fix(deps): pin litellm upper bound to 1.83.14

cwest · cwest · commit 3840fe71a04b · 2026-04-26T20:15:45.000-04:00
Addresses review feedback on google#5489: restore the project's defensive exact-version pin (matching the prior <=1.82.6 pattern) in place of the open-ended <2 cap. Pinning to current latest (1.83.14) keeps every future litellm release behind a deliberate bump, which is what stopped the 1.82.7/8 supply-chain attack from reaching ADK users. Tested: tests/unittests/models/test_litellm.py and tests/unittests/models/test_litellm_import.py pass (259 passed, 0 failed) against the installed litellm 1.83.13.
diff --git a/pyproject.toml b/pyproject.toml
@@ -123,7 +123,7 @@ optional-dependencies.extensions = [
   "k8s-agent-sandbox>=0.1.1.post3",                                  # For GkeCodeExecutor sandbox mode
   "kubernetes>=29",                                                  # For GkeCodeExecutor
   "langgraph>=0.2.60,<0.4.8",                                        # For LangGraphAgent
-  "litellm>=1.83.7,<2",                                              # For LiteLlm class. Lower bound is the first release with patches for 5 CVEs disclosed 2026-04-11/24; supersedes earlier supply-chain pin against 1.82.7/8.
+  "litellm>=1.83.7,<=1.83.14",                                       # For LiteLlm class. Lower bound is the first release with patches for 5 CVEs disclosed 2026-04-11/24; supersedes earlier supply-chain pin against 1.82.7/8. Upper bound pinned to current latest to defend against future supply-chain attacks (see #5489).
   "llama-index-embeddings-google-genai>=0.3",                        # For files retrieval using LlamaIndex.
   "llama-index-readers-file>=0.4",                                   # For retrieval using LlamaIndex.
   "lxml>=5.3",                                                       # For load_web_page tool.
@@ -142,7 +142,7 @@ optional-dependencies.test = [
   "kubernetes>=29",                                                  # For GkeCodeExecutor
   "langchain-community>=0.3.17",
   "langgraph>=0.2.60,<0.4.8",                                        # For LangGraphAgent
-  "litellm>=1.83.7,<2",                                              # For LiteLLM tests. Lower bound is the first release with patches for 5 CVEs disclosed 2026-04-11/24; supersedes earlier supply-chain pin against 1.82.7/8.
+  "litellm>=1.83.7,<=1.83.14",                                       # For LiteLLM tests. Lower bound is the first release with patches for 5 CVEs disclosed 2026-04-11/24; supersedes earlier supply-chain pin against 1.82.7/8. Upper bound pinned to current latest to defend against future supply-chain attacks (see #5489).
   "llama-index-readers-file>=0.4",                                   # For retrieval tests
   "openai>=1.100.2",                                                 # For LiteLLM
   "opentelemetry-instrumentation-google-genai>=0.3b0,<1",
