andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-04-29 06:12:43 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

chore: bump pypdf to 6.10.0 for GHSA-3crg-w4f6-42mx
Some checks failed
Nightly Canary Release / Build nightly packages (push) Has been cancelled
Details
Nightly Canary Release / Publish nightly to PyPI (push) Has been cancelled
Details
Build uv cache / build-cache (3.10) (push) Has been cancelled
Details
Build uv cache / build-cache (3.11) (push) Has been cancelled
Details
Build uv cache / build-cache (3.12) (push) Has been cancelled
Details
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
Details
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Details
Vulnerability Scan / pip-audit (push) Has been cancelled
Details
Build uv cache / build-cache (3.13) (push) Has been cancelled
Details
Mark stale issues and pull requests / stale (push) Has been cancelled
Details
Nightly Canary Release / Check for new commits (push) Has been cancelled
Details

Browse Source 
Resolves CVE-2026-40260 where manipulated XMP metadata entity
declarations can exhaust RAM in pypdf <6.10.0.
This commit is contained in:
Greyson LaLonde
2026-04-11 05:56:11 +08:00
committed by GitHub
parent 8de4421705
commit 3b280e41fb
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/crewai-files/pyproject.toml
View File

@@ -9,7 +9,7 @@ authors = [
requires-python = ">=3.10, <3.14"
dependencies = [
"Pillow~=12.1.1",
"pypdf~=6.9.1",
"pypdf~=6.10.0",
"python-magic>=0.4.27",
"aiocache~=0.12.3",
"aiofiles~=24.1.0",