chore(deps): bump litellm from 1.74.9 to 1.83.0 in the uv group across 1 directory

[dependabot]

Bumps the uv group with 1 update in the / directory: litellm.

Updates litellm from 1.74.9 to 1.83.0

Release notes

Sourced from litellm's releases.

litellm-trace-dev-v1.81.16

What's Changed

• feat(vertex): add gemini-3.1-flash-image-preview to model DB by @​emerzon in BerriAI/litellm#22223
• perf(spendlogs): optimize old spendlog deletion cron job by @​Harshit28j in BerriAI/litellm#21930
• Fix converse handling for parallel_tool_calls by @​Sameerlite in BerriAI/litellm#22267
• [Fix]Preserve forwarding server side called tools by @​Sameerlite in BerriAI/litellm#22260
• Fix free models working from UI by @​Sameerlite in BerriAI/litellm#22258
• Add v1 for anthropic responses transformation by @​Sameerlite in BerriAI/litellm#22087
• [Bug]Add ChatCompletionImageObject in OpenAIChatCompletionAssistantMessage by @​Sameerlite in BerriAI/litellm#22155
• Fix: poetry lock by @​Sameerlite in BerriAI/litellm#22293
• Enable local file support for OCR by @​noahnistler in BerriAI/litellm#22133
• fix(mcp): Strip stale mcp-session-id to prevent 400 errors across proxy workers by @​gavksingh in BerriAI/litellm#21417
• [Feature] Access group CRUD: Bidirectional team/key sync by @​yuneng-jiang in BerriAI/litellm#22253
• Add LLMClientCache regression tests for httpx client eviction safety by @​ryan-crabbe in BerriAI/litellm#22306
• feat(models): add gpt-audio-1.5 to model cost map by @​Chesars in BerriAI/litellm#22303
• feat(models): add gpt-realtime-1.5 to model cost map by @​Chesars in BerriAI/litellm#22304
• fix(models): function calling for PublicAI Apertus models by @​Chesars in BerriAI/litellm#21582
• Tests: add llmclientcache regression tests by @​ryan-crabbe in BerriAI/litellm#22313
• Add deprecation dates for xAI grok-2-vision-1212 and grok-3-mini models by @​Chesars in BerriAI/litellm#20102
• feat(model_prices): add OpenRouter native models to model cost map by @​Chesars in BerriAI/litellm#20520
• docs: add OpenRouter Opus 4.6 to model map and update Claude Opus 4.6 docs by @​Chesars in BerriAI/litellm#20525
• [Fix] Include timestamps in /project/list response by @​yuneng-jiang in BerriAI/litellm#22323
• [Feature] UI - Projects: Add Projects page with list and create flows by @​yuneng-jiang in BerriAI/litellm#22315
• Fix/claude code plugin schema by @​rahulrd25 in BerriAI/litellm#22271
• Add Prometheus child_exit cleanup for gunicorn workers by @​ryan-crabbe in BerriAI/litellm#22324
• docs: update AssemblyAI docs with Universal-3 Pro, Speech Understanding, and LLM Gateway by @​dylan-duan-aai in BerriAI/litellm#21130
• feat: add in_flight_requests metric to /health/backlog + prometheus by @​ishaan-jaff in BerriAI/litellm#22319
• fix(test): update realtime guardrail test assertions for voice violation behavior by @​jquinter in BerriAI/litellm#22332
• fix(test): update Azure pass-through test after Responses API routing change by @​jquinter in BerriAI/litellm#22334
• fix(db): add missing migration for LiteLLM_ClaudeCodePluginTable by @​jquinter in BerriAI/litellm#22335
• fix(bedrock): restore parallel_tool_calls mapping in map_openai_params by @​jquinter in BerriAI/litellm#22333
• [Feat] Agent RBAC Permission Fix - Ensure Internal Users cannot create agents by @​ishaan-jaff in BerriAI/litellm#22329
• fix(mcp): update test mocks for renamed filter_server_ids_by_ip_with_info by @​jquinter in BerriAI/litellm#22327
• fix: Add PROXY_ADMIN role to system user for key rotation by @​milan-berri in BerriAI/litellm#21896
• fix: populate user_id and user_info for admin users in /user/info by @​milan-berri in BerriAI/litellm#22239
• fix(caching): store task references in LLMClientCache._remove_key by @​shivaaang in BerriAI/litellm#22143
• fix(image_generation): propagate extra_headers to Upstream by @​ZeroClover in BerriAI/litellm#22026
• [Fix] Pass MCP auth headers from request into tool fetch for /v1/responses and chat completions by @​shivamrawat1 in BerriAI/litellm#22291
• fix: shorten guardrail benchmark result filenames for Windows long path support by @​demoray in BerriAI/litellm#22039
• Remove Apache 2 license from SKILL.md by @​rasmi in BerriAI/litellm#22322
• fix(mcp): default available_on_public_internet to true by @​ishaan-jaff in BerriAI/litellm#22331
• fix(bedrock): filter internal json_tool_call when mixed with real tools by @​jquinter in BerriAI/litellm#21107
• fix(jwt): OIDC discovery URLs, roles array handling, dot-notation error hints by @​ishaan-jaff in BerriAI/litellm#22336
• perf: streaming latency improvements — 4 targeted hot-path fixes by @​ishaan-jaff in BerriAI/litellm#22346
• [Test] UI - CostTrackingSettings: Add comprehensive Vitest coverage by @​yuneng-jiang in BerriAI/litellm#22354
• [Feature] Key list endpoint: Add project_id and access_group_id filters by @​yuneng-jiang in BerriAI/litellm#22356
• [Feature] UI - Projects: Add Project Details Page by @​yuneng-jiang in BerriAI/litellm#22360
• [Feature] UI - Projects: Add project keys table and project dropdown to key create/edit by @​yuneng-jiang in BerriAI/litellm#22373
• Litellm health check tokens by @​Harshit28j in BerriAI/litellm#22299
• Doc: security vulnerability scan report to v1.81.14 release notes by @​Harshit28j in BerriAI/litellm#22385

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[entelligence-ai-pr-reviews]

EntelligenceAI PR Summary

Dependency upgrade PR updating pyproject.toml and uv.lock to bring in newer package versions and rationalize the dependency tree.

• litellm: 1.74.9 → 1.83.0 (9 minor versions, adds fastuuid 0.14.0 as transitive dependency)
• instructor: 1.11.3 → 1.15.1 (drops diskcache dependency)
• openai: 1.109.1 → 2.30.0 (major version bump)
• stagehand: 0.5.3 → 3.19.5 (major overhaul; now ships platform-specific wheels with a leaner dependency set: anyio, distro, httpx, pydantic, sniffio, typing-extensions)
• Removed packages: anthropic 0.68.0, browserbase 1.4.0, diskcache 5.6.3, nest-asyncio 1.6.0, playwright 1.55.0, pyee 13.0.0
• greenlet 3.2.4: added musllinux_1_2 wheels for aarch64 and x86_64; removed s390x wheels for Python 3.10–3.13

---

Confidence Score: 3/5 - Review Recommended

Likely safe but review recommended — this PR includes a major version bump of openai from 1.x to 2.30.0 and a substantial version jump of stagehand from 0.5.3 to 3.19.5, both of which carry high risk of breaking API changes that automated review cannot detect without runtime testing. The litellm and instructor upgrades are more modest but still span multiple minor versions with potential behavioral changes. While no static analysis issues were flagged, the breadth of upstream version jumps — particularly the openai SDK major version — warrants human validation of all call sites and integration tests before merging.

Key Findings:

• The openai SDK jump from 1.x to 2.30.0 is a major version bump; major versions in the OpenAI Python SDK have historically introduced breaking changes to client initialization, response object shapes, and async interfaces that would silently fail or raise AttributeError at runtime without proper validation.
• stagehand going from 0.5.3 to 3.19.5 is an extremely large version leap (essentially a full rewrite indicated by the summary mentioning 'major overhaul' and platform-specific wheels), meaning any code in the repo that calls stagehand APIs may need to be updated — this cannot be confirmed without reviewing call sites.
• The automated review covered 0 of 2 changed files (pyproject.toml and uv.lock), so there is no static analysis coverage; the safety assessment relies entirely on the absence of flagged issues rather than positive confirmation of correctness.
• On the positive side, instructor 1.15.1 dropping diskcache and litellm adding only fastuuid as a transitive dependency represent clean dependency tree changes with minimal surface area for breakage.

Files requiring special attention

• pyproject.toml
• uv.lock

[entelligence-ai-pr-reviews]

Walkthrough

This PR updates several Python dependencies: upgrades litellm from 1.74.9 to 1.83.0, instructor from 1.11.3 to 1.15.1, openai from 1.109.1 to 2.30.0 (major version bump), and stagehand from 0.5.3 to 3.19.5 (major overhaul). Several packages are removed (anthropic, browserbase, playwright, diskcache, nest-asyncio, pyee), and new dependencies (fastuuid, anyio, sniffio) are introduced.

Changes

File(s)	Summary
pyproject.toml	Bumps litellm dependency from 1.74.9 to 1.83.0.
uv.lock	Upgrades litellm (1.74.9→1.83.0, adds fastuuid 0.14.0), instructor (1.11.3→1.15.1, drops diskcache), openai (1.109.1→2.30.0, major bump), and stagehand (0.5.3→3.19.5, replaces anthropic/browserbase/playwright/nest-asyncio/requests/rich/python-dotenv with anyio/distro/httpx/pydantic/sniffio/typing-extensions); removes standalone anthropic, browserbase, diskcache, nest-asyncio, playwright, and pyee; expands greenlet 3.2.4 with musllinux_1_2 wheels for aarch64/x86_64 and removes s390x wheels across Python 3.10–3.13.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant App as Application
    participant Instructor as Instructor 1.15.1
    participant LiteLLM as LiteLLM 1.83.0
    participant OpenAI as OpenAI SDK 2.30.0
    participant Stagehand as Stagehand 3.19.5
    participant LLMProvider as LLM Provider API

    Note over App, LLMProvider: Upgraded dependency stack
    App->>Instructor: Structured extraction request
    activate Instructor
    Note over Instructor: v1.15.1 - dropped diskcache dependency
    Instructor->>LiteLLM: Route LLM call
    activate LiteLLM
    Note over LiteLLM: v1.83.0 - adds fastuuid
    LiteLLM->>OpenAI: Forward to OpenAI-compatible endpoint
    activate OpenAI
    Note over OpenAI: v2.30.0 (major version bump from 1.x)
    OpenAI->>LLMProvider: API request
    LLMProvider-->>OpenAI: Response
    deactivate OpenAI
    LiteLLM-->>Instructor: LLM response
    deactivate LiteLLM
    Instructor-->>App: Structured output
    deactivate Instructor

    App->>Stagehand: Browser automation request
    activate Stagehand
    Note over Stagehand: v3.19.5 - major refactor
    Note over Stagehand: Dropped: playwright, browserbase,<br/>anthropic, openai, litellm, nest-asyncio<br/>Now: lightweight HTTP client only
    Stagehand->>LLMProvider: Direct HTTP request (httpx)
    LLMProvider-->>Stagehand: Response
    Stagehand-->>App: Result
    deactivate Stagehand

Loading