diff --git a/a2a/git_issue_agent/pyproject.toml b/a2a/git_issue_agent/pyproject.toml index a07323d5..d8fa579e 100644 --- a/a2a/git_issue_agent/pyproject.toml +++ b/a2a/git_issue_agent/pyproject.toml @@ -10,13 +10,13 @@ dependencies = [ # crewai requires openai>=2.30.0 # but litellm requires openai==2.24.0 "crewai[litellm]>=1.6.1", - "litellm>=1.87.1", # Indirect, prevents CVE-2026-42271 + "litellm>=1.89.4", # Indirect, prevents CVE-2026-42271 "crewai-tools[mcp]>=1.6.1", "urllib3>=2.7.0", # Indirect; prevents CVE-2025-66418 "python-multipart>=0.0.32", # Indirect; prevents CVE-2026-24486 "cryptography>=48.0.0,<49", # Indirect; prevents CVE-2026-26007 "pyasn1>=0.6.3", # Indirect; prevents CVE-2026-30922 - "starlette>=1.2.1", # Indirect; prevents CVE-2025-62727 + "starlette>=1.3.1", # Indirect; prevents CVE-2025-62727 "pillow>=12.2.0", # Indirect; prevents CVE-2026-40192 "lxml>=6.1.1", # Indirect; prevents CVE-2026-41066 "orjson>=3.11.6", # Indirect; prevents CVE-2025-67221 diff --git a/a2a/git_issue_agent/uv.lock b/a2a/git_issue_agent/uv.lock index f114fbb9..6bfa524f 100644 --- a/a2a/git_issue_agent/uv.lock +++ b/a2a/git_issue_agent/uv.lock @@ -680,14 +680,14 @@ requires-dist = [ { name = "crewai", extras = ["litellm"], specifier = ">=1.6.1" }, { name = "crewai-tools", extras = ["mcp"], specifier = ">=1.6.1" }, { name = "cryptography", specifier = ">=48.0.0,<49" }, - { name = "litellm", specifier = ">=1.87.1" }, + { name = "litellm", specifier = ">=1.89.4" }, { name = "lxml", specifier = ">=6.1.1" }, { name = "orjson", specifier = ">=3.11.6" }, { name = "pillow", specifier = ">=12.2.0" }, { name = "pyasn1", specifier = ">=0.6.3" }, { name = "python-dotenv", specifier = ">=1.2.2" }, { name = "python-multipart", specifier = ">=0.0.32" }, - { name = "starlette", specifier = ">=1.2.1" }, + { name = "starlette", specifier = ">=1.3.1" }, { name = "urllib3", specifier = ">=2.7.0" }, ] @@ -1088,7 +1088,7 @@ wheels = [ [[package]] name = "litellm" -version = "1.87.1" +version = "1.89.4" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "aiohttp" }, @@ -1104,9 +1104,9 @@ dependencies = [ { name = "tiktoken" }, { name = "tokenizers" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/5d/e5/d0ac1c8f55e2c8d8799589e831bef0d450e69e02ecb511901ffc8de054d9/litellm-1.87.1.tar.gz", hash = "sha256:70ac9d6b25f56ad30de6ff95d26fac3b3fc697a95da582b6072d25d8dc73d493", size = 15455709, upload-time = "2026-06-04T16:23:23.339Z" } +sdist = { url = "https://files.pythonhosted.org/packages/71/e1/ce008da0be1515b025f1b008d0664e3d2b2ffdbece2913d71baefc9887f4/litellm-1.89.4.tar.gz", hash = "sha256:ab551a8d52cb703c738b4db7cb6f350c4bb2ff146f0d3cc3986fd879a1eecac5", size = 14061816, upload-time = "2026-06-25T02:35:40.674Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/ff/18/8275c95ef09e81ab0c01a162c7b780ce3fbc49066b5d532c6b6ab3dc0118/litellm-1.87.1-py3-none-any.whl", hash = "sha256:dd4e00278cdb846d52e99a09d732575a897273540b54eb044247ecbc0d98f67c", size = 17105482, upload-time = "2026-06-04T16:23:20.769Z" }, + { url = "https://files.pythonhosted.org/packages/b8/cc/6fc72581a3ad22b7a53e8dddcc4ccc3ac679795d2200629f0fab35cb6d34/litellm-1.89.4-py3-none-any.whl", hash = "sha256:c3a19961b9e3576d4aafb6d27a0a8e1d06c370784b2d88631a9ba0d027cfd757", size = 15472272, upload-time = "2026-06-25T02:35:37.523Z" }, ] [[package]] @@ -2356,15 +2356,15 @@ wheels = [ [[package]] name = "starlette" -version = "1.2.1" +version = "1.3.1" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "anyio" }, { name = "typing-extensions" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/25/44/ec35f1b6e83094b997da438a02c8c9b0ade2b1e84cfc48bd4656780760a6/starlette-1.2.1.tar.gz", hash = "sha256:9b9b5ebb992e67d6093741e63c2f59e4f6fff986f81163c087867bd7b924b3f6", size = 2701854, upload-time = "2026-05-31T01:07:51.847Z" } +sdist = { url = "https://files.pythonhosted.org/packages/eb/e3/7c1dc7381d9f8ab7d854328ebfa884e62cb3f3d8549ddfd37c7814f42afa/starlette-1.3.1.tar.gz", hash = "sha256:05d0213193f2fbaae60e2ecb593b4add4262ad4e46536b54abe36f11a71724e0", size = 2703240, upload-time = "2026-06-12T09:23:11.602Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/1c/54/196d0c1db10af76baa4f64894448505d60d3cdf70ef92cbb35f46a4e4c71/starlette-1.2.1-py3-none-any.whl", hash = "sha256:4de0082d08c8f6764a85a54cf1120d6939507a19905c7768acad2a9f875d2b89", size = 73350, upload-time = "2026-05-31T01:07:50.09Z" }, + { url = "https://files.pythonhosted.org/packages/ec/bb/2799cc2ede3ed41131f8975621e7213dfc7ef4acbbaadfa440f32500c370/starlette-1.3.1-py3-none-any.whl", hash = "sha256:c7372aae11c3c3f26a42df7bd626cec2f47d03483d261d369516a615a53714c6", size = 73632, upload-time = "2026-06-12T09:23:10.017Z" }, ] [[package]]