search

xorbitsai / inference

Replace OpenAI GPT with another LLM in your app by changing a single line of code. Xinference gives you the freedom to use any LLM you need. With Xinference, you're empowered to run inference with any open-source language models, speech recognition models, and multimodal models, whether in the cloud, on-premises, or even on your laptop.
https://inference.readthedocs.io
Apache License 2.0
3.53k stars 293 forks source link

BUG fix security vulnerability #1651

Open rickywu opened 2 weeks ago

rickywu commented 2 weeks ago

Describe the bug

security vulnerability

Additional context

name version CNNVD CVE fixed version
@babel/traverse 7.22.8 CNNVD-202310-954 CVE-2023-45133 7.23.2
css-what 3.4.2 CNNVD-202105-1969 CVE-2021-33587 5.0.1
micromatch 4.0.5 CNNVD-202405-2275 CVE-2024-4067 4.0.6
follow-redirects 1.15.2 CNNVD-202401-017 CVE-2023-26159 1.15.6
braces 3.0.2 CNNVD-202405-2274 CVE-2024-4068 3.0.3
webpack-dev-middleware 5.3.3 CNNVD-202403-2183 CVE-2024-29180 5.3.4
nth-check 1.0.2 CNNVD-202109-1224 CVE-2021-3803 2.0.1
debug 2.6.9 CNNVD-202301-560 CVE-2017-20165 3.1.0

some minor version changes should works well

qinxuye commented 2 weeks ago

Do you have interest to send a PR to fix it?