Commit Graph

112 Commits

Author SHA1 Message Date
Greyson LaLonde
81c21e3166 feat: bump versions to 1.14.6a1
Some checks failed
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-05-21 15:09:48 +08:00
Greyson LaLonde
c50da7a6f2 feat: bump versions to 1.14.5 2026-05-19 03:11:26 +08:00
Greyson LaLonde
a6225da326 feat: bump versions to 1.14.5a7 2026-05-18 21:08:46 +08:00
Heitor Carvalho
65ec783aae feat: bump versions to 1.14.5a6 (#5827) 2026-05-15 16:51:59 -03:00
Greyson LaLonde
2034f2140a feat: bump versions to 1.14.5a5 2026-05-13 02:54:13 +08:00
Greyson LaLonde
a09c4de2fd feat: bump versions to 1.14.5a4 2026-05-09 03:08:22 +08:00
Greyson LaLonde
cf2fb4503d chore(deps): bump mem0ai to >=2.0.0 to address GHSA-xqxw-r767-67m7
Some checks failed
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
2026-05-09 00:17:48 +08:00
Greyson LaLonde
964066e86b fix(ci): stamp and pin all workspace packages in nightly publish
Some checks failed
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
2026-05-08 02:07:01 +08:00
Greyson LaLonde
d165bcb65f fix(deps): move textual to crewai-cli and add certifi
Some checks failed
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Check Documentation Broken Links / Check broken links (push) Has been cancelled
Nightly Canary Release / Check for new commits (push) Has been cancelled
Nightly Canary Release / Build nightly packages (push) Has been cancelled
Nightly Canary Release / Publish nightly to PyPI (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-05-07 04:40:08 +08:00
Greyson LaLonde
e961a005cb feat: bump versions to 1.14.5a3
Some checks failed
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
2026-05-07 01:44:05 +08:00
Greyson LaLonde
93e786d263 refactor: extract CLI into standalone crewai-cli package 2026-05-06 20:46:46 +08:00
Greyson LaLonde
57d1b338f7 feat: bump versions to 1.14.5a2 2026-05-04 22:58:06 +08:00
Lorenze Jay
5db72250b2 feat: bump versions to 1.14.5a1 (#5677)
* feat: bump versions to 1.14.5a1

* chore: update tool specifications

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-01 14:21:50 -07:00
Greyson LaLonde
2c0323c3fe feat: bump versions to 1.14.4 2026-05-01 02:57:37 +08:00
Greyson LaLonde
4b49fc9ac6 feat: bump versions to 1.14.4a1 2026-04-29 23:50:30 +08:00
Greyson LaLonde
de0b2a4fe0 fix(deps): bump litellm for SSTI fix; ignore unfixable pip CVE 2026-04-28 04:34:17 +08:00
Greyson LaLonde
d9046b98dd feat: bump versions to 1.14.3 2026-04-25 00:04:46 +08:00
Greyson LaLonde
3e9deaf9c0 feat: bump versions to 1.14.3a3 2026-04-23 04:55:08 +08:00
Matt Aitchison
fdf3101b39 feat(azure): fall back to DefaultAzureCredential when no API key
Enables keyless Azure auth (OIDC Workload Identity Federation, Managed
Identity, Azure CLI, env-configured Service Principal) without any
crewAI-specific configuration. Customers whose deployment environment
already sets the standard azure-identity env vars get keyless auth for
free; the existing API-key path is unchanged.

Linear: FAC-40
2026-04-23 04:21:35 +08:00
Greyson LaLonde
b34b336273 feat: bump versions to 1.14.3a2 2026-04-22 03:08:52 +08:00
Greyson LaLonde
d4f9f875f7 fix: bump python-dotenv to >=1.2.2 for GHSA-mf9w-mj56-hr94
Some checks failed
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Check Documentation Broken Links / Check broken links (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
2026-04-22 01:22:19 +08:00
Greyson LaLonde
0b408534ab feat: bump versions to 1.14.3a1 2026-04-21 00:53:50 +08:00
Greyson LaLonde
5ca62c20f2 feat: bump versions to 1.14.2 2026-04-17 22:01:27 +08:00
Greyson LaLonde
aa28eeab6a feat: bump versions to 1.14.2rc1 2026-04-16 05:18:24 +08:00
Greyson LaLonde
3a7c550512 feat: bump versions to 1.14.2a5 2026-04-15 22:40:48 +08:00
Greyson LaLonde
ad5e66d1d0 feat: bump versions to 1.14.2a4 2026-04-15 02:29:06 +08:00
Greyson LaLonde
58208fdbae fix: bump openai lower bound to >=2.0.0 2026-04-14 02:19:47 +08:00
Greyson LaLonde
9708b94979 feat: bump versions to 1.14.2a3 2026-04-13 21:30:14 +08:00
Greyson LaLonde
62484934c1 chore: bump uv to 0.11.6 for GHSA-pjjw-68hj-v9mw
Some checks failed
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Check Documentation Broken Links / Check broken links (push) Has been cancelled
Low-severity advisory: malformed RECORD entries in wheels could delete
files outside the venv on uninstall. Fixed in uv 0.11.6.
2026-04-11 05:09:24 +08:00
Greyson LaLonde
fe93333066 feat: bump versions to 1.14.2a2 2026-04-10 21:51:51 +08:00
Greyson LaLonde
6efa142e22 fix: forward strict mode to Anthropic and Bedrock providers
Some checks failed
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
The OpenAI-format tool schema sets strict: true but this was dropped
during conversion to Anthropic/Bedrock formats, so neither provider
used constrained decoding. Without it, the model can return string
"None" instead of JSON null for nullable fields, causing Pydantic
validation failures.
2026-04-10 15:32:54 +08:00
Greyson LaLonde
3b52b1a800 feat: bump versions to 1.14.2a1 2026-04-09 07:21:39 +08:00
Greyson LaLonde
a0578bb6c3 feat: bump versions to 1.14.1 2026-04-09 01:45:40 +08:00
Greyson LaLonde
52c227ab17 feat: bump versions to 1.14.1rc1 2026-04-09 00:22:24 +08:00
Greyson LaLonde
f4c0667d34 fix: bump transformers to 5.5.0 to resolve CVE-2026-1839
Bumps docling pin from ~=2.75.0 to ~=2.84.0 (allows huggingface-hub>=1)
and adds a transformers>=5.4.0 override to force resolution past 4.57.6.
2026-04-08 18:59:51 +08:00
João Moura
1534ba202d feat: bump versions to 1.14.0 (#5321) 2026-04-07 14:45:39 -03:00
Greyson LaLonde
5b4a0e8734 feat: bump versions to 1.14.0a4 2026-04-07 23:22:58 +08:00
Greyson LaLonde
86ce54fc82 feat: runtime state checkpointing, event system, and executor refactor
- Pass RuntimeState through the event bus and enable entity auto-registration
- Introduce checkpointing API:
  - .checkpoint(), .from_checkpoint(), and async checkpoint support
  - Provider-based storage with BaseProvider and JsonProvider
  - Mid-task resume and kickoff() integration
- Add EventRecord tracking and full event serialization with subtype preservation
- Enable checkpoint fidelity via llm_type and executor_type discriminators

- Refactor executor architecture:
  - Convert executors, tools, prompts, and TokenProcess to BaseModel
  - Introduce proper base classes with typed fields (CrewAgentExecutorMixin, BaseAgentExecutor)
  - Add generic from_checkpoint with full LLM serialization
  - Support executor back-references and resume-safe initialization

- Refactor runtime state system:
  - Move RuntimeState into state/ module with async checkpoint support
  - Add entity serialization improvements and JSON-safe round-tripping
  - Implement event scope tracking and replay for accurate resume behavior

- Improve tool and schema handling:
  - Make BaseTool fully serializable with JSON round-trip support
  - Serialize args_schema via JSON schema and dynamically reconstruct models
  - Add automatic subclass restoration via tool_type discriminator

- Enhance Flow checkpointing:
  - Support restoring execution state and subclass-aware deserialization

- Performance improvements:
  - Cache handler signature inspection
  - Optimize event emission and metadata preparation

- General cleanup:
  - Remove dead checkpoint payload structures
  - Simplify entity registration and serialization logic
2026-04-07 03:22:30 +08:00
Lorenze Jay
fdb9b6f090 fix: bump litellm to >=1.83.0 to address CVE-2026-35030
* fix: bump litellm to >=1.83.0 to address CVE-2026-35030

Bump litellm from <=1.82.6 to >=1.83.0 to fix JWT auth bypass via
OIDC cache key collision (CVE-2026-35030). Also widen devtools openai
pin from ~=1.83.0 to >=1.83.0,<3 to resolve the version conflict
(litellm 1.83.0 requires openai>=2.8.0).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: resolve mypy errors from litellm bump

- Remove unused type: ignore[import-untyped] on instructor import
- Remove all unused type: ignore[union-attr] comments (litellm types fixed)
- Add hasattr guard for tool_call.function — new litellm adds
  ChatCompletionMessageCustomToolCall to the union which lacks .function

* fix: tighten litellm pin to ~=1.83.0 (patch-only bumps)

>=1.83.0,<2 is too wide — litellm has had breaking changes between
minors. ~=1.83.0 means >=1.83.0,<1.84.0 — gets CVE patches but won't
pull in breaking minor releases.

* ci: bump uv from 0.8.4 to 0.11.3

* fix: resolve mypy errors in openai completion from 2.x type changes

Use isinstance checks with concrete openai response types instead of
string comparisons for proper type narrowing. Update code interpreter
handling for outputs/OutputImage API changes in openai 2.x.

* fix: pre-cache tiktoken encoding before VCR intercepts requests

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Alex <alex@crewai.com>
Co-authored-by: Greyson LaLonde <greyson@crewai.com>
2026-04-07 00:41:20 +08:00
João Moura
c393bd2ee6 feat: bump versions to 1.14.0a3 (#5295) 2026-04-06 05:17:10 -03:00
João Moura
c907ce473b feat: bump versions to 1.14.0a2 (#5293) 2026-04-06 04:33:37 -03:00
João Moura
e46402d10d feat: bump versions to 1.14.0a1 (#5292)
* chore: update uv.lock with new dependency groups and versioning adjustments

- Added a new revision number and updated resolution markers for Python version compatibility.
- Introduced a 'dev' dependency group with specific versions for various development tools.
- Updated sdist and wheels entries to include upload timestamps for better tracking.
- Adjusted numpy dependencies to specify versions based on Python version markers.

* feat: bump versions to 1.14.0a1
2026-04-06 04:32:20 -03:00
Greyson LaLonde
ce99312db1 chore: add exclude-newer = 3 days to all pyproject.toml files 2026-04-04 02:02:58 +08:00
Lorenze Jay
6ef6fada4d feat: bump versions to 1.13.0 (#5246) 2026-04-02 16:12:03 -07:00
Greyson LaLonde
c260f3e19f feat: bump versions to 1.13.0a7 2026-04-02 22:16:05 +08:00
João Moura
68720fd4e5 feat: bump versions to 1.13.0a6 (#5213) 2026-04-01 14:23:44 -03:00
João Moura
146da8d73a feat: bump versions to 1.13.0a5 (#5199) 2026-04-01 03:59:07 -03:00
Greyson LaLonde
54a9174c12 feat: bump versions to 1.13.0a4 2026-04-01 05:01:29 +08:00
Greyson LaLonde
205555b786 feat: bump versions to 1.13.0a3 2026-04-01 04:02:29 +08:00
Greyson LaLonde
3283a00e31 fix(deps): cap lancedb below 0.30.1 for Windows compatibility
Some checks failed
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
lancedb 0.30.1 dropped the win_amd64 wheel, breaking installation on
Windows. Pin to <0.30.1 so uv resolves to a version that still ships
Windows binaries.
2026-03-31 16:59:45 +08:00