Description
Determine this is the right repository
- I determined this is the correct repository in which to report this bug.
Summary of the issue
Context
Installing release versions of google-cloud-python libraries with current pip leads to accidentally installing release candidates of indirect dependencies.
As an example, if I do pip install google-cloud-kms==3.4.0 I currently end up getting grpcio version 1.71.0rc2 -- a release candidate.
This behaviour is a result of
- pip fixing its pre-release specifier behaviour: "Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <2.0dev can include 1.0rc1)" (https://github.com/pypa/pip/blob/main/NEWS.rst#2501-2025-02-09)
- All google-cloud-python libraries using dependency specifiers like
googleapis-common-protos<2.0.0dev-- this is incorrect and should never include "dev"
Expected Behavior:
- Installing google-cloud-python projects should not lead to installing release candidates of indirect dependencies
- pre-release version specifiers (such as "X.Y.Zdev") should not be used when defining library dependencies
Actual Behavior:
google-cloud-kms projects use pre-release version specifiers (specifically <X.Y.Zdev) in their dependencies. This leads to accidentally installing release candidates of indirect dependencies.
API client name and version
No response
Reproduction steps:
# start with empty virtualenv. Upgrade to current pip
pip install -U pip
# Install a release version of a google-cloud-python package
pip install google-cloud-kms==3.4.0Reproduction steps: actual results
$ pip show grpcio | grep Version
Version: 1.71.0rc2Reproduction steps: expected results
$ pip show grpcio | grep Version
Version: 1.70.0OS & version + platform
No response
Python environment
Python 3.12.8
Python dependencies
Package Version
pip 25.0.1
Additional context
No response