Skip to content

build(deps): bump google-cloud-aiplatform from 1.42.1 to 1.64.0#228

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/google-cloud-aiplatform-1.64.0
Closed

build(deps): bump google-cloud-aiplatform from 1.42.1 to 1.64.0#228
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/google-cloud-aiplatform-1.64.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Aug 28, 2024

Copy link
Copy Markdown
Contributor

Bumps google-cloud-aiplatform from 1.42.1 to 1.64.0.

Release notes

Sourced from google-cloud-aiplatform's releases.

v1.64.0

1.64.0 (2024-08-27)

Features

  • Add support for Prediction dedicated endpoint. predict/rawPredict/streamRawPredict can use dedicated DNS to access the dedicated endpoint. (3d68777)
  • Add unit tests for Gen AI evaluation module (94289b5)
  • GenAI - Added the model Distillation feature (private preview) (a0d4ff2)
  • Grounding - Allow initialization of grounding.VertexAISearch with full resource name or data store ID, project ID, and location. (f334321)
  • Make Rouge class available in base level init (aed82a1)
  • Read for online store w/private service connect (7af80c6)
  • Support autoscaling in Ray on Vertex (961da42)

Bug Fixes

  • Fix error in tensorboard uploader thrown when time_series_id is None (d59a052)
  • Fix typo in prompt templates: (c8fa7a8)
  • Update generative models tests to be parameterized on environment variable name (be4cbea)

Documentation

  • samples: Adding code sample for vector search create streaming index (71464e7)

v1.63.0

1.63.0 (2024-08-20)

Features

  • A new field satisfies_pzs is added to message .google.cloud.aiplatform.v1.BatchPredictionJob (#4192) (6919037)
  • Add advanced PDF parsing option for RAG file import (6e1dc06)
  • Add multithreading for custom metric computation. (2c93fc1)
  • Add progress bar for generating inference. (b78714f)
  • Add progress bar to custom metrics. (3974aec)
  • Add Prompt class support for configs and Prompt.generate_content wrapper (7f1e031)
  • GenAI - Added seed parameter to the GenerationConfig class (9f1e073)
  • GenAI - Added the Candidate.avg_logprobs property (de80695)
  • GenAI - Released the Prompt feature to Public Preview (64eeab8)
  • GenAI Evaluation: Add generic model-based PointwiseMetric and PairwiseMetric classes that allow customizing metric prompt templates. Add PointwiseMetricPromptTemplate, PairwiseMetricPromptTemplate classes to help formulate and customize metric prompt templates. Add metric_column_mapping parameter to EvalTask for metric prompt template input variable name mapping. (fd38b49)
  • GenAI Evaluation: Open source model-based metric prompt template examples for Gemini 1.5 Pro autorater. Add MetricPromptTemplateExamples class to help retrieve model-based metric prompt templates. (fd38b49)
  • GenAI Evaluation: Release GenAI Evaluation SDK GA features to vertexai.preview module. (fd38b49)
  • Publish GenAI Evaluation SDK GA features to vertexai.evaluation module. Switch GenAI Evaluation Service client to v1 version. (45e4251)

Bug Fixes

  • Add support of display_name to create_cached_content in python SDK (ecc2d54)

... (truncated)

Changelog

Sourced from google-cloud-aiplatform's changelog.

1.64.0 (2024-08-27)

Features

  • Endpoint - Add support for Prediction dedicated endpoint. predict/rawPredict/streamRawPredict can use dedicated DNS to access the dedicated endpoint. (3d68777)
  • GenAI - Added the model Distillation feature (private preview) (a0d4ff2)
  • Grounding - Allow initialization of grounding.VertexAISearch with full resource name or data store ID, project ID, and location. (f334321)
  • Evaluation - Make Rouge class available in base level init (aed82a1)
  • Feature Store - Read for online store w/private service connect (7af80c6)
  • Ray - Support autoscaling in Ray on Vertex (961da42)

Bug Fixes

  • Fix error in tensorboard uploader thrown when time_series_id is None (d59a052)
  • Evaluation - Fix typo in prompt templates: (c8fa7a8)

Documentation

  • samples: Adding code sample for vector search create streaming index (71464e7)

1.63.0 (2024-08-20)

Features

  • A new field satisfies_pzs is added to message .google.cloud.aiplatform.v1.BatchPredictionJob (#4192) (6919037)
  • Add advanced PDF parsing option for RAG file import (6e1dc06)
  • Add multithreading for custom metric computation. (2c93fc1)
  • Add progress bar for generating inference. (b78714f)
  • Add progress bar to custom metrics. (3974aec)
  • Add Prompt class support for configs and Prompt.generate_content wrapper (7f1e031)
  • GenAI - Added seed parameter to the GenerationConfig class (9f1e073)
  • GenAI - Added the Candidate.avg_logprobs property (de80695)
  • GenAI - Released the Prompt feature to Public Preview (64eeab8)
  • GenAI Evaluation: Add generic model-based PointwiseMetric and PairwiseMetric classes that allow customizing metric prompt templates. Add PointwiseMetricPromptTemplate, PairwiseMetricPromptTemplate classes to help formulate and customize metric prompt templates. Add metric_column_mapping parameter to EvalTask for metric prompt template input variable name mapping. (fd38b49)
  • GenAI Evaluation: Open source model-based metric prompt template examples for Gemini 1.5 Pro autorater. Add MetricPromptTemplateExamples class to help retrieve model-based metric prompt templates. (fd38b49)
  • GenAI Evaluation: Release GenAI Evaluation SDK GA features to vertexai.preview module. (fd38b49)
  • Publish GenAI Evaluation SDK GA features to vertexai.evaluation module. Switch GenAI Evaluation Service client to v1 version. (45e4251)

Bug Fixes

  • Add support of display_name to create_cached_content in python SDK (ecc2d54)
  • Always upload the pickled object and dependencies tarball when creating ReasoningEngine (34ef5a3)
  • Remove grouding attribution (f6ece65)

... (truncated)

Commits
  • 6235f54 chore(main): release 1.64.0 (#4275)
  • 961da42 feat: support autoscaling in Ray on Vertex
  • f334321 feat: Grounding - Allow initialization of grounding.VertexAISearch with ful...
  • fef5e4d chore: Platform - Transferred the ownership of the vertexai.tuning module to ...
  • 2711c17 chore: Remove warning for using string model-based metric names.
  • aed82a1 feat: Make Rouge class available in base level init
  • de55173 chore: Parameterize tokenization end-to-end test with prod and staging API en...
  • 71464e7 docs(samples): adding code sample for vector search create streaming index
  • 3d68777 feat: Add support for Prediction dedicated endpoint. predict/rawPredict/strea...
  • a0d4ff2 feat: GenAI - Added the model Distillation feature (private preview)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) from 1.42.1 to 1.64.0.
- [Release notes](https://github.com/googleapis/python-aiplatform/releases)
- [Changelog](https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md)
- [Commits](googleapis/python-aiplatform@v1.42.1...v1.64.0)

---
updated-dependencies:
- dependency-name: google-cloud-aiplatform
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Aug 28, 2024
@sonarqubecloud

Copy link
Copy Markdown

@github-actions github-actions Bot enabled auto-merge August 28, 2024 20:20
@socket-security

Copy link
Copy Markdown

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
pypi/google-cloud-aiplatform@1.64.0 environment, eval, filesystem, network, shell, unsafe 0 75.4 MB gcloudpypi, google_opensource

🚮 Removed packages: pypi/google-cloud-aiplatform@1.42.1)

View full report↗︎

@socket-security

Copy link
Copy Markdown

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
AI detected potential malware pypi/django@5.1
  • Notes: The code contains a highly risky behavior by using 'eval' to execute untrusted code, and it poses a significant security risk.
  • Confidence: 0.80
  • Severity: 0.90
🚫
AI detected potential malware pypi/django@5.1
  • Notes: The code contains highly risky practices such as the use of 'eval' and 'require' functions in a server-side application, which can lead to code execution and loading of arbitrary modules. This poses a high security risk and should not be used.
  • Confidence: 0.85
  • Severity: 0.85
🚫

View full report↗︎

Next steps

What is AI-detected potential malware?

AI has identified this package as malware. This is a strong signal that the package may be malicious.

Given the AI system's identification of this package as malware, extreme caution is advised. It is recommended to avoid downloading or installing this package until the threat is confirmed or flagged as a false positive.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore pypi/django@5.1

@dependabot @github

dependabot Bot commented on behalf of github Sep 5, 2024

Copy link
Copy Markdown
Contributor Author

Superseded by #234.

@dependabot dependabot Bot closed this Sep 5, 2024
auto-merge was automatically disabled September 5, 2024 20:21

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/pip/google-cloud-aiplatform-1.64.0 branch September 5, 2024 20:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants