litellm

mirror of https://github.com/tiennm99/litellm.git synced 2026-06-17 20:48:32 +00:00

Files

T

Ishaan Jaff 2acc5cc457 fix(security): fix CVE-2025-69873, CVE-2026-26996 in docs deps; allowlist nodejs_wheel CVEs in Grype scan (#21787 )

* fix(security): fix CVE-2025-69873 and CVE-2026-26996 in docs dependencies

Use npm overrides to pin patched versions:
- ajv@6.12.6 → 6.14.0 (fixes ReDoS CVE-2025-69873)
- ajv@8.17.1 → 8.18.0 (fixes ReDoS CVE-2025-69873)
- minimatch@3.1.2 → 10.2.1 (fixes DoS CVE-2026-26996)

serve-handler only calls minimatch(path, pattern) so the 3.x→10.x
upgrade is safe.

* fix(ruff): add missing Set and Dict imports to fix F821 errors

* fix(security): scope ajv overrides to avoid top-level version conflict

Replacing global 'ajv: 8.18.0' override with scoped 'schema-utils@4'
override. The global override conflicted with the nested file-loader/
null-loader/url-loader overrides, causing npm to install ajv@6 at the
top level where ajv-keywords@5.x requires ajv@8 (ajv/dist/compile/codegen).

Now:
- schema-utils@3 + loaders → ajv@6.14.0 (safe minor bump)
- schema-utils@4 → ajv@8.18.0 (safe minor bump)
- top-level ajv unmodified (stays at 8.x for ajv-keywords@5)

* fix(security): allowlist minimatch and tar CVEs from nodejs_wheel, bump tar override to >=7.5.8

2026-02-21 11:18:52 -08:00

.grype.yaml

[Release - 02/10/2026] v1.81.10-nightly

2026-02-10 16:26:30 -08:00

baseline_db.py

Connect UI to "LiteLLM_DailyUserSpend" spend table - enables usage tab to work at 1m+ spend logs (#9603 )

2025-03-27 23:29:15 -07:00

check_file_length.py

(clean up) move docker files from root to docker folder (#6109 )

2024-10-08 08:23:52 +05:30

check_files_match.py

(fix) pre commit hook to sync backup context_window mapping