Skip to content

fix: tighten LiteLLM CVE-2026-40217 floor#836

Draft
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/vanta-vulnerability-remediation-4e16
Draft

fix: tighten LiteLLM CVE-2026-40217 floor#836
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/vanta-vulnerability-remediation-4e16

Conversation

@cursor

@cursor cursor Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Vulnerability details

Fix summary

  • Tightened the root LiteLLM dependency floor from >=1.83.10 to >=1.83.11.
  • Refreshed uv.lock metadata while preserving the resolved fixed LiteLLM version 1.83.14.
  • Updated the adjacent CVE comment to match the corrected fixed floor.

Validation

  • python3 -m uv lock --check passed.
  • Runtime dependency assertion passed: installed litellm is 1.83.14 and >=1.83.11.
  • python3 -m uv tree --package litellm --depth 1 resolved LiteLLM 1.83.14.
  • Unit tests passed with local service URLs set: 1307 passed, 75 skipped (Postgres unavailable), 173 deselected.
  • python3 -m uv run ruff check app/ tests/ currently fails on pre-existing unrelated lint issues in Python files not touched by this PR.
  • python3 -m uv pip check --python .venv/bin/python reports the existing documented LiteLLM/OpenAI override (litellm requires openai==2.24.0, project resolves openai==2.38.0).
Open in Web View Automation 

Co-authored-by: sham <sham@potpie.ai>
@cursor cursor Bot requested a review from yashkrishan June 2, 2026 08:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant