Skip to content

fix(deps): bump litellm to >=1.84.0 to resolve 7 CVEs#277

Merged
gaodan-fang merged 5 commits into
mainfrom
fix/litellm-cve-bump
Jul 2, 2026
Merged

fix(deps): bump litellm to >=1.84.0 to resolve 7 CVEs#277
gaodan-fang merged 5 commits into
mainfrom
fix/litellm-cve-bump

Conversation

@gaodan-fang

@gaodan-fang gaodan-fang commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Addresses CVE-2026-49468 (Critical), CVE-2026-42271 (Critical), CVE-2026-42208 (Critical), CVE-2026-47102 (High),
CVE-2026-47101 (High), CVE-2026-40217 (High), CVE-2026-42203 (High).

resolve #278

Summary by CodeRabbit

  • Chores
    • Updated the Python litellm dependency to require at least version 1.84.0 for new installs.
  • Security
    • Added an automated vulnerability audit to the code-check workflow, including severity classification and automated tracking of critical/high findings.
    • Updated Dependabot settings to run weekly Python dependency security checks with security-focused grouping.

Addresses CVE-2026-49468 (Critical), CVE-2026-42271 (Critical),
CVE-2026-42208 (Critical), CVE-2026-47102 (High),
CVE-2026-47101 (High), CVE-2026-40217 (High), CVE-2026-42203 (High).

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Updates the litellm dependency constraint in both pyproject.toml files, adds Dependabot configuration for Python dependency updates, and adds a workflow job that exports locked requirements, audits them, and records vulnerability findings.

Changes

Dependency and security configuration

Layer / File(s) Summary
Update litellm constraints
pyproject.toml, explorations/claudecode/pyproject.toml
The litellm requirement is raised to >=1.84.0 in both project configuration files.
Configure Dependabot
.github/dependabot.yml
Dependabot is set up for weekly Python dependency updates at the repository root with a security-only group.
Audit and report vulnerabilities
.github/workflows/check-code.yaml
A new workflow job exports requirements, runs pip-audit, queries OSV for severity, updates a GitHub issue, and fails on critical findings.

Estimated code review effort: 4 (Complex) | ~45 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the main change: bumping litellm to >=1.84.0 for security fixes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/litellm-cve-bump

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

- Add pip-audit job to check-code workflow to block PRs with known vulns
- Add dependabot.yml for weekly dependency monitoring and auto-fix PRs

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/check-code.yaml:
- Around line 106-121: The check-vulnerabilities job is relying on the default
GITHUB_TOKEN scope instead of explicitly limiting access; update the job
definition in check-vulnerabilities to add a minimal permissions block with
contents: read only. Keep the rest of the steps unchanged and ensure the
permission setting is attached to the job that runs actions/checkout, setup-uv,
uv export, and pypa/gh-action-pip-audit.
- Line 109: Update the checkout step in the workflow to disable credential
persistence by setting persist-credentials to false on actions/checkout@v5. This
change should be made in the checkout job configuration so the GITHUB_TOKEN is
not left in git config for later steps like pip-audit or other actions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9b24d55a-3ea4-4e0f-99bd-7b7241c50e36

📥 Commits

Reviewing files that changed from the base of the PR and between f28f76b and 0447bec.

📒 Files selected for processing (2)
  • .github/dependabot.yml
  • .github/workflows/check-code.yaml
✅ Files skipped from review due to trivial changes (1)
  • .github/dependabot.yml

Comment on lines +106 to +121
check-vulnerabilities:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
enable-cache: true
python-version: '3.12'
- name: Export requirements from lockfile
run: uv export --no-hashes --frozen > /tmp/requirements.txt
- name: Run pip-audit
uses: pypa/[email protected]
with:
inputs: /tmp/requirements.txt

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win

Add explicit permissions: block to check-vulnerabilities job.

The job relies on default GITHUB_TOKEN permissions, which are typically broader than needed (e.g., write access). Since this job only checks out code and audits dependencies, it should declare minimal permissions (contents: read).

🔒️ Proposed fix
   check-vulnerabilities:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@v5

Static analysis flagged this as excessive-permissions.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
check-vulnerabilities:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
enable-cache: true
python-version: '3.12'
- name: Export requirements from lockfile
run: uv export --no-hashes --frozen > /tmp/requirements.txt
- name: Run pip-audit
uses: pypa/[email protected]
with:
inputs: /tmp/requirements.txt
check-vulnerabilities:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v5
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
enable-cache: true
python-version: '3.12'
- name: Export requirements from lockfile
run: uv export --no-hashes --frozen > /tmp/requirements.txt
- name: Run pip-audit
uses: pypa/[email protected]
with:
inputs: /tmp/requirements.txt
🧰 Tools
🪛 zizmor (1.26.1)

[warning] 109-109: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)


[warning] 106-120: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block

(excessive-permissions)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/check-code.yaml around lines 106 - 121, The
check-vulnerabilities job is relying on the default GITHUB_TOKEN scope instead
of explicitly limiting access; update the job definition in
check-vulnerabilities to add a minimal permissions block with contents: read
only. Keep the rest of the steps unchanged and ensure the permission setting is
attached to the job that runs actions/checkout, setup-uv, uv export, and
pypa/gh-action-pip-audit.

Source: Linters/SAST tools

Comment thread .github/workflows/check-code.yaml
gaodan-fang and others added 2 commits July 1, 2026 16:12
…ical

- pip-audit runs with JSON output and continue-on-error
- Queries OSV API for CVSS severity of each finding
- Fails build only for Critical (CVSS >= 9.0) vulnerabilities
- Auto-creates/updates a GitHub issue listing High+Critical findings

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
.github/workflows/check-code.yaml (1)

108-111: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Add contents: read to this job.

actions/checkout@v5 needs repository contents access; with only issues: write, checkout can fail.

🔧 Proposed fix
     permissions:
+      contents: read
       issues: write
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/check-code.yaml around lines 108 - 111, The check-code job
is missing repository contents access, so add contents: read alongside the
existing issues: write permissions in the workflow job that uses
actions/checkout@v5. Update the job-level permissions block in the check-code
workflow so checkout can read the repository while preserving the current issues
permission.
🧹 Nitpick comments (1)
.github/workflows/check-code.yaml (1)

126-126: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Handle clean scans so old security issues do not stay open.

Because post-processing only runs when pip-audit fails, a later clean scan cannot close or update the previously created High/Critical issue. Consider always running the issue-management step and closing the tracked issue when no High/Critical findings remain.

Also applies to: 199-240

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/check-code.yaml at line 126, The issue-management step is
gated on `steps.audit.outcome == 'failure'`, so clean `pip-audit` runs never get
a chance to close or update an older security issue. Update the workflow logic
around the post-processing block in the check-code job so the issue-management
step always runs after the audit and can detect the no-findings case. Use the
existing audit/output handling to close the tracked High/Critical issue when no
vulnerabilities remain, while preserving the current create/update behavior when
findings exist.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In @.github/workflows/check-code.yaml:
- Around line 108-111: The check-code job is missing repository contents access,
so add contents: read alongside the existing issues: write permissions in the
workflow job that uses actions/checkout@v5. Update the job-level permissions
block in the check-code workflow so checkout can read the repository while
preserving the current issues permission.

---

Nitpick comments:
In @.github/workflows/check-code.yaml:
- Line 126: The issue-management step is gated on `steps.audit.outcome ==
'failure'`, so clean `pip-audit` runs never get a chance to close or update an
older security issue. Update the workflow logic around the post-processing block
in the check-code job so the issue-management step always runs after the audit
and can detect the no-findings case. Use the existing audit/output handling to
close the tracked High/Critical issue when no vulnerabilities remain, while
preserving the current create/update behavior when findings exist.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bfbcf948-e7b9-4df3-9fb4-f7f4b824dd43

📥 Commits

Reviewing files that changed from the base of the PR and between 0447bec and 3e64c3b.

📒 Files selected for processing (1)
  • .github/workflows/check-code.yaml

…ling

- Add explicit contents: read permission (least privilege)
- Disable persist-credentials on checkout to avoid token leakage

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@gaodan-fang gaodan-fang requested a review from jayaramkr July 1, 2026 20:47
@gaodan-fang gaodan-fang merged commit 2cae2fc into main Jul 2, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add CVE scanner

2 participants