Description
I noticed in the memgraph-toolbox/pyproject.toml that the toolkit specifies litellm>=1.77.1.
The open-ended >= constraint puts users at risk of automatically downloading compromised packages during a pip install. Recently, litellm was targeted in a supply chain attack on PyPI where malicious versions (1.82.7 and 1.82.8) containing credential stealers were published.
Recommendation
To protect users of the Memgraph AI Toolkit from this and future supply chain attacks, I highly recommend pinning this dependency strictly to the last known safe version or capping the upper limit.
Steps to Reproduce
Check the current dependency declarations for litellm.
Description
I noticed in the
memgraph-toolbox/pyproject.tomlthat the toolkit specifieslitellm>=1.77.1.ai-toolkit/memgraph-toolbox/pyproject.toml
Line 35 in 7aecafb
The open-ended
>=constraint puts users at risk of automatically downloading compromised packages during apip install. Recently,litellmwas targeted in a supply chain attack on PyPI where malicious versions (1.82.7 and 1.82.8) containing credential stealers were published.Recommendation
To protect users of the Memgraph AI Toolkit from this and future supply chain attacks, I highly recommend pinning this dependency strictly to the last known safe version or capping the upper limit.
Steps to Reproduce
Check the current dependency declarations for
litellm.