Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refact(client): use rich handle for log #111

Merged
merged 3 commits into from
Nov 13, 2024
Merged

refact(client): use rich handle for log #111

merged 3 commits into from
Nov 13, 2024

Conversation

imbajin
Copy link
Member

@imbajin imbajin commented Nov 11, 2024
edited
Loading

  • upgrade gradio to the last 4.x version
  • enhance vid embedding dis log
  • refactor the log frame/usage [V1]
  • change the default rag option

New:
image

img_v3_02gj_f390b733-e34c-4657-8e83-7a24abc9aa6g

@imbajin
refact(client): use rich handle for log
15f9edc 
Update requirements.txt

refactor log usage
@imbajin imbajin marked this pull request as ready for review November 13, 2024 12:22
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 13, 2024
edited
Loading

Dependency Review

The following issues were found:
  • ❌ 1 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
See the Details below.

Vulnerabilities

hugegraph-llm/requirements.txt

NameVersionVulnerabilitySeverity
gradio~> 4.44.1Gradio lacks integrity checking on the downloaded FRP clienthigh
Gradio has a race condition in update_root_in_config may redirect user traffichigh
Gradio uses insecure communication between the FRP client and serverhigh
Gradio's `is_in_or_equal` function may be bypassedmoderate
Gradio's CORS origin validation accepts the null originmoderate
Gradio vulnerable to SSRF in the path parameter of /queue/joinmoderate
Gradio has several components with post-process steps allow arbitrary file leaksmoderate
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG filesmoderate
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown listlow

Scanned Manifest Files

hugegraph-llm/requirements.txt
  • gradio@~> 4.44.1
  • gradio@~> 4.43.0
hugegraph-python-client/requirements.txt

@github-actions github-actions bot added the llm label Nov 13, 2024
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. dependencies Pull requests that update a dependency file labels Nov 13, 2024
imbajin
imbajin commented Nov 13, 2024
View reviewed changes
hugegraph-llm/requirements.txt
@@ -4,7 +4,7 @@ qianfan~=0.3.18
retry~=0.9.2
tiktoken>=0.7.0
nltk~=3.8.1
gradio~=4.43.0
gradio~=4.44.1
Copy link
Member Author

@imbajin imbajin Nov 13, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: upgrade to 5.x to avoid sec issues

And ignore it for now ⚠️

@imbajin imbajin mentioned this pull request Nov 13, 2024
Merged
liuxiaocs7
liuxiaocs7 approved these changes Nov 13, 2024
View reviewed changes
Copy link
Member

@liuxiaocs7 liuxiaocs7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@liuxiaocs7 liuxiaocs7 merged commit e3d25fd into main Nov 13, 2024
10 of 11 checks passed
@liuxiaocs7 liuxiaocs7 deleted the log-frame branch November 13, 2024 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liuxiaocs7 liuxiaocs7 liuxiaocs7 approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file llm python-client size:L This PR changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@imbajin @liuxiaocs7