Commit Graph

148 Commits

Author SHA1 Message Date
user
5bafa8b3a2
Drop dep bumps + black-26 reformat to clear fork CI policy
PR was blocked by .github/workflows/guard-fork-dependencies.yml: fork PRs
cannot modify uv.lock. Reverting:

- uv.lock + pyproject.toml black bump (24.10.0 -> 26.3.1) and the 295
  files of mechanical Black 26 reformat coupled to it
- pyproject.toml diskcache extra change (kept the runtime mitigation in
  litellm/caching/disk_cache.py via JSONDisk)

Kept:
- Dockerfile cache narrowing (drops ~660 MB of uv build cache that
  surfaced cached setuptools as CVE findings)
- litellm/caching/disk_cache.py: dc.JSONDisk to neutralize CVE-2025-69872
- ui/litellm-dashboard/package-lock.json + litellm-js/spend-logs/package-lock.json:
  next/postcss/hono/uuid CVE bumps (these are not blocked by the fork guard)
- tests/test_litellm/caching/test_disk_cache.py
- tests/code_coverage_tests/liccheck.ini: harmless black authorization

Black + gitpython + langchain dep upgrades will need a follow-up from a
maintainer pushing a branch in the canonical BerriAI/litellm repo.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 23:04:52 +00:00
user
4af58e1f97
[Security] Clear AWS Inspector CVE findings on Docker image
- Narrow /root/.cache COPY in Dockerfile to /root/.cache/prisma{,-python}
  only — drops ~660MB of uv build cache including a setuptools wheel
  that surfaced as CVE-2024-6345 / CVE-2025-47273 even though it was
  never on the runtime sys.path.
- DiskCache: switch to dc.JSONDisk to neutralize the pickle code path
  (CVE-2025-69872, no upstream fix). Values must be JSON-serializable;
  cleanup get_cache to skip the now-dead json.loads(dict) branch by
  guarding on isinstance(str).
- pyproject.toml: drop diskcache pin from [caching] extra (no fixed
  version exists). Stub kept so `pip install litellm[caching]` doesn't
  warn; users who want disk caching install diskcache themselves.
- Bump black 24.10.0 → 26.3.1 (CVE-2026-32274) + apply 296-file mechanical
  reformat. Black is dev-only (not in the runtime image), but bumping
  clears the manifest-scan finding.
- Refresh ui/litellm-dashboard/package-lock.json to pick up next 16.2.4
  (was 16.1.7, GHSA-q4gf-8mx6-v5v3), uuid 14.0.0, postcss 8.5.13.
- Refresh litellm-js/spend-logs/package-lock.json to pick up
  hono 4.12.16 (GHSA-458j-xx4x-4375).
- uv lock: gitpython 3.1.46 → 3.1.49 (clears two High GHSAs),
  langchain-text-splitters 1.1.1 → 1.1.2.
- Add tests/test_litellm/caching/test_disk_cache.py covering JSONDisk
  enforcement, dict/string round-trip, TTL, increment, delete/flush.

Net delta on combined trivy + grype scans: 17 findings → 4 (all
remaining 4 are Wolfi system python-3.13 CVEs marked WONTFIX upstream
in CPython 3.14; CVE-2026-3298 is Windows-unreachable on Linux).

Existing on-disk caches written by the previous pickle-format Disk
will silently miss after upgrade — diskcache is intended to be
ephemeral so impact is recreate-on-next-write.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 20:21:15 +00:00
Sameer Kankute
57eae8d01c
Merge branch 'litellm_internal_staging' into litellm_staging_03_22_2026 2026-04-20 19:56:00 +05:30
Ishaan Jaffer
e8461b5b97
style: run black formatter on files from main merge 2026-04-17 13:02:59 -07:00
Yuneng Jiang
95e1babf67
[Fix] TogetherAIConfig.get_supported_openai_params recursion
TogetherAIConfig.get_supported_openai_params called get_model_info(),
whose first line calls litellm.get_supported_openai_params() — which for
together_ai routes straight back into this method. The recursion only
terminated when Python's recursion limit was hit or when
_get_model_info_helper raised "not mapped" at the deepest level. Either
way the try/except caught it, so the bug stayed silent — but the cycle
ran ~332 deep every time, emitting hundreds of DEBUG log lines per
call. Surfaced as "infinite loop" in CI when the success_handler thread
emitted that log spam against an already-closed stderr during test
teardown.

Replace the get_model_info() call with supports_function_calling(),
which uses _get_model_info_helper directly and does not call
get_supported_openai_params. Measured drop from 332 to 2
_get_model_info_helper calls per first uncached lookup.

Also swap the test model from Qwen/Qwen3.5-9B (not in model_cost map)
back to a mapped serverless model, Qwen/Qwen2.5-7B-Instruct-Turbo. The
mapping gap is what made the recursion's tail end raise up into the
success handler during teardown in the first place.
2026-04-16 17:20:58 -07:00
Sameer Kankute
83d0f28aa8
Fix tests 2026-04-16 19:02:29 +05:30
Yuneng Jiang
a9c6156137
[Fix] Test - Together AI: replace deprecated Mixtral with serverless Qwen3.5-9B
Mixtral-8x7B-Instruct-v0.1 is no longer on Together AI's serverless tier
and now requires a dedicated endpoint, causing multiple tests to fail in CI:

  - test_together_ai.py::TestTogetherAI::test_empty_tools
  - test_completion.py::test_completion_together_ai_stream
  - test_completion.py::test_customprompt_together_ai
  - test_completion.py::test_completion_custom_provider_model_name
  - test_text_completion.py::test_async_text_completion_together_ai

Qwen/Qwen3.5-9B is currently serverless on Together AI and supports
function calling, satisfying BaseLLMChatTest capability requirements.
2026-04-14 17:43:35 -07:00
Ishaan Jaffer
a7bfe0c540 test_completion_azure 2026-03-30 21:07:49 -07:00
Ishaan Jaffer
98de60e741 test_completion_gpt4_turbo 2026-03-30 16:35:31 -07:00
Ishaan Jaffer
37bcc3252f test_completion_gpt4_turbo 2026-03-30 16:35:10 -07:00
yuneng-jiang
0ccaff8ed9
Merge pull request #24805 from BerriAI/litellm_/compassionate-kirch
[Test] Mock DeepInfra completion tests to avoid real API calls
2026-03-30 11:42:00 -07:00
Yuneng Jiang
868468db14
[Test] Mock DeepInfra completion tests to avoid real API calls
The DeepInfra tests were making real API calls and failing with AuthenticationError.
Mock the HTTP layer to verify request shape instead.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 11:07:34 -07:00
Krrish Dholakia
a92b31a636 test: remove dead tests 2026-03-28 20:36:08 -07:00
Krrish Dholakia
bc829d51f2 test: test 2026-03-28 19:17:38 -07:00
yuneng-jiang
82d3b23526 Update deprecated Together AI model in test_completion_together_ai_llama
Llama-3.2-3B-Instruct-Turbo is no longer available as a serverless model
on Together AI. Switch to Llama-3.3-70B-Instruct-Turbo which is still
available and has cost data in the model prices map.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-15 14:02:42 -07:00
yuneng-jiang
023654d9ad Fix flaky CI tests: mock timeout race, update deprecated model, fix callback leak
- test_hanging_request_azure: mock httpx.AsyncClient.send to simulate slow
  response instead of racing real network latency against a 10ms timeout.
  The old non-existent deployment (gpt-4o-new-test) returned 404 faster
  than the timeout, causing NotFoundError instead of APITimeoutError.
- test_completion_together_ai_llama: update model from deprecated
  Meta-Llama-3.1-8B-Instruct-Turbo to Llama-3.2-3B-Instruct-Turbo
  (Together AI removed the old model from serverless).
- conftest.py: clear litellm.callbacks list before each test to prevent
  proxy hooks (SkillsInjectionHook, VirtualKeyModelMaxBudgetLimiter)
  from leaking across tests via Router initialization.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 23:45:58 -07:00
yuneng-jiang
c27b65d09e [Fix] Replace deprecated claude-3-7-sonnet-20250219 with claude-sonnet-4-5-20250929 in test_completion
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-20 17:26:02 -08:00
Ishaan Jaffer
e5bbafba62 test_completion_openrouter_reasoning_effort 2026-02-14 12:04:05 -08:00
yuneng-jiang
c41459c8e3 fixing mistral model deprecation, cloud zero transform bug 2026-02-12 17:53:04 -08:00
shin-bot-litellm
fea40925cf
test: remove hosted_vllm from OpenAI client tests (#20163)
hosted_vllm no longer uses the OpenAI client, so these tests
that mock the OpenAI client are not applicable to hosted_vllm.

Removes hosted_vllm from:
- test_openai_compatible_custom_api_base
- test_openai_compatible_custom_api_video
2026-01-31 10:10:45 -08:00
Sameer Kankute
b729622bf5 Fix: generationConfig removal from tests 2026-01-22 19:00:37 +05:30
Ishaan Jaffer
5873cd4a32 test_completion_bedrock_titan_null_response 2026-01-07 15:09:44 +05:30
Ishaan Jaffer
269771a7c9 test_bedrock_httpx_streaming 2026-01-07 15:02:10 +05:30
Ishaan Jaffer
645ca64780 a121 fixes 2026-01-07 15:00:49 +05:30
Yuta Saito
23713d1811 fix: anthropic claude-3-opus-20240229 EOL 2026-01-06 16:06:21 +09:00
Ishaan Jaffer
148715541c test compl openai orgs 2025-12-20 23:41:29 +05:30
Ishaan Jaffer
6112160a16 Revert "[Fix] Security - Remove example API keys with high entropy (#18255)"
This reverts commit 24edbccf5c.
2025-12-20 20:48:11 +05:30
Alexsander Hamir
24edbccf5c
[Fix] Security - Remove example API keys with high entropy (#18255) 2025-12-19 10:09:50 -08:00
Alexsander Hamir
0c48826cdc
Revert "[Fix] CI/CD - local_testing & mapped tests (#18222)" (#18223)
This reverts commit dc7f500c47.
2025-12-18 14:46:09 -08:00
Alexsander Hamir
dc7f500c47
[Fix] CI/CD - local_testing & mapped tests (#18222) 2025-12-18 14:34:48 -08:00
Alexsander Hamir
6635325629
fix: filter internal params in fallback code and fix test issues (#17941)
- Filter skip_mcp_handler and other internal params in fallback_utils.py before calling acompletion
  Fixes issue where internal parameters were being passed to provider APIs causing errors
- Remove deployment field from GCS bucket logger test metadata
  Fixes model name mismatch where deployment field was overriding the model in logging
- Update Bedrock Titan test to use non-deprecated model (titan-text-express-v1)
  Fixes test failure due to deprecated amazon.titan-text-lite-v1 model
2025-12-13 15:05:26 -08:00
Ishaan Jaffer
01fd4d7cef fix fireworks test 2025-11-26 18:58:32 -08:00
Ishaan Jaffer
badbadba0d fix img URL for tests 2025-11-22 09:41:15 -08:00
Ishaan Jaff
bd7d653bae
Revert "Update perplexity cost tracking (#15743)" (#16345)
This reverts commit ad6a0f4d44.
2025-11-06 19:00:45 -08:00
Sameer Kankute
ad6a0f4d44
Update perplexity cost tracking (#15743)
* Update perplexity cost tracking

* fix lint errors

* fix code

* fix tests in perplexity

* fix test realted to api call

* fix exception test
2025-11-03 08:45:34 -08:00
Krish Dholakia
74ae7aed44
build: Squashed commit of the following: (#16176)
commit bb0b050fb01633d83c1c2932f8e9c11432911847
Author: Krrish Dholakia <krrishdholakia@gmail.com>
Date:   Sat Nov 1 20:00:01 2025 -0700

    test: update tests

commit b2da4bdac23868e69a9452805b231f8830e49912
Author: Krrish Dholakia <krrishdholakia@gmail.com>
Date:   Wed Oct 22 14:58:01 2025 -0700

    fix(langfuse_otel_attributes.py): log tools and other optional params

commit 75bee1f2748f32b230467de0b085c55bf1d687a9
Author: Krrish Dholakia <krrishdholakia@gmail.com>
Date:   Wed Oct 22 14:42:05 2025 -0700

    feat(langfuse_otel/): working request/response logging on spans

    Closes https://github.com/BerriAI/litellm/issues/13764

commit a3e4fa5b81e82f71c74fb9e7dc859c6cb40495f5
Author: Krrish Dholakia <krrishdholakia@gmail.com>
Date:   Wed Oct 22 14:20:39 2025 -0700

    fix: initial commit fixing langfuse request/response logging with OTEL

commit 09fc9deac844004104822810e42975cd9c68f0e3
Author: Krrish Dholakia <krrishdholakia@gmail.com>
Date:   Wed Oct 22 13:33:52 2025 -0700

    fix(litellm_logging.py): for responses api - return a unified usage object for logging

    ensures logging integrations all pull the right usage information
2025-11-02 09:46:40 -08:00
Ishaan Jaffer
2c52791b83 test_model_function_invoke 2025-10-25 14:56:12 -07:00
Ishaan Jaffer
e6b61213ca test_completion_azure_deployment_id 2025-10-25 12:26:06 -07:00
Ishaan Jaffer
762053a8e9 test_model_function_invoke 2025-10-25 12:26:06 -07:00
Ishaan Jaffer
214c10f6ef test_completion_cost_databricks_embedding 2025-10-25 11:47:03 -07:00
Ishaan Jaffer
74106589d0 test_completion_azure_ai_gpt_4o_with_flexible_api_base 2025-10-25 11:30:51 -07:00
Ishaan Jaffer
0bedf1c0a7 fix tests 2025-10-25 10:19:24 -07:00
Ishaan Jaff
f55745fc5e
[Fix] Forward anthropic-beta headers to Bedrock, VertexAI (#15700)
* [Fix] Forward anthropic-beta headers to Bedrock and other cross-provider scenarios (#15623)

* add_provider_specific_headers_to_request

* fix add_provider_specific_headers_to_request

* test_provider_specific_header_multi_provider

* test_provider_specific_header_in_request

---------

Co-authored-by: Jack Venberg <jack.venberg@rover.com>
2025-10-18 16:26:32 -07:00
Ishaan Jaffer
6d74f33043 test azure instruct 2025-09-27 15:01:25 -07:00
Ishaan Jaffer
5077e36f1b test_completion_azure 2025-09-27 15:01:25 -07:00
Ishaan Jaffer
0efb0e2990 test_completion_gemini 2025-09-27 14:00:01 -07:00
Ishaan Jaffer
04cc292c3f test_completion_base64 2025-09-27 13:58:54 -07:00
Ishaan Jaffer
c27beb74b9 test fix 2025-09-27 12:40:34 -07:00
Ishaan Jaffer
02cc9133a5 test_async_chat_azure_stream 2025-09-27 12:37:36 -07:00
Ishaan Jaffer
6964b5a67a test humanloop 2025-09-23 18:28:27 -07:00