fix: upgrade requests to >=2.33.0 for CVE temp file vulnerability

2026-04-30 14:52:36 +00:00 · 2026-04-12 16:12:35 +08:00
parent 29fc4ac226
commit 16bf24001e
2 changed files with 5 additions and 5 deletions
--- a/lib/crewai-tools/pyproject.toml
+++ b/lib/crewai-tools/pyproject.toml
@@ -9,7 +9,7 @@ authors = [
 requires-python = ">=3.10, <3.14"
 dependencies = [
    "pytube~=15.0.0",
-    "requests~=2.32.5",
+    "requests>=2.33.0,<3",
    "crewai==1.14.2a2",
    "tiktoken~=0.8.0",
    "beautifulsoup4~=4.13.4",
--- a/uv.lock
+++ b/uv.lock
@@ -1592,7 +1592,7 @@ requires-dist = [
    { name = "python-docx", marker = "extra == 'rag'", specifier = ">=1.1.0" },
    { name = "pytube", specifier = "~=15.0.0" },
    { name = "qdrant-client", marker = "extra == 'qdrant-client'", specifier = ">=1.12.1" },
-    { name = "requests", specifier = "~=2.32.5" },
+    { name = "requests", specifier = ">=2.33.0,<3" },
    { name = "scrapegraph-py", marker = "extra == 'scrapegraph-py'", specifier = ">=1.9.0" },
    { name = "scrapfly-sdk", marker = "extra == 'scrapfly-sdk'", specifier = ">=0.8.19" },
    { name = "selenium", marker = "extra == 'selenium'", specifier = ">=4.27.1" },
@@ -7369,7 +7369,7 @@ wheels = [

 [[package]]
 name = "requests"
-version = "2.32.5"
+version = "2.33.1"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "certifi" },
@@ -7377,9 +7377,9 @@ dependencies = [
    { name = "idna" },
    { name = "urllib3" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517, upload-time = "2025-08-18T20:46:02.573Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/5f/a4/98b9c7c6428a668bf7e42ebb7c79d576a1c3c1e3ae2d47e674b468388871/requests-2.33.1.tar.gz", hash = "sha256:18817f8c57c6263968bc123d237e3b8b08ac046f5456bd1e307ee8f4250d3517", size = 134120, upload-time = "2026-03-30T16:09:15.531Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738, upload-time = "2025-08-18T20:46:00.542Z" },
+    { url = "https://files.pythonhosted.org/packages/d7/8e/7540e8a2036f79a125c1d2ebadf69ed7901608859186c856fa0388ef4197/requests-2.33.1-py3-none-any.whl", hash = "sha256:4e6d1ef462f3626a1f0a0a9c42dd93c63bad33f9f1c1937509b8c5c8718ab56a", size = 64947, upload-time = "2026-03-30T16:09:13.83Z" },
 ]

 [[package]]