[Bug]: consider fix security bug - Githubissues

infiniflow / ragflow

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding.

https://ragflow.io

Apache License 2.0

17.59k stars 1.79k forks source link

[Bug]: consider fix security bug #1174

Closed rickywu closed 3 months ago

rickywu commented 3 months ago

Is there an existing issue for the same bug?

[X] I have checked the existing issues.

Branch name

main

Commit ID

c68767a

Other environment information

No response

Actual behavior

name	version	CVE	fix version
joblib	1.3.2	CVE-2024-34997
pdfjs-dist	2.16.105	CVE-2024-4367	4.2.67
micromatch	4.0.5	CVE-2024-4067	4.0.6
braces	3.0.2	CVE-2024-4068	3.0.3
debug	2.6.9	CVE-2017-20165	3.1.0

Expected behavior

No response

Steps to reproduce

upgrade version for pdfjs-dist micromatch braces debug

Not sure component compatible problem for pdfjs-dist

Additional information

No response

rickywu commented 3 months ago

@KevinHuSh have you upgraded packages? I'm testing compatibility then consider requst merge.