fix(deps): bump litellm cap to >=1.83.7 to admit CVE patches

cwest · cwest · commit a1f8aeb95bc5 · 2026-04-25T20:07:36.000-04:00
The current cap of <=1.82.6 was added in 77f1c41 to exclude the supply-chain compromise of litellm 1.82.7/8. Five CVEs have since been disclosed against litellm <=1.82.6 (2 critical: GHSA-r75f- 5x8p-qvmc, GHSA-jjhc-v7c2-5hh6; 3 high: GHSA-xqmj-j6mv-4862, GHSA-69x8-hrgq-fjj8, GHSA-53mr-6c8q-9789), with fixes in 1.83.0 and 1.83.7. The new lower bound (1.83.7) still excludes the originally compromised 1.82.7/8. Tested: tests/unittests/models/test_litellm.py and tests/unittests/models/test_litellm_import.py pass (259 passed, 0 failed) against litellm 1.83.13 with the new constraint. Refs #5488
diff --git a/pyproject.toml b/pyproject.toml
@@ -123,7 +123,7 @@ optional-dependencies.extensions = [
   "k8s-agent-sandbox>=0.1.1.post3",                                  # For GkeCodeExecutor sandbox mode
   "kubernetes>=29",                                                  # For GkeCodeExecutor
   "langgraph>=0.2.60,<0.4.8",                                        # For LangGraphAgent
-  "litellm>=1.75.5,<=1.82.6",                                        # For LiteLlm class. Upper bound pinned: versions 1.82.7+ compromised in supply chain attack.
+  "litellm>=1.83.7,<2",                                              # For LiteLlm class. Lower bound is the first release with patches for 5 CVEs disclosed 2026-04-11/24; supersedes earlier supply-chain pin against 1.82.7/8.
   "llama-index-embeddings-google-genai>=0.3",                        # For files retrieval using LlamaIndex.
   "llama-index-readers-file>=0.4",                                   # For retrieval using LlamaIndex.
   "lxml>=5.3",                                                       # For load_web_page tool.
@@ -142,7 +142,7 @@ optional-dependencies.test = [
   "kubernetes>=29",                                                  # For GkeCodeExecutor
   "langchain-community>=0.3.17",
   "langgraph>=0.2.60,<0.4.8",                                        # For LangGraphAgent
-  "litellm>=1.75.5,<=1.82.6",                                        # For LiteLLM tests. Upper bound pinned: versions 1.82.7+ compromised in supply chain attack.
+  "litellm>=1.83.7,<2",                                              # For LiteLLM tests. Lower bound is the first release with patches for 5 CVEs disclosed 2026-04-11/24; supersedes earlier supply-chain pin against 1.82.7/8.
   "llama-index-readers-file>=0.4",                                   # For retrieval tests
   "openai>=1.100.2",                                                 # For LiteLLM
   "opentelemetry-instrumentation-google-genai>=0.3b0,<1",
