ai-workspace-services/litellm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38,722 Commits 9 Branches 7 Tags 935 MiB
bfdd786962
Commit Graph

12 Commits

Author SHA1 Message Date
user
bfdd786962 chore(deps): refresh dependency locks 2026-05-04 11:36:18 -07:00
user
8d1493ed08
fix(security): bump vulnerable dependencies 
pip:
- cryptography 43.0.3 → 46.0.7 (5 CVEs including CVSS 8.2 ECDH key leak)

npm:
- hono 4.1.4/4.12.7 → 4.12.12 (prototype pollution, cookie injection,
  path traversal, middleware bypass, IP matching bypass)
- @hono/node-server 1.19.6 → 1.19.13 (serveStatic middleware bypass)
- vite 7.3.1 → 7.3.2 (file read via WebSocket, path traversal, fs.deny bypass)
- lodash override 4.17.23 → 4.18.1 (code injection via _.template,
  prototype pollution via _.unset/_.omit)

mlflow left at 3.9.0 — 2 of 3 alerts have no upstream fix, and
3.11.1 is blocked by exclude-newer (transitive dep chain).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 19:35:19 +00:00
Yuneng Jiang
006d481025
[Fix] Remove neon CLI dependency and pin all JS dependencies 
Remove @neondatabase/api-client and neonctl to address CVE-2026-25639
(axios supply chain vulnerability). Pin all JS dependencies to exact
versions across all package.json files to prevent future supply chain
attacks via semver range resolution.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-01 16:15:32 -07:00
dependabot[bot]
a78bd9a468
build(deps): bump hono from 4.10.6 to 4.12.7 in /litellm-js/spend-logs (#23312) 
* Rename 'Team-Based Guardrails' to 'Team Bring-Your-Own Guardrails' (#23307)

Co-authored-by: Cursor Agent <cursoragent@cursor.com>

* build(deps): bump hono from 4.10.6 to 4.12.7 in /litellm-js/spend-logs

Bumps [hono](https://github.com/honojs/hono) from 4.10.6 to 4.12.7.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.10.6...v4.12.7)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Krish Dholakia <krrishdholakia@gmail.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-11 14:13:33 +05:30
Ishaan Jaffer
dc08e2d057 fix pkg lock 2025-11-22 11:52:57 -08:00
dependabot[bot]
3319bbf277
chore(deps): bump hono from 4.9.7 to 4.10.3 in /litellm-js/spend-logs (#15915) 
Bumps [hono](https://github.com/honojs/hono) from 4.9.7 to 4.10.3.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.9.7...v4.10.3)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.10.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-28 19:28:10 -07:00
dependabot[bot]
d89c7f0eb7
build(deps): bump hono from 4.6.5 to 4.9.7 in /litellm-js/spend-logs (#14513) 
Bumps [hono](https://github.com/honojs/hono) from 4.6.5 to 4.9.7.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.6.5...v4.9.7)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.9.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-13 11:10:37 -07:00
dependabot[bot]
b8d4973661
Bump hono from 4.5.8 to 4.6.5 in /litellm-js/spend-logs (#6245) 
Bumps [hono](https://github.com/honojs/hono) from 4.5.8 to 4.6.5.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.5.8...v4.6.5)

---
updated-dependencies:
- dependency-name: hono
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-16 10:37:31 +05:30
dependabot[bot]
a3537afbdf
build(deps): bump hono from 4.2.7 to 4.5.8 in /litellm-js/spend-logs 
Bumps [hono](https://github.com/honojs/hono) from 4.2.7 to 4.5.8.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.2.7...v4.5.8)

---
updated-dependencies:
- dependency-name: hono
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-22 16:44:08 +00:00
dependabot[bot]
8500345bf3
build(deps): bump @hono/node-server in /litellm-js/spend-logs 
Bumps [@hono/node-server](https://github.com/honojs/node-server) from 1.9.0 to 1.10.1.
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](https://github.com/honojs/node-server/compare/v1.9.0...v1.10.1)

---
updated-dependencies:
- dependency-name: "@hono/node-server"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-25 23:43:28 +00:00
dependabot[bot]
7ca8809889
build(deps): bump hono from 4.1.5 to 4.2.7 in /litellm-js/spend-logs 
Bumps [hono](https://github.com/honojs/hono) from 4.1.5 to 4.2.7.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.1.5...v4.2.7)

---
updated-dependencies:
- dependency-name: hono
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-23 16:25:03 +00:00
Krrish Dholakia
5a2e3d65cb build(spend-logs): separate server for writing spend logs to db 2024-03-28 13:23:22 -07:00