Skip to content

Commit 4e4a996

Browse files
unclecodeunclecode
committed
fix: replace litellm with unclecode-litellm due to PyPI supply chain compromise
litellm 1.82.7-1.82.8 on PyPI were compromised with malicious code. PyPI quarantined the entire package (all versions uninstallable). Switched to unclecode-litellm==1.81.13, a pre-compromise fork published under our own PyPI account. Drop-in replacement — all imports unchanged.
1 parent f4bda05 commit 4e4a996

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ dependencies = [
1818
"aiosqlite~=0.20",
1919
"anyio>=4.0.0",
2020
"lxml~=5.3",
21-
"litellm @ git+https://github.com/unclecode/litellm.git@safe-v1.81.13",
21+
"unclecode-litellm==1.81.13",
2222
"numpy>=1.26.0,<3",
2323
"pillow>=10.4",
2424
"playwright>=1.49.0",

requirements.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ aiohttp>=3.11.11
55
aiosqlite~=0.20
66
anyio>=4.0.0
77
lxml~=5.3
8-
litellm @ git+https://github.com/unclecode/litellm.git@safe-v1.81.13
8+
unclecode-litellm==1.81.13
99
numpy>=1.26.0,<3
1010
pillow>=10.4
1111
playwright>=1.49.0

0 commit comments

Comments
 (0)