chore(deps): [fsi-quant-assistant] Update dependency google-adk to v1.28.1 [SECURITY]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
google-adk (changelog)	==1.28.0 → ==1.28.1
google-adk (changelog)	1.28.0 → 1.28.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability

CVE-2026-4810 / GHSA-rg7c-g689-fr3x

More information

Details

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance.

This vulnerability was patched in versions 1.28.1 and 2.0.0a2.

Customers need to redeploy the upgraded ADK to their production environments. In addition, if they are running ADK Web locally, they also need to upgrade their local instance.

Severity

• CVSS Score: 9.3 / 10 (Critical)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Amber

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-4810
• https://github.com/google/adk-python/blob/main/CHANGELOG.md#1274-2026-03-26
• https://github.com/advisories/GHSA-rg7c-g689-fr3x

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability

CVE-2026-4810 / GHSA-rg7c-g689-fr3x

More information

Details

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance.

This vulnerability was patched in versions 1.28.1 and 2.0.0a2.

Customers need to redeploy the upgraded ADK to their production environments. In addition, if they are running ADK Web locally, they also need to upgrade their local instance.

Severity

• CVSS Score: 9.3 / 10 (Critical)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Amber

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-4810
• https://github.com/google/adk-python
• https://github.com/google/adk-python/blob/main/CHANGELOG.md#1274-2026-03-26

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

google/adk-python (google-adk)

v1.28.1

Compare Source

Features

• Add an option to prevent the SaveFilesAsArtifactsPlugin from attaching reference file parts to the message (987c809)
• add credentials parameter to BigQueryAgentAnalyticsPlugin (34713fb)
• Add express mode onboarding support to adk deploy cli (2b04996)
• add native OpenTelemetry agentic metrics (6942aac)
• Add OpenTelemetry tracing for event compaction (c65dd55)
• Add sample agent demonstrating 2LO, 3LO, and API Key auth via GcpAuthProvider (909a8c2)
• Add support for Anthropic's thinking blocks (16952bd)
• Add support for excluding predefined functions in ComputerUseToolset (d760037)
• Add support for refusal messages in ApigeeLlm (d6594a1)
• Added indication of user message in history event list (662354a)
• Allow user to define credential_key for McpToolset (282db87), closes #​5103
• analytics: add support for logging LLM cache metadata to BigQuery (02deeb9)
• eval: add evaluate_full_response option to rubric-based evaluation (#​5316) (7623ff1)
• live: Add save_live_blob query parameter to /run_live endpoint (36ab8f1)
• mcp: gracefully handle tool execution errors and transport crashes (7744cfe)

Bug Fixes

• accumulate list values when merging parallel tool call state_delta (b0b8b31), closes #​5190
• Add support for overriding the API version in GoogleLLM (1cdd1e7)
• auth: isolate resolved credentials in context to prevent race conditions and data leakage (5578772)
• avoid double-execution of sync FunctionTools returning None (78a8851), closes #​5284
• block RCE vulnerability via nested YAML configurations in ADK (74f235b)
• bump Vertex SDK version (6380f6a)
• cancel siblings in parallel function calling on failure (49985c9)
• Capture and include LLM usage metadata in summarized events (5ce33b9), closes #​4014
• catch ValueError in safe-JSON serializers for circular refs (70a7add), closes #​5412
• deps: bump litellm cap to >=1.83.7 to admit CVE patches (6d2ada8)
• Disable bound token for mcp_tool (4c0c6db)
• fix dataset location handling in BigQueryAgentAnalyticsPlugin (c263426)
• Fix exception handling and argument order in ReflectRetryToolPlugin (1deab6d)
• Fix GcpAuthProvider to return capitalized Bearer scheme (ad937fe)
• fix lifecycle issues with credentials in BigQuery Agent Analytics Plugin (a69f861)
• Fix malformated skill.md (9a0d2f7)
• Fix misplaced pytest decorator on helper dataclass in 2LO integration tests (2343973)
• Fix RecursionError in ADK framework by adding circular reference detection to schema resolution (7de5bc5)
• fix rewind to preserve initial session state (af1b00a), closes #​4933
• Fix SSRF and local-file access in load_web_page (0447e93)
• handle None state values in skill_toolset after session rewind (a977aa3)
• litellm: emit input_audio for audio inline_data parts (4073238), closes #​5406
• live: mark all agents' Event as from other agents (48b7a64)
• live: treat input transcription as user message (ae1f2e6)
• optimization: handle None metric scores in LocalEvalSampler (#​5415) (684a6e7)
• otel: change gen_ai.tool_definitions to gen_ai.tool.definitions (029b87d)
• preserve cache fingerprint stability on creation failure (4d5438c)
• preserve empty-string text parts in A2A converter (2d61cb6)
• preserve function call IDs for Anthropic models (f0c787f)
• Prevent LoopAgent from resetting sub-agent state on pause (8846be5)
• Quote user_id literals in VertexAiSessionService list filters (bdece00)
• read_file/write_file path type mismatch in BaseEnvironment and LocalEnvironment (782796f)
• relax EventActions.state_delta value type to Any (dbec8e9)
• remove exclude_unset=True to correctly serialize pydantic types (f95ac48)
• samples: Upgrade google-adk to 1.28.1 to fix vulnerability (b848390)
• Sanitize user_id derived from PubSub subscription and Eventarc source (0c4f157), closes #​5324
• Scope Vertex RAG memory display names (784350d)
• Use correct camelCase functionCallId (c87ee1e)
• web oauth flow and trace view (87cd310)
• yield tool_call_parts immediately in live mode to unblock Gemini 3.1 tool calls (f57b05d)

Performance Improvements

• lazy-load optional providers and auth chain to cut cold start ~25% (66bfedc)

Code Refactoring

• move exception handling from metric emission into instrumentation handlers (62d7ee0)
• tests: Refactor tests to explicitly handle JSON_SCHEMA_FOR_FUNC_DECL feature flag (b580891)
• Use artifact_service.load_artifact during rewind (c3d50db), closes #​4932

Documentation

• gemini: show subclass pattern for custom Client config (34c7505), closes #​3628
• update output_schema docstring to reflect support for tools and output_schema together (e1e652d)
• Update README with instructions for installing ADK extensions (f2a1179)
• use sphinx-click to generate docs for google.adk.cli (f455974)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.