⚠ This page is served via a proxy. Original site: https://github.com
This service does not collect credentials or authentication data.
Skip to content

Changes according to bug #2389 #2390

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cogniware-devops wants to merge 24 commits into
base: main
Choose a base branch
from
Open

Changes according to bug #2389 #2390

cogniware-devops wants to merge 24 commits into from

Conversation

@cogniware-devops
Copy link
Contributor

@cogniware-devops cogniware-devops commented Jan 13, 2026

Description

The summary of the proposed changes as long as the relevant motivation and context.

Issues

List the issue or RFC link this PR is working on. If there is no such link, please mark it as n/a.

Type of change

List the type of change like below. Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds new functionality)
  • Breaking change (fix or feature that would break existing design and interface)
  • Others (enhancement, documentation, validation, etc.)

Dependencies

List the newly introduced 3rd party dependency if exists.

Tests

Describe the tests that you ran to verify your changes.

@cogniware-devops
Cogniware IMS Updated Commit
12bb426 
Updated Commit of Cogniware IMS after resetting the fork and merge history

Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Correcting Bugs
66f4b4e 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Update .gitignore
a679aab 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Fix pre-commit issues: formatting, imports, linting
e4812dc 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Correct helm charts
dafa1dd 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
DockerFile Changes for Frontend
3c99740 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Add package-lock.json for deterministic builds
3f1a204 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Updat docker file in Fronend Folder
bd58b92 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Updat docker file in Backend Folder
10b436c 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Update req n docker file in Backend Folder
d809a0a 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Update test build path errors
b58ff8b 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Update test build path errors in test compose
0860955 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Path Issue resolution
d31e1d6 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Path Issue resolution revert path
0ed2300 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Correct Compose YAML
eae282e 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Add HF token and timeout for TEI Server
f0071be 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Fix for TEI Server
e8d8ca0 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Fix for TEI Reranking Server
4c23ca8 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Add assets data to gitignore
d39e509 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Update error
f4ee699 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Update compose yaml
07d7e12 
Signed-off-by: cogniware-devops <[email protected]>
@cogniware-devops
Made Changes to repo asper change req
1a37476 
made changes to the repo asper bug 2386
@github-actions
Copy link

github-actions bot commented Jan 13, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Files

  • CogniwareIms/frontend/package-lock.json

@joshuayao
Copy link
Collaborator

joshuayao commented Jan 13, 2026

Dependency Review

The following issues were found:

  • ❌ 1 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 4 package(s) with unknown licenses.

See the Details below.

Vulnerabilities

CogniwareIms/frontend/package-lock.json

Name Version Vulnerability Severity
next 14.0.4 Authorization Bypass in Next.js Middleware critical
Next.js Server-Side Request Forgery in Server Actions high
Next.js Cache Poisoning high
Next.js authorization bypass vulnerability high
Next Vulnerable to Denial of Service with Server Components high
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up high
Denial of Service condition in Next.js image optimization moderate
Next.js Allows a Denial of Service (DoS) with Server Actions moderate
Next.js Affected by Cache Key Confusion for Image Optimization API Routes moderate
Next.js Content Injection Vulnerability for Image Optimization moderate
Next.js Improper Middleware Redirect Handling Leads to SSRF moderate
Information exposure in Next.js dev server due to lack of origin verification low
Next.js Race Condition to Cache Poisoning low

License Issues

CogniwareIms/backend/requirements.txt

Package Version License Issue Type
aiohttp >= 3.11.0 Null Unknown License
cryptography >= 43.0.7 Null Unknown License
pypdf >= 4.0.0 Null Unknown License
python-multipart >= 0.0.9 Null Unknown License

Scanned Files

  • CogniwareIms/backend/requirements.txt
  • CogniwareIms/frontend/package-lock.json

Hi @cogniware-devops could you please upgrade next to fix the above vulnerabilities? Thanks.

@ZePan110
Copy link
Collaborator

ZePan110 commented Jan 13, 2026

For these two failures. Please use fork or create a new branch to submit this pull request. @cogniware-devops
image

ZePan110
ZePan110 reviewed Jan 13, 2026
View reviewed changes
@ZePan110
Copy link
Collaborator

ZePan110 commented Jan 15, 2026
edited
Loading

@cogniware-devops Could you check tei-reranking and tei-embedding? I tested ChatQnA on the same machine and did not encounter this issue.
image
You may refer to https://github.com/opea-project/GenAIExamples/blob/68b7ef4dd11b3f35e59a097c0daa78047a27a6ad/ChatQnA/docker_compose/intel/cpu/xeon/compose.yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZePan110 ZePan110 ZePan110 left review comments

@lvliang-intel lvliang-intel Awaiting requested review from lvliang-intel lvliang-intel is a code owner

@ftian1 ftian1 Awaiting requested review from ftian1 ftian1 is a code owner

@chensuyue chensuyue Awaiting requested review from chensuyue chensuyue is a code owner

@lkk12014402 lkk12014402 Awaiting requested review from lkk12014402 lkk12014402 is a code owner

@minmin-intel minmin-intel Awaiting requested review from minmin-intel minmin-intel is a code owner

@rbrugaro rbrugaro Awaiting requested review from rbrugaro rbrugaro is a code owner

@yao531441 yao531441 Awaiting requested review from yao531441

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cogniware-devops @joshuayao @ZePan110