chore(deps): bump the dependencies group with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates:

Package	From	To
anthropic	0.77.0	0.79.0
fastmcp	2.14.4	2.14.5
openai	2.16.0	2.17.0
pip	26.0	26.0.1
ty	0.0.14	0.0.15
ruff	0.14.14	0.15.0
litellm	1.81.6	1.81.9

Updates anthropic from 0.77.0 to 0.79.0

Release notes

Sourced from anthropic's releases.

v0.79.0

0.79.0 (2026-02-07)

Full Changelog: v0.78.0...v0.79.0

Features

• api: enabling fast-mode in claude-opus-4-6 (5953ba7)

Bug Fixes

• pass speed parameter through in sync beta count_tokens (1dd6119)

v0.78.0

0.78.0 (2026-02-05)

Full Changelog: v0.77.1...v0.78.0

Features

• api: Release Claude Opus 4.6, adaptive thinking, and other features (3ef1529)

v0.77.1

0.77.1 (2026-02-03)

Full Changelog: v0.77.0...v0.77.1

Bug Fixes

• structured outputs: send structured output beta header when format is omitted (#1158) (258494e)

Chores

• remove claude-code-review workflow (#1338) (aec4512)

Changelog

Sourced from anthropic's changelog.

0.79.0 (2026-02-07)

Full Changelog: v0.78.0...v0.79.0

Features

• api: enabling fast-mode in claude-opus-4-6 (5953ba7)

Bug Fixes

• pass speed parameter through in sync beta count_tokens (1dd6119)

0.78.0 (2026-02-05)

Full Changelog: v0.77.1...v0.78.0

Features

• api: Release Claude Opus 4.6, adaptive thinking, and other features (3ef1529)

0.77.1 (2026-02-03)

Full Changelog: v0.77.0...v0.77.1

Bug Fixes

• structured outputs: send structured output beta header when format is omitted (#1158) (258494e)

Chores

• remove claude-code-review workflow (#1338) (aec4512)

Commits

• cd1b39b release: 0.79.0
• fb52a6a fix: pass speed parameter through in sync beta count_tokens
• b7c2df2 feat(api): enabling fast-mode in claude-opus-4-6
• 7c42e4b Update CHANGELOG.md (#1163)
• f2b61ed release: 0.78.0
• a4a29ca feat(api): manual updates
• 3955600 release: 0.77.1
• eca8ddf fix(structured outputs): send structured output beta header when format is om...
• ee44c52 chore: remove claude-code-review workflow (#1338)
• See full diff in compare view

Updates fastmcp from 2.14.4 to 2.14.5

Release notes

Sourced from fastmcp's releases.

v2.14.5: Sealed Docket

Fixes a memory leak in the memory:// docket broker where cancelled tasks accumulated instead of being cleaned up. Bumps pydocket to ≥0.17.2.

What's Changed

Enhancements 🔧

• Bump pydocket to 0.17.2 (memory leak fix) by @​chrisguidry in jlowin/fastmcp#2992

Docs 📚

• Add release notes for v2.14.4 and v2.14.5 by @​jlowin in jlowin/fastmcp#3063

Full Changelog: PrefectHQ/fastmcp@v2.14.4...v2.14.5

Changelog

Sourced from fastmcp's changelog.

---

title: "Changelog" icon: "list-check" rss: true

v3.0.0b1: This Beta Work

FastMCP 3.0 rebuilds the framework around three primitives: components, providers, and transforms. Providers source components dynamically—from decorators, filesystems, OpenAPI specs, remote servers, or anywhere else. Transforms modify components as they flow to clients—renaming, namespacing, filtering, securing. The features that required specialized subsystems in v2 now compose naturally from these building blocks.

🔌 Provider Architecture unifies how components are sourced. FileSystemProvider discovers decorated functions from directories with optional hot-reload. SkillsProvider exposes agent skill files as MCP resources. OpenAPIProvider and ProxyProvider get cleaner integrations. Providers are composable—share one across servers, or attach many to one server.

🔄 Transforms add middleware for components. Namespace mounted servers, rename verbose tools, filter by version, control visibility—all without touching source code. ResourcesAsTools and PromptsAsTools expose non-tool components to tool-only clients.

📋 Component Versioning lets you register @tool(version="2.0") alongside older versions. Clients see the highest version by default but can request specific versions. VersionFilter serves different API versions from one codebase.

💾 Session-Scoped State persists across requests. await ctx.set_state() and await ctx.get_state() now survive the full session. Per-session visibility via ctx.enable_components() lets servers adapt dynamically to each client.

⚡ DX Improvements include --reload for auto-restart during development, automatic threadpool dispatch for sync functions, tool timeouts, pagination for large component lists, and OpenTelemetry tracing.

🔐 Component Authorization via @tool(auth=require_scopes("admin")) and AuthMiddleware for server-wide policies.

Breaking changes are minimal: for most servers, updating the import statement is all you need. See the migration guide for details.

What's Changed

New Features 🎉

• Refactor resource behavior and add meta support by @​jlowin in #2611
• Refactor prompt behavior and add meta support by @​jlowin in #2610
• feat: Provider abstraction for dynamic MCP components by @​jlowin in #2622
• Unify component storage in LocalProvider by @​jlowin in #2680
• Introduce ResourceResult as canonical resource return type by @​jlowin in #2734
• Introduce Message and PromptResult as canonical prompt types by @​jlowin in #2738
• Add --reload flag for auto-restart on file changes by @​jlowin in #2816
• Add FileSystemProvider for filesystem-based component discovery by @​jlowin in #2823
• Add standalone decorators and eliminate fastmcp.fs module by @​jlowin in #2832
• Add authorization checks to components and servers by @​jlowin in #2855
• Decorators return functions instead of component objects by @​jlowin in #2856
• Add transform system for modifying components in provider chains by @​jlowin in #2836
• Add OpenTelemetry tracing support by @​chrisguidry in #2869
• Add component versioning and VersionFilter transform by @​jlowin in #2894
• Add version discovery and calling a certain version for components by @​jlowin in #2897
• Refactor visibility to mark-based enabled system by @​jlowin in #2912
• Add session-specific visibility control via Context by @​jlowin in #2917
• Add Skills Provider for exposing agent skills as MCP resources by @​jlowin in #2944

Enhancements 🔧

• Convert mounted servers to MountedProvider by @​jlowin in #2635
• Simplify .key as computed property by @​jlowin in #2648
• Refactor MountedProvider into FastMCPProvider + TransformingProvider by @​jlowin in #2653

... (truncated)

Commits

• 21221b4 Add release notes for v2.14.4 and v2.14.5 (#3063)
• 7d32409 Merge pull request #2992 from jlowin/pydocket-github-validation
• 65d6f06 Bump pydocket to >=0.17.2
• 5f68078 Bump pydocket to >=0.17.2b3
• 0afa029 Make read_resource test flexible for MCP version differences
• 7ad97d9 Update test snapshot for MCP 1.26.0 serialization change
• cd0274c Bump pydocket to >=0.17.2b2
• f1a89eb Bump pydocket to >=0.17.2b1
• c9ed36e Point to fix-cancellation-handling branch
• 8cec853 Point to fix-redis-connection-guards branch
• Additional commits viewable in compare view

Updates openai from 2.16.0 to 2.17.0

Release notes

Sourced from openai's releases.

v2.17.0

2.17.0 (2026-02-05)

Full Changelog: v2.16.0...v2.17.0

Features

• api: add shell_call_output status field (1bbaf88)
• api: image generation actions for responses; ResponseFunctionCallArgumentsDoneEvent.name (7d96513)
• client: add custom JSON encoder for extended type support (9f43c8b)

Bug Fixes

• client: undo change to web search Find action (8f14eb0)
• client: update type for find_in_page action (ec54dde)

Changelog

Sourced from openai's changelog.

2.17.0 (2026-02-05)

Full Changelog: v2.16.0...v2.17.0

Features

• api: add shell_call_output status field (1bbaf88)
• api: image generation actions for responses; ResponseFunctionCallArgumentsDoneEvent.name (7d96513)
• client: add custom JSON encoder for extended type support (9f43c8b)

Bug Fixes

• client: undo change to web search Find action (8f14eb0)
• client: update type for find_in_page action (ec54dde)

Commits

• e888873 release: 2.17.0
• b982088 fix(client): undo change to web search Find action
• b95c09d codegen metadata
• 31b4218 codegen metadata
• a1fb97b fix(client): update type for find_in_page action
• 42cb178 feat(api): image generation actions for responses; ResponseFunctionCallArgume...
• db4d871 feat(client): add custom JSON encoder for extended type support
• 2360dfa codegen metadata
• 7da396e codegen metadata
• 27feb0a feat(api): add shell_call_output status field
• See full diff in compare view

Updates pip from 26.0 to 26.0.1

Changelog

Sourced from pip's changelog.

26.0.1 (2026-02-04)

Bug Fixes

• Fix --pre not being respected from the command line when a requirement file includes an option e.g. -extra-index-url. ([#13788](https://github.com/pypa/pip/issues/13788) <https://github.com/pypa/pip/issues/13788>_)

Commits

• 5fe4ea4 Bump for release
• bea3cbe windows fix tests
• ed22252 News Entry
• af13274 Match release control behavior to the same as format control behavior
• See full diff in compare view

Updates ty from 0.0.14 to 0.0.15

Release notes

Sourced from ty's releases.

0.0.15

Release Notes

Released on 2026-02-04.

Bug fixes

• Add support for resolving imports of packages installed into Debian/Ubuntu dist-packages directories (#22466)
• Avoid not-iterable false positives when iterating over an instance of an intersection type with only negated elements (#22089)
• Fix support for stringized annotations in very large files (#22913)
• Don't emit Liskov diagnostics for methods with mangled names (#23062)
• Enforce that a Final symbol cannot be reassigned even after a conditional binding (#22986)
• Fix TypedDict construction from existing TypedDict values (#22904)
• Fix Self resolution for classes nested within methods (#22964)
• Fix bidirectional inference with PEP 695 union type aliases (#22988)
• Fix edge-case bugs when narrowing tagged unions in match statements (#22870)
• Fix false-positive diagnostics when iterating over an instance of an intersection that includes a TypeVar of which the upper bound is a union where the union includes a non-iterable type (#22117)
• Fix lookup of __contains__ to respect descriptors (#23056)
• Fix narrowing of nonlocal variables with conditional assignments (#22966)
• Fix several bugs that could affect NewTypes of NewTypes of float (#22997)
• Fix several type narrowing bugs involving PEP-695 type aliases (#22894)
• Fix spurious query cycles in decorated functions with parameter defaults, for improved performance and improved determinism (#23014)
• Fix unary and comparison operators for TypeVars with union bounds (#22925)
• Understand functions as method descriptors even if they are decorated with a decorator annotated as returning a PEP-695 alias to a Callable type (#22902)
• dataclass_transform: Fix visibility of field specifiers when models are nested inside methods (#23069)

LSP server

• Fix hover showing Unknown for bare Final instance attributes (#23003)
• Improve support for goto-type, goto-declaration, hover, and highlighting of string annotations (#22878)
• Include setters and deleters when renaming properties (#22999)
• Show type qualifiers like Final in on-hover hints (#23005)

Configuration

• Add new unused-type-ignore-comment rule (#22790)
• Add a mechanism to ignore/warn/select all rules (#22832)
• Support multiple workspace folders in a single ty LSP server instance (#22953)
• Only add ./src as a search path if ./src/__init__.py(i) does not exist (#22851)

Type checking

• Add a diagnostic detecting if a variable is declared as Final but never has any bindings (#23001)
• Add a diagnostic detecting overridden comparison dunder methods on order=True dataclasses (#22689)
• Add a hint to invalid-argument-type and invalid-assignment diagnostics if a variable is annotated with a type from the numbers module (#22931, #22938)
• Add diagnostic hint on unresolved-reference to suggest using "list" instead of "List" (#22827)
• Add new diagnostic for invalid dataclass field orders (#19825)
• Allow a subclass method with a positional-only parameter to override a superclass method without that parameter if the parameter in the subclass method has a default value (#23037)
• Allow self-referential imports outside the global scope (#22963)
• Ban ... in odd places inside tuple specializations (#22889)

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.15

Released on 2026-02-04.

Bug fixes

• Add support for resolving imports of packages installed into Debian/Ubuntu dist-packages directories (#22466)
• Avoid not-iterable false positives when iterating over an instance of an intersection type with only negated elements (#22089)
• Fix support for stringized annotations in very large files (#22913)
• Don't emit Liskov diagnostics for methods with mangled names (#23062)
• Enforce that a Final symbol cannot be reassigned even after a conditional binding (#22986)
• Fix TypedDict construction from existing TypedDict values (#22904)
• Fix Self resolution for classes nested within methods (#22964)
• Fix bidirectional inference with PEP 695 union type aliases (#22988)
• Fix edge-case bugs when narrowing tagged unions in match statements (#22870)
• Fix false-positive diagnostics when iterating over an instance of an intersection that includes a TypeVar of which the upper bound is a union where the union includes a non-iterable type (#22117)
• Fix lookup of __contains__ to respect descriptors (#23056)
• Fix narrowing of nonlocal variables with conditional assignments (#22966)
• Fix several bugs that could affect NewTypes of NewTypes of float (#22997)
• Fix several type narrowing bugs involving PEP-695 type aliases (#22894)
• Fix spurious query cycles in decorated functions with parameter defaults, for improved performance and improved determinism (#23014)
• Fix unary and comparison operators for TypeVars with union bounds (#22925)
• Understand functions as method descriptors even if they are decorated with a decorator annotated as returning a PEP-695 alias to a Callable type (#22902)
• dataclass_transform: Fix visibility of field specifiers when models are nested inside methods (#23069)

LSP server

• Fix hover showing Unknown for bare Final instance attributes (#23003)
• Improve support for goto-type, goto-declaration, hover, and highlighting of string annotations (#22878)
• Include setters and deleters when renaming properties (#22999)
• Show type qualifiers like Final in on-hover hints (#23005)

Configuration

• Add new unused-type-ignore-comment rule (#22790)
• Add a mechanism to ignore/warn/select all rules (#22832)
• Support multiple workspace folders in a single ty LSP server instance (#22953)
• Only add ./src as a search path if ./src/__init__.py(i) does not exist (#22851)

Type checking

• Add a diagnostic detecting if a variable is declared as Final but never has any bindings (#23001)
• Add a diagnostic detecting overridden comparison dunder methods on order=True dataclasses (#22689)
• Add a hint to invalid-argument-type and invalid-assignment diagnostics if a variable is annotated with a type from the numbers module (#22931, #22938)
• Add diagnostic hint on unresolved-reference to suggest using "list" instead of "List" (#22827)
• Add new diagnostic for invalid dataclass field orders (#19825)
• Allow a subclass method with a positional-only parameter to override a superclass method without that parameter if the parameter in the subclass method has a default value (#23037)
• Allow self-referential imports outside the global scope (#22963)
• Ban ... in odd places inside tuple specializations (#22889)
• Ban Required, NotRequired and ReadOnly in parameter annotations (#22888)

... (truncated)

Commits

• eb43dff Bump version to 0.0.15 (#2717)
• 338058b Add instructions for how to run ty with Bazel (#2711)
• deed12c Fix ty version reporting in Docker distributions (#2702)
• 3f490fa Document configuration option for setting level for all rules (#2691)
• 7973355 Update actions/setup-python action to v6.2.0 (#2697)
• 8016db5 Update astral-sh/setup-uv action to v7.2.1 (#2695)
• 28127db Update prek dependencies (#2696)
• ae931b2 docs: add llms.txt support (#2634)
• See full diff in compare view

Updates ruff from 0.14.14 to 0.15.0

Release notes

Sourced from ruff's releases.

0.15.0

Release Notes

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)
• missing-maxsplit-arg (PLC0207)
• unnecessary-lambda (PLW0108)
• unnecessary-empty-iterable-within-deque-call (RUF037)
• in-empty-collection (RUF060)
• legacy-form-pytest-raises (RUF061)
• non-octal-permissions (RUF064)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.0

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)

... (truncated)

Commits

• ce5f7b6 Bump 0.15.0 (#23055)
• b4e40f5 [ty] Fix __contains__ to respect descriptors (#23056)
• 848cb72 [ty] Fix narrowing of nonlocal variables with conditional assignments (#22966)
• da7f33a [ty] Add a diagnostic for Final without assignment (#23001)
• e65f9a6 Document markdown formatting feature (#22990)
• c0c1b98 Format markdown code blocks with line-by-line regex parse (#22996)
• 9f8f3e1 Allow positional-only params with defaults in method overrides (#23037)
• ef83810 [ty] ecosystem-analyzer: Support bare git repositories (#23054)
• 54dfee4 Customize where the fix_title sub-diagnostic appears (#23044)
• b534607 2026 Ruff Formatter Style (#22735)
• Additional commits viewable in compare view

Updates litellm from 1.81.6 to 1.81.9

Release notes

Sourced from litellm's releases.

v1.81.3-stable

Full Changelog: BerriAI/litellm@v1.81.3.dev1...v1.81.3-stable

v1.81.9.rc.1

What's Changed

• fix: search tools not found when using per-request routers by @​Quentin-M in BerriAI/litellm#19818
• feat: add faster linting targets for development workflow by @​jquinter in BerriAI/litellm#19729
• Litellm fix langfuse otel trace by @​Harshit28j in BerriAI/litellm#20382
• fix: Preserve streaming content on guardrail-sampled chunks by @​akraines in BerriAI/litellm#20027
• [Fix] Unique Constraint on Daily Tables + Logging When Updates Fail by @​yuneng-jiang in BerriAI/litellm#20394
• [Feature] UI - Search Tools: Show Config Defined Search Tools by @​yuneng-jiang in BerriAI/litellm#20436
• Fix mypy regression: TypedDict key error in fireworks_ai transformation by @​shin-bot-litellm in BerriAI/litellm#20391
• langfuse doc update by @​shivamrawat1 in BerriAI/litellm#20443
• fix(a2a): use text/event-stream SSE format for message/stream endpoint by @​shin-bot-litellm in BerriAI/litellm#20365
• Revert "fix(a2a): use text/event-stream SSE format for message/stream endpoint" by @​ishaan-jaff in BerriAI/litellm#20446
• [Fix] inconsistent response format in anthropic.messages.acreate() when using non anthropic providers by @​ishaan-jaff in BerriAI/litellm#20442
• [Feat] UI - Add support for MCP Semantic Filtering on UI by @​ishaan-jaff in BerriAI/litellm#20454
• docs: improve Okta SSO setup guide with step-by-step instructions by @​michelligabriele in BerriAI/litellm#20353
• fix(lint): remove unused Any/cast imports in github_copilot transformation by @​jquinter in BerriAI/litellm#20431
• feat(openrouter): add Qwen3-235B models by @​Chesars in BerriAI/litellm#20455
• bump: litellm-proxy-extras 0.4.29 → 0.4.30 by @​Sameerlite in BerriAI/litellm#20458
• chore: update poetry.lock for litellm-proxy-extras 0.4.30 by @​Sameerlite in BerriAI/litellm#20460
• [Infra] Fixing UI Build by @​yuneng-jiang in BerriAI/litellm#20461
• Litellm cicd 5 feb 2026 by @​Sameerlite in BerriAI/litellm#20464
• bugfix: Disable merging of consecutive user messages for GigaChat provider by @​natimofeev in BerriAI/litellm#20341
• Fix Vertex AI Gemini streaming content_filter handling by @​krisxia0506 in BerriAI/litellm#20105
• fix #20326 - [Feature]: Support TTL(1h) field in prompt caching for Bedrock Claude 4.5 models by @​Lucky-Lodhi2004 in BerriAI/litellm#20338
• Litellm oss staging 02 04 2026 by @​krrishdholakia in BerriAI/litellm#20398
• Cli arguments rds iam auth by @​krrishdholakia in BerriAI/litellm#20437
• [Fix] 404 Not Found on /api/event_logging/batch endpoint by @​ishaan-jaff in BerriAI/litellm#20504
• [Feat] add claude-opus-4-6 to model cost map by @​ishaan-jaff in BerriAI/litellm#20506
• Add Claude Opus 4.6 by @​PeterDaveHello in BerriAI/litellm#20508
• fix(ui): adjust daily spend date filtering for user timezone by @​nina-hu in BerriAI/litellm#20472
• [Fix] Non Root Dockerfile: Keep package-lock.json by @​yuneng-jiang in BerriAI/litellm#20452
• [Infra] UI - Adding Unit Tests for Coverage by @​yuneng-jiang in BerriAI/litellm#20513
• Fix test isolation for test_watsonx_gpt_oss_prompt_transformation by @​shin-bot-litellm in BerriAI/litellm#20474
• Fix test isolation for test_log_langfuse_v2_handles_null_usage_values by @​shin-bot-litellm in BerriAI/litellm#20475
• [Fix] Guardrails API - Ensure OpenAI Moderations Guard works with OpenAI Embeddings by @​ishaan-jaff in BerriAI/litellm#20523
• [Feature] Add soft_budget to Team Table + Create/Update Endpoints by @​yuneng-jiang in BerriAI/litellm#20530
• [Chore] Move anthropic input/output test to right folder by @​shivamrawat1 in BerriAI/litellm#20535
• [Refactor] UI - Usage Page: Spend By Provider by @​yuneng-jiang in BerriAI/litellm#20539
• fix: make sure gcs_bucket_name passes by @​Sameerlite in BerriAI/litellm#20491
• feat(web_search): add gpt-5-search-api model and docs clarifications by @​Chesars in BerriAI/litellm#20512
• [Feat] add ElevenLabs eleven_v3 and eleven_multilingual_v2 to model cost map by @​Chesars in BerriAI/litellm#20522
• [Refactor] UI - Admin Page: Migrate to AntD Tabs by @​yuneng-jiang in BerriAI/litellm#20465
• fix: Add array type checks for model, agent, and MCP hub data to prev… by @​swayambhu94 in BerriAI/litellm#20469
• [Refactor] Rename admins to AdminPanel by @​yuneng-jiang in BerriAI/litellm#20554
• Align Claude Opus 4.6 metadata and limits by @​PeterDaveHello in BerriAI/litellm#20514
• Add unsupported claude code beta headers in json by @​Sameerlite in BerriAI/litellm#20578
• Add full support for Opus 4.6 (Anthropic, Azure AI, Bedrock, Vertex AI) by @​Sameerlite in BerriAI/litellm#20551

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

uv.lock

Package	Version	License	Issue Type
litellm	1.81.9	Null	Unknown License
pydocket	0.17.5	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/anthropic	0.79.0	Unknown	Unknown
pip/croniter	6.0.0	Unknown	Unknown
pip/fastmcp	2.14.5	Unknown	Unknown
pip/litellm	1.81.9	Unknown	Unknown
pip/openai	2.17.0	🟢 6.2	Details Check Score Reason Code-Review ⚠️ -1 Found no human activity in the last 4 changesets Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pip	26.0.1	🟢 5.9	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 7 Found 8/11 approved changesets -- score normalized to 7 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts ⚠️ 0 binaries present in source code CII-Best-Practices ⚠️ 2 badge detected: InProgress Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pydocket	0.17.5	Unknown	Unknown
pip/python-dateutil	2.9.0.post0	🟢 5.2	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review 🟢 5 Found 8/14 approved changesets -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases 🟢 8 2 out of the last 2 releases have a total of 2 signed artifacts. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pytz	2025.2	🟢 4.6	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 1 Found 3/25 approved changesets -- score normalized to 1 Security-Policy 🟢 9 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/ruff	0.15.0	Unknown	Unknown
pip/six	1.17.0	🟢 4.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/ty	0.0.15	Unknown	Unknown

Scanned Files

• uv.lock