From 01c685cd3a5eded27aec2eadad87fbedd640baf4 Mon Sep 17 00:00:00 2001
From: unclecode <unclecode@kidocode.com>
Date: Tue, 24 Mar 2026 14:03:26 +0000
Subject: [PATCH] fix: pin litellm to safe fork (v1.81.13) due to PyPI supply
 chain compromise

litellm versions 1.82.7 and 1.82.8 on PyPI were compromised with malicious
code. PyPI has quarantined the entire package, blocking all installs.
Temporarily pin to our own fork at a known-safe version.
---
 pyproject.toml   | 2 +-
 requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 6b44d075..5a30a9ed 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -18,7 +18,7 @@ dependencies = [
     "aiosqlite~=0.20",
     "anyio>=4.0.0",
     "lxml~=5.3",
-    "litellm>=1.53.1",
+    "litellm @ git+https://github.com/unclecode/litellm.git@safe-v1.81.13",
     "numpy>=1.26.0,<3",
     "pillow>=10.4",
     "playwright>=1.49.0",
diff --git a/requirements.txt b/requirements.txt
index c2b235d7..9f8b77ec 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,7 +5,7 @@ aiohttp>=3.11.11
 aiosqlite~=0.20
 anyio>=4.0.0
 lxml~=5.3
-litellm>=1.53.1
+litellm @ git+https://github.com/unclecode/litellm.git@safe-v1.81.13
 numpy>=1.26.0,<3
 pillow>=10.4
 playwright>=1.49.0