crewAI/lib/crewai/tests/test_dependency_constraints.py at d6f161969ab86e8b27f8e4584ea8e08260dab8d8

mirror of https://github.com/crewAIInc/crewAI.git synced 2026-05-06 17:52:35 +00:00

Files

devin-ai-integration[bot] d6f161969a test: add regression test guarding uv pin against GHSA-pjjw-68hj-v9mw

Issue #5520 reported that crewai 1.13.0 pinned uv 0.9.30, which is
affected by GHSA-pjjw-68hj-v9mw (wheel RECORD path traversal on
uninstall). The pin was bumped to uv>=0.11.6 in 62484934c, and the
workspace already declares a matching override-dependency. Add a
regression test that parses both pyproject.toml files and fails if
either allows a uv version below 0.11.6, so this advisory cannot
re-enter the supply chain silently.

2026-04-17 11:32:51 +00:00

5.3 KiB

Raw Blame History

View Raw

5.3 KiB Raw Blame History

5.3 KiB

Raw Blame History