From 03e73c9b7ca7f3adce46054f61dabf4be856a945 Mon Sep 17 00:00:00 2001 From: Ishaan Jaffer Date: Fri, 26 Sep 2025 19:31:56 -0700 Subject: [PATCH] fix security --- Dockerfile | 3 +++ requirements.txt | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7d198ff1d..6ab78d85e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,6 +50,9 @@ USER root # Install runtime dependencies RUN apk add --no-cache openssl tzdata +# Upgrade pip to fix CVE-2025-8869 +RUN pip install --upgrade pip>=24.3.1 + WORKDIR /app # Copy the current directory contents into the container at /app COPY . . diff --git a/requirements.txt b/requirements.txt index 3ae83c563..8e70e7a57 100644 --- a/requirements.txt +++ b/requirements.txt @@ -41,7 +41,7 @@ opentelemetry-sdk==1.25.0 opentelemetry-exporter-otlp==1.25.0 sentry_sdk==2.21.0 # for sentry error handling detect-secrets==1.5.0 # Enterprise - secret detection / masking in LLM requests -cryptography==43.0.1 +cryptography==44.0.1 tzdata==2025.1 # IANA time zone database litellm-proxy-extras==0.2.21 # for proxy extras - e.g. prisma migrations ### LITELLM PACKAGE DEPENDENCIES