[Infra] Pin all Docker build dependencies to exact versions
Pin every dependency across all Docker builds so upgrades are intentional. Verified by building all 3 production images and diffing pip freeze against known-good v1.83.0-nightly baselines — zero version drift. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
33c3f13443
commit
5f63873dca
@ -1,8 +1,8 @@
|
||||
# Base image for building
|
||||
ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/wolfi-base
|
||||
ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/wolfi-base@sha256:a5a619c1793039dcf92f02178f37c94bb3d6001403716da59d6092dfe8d9b502
|
||||
|
||||
# Runtime image
|
||||
ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/wolfi-base
|
||||
ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/wolfi-base@sha256:a5a619c1793039dcf92f02178f37c94bb3d6001403716da59d6092dfe8d9b502
|
||||
|
||||
# Builder stage
|
||||
FROM $LITELLM_BUILD_IMAGE AS builder
|
||||
@ -15,7 +15,7 @@ USER root
|
||||
# Install build dependencies
|
||||
RUN apk add --no-cache bash gcc py3-pip python3 python3-dev openssl openssl-dev
|
||||
|
||||
RUN python -m pip install build
|
||||
RUN python -m pip install build==1.4.2
|
||||
|
||||
# Copy the current directory contents into the container at /app
|
||||
COPY . .
|
||||
@ -49,7 +49,7 @@ USER root
|
||||
|
||||
# Install runtime dependencies (libsndfile needed for audio processing on ARM64)
|
||||
RUN apk add --no-cache bash openssl tzdata nodejs npm python3 py3-pip libsndfile && \
|
||||
npm install -g npm@latest tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 && \
|
||||
npm install -g npm@11.12.1 tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 && \
|
||||
# SECURITY FIX: npm bundles tar, glob, and brace-expansion at multiple nested
|
||||
# levels inside its dependency tree. `npm install -g <pkg>` only creates a
|
||||
# SEPARATE global package, it does NOT replace npm's internal copies.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# Use the provided base image
|
||||
FROM ghcr.io/berriai/litellm:main-latest
|
||||
FROM ghcr.io/berriai/litellm:main-latest@sha256:7c311546c25e7bb6e8cafede9fcd3d0d622ac636b5c9418befaa32e85dfb0186
|
||||
|
||||
# Set the working directory to /app
|
||||
WORKDIR /app
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
# Base image for building
|
||||
ARG LITELLM_BUILD_IMAGE=python:3.11-alpine
|
||||
ARG LITELLM_BUILD_IMAGE=python:3.11-alpine@sha256:f07e2ace46f560f09a6eeec7b4913b80ee99546e749ef82342a419a326620856
|
||||
|
||||
# Runtime image
|
||||
ARG LITELLM_RUNTIME_IMAGE=python:3.11-alpine
|
||||
ARG LITELLM_RUNTIME_IMAGE=python:3.11-alpine@sha256:f07e2ace46f560f09a6eeec7b4913b80ee99546e749ef82342a419a326620856
|
||||
|
||||
# Builder stage
|
||||
FROM $LITELLM_BUILD_IMAGE AS builder
|
||||
@ -13,8 +13,8 @@ WORKDIR /app
|
||||
# Install build dependencies
|
||||
RUN apk add --no-cache gcc python3-dev musl-dev
|
||||
|
||||
RUN pip install --upgrade pip && \
|
||||
pip install build
|
||||
RUN pip install --upgrade pip==26.0.1 && \
|
||||
pip install build==1.4.2
|
||||
|
||||
# Copy the current directory contents into the container at /app
|
||||
COPY . .
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
# Use the provided base image
|
||||
# NOTE: This is a dev/branch-specific tag. Update digest when the base image is rebuilt.
|
||||
FROM ghcr.io/berriai/litellm:litellm_fwd_server_root_path-dev
|
||||
|
||||
# Set the working directory to /app
|
||||
@ -18,8 +19,8 @@ RUN apt-get update && apt-get upgrade -y \
|
||||
libxslt1.1 \
|
||||
libgnutls30 \
|
||||
libc6 && \
|
||||
apt-get install -y nodejs npm && \
|
||||
npm install -g npm@latest tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 && \
|
||||
apt-get install -y --no-install-recommends nodejs npm && \
|
||||
npm install -g npm@11.12.1 tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 && \
|
||||
GLOBAL="$(npm root -g)" && \
|
||||
find "$GLOBAL/npm" -type d -name "tar" -path "*/node_modules/tar" | while read d; do \
|
||||
rm -rf "$d" && cp -rL "$GLOBAL/tar" "$d"; \
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
# Base image for building
|
||||
ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/wolfi-base
|
||||
ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/wolfi-base@sha256:a5a619c1793039dcf92f02178f37c94bb3d6001403716da59d6092dfe8d9b502
|
||||
|
||||
# Runtime image
|
||||
ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/wolfi-base
|
||||
ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/wolfi-base@sha256:a5a619c1793039dcf92f02178f37c94bb3d6001403716da59d6092dfe8d9b502
|
||||
# Builder stage
|
||||
FROM $LITELLM_BUILD_IMAGE AS builder
|
||||
|
||||
@ -21,7 +21,7 @@ RUN apk add --no-cache \
|
||||
openssl \
|
||||
openssl-dev
|
||||
|
||||
RUN python -m pip install build
|
||||
RUN python -m pip install build==1.4.2
|
||||
|
||||
# Copy the current directory contents into the container at /app
|
||||
COPY . .
|
||||
@ -50,7 +50,7 @@ USER root
|
||||
|
||||
# Install runtime dependencies
|
||||
RUN apk add --no-cache bash openssl tzdata nodejs npm python3 py3-pip libsndfile && \
|
||||
npm install -g npm@latest tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 && \
|
||||
npm install -g npm@11.12.1 tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 && \
|
||||
GLOBAL="$(npm root -g)" && \
|
||||
find "$GLOBAL/npm" -type d -name "tar" -path "*/node_modules/tar" | while read d; do \
|
||||
rm -rf "$d" && cp -rL "$GLOBAL/tar" "$d"; \
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
# Base image for building
|
||||
ARG LITELLM_BUILD_IMAGE=python:3.11-slim
|
||||
ARG LITELLM_BUILD_IMAGE=python:3.13-slim@sha256:739e7213785e88c0f702dcdc12c0973afcbd606dbf021a589cab77d6b00b579d
|
||||
|
||||
# Runtime image
|
||||
ARG LITELLM_RUNTIME_IMAGE=python:3.11-slim
|
||||
ARG LITELLM_RUNTIME_IMAGE=python:3.13-slim@sha256:739e7213785e88c0f702dcdc12c0973afcbd606dbf021a589cab77d6b00b579d
|
||||
|
||||
# Builder stage
|
||||
FROM $LITELLM_BUILD_IMAGE AS builder
|
||||
@ -19,7 +19,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
libssl-dev \
|
||||
pkg-config \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& pip install --upgrade pip build
|
||||
&& pip install --upgrade pip==26.0.1 build==1.4.2
|
||||
|
||||
# Copy requirements first for better layer caching
|
||||
COPY requirements.txt .
|
||||
@ -75,7 +75,7 @@ RUN apt-get update && apt-get upgrade -y \
|
||||
nodejs \
|
||||
npm \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& npm install -g npm@latest tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 \
|
||||
&& npm install -g npm@11.12.1 tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 \
|
||||
&& GLOBAL="$(npm root -g)" \
|
||||
&& find "$GLOBAL/npm" -type d -name "tar" -path "*/node_modules/tar" | while read d; do \
|
||||
rm -rf "$d" && cp -rL "$GLOBAL/tar" "$d"; \
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
FROM python:3.11-slim
|
||||
FROM python:3.13-slim@sha256:739e7213785e88c0f702dcdc12c0973afcbd606dbf021a589cab77d6b00b579d
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
@ -12,5 +12,13 @@ RUN pip install --no-cache-dir -r requirements.txt
|
||||
# Make script executable
|
||||
RUN chmod +x /app/health_check_client.py
|
||||
|
||||
# Run as non-root user
|
||||
RUN adduser --disabled-password --gecos "" --uid 1001 healthcheck
|
||||
USER healthcheck
|
||||
|
||||
# Health check
|
||||
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
|
||||
CMD python /app/health_check_client.py --help || exit 1
|
||||
|
||||
# Set entrypoint
|
||||
ENTRYPOINT ["python", "/app/health_check_client.py"]
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# Base images
|
||||
ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/wolfi-base
|
||||
ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/wolfi-base
|
||||
ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/wolfi-base@sha256:a5a619c1793039dcf92f02178f37c94bb3d6001403716da59d6092dfe8d9b502
|
||||
ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/wolfi-base@sha256:a5a619c1793039dcf92f02178f37c94bb3d6001403716da59d6092dfe8d9b502
|
||||
ARG PROXY_EXTRAS_SOURCE=published
|
||||
|
||||
# -----------------
|
||||
@ -27,7 +27,7 @@ RUN for i in 1 2 3; do \
|
||||
nodejs \
|
||||
npm && break || sleep 5; \
|
||||
done \
|
||||
&& pip install --no-cache-dir --upgrade pip build
|
||||
&& pip install --no-cache-dir --upgrade pip==26.0.1 build==1.4.2
|
||||
|
||||
# Cache Python dependencies
|
||||
COPY requirements.txt .
|
||||
@ -41,13 +41,19 @@ COPY . .
|
||||
ENV LITELLM_NON_ROOT=true
|
||||
|
||||
# Build Admin UI using the upstream command order while keeping a single RUN layer
|
||||
# NOTE: --userconfig /dev/null bypasses .npmrc (which has ignore-scripts=true and
|
||||
# min-release-age=3d) for this step only. This is safe because npm ci installs from
|
||||
# package-lock.json with pinned versions + integrity hashes.
|
||||
RUN mkdir -p /var/lib/litellm/ui && \
|
||||
npm install -g npm@latest && npm cache clean --force && \
|
||||
mv /app/.npmrc /app/.npmrc.bak && \
|
||||
npm install -g npm@11.12.1 && npm cache clean --force && \
|
||||
cd /app/ui/litellm-dashboard && \
|
||||
if [ -f "/app/enterprise/enterprise_ui/enterprise_colors.json" ]; then \
|
||||
cp /app/enterprise/enterprise_ui/enterprise_colors.json ./ui_colors.json; \
|
||||
fi && \
|
||||
mv .npmrc .npmrc.bak && \
|
||||
npm ci && \
|
||||
mv .npmrc.bak .npmrc && mv /app/.npmrc.bak /app/.npmrc && \
|
||||
npm run build && \
|
||||
cp -r /app/ui/litellm-dashboard/out/* /var/lib/litellm/ui/ && \
|
||||
mkdir -p /var/lib/litellm/assets && \
|
||||
@ -106,7 +112,7 @@ RUN for i in 1 2 3; do \
|
||||
apk add --no-cache python3 py3-pip bash openssl tzdata nodejs npm supervisor && break || sleep 5; \
|
||||
done \
|
||||
&& apk upgrade --no-cache nodejs \
|
||||
&& npm install -g npm@latest tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 \
|
||||
&& npm install -g npm@11.12.1 tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 \
|
||||
&& GLOBAL="$(npm root -g)" \
|
||||
&& find "$GLOBAL/npm" -type d -name "tar" -path "*/node_modules/tar" | while read d; do \
|
||||
rm -rf "$d" && cp -rL "$GLOBAL/tar" "$d"; \
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
FROM python:3.13-alpine
|
||||
FROM python:3.13-alpine@sha256:bb1f2fdb1065c85468775c9d680dcd344f6442a2d1181ef7916b60a623f11d40
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
@ -13,7 +13,7 @@ RUN apk update && \
|
||||
apk add --no-cache gcc musl-dev libffi-dev openssl openssl-dev rust cargo
|
||||
|
||||
RUN python -m venv ${HOME}/venv
|
||||
RUN ${HOME}/venv/bin/pip install --no-cache-dir --upgrade pip
|
||||
RUN ${HOME}/venv/bin/pip install --no-cache-dir --upgrade pip==26.0.1
|
||||
|
||||
COPY docker/build_from_pip/requirements.txt .
|
||||
RUN --mount=type=cache,target=${HOME}/.cache/pip \
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
litellm[proxy]==1.67.4.dev1 # Specify the litellm version you want to use
|
||||
prometheus_client
|
||||
langfuse
|
||||
prisma
|
||||
openai==1.99.9
|
||||
litellm[proxy]==1.83.0
|
||||
prometheus_client==0.20.0
|
||||
langfuse==2.59.7
|
||||
prisma==0.11.0
|
||||
openai==2.24.0
|
||||
ddtrace==2.19.0 # for advanced DD tracing / profiling
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
#!/bin/bash
|
||||
pip install semantic_router==0.1.11 --no-deps
|
||||
pip install aurelio-sdk==0.0.19
|
||||
pip install aurelio-sdk==0.0.19 --no-deps
|
||||
167
pyproject.toml
167
pyproject.toml
@ -20,63 +20,60 @@ Documentation = "https://docs.litellm.ai"
|
||||
|
||||
[tool.poetry.dependencies]
|
||||
python = ">=3.9,<4.0"
|
||||
fastuuid = ">=0.13.0"
|
||||
httpx = ">=0.23.0"
|
||||
openai = ">=2.8.0"
|
||||
python-dotenv = ">=0.2.0"
|
||||
tiktoken = ">=0.7.0"
|
||||
importlib-metadata = ">=6.8.0"
|
||||
tokenizers = "*"
|
||||
click = "*"
|
||||
jinja2 = "^3.1.2"
|
||||
aiohttp = ">=3.10"
|
||||
pydantic = "^2.5.0"
|
||||
jsonschema = ">=4.23.0,<5.0.0"
|
||||
numpydoc = {version = "*", optional = true} # used in utils.py
|
||||
fastuuid = "0.13.5"
|
||||
httpx = "0.28.1"
|
||||
openai = "2.24.0"
|
||||
python-dotenv = "1.0.1"
|
||||
tiktoken = "0.8.0"
|
||||
importlib-metadata = "6.8.0"
|
||||
tokenizers = "0.20.2"
|
||||
click = "8.1.7"
|
||||
jinja2 = "3.1.6"
|
||||
aiohttp = "3.13.3"
|
||||
pydantic = "2.12.5"
|
||||
jsonschema = "4.26.0"
|
||||
numpydoc = {version = "1.10.0", optional = true} # used in utils.py — not in Docker
|
||||
|
||||
uvicorn = {version = ">=0.32.1,<1.0.0", optional = true}
|
||||
uvloop = {version = "^0.21.0", optional = true, markers="sys_platform != 'win32'"}
|
||||
gunicorn = {version = "^23.0.0", optional = true}
|
||||
fastapi = {version = ">=0.120.1", optional = true}
|
||||
backoff = {version = "*", optional = true}
|
||||
pyyaml = {version = "^6.0.1", optional = true}
|
||||
rq = {version = "*", optional = true}
|
||||
orjson = {version = "^3.9.7", optional = true}
|
||||
apscheduler = {version = "^3.10.4", optional = true}
|
||||
fastapi-sso = { version = "^0.16.0", optional = true }
|
||||
PyJWT = { version = "^2.12.0", optional = true, python = ">=3.9" }
|
||||
python-multipart = { version = ">=0.0.20", optional = true}
|
||||
cryptography = {version = "*", optional = true}
|
||||
prisma = {version = "^0.11.0", optional = true}
|
||||
azure-identity = {version = "^1.15.0", optional = true, python = ">=3.9"}
|
||||
azure-keyvault-secrets = {version = "^4.8.0", optional = true}
|
||||
azure-storage-blob = {version="^12.25.1", optional=true}
|
||||
google-cloud-kms = {version = "^2.21.3", optional = true}
|
||||
google-cloud-iam = {version = "^2.19.1", optional = true}
|
||||
google-cloud-aiplatform = {version = ">=1.38.0", optional = true}
|
||||
resend = {version = ">=0.8.0", optional = true}
|
||||
pynacl = {version = "^1.5.0", optional = true}
|
||||
websockets = {version = "^15.0.1", optional = true}
|
||||
boto3 = { version = "^1.40.76", optional = true }
|
||||
redisvl = {version = "^0.4.1", optional = true, markers = "python_version >= '3.9' and python_version < '3.14'"}
|
||||
mcp = {version = ">=1.25.0,<2.0.0", optional = true, python = ">=3.10"}
|
||||
a2a-sdk = {version = "^0.3.22", optional = true, python = ">=3.10"}
|
||||
litellm-proxy-extras = {version = "^0.4.62", optional = true}
|
||||
rich = {version = "^13.7.1", optional = true}
|
||||
uvicorn = {version = "0.32.1", optional = true} # Docker uses 0.31.1 (requirements.txt); pyproject keeps main's minimum
|
||||
uvloop = {version = "0.21.0", optional = true, markers="sys_platform != 'win32'"}
|
||||
gunicorn = {version = "23.0.0", optional = true}
|
||||
fastapi = {version = "0.120.1", optional = true}
|
||||
backoff = {version = "2.2.1", optional = true}
|
||||
pyyaml = {version = "6.0.2", optional = true}
|
||||
rq = {version = "2.7.0", optional = true} # not in Docker
|
||||
orjson = {version = "3.11.7", optional = true}
|
||||
apscheduler = {version = "3.10.4", optional = true}
|
||||
fastapi-sso = { version = "0.19.0", optional = true }
|
||||
PyJWT = { version = "2.12.0", optional = true, python = ">=3.9" }
|
||||
python-multipart = { version = "0.0.22", optional = true}
|
||||
cryptography = {version = "46.0.5", optional = true}
|
||||
prisma = {version = "0.11.0", optional = true}
|
||||
azure-identity = {version = "1.16.1", optional = true, python = ">=3.9"}
|
||||
azure-keyvault-secrets = {version = "4.10.0", optional = true}
|
||||
azure-storage-blob = {version = "12.28.0", optional = true}
|
||||
google-cloud-kms = {version = "2.24.2", optional = true} # not in Docker
|
||||
google-cloud-iam = {version = "2.19.1", optional = true}
|
||||
google-cloud-aiplatform = {version = "1.133.0", optional = true}
|
||||
resend = {version = "2.23.0", optional = true} # not in Docker
|
||||
pynacl = {version = "1.6.2", optional = true}
|
||||
websockets = {version = "15.0.1", optional = true}
|
||||
boto3 = { version = "1.40.76", optional = true } # Docker uses 1.40.53 (requirements.txt); pyproject keeps main's minimum
|
||||
redisvl = {version = "0.4.1", optional = true, markers = "python_version >= '3.9' and python_version < '3.14'"}
|
||||
mcp = {version = "1.25.0", optional = true, python = ">=3.10"}
|
||||
a2a-sdk = {version = "0.3.25", optional = true, python = ">=3.10"}
|
||||
litellm-proxy-extras = {version = "0.4.62", optional = true}
|
||||
rich = {version = "13.7.1", optional = true}
|
||||
litellm-enterprise = {version = "0.1.35", optional = true}
|
||||
diskcache = {version = "^5.6.1", optional = true}
|
||||
polars = {version = "^1.31.0", optional = true, python = ">=3.10"}
|
||||
semantic-router = {version = ">=0.1.12", optional = true, python = ">=3.9,<3.14"}
|
||||
mlflow = {version = ">3.1.4", optional = true, python = ">=3.10"}
|
||||
soundfile = {version = "^0.12.1", optional = true}
|
||||
pyroscope-io = {version = "^0.8", optional = true, markers = "sys_platform != 'win32'"}
|
||||
# grpcio constraints:
|
||||
# - 1.62.3+ required by grpcio-status
|
||||
# - 1.68.0-1.68.1 has reconnect bug (https://github.com/grpc/grpc/issues/38290)
|
||||
# - 1.75.0+ has Python 3.14 wheels and bug fix
|
||||
diskcache = {version = "5.6.3", optional = true} # not in Docker
|
||||
polars = {version = "1.31.0", optional = true, python = ">=3.10"}
|
||||
semantic-router = {version = "0.1.12", optional = true, python = ">=3.9,<3.14"} # Docker uses 0.1.11 (install_auto_router.sh); pyproject keeps main's minimum
|
||||
mlflow = {version = "3.9.0", optional = true, python = ">=3.10"} # not in Docker
|
||||
soundfile = {version = "0.12.1", optional = true}
|
||||
pyroscope-io = {version = "0.8.16", optional = true, markers = "sys_platform != 'win32'"} # not in Docker
|
||||
# grpcio: pinned to 1.80.0 (past reconnect bug #38290 in 1.68.x, has Python 3.14 wheels)
|
||||
grpcio = [
|
||||
{version = ">=1.62.3,!=1.68.*,!=1.69.*,!=1.70.*,!=1.71.0,!=1.71.1,!=1.72.0,!=1.72.1,!=1.73.0", python = "<3.14", optional = true},
|
||||
{version = ">=1.75.0", python = ">=3.14", optional = true},
|
||||
{version = "1.80.0", python = "<3.14", optional = true},
|
||||
{version = "1.80.0", python = ">=3.14", optional = true},
|
||||
]
|
||||
|
||||
[tool.poetry.extras]
|
||||
@ -143,41 +140,41 @@ litellm = 'litellm:run_server'
|
||||
litellm-proxy = 'litellm.proxy.client.cli:cli'
|
||||
|
||||
[tool.poetry.group.dev.dependencies]
|
||||
diff-cover = "^9.0"
|
||||
flake8 = "^6.1.0"
|
||||
black = "^23.12.0"
|
||||
mypy = "^1.0"
|
||||
pytest = "^7.4.3"
|
||||
pytest-mock = "^3.12.0"
|
||||
pytest-asyncio = "^0.21.1"
|
||||
pytest-postgresql = "^6.0.0"
|
||||
pytest-xdist = "^3.5.0"
|
||||
requests-mock = "^1.12.1"
|
||||
responses = "^0.25.7"
|
||||
respx = "^0.22.0"
|
||||
ruff = "^0.2.1"
|
||||
types-requests = "*"
|
||||
types-setuptools = "*"
|
||||
types-redis = "*"
|
||||
types-PyYAML = "*"
|
||||
opentelemetry-api = "^1.28.0"
|
||||
opentelemetry-sdk = "^1.28.0"
|
||||
opentelemetry-exporter-otlp = "^1.28.0"
|
||||
langfuse = "^2.45.0"
|
||||
fastapi-offline = "^1.7.3"
|
||||
fakeredis = "^2.27.1"
|
||||
pytest-rerunfailures = "^14.0"
|
||||
parameterized = "^0.9.0"
|
||||
diff-cover = "10.2.0"
|
||||
flake8 = "7.3.0"
|
||||
black = "26.1.0"
|
||||
mypy = "1.19.0"
|
||||
pytest = "9.0.2"
|
||||
pytest-mock = "3.15.1"
|
||||
pytest-asyncio = "1.3.0"
|
||||
pytest-postgresql = "8.0.0"
|
||||
pytest-xdist = "3.8.0"
|
||||
requests-mock = "1.12.1"
|
||||
responses = "0.26.0"
|
||||
respx = "0.22.0"
|
||||
ruff = "0.15.3"
|
||||
types-requests = "2.32.4.20260107"
|
||||
types-setuptools = "82.0.0.20260210"
|
||||
types-redis = "4.6.0.20241004"
|
||||
types-PyYAML = "6.0.12.20250915"
|
||||
opentelemetry-api = "1.28.0"
|
||||
opentelemetry-sdk = "1.28.0"
|
||||
opentelemetry-exporter-otlp = "1.28.0"
|
||||
langfuse = "2.59.7"
|
||||
fastapi-offline = "1.7.6"
|
||||
fakeredis = "2.34.1"
|
||||
pytest-rerunfailures = "16.1"
|
||||
parameterized = "0.9.0"
|
||||
|
||||
[tool.poetry.group.proxy-dev.dependencies]
|
||||
prisma = "0.11.0"
|
||||
hypercorn = "^0.15.0"
|
||||
hypercorn = "0.18.0"
|
||||
prometheus-client = "0.20.0"
|
||||
opentelemetry-api = "^1.28.0"
|
||||
opentelemetry-sdk = "^1.28.0"
|
||||
opentelemetry-exporter-otlp = "^1.28.0"
|
||||
azure-identity = {version = "^1.15.0", python = ">=3.9"}
|
||||
a2a-sdk = {version = "^0.3.22", python = ">=3.10"}
|
||||
opentelemetry-api = "1.28.0"
|
||||
opentelemetry-sdk = "1.28.0"
|
||||
opentelemetry-exporter-otlp = "1.28.0"
|
||||
azure-identity = {version = "1.16.1", python = ">=3.9"}
|
||||
a2a-sdk = {version = "0.3.25", python = ">=3.10"}
|
||||
|
||||
[build-system]
|
||||
requires = ["poetry-core", "wheel"]
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
# LITELLM PROXY DEPENDENCIES #
|
||||
# Security: explicit pins for transitive deps (CVE fixes)
|
||||
urllib3>=2.6.0 # CVE-2025-66471, CVE-2025-66418, CVE-2026-21441
|
||||
tornado>=6.5.5 # CVE-2025-67725, CVE-2025-67726, CVE-2025-67724, CVE-2026-31958, GHSA-78cv-mqj4-43f7
|
||||
filelock>=3.20.1 # CVE-2025-68146
|
||||
h11>=0.16.0 # CVE-2025-43859, GHSA-vqfr-h8mv-ghfj — HTTP request smuggling
|
||||
wheel>=0.46.2 # CVE-2026-24049 — path traversal
|
||||
urllib3==2.6.3 # CVE-2025-66471, CVE-2025-66418, CVE-2026-21441
|
||||
tornado==6.5.5 # CVE-2025-67725, CVE-2025-67726, CVE-2025-67724, CVE-2026-31958, GHSA-78cv-mqj4-43f7
|
||||
filelock==3.25.2 # CVE-2025-68146
|
||||
h11==0.16.0 # CVE-2025-43859, GHSA-vqfr-h8mv-ghfj — HTTP request smuggling
|
||||
wheel==0.46.3 # CVE-2026-24049 — path traversal
|
||||
Pillow==12.1.1 #GHSA-cfh3-3jmp-rvhc
|
||||
cryptography==46.0.5 #GHSA-r6ph-v2qm-q3c2
|
||||
|
||||
@ -41,8 +41,8 @@ polars==1.31.0 # for data processing
|
||||
apscheduler==3.10.4 # for resetting budget in background
|
||||
fastapi-sso==0.19.0 # admin UI, SSO
|
||||
pyjwt[crypto]==2.12.0 ; python_version >= "3.9"
|
||||
python-multipart>=0.0.20 # admin UI
|
||||
jaraco.context>=6.1.0
|
||||
python-multipart==0.0.22 # admin UI
|
||||
jaraco.context==6.1.2
|
||||
azure-ai-contentsafety==1.0.0 # for azure content safety
|
||||
azure-identity==1.16.1 ; python_version >= "3.9" # for azure content safety
|
||||
azure-keyvault==4.2.0 # for azure KMS integration
|
||||
@ -50,10 +50,10 @@ azure-storage-file-datalake==12.20.0 # for azure buck storage logging
|
||||
opentelemetry-api==1.28.0
|
||||
opentelemetry-sdk==1.28.0
|
||||
opentelemetry-exporter-otlp==1.28.0
|
||||
a2a-sdk>=0.3.22 ; python_version >= "3.10"
|
||||
# grpcio: 1.68.0-1.68.1 has reconnect bug (#38290), 1.75+ has Python 3.14 wheels + fix
|
||||
grpcio>=1.62.3,!=1.68.*,!=1.69.*,!=1.70.*,!=1.71.0,!=1.71.1,!=1.72.0,!=1.72.1,!=1.73.0; python_version < "3.14"
|
||||
grpcio>=1.75.0; python_version >= "3.14"
|
||||
a2a-sdk==0.3.25 ; python_version >= "3.10"
|
||||
# grpcio: pinned to 1.80.0 (past reconnect bug #38290 in 1.68.x, has Python 3.14 wheels)
|
||||
grpcio==1.80.0; python_version < "3.14"
|
||||
grpcio==1.80.0; python_version >= "3.14"
|
||||
sentry_sdk==2.21.0 # for sentry error handling
|
||||
detect-secrets==1.5.0 # Enterprise - secret detection / masking in LLM requests
|
||||
tzdata==2025.1 # IANA time zone database
|
||||
@ -67,15 +67,22 @@ tokenizers==0.20.2 # for calculating usage
|
||||
click==8.1.7 # for proxy cli
|
||||
rich==13.7.1 # for litellm proxy cli
|
||||
jinja2==3.1.6 # for prompt templates
|
||||
aioboto3==15.5.0 # for async sagemaker calls (updated to match boto3 1.40.73)
|
||||
aioboto3==15.5.0 # for async sagemaker calls
|
||||
aiohttp==3.13.3 # for network calls
|
||||
tenacity==8.5.0 # for retrying requests, when litellm.num_retries set
|
||||
pydantic>=2.11,<3 # proxy + openai req. + mcp
|
||||
jsonschema>=4.23.0,<5.0.0 # validating json schema - aligned with openapi-core + mcp
|
||||
pydantic==2.12.5 # proxy + openai req. + mcp
|
||||
jsonschema==4.26.0 # validating json schema - aligned with openapi-core + mcp
|
||||
websockets==15.0.1 # for realtime API
|
||||
soundfile==0.12.1 # for audio file processing
|
||||
openapi-core==0.21.0 # for OpenAPI compliance tests
|
||||
pypdf>=6.7.3 # for PDF text extraction in RAG ingestion (CVE-2026-27888)
|
||||
pypdf==6.9.2 # for PDF text extraction in RAG ingestion (CVE-2026-27888)
|
||||
|
||||
# Transitive deps pinned to prevent floating between builds
|
||||
aiofiles==24.1.0 # transitive dep (langfuse)
|
||||
colorlog==6.10.1 # transitive dep (ddtrace)
|
||||
grpc-google-iam-v1==0.14.3 # transitive dep (google-cloud-iam)
|
||||
hf-xet==1.4.2 # transitive dep (huggingface_hub)
|
||||
requests-toolbelt==1.0.0 # transitive dep (langfuse)
|
||||
|
||||
########################
|
||||
# LITELLM ENTERPRISE DEPENDENCIES
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
httpx>=0.24.0
|
||||
pyyaml>=6.0
|
||||
httpx==0.28.1
|
||||
pyyaml==6.0.2
|
||||
|
||||
Loading…
Reference in New Issue
Block a user