chore(deps): bump litellm from 1.83.14 to 1.86.0 in /fastapi-backend

[dependabot]

Bumps litellm from 1.83.14 to 1.86.0.

Release notes

Sourced from litellm's releases.

v1.86.0

[!NOTE] Two things to be aware of about the non-root image in this release:

• Dockerfile build patch. The non-root Dockerfile failed to build at the v1.86.0 tag, and a patch was applied to produce ghcr.io/berriai/litellm-non_root:v1.86.0. The non-root image was built from commit a13cd212c82f00d73456a375dd0d89cef85244a8.
• No cosign attestation. The non-root image was published without a cosign signature. If you run cosign verify on images before deploying, this image will not pass verification and you will not be able to upgrade to it.

The ghcr.io/berriai/litellm:v1.86.0 and ghcr.io/berriai/litellm-database:v1.86.0 images are signed normally. v1.86.1 ships early next week with signed builds of all three images.

---

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.86.0

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.0/cosign.pub \
  ghcr.io/berriai/litellm:v1.86.0

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

---

What's Changed

• fix: tighten budget field validation and authorization checks by @​krrish-berri-2 in BerriAI/litellm#27897
• fix(guardrails): improve CrowdStrike AIDR input handling by @​kenany in BerriAI/litellm#26658
• feat(lasso): add tool-calling support to LassoGuardrail by @​vladpolevoi in BerriAI/litellm#27648
• perf: optimize chat completions fast path by @​yassin-berriai in BerriAI/litellm#27858
• ci(mutmut): enable mutate_only_covered_lines to fit in CI budget by @​ryan-crabbe-berri in BerriAI/litellm#27910

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #339.