chore(deps): [ai] Update dependency google-cloud-aiplatform [SECURITY]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
google-cloud-aiplatform	1.137.0 → 1.138.0
google-cloud-aiplatform	1.74.0 → 1.133.0
google-cloud-aiplatform	1.135.0 → 1.136.0
google-cloud-aiplatform	1.133.0 → 1.134.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

CVE-2026-2473 / GHSA-wh2j-26j7-9728

More information

Details

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).

This vulnerability was patched and no customer action is needed.

Severity

• CVSS Score: 7.7 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-2473
• https://docs.cloud.google.com/support/bulletins#gcp-2026-012
• https://github.com/googleapis/python-aiplatform
• https://github.com/googleapis/python-aiplatform/releases/tag/v1.133.0

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

GitHub Vulnerability Alerts

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).

This vulnerability was patched and no customer action is needed.

---

Release Notes

googleapis/python-aiplatform (google-cloud-aiplatform)

v1.138.0

Compare Source

Features

• Add support for BYO-dockerfile in AE deployment (7572601)
• GenAI SDK client - Make operation polling interval configurable when creating agent engine sandbox (bf9e0ff)
• GenAI SDK client(multimodal) - Support Assess Batch Prediction Resources for the multimodal datasets. (0fe5314)
• GenAI SDK client(multimodal) - Support Assess Batch Prediction Validity for the multimodal datasets. (a63e8d5)
• GenAI SDK client(multimodal) - Support Assess Tuning Validity for multimodal dataset. (12f5aa5)
• Update the ADK template to export logs directly to Cloud Logging when OTEL_SEMCONV_STABILITY_OPT_IN is set to "gen_ai_latest_experimental". (82db4ad)

Bug Fixes

• Refactor session retrieval fallback in _streaming_agent_run_with_events. (8aec754)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[forking-renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: projects/dataflow-gcs-to-alloydb/requirements.txt

Command failed: uv pip compile --generate-hashes requirements.in --upgrade-package=google-cloud-aiplatform==1.136.0
  × No solution found when resolving dependencies:
  ╰─▶ Because there is no version of betterproto==2.0.0b6 and
      envoy-data-plane==1.0.3 depends on betterproto==2.0.0b6, we can conclude
      that envoy-data-plane==1.0.3 cannot be used.
      And because only the following versions of envoy-data-plane are
      available:
          envoy-data-plane<=1.0.3
          envoy-data-plane>=2
      we can conclude that envoy-data-plane>=1.0.3,<2 cannot be used.
      And because apache-beam==2.71.0 depends on envoy-data-plane>=1.0.3,<2
      and you require apache-beam[gcp]==2.71.0, we can conclude that your
      requirements are unsatisfiable.

      hint: `betterproto` was requested with a pre-release marker (e.g.,
      betterproto==2.0.0b6), but pre-releases weren't enabled (try:
      `--prerelease=allow`)

File name: projects/dataflow-gcs-to-alloydb/requirements-dev.txt

Command failed: uv pip compile --generate-hashes requirements-dev.in --upgrade-package=google-cloud-aiplatform==1.136.0
  × No solution found when resolving dependencies:
  ╰─▶ Because there is no version of betterproto==2.0.0b6 and
      envoy-data-plane==1.0.3 depends on betterproto==2.0.0b6, we can conclude
      that envoy-data-plane==1.0.3 cannot be used.
      And because only the following versions of envoy-data-plane are
      available:
          envoy-data-plane<=1.0.3
          envoy-data-plane>=2
      we can conclude that envoy-data-plane>=1.0.3,<2 cannot be used.
      And because apache-beam==2.71.0 depends on envoy-data-plane>=1.0.3,<2
      and you require apache-beam[gcp]==2.71.0, we can conclude that your
      requirements are unsatisfiable.

      hint: `betterproto` was requested with a pre-release marker (e.g.,
      betterproto==2.0.0b6), but pre-releases weren't enabled (try:
      `--prerelease=allow`)