mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-05-08 02:29:00 +00:00
d6f7e7d5f8
* chore(deps): use 3-day exclude-newer window Aligns the root workspace with the per-package pyprojects, which already use `exclude-newer = "3 days"`. The fixed 2026-04-27 cutoff blocks legitimate dependency bumps (e.g. daytona ~=0.171 in #5740) without adding meaningful protection — the relative window still includes the security patches that motivated the original pin. * fix(deps): bump gitpython and python-multipart for new advisories - gitpython >=3.1.49 for GHSA-v87r-6q3f-2j67 (newline injection in config_writer().set_value() enables RCE via core.hooksPath). - python-multipart >=0.0.27 for GHSA-pp6c-gr5w-3c5g (DoS via unbounded multipart part headers). Both surfaced via pip-audit on this branch.
7.9 KiB
7.9 KiB