From 4a6e4dc9b5e13d3f644236e9047c98a7c4ba4546 Mon Sep 17 00:00:00 2001 From: theCyberTech <84775494+theCyberTech@users.noreply.github.com> Date: Sat, 7 Jun 2025 20:28:31 +0800 Subject: [PATCH] Fix critical vulnerabilities - Update unstructured from 0.10.25 to >=0.16.20 (fixes XXE injection & info exposure) - Update CrewAI from 0.11.0 to ^0.126.0 (latest stable version) - Update opencv-python from 4.8.1.78 to >=4.11.0.86 (fixes critical heap buffer overflow CVE-2023-4863) - Update prep-for-a-meeting requirements.txt with latest CrewAI - All updates address critical security vulnerabilities and improve compatibility --- instagram_post/pyproject.toml | 4 ++-- prep-for-a-meeting/requirements.txt | 2 +- trip_planner/pyproject.toml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/instagram_post/pyproject.toml b/instagram_post/pyproject.toml index 743323878..f9225a8d6 100644 --- a/instagram_post/pyproject.toml +++ b/instagram_post/pyproject.toml @@ -6,9 +6,9 @@ authors = ["Your Name "] [tool.poetry.dependencies] python = ">=3.10.0,<3.12" -crewai = "^0.11.0" +crewai = "^0.126.0" python-dotenv = "1.0.0" -opencv-python = "4.8.1.78" +opencv-python = ">=4.11.0.86,<5.0.0" google-search-results = "2.4.2" [tool.pyright] diff --git a/prep-for-a-meeting/requirements.txt b/prep-for-a-meeting/requirements.txt index 863bbf756..813820896 100644 --- a/prep-for-a-meeting/requirements.txt +++ b/prep-for-a-meeting/requirements.txt @@ -1,4 +1,4 @@ langchain-exa==0.0.1 exa_py==1.0.7 python-dotenv==1.0.1 -crewai==0.11.0 +crewai>=0.126.0,<0.130.0 diff --git a/trip_planner/pyproject.toml b/trip_planner/pyproject.toml index 3d669443f..c7fb03b82 100644 --- a/trip_planner/pyproject.toml +++ b/trip_planner/pyproject.toml @@ -6,8 +6,8 @@ authors = ["Your Name "] [tool.poetry.dependencies] python = ">=3.10.0,<3.12" -crewai = "^0.11.0" -unstructured = '==0.10.25' +crewai = "^0.126.0" +unstructured = '>=0.16.20,<0.18.0' pyowm = '3.3.0' tools = "^0.1.9" python-dotenv = "1.0.0"