chore(deps): update pip

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
google-adk (changelog)	==1.21.0 → ==1.22.1
langchain (source, changelog)	==1.2.2 → ==1.2.3
langgraph (source, changelog)	==1.0.5 → ==1.0.6
toolbox-core (changelog)	==0.5.4 → ==0.5.7
toolbox-langchain (changelog)	==0.5.4 → ==0.5.7
toolbox-llamaindex (changelog)	==0.5.4 → ==0.5.7

---

Release Notes

google/adk-python (google-adk)

v1.22.1

Compare Source

Bug Fixes

• Add back adk migrate session CLI (8fb2be2).
• Escape database reserved keyword (94d48fc).

v1.22.0

Compare Source

Features

• [Core]

  • Make LlmAgent.model optional with a default fallback (b287215).
  • Support regex for allowed origins (2ea6e51).
  • Enable PROGRESSIVE_SSE_STREAMING feature by default (0b1cff2).

• [Evals]

  • Add custom instructions support to LlmBackedUserSimulator (a364388).
  • Introduce a post-hoc, per-turn evaluator for user simulations (e515e0f).

• [Tools]

  • Expose mcps streamable http custom httpx factory parameter (bfed19c).
  • Add a handwritten tool for Cloud Pub/Sub (b6f6dcb).
  • Add token_endpoint_auth_method support to OAuth2 credentials (8782a69).

• [Services]

  • Introduce new JSON-based database schema for DatabaseSessionService, which will be used for newly-created databases. A migration command and script are provided.(7e6ef71 ba91fea ce64787).
  • Set log level when deploying to Agent Engine (1f546df).

• [A2A]

  • Update event_converter used in A2ARemote agent to use a2a_task.status.message only if parts are non-empty (e4ee9d7).

Bug Fixes

• Add checks for event content and parts before accessing (5912835).
• Validate app name in adk create command (742c926).
• Prevent .env files from overriding existing environment variables (0827d12).
• Prevent ContextFilterPlugin from creating orphaned function responses (e32f017).
• Update empty event check to include executable code and execution results (688f48f).
• Make the BigQuery analytics plugin work with agents that don't have instructions such as the LoopAgent (8bed01c).
• Label response as thought if task is immediately returned as working (4f3b733).
• Move and enhance the deprecation warning for the plugins argument in "_validate_runner_params" to the beginning of the function (43270bc).
• Oauth refresh not triggered on token expiry (69997cd).
• Fix double JSON encoding when saving eval set results (fc4e3d6).
• Allow string values for ToolTrajectoryCriterion.match_type (93d6e4c).
• Fix inconsistent method signatures for evaluate_invocations (0918b64).
• Honor the modalities parameter in adk api server for live API (19de45b).
• Filter out thought parts in lite_llm._get_content (1ace8fc).
• Rehydration of EventActions in StorageEvent.to_event (838530e).
• Heal missing tool results before LiteLLM requests (6b7386b).
• Refine Ollama content flattening and provider checks (c6f389d).
• Add MIME type inference and default for file URIs in LiteLLM (5c4bae7).
• Use mode='json' in model_dump to serialize bytes correctly when using telemetry (96c5db5).
• Avoid local .adk storage in Cloud Run/GKE (b30c2f4).
• Remove fallback to cached exchanged credential in _load_existing_credential (1ae0e16).
• Handle overriding of requirements when deploying to agent engine (38a30a4).
• Built-in agents (names starting with "__") now use in-memory session storage instead of creating .adk folders in the agents directory (e3bac1a).
• Change error_message column type to TEXT in DatabaseSessionService (8335f35).
• Add schema type sanitization to OpenAPI spec parser (6dce7f8).
• Prevent retry_on_errors from retrying asyncio.CancelledError (30d3411).
• Include back-ticks around the BQ asset names in the tools examples (8789ad8).
• Fix issue with MCP tools throwing an error (26e77e1).
• Exclude thought parts when merging agent output (07bb164).
• Prepend "https://" to the MCP server url only if it doesn't already have a scheme (71b3289).
• Split SSE events with both content and artifactDelta in ADK Web Server (084fcfa).
• Propagate RunConfig custom metadata to all events (e3db2d0).
• Harden YAML builder tmp save/cleanup(6f259f0).
• Ignore adk-bot administrative actions in stale agent (3ec7ae3).
• Only prepend "https://" to the MCP server url if it doesn't already have a scheme (71b3289).
• Check all content parts for emptiness in _contains_empty_content (f35d129).

Improvements

• Remove unnecessary event loop creation in LiveRequstQueue constructor (ecc9f18).
• Close database engines to avoid aiosqlite pytest hangs (4ddb2cb).
• Add override_feature_enabled to override the default feature enable states (a088506).
• Move SQLite migration script to migration/ folder (e8ab7da).
• Update latest Live Model names for sample agent (f1eb1c0).
• Update google-genai and google-cloud-aiplatform versions (d58ea58).
• Introduce MetricInfoProvider interface, and refactor metric evaluators to use this interface to provide MetricInfo (5b7c8c0).
• Update _flatten_ollama_content return type and add tests (fcea86f).
• Add disambiguation message to enterprise_search_tool (8329fec).
• Add x-goog-user-project header to http calls in API Registry (0088b0f).
• Set the default response modality to AUDIO only (a4b914b).

langchain-ai/langgraph (langgraph)

v1.0.6: langgraph==1.0.6

Compare Source

Changes since 1.0.5

• fix: flip default on base cache (#​6677)
• fix: change default recursion limit (#​6676)
• fix: sanitize namespace for deeply nested graph jumps (#​6665)
• fix: typo: saved the world "BaseMessge" to "BaseMessage" (#​6639)
• release(cli): relax api bounds (#​6606)
• feat(checkpoint): Validate checkpointer type at compile time (#​6586)

googleapis/mcp-toolbox-sdk-python (toolbox-core)

v0.5.7: toolbox-langchain: v0.5.7

Compare Source

Features

• enable Python 3.14 support (#​494) (0ced95b)

Miscellaneous Chores

• replace pip with uv for 60% faster integration tests (#​495) (fbc3f54)
• deps: update mcp toolbox server version in integration tests to v0.25.0 (#​492) (2ab131e)

v0.5.6: toolbox-langchain: v0.5.6

Miscellaneous Chores

• deps: update dependency langchain-core to v1.2.5 [security] (#​476) (265df73)
• drop support for python 3.9 (#​460) (ad43f0c)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dpebot]

/gcbrun

[gemini-code-assist]

Summary of Changes

Hello @renovate-bot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request automates the process of keeping the project's Python dependencies up-to-date. It specifically targets minor version bumps for several toolbox related packages, ensuring that the project benefits from the latest bug fixes and small improvements without introducing breaking changes. This helps maintain the stability and security of the application by integrating the most recent stable releases of these core components.

Highlights

• Dependency Updates: The toolbox-core package has been updated from version 0.5.4 to 0.5.5 in docs/en/getting-started/quickstart/python/adk/requirements.txt and docs/en/getting-started/quickstart/python/core/requirements.txt.
• Dependency Updates: The toolbox-langchain package has been updated from version 0.5.4 to 0.5.5 in docs/en/getting-started/quickstart/python/langchain/requirements.txt.
• Dependency Updates: The toolbox-llamaindex package has been updated from version 0.5.4 to 0.5.5 in docs/en/getting-started/quickstart/python/llamaindex/requirements.txt.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This PR updates several toolbox-* dependencies to version 0.5.5. As these are patch updates, the changes are low-risk and appear correct.

While reviewing the related code for context, I noticed a potential improvement in docs/en/getting-started/quickstart/python/core/quickstart.py. The tool-calling logic (lines 79-90) uses hardcoded indices to call functions from a list, which is fragile and could break if the toolset changes. A more robust approach would be to use a dictionary to map tool names to functions.

For example, the current logic:

# The tools are sorted alphabetically
if fn_name == "search-hotels-by-name":
    function_result = await toolbox_tools[3](**function_call.args)
# ... and so on for other tools

Could be refactored to:

tool_map = {tool.__name__: tool for tool in toolbox_tools} # Or another way to get the tool name
if fn_name in tool_map:
    function_result = await tool_map[fn_name](**function_call.args)
else:
    raise ValueError(f"Function name {fn_name} not present.")

This is outside the scope of the current dependency update, but it's a recommended improvement to enhance maintainability, aligning it with the more robust patterns used in the other quickstart examples.

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[forking-renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.