diff --git a/docs/en/installation.mdx b/docs/en/installation.mdx index 5e94c94a7..c6899d6e6 100644 --- a/docs/en/installation.mdx +++ b/docs/en/installation.mdx @@ -171,6 +171,9 @@ We recommend using the `YAML` template scaffolding for a structured approach to ```shell uv add ``` + + As a supply-chain security measure, CrewAI's internal packages use `exclude-newer = "3 days"` in their `pyproject.toml` files. This means transitive dependencies pulled in by CrewAI won't resolve packages released less than 3 days ago. Your own direct dependencies are not affected by this policy. If you notice a transitive dependency is behind, you can pin the version you want explicitly in your project's dependencies. + - To run your crew, execute the following command in the root of your project: ```bash crewai run diff --git a/lib/crewai-files/pyproject.toml b/lib/crewai-files/pyproject.toml index 2e8ef4863..99f7c15c5 100644 --- a/lib/crewai-files/pyproject.toml +++ b/lib/crewai-files/pyproject.toml @@ -17,6 +17,9 @@ dependencies = [ "av~=13.0.0", ] +[tool.uv] +exclude-newer = "3 days" + [build-system] requires = ["hatchling"] build-backend = "hatchling.build" diff --git a/lib/crewai-tools/pyproject.toml b/lib/crewai-tools/pyproject.toml index 67e98b5c9..422c8466a 100644 --- a/lib/crewai-tools/pyproject.toml +++ b/lib/crewai-tools/pyproject.toml @@ -142,6 +142,9 @@ contextual = [ ] +[tool.uv] +exclude-newer = "3 days" + [build-system] requires = ["hatchling"] build-backend = "hatchling.build" diff --git a/lib/crewai/pyproject.toml b/lib/crewai/pyproject.toml index de26cb784..8265f15b4 100644 --- a/lib/crewai/pyproject.toml +++ b/lib/crewai/pyproject.toml @@ -115,6 +115,9 @@ qdrant-edge = [ crewai = "crewai.cli.cli:crewai" +[tool.uv] +exclude-newer = "3 days" + # PyTorch index configuration, since torch 2.5.0 is not compatible with python 3.13 [[tool.uv.index]] name = "pytorch-nightly" diff --git a/lib/devtools/pyproject.toml b/lib/devtools/pyproject.toml index 4c5f2d605..e02375241 100644 --- a/lib/devtools/pyproject.toml +++ b/lib/devtools/pyproject.toml @@ -25,6 +25,9 @@ release = "crewai_devtools.cli:release" docs-check = "crewai_devtools.docs_check:docs_check" devtools = "crewai_devtools.cli:main" +[tool.uv] +exclude-newer = "3 days" + [build-system] requires = ["hatchling"] build-backend = "hatchling.build" diff --git a/pyproject.toml b/pyproject.toml index 1667ca25b..44b966533 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -160,6 +160,7 @@ info = "Commits must follow Conventional Commits 1.0.0." [tool.uv] +exclude-newer = "3 days" # composio-core pins rich<14 but textual requires rich>=14. # onnxruntime 1.24+ dropped Python 3.10 wheels; cap it so qdrant[fastembed] resolves on 3.10.