andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-04-30 23:02:50 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
Files
a74df9425a259b6a19b0bdc54ad48b9b6fb03513
crewAI/lib/crewai-tools/pyproject.toml
Devin AI 506155b4f4 fix: replace xml.etree.ElementTree with defusedxml to prevent XXE attacks 
Addresses #4865 - The native Python xml library is vulnerable to XML
External Entity (XXE) attacks that can leak confidential data and XML
bombs that can cause denial of service.

Changes:
- Replace xml.etree.ElementTree with defusedxml.ElementTree in xml_loader.py
- Replace xml.etree.ElementTree with defusedxml.ElementTree in arxiv_paper_tool.py
- Add defusedxml~=0.7.1 as a dependency in crewai-tools pyproject.toml
- Update arxiv_paper_tool_test.py to use defusedxml
- Replace WebPageLoader tests in test_xml_loader.py with proper XMLLoader tests
- Add XXE attack tests (entity expansion, billion laughs, parameter entities)
- Remove noqa: S314 comments since defusedxml is safe

Co-Authored-By: João <joao@crewai.com>
2026-03-14 05:24:39 +00:00

152 lines
2.6 KiB
TOML
Raw Blame History

[project]
name = "crewai-tools"
dynamic = ["version"]
description = "Set of tools for the crewAI framework"
readme = "README.md"
authors = [
{ name = "João Moura", email = "joaomdmoura@gmail.com" },
]
requires-python = ">=3.10, <3.14"
dependencies = [
"pytube~=15.0.0",
"requests~=2.32.5",
"docker~=7.1.0",
"crewai==1.10.2rc2",
"tiktoken~=0.8.0",
"beautifulsoup4~=4.13.4",
"python-docx~=1.2.0",
"youtube-transcript-api~=1.2.2",
"pymupdf~=1.26.6",
"defusedxml~=0.7.1",
]
[project.urls]
Homepage = "https://crewai.com"
Repository = "https://github.com/crewAIInc/crewAI"
Documentation = "https://docs.crewai.com"
[project.optional-dependencies]
scrapfly-sdk = [
"scrapfly-sdk>=0.8.19",
]
sqlalchemy = [
"sqlalchemy>=2.0.35",
]
multion = [
"multion>=1.1.0",
]
firecrawl-py = [
"firecrawl-py>=1.8.0",
]
composio-core = [
"composio-core>=0.6.11.post1",
]
browserbase = [
"browserbase>=1.0.5",
]
weaviate-client = [
"weaviate-client>=4.10.2",
]
patronus = [
"patronus>=0.0.16",
]
serpapi = [
"serpapi>=0.1.5",
]
beautifulsoup4 = [
"beautifulsoup4>=4.12.3",
]
selenium = [
"selenium>=4.27.1",
]
spider-client = [
"spider-client>=0.1.25",
]
scrapegraph-py = [
"scrapegraph-py>=1.9.0",
]
linkup-sdk = [
"linkup-sdk>=0.2.2",
]
tavily-python = [
"tavily-python>=0.5.4",
]
hyperbrowser = [
"hyperbrowser>=0.18.0",
]
snowflake = [
"cryptography>=43.0.3",
"snowflake-connector-python>=3.12.4",
"snowflake-sqlalchemy>=1.7.3",
]
singlestore = [
"singlestoredb>=1.12.4",
"SQLAlchemy>=2.0.40",
]
exa-py = [
"exa-py>=1.8.7",
]
qdrant-client = [
"qdrant-client>=1.12.1",
]
apify = [
"langchain-apify>=0.1.2,<1.0.0",
]
databricks-sdk = [
"databricks-sdk>=0.46.0",
]
couchbase = [
"couchbase>=4.3.5",
]
mcp = [
"mcp>=1.6.0",
"mcpadapt>=0.1.9",
]
stagehand = [
"stagehand>=0.4.1",
]
github = [
"gitpython>=3.1.41,<4",
"PyGithub==1.59.1",
]
rag = [
"python-docx>=1.1.0",
"lxml>=5.3.0,<5.4.0", # Pin to avoid etree import issues in 5.4.0
]
xml = [
"unstructured[local-inference, all-docs]>=0.17.2"
]
oxylabs = [
"oxylabs==2.0.0"
]
mongodb = [
"pymongo>=4.13"
]
mysql = [
"pymysql>=1.1.1"
]
postgresql = [
"psycopg2-binary>=2.9.10"
]
bedrock = [
"beautifulsoup4>=4.13.4",
"bedrock-agentcore>=0.1.0",
"playwright>=1.52.0",
"nest-asyncio>=1.6.0",
]
contextual = [
"contextual-client>=0.1.0",
"nest-asyncio>=1.6.0",
]
[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
[tool.hatch.version]
path = "src/crewai_tools/__init__.py"
Reference in New Issue View Git Blame Copy Permalink