deps(deps): update openai-agents requirement from >=0.1.0 to >=0.17.4

[dependabot]

Updates the requirements on openai-agents to permit the latest version.

Release notes

Sourced from openai-agents's releases.

v0.17.4

What's Changed

• feat: support Realtime custom voice objects by @​lionel-oai in openai/openai-agents-python#3473
• fix: #3459 add opt-in recovery for missing function tools by @​seratch in openai/openai-agents-python#3461
• fix: apply hardened http client default to MCP SSE transport by @​ioleksiuk in openai/openai-agents-python#3466
• fix: use non-None value for output in FunctionSpanData by @​rmotgi1227 in openai/openai-agents-python#3475
• fix: add missing entries to span slots by @​rmotgi1227 in openai/openai-agents-python#3483
• fix: redact invalid JSON payload in ModelBehaviorError data by @​LeSingh1 in openai/openai-agents-python#3485
• fix: export more tracing related functions & types from agents by @​rmotgi1227 in openai/openai-agents-python#3489
• fix: export MCPListToolsItem, ToolSearchCallItem, and ToolSearchOutputItem from agents by @​rmotgi1227 in openai/openai-agents-python#3490

Documentation & Other Changes

• Release 0.17.4 by @​github-actions[bot] in openai/openai-agents-python#3505

New Contributors

• @​rmotgi1227 made their first contribution in openai/openai-agents-python#3475

Full Changelog: openai/openai-agents-python@v0.17.3...v0.17.4

Changelog

Sourced from openai-agents's changelog.

Release process/changelog

The project follows a slightly modified version of semantic versioning using the form 0.Y.Z. The leading 0 indicates the SDK is still evolving rapidly. Increment the components as follows:

Minor (Y) versions

We will increase minor versions Y for breaking changes to any public interfaces that are not marked as beta. For example, going from 0.0.x to 0.1.x might include breaking changes.

If you don't want breaking changes, we recommend pinning to 0.0.x versions in your project.

Patch (Z) versions

We will increment Z for non-breaking changes:

• Bug fixes
• New features
• Changes to private interfaces
• Updates to beta features

Breaking change changelog

0.17.0

In this version, sandbox local source materialization keeps LocalFile.src and LocalDir.src within the materialization base_dir unless the source path is covered by Manifest.extra_path_grants. The base_dir is the SDK process current working directory when the manifest is applied; relative local sources are resolved from that directory, while absolute local sources must already be inside it or under an explicit grant. This closes a local artifact boundary issue, but it can affect applications that intentionally copy trusted host files or directories from outside that base directory into a sandbox workspace.

To migrate, grant trusted host roots at the manifest level with SandboxPathGrant, preferably as read-only when the sandbox only needs to read those files:

from pathlib import Path
from agents.sandbox import Manifest, SandboxPathGrant
from agents.sandbox.entries import Dir, LocalDir
This is an absolute host path outside the SDK process base_dir.
TRUSTED_DOCS_ROOT = Path("/opt/my-app/docs")
manifest = Manifest(
extra_path_grants=(
# This host root is outside the SDK process base_dir, so the manifest must grant it.
SandboxPathGrant(path=str(TRUSTED_DOCS_ROOT), read_only=True),
),
entries={
# No grant is needed for local sources that stay under the SDK process base_dir.
"fixtures": LocalDir(src=Path("fixtures"), description="Local test fixtures."),
# This entry reads from the granted host root and copies it into the sandbox workspace.
"docs": LocalDir(src=TRUSTED_DOCS_ROOT, description="Trusted local documents."),
# Dir creates a sandbox workspace directory; it does not read from the host filesystem.
"output": Dir(description="Generated artifacts."),
},
)
</tr></table>

... (truncated)

Commits

• 6d5b888 Release 0.17.4 (#3505)
• 9a92ea4 Support Realtime custom voice objects (#3473)
• fedc809 fix: export MCPListToolsItem, ToolSearchCallItem, and ToolSearchOutputItem fr...
• 573530f fix: export more tracing related functions & types from agents (#3489)
• 813a003 fix: redact invalid JSON payload in ModelBehaviorError data (#3485)
• eda7b51 fix: add missing entries to span slots (#3483)
• 45effb4 fix: #3459 add opt-in recovery for missing function tools (#3461)
• 9303389 fix: use non-None value for output in FunctionSpanData (#3475)
• 9514473 fix: apply hardened http client default to MCP SSE transport (#3466)
• 445ad22 docs: add SECURITY.md in the same way with openai-agents-js repo
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: security. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Security Scan Summary

Scan Results

• Bandit (Python SAST): success
• Semgrep (Multi-language SAST): success
• Trivy (Vulnerability scanner): success
• Gitleaks (Secret detection): failure
• CodeQL (Advanced analysis): success

[YoungDan]

@dependabot rebase

[github-actions]

Re-reviewed the current diff and existing review threads: no unresolved high-severity issues found.\n\nThe PR only bumps from to ; please ensure CI/integration tests that cover agent initialization and runtime flows stay green after the version jump.

[github-actions]

Re-reviewed the current diff and existing review threads: no unresolved high-severity issues found.

The PR only bumps openai-agents from 0.1.0 to 0.17.4; please ensure CI/integration tests that cover agent initialization and runtime flows stay green after the version jump.

[github-actions]

Security Scan Summary

Scan Results

• Bandit (Python SAST): success
• Semgrep (Multi-language SAST): success
• Trivy (Vulnerability scanner): success
• Gitleaks (Secret detection): success
• CodeQL (Advanced analysis): success

[github-actions]

Re-checked existing comments and the latest diff at a7fb35d: no unresolved high-severity issues are evident in the changed lines.\n\nSummary: this PR updates from to ; no additional critical blockers found in this diff.

[github-actions]

Re-checked existing comments and the latest diff at a7fb35d: no unresolved high-severity issues are evident in the changed lines.

Summary: this PR updates openai-agents from 0.1.0 to 0.17.4; no additional critical blockers found in this diff.

[github-actions]

Security Scan Summary

Scan Results

• Bandit (Python SAST): success
• Semgrep (Multi-language SAST): success
• Trivy (Vulnerability scanner): success
• Gitleaks (Secret detection): success
• CodeQL (Advanced analysis): success

[github-actions]

Re-checked existing comments and the current diff at 87d4e5b. No unresolved high-severity issues are evident in the changed lines, and there are no inline review threads requiring a resolved reply.

[github-actions]

Security Scan Summary

Scan Results

• Bandit (Python SAST): success
• Semgrep (Multi-language SAST): success
• Trivy (Vulnerability scanner): success
• Gitleaks (Secret detection): success
• CodeQL (Advanced analysis): success

[dependabot]

Superseded by #161.