Skip to content

chore(deps): bump openai from 1.102.0 to 2.4.0 #1406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): bump openai from 1.102.0 to 2.4.0 #1406

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 17, 2025
edited
Loading

Bumps openai from 1.102.0 to 2.4.0.

Release notes

Sourced from openai's releases.

v2.4.0

2.4.0 (2025-10-16)

Full Changelog: v2.3.0...v2.4.0

Features

  • api: Add support for gpt-4o-transcribe-diarize on audio/transcriptions endpoint (bdbe9b8)

Chores

  • fix dangling comment (da14e99)
  • internal: detect missing future annotations with ruff (2672b8f)

v2.3.0

2.3.0 (2025-10-10)

Full Changelog: v2.2.0...v2.3.0

Features

  • api: comparison filter in/not in (aa49f62)

Chores

  • package: bump jiter to >=0.10.0 to support Python 3.14 (#2618) (aa445ca)

v2.2.0

2.2.0 (2025-10-06)

Full Changelog: v2.1.0...v2.2.0

Features

  • api: dev day 2025 launches (38ac009)

Bug Fixes

  • client: add chatkit to beta resource (de3e561)

v2.1.0

2.1.0 (2025-10-02)

Full Changelog: v2.0.1...v2.1.0

Features

... (truncated)

Changelog

Sourced from openai's changelog.

2.4.0 (2025-10-16)

Full Changelog: v2.3.0...v2.4.0

Features

  • api: Add support for gpt-4o-transcribe-diarize on audio/transcriptions endpoint (bdbe9b8)

Chores

  • fix dangling comment (da14e99)
  • internal: detect missing future annotations with ruff (2672b8f)

2.3.0 (2025-10-10)

Full Changelog: v2.2.0...v2.3.0

Features

  • api: comparison filter in/not in (aa49f62)

Chores

  • package: bump jiter to >=0.10.0 to support Python 3.14 (#2618) (aa445ca)

2.2.0 (2025-10-06)

Full Changelog: v2.1.0...v2.2.0

Features

  • api: dev day 2025 launches (38ac009)

Bug Fixes

  • client: add chatkit to beta resource (de3e561)

2.1.0 (2025-10-02)

Full Changelog: v2.0.1...v2.1.0

Features

  • api: add support for realtime calls (7f7925b)

2.0.1 (2025-10-01)

... (truncated)

Commits
  • ebf3221 release: 2.4.0
  • e043d7b chore: fix dangling comment
  • 25cbb74 feat(api): Add support for gpt-4o-transcribe-diarize on audio/transcriptions ...
  • 8cdfd06 codegen metadata
  • d5c6443 codegen metadata
  • b20a9e7 chore(internal): detect missing future annotations with ruff
  • e5f93f5 release: 2.3.0
  • 0448788 feat(api): comparison filter in/not in
  • 85a91ad chore(package): bump jiter to >=0.10.0 to support Python 3.14 (#2618)
  • d69edeb release: 2.2.0
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Disclaimer: Experimental PR review

Greptile Overview

Updated On: 2025-10-17 05:14:19 UTC

Summary

This PR bumps the OpenAI SDK from 1.102.0 to 2.4.0, a major version upgrade. Key changes:

Dependencies Updated:

  • openai: 1.102.0 → 2.4.0 (major version bump)
  • langchain-openai: 0.3.32 → 0.3.35 (compatible with OpenAI 2.x, constraint updated to >=1.104.2,<3.0.0)
  • langchain-core: 0.3.75 → 0.3.79
  • jiter constraint: >=0.4.0 → >=0.10.0 (for Python 3.14 support)

OpenAI 2.0 Breaking Changes:
According to the OpenAI changelog, v2.0.0 introduced a breaking change where ResponseFunctionToolCallOutputItem.output and ResponseCustomToolCallOutput.output now return string | Array<ResponseInputText | ResponseInputImage | ResponseInputFile> instead of just string.

Potential Issue Found:
The version checking logic in langfuse/openai.py uses max_version="1.92.0" constraints to control when certain method wrappers are registered. This logic doesn't properly handle major version upgrades - with OpenAI 2.4.0, the condition >= Version("1.92.0") evaluates to true, potentially skipping method registrations that should still apply to v2.x.

Confidence Score: 2/5

  • This PR has a critical version checking logic issue that needs verification before merging
  • Major version bump (1.x → 2.x) combined with version-checking logic in langfuse/openai.py that uses max_version="1.92.0" constraints. The condition >= Version("1.92.0") will incorrectly evaluate to true for v2.4.0, potentially skipping method wrapper registrations. This could break tracing for beta chat completion parse methods. The OpenAI v2.0 breaking change to output types may also affect response parsing. Tests should be run to verify compatibility.
  • poetry.lock - requires verification that version checking logic in langfuse/openai.py works correctly with OpenAI 2.x

Important Files Changed

File Analysis

Filename Score Overview
poetry.lock 3/5 OpenAI SDK upgraded from 1.102.0 to 2.4.0 (major version bump). Version checking logic with max_version="1.92.0" constraints may not work correctly with v2.x

Sequence Diagram

sequenceDiagram
    participant D as Dependabot
    participant L as poetry.lock
    participant O as OpenAI SDK
    participant LF as langfuse/openai.py
    participant R as register_tracing()
    
    D->>L: Update openai 1.102.0 → 2.4.0
    L->>L: Update langchain-openai 0.3.32 → 0.3.35
    L->>L: Update jiter constraint >=0.4.0 → >=0.10.0
    
    Note over LF,R: On Import Time
    LF->>R: Call register_tracing()
    R->>O: Check Version(openai.__version__)
    O-->>R: Returns "2.4.0"
    
    R->>R: For each OpenAiDefinition with max_version
    Note over R: Check: Version("2.4.0") >= Version("1.92.0")
    R->>R: Evaluates to TRUE
    R->>R: SKIP wrapping beta completions.parse
    
    Note over R: ⚠️ Potential Issue:<br/>Beta parse methods may not be wrapped<br/>if they still exist in OpenAI 2.x
Loading

@dependabot
chore(deps): bump openai from 1.102.0 to 2.4.0
fcace80 
Bumps [openai](https://github.com/openai/openai-python) from 1.102.0 to 2.4.0.
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v1.102.0...v2.4.0)

---
updated-dependencies:
- dependency-name: openai
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Oct 17, 2025
@dependabot dependabot bot mentioned this pull request Oct 17, 2025
Closed
greptile-apps[bot]
greptile-apps bot reviewed Oct 17, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

poetry.lock
Comment on lines 1060 to 1076

[[package]]
name = "openai"
version = "1.102.0"
version = "2.4.0"
description = "The official Python library for the openai API"
optional = false
python-versions = ">=3.8"
groups = ["main", "dev"]
files = [
{file = "openai-1.102.0-py3-none-any.whl", hash = "sha256:d751a7e95e222b5325306362ad02a7aa96e1fab3ed05b5888ce1c7ca63451345"},
{file = "openai-1.102.0.tar.gz", hash = "sha256:2e0153bcd64a6523071e90211cbfca1f2bbc5ceedd0993ba932a5869f93b7fc9"},
{file = "openai-2.4.0-py3-none-any.whl", hash = "sha256:5099f4fbfa80e7e5785ba52402c580eadba21e6172c85df05455676605ad150f"},
{file = "openai-2.4.0.tar.gz", hash = "sha256:97860859172b637ffb308433c207a371d4683586ed2b24b360cb4c08cf377d01"},
]
markers = {main = "extra == \"openai\""}

[package.dependencies]
anyio = ">=3.5.0,<5"
distro = ">=1.7.0,<2"
Copy link
Contributor

@greptile-apps greptile-apps bot Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Version checking logic in langfuse/openai.py:960-963 uses max_version="1.92.0" to exclude certain method wrappers (beta chat completions parse methods). With OpenAI 2.x, the condition Version(openai.__version__) >= Version("1.92.0") will be true (2.4.0 >= 1.92.0), causing these methods to be skipped during registration, but they should likely still be wrapped for v2.x. The max_version constraint was intended to stop at 1.92.0 when the parse method moved from beta to stable, but the logic doesn't account for major version bumps.

Check if the openai.resources.beta.chat.completions module path still exists in OpenAI 2.x and whether the version filtering logic needs updating to handle 2.x properly.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: poetry.lock
Line: 1060:1076

Comment:
**logic:** Version checking logic in `langfuse/openai.py:960-963` uses `max_version="1.92.0"` to exclude certain method wrappers (beta chat completions parse methods). With OpenAI 2.x, the condition `Version(openai.__version__) >= Version("1.92.0")` will be true (2.4.0 &gt;= 1.92.0), causing these methods to be skipped during registration, but they should likely still be wrapped for v2.x. The `max_version` constraint was intended to stop at 1.92.0 when the parse method moved from beta to stable, but the logic doesn't account for major version bumps.

Check if the `openai.resources.beta.chat.completions` module path still exists in OpenAI 2.x and whether the version filtering logic needs updating to handle 2.x properly.

How can I resolve this? If you propose a fix, please make it concise.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 20, 2025

Superseded by #1410.

@dependabot dependabot bot closed this Oct 20, 2025
@dependabot dependabot bot deleted the dependabot/pip/openai-2.4.0 branch October 20, 2025 05:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant