Skip to content

Commit c985fd7

Browse files
authored
Merge pull request lightspeed-core#1592 from tisnik/lcore-2037-fixed-cve-in-litellm
LCORE-2037: Fixed CVE in LiteLLM
2 parents 8344b51 + 62219c4 commit c985fd7

4 files changed

Lines changed: 16 additions & 15 deletions

File tree

.tekton/lightspeed-stack-pull-request.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ spec:
5858
],
5959
"requirements_build_files": ["requirements-build.txt"],
6060
"binary": {
61-
"packages": "aiohappyeyeballs,aiosignal,aiosqlite,annotated-doc,annotated-types,anyio,asyncpg,cffi,chevron,cryptography,dill,distro,dnspython,docstring-parser,durationpy,einops,email-validator,faiss-cpu,fire,frozenlist,fsspec,google-crc32c,google-genai,grpcio,grpcio-status,h11,hf-xet,httpcore,httpx,httpx-sse,idna,importlib-metadata,jinja2,jiter,joblib,jsonschema,jsonschema-specifications,kubernetes,lxml,markdown-it-py,mdurl,mpmath,multidict,networkx,numpy,oauthlib,packaging,pandas,peft,pillow,prometheus-client,prompt-toolkit,propcache,psycopg2-binary,pyarrow,pyasn1-modules,pycparser,pydantic,pydantic-core,python-dateutil,pyyaml,referencing,requests-oauthlib,rpds-py,safetensors,scikit-learn,scipy,setuptools,six,sniffio,sqlalchemy,sympy,termcolor,threadpoolctl,tiktoken,tokenizers,torch,tqdm,transformers,tree-sitter,triton,typing-extensions,typing-inspection,urllib3,websocket-client,websockets,wrapt,xxhash,yarl,zipp,uv,pip,maturin",
61+
"packages": "aiohappyeyeballs,aiosignal,aiosqlite,annotated-doc,annotated-types,anyio,asyncpg,cffi,chevron,cryptography,click,dill,distro,dnspython,docstring-parser,durationpy,einops,email-validator,faiss-cpu,fire,frozenlist,fsspec,google-crc32c,google-genai,grpcio,grpcio-status,h11,hf-xet,httpcore,httpx,httpx-sse,idna,importlib-metadata,jinja2,jiter,joblib,jsonschema-specifications,kubernetes,lxml,markdown-it-py,mdurl,mpmath,multidict,networkx,numpy,oauthlib,packaging,pandas,peft,pillow,prometheus-client,prompt-toolkit,propcache,psycopg2-binary,pyarrow,pyasn1-modules,pycparser,pydantic,pydantic-core,python-dateutil,pyyaml,referencing,requests-oauthlib,rpds-py,safetensors,scikit-learn,scipy,setuptools,six,sniffio,sqlalchemy,sympy,termcolor,threadpoolctl,tiktoken,tokenizers,torch,tqdm,transformers,tree-sitter,triton,typing-extensions,typing-inspection,urllib3,websocket-client,websockets,wrapt,xxhash,yarl,zipp,uv,pip,maturin",
6262
"os": "linux",
6363
"arch": "x86_64,aarch64",
6464
"py_version": 312

.tekton/lightspeed-stack-push.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ spec:
5050
],
5151
"requirements_build_files": ["requirements-build.txt"],
5252
"binary": {
53-
"packages": "aiohappyeyeballs,aiosignal,aiosqlite,annotated-doc,annotated-types,anyio,asyncpg,cffi,chevron,cryptography,dill,distro,dnspython,docstring-parser,durationpy,einops,email-validator,faiss-cpu,fire,frozenlist,fsspec,google-crc32c,google-genai,grpcio,grpcio-status,h11,hf-xet,httpcore,httpx,httpx-sse,idna,importlib-metadata,jinja2,jiter,joblib,jsonschema,jsonschema-specifications,kubernetes,lxml,markdown-it-py,mdurl,mpmath,multidict,networkx,numpy,oauthlib,packaging,pandas,peft,pillow,prometheus-client,prompt-toolkit,propcache,psycopg2-binary,pyarrow,pyasn1-modules,pycparser,pydantic,pydantic-core,python-dateutil,pyyaml,referencing,requests-oauthlib,rpds-py,safetensors,scikit-learn,scipy,setuptools,six,sniffio,sqlalchemy,sympy,termcolor,threadpoolctl,tiktoken,tokenizers,torch,tqdm,transformers,tree-sitter,triton,typing-extensions,typing-inspection,urllib3,websocket-client,websockets,wrapt,xxhash,yarl,zipp,uv,pip,maturin",
53+
"packages": "aiohappyeyeballs,aiosignal,aiosqlite,annotated-doc,annotated-types,anyio,asyncpg,cffi,chevron,cryptography,click,dill,distro,dnspython,docstring-parser,durationpy,einops,email-validator,faiss-cpu,fire,frozenlist,fsspec,google-crc32c,google-genai,grpcio,grpcio-status,h11,hf-xet,httpcore,httpx,httpx-sse,idna,importlib-metadata,jinja2,jiter,joblib,jsonschema-specifications,kubernetes,lxml,markdown-it-py,mdurl,mpmath,multidict,networkx,numpy,oauthlib,packaging,pandas,peft,pillow,prometheus-client,prompt-toolkit,propcache,psycopg2-binary,pyarrow,pyasn1-modules,pycparser,pydantic,pydantic-core,python-dateutil,pyyaml,referencing,requests-oauthlib,rpds-py,safetensors,scikit-learn,scipy,setuptools,six,sniffio,sqlalchemy,sympy,termcolor,threadpoolctl,tiktoken,tokenizers,torch,tqdm,transformers,tree-sitter,triton,typing-extensions,typing-inspection,urllib3,websocket-client,websockets,wrapt,xxhash,yarl,zipp,uv,pip,maturin",
5454
"os": "linux",
5555
"arch": "x86_64,aarch64",
5656
"py_version": 312

requirements.hashes.source.txt

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -319,9 +319,6 @@ charset-normalizer==3.4.7 \
319319
circuitbreaker==2.1.3 \
320320
--hash=sha256:1a4baee510f7bea3c91b194dcce7c07805fe96c4423ed5594b75af438531d084 \
321321
--hash=sha256:87ba6a3ed03fdc7032bc175561c2b04d52ade9d5faf94ca2b035fbdc5e6b1dd1
322-
click==8.3.2 \
323-
--hash=sha256:14162b8b3b3550a7d479eafa77dfd3c38d9dc8951f6f69c78913a8f9a7540fd5 \
324-
--hash=sha256:1924d2c27c5653561cd2cae4548d1406039cb79b858b747cfea24924bbc1616d
325322
datasets==4.8.4 \
326323
--hash=sha256:a1429ed853275ce7943a01c6d2e25475b4501eb758934362106a280470df3a52 \
327324
--hash=sha256:cdc8bee4698e549d78bf1fed6aea2eebc760b22b084f07e6fc020c6577a6ce6d
@@ -500,18 +497,24 @@ grpc-google-iam-v1==0.14.4 \
500497
huggingface-hub==0.36.2 \
501498
--hash=sha256:1934304d2fb224f8afa3b87007d58501acfda9215b334eed53072dd5e815ff7a \
502499
--hash=sha256:48f0c8eac16145dfce371e9d2d7772854a4f591bcb56c9cf548accf531d54270
500+
importlib-metadata==8.5.0 \
501+
--hash=sha256:45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b \
502+
--hash=sha256:71522656f0abace1d072b9e5481a48f07c138e00f079c38c8f883823f9c26bd7
503503
joserfc==1.6.4 \
504504
--hash=sha256:34ce5f499bfcc5e9ad4cc75077f9278ab3227b71da9aaf28f9ab705f8a560d3c \
505505
--hash=sha256:3e4a22b509b41908989237a045e25c8308d5fd47ab96bdae2dd8057c6451003a
506506
jsonpath-ng==1.8.0 \
507507
--hash=sha256:54252968134b5e549ea5b872f1df1168bd7defe1a52fed5a358c194e1943ddc3 \
508508
--hash=sha256:b8dde192f8af58d646fc031fac9c99fe4d00326afc4148f1f043c601a8cfe138
509+
jsonschema==4.23.0 \
510+
--hash=sha256:d71497fef26351a33265337fa77ffeb82423f3ea21283cd9467bb03999266bc4 \
511+
--hash=sha256:fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566
509512
langdetect==1.0.9 \
510513
--hash=sha256:7cbc0746252f19e76f77c0b1690aadf01963be835ef0cd4b56dddf2a8f1dfc2a \
511514
--hash=sha256:cbc1fef89f8d062739774bd51eda3da3274006b3661d199c2655f6b3f6d605a0
512-
litellm==1.83.0 \
513-
--hash=sha256:860bebc76c4bb27b4cf90b4a77acd66dba25aced37e3db98750de8a1766bfb7a \
514-
--hash=sha256:88c536d339248f3987571493015784671ba3f193a328e1ea6780dbebaa2094a8
515+
litellm==1.83.7 \
516+
--hash=sha256:5784a1d9a9a4a8acd6ca1e347003a5e2e1b3c749b4d41e7da4904577adade111 \
517+
--hash=sha256:e2f2cb99df2e2b2eab63f1354faa45c88dd7c8d40c18eb648afb1b349c689633
515518
llama-stack==0.6.0 \
516519
--hash=sha256:b804830664dc91e54c7225a7a081cb1874c48fc18573569c19fac4a9397e8076 \
517520
--hash=sha256:d92711791633f5505a4473ffba3f3e26acb700716fddab5aec419d99e614c802
@@ -883,9 +886,9 @@ pypdf==6.10.2 \
883886
pythainlp==5.3.4 \
884887
--hash=sha256:76744e51e27c895630bafd74f53a1f0aa8782cef2f7f02eebd6427fe8ce8d84d \
885888
--hash=sha256:e66fd76fb5931834fd4e32ed54337ec62350d7654f187850e4dd4f915e9f624f
886-
python-dotenv==1.2.2 \
887-
--hash=sha256:1d8214789a24de455a8b8bd8ae6fe3c6b69a5e3d64aa8a8e5d68e694bbcb285a \
888-
--hash=sha256:2c371a91fbd7ba082c2c1dc1f8bf89ca22564a087c2c287cd9b662adde799cf3
889+
python-dotenv==1.0.1 \
890+
--hash=sha256:e324ee90a023d808f1959c46bcbc04446a10ced277783dc6ee09987c37ec10ca \
891+
--hash=sha256:f7b63ef50f1b690dddf550d03497b66d609393b40b564ed0d674909a68ebf16a
889892
python-multipart==0.0.26 \
890893
--hash=sha256:08fadc45918cd615e26846437f50c5d6d23304da32c341f289a617127b081f17 \
891894
--hash=sha256:c0b169f8c4484c13b0dcf2ef0ec3a4adb255c4b7d18d8e420477d2b1dd03f185

requirements.hashes.wheel.txt

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,8 @@ cffi==2.0.0 \
2525
--hash=sha256:ffe747cf5e265169ad5bd64b4359368f74e445cf8ea3cfe99045450554fb4e13
2626
chevron==0.14.0 \
2727
--hash=sha256:215f5e3e7ac75d150eadfc0f8c651b3815dc36813e122484b1ed68e142e5adfb
28+
click==8.1.8 \
29+
--hash=sha256:11fa3d5230fee43910d853098461cbb0d9d3f59b70c63629bf237101ada5ee0f
2830
cryptography==46.0.5 \
2931
--hash=sha256:2b44c9fd892f763465b2d7782bf310d65c04dab741b1241f5be203ccf022368d \
3032
--hash=sha256:661cf199efa488e0c5fb4987d36214e11c1fe2dfb842a1a330b1854ff069f8d3 \
@@ -84,8 +86,6 @@ httpx-sse==0.4.3 \
8486
--hash=sha256:74d0e4713b33a61ca0083d00841f00f12d6b3dd311edb62ccc85809b607b9fb5
8587
idna==3.11 \
8688
--hash=sha256:e1049ef074501ba8c5d802d712b257889257f6d2f460f959f26c4b2d4375923c
87-
importlib-metadata==8.7.1 \
88-
--hash=sha256:a3f29411f5f628be21c445082ff4f844a26ff1a0893d6fabaa55509c63ddbfaf
8989
jinja2==3.1.6 \
9090
--hash=sha256:961c7281585491fb02ca0027b29e9ffc7a1bd7b52a5e03095f3a4e3afc42336e
9191
jiter==0.12.0 \
@@ -94,8 +94,6 @@ jiter==0.12.0 \
9494
--hash=sha256:9c42d9b61ab5d2c9203637a243b4187cc28b0101b28461d35006353d621da292
9595
joblib==1.5.3 \
9696
--hash=sha256:40d87a5e80b69104a3b8f1d761fdbc077fc7b97a23b08b9fdaddb7a3821b06d1
97-
jsonschema==4.26.0 \
98-
--hash=sha256:2601ba467f84ff6ee9c057cbe6a9d7aebefa76cfa747327b37f81d4581f6748f
9997
jsonschema-specifications==2025.9.1 \
10098
--hash=sha256:065ec57323001f79634013c12250a476952e6ce834a17cfd5227343cec3c4aee
10199
kubernetes==35.0.0 \

0 commit comments

Comments
 (0)