Fix: package vulnerability and indexer deployment - Githubissues

Azure-Samples / azure-search-openai-javascript

A TypeScript sample app for the Retrieval Augmented Generation pattern running on Azure, using Azure AI Search for retrieval and Azure OpenAI and LangChain large language models (LLMs) to power ChatGPT-style and Q&A experiences.

MIT License

252 stars 130 forks source link

Fix: package vulnerability and indexer deployment #177

Closed shibbas closed 9 months ago

shibbas commented 9 months ago

Purpose

Fixes #176 and vite vulnerability. vite 4.0.0 - 4.5.1 Severity: high Vite XSS vulnerability in server.transformIndexHtml via URL payload - https://github.com/advisories/GHSA-92r3-m2mg-pj97 Vite dev server option server.fs.deny can be bypassed when hosted on case-insensitive filesystem - https://github.com/advisories/GHSA-c24v-8rfc-w8vw

Does this introduce a breaking change?

[ ] Yes
[X] No

Pull Request Type

What kind of change does this Pull Request introduce?

[X] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:

How to Test

Get the code

git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install

Test the code

What to Check

Verify that the following are valid

...

Other Information