Merge pull request aden-hive#6784 from aden-hive/fix/pin-litellm-1.81.7

TimothyZhang7 · web-flow · commit 8ecb7281481d · 2026-03-24T09:53:40.000-07:00
security: pin litellm==1.81.7 to block supply chain attack
diff --git a/core/pyproject.toml b/core/pyproject.toml
@@ -8,7 +8,7 @@ dependencies = [
   "pydantic>=2.0",
   "anthropic>=0.40.0",
   "httpx>=0.27.0",
-  "litellm>=1.81.0",
+  "litellm==1.81.7",  # pinned: supply chain attack in >=1.82.7 (adenhq/hive#6783)
   "mcp>=1.0.0",
   "fastmcp>=2.0.0",
   "croniter>=1.4.0",
diff --git a/tools/pyproject.toml b/tools/pyproject.toml
@@ -28,7 +28,7 @@ dependencies = [
     "python-dotenv>=1.0.0",
     "playwright>=1.40.0",
     "playwright-stealth>=1.0.5",
-    "litellm>=1.81.0",
+    "litellm==1.81.7",  # pinned: supply chain attack in >=1.82.7 (adenhq/hive#6783)
     "dnspython>=2.4.0",
     "resend>=2.0.0",
     "asana>=3.2.0",
diff --git a/uv.lock b/uv.lock
