Determine this is the right repository

• I determined this is the correct repository in which to report this bug.

Summary of the issue

Context

Installing release versions of google-cloud-python libraries with current pip leads to accidentally installing release candidates of indirect dependencies.

As an example, if I do pip install google-cloud-kms==3.4.0 I currently end up getting grpcio version 1.71.0rc2 -- a release candidate.

This behaviour is a result of

• pip fixing its pre-release specifier behaviour: "Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <2.0dev can include 1.0rc1)" (https://github.com/pypa/pip/blob/main/NEWS.rst#2501-2025-02-09)
• All google-cloud-python libraries using dependency specifiers like googleapis-common-protos<2.0.0dev -- this is incorrect and should never include "dev"

Expected Behavior:

• Installing google-cloud-python projects should not lead to installing release candidates of indirect dependencies
• pre-release version specifiers (such as "X.Y.Zdev") should not be used when defining library dependencies

Actual Behavior:

google-cloud-kms projects use pre-release version specifiers (specifically <X.Y.Zdev) in their dependencies. This leads to accidentally installing release candidates of indirect dependencies.

API client name and version

No response

Reproduction steps:

# start with empty virtualenv. Upgrade to current pip
pip install -U pip 
# Install a release version of a google-cloud-python package
pip install google-cloud-kms==3.4.0

Reproduction steps: actual results

$ pip show grpcio | grep Version
Version: 1.71.0rc2

Reproduction steps: expected results

$ pip show grpcio | grep Version
Version: 1.70.0

OS & version + platform

No response

Python environment

Python 3.12.8

Python dependencies

Package Version

pip 25.0.1

Additional context

No response