[FIX] Bump litellm to 1.83.10 from PyPI to clear CVE-2026-42208#1975
Closed
pk-zipstack wants to merge 1 commit into
Closed
[FIX] Bump litellm to 1.83.10 from PyPI to clear CVE-2026-42208#1975pk-zipstack wants to merge 1 commit into
pk-zipstack wants to merge 1 commit into
Conversation
Customer scanner flagged litellm 1.82.3 for CVE-2026-42208 (SQL injection in litellm proxy auth path, affects 1.81.16-1.83.6). We do not use litellm.proxy, but vulnerability scanners flag the installed package regardless of which code path is reachable. Bump to 1.83.10 — the exact version recommended by the upstream advisory (v1.83.10-stable) and the smallest jump that clears the CVE range while keeping python-dotenv==1.0.1 compatible (1.83.14 would force bumping python-dotenv across 7+ pyproject.toml files). Only tiktoken needed to move 0.9 -> 0.12 to satisfy litellm's pin. Switch source back to PyPI now that the PyPI quarantine is over, reversing the temporary fork in #1873. Cohere embed timeout patch: verified that litellm/llms/cohere/embed/handler.py is byte-identical between v1.82.3, v1.83.10-stable, and v1.83.14-stable (the timeout-not-forwarded bug fixed in #1848 is still present upstream — BerriAI/litellm#14635 remains OPEN). Version guard bumped 1.82.3 -> 1.83.10; 6/6 patch tests pass on the new version, confirming the monkey-patch still binds correctly. Other cleanup from #1873: - Drop git apt-install from worker-unified and tool Dockerfiles (no git-sourced deps remain in any uv.lock) - Bump tool versions: structure 0.0.100 -> 0.0.101, classifier 0.0.79 -> 0.0.80, text_extractor 0.0.75 -> 0.0.76 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (8)
📒 Files selected for processing (11)
💤 Files with no reviewable changes (1)
Summary by CodeRabbit
WalkthroughThis PR coordinates synchronized version bumps and dependency updates across tools, containers, and the SDK. Tool versions are incremented (classifier to 0.0.80, structure to 0.0.101, text_extractor to 0.0.76), Dockerfiles are cleaned up by removing the git system dependency, and the SDK is pinned to litellm 1.83.10 with corresponding patch updates. ChangesTool versions, container updates, and SDK litellm upgrade
🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Contributor
Test ResultsSummary
Runner Tests - Full Report
SDK1 Tests - Full Report
|
Contributor
|
| Filename | Overview |
|---|---|
| unstract/sdk1/src/unstract/sdk1/patches/litellm_cohere_timeout.py | Version guard updated 1.82.3 → 1.83.10; patch body updated with copied-from comments; patch logic and monkey-patch bindings unchanged. Bug confirmed still present in 1.83.10, and 6 unit tests pass. |
| unstract/sdk1/pyproject.toml | Switches litellm from GitHub fork source to PyPI 1.83.10 exact pin; bumps tiktoken ~=0.9.0 → ~=0.12.0; removes the git-sourced uv.sources entry for litellm. |
| docker/dockerfiles/worker-unified.Dockerfile | Removes git from apt-get install; correct cleanup now that no git-sourced Python deps remain. |
| tools/classifier/Dockerfile | Removes git from apt install list. |
| tools/structure/Dockerfile | Removes git from apt install list. |
| tools/text_extractor/Dockerfile | Removes git from apt install list. |
| unstract/tool-registry/tool_registry_config/public_tools.json | Bumps classifier to 0.0.80, text_extractor to 0.0.76; consistent with properties.json tool version bumps. |
| backend/sample.env | Bumps structure tool image tag to 0.0.101 in both STRUCTURE_TOOL_IMAGE_URL and STRUCTURE_TOOL_IMAGE_TAG. |
| unstract/sdk1/uv.lock | litellm switched from git source (1.82.3) to PyPI registry (1.83.10); tiktoken 0.9.0 → 0.12.0; all hashes verified by uv. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Import litellm_cohere_timeout] --> B{litellm version\n== 1.83.10?}
B -- No --> C[log WARNING: patch SKIPPED]
C --> D[Bedrock Cohere embed uses\nunpatched litellm — timeout\nforwarding absent]
B -- Yes --> E[Defer-import litellm\ncohere/embed/handler]
E --> F[Define _patched_async_embedding\nwith timeout= kwarg forwarded]
E --> G[Define _patched_embedding\nwith timeout= kwarg forwarded]
F --> H[Monkey-patch\ncohere_handler.async_embedding]
G --> I[Monkey-patch\ncohere_handler.embedding\n+ bedrock cohere_embedding]
H --> J[log INFO: patch applied]
I --> J
Reviews (1): Last reviewed commit: "[FIX] Bump litellm to 1.83.10 from PyPI ..." | Re-trigger Greptile
Contributor
Author
|
Closing — this needs to be a hotfix on top of v0.163.4 (the OSS version paired with cloud v0.159.3). Reopening shortly as feature branch → v0.163.4-hotfix per the Hotfix Deployment Guide. Back-merge to main will follow per Step 9 of the guide. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
litellmfrom 1.82.3 (Zipstack GitHub fork) to 1.83.10 from PyPI, clearing CVE-2026-42208 (SQL injection in litellm proxy auth — affects 1.81.16–1.83.6) as reported by a customer scanner.litellm.proxy, but scanners flag the installed package regardless. 1.83.10 is the exact version recommended in the upstream advisory (v1.83.10-stable) and the smallest jump that clears the CVE range while keepingpython-dotenv==1.0.1compatible across the workspace.tiktoken0.9 → 0.12 (required by litellm's pin) — only constraint that needed to move.Cohere embed timeout patch
unstract/sdk1/src/unstract/sdk1/patches/litellm_cohere_timeout.py(added in #1848) is version-guarded to one exact litellm release. Before bumping the guard:litellm/llms/cohere/embed/handler.pyatv1.82.3,v1.83.10-stable, andv1.83.14-stableviagh api— byte-identical across all three.client.post()doesn't forwardtimeoutin eitherembedding()orasync_embedding()).tests/patches/test_litellm_cohere_timeout.py) pass on 1.83.10 — the suite assertsclient.post()receives the timeout kwarg, so green = patch is binding and behaving against the new module.Guard bumped 1.82.3 → 1.83.10; patch keeps doing real work.
Other cleanup from #1873
gitapt-install fromworker-unifiedand the three tool Dockerfiles (no git-sourced deps remain in anyuv.lock).public_tools.jsonandbackend/sample.env).Test plan
uv run pytest unstract/sdk1/tests/→ 332 passed on litellm 1.83.10uv run pytest unstract/sdk1/tests/patches/test_litellm_cohere_timeout.py→ 6 passed, confirms patch is active (_SKIP_PATCH=False) and timeout is forwarded correctlyuv lockclean across root, backend, prompt-service, platform-service, workers, sdk1, filesystem, tool-registry — all nowsource = { registry = "https://pypi.org/simple" }for litellmlitellm.proxyimports anywhere in the codebase🤖 Generated with Claude Code