security: cap litellm<=1.82.6 (supply chain incident CVE)

LiteLLM v1.82.7 and v1.82.8 contained a credential stealer from a
supply chain attack (compromised PyPI maintainer via Trivy CI/CD).
Both versions removed from PyPI.

PraisonAI was NOT affected (installed 1.81.1), but as a defensive
measure, cap the upper bound at 1.82.6 (latest safe) until LiteLLM
completes their supply-chain review and resumes releases.

Ref: https://docs.litellm.ai/blog/security-update-march-2026

Author: MervinPraison

src/praisonai-agents/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "praisonaiagents"
-version = "1.5.83"
+version = "1.5.84"
 description = "Praison AI agents for completing complex tasks with Self Reflection Agents"
 readme = "README.md"
 requires-python = ">=3.10"
@@ -29,7 +29,7 @@ mcp = [
 
 memory = [
     "chromadb>=1.0.0",
-    "litellm>=1.81.0",
+    "litellm>=1.81.0,<=1.82.6",
 ]
 
 knowledge = [
@@ -47,7 +47,7 @@ graph = [
 
 # Add LLM dependencies
 llm = [
-    "litellm>=1.81.0",
+    "litellm>=1.81.0,<=1.82.6",
     "pydantic>=2.10.0"
 ]
 

src/praisonai-agents/uv.lock

@@ -14,7 +14,7 @@ dependencies = [
     "pyparsing>=3.0.0",
     "praisonaiagents>=1.5.83",
     "python-dotenv>=0.19.0",
-    "litellm>=1.81.0",
+    "litellm>=1.81.0,<=1.82.6",
     "PyYAML>=6.0",
     "mcp>=1.20.0",
     "typer>=0.9.0",