent_run_with_events (e9d9c31)
  • GenAI Client(evals) - fix eval visualizations in Vertex Workbench (c3abe51)
  • GenAI Client(evals) - Reformat codebase 1. Remove duplicated code in _evals_utils and _evals_metric_loader 2. Keep metric utils in _evals_metric_loader and data util in _evals_utils (5f3c655)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate bot added dependencies Pull requests that update a dependency file p0 SECURITY labels Feb 22, 2026
@forking-renovate
Copy link

forking-renovate bot commented Feb 22, 2026
edited
Loading

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: projects/conversational-commerce-agent/data-ingestion/requirements.txt
Command failed: pip-compile --generate-hashes requirements.in
  ERROR: Cannot install -r requirements.in (line 6), -r requirements.in (line 8) and google-auth==2.36.0 because these package versions have conflicting dependencies.
Discarding google-auth==2.36.0 (from -r requirements.txt (line 151)) to proceed the resolution
  ERROR: Cannot install -r requirements.in (line 6), -r requirements.in (line 8) and google-auth==2.36.0 because these package versions have conflicting dependencies.
Traceback (most recent call last):
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/resolver.py", line 99, in resolve
    result = self._result = resolver.resolve(
                            ^^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/pip/_vendor/resolvelib/resolvers/resolution.py", line 601, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/pip/_vendor/resolvelib/resolvers/resolution.py", line 542, in resolve
    raise ResolutionImpossible(self.state.backtrack_causes)
pip._vendor.resolvelib.resolvers.exceptions.ResolutionImpossible: [RequirementInformation(requirement=SpecifierRequirement('google-auth==2.36.0'), parent=None), RequirementInformation(requirement=SpecifierRequirement('google-auth<3.0.dev0,>=2.14.1'), parent=LinkCandidate('https://files.pythonhosted.org/packages/17/a4/c26886d57d90032c5f74c2e80aefdc38ec58551fc46bd4ce79fb2c9389fa/google_api_core-2.23.0-py3-none-any.whl (from https://pypi.org/simple/google-api-core/) (requires-python:>=3.7)')), RequirementInformation(requirement=SpecifierRequirement('google-auth<3.0.0,>=2.47.0'), parent=LinkCandidate('https://files.pythonhosted.org/packages/01/5b/ef74ff65aebb74eaba51078e33ddd897247ba0d1197fd5a7953126205519/google_cloud_aiplatform-1.133.0-py2.py3-none-any.whl (from https://pypi.org/simple/google-cloud-aiplatform/) (requires-python:>=3.9)'))]

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/bin/pip-compile", line 6, in <module>
    sys.exit(cli())
             ^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/click/core.py", line 1485, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/click/core.py", line 1406, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/click/core.py", line 1269, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/click/core.py", line 824, in invoke
    return callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/click/decorators.py", line 34, in new_func
    return f(get_current_context(), *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/piptools/scripts/compile.py", line 481, in cli
    results = resolver.resolve(max_rounds=max_rounds)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/piptools/resolver.py", line 642, in resolve
    is_resolved = self._do_resolve(
                  ^^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/piptools/resolver.py", line 677, in _do_resolve
    resolver.resolve(
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.11.14/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/resolver.py", line 108, in resolve
    raise error from e
pip._internal.exceptions.DistributionNotFound: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts
File name: projects/contextual-ai/api/requirements.txt
Command failed: pip-compile --generate-hashes requirements.in
  ERROR: Cannot install -r requirements.in (line 5), -r requirements.in (line 6), -r requirements.in (line 7) and -r requirements.in (line 8) because these package versions have conflicting dependencies.
Discarding google-auth==2.45.0 (from -r requirements.txt (line 172)) to proceed the resolution
  ERROR: Cannot install -r requirements.in (line 8) and google-genai==1.24.0 because these package versions have conflicting dependencies.
Discarding google-genai==1.24.0 (from -r requirements.txt (line 250)) to proceed the resolution
  ERROR: Cannot install -r requirements.in (line 8) and google-genai==1.24.0 because these package versions have conflicting dependencies.
Traceback (most recent call last):
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/pip/_internal/resolution/resolvelib/resolver.py", line 99, in resolve
    result = self._result = resolver.resolve(
                            ~~~~~~~~~~~~~~~~^
        collected.requirements, max_rounds=limit_how_complex_resolution_can_be
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/pip/_vendor/resolvelib/resolvers/resolution.py", line 601, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/pip/_vendor/resolvelib/resolvers/resolution.py", line 542, in resolve
    raise ResolutionImpossible(self.state.backtrack_causes)
pip._vendor.resolvelib.resolvers.exceptions.ResolutionImpossible: [RequirementInformation(requirement=SpecifierRequirement('google-genai==1.24.0'), parent=None), RequirementInformation(requirement=SpecifierRequirement('google-genai<2.0.0,>=1.37.0'), parent=LinkCandidate('https://files.pythonhosted.org/packages/01/5b/ef74ff65aebb74eaba51078e33ddd897247ba0d1197fd5a7953126205519/google_cloud_aiplatform-1.133.0-py2.py3-none-any.whl (from https://pypi.org/simple/google-cloud-aiplatform/) (requires-python:>=3.9)'))]

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/bin/pip-compile", line 6, in <module>
    sys.exit(cli())
             ~~~^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/click/core.py", line 1485, in __call__
    return self.main(*args, **kwargs)
           ~~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/click/core.py", line 1406, in main
    rv = self.invoke(ctx)
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/click/core.py", line 1269, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/click/core.py", line 824, in invoke
    return callback(*args, **kwargs)
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/click/decorators.py", line 34, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/piptools/scripts/compile.py", line 481, in cli
    results = resolver.resolve(max_rounds=max_rounds)
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/piptools/resolver.py", line 642, in resolve
    is_resolved = self._do_resolve(
        resolver=resolver,
        compatible_existing_constraints=compatible_existing_constraints,
    )
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/piptools/resolver.py", line 677, in _do_resolve
    resolver.resolve(
    ~~~~~~~~~~~~~~~~^
        root_reqs=self.constraints
        ^^^^^^^^^^^^^^^^^^^^^^^^^^
        + list(compatible_existing_constraints.values()),
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        check_supported_wheels=not self.options.target_dir,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/opt/containerbase/tools/pip-tools/7.5.3/3.13.12/lib/python3.13/site-packages/pip/_internal/resolution/resolvelib/resolver.py", line 108, in resolve
    raise error from e
pip._internal.exceptions.DistributionNotFound: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts
File name: projects/dataflow-gcs-to-alloydb/requirements.txt
Command failed: uv pip compile --generate-hashes requirements.in --upgrade-package=google-cloud-aiplatform==1.136.0
  × No solution found when resolving dependencies:
  ╰─▶ Because there is no version of betterproto==2.0.0b6 and
      envoy-data-plane==1.0.3 depends on betterproto==2.0.0b6, we can conclude
      that envoy-data-plane==1.0.3 cannot be used.
      And because only the following versions of envoy-data-plane are
      available:
          envoy-data-plane<=1.0.3
          envoy-data-plane>=2
      we can conclude that envoy-data-plane>=1.0.3,<2 cannot be used.
      And because apache-beam==2.71.0 depends on envoy-data-plane>=1.0.3,<2
      and you require apache-beam[gcp]==2.71.0, we can conclude that your
      requirements are unsatisfiable.

      hint: `betterproto` was requested with a pre-release marker (e.g.,
      betterproto==2.0.0b6), but pre-releases weren't enabled (try:
      `--prerelease=allow`)
File name: projects/dataflow-gcs-to-alloydb/requirements-dev.txt
Command failed: uv pip compile --generate-hashes requirements-dev.in --upgrade-package=google-cloud-aiplatform==1.136.0
  × No solution found when resolving dependencies:
  ╰─▶ Because there is no version of betterproto==2.0.0b6 and
      envoy-data-plane==1.0.3 depends on betterproto==2.0.0b6, we can conclude
      that envoy-data-plane==1.0.3 cannot be used.
      And because only the following versions of envoy-data-plane are
      available:
          envoy-data-plane<=1.0.3
          envoy-data-plane>=2
      we can conclude that envoy-data-plane>=1.0.3,<2 cannot be used.
      And because apache-beam==2.71.0 depends on envoy-data-plane>=1.0.3,<2
      and you require apache-beam[gcp]==2.71.0, we can conclude that your
      requirements are unsatisfiable.

      hint: `betterproto` was requested with a pre-release marker (e.g.,
      betterproto==2.0.0b6), but pre-releases weren't enabled (try:
      `--prerelease=allow`)

@renovate-bot renovate-bot added dependencies Pull requests that update a dependency file SECURITY p0 labels Feb 22, 2026
@renovate-bot renovate-bot force-pushed the renovate/pypi-google-cloud-aiplatform-vulnerability branch from 02593c5 to 2b5e3b9 Compare February 23, 2026 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mservidio mservidio Awaiting requested review from mservidio mservidio is a code owner

@michael-chi michael-chi Awaiting requested review from michael-chi michael-chi is a code owner

@isidro-deloera isidro-deloera Awaiting requested review from isidro-deloera isidro-deloera is a code owner

@LUJ20 LUJ20 Awaiting requested review from LUJ20 LUJ20 is a code owner

@tdigangi tdigangi Awaiting requested review from tdigangi tdigangi is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file p0 SECURITY

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@renovate-bot