fix(deps): bump litellm to >=1.84.0 to resolve 7 CVEs#277
Conversation
Addresses CVE-2026-49468 (Critical), CVE-2026-42271 (Critical), CVE-2026-42208 (Critical), CVE-2026-47102 (High), CVE-2026-47101 (High), CVE-2026-40217 (High), CVE-2026-42203 (High). Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
📝 WalkthroughWalkthroughUpdates the litellm dependency constraint in both pyproject.toml files, adds Dependabot configuration for Python dependency updates, and adds a workflow job that exports locked requirements, audits them, and records vulnerability findings. ChangesDependency and security configuration
Estimated code review effort: 4 (Complex) | ~45 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
- Add pip-audit job to check-code workflow to block PRs with known vulns - Add dependabot.yml for weekly dependency monitoring and auto-fix PRs Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/check-code.yaml:
- Around line 106-121: The check-vulnerabilities job is relying on the default
GITHUB_TOKEN scope instead of explicitly limiting access; update the job
definition in check-vulnerabilities to add a minimal permissions block with
contents: read only. Keep the rest of the steps unchanged and ensure the
permission setting is attached to the job that runs actions/checkout, setup-uv,
uv export, and pypa/gh-action-pip-audit.
- Line 109: Update the checkout step in the workflow to disable credential
persistence by setting persist-credentials to false on actions/checkout@v5. This
change should be made in the checkout job configuration so the GITHUB_TOKEN is
not left in git config for later steps like pip-audit or other actions.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 9b24d55a-3ea4-4e0f-99bd-7b7241c50e36
📒 Files selected for processing (2)
.github/dependabot.yml.github/workflows/check-code.yaml
✅ Files skipped from review due to trivial changes (1)
- .github/dependabot.yml
| check-vulnerabilities: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v5 | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v6 | ||
| with: | ||
| enable-cache: true | ||
| python-version: '3.12' | ||
| - name: Export requirements from lockfile | ||
| run: uv export --no-hashes --frozen > /tmp/requirements.txt | ||
| - name: Run pip-audit | ||
| uses: pypa/[email protected] | ||
| with: | ||
| inputs: /tmp/requirements.txt | ||
|
|
There was a problem hiding this comment.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
Add explicit permissions: block to check-vulnerabilities job.
The job relies on default GITHUB_TOKEN permissions, which are typically broader than needed (e.g., write access). Since this job only checks out code and audits dependencies, it should declare minimal permissions (contents: read).
🔒️ Proposed fix
check-vulnerabilities:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
steps:
- uses: actions/checkout@v5Static analysis flagged this as excessive-permissions.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| check-vulnerabilities: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| python-version: '3.12' | |
| - name: Export requirements from lockfile | |
| run: uv export --no-hashes --frozen > /tmp/requirements.txt | |
| - name: Run pip-audit | |
| uses: pypa/[email protected] | |
| with: | |
| inputs: /tmp/requirements.txt | |
| check-vulnerabilities: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| python-version: '3.12' | |
| - name: Export requirements from lockfile | |
| run: uv export --no-hashes --frozen > /tmp/requirements.txt | |
| - name: Run pip-audit | |
| uses: pypa/[email protected] | |
| with: | |
| inputs: /tmp/requirements.txt |
🧰 Tools
🪛 zizmor (1.26.1)
[warning] 109-109: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[warning] 106-120: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block
(excessive-permissions)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/check-code.yaml around lines 106 - 121, The
check-vulnerabilities job is relying on the default GITHUB_TOKEN scope instead
of explicitly limiting access; update the job definition in
check-vulnerabilities to add a minimal permissions block with contents: read
only. Keep the rest of the steps unchanged and ensure the permission setting is
attached to the job that runs actions/checkout, setup-uv, uv export, and
pypa/gh-action-pip-audit.
Source: Linters/SAST tools
…ical - pip-audit runs with JSON output and continue-on-error - Queries OSV API for CVSS severity of each finding - Fails build only for Critical (CVSS >= 9.0) vulnerabilities - Auto-creates/updates a GitHub issue listing High+Critical findings Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
There was a problem hiding this comment.
♻️ Duplicate comments (1)
.github/workflows/check-code.yaml (1)
108-111: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick winAdd
contents: readto this job.
actions/checkout@v5needs repository contents access; with onlyissues: write, checkout can fail.🔧 Proposed fix
permissions: + contents: read issues: write🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/check-code.yaml around lines 108 - 111, The check-code job is missing repository contents access, so add contents: read alongside the existing issues: write permissions in the workflow job that uses actions/checkout@v5. Update the job-level permissions block in the check-code workflow so checkout can read the repository while preserving the current issues permission.
🧹 Nitpick comments (1)
.github/workflows/check-code.yaml (1)
126-126: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick winHandle clean scans so old security issues do not stay open.
Because post-processing only runs when
pip-auditfails, a later clean scan cannot close or update the previously created High/Critical issue. Consider always running the issue-management step and closing the tracked issue when no High/Critical findings remain.Also applies to: 199-240
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/check-code.yaml at line 126, The issue-management step is gated on `steps.audit.outcome == 'failure'`, so clean `pip-audit` runs never get a chance to close or update an older security issue. Update the workflow logic around the post-processing block in the check-code job so the issue-management step always runs after the audit and can detect the no-findings case. Use the existing audit/output handling to close the tracked High/Critical issue when no vulnerabilities remain, while preserving the current create/update behavior when findings exist.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Duplicate comments:
In @.github/workflows/check-code.yaml:
- Around line 108-111: The check-code job is missing repository contents access,
so add contents: read alongside the existing issues: write permissions in the
workflow job that uses actions/checkout@v5. Update the job-level permissions
block in the check-code workflow so checkout can read the repository while
preserving the current issues permission.
---
Nitpick comments:
In @.github/workflows/check-code.yaml:
- Line 126: The issue-management step is gated on `steps.audit.outcome ==
'failure'`, so clean `pip-audit` runs never get a chance to close or update an
older security issue. Update the workflow logic around the post-processing block
in the check-code job so the issue-management step always runs after the audit
and can detect the no-findings case. Use the existing audit/output handling to
close the tracked High/Critical issue when no vulnerabilities remain, while
preserving the current create/update behavior when findings exist.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: bfbcf948-e7b9-4df3-9fb4-f7f4b824dd43
📒 Files selected for processing (1)
.github/workflows/check-code.yaml
…ling - Add explicit contents: read permission (least privilege) - Disable persist-credentials on checkout to avoid token leakage Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Addresses CVE-2026-49468 (Critical), CVE-2026-42271 (Critical), CVE-2026-42208 (Critical), CVE-2026-47102 (High),
CVE-2026-47101 (High), CVE-2026-40217 (High), CVE-2026-42203 (High).
resolve #278
Summary by CodeRabbit
litellmdependency to require at least version1.84.0for new installs.