fix(security): pin litellm<1.82.6 to mitigate supply chain attack

GangGreenTemperTatum · claude · GangGreenTemperTatum · commit 1c92f47c534b · 2026-03-24T09:29:49.000-04:00
Versions >=1.82.6 are compromised via supply chain attack (BerriAI/litellm#21971). The previous spec (^1.67.2) had no upper bound protection. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/pyproject.toml b/pyproject.toml
@@ -15,7 +15,7 @@ python = ">=3.10,<3.14"
 pydantic = "^2.7.3"
 pydantic-xml = "<=2.17.0"
 loguru = "^0.7.2"
-litellm = "^1.67.2"
+litellm = ">=1.67.2,<1.82.6"
 xmltodict = "^0.13.0"
 colorama = "^0.4.6"
 jsonpath-ng = "^1.7.0"
