shin-bot-litellm df042f7545 litellm_fix(security): allowlist Next.js CVEs for 7 days (#20169) ...

Temporarily allowlist Next.js vulnerabilities in UI dashboard:
- GHSA-h25m-26qc-wcjf (HIGH: DoS via request deserialization)
- CVE-2025-59471 (MEDIUM: Image Optimizer DoS)

Fix: Upgrade to Next.js 15.5.10+ or 16.1.5+ (7-day timeline)

Changes:
- Added .trivyignore with Next.js CVEs
- Updated security_scans.sh to use --ignorefile flag

2026-01-31 10:25:57 -08:00

..

.grype.yaml

chore: document temporary grype ignore for CVE-2026-22184

2026-01-16 11:19:10 +09:00

baseline_db.py

Connect UI to "LiteLLM_DailyUserSpend" spend table - enables usage tab to work at 1m+ spend logs (#9603)

2025-03-27 23:29:15 -07:00

check_file_length.py

…

check_files_match.py

…

publish-proxy-extras.sh

install prisma migration files - connects litellm proxy to litellm's prisma migration files (#9637)

2025-03-29 15:27:09 -07:00

run_migration.py

install prisma migration files - connects litellm proxy to litellm's prisma migration files (#9637)

2025-03-29 15:27:09 -07:00

security_scans_readme.md

[Security] Ensure LiteLLM Images have 0 Critical, High, Medium vulnerabilities with CVSS ≥ 4.0 (#14357)

2025-09-08 16:49:52 -07:00

security_scans.sh

litellm_fix(security): allowlist Next.js CVEs for 7 days (#20169)

2026-01-31 10:25:57 -08:00

TEST_KEY_PATTERNS.md

Fix CI: Revert security scan changes and add GitGuardian ignore rules (#18358)

2025-12-22 17:03:53 -08:00