fix: update vulnerable dependencies

[seonghobae]

Summary

• Updates vulnerable Python dependency constraints for LiteLLM proxy, requests, pytest, and resolved transitive packages.
• Adds lower-bound uv overrides to prevent LiteLLM proxy exact pins from downgrading security-sensitive transitive dependencies such as FastAPI, OpenAI, Starlette, Uvicorn, and python-multipart.
• Preserves newer transitive floors for Hugging Face Hub, importlib-metadata, Polars, and PyJWT; uses polars[rtcompat] so Polars imports on CPUs without AVX features.
• Refreshes uv.lock with patched versions verified by audit, smoke imports, tests, and security scan.

Verification

• uv lock --check
• uv sync --locked --all-extras --dev
• uv run python -c "import litellm, requests, pytest, multipart, fastapi, openai, starlette, uvicorn, polars, jwt, importlib_metadata; print('dependency smoke ok')"
• uv run --with pip-audit pip-audit --progress-spinner off (No known vulnerabilities found)
• uv run pytest (110 passed)
• uv run bandit -r strix/ -c pyproject.toml (No issues identified)
• git diff --check
• PYTHONPATH="${OPENCODE_HOME:-$HOME/.config/opencode}" python3 -m scripts.lint_by_filetype --json

Review

• Local subagent review: PASS, no blocking findings.
• Greptile feedback addressed where satisfiable; typer>=0.24.1 conflicts with LiteLLM 1.83.14's click==8.1.8 pin, while pip-audit reports no known vulnerability for the resolved Typer version.

Fork review surface

• Fork review PR: fix: update vulnerable dependencies Seongho-Bae/strix#3
• Review/check permissions are available on the fork; upstream PR fix: update vulnerable dependencies #479 remains the deliverable back to usestrix/strix.
• Do not merge the fork PR for release purposes.

[greptile-apps]

Greptile Summary

This PR updates vulnerable Python dependencies for the strix project by bumping litellm[proxy] to >=1.83.14,<1.84.0, requests to >=2.33.0, and pytest to >=9.0.3, while also adding explicit lower-bound version constraints to fastapi and uvicorn in the sandbox extras. It introduces a new [tool.uv] override-dependencies block to prevent litellm's transitive resolution from downgrading security-sensitive packages such as python-multipart, starlette, openai, fastapi, uvicorn, and pyjwt[crypto].

• python-multipart is upgraded from 0.0.22 to 0.0.27 (patching known content-type parsing vulnerabilities), and requests moves from 2.32.5 to 2.33.1; both are driven by confirmed CVEs.
• The polars[rtcompat]>=1.39.3 override is intentional to support CPUs without AVX2 features; typer (0.24.1 → 0.23.1) and click (8.3.1 → 8.1.8) are transitive downgrades caused by litellm 1.83.14's exact click==8.1.8 pin — the PR acknowledges this trade-off and pip-audit reports no known CVEs for the resolved versions.

Confidence Score: 5/5

Safe to merge — all changes are dependency version bumps and override floors with no logic changes; verified by passing tests and a clean pip-audit run.

The diff is entirely dependency metadata: version constraints in pyproject.toml and a refreshed lock file. The security-motivated upgrades (python-multipart, requests, litellm, starlette) are confirmed by pip-audit. The only regressions are the click/typer transitive downgrades forced by litellm's exact click pin, which the author has explicitly acknowledged and verified carry no known CVEs. The uv override-dependencies block uses lower-bound-only constraints, avoiding the future maintenance trap that earlier review feedback flagged.

No files require special attention.

Important Files Changed

Filename	Overview
pyproject.toml	Dependency bounds updated for security; new [tool.uv] override-dependencies block adds lower-bound floors for transitive packages; no upper-bound traps introduced in overrides
uv.lock	Lock refreshed; key security upgrades confirmed (python-multipart 0.0.22→0.0.27, requests 2.32.5→2.33.1, litellm 1.81.16→1.83.14); click/typer transitive downgrades are acknowledged litellm pin side-effects with no known CVEs

_{Reviews (3): Last reviewed commit: "fix: enforce sandbox dependency floors" | Re-trigger Greptile}

[seonghobae]

@greptile-apps review

[seonghobae]

@greptile-apps review

[seonghobae]

Fork review evidence is now available at Seongho-Bae#3.

Current fork review state:

• CodeQL / Analyze (python): passed on latest head d53dfab.
• CodeRabbit: passed; its actionable metadata-floor finding was fixed in d53dfab by adding fastapi>=0.135.1 and uvicorn>=0.42.0 to the published sandbox extra metadata.
• Greptile: reviewed the fork PR; the remaining click>=8.3 suggestion was rebutted with resolver evidence because litellm==1.83.14 exactly pins click==8.1.8, making that override unsatisfiable.

Upstream PR #479 remains the deliverable; the fork PR is only the review surface where we have review/check permissions.