Bump google-cloud-aiplatform to force upgrade of litellm

[jscheffl]

Sine a while we carry the transitive litellm vulnerability in Dependabot. This PR attempts to bump google-cloud-aiplatform in order to ensure a non vulnerable transitive dependency is enforced.

Not sure why but as a trade we need to lower the click dependency from >=8.3.0 to >=8.1.8 - is this acceptable as a trade?

This refers to to upgrade in click by @eladkal in #61613

Let's see if CI turns green...

---

Was generative AI tooling used to co-author this PR?

• Yes (please specify the tool below)

---

• Read the Pull Request Guidelines for more information. Note: commit author/co-author name and email in commits become permanently public when merged.
• For fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
• When adding dependency, check compliance with the ASF 3rd Party License Policy.
• For significant user-facing changes create newsfragment: {pr_number}.significant.rst, in airflow-core/newsfragments. You can add this file in a follow-up commit after the PR is created so you know the PR number.

[potiuk]

It is pretty strange with 8.1.8 though.. Let me take a look

[jscheffl]

It is pretty strange with 8.1.8 though.. Let me take a look

It is litellm which exactly pins this version :-(

--> https://github.com/BerriAI/litellm/blob/v1.83.7-stable/pyproject.toml#L32

mhm... on un-released "main" they have releaxed meanwhile... https://github.com/BerriAI/litellm/blob/litellm_internal_staging/pyproject.toml#L24 (and pin is even still existing on RC1 of 1.84)

[potiuk]

Since they are going to relax soon - It looks fine :)

[github-actions]

uv.lock on main just moved via #58929 ("Add support for influx3 in influxdb provider"), commit 8e51e68 and this PR currently conflicts.

Quickest fix:

git fetch upstream main && git rebase upstream/main
rm uv.lock && uv lock
git add uv.lock && git rebase --continue
git push --force-with-lease

Automated nudge — ignore if you're not ready to rebase. This comment is updated in place on future uv.lock bumps.

[jscheffl]

Mhm, considering that litellm with less restrictive pinning of click has been released 13h ago...

...and we cut a providers release Monday/Tuesday I'd suggest we wait a moment until the cooldown allows to get the newest and then we do not need to downgrade click with a lot less side effecs. Will park the PR until then.

• Wait until Cooldown of 4 days is reached on 2026-05-18 and revert click downgrade

[jscheffl]

Note: PR will fail in UV needs upgrading until cooldown is reached in ~24h Then needs a rebase and UV to be updated here.

[jscheffl]

Still not working as the litellm version that is relaxing click dependency is not in the allowed range for google-cloud-aiplatform which is actually rendering the transitive dependency. Opened bug googleapis/python-aiplatform#6827 and PR googleapis/python-aiplatform#6828 in hoping the upper bound to litellm is relaxed.