Dependency Conflict Between Promptflow-Devkit and Vulnerable Flask-CORS Package

microsoft / promptflow

Build high-quality LLM apps - from prototyping, testing to production deployment and monitoring.

https://microsoft.github.io/promptflow/

MIT License

9.49k stars 868 forks source link

Dependency Conflict Between Promptflow-Devkit and Vulnerable Flask-CORS Package #3731

Closed NeethithevanR closed 3 weeks ago

NeethithevanR commented 2 months ago

I am using the latest version of the promptflow package, which internally uses the promptflow-devkit (version 1.50.0). This promptflow-devkit package depends on another package called Flask-CORS (version 4.0.2), which has a known vulnerability. The recommended remediation is to use the latest version of Flask-CORS (version 5.0.0). However, when I update to this version, promptflow-devkit no longer works. Please look into this issue.

github-actions[bot] commented 1 month ago

Hi, we're sending this friendly reminder because we haven't heard back from you in 30 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 7 days of this comment, the issue will be automatically closed. Thank you!