tiennm99/litellm
1
0
Fork 0
mirror of https://github.com/tiennm99/litellm.git synced 2026-06-18 05:28:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
36,424 Commits 2,072 Branches 1,425 Tags
c6f1f8b6b3dcafe1fc1dd737876972d9ae799da7
Commit Graph

18 Commits

Author SHA1 Message Date
dependabot[bot] a78bd9a468 build(deps): bump hono from 4.10.6 to 4.12.7 in /litellm-js/spend-logs (#23312) 
* Rename 'Team-Based Guardrails' to 'Team Bring-Your-Own Guardrails' (#23307)

Co-authored-by: Cursor Agent <cursoragent@cursor.com>

* build(deps): bump hono from 4.10.6 to 4.12.7 in /litellm-js/spend-logs

Bumps [hono](https://github.com/honojs/hono) from 4.10.6 to 4.12.7.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.10.6...v4.12.7)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Krish Dholakia <krrishdholakia@gmail.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-11 14:13:33 +05:30
Krish Dholakia e7714f0ce6 Fix CVEs: bump tar/minimatch/pypdf + harden Docker SBOM patching (#23082) 
* fix(docker): bump tar/minimatch/pypdf for CVE fixes + harden SBOM patching

- Bump tar 7.5.8→7.5.10, minimatch 10.2.1→10.2.4, pypdf 6.6.2→6.7.3
- Add sed-based SBOM metadata patching with properly indented find/sed
- Add npm package manager cleanup (apk del / apt-get purge) to remove
  stale SBOM entries from image scanners
- Scope || true to only apk del via brace grouping { ... || true; }
- Guard npm root -g with non-empty assertion to prevent silent failures
- Scope minimatch sed regex to ^10.x to avoid matching other major versions

Addresses: CVE-2026-27903, CVE-2026-27904, GHSA-qffp-2rhf-9h96, CVE-2026-27888

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(docker): scope find to /usr/local/lib /usr/lib, drop autoremove

- Replace `find /` with `find /usr/local/lib /usr/lib` to avoid
  traversing /proc, /sys, /dev during SBOM metadata patching
- Remove `apt-get autoremove -y` from Debian-based Dockerfiles to
  prevent nodejs from being removed as an auto-installed dependency

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-07 18:31:27 -08:00
Harshit28j 3e6c10a071 security: fix critical/high CVEs in OS-level libs and NPM transitive 2026-02-24 19:40:09 +05:30
Harshit Jain 3b043ee8bf fix critical CVE vulnerabliltes (#20683) 2026-02-07 22:23:01 -08:00
Ishaan Jaffer dc08e2d057 fix pkg lock 2025-11-22 11:52:57 -08:00
dependabot[bot] 3319bbf277 chore(deps): bump hono from 4.9.7 to 4.10.3 in /litellm-js/spend-logs (#15915) 
Bumps [hono](https://github.com/honojs/hono) from 4.9.7 to 4.10.3.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.9.7...v4.10.3)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.10.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-28 19:28:10 -07:00
dependabot[bot] d89c7f0eb7 build(deps): bump hono from 4.6.5 to 4.9.7 in /litellm-js/spend-logs (#14513) 
Bumps [hono](https://github.com/honojs/hono) from 4.6.5 to 4.9.7.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.6.5...v4.9.7)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.9.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-13 11:10:37 -07:00
Ishaan Jaff 4005a51db2 (UI) fix adding Vertex Models (#8129) 
* fix handleSubmit

* update handleAddModelSubmit

* add jest testing for ui

* add step for running ui unit tests

* add validate json step to add model

* ui jest testing fixes

* update package lock

* ci/cd run again

* fix antd import

* run jest tests first

* fix antd install

* fix ui unit tests

* fix unit test ui
 2025-01-30 21:11:08 -08:00
Ishaan Jaff 564ecc728d (security fix) - update base image for all docker images to python:3.13.1-slim (#7388) 
* update base image for all docker files

* remove unused files

* fix sec vuln
 2024-12-23 16:20:47 -08:00
Krish Dholakia e332e93786 Litellm security fixes (#7282) 
* build(Dockerfile): bump node version

* build(Dockerfile): bump python version

fix critical errors

* build(requirements.txt): fix snyk errors
 2024-12-18 09:38:52 -08:00
dependabot[bot] b8d4973661 Bump hono from 4.5.8 to 4.6.5 in /litellm-js/spend-logs (#6245) 
Bumps [hono](https://github.com/honojs/hono) from 4.5.8 to 4.6.5.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.5.8...v4.6.5)

---
updated-dependencies:
- dependency-name: hono
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-16 10:37:31 +05:30
dependabot[bot] a3537afbdf build(deps): bump hono from 4.2.7 to 4.5.8 in /litellm-js/spend-logs 
Bumps [hono](https://github.com/honojs/hono) from 4.2.7 to 4.5.8.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.2.7...v4.5.8)

---
updated-dependencies:
- dependency-name: hono
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-22 16:44:08 +00:00
dependabot[bot] 8500345bf3 build(deps): bump @hono/node-server in /litellm-js/spend-logs 
Bumps [@hono/node-server](https://github.com/honojs/node-server) from 1.9.0 to 1.10.1.
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](https://github.com/honojs/node-server/compare/v1.9.0...v1.10.1)

---
updated-dependencies:
- dependency-name: "@hono/node-server"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-25 23:43:28 +00:00
dependabot[bot] 7ca8809889 build(deps): bump hono from 4.1.5 to 4.2.7 in /litellm-js/spend-logs 
Bumps [hono](https://github.com/honojs/hono) from 4.1.5 to 4.2.7.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.1.5...v4.2.7)

---
updated-dependencies:
- dependency-name: hono
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-23 16:25:03 +00:00
Krish Dholakia 359ca003ad Update Dockerfile 2024-03-28 16:40:36 -07:00
Krish Dholakia b159e6d7f1 Update Dockerfile 2024-03-28 16:36:51 -07:00
Krrish Dholakia 5a2e3d65cb build(spend-logs): separate server for writing spend logs to db 2024-03-28 13:23:22 -07:00
Krrish Dholakia 6c34e48180 feat(index.ts): initial commit for proxy edge worker 
testing to see if a js worker improves proxy perf (and by how much)
 2024-03-27 10:15:20 -07:00