crewAI

andre/crewAI

Fork 0

mirror of https://github.com/crewAIInc/crewAI.git synced 2026-05-04 08:42:38 +00:00

Commit Graph

Author	SHA1	Message	Date
Matt Aitchison	c00a348837	fix: upgrade pypdf 4.x → 6.7.4 to resolve 11 Dependabot alerts Some checks failed CodeQL Advanced / Analyze (actions) (push) Has been cancelled Details CodeQL Advanced / Analyze (python) (push) Has been cancelled Details Build uv cache / build-cache (3.10) (push) Has been cancelled Details Build uv cache / build-cache (3.11) (push) Has been cancelled Details Build uv cache / build-cache (3.12) (push) Has been cancelled Details Build uv cache / build-cache (3.13) (push) Has been cancelled Details pypdf <6.7.4 has multiple DoS vulnerabilities via crafted PDF streams (FlateDecode, LZWDecode, RunLengthDecode, XFA, TreeObject, outlines). Only basic PdfReader/PdfWriter APIs are used in crewai-files, none of which changed in the 5.0 or 6.0 breaking releases.	2026-02-28 17:16:45 -05:00
Matt Aitchison	6c8c6c8e12	fix: resolve critical/high Dependabot security alerts (#4652 ) Upgrade pillow 10.4.0 → 12.1.1 (out-of-bounds write on PSD images), langchain-core 0.3.76 → 0.3.83 (template injection), and urllib3 2.6.1 → 2.6.3 (decompression-bomb bypass on redirects). Bump docling ~=2.63.0 → ~=2.75.0 for pillow 12 compat, and add uv overrides for pillow/langchain-core to unblock transitive pins from fastembed and langchain-apify.	2026-02-28 13:04:35 -06:00
Greyson LaLonde	c4c9208229	feat: native multimodal file handling; openai responses api - add input_files parameter to Crew.kickoff(), Flow.kickoff(), Task, and Agent.kickoff() - add provider-specific file uploaders for OpenAI, Anthropic, Gemini, and Bedrock - add file type detection, constraint validation, and automatic format conversion - add URL file source support for multimodal content - add streaming uploads for large files - add prompt caching support for Anthropic - add OpenAI Responses API support	2026-01-23 15:13:25 -05:00

Author

SHA1

Message

Date

Matt Aitchison

c00a348837

fix: upgrade pypdf 4.x → 6.7.4 to resolve 11 Dependabot alerts

CodeQL Advanced / Analyze (actions) (push) Has been cancelled

Details

CodeQL Advanced / Analyze (python) (push) Has been cancelled

Details

Build uv cache / build-cache (3.10) (push) Has been cancelled

Details

Build uv cache / build-cache (3.11) (push) Has been cancelled

Details

Build uv cache / build-cache (3.12) (push) Has been cancelled

Details

Build uv cache / build-cache (3.13) (push) Has been cancelled

Details

pypdf <6.7.4 has multiple DoS vulnerabilities via crafted PDF streams
(FlateDecode, LZWDecode, RunLengthDecode, XFA, TreeObject, outlines).

Only basic PdfReader/PdfWriter APIs are used in crewai-files, none of
which changed in the 5.0 or 6.0 breaking releases.

2026-02-28 17:16:45 -05:00

Matt Aitchison

6c8c6c8e12

fix: resolve critical/high Dependabot security alerts (#4652 )

Upgrade pillow 10.4.0 → 12.1.1 (out-of-bounds write on PSD images),
langchain-core 0.3.76 → 0.3.83 (template injection), and
urllib3 2.6.1 → 2.6.3 (decompression-bomb bypass on redirects).

Bump docling ~=2.63.0 → ~=2.75.0 for pillow 12 compat, and add
uv overrides for pillow/langchain-core to unblock transitive pins
from fastembed and langchain-apify.

2026-02-28 13:04:35 -06:00

Greyson LaLonde

c4c9208229

feat: native multimodal file handling; openai responses api

- add input_files parameter to Crew.kickoff(), Flow.kickoff(), Task, and Agent.kickoff()
- add provider-specific file uploaders for OpenAI, Anthropic, Gemini, and Bedrock
- add file type detection, constraint validation, and automatic format conversion
- add URL file source support for multimodal content
- add streaming uploads for large files
- add prompt caching support for Anthropic
- add OpenAI Responses API support

2026-01-23 15:13:25 -05:00

3 Commits