chore(deps): update dependency litellm to v1.61.15 [security] #146

renovate · 2025-03-20T19:04:52Z

This PR contains the following updates:

Package	Change	Age	Confidence
litellm	`==1.49.0` -> `==1.61.15`

GitHub Vulnerability Alerts

CVE-2024-10188

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.

CVE-2025-0628

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.

CVE-2024-8984

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

Release Notes

BerriAI/litellm (litellm)

`v1.61.7`

What's Changed

docs(perplexity.md): removing return_citations documentation by @miraclebakelaser in #8527
(docs - cookbook) litellm proxy x langfuse by @ishaan-jaff in #8541
UI Fixes and Improvements (02/14/2025) p1 by @krrishdholakia in #8546
(Feat) - Add /bedrock/meta.llama3-3-70b-instruct-v1:0 tool calling support + cost tracking + base llm unit test for tool calling by @ishaan-jaff in #8545
fix(general_settings.tsx): filter out empty dictionaries post fallbac… by @krrishdholakia in #8550
(perf) Fix memory leak on /completions route by @ishaan-jaff in #8551
Org Flow Improvements by @krrishdholakia in #8549
feat(openai/o_series_transformation.py): support native streaming for o1 by @krrishdholakia in #8552
fix(team_endpoints.py): fix team info check to handle team keys by @krrishdholakia in #8529
build: ui build update by @krrishdholakia in #8553
Optimize Alpine Dockerfile by removing redundant apk commands by @PeterDaveHello in #5016
fix(main.py): fix key leak error when unknown provider given by @krrishdholakia in #8556
(Feat) - return x-litellm-attempted-fallbacks in responses from litellm proxy by @ishaan-jaff in #8558
Add remaining org CRUD endpoints + support deleting orgs on UI by @krrishdholakia in #8561
Enable update/delete org members on UI by @krrishdholakia in #8560
(Bug Fix) - Add Regenerate Key on Virtual Keys Tab by @ishaan-jaff in #8567
(Bug Fix + Better Observability) - BudgetResetJob: for reseting key, team, user budgets by @ishaan-jaff in #8562
(Patch/bug fix) - UI, filter out litellm ui session tokens on Virtual Keys Page by @ishaan-jaff in #8568
refactor(teams.tsx): refactor to display all teams, across all orgs by @krrishdholakia in #8565
docs: update README.md API key and model example typos by @colesmcintosh in #8590
Fix typo in main readme by @scosman in #8574
(UI) Allow adding models for a Team by @ishaan-jaff in #8598
feat(ui): alert when adding model without STORE_MODEL_IN_DB by @Aditya8840 in #8591
Revert "(UI) Allow adding models for a Team" by @ishaan-jaff in #8600
Litellm stable UI 02 17 2025 p1 by @krrishdholakia in #8599

New Contributors

@PeterDaveHello made their first contribution in #5016
@colesmcintosh made their first contribution in #8590
@scosman made their first contribution in #8574
@Aditya8840 made their first contribution in #8591

Full Changelog: BerriAI/litellm@v1.61.3...v1.61.7

Docker Run LiteLLM Proxy

```
docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.61.7

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Docker Run LiteLLM Proxy

```
docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.61.7

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Failed ❌	180.0	206.98769618433857	6.145029010811349	6.145029010811349	1839	1839	146.21495699998377	3174.8161250000067
Aggregated	Failed ❌	180.0	206.98769618433857	6.145029010811349	6.145029010811349	1839	1839	146.21495699998377	3174.8161250000067

`v1.61.3`

What's Changed

Improved wildcard route handling on /models and /model_group/info by @krrishdholakia in #8473
(Bug fix) - Using include_usage for /completions requests + unit testing by @ishaan-jaff in #8484
add sonar pricings by @themrzmaster in #8476
(bug fix) PerplexityChatConfig - track correct OpenAI compatible params by @ishaan-jaff in #8496
(fix #2) don't block proxy startup if license check fails & using prometheus by @ishaan-jaff in #8492
ci(config.yml): mark daily docker builds with -nightly by @krrishdholakia in #8499
(Redis Cluster) - Fixes for using redis cluster + pipeline by @ishaan-jaff in #8442
Litellm UI stable version 02 12 2025 by @krrishdholakia in #8497
fix: fix test by @krrishdholakia in #8501
enables no auth for SMTP by @krrishdholakia in #8494
UI Fixes p2 by @krrishdholakia in #8502
add phoenix docs for observability integration by @exiao in #8522
Added custom_attributes to additional_keys which can be sent to athina by @vivek-athina in #8518
(UI) fix log details page by @ishaan-jaff in #8524
Add UI Support for Admins to Call /cache/ping and View Cache Analytics (#8475) by @tahaali-dev in #8519
LiteLLM Improvements (02/13/2025) p1 by @krrishdholakia in #8523
fix(utils.py): fix vertex ai optional param handling by @krrishdholakia in #8477
Add 'prediction' param for Azure + Add gemini-2.0-pro-exp-02-05 vertex ai model to cost map + New bedrock/deepseek_r1/* route by @krrishdholakia in #8525
(UI) - Refactor View Key Table by @ishaan-jaff in #8526

Full Changelog: BerriAI/litellm@v1.61.1...v1.61.3

Docker Run LiteLLM Proxy

```
docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.61.3

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Docker Run LiteLLM Proxy

```
docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.61.3

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Failed ❌	110.0	127.51554087063036	6.408067444109619	6.408067444109619	1917	1917	94.95955199997752	2825.282969
Aggregated	Failed ❌	110.0	127.51554087063036	6.408067444109619	6.408067444109619	1917	1917	94.95955199997752	2825.282969

`v1.61.1`

Compare Source

What's Changed

Show Guardrails on UI by @krrishdholakia in #8447
Log applied guardrails on LLM API call by @krrishdholakia in #8452
Ui Fixes Teams Setting #8347 by @tahaali-dev in #8353
(UI) allow adding model aliases for teams by @ishaan-jaff in #8471
(round 4 fixes) - Team model alias setting by @ishaan-jaff in #8474

Full Changelog: BerriAI/litellm@v1.61.0...v1.61.1

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.61.1

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	160.0	180.272351294557	6.268555221678184	0.0	1874	0	118.979319999994	3618.562145999988
Aggregated	Passed ✅	160.0	180.272351294557	6.268555221678184	0.0	1874	0	118.979319999994	3618.562145999988

`v1.61.0`

What's Changed

(Feat) - Allow calling Nova models on /bedrock/invoke/ by @ishaan-jaff in #8397
Run litellm in dev mode by @CakeCrusher in #8404
(Bug Fix) - Bedrock completions with aws_region_name by @ishaan-jaff in #8384
added gemini 2.0 models to docs by @mubashir1osmani in #8412
Added filter in Teams and fixed spacing & height issues in Teams tabs (#6192) by @tahaali-dev in #8357
Revert "Added filter in Teams and fixed spacing & height issues in Teams tabs (#6192)" by @krrishdholakia in #8416
Allow editing model api key + provider on UI by @krrishdholakia in #8406
Allow org admin to create teams on UI by @krrishdholakia in #8407
Azure api version check - fix str compare to convert to int by @krrishdholakia in #8438
Fix callback add when user_config passed + support passing openai org client-side by @krrishdholakia in #8443
Org UI Improvements by @krrishdholakia in #8436
(e2e testing) - add tests for using litellm /team/ updates in multi-instance deployments with Redis by @ishaan-jaff in #8440
(Feat) - Allow viewing Request/Response Logs stored in GCS Bucket by @ishaan-jaff in #8449

New Contributors

@CakeCrusher made their first contribution in #8404

Full Changelog: BerriAI/litellm@v1.60.8...v1.61.0

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.61.0

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	180.0	213.86169773089247	6.297834462789351	0.003342799608699231	1884	1	81.07622899996159	4173.802059999957
Aggregated	Passed ✅	180.0	213.86169773089247	6.297834462789351	0.003342799608699231	1884	1	81.07622899996159	4173.802059999957

`v1.60.8`

What's Changed

UI Updates by @krrishdholakia in #8345
OIDC Scope based model access by @krrishdholakia in #8343
Fix azure max retries error by @krrishdholakia in #8340
Update deepseek API prices for 2025-02-08 by @Winston-503 in #8363
fix(nvidia_nim/embed.py): add 'dimensions' support by @krrishdholakia in #8302
fix: dictionary changed size during iteration error (#8327) by @krrishdholakia in #8341
fix: add azure/o1-2024-12-17 to model_prices_and_context_window.json by @byrongrogan in #8371
(Security fix) Mask redis pwd on /cache/ping + add timeout value and elapsed time on azure + http calls by @krrishdholakia in #8377
Handle azure deepseek reasoning response (#8288) by @krrishdholakia in #8366
Anthropic Citations API Support by @krrishdholakia in #8382
(Feat) - Add /bedrock/invoke support for all Anthropic models by @ishaan-jaff in #8383
O3 mini native streaming support by @krrishdholakia in #8387

Full Changelog: BerriAI/litellm@v1.60.6...v1.60.8

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.60.8

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	170.0	189.56173781509457	6.206468643400922	0.0	1855	0	149.30551800000558	3488.08786699999
Aggregated	Passed ✅	170.0	189.56173781509457	6.206468643400922	0.0	1855	0	149.30551800000558	3488.08786699999

`v1.60.6`

Compare Source

What's Changed

Azure OpenAI improvements - o3 native streaming, improved tool call + response format handling by @krrishdholakia in #8292
Fix edit team on ui by @krrishdholakia in #8295
Improve rpm check on keys by @krrishdholakia in #8301
docs: fix enterprise links by @wagnerjt in #8294
Add gemini-2.0-flash pricing + model info by @krrishdholakia in #8303
Add Arize Cookbook for Turning on LiteLLM Proxy by @exiao in #8336
Add aistudio GEMINI 2.0 to model_prices_and_context_window.json by @dceluis in #8335
Fix pricing for Gemini 2.0 Flash 001 by @elabbarw in #8320
[DOCS] Update local_debugging.md by @rokbenko in #8308
(Bug Fix - Langfuse) - fix for when model response has choices=[] by @ishaan-jaff in #8339
Fixed meta llama 3.3 key for Databricks API by @anton164 in #8093
fix(utils.py): handle key error in msg validation by @krrishdholakia in #8325
(bug fix router.py) - safely handle choices=[] on llm responses by @ishaan-jaff in #8342
(QA+UI) - e2e flow for adding assembly ai passthrough endpoints by @ishaan-jaff in #8337

New Contributors

@exiao made their first contribution in #8336
@dceluis made their first contribution in #8335
@rokbenko made their first contribution in #8308
@anton164 made their first contribution in #8093

Full Changelog: BerriAI/litellm@v1.60.5...v1.60.6

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.60.6

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	200.0	217.05167674521235	6.288425886864887	0.0	1880	0	164.17646499996863	2306.284880000021
Aggregated	Passed ✅	200.0	217.05167674521235	6.288425886864887	0.0	1880	0	164.17646499996863	2306.284880000021

`v1.60.5`

Compare Source

What's Changed

Added a guide for users who want to use LiteLLM with AI/ML API. by @waterstark in #7058
Added compatibility guidance, etc. for xAI Grok model by @zhaohan-dong in #8282
(Security fix) - remove code block that inserts master key hash into DB by @ishaan-jaff in #8268
(UI) - Add Assembly AI provider to UI by @ishaan-jaff in #8297
(feat) - Add Assembly AI to model cost map by @ishaan-jaff in #8298
fixed issues #8126 and #8127 (#8275) by @ishaan-jaff in #8299
(Refactor) - migrate bedrock invoke to BaseLLMHTTPHandler class by @ishaan-jaff in #8290

New Contributors

@waterstark made their first contribution in #7058

Full Changelog: BerriAI/litellm@v1.60.4...v1.60.5

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.60.5

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	210.0	251.44053604962153	6.19421782055854	0.0	1854	0	167.35073600000305	4496.06190000003
Aggregated	Passed ✅	210.0	251.44053604962153	6.19421782055854	0.0	1854	0	167.35073600000305	4496.06190000003

`v1.60.4`

Compare Source

What's Changed

Internal User Endpoint - vulnerability fix + response type fix by @krrishdholakia in #8228
Litellm UI fixes 8123 v2 (#8208) by @ishaan-jaff in #8245
Update model_prices_and_context_window.json by @superpoussin22 in #8249
Update model_prices_and_context_window.json by @superpoussin22 in #8256
(dependency) - pip loosen httpx version requirement by @ishaan-jaff in #8255
Add hyperbolic deepseek v3 model configurations by @lowjiansheng in #8232
fix(prometheus.py): fix setting key budget metrics by @krrishdholakia in #8234
(feat) - add supports tool choice to model cost map by @ishaan-jaff in #8265
(feat) - track org_id in SpendLogs by @ishaan-jaff in #8253
(Bug fix) - Langfuse / Callback settings stored in DB by @ishaan-jaff in #8251
Fix passing top_k parameter for Bedrock Anthropic models (#8131) by @ishaan-jaff in #8269
(Feat) - Add support for structured output on bedrock/nova models + add util litellm.supports_tool_choice by @ishaan-jaff in #8264
[BETA] Support OIDC role based access to proxy by @krrishdholakia in #8260
Fix deepseek calling - refactor to use base_llm_http_handler by @krrishdholakia in #8266
allows dynamic message redaction by @krrishdholakia in #8270

Full Changelog: BerriAI/litellm@v1.60.2...v1.60.4

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.60.4

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	210.0	243.98647747354212	6.187158959524932	0.0033407985742575225	1852	1	94.81396500007122	3976.009301999966
Aggregated	Passed ✅	210.0	243.98647747354212	6.187158959524932	0.0033407985742575225	1852	1	94.81396500007122	3976.009301999966

`v1.60.2`

Compare Source

What's Changed

Control Model Access by IDP 'groups' by @krrishdholakia in #8164
build(schema.prisma): add new sso_user_id to LiteLLM_UserTable by @krrishdholakia in #8167
Litellm dev contributor prs 01 31 2025 by @krrishdholakia in #8168
Improved O3 + Azure O3 support by @krrishdholakia in #8181
test: add more unit testing for team member endpoints by @krrishdholakia in #8170
Add azure/deepseek-r1 by @Klohto in #8177
[Bug Fix] - /vertex_ai/ was not detected as llm_api_route on pass through but vertex-ai was by @ishaan-jaff in #8186
(UI + SpendLogs) - Store SpendLogs in UTC Timezone, Fix filtering logs by start/end time by @ishaan-jaff in #8190
Azure AI Foundry - Deepseek R1 by @elabbarw in #8188
fix(main.py): fix passing openrouter specific params by @krrishdholakia in #8184
Complete o3 model support by @krrishdholakia in #8183
Easier user onboarding via SSO by @krrishdholakia in #8187
LiteLLM Minor Fixes & Improvements (01/16/2025) - p2 by @krrishdholakia in #7828
Added deprecation date for gemini-1.5 models by @yurchik11 in #8210
docs: Updating the available VoyageAI models in the docs by @fzowl in #8215
build: ui updates by @krrishdholakia in #8206
Fix tokens for deepseek by @SmartManoj in #8207
(UI Fixes for add new model flow) by @ishaan-jaff in #8216
Update xAI provider and fix some old model config by @zhaohan-dong in #8218
Support guardrails mode as list, fix valid keys error in pydantic, add more testing by @krrishdholakia in #8224
docs: fix typo in lm_studio.md by @foreign-sub in #8222
(Feat) - New pass through add assembly ai passthrough endpoints by @ishaan-jaff in #8220
fix(openai/): allows 'reasoning_effort' param to be passed correctly by @krrishdholakia in #8227

New Contributors

@Klohto made their first contribution in #8177
@zhaohan-dong made their first contribution in #8218
@foreign-sub made their first contribution in #8222

Full Changelog: BerriAI/litellm@v1.60.0...v1.60.2

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.60.2

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	170.0	187.78487681207412	6.365583292626693	0.0	1905	0	135.5453470000043	3644.0179759999864
Aggregated	Passed ✅	170.0	187.78487681207412	6.365583292626693	0.0	1905	0	135.5453470000043	3644.0179759999864

`v1.60.0`

What's Changed

Important Changes between v1.50.xx to 1.60.0

def async_log_stream_event and def log_stream_event no longer supported for CustomLoggers https://docs.litellm.ai/docs/observability/custom_callback. If you want to log stream events use def async_log_success_event and def log_success_event for logging success stream events

Known Issues

🚨 Detected issue with Langfuse Logging when Langfuse credentials are stored in DB

Adding gemini-2.0-flash-thinking-exp-01-21 by @marcoaleixo in #8089
add groq/deepseek-r1-distill-llama-70b by @miraclebakelaser in #8078
(UI) Fix SpendLogs page - truncate bedrock models + show end_user by @ishaan-jaff in #8118
UI Fixes - Newly created key does not display on the View Key Page + Updated the validator to allow model editing when keyTeam.team_alias === "Default Team" by @ishaan-jaff in #8122
(Refactor / QA) - Use LoggingCallbackManager to append callbacks and ensure no duplicate callbacks are added by @ishaan-jaff in #8112
(UI) fix adding Vertex Models by @ishaan-jaff in #8129
Fix json_mode parameter propagation in OpenAILikeChatHandler by @miraclebakelaser in #8133
Doc updates - add key rotations to docs by @krrishdholakia in #8136
Enforce default_on guardrails always run + expose new litellm.disable_no_log_param param by @krrishdholakia in #8134
Doc updates + management endpoint fixes by @krrishdholakia in #8138
New stable release - release notes by @krrishdholakia in #8148
FEATURE: OpenAI o3-mini by @ventz in #8151
build: fix model cost map with o3 model pricing by @krrishdholakia in #8153
(Fixes) OpenAI Streaming Token Counting + Fixes usage track when litellm.turn_off_message_logging=True by @ishaan-jaff in #8156
(UI) Allow adding custom pricing when adding new model by @ishaan-jaff in #8165
(Feat) add bedrock/deepseek custom import models by @ishaan-jaff in #8132
Adding Azure OpenAI o3-mini costs & specs by @yigitkonur in #8166
Adjust model pricing metadata by @yurchik11 in #8147

New Contributors

@marcoaleixo made their first contribution in #8089
@yigitkonur made their first contribution in #8166

Full Changelog: BerriAI/litellm@v1.59.10...v1.60.0

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.60.0

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	240.0	281.07272626532927	6.158354312051399	0.0	1843	0	215.79772499995897	3928.489000000013
Aggregated	Passed ✅	240.0	281.07272626532927	6.158354312051399	0.0	1843	0	215.79772499995897	3928.489000000013

`v1.59.10`

Compare Source

What's Changed

(UI) - View Logs Page - Refinement by @ishaan-jaff in #8087
(Feat) pass through vertex - allow using credentials defined on litellm router for vertex pass through by @ishaan-jaff in #8100
(UI) Allow using a model / credentials for pass through routes by @ishaan-jaff in #8099
ui - fix chat ui tab sending model param by @ishaan-jaff in #8105
Litellm dev 01 29 2025 p1 by @krrishdholakia in #8097
Support new bedrock/converse_like/<model> route by @krrishdholakia in #8102
feat(databricks/chat/transformation.py): add tools and 'tool_choice' param support by @krrishdholakia in #8076

Full Changelog: BerriAI/litellm@v1.59.9...v1.59.10

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.59.10

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	210.0	239.24647793068146	6.21745665443628	0.00334092243655899	1861	1	73.25327600000264	3903.3159660000083
Aggregated	Passed ✅	210.0	239.24647793068146	6.21745665443628	0.00334092243655899	1861	1	73.25327600000264	3903.3159660000083

`v1.59.9`

Compare Source

What's Changed

Fix custom pricing - separate provider info from model info by @krrishdholakia in #7990
Litellm dev 01 25 2025 p4 by @krrishdholakia in #8006
(UI) - Adding new models enhancement - show provider logo by @ishaan-jaff in #8033
(UI enhancement) - allow onboarding wildcard models on UI by @ishaan-jaff in #8034
add openrouter/deepseek/deepseek-r1 by @paul-gauthier in #8038
(UI) - allow assigning wildcard models to a team / key by @ishaan-jaff in #8041
Add smolagents by @aymeric-roucher in #8026
(UI) fixes to add model flow by @ishaan-jaff in #8043
github - run stale issue/pr bot by @ishaan-jaff in #8045
(doc) Add nvidia as provider by @raspawar in #8023
feat(handle_jwt.py): initial commit adding custom RBAC support on jwt… by @krrishdholakia in #8037
fix(utils.py): handle failed hf tokenizer request during calls by @krrishdholakia in #8032
Bedrock document processing fixes by @krrishdholakia in #8005
Fix bedrock model pricing + add unit test using bedrock pricing api by @krrishdholakia in #7978
Add openai metadata param preview support + new x-litellm-timeout request header by @krrishdholakia in #8047
(beta ui - spend logs view fixes & Improvements 1) by @ishaan-jaff in #8062
(fix) - proxy reliability, ensure duplicate callbacks are not added to proxy by @ishaan-jaff in #8067
(UI) Fixes for Adding model page - keep existing page as default, have 2nd tab for wildcard models by @ishaan-jaff in #8073

New Contributors

@aymeric-roucher made their first contribution in #8026
@raspawar made their first contribution in #8023

Full Changelog: BerriAI/litellm@v1.59.8...v1.59.9

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.59.9

Don't want to maintain

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

bolt-new-by-stackblitz · 2025-03-20T19:04:56Z

Run & review this pull request in StackBlitz Codeflow.

codesandbox · 2025-03-20T19:04:56Z

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

sourcery-ai · 2025-03-20T19:04:58Z

Reviewer's Guide by Sourcery

This pull request updates the litellm dependency to version 1.53.1 to address a security vulnerability (CVE-2024-10188). The update includes several fixes and improvements to the LiteLLM proxy, such as enforcing unique key aliases, Datadog integration enhancements, and bug fixes.

Sequence diagram for key generation with unique alias enforcement

sequenceDiagram
    participant User
    participant LiteLLM Proxy
    participant Database

    User->>LiteLLM Proxy: /key/generate request with alias
    LiteLLM Proxy->>Database: Check if alias already exists
    alt Alias exists
        Database-->>LiteLLM Proxy: Alias already in use
        LiteLLM Proxy-->>User: Error: Alias already exists
    else Alias is unique
        Database-->>LiteLLM Proxy: Alias is unique
        LiteLLM Proxy->>Database: Store new key with alias
        Database-->>LiteLLM Proxy: Key stored successfully
        LiteLLM Proxy-->>User: Key generated successfully
    end

Sequence diagram for key update with unique alias enforcement

sequenceDiagram
    participant User
    participant LiteLLM Proxy
    participant Database

    User->>LiteLLM Proxy: /key/update request with alias
    LiteLLM Proxy->>Database: Check if alias already exists
    alt Alias exists and is not owned by the user
        Database-->>LiteLLM Proxy: Alias already in use by another user
        LiteLLM Proxy-->>User: Error: Alias already exists
    else Alias is unique or owned by the user
        Database-->>LiteLLM Proxy: Alias is unique or owned by the user
        LiteLLM Proxy->>Database: Update key with alias
        Database-->>LiteLLM Proxy: Key updated successfully
        LiteLLM Proxy-->>User: Key updated successfully
    end

Sequence diagram for Datadog logging with StandardLoggingPayload

sequenceDiagram
    participant LiteLLM Proxy
    participant LLM Provider
    participant Datadog

    LiteLLM Proxy->>LLM Provider: LLM Request
    LLM Provider-->>LiteLLM Proxy: LLM Response
    LiteLLM Proxy->>LiteLLM Proxy: Create StandardLoggingPayload
    LiteLLM Proxy->>Datadog: Log StandardLoggingPayload
    alt LLM Failure
        LiteLLM Proxy->>Datadog: Log LLM Failure
    end

File-Level Changes

Change	Details	Files
The litellm dependency was updated to address a security vulnerability.	Updated litellm from version 1.44.8 to 1.53.1 in `requirements.txt`. Updated litellm from version 1.49.0 to 1.53.1 in `apps/ai-gateway/requirements.txt`.	`requirements.txt` `apps/ai-gateway/requirements.txt`
The update includes fixes and improvements to the LiteLLM proxy, such as enforcing unique key aliases, Datadog integration enhancements, and bug fixes.	Enforced unique key aliases on /key/generate and /key/update requests. Enhanced Datadog integration with StandardLoggingPayload and failure logging support. Added PATCH support for LLM endpoints. Fixed /key/update to store `budget_duration` in the DB. Handled JSON decode errors for Datadog exception logging. Added enforcement for unique key aliases on /key/update and /key/generate. Allowed disabling ErrorLogs written to the DB.	`requirements.txt` `apps/ai-gateway/requirements.txt`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!
Generate a plan of action for an issue: Comment @sourcery-ai plan on
an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

sourcery-ai

We have skipped reviewing this pull request. Here's why:

It seems to have been created by a bot (hey, renovate[bot]!). We assume it knows what it's doing!
We don't review packaging changes - Let us know if you'd like us to change this.

qodo-merge-pro · 2025-03-20T19:05:16Z

CI Feedback 🧐

(Feedback updated until commit `b3422ca`)

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Build and Test
Failed stage: Setup pnpm [❌]
Failure summary: The action failed due to two separate issues: 1. The pnpm setup action failed because of conflicting pnpm versions: - The GitHub Action config specified version "latest" - The package.json file specified "pnpm@9.0.0" in the packageManager field This conflict causes version mismatch errors like ERR_PNPM_BAD_PM_VERSION. 2. The Codecov test results action failed because no JUnit XML test reports were found. The log shows "Found 0 test_results files to report" and suggests reviewing the documentation at https://docs.codecov.com/docs/test-result-ingestion-beta.
Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 136: ##[endgroup] 137: ##[warning]Cache not found for keys: Linux-turbo-9b8643e2a93a4370361add7dd13c7266d13bfada, Linux-turbo- 138: Cache not found for input keys: Linux-turbo-9b8643e2a93a4370361add7dd13c7266d13bfada, Linux-turbo- 139: ##[group]Run pnpm/action-setup@v4.0.0 140: with: 141: version: latest 142: dest: ~/setup-pnpm 143: run_install: null 144: package_json_file: package.json 145: standalone: false 146: env: 147: TURBO_TOKEN: 148: TURBO_TEAM: 149: ##[endgroup] 150: ##[group]Running self-installer... 151: Error: Multiple versions of pnpm specified: 152: - version latest in the GitHub Action config with the key "version" 153: - version pnpm@9.0.0 in the package.json with the key "packageManager" 154: Remove one of these versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION 155: at readTarget (/home/runner/work/_actions/pnpm/action-setup/v4.0.0/dist/index.js:1:4528) 156: at runSelfInstaller (/home/runner/work/_actions/pnpm/action-setup/v4.0.0/dist/index.js:1:3742) 157: at async install (/home/runner/work/_actions/pnpm/action-setup/v4.0.0/dist/index.js:1:2976) 158: at async main (/home/runner/work/_actions/pnpm/action-setup/v4.0.0/dist/index.js:1:444) 159: ##[error]Error: Multiple versions of pnpm specified: 160: - version latest in the GitHub Action config with the key "version" 161: - version pnpm@9.0.0 in the package.json with the key "packageManager" 162: Remove one of these versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION 163: ##[group]Run codecov/test-results-action@v1.0.2 ... 176: gpg: Total number processed: 1 177: gpg: imported: 1 178: gpg: Signature made Wed Mar 12 16:00:55 2025 UTC 179: gpg: using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869 180: gpg: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" [unknown] 181: gpg: WARNING: This key is not certified with a trusted signature! 182: gpg: There is no indication that the signature belongs to the owner. 183: Primary key fingerprint: 2703 4E7F DB85 0E0B BC2C 62FF 806B B28A ED77 9869 184: ==> Uploader SHASUM verified (39dd112393680356daf701c07f375303aef5de62f06fc80b466b5c3571336014 codecov) 185: ==> Running version latest 186: ==> Running version v10.2.1 187: ==> Running command '/home/runner/work/_actions/codecov/test-results-action/v1.0.2/dist/codecov do-upload' 188: [command]/home/runner/work/_actions/codecov/test-results-action/v1.0.2/dist/codecov do-upload -C b3422caafddca275e9f866c1181aba7720a9feb7 --report-type test_results 189: info - 2025-03-23 16:47:27,661 -- ci service found: github-actions 190: info - 2025-03-23 16:47:27,703 -- Found 0 test_results files to report 191: error - 2025-03-23 16:47:27,704 -- No JUnit XML reports found. Please review our documentation (https://docs.codecov.com/docs/test-result-ingestion-beta) to generate and upload the file. 192: info - 2025-03-23 16:47:28,131 -- No test results reports found. Triggering notifications without uploading.

pull-request-size bot added the size/XS label Mar 20, 2025

sourcery-ai bot reviewed Mar 20, 2025

View reviewed changes

renovate bot force-pushed the renovate/pypi-litellm-vulnerability branch from cf296ff to 7a10b95 Compare March 20, 2025 22:37

renovate bot changed the title ~~chore(deps): update dependency litellm to v1.53.1 [security]~~ chore(deps): update dependency litellm to v1.61.15 [security] Mar 20, 2025

renovate bot force-pushed the renovate/pypi-litellm-vulnerability branch from 7a10b95 to b3422ca Compare March 23, 2025 16:47

chore(deps): update dependency litellm to v1.61.15 [security]

577c360

renovate bot force-pushed the renovate/pypi-litellm-vulnerability branch from b3422ca to 577c360 Compare November 19, 2025 01:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update dependency litellm to v1.61.15 [security] #146

chore(deps): update dependency litellm to v1.61.15 [security] #146

Uh oh!

renovate bot commented Mar 20, 2025 •

edited

Loading

Uh oh!

bolt-new-by-stackblitz bot commented Mar 20, 2025

Uh oh!

codesandbox bot commented Mar 20, 2025

Uh oh!

sourcery-ai bot commented Mar 20, 2025 •

edited

Loading

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

sourcery-ai bot left a comment

Uh oh!

qodo-merge-pro bot commented Mar 20, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

chore(deps): update dependency litellm to v1.61.15 [security] #146

Are you sure you want to change the base?

chore(deps): update dependency litellm to v1.61.15 [security] #146

Uh oh!

Conversation

renovate bot commented Mar 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

Release Notes

What's Changed

New Contributors

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

New Contributors

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

New Contributors

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

New Contributors

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

New Contributors

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

Important Changes between v1.50.xx to 1.60.0

Known Issues

New Contributors

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

Docker Run LiteLLM Proxy

Don't want to maintain your internal proxy? get in touch 🎉

Load Test LiteLLM Proxy Results

What's Changed

New Contributors

Docker Run LiteLLM Proxy

Don't want to maintain

Configuration

Uh oh!

bolt-new-by-stackblitz bot commented Mar 20, 2025

Uh oh!

codesandbox bot commented Mar 20, 2025

Review or Edit in CodeSandbox

Uh oh!

sourcery-ai bot commented Mar 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviewer's Guide by Sourcery

Sequence diagram for key generation with unique alias enforcement

renovate bot commented Mar 20, 2025 •

edited

Loading

sourcery-ai bot commented Mar 20, 2025 •

edited

Loading

qodo-merge-pro bot commented Mar 20, 2025 •

edited

Loading

(Feedback updated until commit `b3422ca`)