chore: Update Python dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
hypothesis (changelog)	==6.152.7 → ==6.152.9
litellm	==1.84.0 → ==1.85.0
lxml (source, changelog)	==6.1.0 → ==6.1.1
types-pyyaml (changelog)	==6.0.12.20260510 → ==6.0.12.20260518
zensical (changelog)	==0.0.42 → ==0.0.43

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

BerriAI/litellm (litellm)

v1.85.0

Compare Source

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.85.0

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.85.0/cosign.pub \
  ghcr.io/berriai/litellm:v1.85.0

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

---

What's Changed

• fix: strip 'openrouter/' prefix from model names (#​24234) by @​kimimgo in #​24282
• feat(bedrock): add Z.AI GLM-5 model support by @​Chesars in #​24338
• fix(gemini): return separate embeddings for multimodal inputs by @​Chesars in #​24337
• refactor: Remove redundant backup file by @​Chesars in #​16590
• feat(gemini): support combined multimodal embeddings via nested input by @​Chesars in #​24341
• merge litellm_internal_staging by @​Sameerlite in #​25944
• docs(readme): update Greptile logo to higher quality image by @​Chesars in #​25385
• merge main by @​Sameerlite in #​26260
• merge main by @​Sameerlite in #​26305
• merge main by @​Sameerlite in #​26306
• fix: remove duplicate MAX_SIZE_PER_ITEM_IN_MEMORY_CACHE_IN_KB definition by @​Jah-yee in #​26385
• fix(ui): add missing 'zai' (Z.AI / Zhipu AI) provider to Add-Model dropdown by @​MackDing in #​26419
• fix(proxy): set verbose_logger level when LITELLM_LOG=INFO by @​he-yufeng in #​26401
• Sync litellm_staging_03_21_2026 with litellm_internal_staging by @​Chesars in #​26519
• Merge readme logo update into litellm_staging_03_21_2026 by @​Chesars in #​26521
• fix(arize): _set_usage_outputs handles raw OpenAI Pydantic CompletionUsage by @​alvinttang in #​26506
• fix(adapters,vertex): pass output_config through to backends that accept it (closes #​23380, supersedes #​23475/#​23396/#​23706/#​22727) by @​dkindlund in #​26439
• add test(tag-routing): prevent header regex bypass for strict plain t… by @​harish-berri in #​26805
• merge main by @​Sameerlite in #​26984
• merge main by @​Sameerlite in #​26985
• Fix managed file model_mappings when router resolves a single deployment dict (batch models with id == model_name) by @​shivamrawat1 in #​26950
• fix(proxy): route azure container file requests by decoded deployment by @​Sameerlite in #​26402
• feat(xai): add parallel_tool_calls to supported params (#​25106) by @​krrish-berri-2 in #​25270
• Litellm token verification query optimization by @​harish-berri in #​26202
• feat(vertex_ai): Model Garden OpenAPI for publisher model ids by @​Sameerlite in #​26076
• fix(mcp): preserve oauth2 m2m auth for tools routes by @​Sameerlite in #​26871
• Fix /metrics hang when require_auth_for_metrics_endpoint is true and auth succeeds by @​shivamrawat1 in #​25980
• fix(projects): project dropdown empty for internal_user (3 bugs) by @​ishaan-berri in #​26664
• fix: block path traversal SSRF in BitBucket, Arize Phoenix, and AssemblyAI clients by @​ishaan-berri in #​26943
• Litellm staging 03 21 2026 by @​Chesars in #​24340
• refactor: scope /health response to caller's models and tidy display fields by @​krrish-berri-2 in #​26935
• fix(ui): add Your Usage view for admin users on usage page by @​ishaan-berri in #​26746
• fix: scope CLI stored token to base_url to prevent cross-domain credential leakage by @​ishaan-berri in #​26945
• Fix: trigger fallbacks on mid-stream httpx.TimeoutException by @​ryan-crabbe-berri in #​26998
• [Fix] /config/update: targeted per-section writes, drop store_model_in_db gate by @​yuneng-berri in #​26643
• chore(security): close two unaddressed SSRF cases by @​stuxf in #​26996
• chore(guardrails): tighten tool permission checks by @​stuxf in #​26969
• chore(proxy): align resource model auth checks by @​stuxf in #​26963
• fix(health): return 503 when targeted model is unhealthy or DB is disconnected by @​ryan-crabbe-berri in #​27003
• [Fix] Tests: Move Misplaced Import in Lazy OpenAPI Snapshot Test by @​yuneng-berri in #​27010
• chore(vector stores): tighten managed store access by @​stuxf in #​26930
• fix: post call guardrail must be called once by @​mubashir1osmani in #​26109
• chore(proxy): tighten budget spend admission by @​stuxf in #​26845
• [Test] Anthropic: Use jsDelivr CDN For PDF Fixture URL by @​yuneng-berri in #​27000
• chore(callbacks): guard dynamic integration hosts by @​stuxf in #​26921
• refactor(rate-limit): consolidate batch + dynamic limiter check/increment by @​krrish-berri-2 in #​26954
• chore(security): encode upstream URL path identifiers by @​stuxf in #​26860
• chore(mcp): require trusted-proxy gate before honouring X-Forwarded-* on OAuth discovery by @​stuxf in #​26841
• tests(vcr): redis-backed vcrpy cache for offline LLM e2e replay by @​mateo-berri in #​26838
• [Fix] Tests: Align Bedrock count-tokens endpoint assertions with URL-encoded model id by @​yuneng-berri in #​27017
• feat(embedding): default OpenAI-path encoding_format to float by @​Sameerlite in #​26976
• fix(guardrails): post-call guardrail must only fire once by @​ryan-crabbe-berri in #​27012
• fix(vertex_ai): omit system_instruction/tools/toolConfig when cachedContent set by @​Sameerlite in #​26077
• [Fix] Proxy: Skip Personal Budget Hook When Reservation Covers Counter by @​yuneng-berri in #​27021
• fix(ui): remove insecure ?token= URL handler from LoginPage to close session-fixation by @​michelligabriele in #​26924
• fix(proxy): reject user_id=None on non-admin analytics endpoints (cross-tenant disclosure) by @​michelligabriele in #​26929
• Litellm clean litellm oss staging 04 01 2026 by @​Sameerlite in #​25856
• [Infra] Merge dev branch by @​yuneng-berri in #​27024
• [Fix] RBAC: Restore Admin Viewer Read Parity for Logs + Settings Pages by @​yuneng-berri in #​26846
• Fix Redis key generation to be stable across working directories by @​mateo-berri in #​27025
• [Fix] Proxy/Key Management: Honor team_member_permissions /key/list In /key/list Endpoint by @​yuneng-berri in #​27026
• chore(proxy): tighten router-settings-override and mock-testing trust by @​stuxf in #​26968
• fix(batches): count non-chat tokens, validate batch-file model access (VERIA-39) by @​stuxf in #​27015
• fix(proxy): re-validate user_id after /user/info re-parses query by @​stuxf in #​27009
• fix(mcp): run pre_call_tool_check on OpenAPI/local-registry path (VERIA-7) by @​stuxf in #​27016
• Fix runtime policy attachment initialization by @​shivamrawat1 in #​27028
• fix(prometheus): escape api_key for PromQL string literal (VERIA-53) by @​stuxf in #​27013
• [Fix] Isolate dual OTEL handlers by @​Michael-RZ-Berri in #​27018
• fix(proxy): close project hijacking and key org IDOR (VERIA-55) by @​stuxf in #​27011
• fix: honor key access_group_ids when team restricts models by @​ryan-crabbe-berri in #​26275
• chore(auth): require trusted proxy for header identity auth by @​stuxf in #​26825
• chore(sso): bind generic SSO state to a session cookie by @​stuxf in #​26944
• [Fix] Release Workflow: Detect SemVer-Style Pre-Release Dev Tags by @​yuneng-berri in #​26966
• [Infra] Merge dev branch by @​yuneng-berri in #​27032
• [Test] Anthropic: Replace Legacy Claude-4-Sonnet Alias With Haiku 4.5 by @​yuneng-berri in #​27031
• fix(auth): support JWT issuer verification + warn when unscoped by @​stuxf in #​27008
• fix(router): constrain same-name deployment routing by access groups by @​Sameerlite in #​26161
• fix(gemini): follow provider defaults for Gemini 3 thinking by @​Sameerlite in #​25764
• feat(mcp): enforce org-level MCP server and toolset permissions by @​Sameerlite in #​26960
• merge main by @​Sameerlite in #​27036
• fix(guardrails): preserve responses event streams in presidio output masking by @​Sameerlite in #​26878
• chore(staging): roll oss_staging_04_25_2026 into internal staging (output_config fix + 4 upstream sync fixes) by @​mateo-berri in #​26530
• feat(vertex-ai): transform batch prediction outputs to OpenAI format by @​Sameerlite in #​25627
• [Fix] gpt-5.5 reasoning_effort capability flags + add supports_low_reasoning_effort by @​mateo-berri in #​26456
• fix(anthropic,bedrock): omit thinking/output_config when reasoning_effort="none" by @​mateo-berri in #​27039
• fix(vertex-ai): set response=null on batch error entries per OpenAI spec by @​mateo-berri in #​27041
• test(responses): replace legacy claude-4-sonnet-20250514 alias in multiturn tool-call test by @​mateo-berri in #​27077
• [Fix] Remove unwanted metadata info from LangSmith by @​Michael-RZ-Berri in #​26894
• [Fix] Docker: Pin Wolfi And Uv To Multi-Arch Index Digests by @​yuneng-berri in #​27123
• feat(spend-logs): opt-in suppression of stack traces in spend-tracking error logs by @​mateo-berri in #​26899
• feat(proxy): add support for Grafana Cloud Pyroscope authentication by @​harish-berri in #​26902
• chore(deps): refresh dependency locks by @​stuxf in #​27126
• chore(team): require team-management role on /team/{id}/callback endpoints by @​stuxf in #​26819
• chore(providers): guard URL-valued model destinations by @​stuxf in #​26915
• chore(audit): audit-log /cache/settings + /config_overrides/hashicorp_vault mutations by @​stuxf in #​26953
• fix(auth): block missing write routes for proxy admin viewers by @​stuxf in #​27007
• fix(proxy): scope team and agent activity endpoints per-entity (VERIA-43) by @​stuxf in #​27014
• fix(anthropic,bedrock,vertex): forward output_config.effort + 400 on garbage reasoning_effort by @​mateo-berri in #​27074
• fix(files): constrain cloud storage file paths (VERIA-45, VERIA-59) by @​stuxf in #​27019
• fix(proxy): redact MCP server URL and headers for non-admin viewers (VERIA-8) by @​stuxf in #​27027
• [Fix] Treat 0 team_member_budget as no cap by @​Michael-RZ-Berri in #​27133
• feat: routing groups by @​yassin-berriai in #​27022
• [fix] fix metric labels for litellm-side rejects by @​Michael-RZ-Berri in #​26947
• chore(proxy): close callback-config and observability-credential side channels by @​stuxf in #​27081
• fix(vector_store): resolve embedding config at request time, never persist creds by @​stuxf in #​27082
• chore(caching): isolate semantic cache entries by @​stuxf in #​26990
• chore(proxy): guard sensitive public endpoints by @​stuxf in #​26912
• chore(guardrails): cover multimodal + Responses-API content shapes by @​stuxf in #​26957
• chore(proxy): drop client-supplied pricing fields from request bodies by @​stuxf in #​27071
• feat: routing groups ui by @​yassin-berriai in #​27131
• fix(security): sandbox jinja2 in gitlab/arize/bitbucket prompt managers by @​stuxf in #​27043
• [Fix] Tests: Replace deprecated openrouter/claude-3.7-sonnet with claude-sonnet-4.5 by @​yuneng-berri in #​27149
• [Infra] Merge dev branch by @​yuneng-berri in #​27151
• fix(proxy): isolate managed resources for service-account API keys by @​stuxf in #​27004
• chore(proxy): tighten resource ownership checks by @​stuxf in #​26951
• fix(scim): revoke virtual keys when SCIM deprovisions a user by @​mateo-berri in #​26861
• fix(security): prevent secret_fields from leaking into spend logs by @​krrish-berri-2 in #​27143
• feat(proxy): add health_check_reasoning_effort for model health checks by @​Sameerlite in #​27115
• fix(azure): omit model from deployment image gen and image edit bodies by @​Sameerlite in #​27103
• [Fix] CI: Enable VCR replay for test_azure_o_series by @​yuneng-berri in #​27165
• [Fix] Proxy: Break managed-resources import cycle on Python 3.13 by @​yuneng-berri in #​27160
• [Infra] Build UI by @​yuneng-berri in #​27156
• [Perf] CI: Skip Redundant Playwright Apt Install in E2E UI Job by @​yuneng-berri in #​27169
• [Fix] Docker: Remove Hardcoded Prisma Binary Target For Multi-Arch Builds by @​yuneng-berri in #​27170
• [Fix] UI: Clear Admin Session Cookies Before Establishing Invited User's Session by @​yuneng-berri in #​27227
• test: add 24hr Redis-backed VCR cache to additional test suites by @​mateo-berri in #​27159
• [Fix] Team UI: handle legacy dict shape for metadata.guardrails by @​ryan-crabbe-berri in #​27224
• [Infra] Build UI by @​yuneng-berri in #​27240
• [Infra] Bump deps by @​yuneng-berri in #​27157
• refactor(BaseAWSLLM): implement shared IAM cache and static credentia… by @​harish-berri in #​27125
• feat(realtime): OpenAI Realtime GA support and beta compatibility by @​Sameerlite in #​27110
• fix: atomic TPM rate limit by @​yassin-berriai in #​27001
• helm: increase default probe timeouts, disable debug logging by default by @​yassin-berriai in #​27237
• helm: skip proxy startup prisma db push when migrations Job is enabled by @​yassin-berriai in #​27200
• fix(anthropic, mcp): sanitize tool names to match Anthropic's [a-zA-Z0-9_-]{1,128} pattern by @​krrish-berri-2 in #​26788
• feat(audio_transcription): add NVIDIA Riva STT provider by @​Sameerlite in #​27185
• [Test] Tests: Stop parametrizing API keys into pytest test IDs by @​yuneng-berri in #​27249
• fix(hosted_vllm): normalize custom tools for chat completions by @​Sameerlite in #​25763
• ci(circleci): enable Rerun Failed Tests for all pytest jobs by @​mateo-berri in #​27155
• [Fix] Union x-litellm-tags with static team/key tags by @​Michael-RZ-Berri in #​27247
• fix: replace user api key auth with authorization or cookie for mcp server creation by @​dennishenry in #​27190
• Include model name + configured TPM/RPM in priority rate-limit 429 er… by @​ishaan-berri in #​27216
• Fix Prometheus custom metadata label counts (#​27268) by @​ishaan-berri in #​27271
• perf(proxy): run daily activity aggregation off the event loop by @​yassin-berriai in #​27264
• proxy: hot-reload config YAML when --reload is set by @​mateo-berri in #​27274
• fix(proxy): keep spend log cleanup running after batch failures by @​yassin-berriai in #​27303
• Fix team member budget enforcement without user row by @​ishaan-berri in #​27273
• Fix SCIM user lookup filters by @​oss-agent-shin in #​27308
• Fix/member access group team by @​dibyom in #​27317
• Fix early proxy request size enforcement by @​oss-agent-shin in #​27311
• Cap Prometheus end-user metric cardinality by @​ishaan-berri in #​27272
• Add new chat model metadata by @​ishaan-berri in #​27313
• Fix MCP DB reload partial failures by @​ishaan-berri in #​27314
• Fix Anthropic streaming reasoning token usage by @​ishaan-berri in #​27319
• Fix Vertex Anthropic streaming status error hangs by @​ishaan-berri in #​27310
• Add Azure Sentinel audit log support by @​oss-agent-shin in #​27280
• [Chore] CI: Assign test_request_size_limit_middleware To Proxy-Runtime Shard by @​yuneng-berri in #​27341
• [Chore] CI: Block PRs that drop overall code coverage by @​yuneng-berri in #​27340
• Fix Prometheus remaining metric zero values by @​ishaan-berri in #​27348
• Refactor Bedrock response stream shape handling by @​harish-berri in #​27257
• feat(xai): add grok-4.3 and grok-4.3-latest to model_prices_and_conte… by @​ishaan-berri in #​27154
• feat(xai): cherry-pick grok-4.3 model entries onto main (#​27154) by @​mateo-berri in #​27396
• fix(proxy): run model-level post_call guardrails on streaming requests by @​michelligabriele in #​26922
• [Fix] Allow non-admin compliance path reads by @​Michael-RZ-Berri in #​27234
• [Fix] Tests: Reduce VCR cassette bloat and fix multipart caching by @​yuneng-berri in #​27409
• [Feat] Decouple S3 audit-log config via s3_audit_callback_params by @​Michael-RZ-Berri in #​27222
• Fix Bedrock passthrough call ID headers by @​ishaan-berri in #​27412
• fix(chat-completions): decode unified file_id when model_file_id_mapping is unavailable by @​michelligabriele in #​27406
• [litellm-agent] Staging → litellm_internal_staging (5/7/2026) by @​oss-pr-review-agent-shin[bot] in #​27375
• feat(auth): add scope and wildcard support for JWT routing overrides by @​milan-berri in #​26325
• feat(mcp): add OBO MCP Auth by @​ishaan-berri in #​27421
• [Fix] Realtime Tests: Update Deprecated OpenAI Model Pin by @​yuneng-berri in #​27415
• [Infra] Packaging: Relax Core Runtime Pins To Ranges by @​yuneng-berri in #​27241
• fix: remove separate health app by @​yassin-berriai in #​27430
• test(interactions): align openapi compliance with upstream rename outputs->steps by @​yuneng-berri in #​27432
• [Security] Clear AWS Inspector CVE findings on Docker image by @​stuxf in #​27225
• [Infra] Merge dev branch by @​yuneng-berri in #​27433
• [Infra] Bump versions by @​yuneng-berri in #​27431
• chore: merge main into internal_staging to restore lineage by @​yuneng-berri in #​27437
• [Infra] Promote Internal Staging to main by @​yuneng-berri in #​27436
• fix(ui): URL-encode team_id in teamInfoCall to handle special characters by @​SHARP155 in #​27466
• Fix team model test connection authorization by @​oss-agent-shin in #​27487
• Fix: add OpenRouter Qwen 3.6 Plus metadata by @​oss-agent-shin in #​27486
• feat(sso): show full IdP claims in /sso/debug/callback by @​ryan-crabbe-berri in #​27498
• [Feat] Honor OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT by @​Michael-RZ-Berri in #​27403
• fix(proxy): point /metrics 401 at the opt-out flag by @​yuneng-berri in #​27502
• feat: separate db read and write endpoints by @​yassin-berriai in #​27493
• [UI] Rename "Default" key type to "Full Access" and reorder dropdown by @​ryan-crabbe-berri in #​27218
• fix(proxy): flush virtual-key model_max budget spend to Redis after success logging by @​milan-berri in #​27334
• fix(realtime): add /openai/v1/realtime to routes for logging by @​Michael-RZ-Berri in #​27323
• fix(proxy): bound budget reservation per request instead of pinning to headroom by @​yuneng-berri in #​27509
• fix(ui-tests): add Typography to antd mock in create_key_button test by @​yuneng-berri in #​27537
• fix(mcp): forward extra_headers for OpenAPI MCP tools by @​milan-berri in #​27383
• [Feat] Add endpoint for bulk key updates for team by @​Michael-RZ-Berri in #​26468
• feat(guardrails): optional skip tool message in unified guardrail inputs by @​shivamrawat1 in #​27441
• Fix/shared health check polling by @​noahnistler in #​26434
• fix(proxy): resolve provider from deployment for multi-provider defaultconfig (#​27516) by @​Anai-Guo in #​27517
• fix(bedrock/messages): preserve compact_20260112 context_management on /v1/messages by @​Anai-Guo in #​27534
• fix(router): register model info under responses/-stripped variant by @​krisxia0506 in #​27531
• fix(ui): remove blank leading entry from access group model dropdown by @​Bytechoreographer in #​27521
• fix(proxy): coerce non-str x-litellm-* header values to avoid httpx TypeError (#​27458) by @​Anai-Guo in #​27504
• chore: remove legacy deployment artifacts and litellm-js packages by @​yassin-berriai in #​27541
• build(packaging): raise jinja2 floor to 3.1.6 by @​yuneng-berri in #​27552
• Fix proxy auth status code tests by @​ishaan-berri in #​27555
• [Fix] Reset proxy budget when initial reset duration is null then updated by @​Michael-RZ-Berri in #​27488
• feat: add ability to auth to azure with token by @​shivamrawat1 in #​27556
• [Infra] Promote Internal Staging to main by @​ryan-crabbe-berri in #​27559
• [Fix] Reset org and tag budgets by @​Michael-RZ-Berri in #​27326
• Fix: tag budget reset must drop stale management-cache entry by @​oss-agent-shin in #​27568
• fix(ui): omit allowed_routes from key edit save when unchanged by @​ryan-crabbe-berri in #​27553
• [litellm-agent] Staging → litellm_internal_staging (5/6/2026) by @​oss-pr-review-agent-shin[bot] in #​27256
• [litellm-agent] Staging → litellm_internal_staging (5/7/2026) by @​oss-pr-review-agent-shin[bot] in #​27422
• [litellm-agent] Staging → litellm_internal_staging (5/9/2026) by @​oss-pr-review-agent-shin[bot] in #​27549
• chore: remove accidental .evidence folder by @​Sameerlite in #​27633
• merge main by @​Sameerlite in #​27658
• fix(anthropic): inject dummy tool without modify_params by @​Sameerlite in #​27620
• fix(responses): normalize chat tool_choice for completions→responses bridge by @​Sameerlite in #​27634
• Fix internal tag usage scoping by @​ishaan-berri in #​27315
• fix(openai): route reasoningSummary for gpt-5.4+ chat without tools to Responses API by @​Sameerlite in #​27618
• feat(batch-job): bedrock batch model invocation job retrieval by @​dgu1-godaddy in #​26834
• [litellm-agent] Staging → litellm_internal_staging (5/11/2026) by @​oss-pr-review-agent-shin[bot] in #​27677
• ci: add manually-triggered mutation testing workflow by @​ryan-crabbe-berri in #​27576
• Add Bedrock Claude Platform route by @​oss-agent-shin in #​27678
• [Feature] UI - Logs: Add 'Last Minute' to time-range quick select by @​yuneng-berri in #​27446
• fix(ci): unbreak realtime + bedrock batch tests by @​mateo-berri in #​27690
• Litellm shin agent oss staging 05 10 2026 by @​Sameerlite in #​27631
• fix(router): pin Responses API affinity to Azure resource on model-group switch by @​mateo-berri in #​27703
• Add pricing for openai/gpt-realtime-2 by @​superpoussin22 in #​27653
• Match litellm.completion supported model parameters with proxy model info by @​jyeros in #​27720
• feat(ui): add Expires to key Overview header; merge User into one field by @​ryan-crabbe-berri in #​27696
• feat(ui): search teams by team ID alongside name by @​ryan-crabbe-berri in #​27684
• fix(tests): use canonical litellm_enterprise import path by @​ryan-crabbe-berri in #​27699
• fix(tests): swap dall-e to gpt-image-1 after openai deprecation by @​yuneng-berri in #​27787
• fix(proxy): always merge caller-supplied tags into request metadata by @​yuneng-berri in #​27784
• chore: reject bare str at file-input sinks to prevent local-file read by @​krrish-berri-2 in #​27762
• feat(ui): add Vertex AI Search as vector store provider by @​ryan-crabbe-berri in #​27790
• Litellm key rotation bug by @​harish-berri in #​27756
• chore(proxy): close /key/regenerate ownership-rebind + premium-gate bypass by @​stuxf in #​27793
• fix: OpenTelemetry tracing bugs in proxy integration by @​yassin-berriai in #​27757
• fix: enforce tag budgets on x-litellm-tags header requests by @​shivamrawat1 in #​27573
• [Infra] Merge dev branch by @​yuneng-berri in #​27798
• [Infra] Build UI by @​yuneng-berri in #​27805
• [Fix] Replace deprecated dall-e-3 with gpt-image-1 in tests by @​yuneng-berri in #​27813
• [Fix] Lazy feature loading under SERVER_ROOT_PATH returns 404 by @​yuneng-berri in #​27812
• [Infra] Promote internal staging to main by @​yuneng-berri in #​27815
• fix(gemini): normalize response_schema on native generateContent by @​mateo-berri in #​27775
• fix(responses): register cooldowns on failure + fail fast on stale encrypted_content by @​mateo-berri in #​27820
• feat(proxy): skip disable_background_health_check models on GET /health when flag set by @​Sameerlite in #​27716
• fix(bedrock-converse): drop blank-text fallback for empty thinking blocks by @​mateo-berri in #​27850
• fix(mcp): surface upstream 401 for token-forwarding MCP servers by @​Sameerlite in #​27847
• fix(cost): align vertex_ai/gemini-embedding-2-preview with Vertex multimodal pricing by @​Sameerlite in #​27848
• feat(mcp): add delegate_auth_to_upstream flag for PKCE passthrough by @​Sameerlite in #​27834
• fix(responses): preserve cache_control in Responses API -> Chat Completion transformation by @​Sameerlite in #​27727
• fix(proxy): expose db status on public /health/readiness by @​yuneng-berri in #​27866
• docs(budget_manager): add docstring to BudgetManager.reset_cost by @​oss-agent-shin in #​27867
• docs: add class docstring to _LoopWrapper by @​oss-agent-shin in #​27870
• fix: Fix Redis Sentinel client handling to solve authentication error… by @​krrish-berri-2 in #​26302
• Litellm agent oss staging 05 11 2026 by @​Sameerlite in #​27733
• Ishaan - May 13th Staging LiteLLM by [@​ish

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Etc/UTC)

• Branch creation
  • Between 12:00 AM and 06:59 AM, only on Saturday (* 0-6 * * 6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 3 package(s) with unknown licenses.

See the Details below.

License Issues

uv.lock

Package	Version	License	Issue Type
lxml	6.1.1	Null	Unknown License
types-pyyaml	6.0.12.20260518	Null	Unknown License
zensical	0.0.43	Null	Unknown License

Allowed Licenses:

MIT, MIT-0, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MPL-2.0, PSF-2.0, Unlicense, 0BSD, CC0-1.0, CC-BY-3.0, CC-BY-4.0, Python-2.0, Python-2.0.1, LicenseRef-scancode-free-unknown, LicenseRef-scancode-protobuf, LicenseRef-scancode-google-patent-license-golang, ZPL-2.1, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0-only, LGPL-3.0-or-later, BlueOak-1.0.0, OFL-1.1

Excluded from license check:

pkg:pypi/mem0ai@2.0.1, pkg:pypi/numpy@2.4.4, pkg:pypi/qdrant-client@1.17.1, pkg:pypi/posthog@7.9.12, pkg:pypi/aiohttp@3.13.5, pkg:pypi/cyclonedx-python-lib@11.7.0, pkg:pypi/fsspec@2026.3.0, pkg:pypi/griffelib@2.0.2, pkg:pypi/grpcio@1.80.0, pkg:pypi/charset-normalizer@3.4.6, pkg:pypi/wrapt@2.1.2, pkg:pypi/pytest-codspeed@4.5.0, pkg:pypi/hypothesis@6.152.4, pkg:pypi/litellm@1.83.14, pkg:pypi/openai@2.33.0, pkg:pypi/pyngrok@8.1.2, pkg:pypi/tokenizers@0.23.1, pkg:pypi/typer@0.25.0, pkg:npm/@img/sharp-wasm32@0.33.5, pkg:npm/@img/sharp-win32-ia32@0.33.5, pkg:npm/@img/sharp-win32-x64@0.33.5, pkg:npm/json-schema-typed@8.0.2, pkg:npm/victory-vendor@37.3.6, pkg:pypi/scikit-learn@1.8.0, pkg:pypi/torch@2.11.0, pkg:pypi/cuda-bindings@13.2.0, pkg:pypi/cuda-pathfinder@1.5.0, pkg:pypi/cuda-toolkit@13.0.2, pkg:pypi/nvidia-cublas@13.1.0.3, pkg:pypi/nvidia-cuda-cupti@13.0.85, pkg:pypi/nvidia-cuda-nvrtc@13.0.88, pkg:pypi/nvidia-cuda-runtime@13.0.96, pkg:pypi/nvidia-cudnn-cu13@9.19.0.56, pkg:pypi/nvidia-cufft@12.0.0.61, pkg:pypi/nvidia-cufile@1.15.1.6, pkg:pypi/nvidia-curand@10.4.0.35, pkg:pypi/nvidia-cusolver@12.0.4.66, pkg:pypi/nvidia-cusparse@12.6.3.3, pkg:pypi/nvidia-cusparselt-cu13@0.8.0, pkg:pypi/nvidia-nccl-cu13@2.28.9, pkg:pypi/nvidia-nvjitlink@13.0.88, pkg:pypi/nvidia-nvshmem-cu13@3.4.5, pkg:pypi/nvidia-nvtx@13.0.85

OpenSSF Scorecard

Package	Version	Score	Details
pip/hypothesis	6.152.9	Unknown	Unknown
pip/litellm	1.85.0	Unknown	Unknown
pip/lxml	6.1.1	Unknown	Unknown
pip/types-pyyaml	6.0.12.20260518	Unknown	Unknown
pip/zensical	0.0.43	Unknown	Unknown

Scanned Files

• uv.lock

[codspeed-hq]

Merging this PR will not alter performance

✅ 33 untouched benchmarks
⏩ 21 skipped benchmarks¹

---

_{Comparing renovate/python (dc15977) with main (29b64e3)}

Footnotes

1. 21 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.09%. Comparing base (29b64e3) to head (dc15977).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2015      +/-   ##
==========================================
- Coverage   85.09%   85.09%   -0.01%     
==========================================
  Files        1913     1913              
  Lines      113388   113388              
  Branches     9673     9673              
==========================================
- Hits        96487    96483       -4     
- Misses      14532    14535       +3     
- Partials     2369     2370       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Aureliolo]

Decision: Patch/stub-only Python dependency bump (5 packages); CI fully green (unit/integration/e2e/conformance + Doc Drift Gate + Build/Deploy Preview all SUCCESS); no breaking changes affecting us; lands an lxml security patch.

Changelog digest:

• Covered: hypothesis 6.152.7->6.152.9, litellm 1.84.0->1.85.0, lxml 6.1.0->6.1.1, types-pyyaml 6.0.12.20260510->6.0.12.20260518, zensical 0.0.42->0.0.43.
• Relevant (security): lxml 6.1.1 adds the missing xlink:href to lxml.html.defs.link_attrs (URL-bypass in embedded SVG/MathML) and ships wheels with libxslt patched for CVE-2025-7424 + CVE-2025-11731; lxml backs HTMLParseGuard (SEC-1 prompt safety).
• Relevant (behaviour, no action): litellm 1.85.0 adds streaming fallback on mid-stream httpx.TimeoutException, reasoning_effort handling fixes, and Anthropic tool-name sanitization; the library completion/acompletion API is unchanged and the proxy-side SSRF/auth hardening does not apply (we consume litellm as a library, not the proxy). hypothesis 6.152.9 smooths integer distribution (better bug-finding, not a regression); existing property tests pass on CI. zensical 0.0.43 is link-validation + BOM-strip bug fixes only; docs build verified by green Build Preview + Deploy Preview + Doc Drift Gate on the PR head (local rebuild strictly less evidence).
• Reviewed but not relevant: hypothesis 6.152.8 drops Django 4.2 (we don't use Django); types-pyyaml is a type-stub date bump.

Follow-ups: none.