mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-04-12 22:12:37 +00:00
6c8c6c8e12
Upgrade pillow 10.4.0 → 12.1.1 (out-of-bounds write on PSD images), langchain-core 0.3.76 → 0.3.83 (template injection), and urllib3 2.6.1 → 2.6.3 (decompression-bomb bypass on redirects). Bump docling ~=2.63.0 → ~=2.75.0 for pillow 12 compat, and add uv overrides for pillow/langchain-core to unblock transitive pins from fastembed and langchain-apify.