security: lock litellm version to exclude compromised releases

[waynesun09]

Summary

This PR locks the litellm dependency to exclude compromised versions 1.82.7 and 1.82.8, which were published to PyPI by the TeamPCP threat actor on March 24, 2026.

Background

On March 24, 2026, two malicious versions of litellm (1.82.7 and 1.82.8) were published to PyPI containing credential-stealing malware. The attack vector was a supply chain compromise where attackers:

1. Compromised Trivy security scanner in LiteLLM's CI/CD pipeline
2. Obtained the PYPI_PUBLISH token from the GitHub repo
3. Published backdoored versions containing infostealers

The malware targeted:

• AWS, GCP, and GitHub credentials
• SSH keys
• Cryptocurrency wallets (Bitcoin, Ethereum, Solana, etc.)
• Slack and Discord tokens

PyPI has since yanked these versions, but projects with open-ended version constraints (>=1.80.0) could still inadvertently install them from caches or mirrors.

Changes

• pyproject.toml: Updated litellm constraint from >=1.80.0 to >=1.80.0,<1.82.7
• uv.lock: Regenerated to lock litellm at v1.82.6 (latest safe version)

References

• LiteLLM Issue #24518 - Official timeline and status
• OX Security Analysis
• The Register Coverage
• Wiz Blog: TeamPCP Supply Chain Attack

Test Plan

• uv.lock successfully regenerates with litellm 1.82.6
• Pre-commit hooks pass
• CI/CD pipeline validates the locked version

Summary by CodeRabbit

• Chores
  • Updated litellm dependency constraint to exclude versions 1.82.7 and later.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 189526ae-0667-40c2-a59f-815380da36dd

📥 Commits

Reviewing files that changed from the base of the PR and between 9630dca and cae59e3.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml

---

📝 Walkthrough

Walkthrough

The pyproject.toml file was updated to narrow the litellm dependency constraint from litellm>=1.80.0 to litellm>=1.80.0,<1.82.7, explicitly excluding versions 1.82.7 and above.

Changes

Cohort / File(s)	Summary
Dependency Configuration pyproject.toml	Narrowed litellm dependency version constraint by adding upper bound <1.82.7 to prevent package resolution from using versions >= 1.82.7.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Hops through versions with care,
Bounding upwards with flair,
Version caps now in place,
1.82.7 won't race,
Dependencies tidy and fair! 🍃

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a version constraint to litellm to exclude compromised releases (1.82.7 and 1.82.8), which aligns with the changeset that narrows the dependency from an unconstrained lower bound to an explicitly capped range.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud