Skip to content

fix: upgrade marvin>=3.2.0 to fix contact-extractor crash #211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pdettori wants to merge 3 commits into
base: main
Choose a base branch
from
+1,462 −1,449
Open

fix: upgrade marvin>=3.2.0 to fix contact-extractor crash #211

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ad8d3af
fix: upgrade marvin>=3.2.0 to fix contact-extractor crash
pdettori Apr 2, 2026
1a25905
fix: bump fastmcp, anthropic, aiohttp for Trivy CVEs
pdettori Apr 2, 2026
c641e3d
chore: ignore marvin major bumps in dependabot
pdettori Apr 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ updates:
directory: /a2a/a2a_contact_extractor
schedule:
interval: weekly
ignore:
- dependency-name: marvin
# marvin>=3.2.0 is pinned for pydantic-ai compatibility;
# major bumps need manual testing before merge
- package-ecosystem: pip
directory: /a2a/a2a_currency_converter
schedule:
Expand Down
5 changes: 4 additions & 1 deletion a2a/a2a_contact_extractor/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ description = "Currency conversion using A2A and Marvin"
readme = "README.md"
requires-python = ">=3.12"
dependencies = [
"marvin>=3.0.0",
"marvin>=3.2.0", # 3.0.x/3.1.x incompatible with pydantic-ai>=1.56
"a2a-sdk>=0.2.5,<0.4.0",
"urllib3>=2.6.3", # Indirect; prevents CVE-2025-66418
"python-multipart>=0.0.22", # Indirect; prevents CVE-2026-24486
Expand All @@ -14,6 +14,9 @@ dependencies = [
"pyasn1>=0.6.3", # Indirect; prevents CVE-2026-30922
"pydantic-ai>=1.56.0", # Indirect; prevents CVE-2026-25580
"filelock>=3.20.1", # Indirect; prevents CVE-2025-68146
"fastmcp>=3.2.0", # Indirect; prevents CVE-2026-32871 (critical), CVE-2026-27124 (high)
"anthropic>=0.87.0", # Indirect; prevents CVE-2026-34452, CVE-2026-34450
"aiohttp>=3.13.4", # Indirect; prevents CVE-2026-34525, CVE-2026-34516, CVE-2026-34515, CVE-2026-22815
]

[tool.uv.sources]
Expand Down
Loading
Loading