Skip to content

litellm: update to 1.89.2#439

Open
dylanmtaylor wants to merge 1 commit into
docker-hardened-images:mainfrom
dylanmtaylor:fix/litellm-update-1.89.2
Open

litellm: update to 1.89.2#439
dylanmtaylor wants to merge 1 commit into
docker-hardened-images:mainfrom
dylanmtaylor:fix/litellm-update-1.89.2

Conversation

@dylanmtaylor

Copy link
Copy Markdown

Description

Updates the LiteLLM hardened image from 1.84.0 to 1.89.2, the latest upstream stable release from BerriAI/litellm. This brings DHI in line with the current upstream release as requested in #437.

Type of Change

  • Bug fix (image is out of date)

Related Issues

Fixes #437

Changes Made

Updated both image/litellm/debian-13/1.yaml (runtime) and image/litellm/debian-13/1-dev.yaml (dev):

  • Version vars _VERSION / VERSION / SEMVER_VERSION / DEBIAN_EPOCH_VERSION: 1.84.01.89.2
  • SEMVER_MAJOR_MINOR_VERSION / DEBIAN_EPOCH_MAJOR_MINOR_VERSION: 1.841.89
  • _COMMIT_SHA / COMMIT_SHA, source url and checksum: e1fc955…94dae27… (upstream tag v1.89.2)
  • Image tags and SPDX version / purl (pkg:pypi/litellm@1.89.2) updated accordingly

The Python base image references (3.13.14), CVE remediations, and npm patches are intentionally left unchanged — this matches the scope of prior LiteLLM version-bump commits.

Testing

  • Both YAML files parse correctly
  • Verified commit SHA 94dae27b0c555d2549ee5077a16d6ea5542244bd matches upstream tag v1.89.2
  • Confirmed all version/SHA references were updated consistently with no stale 1.84 references remaining

Note: I was unable to run a full DHI image build locally, as it depends on the dhi.io/build toolchain. CI build verification would be appreciated.

Checklist

  • My changes follow the repository's style and conventions
  • My commit messages are clear and descriptive

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Update litellm from 1.84.0 to 1.89.2 (latest upstream stable release) for
the debian-13 runtime and dev image configs.

- _VERSION / VERSION / SEMVER_VERSION / DEBIAN_EPOCH_VERSION: 1.84.0 -> 1.89.2
- SEMVER_MAJOR_MINOR_VERSION / DEBIAN_EPOCH_MAJOR_MINOR_VERSION: 1.84 -> 1.89
- _COMMIT_SHA / COMMIT_SHA + source url & checksum: e1fc955 -> 94dae27
  (upstream tag v1.89.2)
- image tags and SPDX purl updated accordingly

Fixes docker-hardened-images#437
@dylanmtaylor dylanmtaylor requested a review from a team as a code owner June 18, 2026 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[bug]: litellm is out of date (latest is 1.89, shipped is 1.84)

1 participant