fix(deps): bump litellm cap to >=1.83.7 to admit CVE patches#5489
Open
cwest wants to merge 3 commits intogoogle:mainfrom
Open
fix(deps): bump litellm cap to >=1.83.7 to admit CVE patches#5489cwest wants to merge 3 commits intogoogle:mainfrom
cwest wants to merge 3 commits intogoogle:mainfrom
Conversation
The current cap of <=1.82.6 was added in 77f1c41 to exclude the supply-chain compromise of litellm 1.82.7/8. Five CVEs have since been disclosed against litellm <=1.82.6 (2 critical: GHSA-r75f- 5x8p-qvmc, GHSA-jjhc-v7c2-5hh6; 3 high: GHSA-xqmj-j6mv-4862, GHSA-69x8-hrgq-fjj8, GHSA-53mr-6c8q-9789), with fixes in 1.83.0 and 1.83.7. The new lower bound (1.83.7) still excludes the originally compromised 1.82.7/8. Tested: tests/unittests/models/test_litellm.py and tests/unittests/models/test_litellm_import.py pass (259 passed, 0 failed) against litellm 1.83.13 with the new constraint. Refs google#5488
sasha-gitg
requested changes
Apr 26, 2026
cwest
added a commit
to cwest/adk-python
that referenced
this pull request
Apr 27, 2026
Addresses review feedback on google#5489: restore the project's defensive exact-version pin (matching the prior <=1.82.6 pattern) in place of the open-ended <2 cap. Pinning to current latest (1.83.14) keeps every future litellm release behind a deliberate bump, which is what stopped the 1.82.7/8 supply-chain attack from reaching ADK users. Tested: tests/unittests/models/test_litellm.py and tests/unittests/models/test_litellm_import.py pass (259 passed, 0 failed) against the installed litellm 1.83.13.
Re-apply the project's exact-version cap pattern (the original was <=1.82.6) instead of the looser <2 I'd proposed. Pinning to the current latest release means every future litellm version needs an explicit ADK PR before it can resolve into user environments. That is how the prior <=1.82.6 cap held the line once 1.82.7/8 were known-bad. Verified: 259 litellm tests pass against installed 1.83.13. Addresses review feedback on google#5489.
cwest
force-pushed
the
topic/bump-litellm-cap
branch
from
3840fe7 to
d40ef4a
Compare
sasha-gitg
approved these changes
Apr 27, 2026
sasha-gitg
approved these changes
Apr 27, 2026
sasha-gitg
added
the
ready to pull
Collaborator
|
Tests are failing because this needs to be bumped as well and released: https://github.com/googleapis/python-aiplatform/blob/main/setup.py#L186 |
Author
|
Filed the upstream bump in googleapis/python-aiplatform#6645 (drops the ADK CI here will stay red until that PR lands and a |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #5488
Summary
Bumps the
litellmconstraint from<=1.82.6to>=1.83.7,<=1.83.14in both the base project dependencies and the
[test]extras.The current cap was added in
77f1c41toexclude the March 2026 supply-chain compromise of litellm 1.82.7
and 1.82.8. Since then, five CVEs have been disclosed against
litellm
<=1.82.6(2 critical, 3 high), with patches in 1.83.0and 1.83.7. The new lower bound (1.83.7) is strictly above the
originally compromised versions, so the original concern is still
respected.
The upper bound is pinned to the current latest release on PyPI
(1.83.14) per reviewer request, mirroring the project's prior
exact-version cap pattern. New litellm releases will require an
explicit ADK PR to admit, the same way
<=1.82.6did.Full CVE list and rationale in the linked issue (#5488).
Diff
Two identical edits, one in project deps (line 126) and one in
[test]extras (line 145):Testing plan
google-adk(editable) against the updatedconstraint; pip resolved litellm to 1.83.13 (latest stable
compatible with the rest of the lockfile, inside the new
[1.83.7, 1.83.14]window).tests/unittests/models/test_litellm.pyandtests/unittests/models/test_litellm_import.py; all 259tests pass. Output below.
pyproject.tomlis parseable as TOML.Upstream litellm test output
Heads up: litellm hard-pins python-dotenv
While verifying, we discovered that litellm 1.83.7 (and every
subsequent version through 1.83.14) hard-pins
python-dotenv==1.0.1as an unconditional core dependency. Bycontrast, litellm 1.82.6 declared
python-dotenv>=0.2.0(loose).This does not affect adk-python itself -- ADK declares
python-dotenv>=1,<2, which admits1.0.1cleanly. But anydownstream project that has tightened
python-dotenv(e.g.>=1.2.x) will hit a resolver conflict after this bump and mayneed to either relax its python-dotenv constraint or apply a
package-manager override. This is a litellm anti-pattern, not an
ADK problem; included here so reviewers know to expect downstream
issues of that shape.
Out of scope
langgraphhas a similar dep cap (<0.4.8) and onemedium-severity CVE
(GHSA-g48c-2wqr-h844),
but bumping past 0.4.x requires porting ADK's use of the removed
graph.graphAPI (per#1687). That is
real engineering work, not a dep cap bump, and is left as a
separate effort.