chore(deps)(deps): bump the production-dependencies group across 1 directory with 2 updates

[dependabot]

Bumps the production-dependencies group with 2 updates in the / directory: google-adk and litellm.

Updates google-adk from 1.25.1 to 1.31.1

Release notes

Sourced from google-adk's releases.

v1.31.1

1.32.0 (2026-04-21)

Bug Fixes

• block RCE vulnerability via nested YAML configurations in ADK (e283ea0)
• bump Vertex SDK version (21ebe29)
• Disable bound token for mcp_tool (d0afddd)
• web oauth flow and trace view (c3dafdb)

v1.31.0

1.31.0 (2026-04-16)

Features

• New Live UI: Redesigned the real-time chat and testing interface for a cleaner, more responsive user experience.
• Session Display Names: Added the ability to name and organize debug sessions for easier tracking.
• New Events and Trace View: Overhauled the execution log into a structured trace for better visibility into agent logic.
• New Graph View: Introduced a visual canvas to map out and manage agent architectures and node relationships.
• Event Filtering: Added granular controls to filter the event stream by message type, tools, or errors.
• New Computer Use View: Implemented a dedicated UI for visualizing screenshots and logs during computer-use tasks.
• Add "google-adk" user agent to Parameter Manager and Secret Manager clients (b8e8f6b)
• Add support for memories.ingest_events in VertexAiMemoryBankService (d69477f)
• Add Vertex AI Agent Engine Sandbox integration for computer use (7686848)
• Firestore support (1a9df8f)
• live: Add live_session_id to LlmResponse (bf84e2c)

Bug Fixes

• Bump minimum mcp version from 1.23.0 to 1.24.0 (494c360)
• cli: correct console URL path after adk deploy agent_engine (64ed1a6), closes #5336
• execute on_event_callback before append_event to persist plugin modifications (454188d), closes #3990
• make _EvalMetricResultWithInvocation.expected_invocation Optional for conversation_scenario support (#5215) (a4c9387)
• Pass in auth headers with header provider instead of connection params (e12b0af)
• populate required fields in FunctionDeclaration json_schema fallback (9b9faa4)
• Resolve BigQuery plugin issues with A2A transfers, spans, and metadata (9ca8c38)
• upgrade google-genai lower bound (8bc5728)

Code Refactoring

• live: Use send_client_content to send conversation history (67dc2eb)
• live: Use send_tool_response for function responses (70c5fc8)

Documentation

... (truncated)

Changelog

Sourced from google-adk's changelog.

1.31.1 (2026-04-21)

Bug Fixes

• block RCE vulnerability via nested YAML configurations in ADK (e283ea0)
• bump Vertex SDK version (21ebe29)
• Disable bound token for mcp_tool (d0afddd)
• web oauth flow and trace view (c3dafdb)

1.31.0 (2026-04-16)

Features

• Add "google-adk" user agent to Parameter Manager and Secret Manager clients (b8e8f6b)
• Add support for memories.ingest_events in VertexAiMemoryBankService (d69477f)
• Add Vertex AI Agent Engine Sandbox integration for computer use (7686848)
• Firestore support (1a9df8f)
• live: Add live_session_id to LlmResponse (bf84e2c)

Bug Fixes

• Bump minimum mcp version from 1.23.0 to 1.24.0 (494c360)
• cli: correct console URL path after adk deploy agent_engine (64ed1a6), closes #5336
• execute on_event_callback before append_event to persist plugin modifications (454188d), closes #3990
• make _EvalMetricResultWithInvocation.expected_invocation Optional for conversation_scenario support (#5215) (a4c9387)
• Pass in auth headers with header provider instead of connection params (e12b0af)
• populate required fields in FunctionDeclaration json_schema fallback (9b9faa4)
• Resolve BigQuery plugin issues with A2A transfers, spans, and metadata (9ca8c38)
• upgrade google-genai lower bound (8bc5728)

Code Refactoring

• live: Use send_client_content to send conversation history (67dc2eb)
• live: Use send_tool_response for function responses (70c5fc8)

Documentation

• update MCP Toolbox branding, binary version, and asset references (47fa7b7)

1.30.0 (2026-04-13)

Features

• Add Auth Provider support to agent registry (f2c68eb)

... (truncated)

Commits

• fb77fad chore(release/candidate): release 1.31.1 (#5422)
• e283ea0 fix: block RCE vulnerability via nested YAML configurations in ADK
• 21ebe29 fix: bump Vertex SDK version
• c3dafdb fix: web oauth flow and trace view
• d0afddd fix: Disable bound token for mcp_tool
• 61cca7e chore: update last-release-sha for next release
• b2d81b3 chore(release/candidate): release 1.31.0 (#5360)
• c486504 chore: default to info tab when graph is not available
• d69477f feat: Add support for memories.ingest_events in VertexAiMemoryBankService
• 1af1b4a chore: Remove adk_additional_tools and GetTimezone tool
• Additional commits viewable in compare view

Updates litellm from 1.81.14 to 1.83.14

Release notes

Sourced from litellm's releases.

litellm-trace-dev-v1.81.16

What's Changed

• feat(vertex): add gemini-3.1-flash-image-preview to model DB by @​emerzon in BerriAI/litellm#22223
• perf(spendlogs): optimize old spendlog deletion cron job by @​Harshit28j in BerriAI/litellm#21930
• Fix converse handling for parallel_tool_calls by @​Sameerlite in BerriAI/litellm#22267
• [Fix]Preserve forwarding server side called tools by @​Sameerlite in BerriAI/litellm#22260
• Fix free models working from UI by @​Sameerlite in BerriAI/litellm#22258
• Add v1 for anthropic responses transformation by @​Sameerlite in BerriAI/litellm#22087
• [Bug]Add ChatCompletionImageObject in OpenAIChatCompletionAssistantMessage by @​Sameerlite in BerriAI/litellm#22155
• Fix: poetry lock by @​Sameerlite in BerriAI/litellm#22293
• Enable local file support for OCR by @​noahnistler in BerriAI/litellm#22133
• fix(mcp): Strip stale mcp-session-id to prevent 400 errors across proxy workers by @​gavksingh in BerriAI/litellm#21417
• [Feature] Access group CRUD: Bidirectional team/key sync by @​yuneng-jiang in BerriAI/litellm#22253
• Add LLMClientCache regression tests for httpx client eviction safety by @​ryan-crabbe in BerriAI/litellm#22306
• feat(models): add gpt-audio-1.5 to model cost map by @​Chesars in BerriAI/litellm#22303
• feat(models): add gpt-realtime-1.5 to model cost map by @​Chesars in BerriAI/litellm#22304
• fix(models): function calling for PublicAI Apertus models by @​Chesars in BerriAI/litellm#21582
• Tests: add llmclientcache regression tests by @​ryan-crabbe in BerriAI/litellm#22313
• Add deprecation dates for xAI grok-2-vision-1212 and grok-3-mini models by @​Chesars in BerriAI/litellm#20102
• feat(model_prices): add OpenRouter native models to model cost map by @​Chesars in BerriAI/litellm#20520
• docs: add OpenRouter Opus 4.6 to model map and update Claude Opus 4.6 docs by @​Chesars in BerriAI/litellm#20525
• [Fix] Include timestamps in /project/list response by @​yuneng-jiang in BerriAI/litellm#22323
• [Feature] UI - Projects: Add Projects page with list and create flows by @​yuneng-jiang in BerriAI/litellm#22315
• Fix/claude code plugin schema by @​rahulrd25 in BerriAI/litellm#22271
• Add Prometheus child_exit cleanup for gunicorn workers by @​ryan-crabbe in BerriAI/litellm#22324
• docs: update AssemblyAI docs with Universal-3 Pro, Speech Understanding, and LLM Gateway by @​dylan-duan-aai in BerriAI/litellm#21130
• feat: add in_flight_requests metric to /health/backlog + prometheus by @​ishaan-jaff in BerriAI/litellm#22319
• fix(test): update realtime guardrail test assertions for voice violation behavior by @​jquinter in BerriAI/litellm#22332
• fix(test): update Azure pass-through test after Responses API routing change by @​jquinter in BerriAI/litellm#22334
• fix(db): add missing migration for LiteLLM_ClaudeCodePluginTable by @​jquinter in BerriAI/litellm#22335
• fix(bedrock): restore parallel_tool_calls mapping in map_openai_params by @​jquinter in BerriAI/litellm#22333
• [Feat] Agent RBAC Permission Fix - Ensure Internal Users cannot create agents by @​ishaan-jaff in BerriAI/litellm#22329
• fix(mcp): update test mocks for renamed filter_server_ids_by_ip_with_info by @​jquinter in BerriAI/litellm#22327
• fix: Add PROXY_ADMIN role to system user for key rotation by @​milan-berri in BerriAI/litellm#21896
• fix: populate user_id and user_info for admin users in /user/info by @​milan-berri in BerriAI/litellm#22239
• fix(caching): store task references in LLMClientCache._remove_key by @​shivaaang in BerriAI/litellm#22143
• fix(image_generation): propagate extra_headers to Upstream by @​ZeroClover in BerriAI/litellm#22026
• [Fix] Pass MCP auth headers from request into tool fetch for /v1/responses and chat completions by @​shivamrawat1 in BerriAI/litellm#22291
• fix: shorten guardrail benchmark result filenames for Windows long path support by @​demoray in BerriAI/litellm#22039
• Remove Apache 2 license from SKILL.md by @​rasmi in BerriAI/litellm#22322
• fix(mcp): default available_on_public_internet to true by @​ishaan-jaff in BerriAI/litellm#22331
• fix(bedrock): filter internal json_tool_call when mixed with real tools by @​jquinter in BerriAI/litellm#21107
• fix(jwt): OIDC discovery URLs, roles array handling, dot-notation error hints by @​ishaan-jaff in BerriAI/litellm#22336
• perf: streaming latency improvements — 4 targeted hot-path fixes by @​ishaan-jaff in BerriAI/litellm#22346
• [Test] UI - CostTrackingSettings: Add comprehensive Vitest coverage by @​yuneng-jiang in BerriAI/litellm#22354
• [Feature] Key list endpoint: Add project_id and access_group_id filters by @​yuneng-jiang in BerriAI/litellm#22356
• [Feature] UI - Projects: Add Project Details Page by @​yuneng-jiang in BerriAI/litellm#22360
• [Feature] UI - Projects: Add project keys table and project dropdown to key create/edit by @​yuneng-jiang in BerriAI/litellm#22373
• Litellm health check tokens by @​Harshit28j in BerriAI/litellm#22299
• Doc: security vulnerability scan report to v1.81.14 release notes by @​Harshit28j in BerriAI/litellm#22385

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions