chore(deps): bump litellm from 1.85.1 to 1.86.1

[dependabot]

Bumps litellm from 1.85.1 to 1.86.1.

Release notes

Sourced from litellm's releases.

v1.86.1

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.86.1

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.1/cosign.pub \
  ghcr.io/berriai/litellm:v1.86.1

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

---

What's Changed

• chore(release): cherry-pick #28519 (non_root npm fix) into patch/1.86.0 by @​yuneng-berri in BerriAI/litellm#28744
• chore(release): 1.86.1 by @​yuneng-berri in BerriAI/litellm#28823

Full Changelog: BerriAI/litellm@v1.86.0...v1.86.1

v1.86.0

[!NOTE] Two things to be aware of about the non-root image in this release:

• Dockerfile build patch. The non-root Dockerfile failed to build at the v1.86.0 tag, and a patch was applied to produce ghcr.io/berriai/litellm-non_root:v1.86.0. The non-root image was built from commit a13cd212c82f00d73456a375dd0d89cef85244a8.
• No cosign attestation. The non-root image was published without a cosign signature. If you run cosign verify on images before deploying, this image will not pass verification and you will not be able to upgrade to it.

The ghcr.io/berriai/litellm:v1.86.0 and ghcr.io/berriai/litellm-database:v1.86.0 images are signed normally. v1.86.1 ships early next week with signed builds of all three images.

... (truncated)

Commits

• a8caf28 chore(release): 1.86.1 (#28823)
• a13cd21 Merge pull request #28744 from BerriAI/litellm_/bold-lumiere-b74316
• 9e7192e fix(docker): restore npm to non_root builder image (#28519)
• a72414a Merge pull request #28100 from BerriAI/litellm_internal_staging
• cf9b5e4 [Infra] Bump versions (#28094)
• 1b0ae3a fix(mcp-oauth): PROXY_BASE_URL escape hatch + diagnostic logging for {"detail...
• 3d5a9ed feat: add Terraform stacks for deploying LiteLLM on AWS and GCP (#27673)
• fbe0ee8 fix(proxy): sort BYOK models by their displayed name in /v2/model/info (#28079)
• cd551f6 chore: update Next.js build artifacts (2026-05-16 22:22 UTC, node v20.20.2) (...
• 86f73e5 feat(otel): set http.response.status_code on the success SERVER span (#28090)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #115.