fix(security): bump vulnerable dependencies (22 of 25 dependabot alerts)

[stuxf]

Relevant issues

Resolves dependabot alerts: #465, #466, #467, #468, #469, #470, #472, #474, #476, #479, #480, #481, #482, #483, #484, #485, #487, #488, #489, #490, #491, #494

Pre-Submission checklist

Please complete all items before asking a LiteLLM maintainer to review your PR

• I have Added testing in the tests/test_litellm/ directory, Adding at least 1 test is a hard requirement - see details
• My PR passes all unit tests on make test-unit
• My PR's scope is as isolated as possible, it only solves 1 specific problem
• I have requested a Greptile review by commenting @greptileai and received a Confidence Score of at least 4/5 before requesting a maintainer review

Type

🐛 Bug Fix

Changes

Bumps vulnerable dependencies to resolve 22 of 25 open dependabot alerts.

pip

• cryptography 43.0.3 → 46.0.7 — fixes 5 CVEs including CVE-2026-26007 (CVSS 8.2, ECDH private key leakage on SECT curves)
• litellm (cookbook pin) 1.61.15 → 1.83.5 — fixes 3 self-referential alerts (password hash exposure, OIDC cache key collision, privilege escalation)

npm

• hono 4.1.4/4.12.7 → 4.12.12 — fixes 12 alerts (prototype pollution, cookie injection, path traversal, middleware bypass, IP matching bypass)
• @hono/node-server 1.19.6 → 1.19.13 — fixes serveStatic middleware bypass
• vite 7.3.1 → 7.3.2 — fixes 3 alerts (arbitrary file read via WebSocket, path traversal, fs.deny bypass)
• lodash override 4.17.23 → 4.18.1 — fixes code injection via _.template, prototype pollution via _.unset/_.omit

Not fixed (3 remaining)

• mlflow [Bug]: Add exception mapping for oobabooga text web api  #478, [Feature]: Add budget manager to local proxy #492 — no upstream fix exists
• mlflow add deepeval testing #493 — requires 3.11.1 which is blocked by exclude-newer = "30 days" (published 2 days ago, transitive dep chain also too new)

Test plan

• No code logic changes — only version bumps in pyproject.toml, package.json, and lockfiles
• uv lock --check passes (locked with --exclude-newer-package 'cryptography=false')
• npm audit shows 0 vulnerabilities in ui/litellm-dashboard and litellm-js/spend-logs

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Apr 9, 2026 7:57pm

[greptile-apps]

Greptile Summary

This PR bumps 8 dependency files to remediate 22 open Dependabot security alerts across Python (cryptography 43→46, litellm cookbook pin) and JavaScript (hono, @hono/node-server, vite, lodash override). No application logic is changed; only version pins and lockfiles are updated.

Confidence Score: 5/5

Safe to merge — pure dependency version bumps with no application logic changes, all lockfiles updated consistently.

All changes are version pin updates in package manifests and lockfiles only. Every bump is justified by a concrete CVE or Dependabot alert, the lockfiles are consistent with the declared versions, and the PR correctly documents the 3 remaining alerts that cannot be fixed upstream yet. No application code is touched, so regression risk is low and the security benefit is high. All remaining findings are P2 or below.

No files require special attention.

Vulnerabilities

• CVE-2026-26007 (CVSS 8.2) — cryptography bumped from 43.0.3 → 46.0.7, fixing ECDH private-key leakage on SECT curves and 4 other CVEs.
• Prototype pollution / path traversal — hono bumped to 4.12.12, patching cookie injection, path traversal, middleware bypass, and IP-matching bypass.
• vite arbitrary file read via WebSocket — patched by the bump to 7.3.2.
• lodash code injection — override pinned to 4.18.1, closing _.template injection and _.unset/_.omit prototype pollution.
• Self-referential litellm alerts — cookbook pin updated to 1.83.5, resolving password-hash exposure, OIDC cache-key collision, and privilege escalation alerts.
• No new security concerns introduced by this PR.

Important Files Changed

Filename	Overview
pyproject.toml	Bumps cryptography from 43.0.3 → 46.0.7 in the proxy extra, addressing 5 CVEs; all other pins unchanged.
uv.lock	Lock file regenerated for cryptography-46.0.7 with matching sdist/wheel hashes; exclude-newer-package = "cryptography=false" override recorded.
cookbook/litellm-ollama-docker-image/requirements.txt	Updates pinned litellm from 1.61.15 → 1.83.5, resolving 3 self-referential Dependabot alerts.
litellm-js/proxy/package.json	Bumps hono from 4.1.4/4.12.7 → 4.12.12; fixes prototype pollution, cookie injection, and path traversal CVEs.
litellm-js/spend-logs/package.json	Bumps hono → 4.12.12 and @hono/node-server → 1.19.13, fixing serveStatic middleware bypass.
litellm-js/spend-logs/package-lock.json	Lock file updated consistently with hono 4.12.12 and @hono/node-server 1.19.13 resolutions.
ui/litellm-dashboard/package.json	Bumps vite → 7.3.2 (fixes WebSocket file-read, path traversal, fs.deny bypass) and pins lodash override to 4.18.1 (fixes _.template injection and prototype pollution).
ui/litellm-dashboard/package-lock.json	Lock file regenerated; lodash-4.18.1 resolved from registry and vite-7.3.2 resolved correctly.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[22 Dependabot Alerts] --> B{Ecosystem}

    B --> C[Python / pip]
    B --> D[JavaScript / npm]

    C --> C1["cryptography 43.0.3 → 46.0.7\n5 CVEs incl. CVSS 8.2"]
    C --> C2["litellm cookbook pin 1.61.15 → 1.83.5\n3 self-referential alerts"]

    D --> D1["hono 4.12.7 → 4.12.12\n12 alerts: prototype pollution, path traversal"]
    D --> D2["hono-node-server 1.19.6 → 1.19.13\nserveStatic bypass"]
    D --> D3["vite 7.3.1 → 7.3.2\n3 alerts: WebSocket file-read, fs.deny bypass"]
    D --> D4["lodash override 4.17.23 → 4.18.1\ntemplate injection, prototype pollution"]

    C1 --> E[pyproject.toml + uv.lock]
    C2 --> F[requirements.txt]
    D1 --> G[litellm-js package.json files]
    D2 --> G
    D3 --> H[ui/litellm-dashboard package.json]
    D4 --> H

    E & F & G & H --> Z[22 alerts resolved\n3 remaining: mlflow - no upstream fix]

Loading

_{Reviews (1): Last reviewed commit: "fix(security): bump vulnerable dependenc..." | Re-trigger Greptile}