chore(multiple samples): Update requests dependencies#14386
Conversation
- Regenerated `requirements.txt` in `dataflow/flex-templates/pipeline_with_dependencies` using pip-compile to update
dependencies for Python 3.13 and a new package index.
- Removed pytest version constraint in `requirements-test.txt`.
- Bumped `requests` to 2.34.2 in `run/mcp-server/uv.lock`.
There was a problem hiding this comment.
Code Review
This pull request updates dependency requirements, including upgrading the autogeneration Python version to 3.13 and bumping several package versions such as apache-beam[gcp] and requests. A critical issue was identified in requirements.txt where a staging Artifact Registry index URL was committed; this private URL must be removed to prevent installation failures for external users.
| # pip-compile --output-file=requirements.txt pyproject.toml | ||
| # | ||
| apache-beam[gcp]==2.54.0 | ||
| --index-url https://us-python.pkg.dev/artifact-foundry-prod/ah-3p-staging-python/simple/ |
There was a problem hiding this comment.
The staging Artifact Registry index URL (https://us-python.pkg.dev/artifact-foundry-prod/ah-3p-staging-python/simple/) should not be committed to a public repository. External users will not have access to this private/staging registry, which will cause pip install to fail. Please remove this --index-url line so that packages are resolved from the standard public PyPI index.
Description
To fix dependabot security alerts:
requirements.txtindataflow/flex-templates/pipeline_with_dependenciesusing pip-compile to update dependencies for Python 3.13 and a new package index.requirements-test.txt.Note: this re-generation of requirements file, also fixes alerts for urllib3.
Fixes b/531833198
Checklist
Testing
Compliance & Style
Post-Approval Actions