fix: Exclude compromised LiteLLM versions from dependencies pin to 1.82.6

Versions 1.82.7 and 1.82.8 of LiteLLM were affected by a supply chain attack and are now explicitly excluded from the dependency constraints for both project and dev dependencies.

Co-authored-by: George Weale <[email protected]>
PiperOrigin-RevId: 888818704

Author: GWeale

pyproject.toml

@@ -126,7 +126,7 @@ test = [
   "kubernetes>=29.0.0",                           # For GkeCodeExecutor
   "langchain-community>=0.3.17",
   "langgraph>=0.2.60, <0.4.8",                    # For LangGraphAgent
-  "litellm>=1.75.5, <2.0.0",                      # For LiteLLM tests
+  "litellm>=1.75.5, <=1.82.6",                      # For LiteLLM tests. Upper bound pinned: versions 1.82.7+ compromised in supply chain attack.
   "llama-index-readers-file>=0.4.0",              # For retrieval tests
   "openai>=1.100.2",                              # For LiteLLM
   "opentelemetry-instrumentation-google-genai>=0.3b0, <1.0.0",
@@ -159,7 +159,7 @@ extensions = [
   "kubernetes>=29.0.0",                         # For GkeCodeExecutor
   "k8s-agent-sandbox>=0.1.1.post2",             # For GkeCodeExecutor sandbox mode
   "langgraph>=0.2.60, <0.4.8",                  # For LangGraphAgent
-  "litellm>=1.75.5, <2.0.0",                    # For LiteLlm class. Currently has OpenAI limitations. TODO: once LiteLlm fix it
+  "litellm>=1.75.5, <=1.82.6",                    # For LiteLlm class. Upper bound pinned: versions 1.82.7+ compromised in supply chain attack.
   "llama-index-readers-file>=0.4.0",            # For retrieval using LlamaIndex.
   "llama-index-embeddings-google-genai>=0.3.0", # For files retrieval using LlamaIndex.
   "lxml>=5.3.0",                                # For load_web_page tool.