From 578a7345a9db0111e56880ce8d298dcb172d366a Mon Sep 17 00:00:00 2001
From: Daniel Miller <daniel.miller@scale.com>
Date: Thu, 9 Apr 2026 12:04:26 -0400
Subject: [PATCH] fix: pin litellm <1.82.7 due to security vulnerability

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 agentex/pyproject.toml | 2 +-
 uv.lock                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/agentex/pyproject.toml b/agentex/pyproject.toml
index 799cefd..064f1d9 100644
--- a/agentex/pyproject.toml
+++ b/agentex/pyproject.toml
@@ -7,7 +7,7 @@ requires-python = ">=3.12,<3.13"
 readme = "README.md"
 dependencies = [
     "fastapi>=0.115.0",
-    "litellm>=1.48.2,<2",
+    "litellm>=1.48.2,<1.82.7",
     "python-dotenv>=1.0.1,<2",
     "temporalio>=1.18.0,<2",
     "uvicorn[standard]>=0.35.0,<0.36",
diff --git a/uv.lock b/uv.lock
index c801340..bb86e9b 100644
--- a/uv.lock
+++ b/uv.lock
@@ -128,7 +128,7 @@ requires-dist = [
     { name = "httpx", extras = ["http2"], specifier = ">=0.27.2" },
     { name = "json-log-formatter", specifier = ">=1.1.1" },
     { name = "kubernetes-asyncio", specifier = ">=31.1.0,<32" },
-    { name = "litellm", specifier = ">=1.48.2,<2" },
+    { name = "litellm", specifier = ">=1.48.2,<1.82.7" },
     { name = "opentelemetry-api", specifier = ">=1.28.0" },
     { name = "opentelemetry-exporter-otlp", specifier = ">=1.28.0" },
     { name = "opentelemetry-sdk", specifier = ">=1.28.0" },