APEX/BrowserUse_and_ComputerUse_skills
5
0
Fork 0
Code Issues 6 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

fix: remove litellm/typer/platformdirs from hermes-agent deps (supply chain compromise) (#2796)

Browse source 
litellm 1.82.7/1.82.8 contained a credential stealer (.pth auto-exec
payload). PyPI quarantined the entire package, blocking all fresh
hermes-agent installs since litellm was listed as a hard dependency.

These three deps (litellm, typer, platformdirs) are only used by the
mini-swe-agent submodule, which has its own pyproject.toml and manages
its own dependencies. They were redundantly duplicated in hermes-agent's
pyproject.toml.

Also fixes install.sh to not print 'mini-swe-agent installed' on
failure, and updates warning messages in both install scripts to clarify
that only Docker/Modal backends are affected — local terminal is
unaffected.

Ref: https://github.com/BerriAI/litellm/issues/24512
This commit is contained in:
Teknium 2026-03-24 07:03:16 -07:00 committed by GitHub
parent b641ee88f4
commit 18cbd18fa9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 6 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pyproject.toml
View file

@ -32,10 +32,6 @@ dependencies = [
# Text-to-speech (Edge TTS is free, no API key needed) # Text-to-speech (Edge TTS is free, no API key needed)
"edge-tts", "edge-tts",
"faster-whisper>=1.0.0", "faster-whisper>=1.0.0",
# mini-swe-agent deps (terminal tool)
"litellm>=1.75.5",
"typer",
"platformdirs",
# Skills Hub (GitHub App JWT auth — optional, only needed for bot identity) # Skills Hub (GitHub App JWT auth — optional, only needed for bot identity)
"PyJWT[crypto]", "PyJWT[crypto]",
] ]

7
scripts/install.sh
View file

@ -721,8 +721,11 @@ install_deps() {
# Install submodules # Install submodules
log_info "Installing mini-swe-agent (terminal tool backend)..." log_info "Installing mini-swe-agent (terminal tool backend)..."
if [ -d "mini-swe-agent" ] && [ -f "mini-swe-agent/pyproject.toml" ]; then if [ -d "mini-swe-agent" ] && [ -f "mini-swe-agent/pyproject.toml" ]; then
$UV_CMD pip install -e "./mini-swe-agent" || log_warn "mini-swe-agent install failed (terminal tools may not work)" if $UV_CMD pip install -e "./mini-swe-agent"; then
log_success "mini-swe-agent installed" log_success "mini-swe-agent installed"
else
log_warn "mini-swe-agent install failed (Docker/Modal terminal backends may not work, local terminal is unaffected)"
fi
else else
log_warn "mini-swe-agent not found (run: git submodule update --init)" log_warn "mini-swe-agent not found (run: git submodule update --init)"
fi fi

2
setup-hermes.sh
View file

@ -130,7 +130,7 @@ echo -e "${CYAN}→${NC} Installing submodules..."
if [ -d "mini-swe-agent" ] && [ -f "mini-swe-agent/pyproject.toml" ]; then if [ -d "mini-swe-agent" ] && [ -f "mini-swe-agent/pyproject.toml" ]; then
$UV_CMD pip install -e "./mini-swe-agent" && \ $UV_CMD pip install -e "./mini-swe-agent" && \
echo -e "${GREEN}${NC} mini-swe-agent installed" || \ echo -e "${GREEN}${NC} mini-swe-agent installed" || \
echo -e "${YELLOW}${NC} mini-swe-agent install failed (terminal tools may not work)" echo -e "${YELLOW}${NC} mini-swe-agent install failed (Docker/Modal terminal backends may not work, local terminal is unaffected)"
else else
echo -e "${YELLOW}${NC} mini-swe-agent not found (run: git submodule update --init --recursive)" echo -e "${YELLOW}${NC} mini-swe-agent not found (run: git submodule update --init --recursive)"
fi fi