--- snapshot-1780472081+++ snapshot-1780558486@@ -2,11 +2,19 @@ 
 Release notes from litellm
 
-2026-06-03T00:31:21Z tag:github.com,2008:Repository/671269505/v1.86.3 2026-06-03T01:40:43Z
+2026-06-04T03:44:41Z tag:github.com,2008:Repository/671269505/v1.84.5 2026-06-04T04:11:46Z
+
+v1.84.5
+
+<h2>Verify Docker Image Signature</h2> <p>All LiteLLM Docker images are signed with <a href="https://docs.sigstore.dev/cosign/overview/" rel="nofollow">cosign</a>. Every release is signed with the same key introduced in <a href="https://github.com/BerriAI/litellm/commit/0112e53046018d726492c814b3644b7d376029d0">commit <code>0112e53</code></a>.</p> <p><strong>Verify using the pinned commit hash (recommended):</strong></p> <p>A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.84.5"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.84.5</pre></div> <p><strong>Verify using the release tag (convenience):</strong></p> <p>Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.84.5/cosign.pub \ ghcr.io/berriai/litellm:v1.84.5"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.84.5/cosign.pub \ ghcr.io/berriai/litellm:v1.84.5</pre></div> <p>Expected output:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key"><pre class="notranslate"><code>The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key </code></pre></div> <hr> <h2>What's Changed</h2> <ul> <li>chore(release): backport six staged fixes into stable/1.84.x and cut 1.84.5 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mateo-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/mateo-berri">@mateo-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4584266965" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/29628" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/29628/hovercard" href="https://github.com/BerriAI/litellm/pull/29628">#29628</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/BerriAI/litellm/compare/v1.84.4...v1.84.5"><tt>v1.84.4...v1.84.5</tt></a></p> github-actions[bot] tag:github.com,2008:Repository/671269505/v1.86.3 2026-06-03T01:40:43Z
 
 v1.86.3
 
-<h2>Verify Docker Image Signature</h2> <p>All LiteLLM Docker images are signed with <a href="https://docs.sigstore.dev/cosign/overview/" rel="nofollow">cosign</a>. Every release is signed with the same key introduced in <a href="https://github.com/BerriAI/litellm/commit/0112e53046018d726492c814b3644b7d376029d0">commit <code>0112e53</code></a>.</p> <p><strong>Verify using the pinned commit hash (recommended):</strong></p> <p>A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.86.3"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.86.3</pre></div> <p><strong>Verify using the release tag (convenience):</strong></p> <p>Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.3/cosign.pub \ ghcr.io/berriai/litellm:v1.86.3"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.3/cosign.pub \ ghcr.io/berriai/litellm:v1.86.3</pre></div> <p>Expected output:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key"><pre class="notranslate"><code>The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key </code></pre></div> <hr> <h2>What's Changed</h2> <ul> <li>chore(release): backport pending 1.84.x/1.85.x fixes into stable/1.86.x and cut 1.86.3 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuneng-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yuneng-berri">@yuneng-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4575761781" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/29541" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/29541/hovercard" href="https://github.com/BerriAI/litellm/pull/29541">#29541</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/BerriAI/litellm/compare/v1.86.2...v1.86.3"><tt>v1.86.2...v1.86.3</tt></a></p> github-actions[bot] tag:github.com,2008:Repository/671269505/v1.85.3 2026-06-02T02:30:54Z
+<h2>Verify Docker Image Signature</h2> <p>All LiteLLM Docker images are signed with <a href="https://docs.sigstore.dev/cosign/overview/" rel="nofollow">cosign</a>. Every release is signed with the same key introduced in <a href="https://github.com/BerriAI/litellm/commit/0112e53046018d726492c814b3644b7d376029d0">commit <code>0112e53</code></a>.</p> <p><strong>Verify using the pinned commit hash (recommended):</strong></p> <p>A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.86.3"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.86.3</pre></div> <p><strong>Verify using the release tag (convenience):</strong></p> <p>Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.3/cosign.pub \ ghcr.io/berriai/litellm:v1.86.3"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.3/cosign.pub \ ghcr.io/berriai/litellm:v1.86.3</pre></div> <p>Expected output:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key"><pre class="notranslate"><code>The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key </code></pre></div> <hr> <h2>What's Changed</h2> <ul> <li>chore(release): backport pending 1.84.x/1.85.x fixes into stable/1.86.x and cut 1.86.3 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuneng-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yuneng-berri">@yuneng-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4575761781" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/29541" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/29541/hovercard" href="https://github.com/BerriAI/litellm/pull/29541">#29541</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/BerriAI/litellm/compare/v1.86.2...v1.86.3"><tt>v1.86.2...v1.86.3</tt></a></p> github-actions[bot] tag:github.com,2008:Repository/671269505/v1.85.4 2026-06-04T05:16:40Z
+
+v1.85.4
+
+<h2>Verify Docker Image Signature</h2> <p>All LiteLLM Docker images are signed with <a href="https://docs.sigstore.dev/cosign/overview/" rel="nofollow">cosign</a>. Every release is signed with the same key introduced in <a href="https://github.com/BerriAI/litellm/commit/0112e53046018d726492c814b3644b7d376029d0">commit <code>0112e53</code></a>.</p> <p><strong>Verify using the pinned commit hash (recommended):</strong></p> <p>A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.85.4"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.85.4</pre></div> <p><strong>Verify using the release tag (convenience):</strong></p> <p>Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.85.4/cosign.pub \ ghcr.io/berriai/litellm:v1.85.4"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.85.4/cosign.pub \ ghcr.io/berriai/litellm:v1.85.4</pre></div> <p>Expected output:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key"><pre class="notranslate"><code>The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key </code></pre></div> <hr> <h2>What's Changed</h2> <ul> <li>chore(release): backport six staged fixes into stable/1.85.x and cut 1.85.4 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mateo-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/mateo-berri">@mateo-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4584267520" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/29629" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/29629/hovercard" href="https://github.com/BerriAI/litellm/pull/29629">#29629</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/BerriAI/litellm/compare/v1.85.3...v1.85.4"><tt>v1.85.3...v1.85.4</tt></a></p> github-actions[bot] tag:github.com,2008:Repository/671269505/v1.85.3 2026-06-02T02:30:54Z
 
 v1.85.3
 
@@ -34,12 +42,4 @@ 
 v1.86.2
 
-<h2>Verify Docker Image Signature</h2> <p>All LiteLLM Docker images are signed with <a href="https://docs.sigstore.dev/cosign/overview/" rel="nofollow">cosign</a>. Every release is signed with the same key introduced in <a href="https://github.com/BerriAI/litellm/commit/0112e53046018d726492c814b3644b7d376029d0">commit <code>0112e53</code></a>.</p> <p><strong>Verify using the pinned commit hash (recommended):</strong></p> <p>A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.86.2"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.86.2</pre></div> <p><strong>Verify using the release tag (convenience):</strong></p> <p>Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.2/cosign.pub \ ghcr.io/berriai/litellm:v1.86.2"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.2/cosign.pub \ ghcr.io/berriai/litellm:v1.86.2</pre></div> <p>Expected output:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key"><pre class="notranslate"><code>The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key </code></pre></div> <hr> <h2>What's Changed</h2> <ul> <li>chore(proxy): cherry-pick <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4499641053" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28547" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28547/hovercard" href="https://github.com/BerriAI/litellm/pull/28547">#28547</a> onto patch/v1.86.1 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuneng-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yuneng-berri">@yuneng-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4529993782" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28969" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28969/hovercard" href="https://github.com/BerriAI/litellm/pull/28969">#28969</a></li> <li>chore: uv lock for 1.86.2 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuneng-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yuneng-berri">@yuneng-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4530414104" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28972" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28972/hovercard" href="https://github.com/BerriAI/litellm/pull/28972">#28972</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/BerriAI/litellm/compare/v1.86.1...v1.86.2"><tt>v1.86.1...v1.86.2</tt></a></p> github-actions[bot] tag:github.com,2008:Repository/671269505/v1.85.2 2026-05-27T08:20:26Z
-
-v1.85.2
-
-<h2>Verify Docker Image Signature</h2> <p>All LiteLLM Docker images are signed with <a href="https://docs.sigstore.dev/cosign/overview/" rel="nofollow">cosign</a>. Every release is signed with the same key introduced in <a href="https://github.com/BerriAI/litellm/commit/0112e53046018d726492c814b3644b7d376029d0">commit <code>0112e53</code></a>.</p> <p><strong>Verify using the pinned commit hash (recommended):</strong></p> <p>A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.85.2"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.85.2</pre></div> <p><strong>Verify using the release tag (convenience):</strong></p> <p>Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.85.2/cosign.pub \ ghcr.io/berriai/litellm:v1.85.2"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.85.2/cosign.pub \ ghcr.io/berriai/litellm:v1.85.2</pre></div> <p>Expected output:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key"><pre class="notranslate"><code>The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key </code></pre></div> <hr> <h2>What's Changed</h2> <ul> <li>chore(proxy): cherry-pick <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4499641053" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28547" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28547/hovercard" href="https://github.com/BerriAI/litellm/pull/28547">#28547</a> onto patch/v1.85.1 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuneng-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yuneng-berri">@yuneng-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4529989148" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28968" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28968/hovercard" href="https://github.com/BerriAI/litellm/pull/28968">#28968</a></li> <li>fix(docker): cherry-pick <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4498655370" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28519" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28519/hovercard" href="https://github.com/BerriAI/litellm/pull/28519">#28519</a> (restore npm to non_root builder) onto patch/v1.85.1 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuneng-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yuneng-berri">@yuneng-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4530578322" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28974" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28974/hovercard" href="https://github.com/BerriAI/litellm/pull/28974">#28974</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/BerriAI/litellm/compare/v1.85.1...v1.85.2"><tt>v1.85.1...v1.85.2</tt></a></p> github-actions[bot] tag:github.com,2008:Repository/671269505/v1.84.3 2026-05-27T17:44:32Z
-
-v1.84.3
-
-<h2>Verify Docker Image Signature</h2> <p>All LiteLLM Docker images are signed with <a href="https://docs.sigstore.dev/cosign/overview/" rel="nofollow">cosign</a>. Every release is signed with the same key introduced in <a href="https://github.com/BerriAI/litellm/commit/0112e53046018d726492c814b3644b7d376029d0">commit <code>0112e53</code></a>.</p> <p><strong>Verify using the pinned commit hash (recommended):</strong></p> <p>A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.84.3"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.84.3</pre></div> <p><strong>Verify using the release tag (convenience):</strong></p> <p>Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.84.3/cosign.pub \ ghcr.io/berriai/litellm:v1.84.3"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.84.3/cosign.pub \ ghcr.io/berriai/litellm:v1.84.3</pre></div> <p>Expected output:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key"><pre class="notranslate"><code>The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key </code></pre></div> <hr> <h2>What's Changed</h2> <ul> <li>chore(proxy): cherry-pick <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4499641053" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28547" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28547/hovercard" href="https://github.com/BerriAI/litellm/pull/28547">#28547</a> onto patch/v1.84.1 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuneng-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yuneng-berri">@yuneng-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4529980342" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28967" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28967/hovercard" href="https://github.com/BerriAI/litellm/pull/28967">#28967</a></li> <li>fix(docker): cherry-pick <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4498655370" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28519" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28519/hovercard" href="https://github.com/BerriAI/litellm/pull/28519">#28519</a> (restore npm to non_root builder) onto patch/v1.84.1 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuneng-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yuneng-berri">@yuneng-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4530574881" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28973" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28973/hovercard" href="https://github.com/BerriAI/litellm/pull/28973">#28973</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/BerriAI/litellm/compare/v1.84.1...v1.84.3"><tt>v1.84.1...v1.84.3</tt></a></p> github-actions[bot]+<h2>Verify Docker Image Signature</h2> <p>All LiteLLM Docker images are signed with <a href="https://docs.sigstore.dev/cosign/overview/" rel="nofollow">cosign</a>. Every release is signed with the same key introduced in <a href="https://github.com/BerriAI/litellm/commit/0112e53046018d726492c814b3644b7d376029d0">commit <code>0112e53</code></a>.</p> <p><strong>Verify using the pinned commit hash (recommended):</strong></p> <p>A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.86.2"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.86.2</pre></div> <p><strong>Verify using the release tag (convenience):</strong></p> <p>Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.2/cosign.pub \ ghcr.io/berriai/litellm:v1.86.2"><pre>cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.2/cosign.pub \ ghcr.io/berriai/litellm:v1.86.2</pre></div> <p>Expected output:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key"><pre class="notranslate"><code>The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key </code></pre></div> <hr> <h2>What's Changed</h2> <ul> <li>chore(proxy): cherry-pick <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4499641053" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28547" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28547/hovercard" href="https://github.com/BerriAI/litellm/pull/28547">#28547</a> onto patch/v1.86.1 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuneng-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yuneng-berri">@yuneng-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4529993782" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28969" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28969/hovercard" href="https://github.com/BerriAI/litellm/pull/28969">#28969</a></li> <li>chore: uv lock for 1.86.2 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuneng-berri/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yuneng-berri">@yuneng-berri</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4530414104" data-permission-text="Title is private" data-url="https://github.com/BerriAI/litellm/issues/28972" data-hovercard-type="pull_request" data-hovercard-url="/BerriAI/litellm/pull/28972/hovercard" href="https://github.com/BerriAI/litellm/pull/28972">#28972</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/BerriAI/litellm/compare/v1.86.1...v1.86.2"><tt>v1.86.1...v1.86.2</tt></a></p> github-actions[bot]