From e90f0e8910fa3f0bf77023e7edc518ba7a330089 Mon Sep 17 00:00:00 2001
From: Sank <serobabow95@gmail.com>
Date: Fri, 13 Mar 2026 06:17:39 +0300
Subject: [PATCH] fix CVE-2026-26216. CVE-2026-26217 CVE 2025-66416 (#13583)

### What problem does this PR solve?

fix CVE-2026-26216. CVE-2026-26217 CVE 2025-66416

- [x] Bug Fix (non-breaking change which fixes an issue)
---
 pyproject.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 02efa55a33..ed42150435 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -21,7 +21,7 @@ dependencies = [
     "chardet>=5.2.0,<6.0.0",
     "cn2an==0.5.22",
     "cohere==5.6.2",
-    "Crawl4AI>=0.4.0,<1.0.0",
+    "Crawl4AI>=0.8.0,<1.0.0",
     "dashscope==1.25.11",
     "deepl==1.18.0",
     "demjson3==3.0.6",
@@ -56,7 +56,7 @@ dependencies = [
     "markdown==3.6",
     "markdown-to-json==2.1.1",
     "markdownify>=1.2.0",
-    "mcp>=1.19.0",
+    "mcp>=1.23.0",
     "mini-racer>=0.12.4,<0.13.0",
     "minio==7.2.4",
     "mistralai==0.4.2",