Bump litellm from 1.80.10 to 1.80.15

[dependabot]

Bumps litellm from 1.80.10 to 1.80.15.

Release notes

Sourced from litellm's releases.

v1.80.15.rc.1

What's Changed

• feat: calculate total_tokens manually if it is missing and can be calculated from input and output tokens by @​wileykestner in BerriAI/litellm#18445
• feat: Add built-in migration lock to prevent concurrent Prisma migrate deploy by @​minijeong-log in BerriAI/litellm#14440
• feat: Add Prometheus metrics for request queue time and guardrails by @​hamzaq453 in BerriAI/litellm#17973
• Revert "feat: Add built-in migration lock to prevent concurrent Prisma migrate deploy" by @​krrishdholakia in BerriAI/litellm#18719
• Add Anthropic cache control option to image tool call results by @​Mr-Pepe in BerriAI/litellm#18674
• Hotfix - docs qualifire by @​drorIvry in BerriAI/litellm#18724
• fix(proxy): return json error response instead of sse format for initial streaming errors by @​krisxia0506 in BerriAI/litellm#18757
• feat(prometheus): add caching metrics for cache hits, misses, and tokens by @​Harshit28j in BerriAI/litellm#18755
• Litellm embeddings calltype fix for guardrail precallhook by @​kothamah in BerriAI/litellm#18740
• fix: prevent duplicate User-Agent tags in request_tags by @​Tianduo16 in BerriAI/litellm#18723
• make base_connection_pool_limit default value the same by @​wilsonjr in BerriAI/litellm#18721
• feat: Add abliteration.ai provider by @​abliteration-ai in BerriAI/litellm#18678
• fix(braintrust): pass span_attributes in async logging and skip tags on non-root spans by @​ihower in BerriAI/litellm#18409
• OpenRouter embeddings API support by @​elkkhan in BerriAI/litellm#18391
• fix(gemini): support snake_case for google_search tool parameters by @​Chesars in BerriAI/litellm#18451
• fix(proxy): use async anthropic client to prevent event loop blocking by @​runixer in BerriAI/litellm#18435
• fix: properly use litellm api keys by @​lucasrothman in BerriAI/litellm#18832
• fix: add idx on LOWER(user_email) for faster duplicate email checks l… by @​Harshit28j in BerriAI/litellm#18828
• feat(tag-routing): support toggling tag matching between ANY and ALL by @​choby-shun in BerriAI/litellm#18776
• fix: Mask extra header secrets in model info by @​Chesars in BerriAI/litellm#18822
• fix: add xiaomi_mimo to LlmProviders enum to fix router support by @​Chesars in BerriAI/litellm#18819
• docs: fix PDF documentation inconsistency in Anthropic page by @​Chesars in BerriAI/litellm#18816
• fix(workflow): Update issue labeling with working regex pattern by @​Chesars in BerriAI/litellm#18821
• fix: proactive RDS IAM token refresh to prevent 15-min connection failed by @​Harshit28j in BerriAI/litellm#18795
• feat(ui): add custom proxy base URL support to Playground by @​Chesars in BerriAI/litellm#18661
• [Fix] Normalize Proxy Config Callback by @​yuneng-jiang in BerriAI/litellm#18775
• [Feature] Key and Team Router Setting by @​yuneng-jiang in BerriAI/litellm#18790
• [Infra] Fixing UI Build by @​yuneng-jiang in BerriAI/litellm#18835
• [feat] Focus export support by @​uc4w6c in BerriAI/litellm#18802
• [docs] add focus by @​uc4w6c in BerriAI/litellm#18837
• feat: added qualifire eval webhook by @​drorIvry in BerriAI/litellm#18836
• [fix] how to execute cloudzero sql by @​uc4w6c in BerriAI/litellm#18841
• [FEAT]: Add support for Vertex AI API keys by @​Sameerlite in BerriAI/litellm#18806
• [feat] add mcp registry by @​uc4w6c in BerriAI/litellm#18850
• fix: Improve error messages and validation for wildcard routing with multiple credentials by @​akraines in BerriAI/litellm#18629
• Fix: Add thought_signatures to VertexGeminiConfig and test by @​jutaz in BerriAI/litellm#18853
• Staging - 01/07/2026 by @​krrishdholakia in BerriAI/litellm#18763
• Litellm staging 01 08 2026 by @​krrishdholakia in BerriAI/litellm#18833
• Staging 01/06/2026 by @​krrishdholakia in BerriAI/litellm#18715
• feat: add Bedrock as a backend API for token counting by @​raghav-stripe in BerriAI/litellm#18858
• [Fix] Nova model detection for Bedrock provider (#17910) by @​sjmatta in BerriAI/litellm#18250
• fix(security): prevent expired key plaintext leak in error response by @​Harshit28j in BerriAI/litellm#18860
• [Infra] UI - Unit Test: Adding Tests to Expand Coverage by @​yuneng-jiang in BerriAI/litellm#18848
• [Infra] UI - E2E Test: Refactor Page Settings + Test for Page Navigation by @​yuneng-jiang in BerriAI/litellm#18849
• fix: prevent Prisma migration workflow from running in forks by @​Chesars in BerriAI/litellm#18863
• fix(azure): add logprobs support for Azure OpenAI GPT-5.2 model by @​andres-ortizl in BerriAI/litellm#18856
• Fix: response_format leaking into extra_body by @​Sameerlite in BerriAI/litellm#18859
• Fix/litellm sdk embedding headers missing field by @​gauthiermartin in BerriAI/litellm#18844

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[overcut-ai]

Completed Working on "Code Review"

✅ Workflow completed successfully.

---

👉 View complete log

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

Pipfile.lock

Package	Version	License	Issue Type
litellm	1.80.15	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/anyio	4.12.1	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 5 Found 11/19 approved changesets -- score normalized to 5 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/certifi	2026.1.4	🟢 6.8	Details Check Score Reason Code-Review 🟢 4 Found 2/5 approved changesets -- score normalized to 4 Maintained 🟢 10 15 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found License 🟢 9 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/filelock	3.20.3	Unknown	Unknown
pip/fsspec	2026.1.0	🟢 5.8	Details Check Score Reason Maintained 🟢 10 23 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/grpcio	1.76.0	🟢 5.8	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 7 Found 18/23 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices 🟢 5 badge detected: Passing License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 8 binaries present in source code Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 35 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/huggingface-hub	1.3.1	🟢 6.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6
pip/importlib-metadata	8.7.1	🟢 6.2	Details Check Score Reason Code-Review ⚠️ 1 Found 2/15 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 8 binaries present in source code Maintained 🟢 10 22 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed License ⚠️ 0 license file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/litellm	1.80.15	Unknown	Unknown
pip/openai	2.15.0	🟢 6.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ -1 Found no human activity in the last 7 changesets Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/tokenizers	0.22.2	🟢 4.9	Details Check Score Reason Code-Review 🟢 6 Found 17/26 approved changesets -- score normalized to 6 Maintained 🟢 10 19 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/typer-slim	0.21.1	Unknown	Unknown

Scanned Files

• Pipfile.lock