Skip to content

fix: upgrade litellm to 1.83.14 to address critical security vulnerability#237

Merged
asamal4 merged 1 commit into
lightspeed-core:v0.5.1from
bsatapat-jpg:fix/litellm-cve-0.5.0
May 15, 2026
Merged

fix: upgrade litellm to 1.83.14 to address critical security vulnerability#237
asamal4 merged 1 commit into
lightspeed-core:v0.5.1from
bsatapat-jpg:fix/litellm-cve-0.5.0

Conversation

@bsatapat-jpg
Copy link
Copy Markdown
Collaborator

@bsatapat-jpg bsatapat-jpg commented May 15, 2026
edited
Loading

Description

Type of change

  • Refactor
  • New feature
  • Bug fix
  • CVE fix
  • Optimization
  • Documentation Update
  • Configuration Update
  • Bump-up service version
  • Bump-up dependent library
  • Bump-up library or tool used for development (does not change the final image)
  • CI configuration change
  • Unit tests improvement

Tools used to create PR

Identify any AI code assistants used in this PR (for transparency and review context)

  • Assisted-by: Claude
  • Generated by: Cursor

Related Tickets & Documents

Checklist before requesting a review

  • I have performed a self-review of my code.
  • PR has passed all pre-merge test jobs.
  • If it is a core feature, I have added thorough tests.

Testing

  • Please provide detailed steps to perform tests related to this code change.
  • How were the fix/results from this change verified? Please provide relevant screenshots or results.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 15, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 92b17d85-21a9-424b-82b9-c71586763ccb

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

asamal4
asamal4 approved these changes May 15, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@asamal4 asamal4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM !! e2e is failing but that because make test-e2e was not added in v0.5.0.
We need to cherrypick. But okay for now as we are trying to provide digital workforce a cve free litellm.

@bsatapat-jpg I would suggest to talk to the team and transition to ragas 0.4.0 as sson as possible. This is temporary work-around. We have not established an agreement for previous version support yet.

@bsatapat-jpg
Copy link
Copy Markdown
Collaborator Author

bsatapat-jpg commented May 15, 2026

Sure I will connect with them and ask them to move RAGAs 0.4.0 ASAP.
Thanks for the review.

@asamal4 asamal4 merged commit 965c009 into lightspeed-core:v0.5.1 May 15, 2026
15 of 18 checks passed
@bsatapat-jpg bsatapat-jpg deleted the fix/litellm-cve-0.5.0 branch May 15, 2026 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@asamal4 asamal4 asamal4 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bsatapat-jpg @asamal4