mirror of
https://github.com/SamurAIGPT/llm-wiki-agent.git
synced 2026-07-03 02:47:03 +00:00
fix: pin litellm and networkx versions to prevent supply chain attacks
litellm 1.82.7–1.82.8 were compromised in a supply chain attack (Mar 2026) that could exfiltrate API keys and environment variables. Changes: - litellm>=1.0.0 → litellm~=1.83.10 (verified safe, post-incident) - networkx>=3.2 → networkx~=3.6.1 (latest stable) Uses ~= (compatible release) operator to allow patch-level updates while preventing major/minor version jumps. Closes #41
This commit is contained in:
parent
607d604d0a
commit
0b413061cb
1 changed files with 4 additions and 2 deletions
|
|
@ -1,2 +1,4 @@
|
|||
litellm>=1.0.0
|
||||
networkx>=3.2
|
||||
# litellm 1.82.7–1.82.8 were compromised in a supply chain attack (Mar 2026).
|
||||
# Pin to a verified safe version. See: https://github.com/SamurAIGPT/llm-wiki-agent/issues/41
|
||||
litellm~=1.83.10
|
||||
networkx~=3.6.1
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue