chore(deps): bump litellm from 1.88.1 to 1.89.1 in /backend

[dependabot]

Bumps litellm from 1.88.1 to 1.89.1.

Release notes

Sourced from litellm's releases.

v1.89.1

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.89.1

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.89.1/cosign.pub \
  ghcr.io/berriai/litellm:v1.89.1

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

---

What's Changed

• chore(release): backport 1.84.8 patch set + MCP/model-info/DB fixes to stable/1.89.x and cut 1.89.1 by @​yuneng-berri in BerriAI/litellm#30502

Full Changelog: BerriAI/litellm@v1.89.0...v1.89.1

v1.88.2

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

</tr></table> 

... (truncated)

Commits

• 3983231 Merge pull request #30502 from BerriAI/litellm_backport_1_89_x_bp_1_89x_multi
• 24e30b5 fix(types): coerce dict server_tool_use to ServerToolUse in Usage init
• 9bd1022 bump: version 1.89.0 -> 1.89.1
• 9dcd406 chore(deps): bump vitest, brace-expansion, pypdf and tornado (#30220)
• 7771ec9 fix(mcp): drop phantom 401 span on delegated OAuth2 tool calls (#30494)
• bcfed3e fix(proxy): return deprecated-key lookup result directly in get_data combined...
• bf6f134 fix(passthrough): skip [DONE] sentinels and non-JSON SSE frames in Anthropic ...
• 929f047 fix(proxy): populate access_via_team_ids on /v1/model/info (#30274)
• ddc4da5 fix(passthrough): resolve costing model when body model is unknown (#30160)
• 7a72b10 Merge pull request #29528 from aanchal22/litellm_byok-alias-merge
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.