build(deps): bump the uv group across 1 directory with 2 updates

[dependabot]

Bumps the uv group with 1 update in the / directory: fastapi-sso.

Updates fastapi-sso from 0.16.0 to 0.19.0

Release notes

Sourced from fastapi-sso's releases.

0.19.0

️⚠️ A critical OAuth login CSRF vulnerability caused by missing state validation was reported by @​davidbors-snyk (Snyk Security Labs) in #266 and has been resolved in version 0.19.0.

Starting with fastapi-sso==1.0.0, OAuth state will be backed by a pluggable server-side store (in-memory by default, with support for external stores such as Redis).

What's Changed

• chore(deps): bump the all group with 11 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#230
• chore(deps): bump the all group with 3 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#231
• chore(deps): bump the all group with 6 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#232
• chore(deps): bump the all group with 4 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#233
• chore(deps-dev): bump the all group with 3 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#234
• chore(deps-dev): bump the all group with 2 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#235
• chore(deps): bump the all group across 1 directory with 3 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#237
• chore(deps): bump the all group across 1 directory with 3 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#239
• chore(deps-dev): bump the all group across 1 directory with 4 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#241
• chore(deps): bump the all group with 5 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#242
• chore(deps): bump the all group across 1 directory with 10 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#247
• chore(deps-dev): bump the all group with 3 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#248
• chore(deps-dev): bump the all group across 1 directory with 3 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#251
• chore(deps-dev): bump the all group with 3 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#252
• chore(deps-dev): bump the all group with 2 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#253
• chore(deps): bump the all group with 2 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#254
• chore(deps): bump the all group across 1 directory with 12 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#259
• fix: enforce state validation by @​davidbors-snyk in tomasvotava/fastapi-sso#267
• chore(deps): bump the all group across 1 directory with 7 updates by @​dependabot[bot] in tomasvotava/fastapi-sso#265
• docs(#266): warn against using state as an arbitrary data transport by @​tomasvotava in tomasvotava/fastapi-sso#269

New Contributors

• @​davidbors-snyk made their first contribution in tomasvotava/fastapi-sso#267

Full Changelog: tomasvotava/fastapi-sso@0.18.0...0.19.0

0.18.0

What's Changed

Removed support for python 3.8

• chore: add Python 3.13 to testing and linting workflows by @​tomasvotava in tomasvotava/fastapi-sso#226
• chore: update Python version to 3.12 and improve documentation workflow by @​tomasvotava in tomasvotava/fastapi-sso#227
• chore(deps-dev): bump the all group across 1 directory with 2 updates by @​dependabot in tomasvotava/fastapi-sso#228
• feat:use id token for linkedin userinfo by @​tomasvotava in tomasvotava/fastapi-sso#229

Full Changelog: tomasvotava/fastapi-sso@0.17.0...0.18.0

0.17.0

What's Changed

... (truncated)

Commits

• c905eaf chore: 0.18.0 => 0.19.0
• 94343bf docs(#266): warn against using state as an arbitrary data transport (#269)
• d057c1d chore(deps): bump the all group across 1 directory with 7 updates (#265)
• 6117d1a fix: enforce state validation (#267)
• da63c19 chore(deps): bump the all group across 1 directory with 12 updates (#259)
• 0ccaedd chore(deps): bump the all group with 2 updates (#254)
• a43e62e chore(deps-dev): bump the all group with 2 updates (#253)
• 8cd706d chore(deps-dev): bump the all group with 3 updates (#252)
• ea769fa chore(deps-dev): bump the all group across 1 directory with 3 updates (#251)
• 7aba1e6 chore(deps-dev): bump the all group with 3 updates (#248)
• Additional commits viewable in compare view

Updates litellm from 1.83.0 to 1.89.1

Release notes

Sourced from litellm's releases.

v1.89.1

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.89.1

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.89.1/cosign.pub \
  ghcr.io/berriai/litellm:v1.89.1

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

---

What's Changed

• chore(release): backport 1.84.8 patch set + MCP/model-info/DB fixes to stable/1.89.x and cut 1.89.1 by @​yuneng-berri in BerriAI/litellm#30502

Full Changelog: BerriAI/litellm@v1.89.0...v1.89.1

v1.88.2

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

</tr></table> 

... (truncated)

Commits

• See full diff in compare view

[github-actions]

👋 Thanks for the PR! This one targets master, which is our
stable branch (it's what live installs track). Please retarget it to
dev — click Edit next to the PR title and change the base
branch dropdown from master to dev. Your commits and any review
carry over, nothing is lost.

See CONTRIBUTING.md for the branch model.

[kilo-code-bot]

Code Review Summary

Status: 1 Issue Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	0
WARNING	1
SUGGESTION	0

Issue Details (click to expand)

WARNING

File	Line	Issue
PR metadata	N/A	Existing PR comment notes this PR targets master, the stable branch. The repository workflow expects dependency PRs to target dev.

Other Observations (not in diff)

Issues found outside the code diff that cannot receive inline comments:

File	Line	Issue
PR metadata	N/A	Existing comment from github-actions asks to retarget the PR from master to dev.

Files Reviewed (1 files)

• uv.lock - 0 inline issues; generated lock-file changes were not inline-commented per review policy.

Fix these issues in Kilo Cloud

---

_{Reviewed by nex-n2-pro:free · 1,609,053 tokens}