Vini Brasil
6ad821b157
Add expressions to FlowDefinition actions ( #6145 )
...
* Add expressions to FlowDefinition actions
Let definitions compute values without Python. A new `call: expression`
action evaluates a Common Expression Language (CEL) expression, and tool
`with:` blocks now render `${...}` CEL templates.
Example 1:
```yaml
decide:
do:
call: expression
expr: "state.score >= 80 ? 'qualified' : 'nurture'"
router: true
emit: [qualified, nurture]
```
Example 2:
```yaml
search:
do:
call: tool
ref: my.pkg:SearchTool
with:
search_query: "${outputs.build_query.query + ' news'}"
max_results: "${state.limit}"
```
* Address code review comments
* Address code review comments
* Fix linting offenses
* Address code review comments
* Fix scrapgraph issue
2026-06-12 21:56:02 -07:00
Greyson LaLonde
f18c03cd8f
feat: bump versions to 1.14.7
2026-06-11 10:06:07 -07:00
Greyson LaLonde
05a2ba9ca4
feat: bump versions to 1.14.7rc2
2026-06-10 20:45:29 -07:00
Greyson LaLonde
68910b70c0
feat: bump versions to 1.14.7rc1
2026-06-10 18:50:54 -07:00
Greyson LaLonde
820c3905e3
feat: bump versions to 1.14.7a4
2026-06-09 12:51:55 -07:00
Greyson LaLonde
48c1987fcf
feat: bump versions to 1.14.7a3
2026-06-08 18:43:15 -07:00
Greyson LaLonde
1b14e162e9
fix: resolve pip-audit CVEs (aiohttp, docling, docling-core, pip)
...
* fix: resolve pip-audit CVEs for aiohttp, docling, docling-core, pip
- aiohttp 3.13.4 → 3.14.0: fixes GHSA-jg22-mg44-37j8, GHSA-hg6j-4rv6-33pg
- docling 2.84.0 → 2.97.0: fixes GHSA-cjqg-rq2h-2fvj, GHSA-pj2v-ggqh-cmq2,
GHSA-r3xg-rg9j-67fv, GHSA-q29v-xc37-wh5m
- docling-core 2.74.0 → 2.79.0: fixes GHSA-j5xp-7m2f-49jv, GHSA-jmmv-h3mp-59v8
- pip 26.1.1 → 26.1.2: fixes PYSEC-2026-196
docling-core 2.74.1+ requires pydantic-settings>=2.14.0, so the crewai pin
is loosened from ~=2.10.1 to >=2.10.1,<3. pydantic-settings resolves to
2.14.1 in the lock.
* fix: correct aiohttp CVE floor to 3.14.0 (not 3.13.5)
* test: shim AsyncStreamReaderMixin for vcrpy under aiohttp 3.14.0
aiohttp 3.14.0 removed aiohttp.streams.AsyncStreamReaderMixin (folded into
StreamReader). vcrpy's aiohttp stub still subclasses it, so vcr's patch
machinery raised AttributeError at test collection. Restore an equivalent
mixin in conftest before vcr is imported.
* test: rebuild vcrpy MockClientResponse init for aiohttp 3.14.0
aiohttp 3.14.0 added a required stream_writer kwarg to ClientResponse.__init__
and reads stream_writer.output_size when writer is None. vcrpy's
MockClientResponse doesn't pass it, raising TypeError at cassette playback.
Rebuild the super().__init__ call from the live signature (defaulting required
keyword-only args to None, with a stream_writer stub exposing output_size) so
it survives future aiohttp signature additions too.
* test: avoid deprecated get_event_loop in vcrpy aiohttp shim
asyncio.get_event_loop() emits a DeprecationWarning (and can RuntimeError)
when no current loop is set on Python 3.12+. Prefer get_running_loop() (the
real cassette-playback path always has one) and fall back to a single cached
loop in sync contexts, since the mock only stores the loop and calls
get_debug().
* fix: pull docling-core[chunking] so HierarchicalChunker imports
docling 2.97 split into docling-slim, moving the chunker's code-chunking
deps (tree-sitter, semchunk, language grammars) behind docling-core's
[chunking] extra. crewai's knowledge source imports HierarchicalChunker,
whose package __init__ eagerly imports those submodules -> ModuleNotFoundError
('tree_sitter') without the extra. Request docling-core[chunking]; carry the
extra in override-dependencies too, since overrides replace the whole
requirement and would otherwise strip it.
2026-06-08 17:45:07 -07:00
Lorenze Jay
17cfbdf95f
feat: bump versions to 1.14.7a2 ( #6054 )
2026-06-05 14:15:43 -07:00
Lorenze Jay
be3cf62b63
feat: bump versions to 1.14.7a1 ( #6031 )
2026-06-03 10:30:33 -07:00
Greyson LaLonde
68cdd44520
fix(cli): restore [project.scripts] in crewai package for uv tool install
2026-06-03 09:50:39 -07:00
Greyson LaLonde
c81b4fe11e
fix(deps): bump pyjwt to >=2.13.0 to patch CVEs
2026-06-02 10:01:53 -07:00
devin-ai-integration[bot]
3010f1286f
chore: widen click dependency constraint to allow 8.2+
...
Addresses #6002
2026-06-02 00:06:25 -07:00
Greyson LaLonde
0486b85aa3
feat: bump versions to 1.14.6
2026-05-28 09:47:19 -07:00
Greyson LaLonde
d52106b3c7
feat: bump versions to 1.14.6a2
2026-05-27 16:42:40 -07:00
Greyson LaLonde
81c21e3166
feat: bump versions to 1.14.6a1
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-05-21 15:09:48 +08:00
Greyson LaLonde
c50da7a6f2
feat: bump versions to 1.14.5
2026-05-19 03:11:26 +08:00
Greyson LaLonde
a6225da326
feat: bump versions to 1.14.5a7
2026-05-18 21:08:46 +08:00
Heitor Carvalho
65ec783aae
feat: bump versions to 1.14.5a6 ( #5827 )
2026-05-15 16:51:59 -03:00
Greyson LaLonde
2034f2140a
feat: bump versions to 1.14.5a5
2026-05-13 02:54:13 +08:00
Greyson LaLonde
a09c4de2fd
feat: bump versions to 1.14.5a4
2026-05-09 03:08:22 +08:00
Greyson LaLonde
cf2fb4503d
chore(deps): bump mem0ai to >=2.0.0 to address GHSA-xqxw-r767-67m7
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
2026-05-09 00:17:48 +08:00
Greyson LaLonde
964066e86b
fix(ci): stamp and pin all workspace packages in nightly publish
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
2026-05-08 02:07:01 +08:00
Greyson LaLonde
d165bcb65f
fix(deps): move textual to crewai-cli and add certifi
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Check Documentation Broken Links / Check broken links (push) Has been cancelled
Nightly Canary Release / Check for new commits (push) Has been cancelled
Nightly Canary Release / Build nightly packages (push) Has been cancelled
Nightly Canary Release / Publish nightly to PyPI (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-05-07 04:40:08 +08:00
Greyson LaLonde
e961a005cb
feat: bump versions to 1.14.5a3
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
2026-05-07 01:44:05 +08:00
Greyson LaLonde
93e786d263
refactor: extract CLI into standalone crewai-cli package
2026-05-06 20:46:46 +08:00
Greyson LaLonde
57d1b338f7
feat: bump versions to 1.14.5a2
2026-05-04 22:58:06 +08:00
Lorenze Jay
5db72250b2
feat: bump versions to 1.14.5a1 ( #5677 )
...
* feat: bump versions to 1.14.5a1
* chore: update tool specifications
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-01 14:21:50 -07:00
Greyson LaLonde
2c0323c3fe
feat: bump versions to 1.14.4
2026-05-01 02:57:37 +08:00
Greyson LaLonde
4b49fc9ac6
feat: bump versions to 1.14.4a1
2026-04-29 23:50:30 +08:00
Greyson LaLonde
de0b2a4fe0
fix(deps): bump litellm for SSTI fix; ignore unfixable pip CVE
2026-04-28 04:34:17 +08:00
Greyson LaLonde
d9046b98dd
feat: bump versions to 1.14.3
2026-04-25 00:04:46 +08:00
Greyson LaLonde
3e9deaf9c0
feat: bump versions to 1.14.3a3
2026-04-23 04:55:08 +08:00
Matt Aitchison
fdf3101b39
feat(azure): fall back to DefaultAzureCredential when no API key
...
Enables keyless Azure auth (OIDC Workload Identity Federation, Managed
Identity, Azure CLI, env-configured Service Principal) without any
crewAI-specific configuration. Customers whose deployment environment
already sets the standard azure-identity env vars get keyless auth for
free; the existing API-key path is unchanged.
Linear: FAC-40
2026-04-23 04:21:35 +08:00
Greyson LaLonde
b34b336273
feat: bump versions to 1.14.3a2
2026-04-22 03:08:52 +08:00
Greyson LaLonde
d4f9f875f7
fix: bump python-dotenv to >=1.2.2 for GHSA-mf9w-mj56-hr94
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Check Documentation Broken Links / Check broken links (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
2026-04-22 01:22:19 +08:00
Greyson LaLonde
0b408534ab
feat: bump versions to 1.14.3a1
2026-04-21 00:53:50 +08:00
Greyson LaLonde
5ca62c20f2
feat: bump versions to 1.14.2
2026-04-17 22:01:27 +08:00
Greyson LaLonde
aa28eeab6a
feat: bump versions to 1.14.2rc1
2026-04-16 05:18:24 +08:00
Greyson LaLonde
3a7c550512
feat: bump versions to 1.14.2a5
2026-04-15 22:40:48 +08:00
Greyson LaLonde
ad5e66d1d0
feat: bump versions to 1.14.2a4
2026-04-15 02:29:06 +08:00
Greyson LaLonde
58208fdbae
fix: bump openai lower bound to >=2.0.0
2026-04-14 02:19:47 +08:00
Greyson LaLonde
9708b94979
feat: bump versions to 1.14.2a3
2026-04-13 21:30:14 +08:00
Greyson LaLonde
62484934c1
chore: bump uv to 0.11.6 for GHSA-pjjw-68hj-v9mw
...
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Check Documentation Broken Links / Check broken links (push) Has been cancelled
Low-severity advisory: malformed RECORD entries in wheels could delete
files outside the venv on uninstall. Fixed in uv 0.11.6.
2026-04-11 05:09:24 +08:00
Greyson LaLonde
fe93333066
feat: bump versions to 1.14.2a2
2026-04-10 21:51:51 +08:00
Greyson LaLonde
6efa142e22
fix: forward strict mode to Anthropic and Bedrock providers
...
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
The OpenAI-format tool schema sets strict: true but this was dropped
during conversion to Anthropic/Bedrock formats, so neither provider
used constrained decoding. Without it, the model can return string
"None" instead of JSON null for nullable fields, causing Pydantic
validation failures.
2026-04-10 15:32:54 +08:00
Greyson LaLonde
3b52b1a800
feat: bump versions to 1.14.2a1
2026-04-09 07:21:39 +08:00
Greyson LaLonde
a0578bb6c3
feat: bump versions to 1.14.1
2026-04-09 01:45:40 +08:00
Greyson LaLonde
52c227ab17
feat: bump versions to 1.14.1rc1
2026-04-09 00:22:24 +08:00
Greyson LaLonde
f4c0667d34
fix: bump transformers to 5.5.0 to resolve CVE-2026-1839
...
Bumps docling pin from ~=2.75.0 to ~=2.84.0 (allows huggingface-hub>=1)
and adds a transformers>=5.4.0 override to force resolution past 4.57.6.
2026-04-08 18:59:51 +08:00
João Moura
1534ba202d
feat: bump versions to 1.14.0 ( #5321 )
2026-04-07 14:45:39 -03:00