build(deps): bump the pip group across 3 directories with 12 updates

[dependabot]

Bumps the pip group with 9 updates in the /autogpts/autogpt directory:

Package	From	To
orjson	3.9.10	3.9.15
pillow	10.2.0	10.3.0
pydantic	1.10.13	1.10.15
black	23.12.1	24.3.0
aiohttp	3.9.2	3.9.4
dnspython	2.4.2	2.6.1
idna	3.6	3.7
litellm	1.17.13	1.34.42
tqdm	4.66.1	4.66.3

Bumps the pip group with 7 updates in the /autogpts/forge directory:

Package	From	To
pillow	10.2.0	10.3.0
pydantic	1.10.13	1.10.15
black	23.12.1	24.3.0
aiohttp	3.9.2	3.9.4
idna	3.6	3.7
litellm	1.17.9	1.34.42
tqdm	4.66.1	4.66.3

Bumps the pip group with 8 updates in the /benchmark directory:

Package	From	To
fastapi	0.109.1	0.110.3
pillow	10.2.0	10.3.0
pydantic	1.10.13	1.10.15
black	22.3.0	24.3.0
aiohttp	3.9.2	3.9.4
idna	3.6	3.7
python-multipart	0.0.7	0.0.9
tqdm	4.66.1	4.66.3

Updates orjson from 3.9.10 to 3.9.15

Release notes

Sourced from orjson's releases.

3.9.15

Fixed

• Implement recursion limit of 1024 on orjson.loads().
• Use byte-exact read on str formatting SIMD path to avoid crash.

3.9.14

Fixed

• Fix crash serializing str introduced in 3.9.11.

Changed

• Build now depends on Rust 1.72 or later.

3.9.13

Fixed

• Serialization str escape uses only 128-bit SIMD.
• Fix compatibility with CPython 3.13 alpha 3.

Changed

• Publish musllinux_1_2 instead of musllinux_1_1 wheels.
• Serialization uses small integer optimization in CPython 3.12 or later.

3.9.12

Fixed

• Minimal musllinux_1_1 build due to sporadic CI failure.

Changed

• Update benchmarks in README.

3.9.11

Changed

• Improve performance of serializing. str is significantly faster. Documents using dict, list, and tuple are somewhat faster.

Changelog

Sourced from orjson's changelog.

3.9.15 - 2024-02-23

Fixed

• Implement recursion limit of 1024 on orjson.loads().
• Use byte-exact read on str formatting SIMD path to avoid crash.

3.9.14 - 2024-02-14

Fixed

• Fix crash serializing str introduced in 3.9.11.

Changed

• Build now depends on Rust 1.72 or later.

3.9.13 - 2024-02-03

Fixed

• Serialization str escape uses only 128-bit SIMD.
• Fix compatibility with CPython 3.13 alpha 3.

Changed

• Publish musllinux_1_2 instead of musllinux_1_1 wheels.
• Serialization uses small integer optimization in CPython 3.12 or later.

3.9.12 - 2024-01-18

Changed

• Update benchmarks in README.

Fixed

• Minimal musllinux_1_1 build due to sporadic CI failure.

3.9.11 - 2024-01-18

Changed

• Improve performance of serializing. str is significantly faster. Documents using dict, list, and tuple are somewhat faster.

Commits

• a348f59 3.9.15
• b0e4d2c yyjson 0eca326, recursion limit
• 5067ead impl_escape_unchecked() byte exact read
• e04ea73 cargo update, build misc
• ba8c701 3.9.14
• a2f7b7b impl_format_simd!() lift create from loop, rotate left
• 528220f format_escaped_str() fast and slow paths depending on page boundary
• 29884e6 Fix buffer overread in format_escaped_str
• c825472 cargo update
• 4eb4f00 3.9.13
• Additional commits viewable in compare view

Updates pillow from 10.2.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Updates pydantic from 1.10.13 to 1.10.15

Release notes

Sourced from pydantic's releases.

v1.10.15

What's Changed

• Add pydantic.v1 namespace to Pydantic v1 by @​exs-dmiketa in pydantic/pydantic#9042
• Relax version of typing-extensions for V1 by @​SonOfLilit in pydantic/pydantic#8819
• patch fix for mypy by @​sydney-runkle in pydantic/pydantic#8765

Full Changelog: pydantic/pydantic@v1.10.14...v1.10.15

v1.10.14 2024-01-19

What's Changed

• Update install.md by @​dmontagu in pydantic/pydantic#7690
• Fix ci to only deploy docs on release by @​sydney-runkle in pydantic/pydantic#7740
• Ubuntu fixes for V1 by @​sydney-runkle in pydantic/pydantic#8540 and pydantic/pydantic#8587
• Fix cached_property handling in dataclasses when copied by @​rdbisme in pydantic/pydantic#8407

New Contributors

• @​rdbisme made their first contribution in pydantic/pydantic#8407

Full Changelog: pydantic/pydantic@v1.10.13...v1.10.14

Changelog

Sourced from pydantic's changelog.

v1.10.15 (2024-04-03)

• Add pydantic.v1 namespace to Pydantic v1 by @​exs-dmiketa in pydantic/pydantic#9042
• Relax version of typing-extensions for V1 by @​SonOfLilit in pydantic/pydantic#8819
• patch fix for mypy by @​sydney-runkle in pydantic/pydantic#8765

v1.10.14 (2024-01-19)

• Update install.md by @​dmontagu in #7690
• Fix ci to only deploy docs on release by @​sydney-runkle in #7740
• Ubuntu fixes for V1 by @​sydney-runkle in #8540 and #8587
• Fix cached_property handling in dataclasses when copied by @​rdbisme in #8407

Commits

• 5476a75 prep for v1.10.15 release (#9157)
• aa98b58 Add pydantic.v1 namespace to Pydantic v1 (#9042)
• 9dac716 Relax version of typing-extensions for V1 (#8819)
• 856ea18 patch fix for mypy (#8765)
• 3ddb509 Prep for 1.10.14 release (#8588)
• c6fc582 Minor tweak to V1 docs url fix (#8587)
• f0766c0 Fix cached_property handling in dataclasses when copied in V1(#8407)
• 4e290ab Ubuntu fixes for V1 (#8540)
• 2e939dc Update v1 fixes ci to only deploy docs on release (#7740)
• ae53c9d Update install.md (#7690)
• See full diff in compare view

Updates black from 23.12.1 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

• 552baf8 Prepare release 24.3.0 (#4279)
• f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
• 7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
• 1abcffc Use regex where we ignore case on windows (#4252)
• 719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
• e5510af update plugin url for Thonny (#4259)
• 6af7d11 Fix AST safety check false negative (#4270)
• f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
• e4bfedb fix: Don't move comments while splitting delimiters (#4248)
• d0287e1 Make trailing comma logic more concise (#4202)
• Additional commits viewable in compare view

Updates aiohttp from 3.9.2 to 3.9.4

Release notes

Sourced from aiohttp's releases.

3.9.4

Bug fixes

• The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

  Related issues and pull requests on GitHub: #8089.

• Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

  Related issues and pull requests on GitHub: #8104.

• Improved the DNS resolution performance on cache hit -- by :user:bdraco.

  This is achieved by avoiding an :mod:asyncio task creation in this case.

  Related issues and pull requests on GitHub: #8163.

• Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append, :meth:aiohttp.MultipartWriter.append_json and :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

  Related issues and pull requests on GitHub: #7741.

• Ensure websocket transport is closed when client does not close it -- by :user:bdraco.

  The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.4 (2024-04-11)

Bug fixes

• The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

  Related issues and pull requests on GitHub: :issue:8089.

• Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

  Related issues and pull requests on GitHub: :issue:8104.

• Improved the DNS resolution performance on cache hit -- by :user:bdraco.

  This is achieved by avoiding an :mod:asyncio task creation in this case.

  Related issues and pull requests on GitHub: :issue:8163.

• Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append, :meth:aiohttp.MultipartWriter.append_json and :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

  Related issues and pull requests on GitHub: :issue:7741.

• Ensure websocket transport is closed when client does not close it -- by :user:bdraco.

  The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.

... (truncated)

Commits

• b3397c7 Release v3.9.4 (#8201)
• a7e240a [PR #8320/9ba9a4e5 backport][3.9] Fix Python parser to mark responses without...
• 2833552 Escape filenames and paths in HTML when generating index pages (#8317) (#8319)
• ed43040 [PR #8309/c29945a1 backport][3.9] Improve reliability of run_app test (#8315)
• ec2be05 [PR #8299/28d026eb backport][3.9] Create marker for internal tests (#8307)
• 292d961 [PR #8304/88c80c14 backport][3.9] Check for backports in CI (#8305)
• cebe526 Fix handling of multipart/form-data (#8280) (#8302)
• 270ae9c [PR #8297/d15f07cf backport][3.9] Upgrade to llhttp 9.2.1 (#8292) (#8298)
• bb23105 [PR #8283/54e13b0a backport][3.9] Fix blocking I/O in the event loop while pr...
• 3f79241 [PR #8286/28f1fd88 backport][3.9] docs: remove repetitive word in comment (#8...
• Additional commits viewable in compare view

Updates dnspython from 2.4.2 to 2.6.1

Release notes

Sourced from dnspython's releases.

dnspython 2.6.1

See What's New for details.

This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.6.0

See What's New for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.5.0

See the What's New page for a summary of this release.

Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

Changelog

Sourced from dnspython's changelog.

2.6.1

• The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from failing over to TCP and causing the query to timeout #1053.

2.6.0

• As mentioned in the "TuDoor" paper and the associated CVE-2023-29483, the dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query.

  This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

• Added support for the NSID EDNS option.

• Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose.

• The DoHNameserver class now allows GET to be used instead of the default POST, and also passes source and source_port correctly to the underlying query methods.

2.5.0

• Dnspython now uses hatchling for builds.

• Asynchronous destinationless sockets now work on Windows.

• Cython is no longer supported due to various typing issues.

• Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses. Previously it was possible for non-canonical IPv6 forms to be stored in a AAAA address, which would work correctly but possibly cause problmes if the address were used as a key in a dictionary.

• The number of messages in a section can be retrieved with section_count().

• Truncation preferences for messages can be specified.

• The length of a message can be automatically prepended when rendering.

... (truncated)

Commits

• 0a742b9 update CI
• 0ea5ad0 The Tudoor fix should not eat valid Truncated exceptions #1053 (#1054)
• f12d398 2.6.1 version prep
• cecb853 Further improve CVE fix coverage to 100% for sync and async.
• 7952e31 test IgnoreErrors
• e093299 For the Tudoor fix, we also need the UDP nameserver to ignore_unexpected.
• 3af9f78 2.6.0 versioning
• ca63d95 Require cryptography >=41 instead of 42.
• 902cbf3 Create CODE_OF_CONDUCT.md
• ed9795f github contributing and pull request template
• Additional commits viewable in compare view

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates litellm from 1.17.13 to 1.34.42

Release notes

Sourced from litellm's releases.

v1.34.42

What's Changed

• ui - setup sso on admin ui 👩‍🚀 by @​ishaan-jaff in BerriAI/litellm#2934
• [UI] Fix SSO Error - user not allowed to access info by @​ishaan-jaff in BerriAI/litellm#2939
• Fix - Embedding Caching - allow base 64 embedding cache hits by @​ishaan-jaff in BerriAI/litellm#2943
• Feature: add gemini-1.0-pro-001 and gemini-1.0-pro-002 to models list by @​Manouchehri in BerriAI/litellm#2940
• fix - return stack trace on failing /health checks - first 1000 chars by @​ishaan-jaff in BerriAI/litellm#2923
• fix - /config/update setting env variables by @​ishaan-jaff in BerriAI/litellm#2946
• Router Async Improvements by @​krrishdholakia in BerriAI/litellm#2942
• [FIX] - Security issue Server-Side Template Injection in /completions endpoint in by @​ishaan-jaff in BerriAI/litellm#2941

Full Changelog: BerriAI/litellm@1.34.40.dev1...v1.34.42

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	41	45.62665910765985	1.6134726654854352	0.0	483	0	35.47842400001855	1423.002457999985
/health/liveliness	Passed ✅	25	27.266815498923485	15.506708308868303	0.0	4642	0	23.460693000004085	1011.4049249999653
/health/readiness	Passed ✅	25	28.117354577288825	15.797333820042699	0.0	4729	0	23.34315000001652	1129.9532500000282
Aggregated	Passed ✅	25	28.574914115181734	32.91751479439644	0.0	9854	0	23.34315000001652	1423.002457999985

v1.34.41

What's Changed

• Fix - Embedding Caching - allow base 64 embedding cache hits by @​ishaan-jaff in BerriAI/litellm#2943

Full Changelog: BerriAI/litellm@1.34.39.dev1...v1.34.41

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	55	60.27472656762199	1.6302017598732303	0.0	488	0	49.61538999998538	853.5629180000228
/health/liveliness	Passed ✅	40	42.21640406246	15.617199236490475	0.0	4675	0	38.64845300000752	1119.598647000032
/health/readiness	Passed ✅	41	43.405607340724444	15.216329951275746	0.0	4555	0	38.678258999993886	1239.126835000036
Aggregated	Passed ✅	41	43.680623275776924	32.463730947639455	0.0	9718	0	38.64845300000752	1239.126835000036

v1.34.40

What's Changed

• ui - setup sso on admin ui 👩‍🚀 by @​ishaan-jaff in BerriAI/litellm#2934
• [UI] Fix SSO Error - user not allowed to access info by @​ishaan-jaff in BerriAI/litellm#2939
• ui - runtime error fix by @​krrishdholakia

Full Changelog: BerriAI/litellm@v1.34.39...v1.34.40

Load Test LiteLLM Proxy Results

... (truncated)

Commits

• a4d7ef9 bump: version 1.34.41 → 1.34.42
• 8a1cdc9 Merge pull request #2941 from BerriAI/litellm_fix_sec_report
• b3f62b7 fix cleanup
• 6a5d5bc fix use ImmutableSandboxedEnvironment
• f4d3467 fix: update gitignore
• f9cabf0 fix jinja2 use ImmutableSandboxedEnvironment
• 83e7ed9 Merge pull request #2942 from BerriAI/litellm_fix_router_loading
• de5dd73 docs(enterprise.md): improve language
• 79dc453 docs(enterprise.md): fix language
• 266dba6 fix(router.py): handle 1 deployment being picked
• Additional commits viewable in compare view

Updates tqdm from 4.66.1 to 4.66.3

Release notes

Sourced from tqdm's releases.

tqdm v4.66.3 stable

• cli: eval safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)

tqdm v4.66.2 stable

• pandas: add DataFrame.progress_map (#1549)
• notebook: fix HTML padding (#1506)
• keras: fix resuming training when verbose>=2 (#1508)
• fix format_num negative fractions missing leading zero (#1548)
• fix Python 3.12 DeprecationWarning on import (#1519)
• linting: use f-strings (#1549)
• update tests (#1549)
  • fix pandas warnings
  • fix asv (airspeed-velocity/asv#1323)
  • fix macos notebook docstring indentation
• CI: bump actions (#1549)

Commits

• 4e613f8 Merge pull request from GHSA-g7vv-2v7x-gj9p
• b53348c cli: eval safety
• cc372d0 bump version, merge pull request #1549 from tqdm/devel
• e9f0c05 use PyPI trusted publishing
• 7323d5b slight makefile clean
• 5306125 tests: bump pre-commit
• 4a6fd4f fix datetime.utcfromtimestamp py3.12 warning (#1519)
• 6f13759 te...

  Description has been truncated

[korbit-ai]

👋 I'm here to help you review your pull request. When you're ready for me to perform a review, you can comment anywhere on this pull request with this command: /korbit-review.

As a reminder, here are some helpful tips on how we can collaborate together:

• To have me re-scan your pull request, simply re-invoke the /korbit-review command in a new comment.
• You can interact with me by tagging @korbit-ai in any conversation in your pull requests.
• On any comment I make on your code, please leave a 👍 if it is helpful and a 👎 if it is unhelpful. This will help me learn and improve as we work together
• Lastly, to learn more, check out our Docs.

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[coderabbitai]

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

This PR exceeds the recommended size of 500 lines. Please make sure you are NOT addressing multiple issues with one PR.