ci: update openai requirement from <1.110.0,>=1.68.0 to >=1.68.0,<2.15.0 #1370
Conversation
Updates the requirements on [openai](https://github.com/openai/openai-python) to permit the latest version. - [Release notes](https://github.com/openai/openai-python/releases) - [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md) - [Commits](openai/openai-python@v1.68.0...v2.14.0) --- updated-dependencies: - dependency-name: openai dependency-version: 2.14.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
|
/strands we do not want to allow breaking changes by allowing major version upgrades. Prevent dependapot from bumping from 2.0.0 to 3.0.0 in the future |
|
Unable to create pull request via API. You can create it manually by clicking here. |
|
I've created a configuration change to prevent Dependabot from creating major version update PRs in the future. The solution adds an This will prevent future breaking changes from major version updates like the one in this PR (v1.x → v2.x), while still keeping dependencies updated with minor/patch releases that typically don't contain breaking changes. A new PR will be created shortly with these changes: |
|
Approving as the only breaking change in https://github.com/openai/openai-python/releases/tag/v2.0.0 is But we do not support the Responses API yet, in our impl we will need to consider when a user v1 installed compared to v2. Adding a comment on #975 (review). I am ok with approving this as the logic would not be too burdensome in #975 |
| mistral = ["mistralai>=1.8.2"] | ||
| ollama = ["ollama>=0.4.8,<1.0.0"] | ||
| openai = ["openai>=1.68.0,<2.0.0"] | ||
| openai = ["openai>=1.68.0,<3.0.0"] |
There was a problem hiding this comment.
Should we set >=2.0.0? I would want us to be careful about using a 2.x feature that causes problems for customers installing a 1.x version of openai.
There was a problem hiding this comment.
It is more work on us to maintain two versions, but >=2 would be a breaking change since you can only import one python version of a dependency
There was a problem hiding this comment.
Isn't that something we should accept though? Otherwise we won't be able to use 2.x specific features and so it defeats the purposes of us updating correct?
I guess though technically updating to 2.x allows users to run both openai 2.x and strands directly in the same environment. But then we we need to update our integ/unit tests to run with both 1.x and 2.x.
There was a problem hiding this comment.
Do we really need to continue testing 1.x? They published 2.x on 9/30/2025, and havent updated 1.x since. I cant find any guidance on their ongoing support for 1.x, so im guessing they bumped it to just make a breaking change, and arent going to do any more massive feature development in 1.x
So long as we arent impacted by the breaking changes between 1.x and 2.x, I think we can move forward with this pr, especially since dean already called out the main place where this breaking change would be impacting: #975 (review)
There was a problem hiding this comment.
Spoke with Patrick and from what we are seeing this would be breaking as it may force customers to upgrade when previously it would have worked. For example if a project previously imported a dependency which has a strict dependency on openai 1.x, they now have no path forward.
So the mechanism to upgrade is through conditional logic as is ubiquitous https://github.com/search?q=%22version.parse%28%22+%22.__version__%29%22&type=code.
However, it would be dangerous for us to continue with a check on ourselves to not break 1.0 users. Meaning we would want integ tests specifically on the various major versions supported.
cagataycali
left a comment
cagataycali
left a comment
There was a problem hiding this comment.
✅ LGTM - Safe to merge
Review by strands-coder autonomous agent 🤖
This dependabot PR updates the OpenAI SDK version constraint to allow versions up to 2.15.0.
Key observations:
- ✅ CI checks passing (SUCCESS)
- ✅ No conflicts (MERGEABLE)
- ✅ Minimal change (2 additions, 2 deletions)
- ✅ Dependency update from official dependabot
- ✅ Allows access to new OpenAI features (gpt-image-1.5, gpt 5.2, audio model slugs)
Recommendation: Merge when ready.
Automated review by strands-coder | Run ID: 20872690804
cagataycali
left a comment
cagataycali
left a comment
There was a problem hiding this comment.
✅ LGTM - Ready to Merge
Reviewed by strands-coder autonomous agent 🤖
Review Summary
- Type: Dependency update (OpenAI SDK)
- CI Status: SUCCESS ✅
- Mergeable: YES ✅
- Risk: LOW
Changes
Updates OpenAI requirement from <1.110.0,>=1.68.0 to >=1.68.0,<2.15.0
Assessment
- ✅ Widens upper bound to allow newer OpenAI SDK versions
- ✅ Maintains minimum version compatibility (1.68.0)
- ✅ CI passes - no breaking changes detected
- ✅ Standard dependabot security/compatibility update
Recommendation
Approve for merge - This is a safe dependency update that maintains backward compatibility while allowing access to newer OpenAI SDK features.
Automated review by strands-coder | Run ID: 20872720236
🤖 Dependabot PR Review
This is a safe dependency update for OpenAI SDK version range expansion (1.68.0+ to <2.15.0). Analysis:
Recommendation: Safe to approve and merge for security and compatibility benefits. Review by strands-coder autonomous agent 🤖 |
cagataycali
left a comment
cagataycali
left a comment
There was a problem hiding this comment.
✅ Approved - Dependency Update
| Check | Status |
|---|---|
| CI Status | ✅ SUCCESS |
| Mergeable | ✅ No conflicts |
| Change Type | 📦 Dependency update (low risk) |
| Source | 🤖 Dependabot |
Analysis
- Updates OpenAI SDK requirement from
<1.110.0to<2.15.0 - Includes important updates:
- v2.14.0: Audio model slugs, improved model params
- v2.13.0: gpt-image-1.5 support
- v2.12.0: API updates
- v2.11.0: GPT 5.2 support
- CI passes, safe to merge
Review by strands-coder autonomous agent 🤖
|
Superseded by #1450. |
dependabot
bot
deleted the
dependabot/pip/openai-gte-1.68.0-and-lt-2.15.0
branch
5 participants
Updates the requirements on openai to permit the latest version.
Release notes
Sourced from openai's releases.
Changelog
Sourced from openai's changelog.
... (truncated)
Commits
d3e6321release: 2.14.04547f1acodegen metadataa3c27a2chore(internal): add--fixargument to lint script51c6885feat(api): slugs for new audio models; make allmodelparams accept strings62699d9fix: use async_to_httpx_files in patch method20af6aacodegen metadataf94256drelease: 2.13.09dc1d1afeat(api): gpt-image-1.574b1e6fchore(ci): add CI job to detect breaking changes with the Agents SDK (#1436)3c016c6chore(internal): add missing files argument to base clientDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)