security: exclude compromised litellm versions 1.82.7 and 1.82.8 by michalcichon · Pull Request #794 · SWE-agent/mini-swe-agent (original) (raw)

⚠️ Priority: Critical / Security

This PR must be merged and synced immediately to prevent environment compromise.

Summary

This update modifies our dependency constraints to explicitly block litellm versions 1.82.7 and 1.82.8. These specific releases were identified in a supply-chain attack earlier today (March 24, 2026) involving a malicious .pth file injection.

The Issue

The compromised versions contain a "poisoned" initialization script that executes automatically upon installation. This script is designed to:

• Exfiltrate environment variables (specifically seeking OPENAI_API_KEY, AWS_SECRET_ACCESS_KEY, etc.).
• Attempt to establish a persistent backdoor in the user's local configuration directory.
• Potentially trigger a fork-bomb/denial-of-service on local development machines.

Changes

In pyproject.toml (or your relevant dependency file), the litellm requirement has been updated:

• Old: "litellm >= 1.75.5"
• New: "litellm >= 1.75.5, != 1.82.7, != 1.82.8"

This ensures we maintain support for GPT-5 (introduced in v1.75.5) while forcing the package manager to resolve to a known-safe version (likely 1.82.6 or a subsequent patch).

🛠 Action Required for Developers

If you have run an install or update command today, please follow these steps:

1. Clear your package cache:
   • uv users: uv cache clean
   • pip users: pip cache purge
2. Verify your local environment: Check for the existence of unexpected hidden files in ~/.config/ or your project root.
3. Rotate Credentials: If you suspect you were running the compromised version while your API keys were loaded in memory, rotate your keys immediately.
4. Sync: Run uv sync or your preferred install command after merging this PR to ensure your lockfile is updated.