Skip to content

ci: update litellm requirement from <=1.83.13,>=1.75.9 to >=1.75.9,<=1.86.0#2323

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/litellm-gte-1.75.9-and-lte-1.86.0
Open

ci: update litellm requirement from <=1.83.13,>=1.75.9 to >=1.75.9,<=1.86.0#2323
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/litellm-gte-1.75.9-and-lte-1.86.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Updates the requirements on litellm to permit the latest version.

Release notes

Sourced from litellm's releases.

v1.86.0

[!NOTE] Two things to be aware of about the non-root image in this release:

  • Dockerfile build patch. The non-root Dockerfile failed to build at the v1.86.0 tag, and a patch was applied to produce ghcr.io/berriai/litellm-non_root:v1.86.0. The non-root image was built from commit a13cd212c82f00d73456a375dd0d89cef85244a8.
  • No cosign attestation. The non-root image was published without a cosign signature. If you run cosign verify on images before deploying, this image will not pass verification and you will not be able to upgrade to it.

The ghcr.io/berriai/litellm:v1.86.0 and ghcr.io/berriai/litellm-database:v1.86.0 images are signed normally. v1.86.1 ships early next week with signed builds of all three images.

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.86.0

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.0/cosign.pub \
  ghcr.io/berriai/litellm:v1.86.0

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

What's Changed

... (truncated)

Commits
  • a72414a Merge pull request #28100 from BerriAI/litellm_internal_staging
  • cf9b5e4 [Infra] Bump versions (#28094)
  • 1b0ae3a fix(mcp-oauth): PROXY_BASE_URL escape hatch + diagnostic logging for {"detail...
  • 3d5a9ed feat: add Terraform stacks for deploying LiteLLM on AWS and GCP (#27673)
  • fbe0ee8 fix(proxy): sort BYOK models by their displayed name in /v2/model/info (#28079)
  • cd551f6 chore: update Next.js build artifacts (2026-05-16 22:22 UTC, node v20.20.2) (...
  • 86f73e5 feat(otel): set http.response.status_code on the success SERVER span (#28090)
  • 1b9acec feat(model_catalog): add Azure AI Foundry GPT-5.4 model metadata (#28030)
  • fbb39ef build(deps): pin openai==2.33.0 in uv.lock (#28088)
  • 0300333 feat(otel): OTel-standard attributes on the proxy SERVER span (status code, r...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
ci: update litellm requirement
35bef83 
Updates the requirements on [litellm](https://github.com/BerriAI/litellm) to permit the latest version.
- [Release notes](https://github.com/BerriAI/litellm/releases)
- [Commits](BerriAI/litellm@litellm_1.81.13-dev...v1.86.0)

---
updated-dependencies:
- dependency-name: litellm
  dependency-version: 1.86.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 25, 2026
@dependabot dependabot Bot mentioned this pull request May 25, 2026
Closed
@dependabot dependabot Bot requested a deployment to manual-approval May 25, 2026 11:26 Waiting
@dependabot dependabot Bot requested a deployment to manual-approval May 25, 2026 11:26 Waiting
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code size/xs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants