search

langflow-ai / langflow

Langflow is a low-code app builder for RAG and multi-agent AI applications. It’s Python-based and agnostic to any model, API, or database.
http://www.langflow.org
MIT License
27.08k stars 3.58k forks source link

frontend npm install gives warnings #3008

Closed severfire closed 1 month ago

severfire commented 1 month ago

Bug Description

Hi,

Slowly boarding into this project... while installing dependencies I got information regarding '2 high severity vulnerabilities'

I wonder if its something that should be taken care of?

(venv) PS C:\Users\arek\Desktop\LLM\langflow\src\frontend> npm install
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
(...)
added 1159 packages, and audited 1161 packages in 48s

294 packages are looking for funding
  run `npm fund` for details

2 high severity vulnerabilities

Reproduction

\src\frontend> npm install

Expected behavior

no warnings

Who can help?

No response

Operating System

Windows 11 pro

Langflow Version

1.0.13

Python Version

None

Screenshot

No response

Flow File

No response

dosubot[bot] commented 1 month ago

Yes, the warnings about '2 high severity vulnerabilities' and the deprecation warning for the inflight module during npm install should be addressed.

High severity vulnerabilities can pose significant security risks to your project, and addressing them is crucial to ensure the safety and integrity of your application. Deprecation warnings indicate that certain modules or functionalities are outdated and may be removed in future releases, which could lead to potential issues or incompatibilities down the line.

To address these issues, you can follow these steps:

  1. Update Dependencies: Check if there are newer versions of the dependencies that resolve the vulnerabilities and deprecation warnings. You can do this by running:

    npm outdated

  2. Audit and Fix Vulnerabilities: Use npm's audit feature to identify and fix vulnerabilities:

    npm audit fix

  3. Manually Update or Replace Deprecated Modules: If the inflight module is deprecated, look for an alternative module or update the dependency that relies on it.

  4. Review and Test: After making updates, thoroughly review and test your application to ensure that everything works as expected.

By addressing these warnings, you can maintain a more secure and stable project [1].

To continue talking to Dosu, mention @dosu.

anovazzi1 commented 1 month ago

Hi @severfire,

I don't believe this warning is related to langflow core; it seems to be associated with shadcn-ui. We will monitor their repository, and once the issue is resolved, we will update it as soon as possible. track the issue here