4 Commits

Author	SHA1	Message	Date
Matt Aitchison	9336702ebc	fix(deps): bump pypdf, urllib3 override, and dev dependencies for security fixes ... - pypdf ~6.7.4 → ~6.7.5 (CVE: inefficient ASCIIHexDecode stream decoding) - Add urllib3>=2.6.3 override (CVE: decompression-bomb bypass on redirects) - ruff 0.14.7 → 0.15.1, mypy 1.19.0 → 1.19.1, pre-commit 4.5.0 → 4.5.1 - types-regex 2024.11.6 → 2026.1.15, boto3-stubs 1.40.54 → 1.42.40 - Auto-fixed 13 lint issues from new ruff rules Co-authored-by: Greyson LaLonde <greyson.r.lalonde@gmail.com>	2026-03-04 01:13:38 -05:00
Matt Aitchison	c00a348837	fix: upgrade pypdf 4.x → 6.7.4 to resolve 11 Dependabot alerts ... pypdf <6.7.4 has multiple DoS vulnerabilities via crafted PDF streams (FlateDecode, LZWDecode, RunLengthDecode, XFA, TreeObject, outlines). Only basic PdfReader/PdfWriter APIs are used in crewai-files, none of which changed in the 5.0 or 6.0 breaking releases.	2026-02-28 17:16:45 -05:00
Matt Aitchison	6c8c6c8e12	fix: resolve critical/high Dependabot security alerts (#4652) ... Upgrade pillow 10.4.0 → 12.1.1 (out-of-bounds write on PSD images), langchain-core 0.3.76 → 0.3.83 (template injection), and urllib3 2.6.1 → 2.6.3 (decompression-bomb bypass on redirects). Bump docling ~=2.63.0 → ~=2.75.0 for pillow 12 compat, and add uv overrides for pillow/langchain-core to unblock transitive pins from fastembed and langchain-apify.	2026-02-28 13:04:35 -06:00
Greyson LaLonde	c4c9208229	feat: native multimodal file handling; openai responses api ... - add input_files parameter to Crew.kickoff(), Flow.kickoff(), Task, and Agent.kickoff() - add provider-specific file uploaders for OpenAI, Anthropic, Gemini, and Bedrock - add file type detection, constraint validation, and automatic format conversion - add URL file source support for multimodal content - add streaming uploads for large files - add prompt caching support for Anthropic - add OpenAI Responses API support	2026-01-23 15:13:25 -05:00