fix: bump transformers to 5.5.0 to resolve CVE-2026-1839

Bumps docling pin from ~=2.75.0 to ~=2.84.0 (allows huggingface-hub>=1) and adds a transformers>=5.4.0 override to force resolution past 4.57.6.
2026-04-30 23:02:50 +00:00 · 2026-04-08 18:59:51 +08:00
parent 0450d06a65
commit f4c0667d34
3 changed files with 21 additions and 16 deletions
--- a/lib/crewai/pyproject.toml
+++ b/lib/crewai/pyproject.toml
@@ -68,7 +68,7 @@ openpyxl = [
 ]
 mem0 = ["mem0ai~=0.1.94"]
 docling = [
-    "docling~=2.75.0",
+    "docling~=2.84.0",
 ]
 qdrant = [
    "qdrant-client[fastembed]~=1.14.3",