Skyvern/integrations/llama_index/pyproject.toml
Shuchang Zheng 050001c245
security: bump moderate Dependabot alerts (Apr 28) (#5706)
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-29 23:13:35 +00:00

59 lines
1.7 KiB
TOML

[project]
name = "skyvern-llamaindex"
version = "0.2.2"
description = "Skyvern integration for LlamaIndex"
authors = [{ name = "lawyzheng", email = "lawy@skyvern.com" }]
requires-python = ">=3.11,<3.14"
readme = "README.md"
dependencies = [
"skyvern>=0.2.0",
"llama-index>=0.12.19,<0.14",
"urllib3>=2.6.0",
]
[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
[dependency-groups]
dev = ["twine>=6.1.0,<7"]
# Security: override vulnerable transitive dependency versions (SKY-8441)
# Using override-dependencies because several of these conflict with
# skyvern's pinned ranges (e.g. pypdf<6, python-multipart<0.0.19).
[tool.uv]
override-dependencies = [
"authlib>=1.6.11",
"pyasn1>=0.6.3",
"PyJWT>=2.12.0",
"fastmcp>=3.2.0",
"mcp>=1.23.0",
"pypdf>=6.10.2",
"pillow>=12.1.1",
"nltk>=3.9.3",
"python-multipart>=0.0.26",
"starlette>=0.49.1",
"google-cloud-aiplatform>=1.133.0",
# Cascading overrides needed to unblock the above security constraints:
# fastmcp>=3.2.0 requires websockets>=15 (skyvern pins <13)
"websockets>=15.0.1",
# litellm 1.83.7+ pins openai==2.24.0 (security upgrade); override
# llama-index-llms-openai's openai<2 declaration so the integration can
# take the patched litellm.
"openai>=2.24.0",
# litellm 1.83.7+ also pins these exactly.
"jsonschema>=4.23.0",
"python-dotenv>=1.0.0",
# Dependabot moderate security upgrades (transitive)
"mako>=1.3.11",
"cryptography>=46.0.7",
]
[tool.uv.sources]
skyvern = { path = "../.." }
[tool.hatch.build.targets.sdist]
include = ["skyvern_llamaindex"]
[tool.hatch.build.targets.wheel]
include = ["skyvern_llamaindex"]