fix(DATAGO-135081): bump litellm 1.74.3 -> 1.83.14 for critical vulnerability fixes

cyrus2281 · claude · cyrus2281 · commit a867451c233d · 2026-05-06T12:18:12.000-04:00
Addresses CVE-2026-35030 (CRITICAL) and CVE-2026-35029 (HIGH) across the llm, llm_ext_release, and all extras. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/pyproject.toml b/pyproject.toml
@@ -40,7 +40,7 @@ dependencies = [
 [project.optional-dependencies]
 # Basic LLM functionality
 llm = [
-    "litellm==1.74.3",
+    "litellm==1.83.14",  # [CVE-2026-35030, CVE-2026-35029] Security fix (bumped from 1.74.3)
 ]
 
 # OpenAI specific dependencies
@@ -137,7 +137,7 @@ llm_ext_release = [
     "jiter==0.9.0",
     "jsonschema==4.23.0",
     "jsonschema-specifications==2024.10.1",
-    "litellm==1.74.3",
+    "litellm==1.83.14",  # [CVE-2026-35030, CVE-2026-35029] Security fix (bumped from 1.74.3)
     "MarkupSafe==3.0.2",
     "multidict==6.2.0",
     "openai==1.72.0",
@@ -290,7 +290,7 @@ all = [
     "langchain==0.3.21",
 
     # From llm
-    "litellm==1.74.3",
+    "litellm==1.83.14",  # [CVE-2026-35030, CVE-2026-35029] Security fix (bumped from 1.74.3)
     
     # From openai
     "openai==1.72.0",
