Skip to content

ECHO-744 bump litellm to >=1.83.0 to patch OIDC auth bypass (CVE)#538

Merged
ussaama merged 1 commit intomainfrom
fix/bump-litellm-cve-auth-bypass
Apr 16, 2026
Merged

ECHO-744 bump litellm to >=1.83.0 to patch OIDC auth bypass (CVE)#538
ussaama merged 1 commit intomainfrom
fix/bump-litellm-cve-auth-bypass

Conversation

@ussaama
Copy link
Copy Markdown
Contributor

@ussaama ussaama commented Apr 15, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

Release Notes

  • Chores
    • Updated litellm dependency to version 1.83.0 across server and usage tracker components.

@linear
Copy link
Copy Markdown

linear bot commented Apr 15, 2026

ECHO-744 Dependabot security fixes

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Apr 15, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b153e604-cb77-4501-87ce-24448e50e551

📥 Commits

Reviewing files that changed from the base of the PR and between 3587a0b and ec0b428.

⛔ Files ignored due to path filters (2)
  • echo/server/uv.lock is excluded by !**/*.lock
  • echo/tools/usage-tracker/uv.lock is excluded by !**/*.lock
📒 Files selected for processing (2)
  • echo/server/pyproject.toml
  • echo/tools/usage-tracker/pyproject.toml

Walkthrough

Bumped litellm dependency versions across two project configurations. echo/server/pyproject.toml pinned to 1.83.0 specifically, while echo/tools/usage-tracker/pyproject.toml now requires minimum version >=1.83.0.

Changes

Cohort / File(s) Summary
litellm Dependency Bump
echo/server/pyproject.toml, echo/tools/usage-tracker/pyproject.toml		 Updated litellm versions—server pinned to exact version 1.83.0, usage-tracker set minimum to >=1.83.0. No other dependency constraints modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

LGTM. Straightforward dependency version bumps across two projects, zero logic changes, minimal surface area.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and specifically describes the main change: bumping litellm to >=1.83.0 to address a security vulnerability (OIDC auth bypass CVE).
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/bump-litellm-cve-auth-bypass

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ussaama ussaama requested a review from spashii April 15, 2026 16:06
@ussaama ussaama added this pull request to the merge queue Apr 16, 2026
Merged via the queue into main with commit 3d0dd57 Apr 16, 2026
11 checks passed
@ussaama ussaama deleted the fix/bump-litellm-cve-auth-bypass branch April 16, 2026 08:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spashii spashii spashii approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ussaama @spashii