The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Mar 18, 2026 0:45am

Merging this PR will not alter performance

✅ 16 untouched benchmarks

_{Comparing litellm_mar17_extras (62835ff) with main (ac0de1d)}

Greptile Summary

This is a focused infrastructure PR that addresses a security vulnerability in Next.js and synchronizes the litellm-proxy-extras package version. Both changes are straightforward dependency bumps with no logic changes.

Key changes:

• next bumped from ^16.1.6 → ^16.1.7 in package.json and package-lock.json to remediate a reported vulnerability
• litellm-proxy-extras bumped from 0.4.56 → 0.4.57 across requirements.txt, pyproject.toml, and litellm-proxy-extras/pyproject.toml to re-sync the proxy extras package
• Binary distribution artifacts (litellm_proxy_extras-0.4.57-py3-none-any.whl and litellm_proxy_extras-0.4.57.tar.gz) committed directly to the repository — these are unauditable in a git diff and bloat git history; publishing to PyPI and referencing by version is the standard approach
• Several transitive dependencies in package-lock.json had their metadata changed from "devOptional": true to "dev": true (e.g. @playwright/test, playwright, playwright-core, typescript); this is a semantic npm lockfile metadata shift but does not affect production installs since both flags exclude the package from --production installs

Confidence Score: 4/5

• This PR is safe to merge; all changes are dependency version bumps addressing a known vulnerability with no logic changes.
• The Next.js and proxy-extras version bumps are simple and correct. The only concerns are the committed binary dist artifacts (unauditable, bloats git history) and the devOptional → dev metadata shift in package-lock.json which is benign but worth noting.
• litellm-proxy-extras/dist/ — binary artifacts committed directly to git are unauditable and bloat history; prefer publishing to PyPI.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[PR: Security + Proxy Extras for Nightly] --> B[Next.js bump\n16.1.6 → 16.1.7]
    A --> C[litellm-proxy-extras bump\n0.4.56 → 0.4.57]

    B --> B1[package.json\nnext: ^16.1.7]
    B --> B2[package-lock.json\nAll @next/* packages updated\nSome deps: devOptional → dev]

    C --> C1[litellm-proxy-extras/pyproject.toml\nversion = 0.4.57]
    C --> C2[pyproject.toml\nlitellm-proxy-extras ^0.4.57]
    C --> C3[requirements.txt\nlitellm-proxy-extras==0.4.57]
    C --> C4[dist/ binary artifacts\n.whl + .tar.gz committed to git]

_{Last reviewed commit: "adding package-lock"}