You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was trying to upgrade the version of litellm we use because older versions are vulnerable to CVE-2024-6119. This is fixed in versions 1.56.2 and above. However, I could not upgrade litellm because the latest versions of dspy lock the version of litellm to a lower value. I noticed that in the latest, unreleased version of the requirements file on the master branch, the version was changed to 1.57.4 which would solve the problem when dspy 2.6.0 is released.
I was wondering if it would be possible to upgrade this in version 2.5 and release a version 2.5.44 that allows us to patch this vulnerability. If that's not do-able, I was wondering if the team had a rough timeline for when dspy 2.6.0 would be released? Even another pre-release might help us if gets the job done.
Thanks!
The text was updated successfully, but these errors were encountered:
Hi dspy team!
I was trying to upgrade the version of
litellmwe use because older versions are vulnerable to CVE-2024-6119. This is fixed in versions1.56.2and above. However, I could not upgradelitellmbecause the latest versions ofdspylock the version of litellm to a lower value. I noticed that in the latest, unreleased version of the requirements file on the master branch, the version was changed to1.57.4which would solve the problem whendspy 2.6.0is released.I was wondering if it would be possible to upgrade this in version
2.5and release a version2.5.44that allows us to patch this vulnerability. If that's not do-able, I was wondering if the team had a rough timeline for whendspy 2.6.0would be released? Even another pre-release might help us if gets the job done.Thanks!
The text was updated successfully, but these errors were encountered: