From d67e72d9e1d40fb1f5a547a3b3032a31c704899d Mon Sep 17 00:00:00 2001 From: ZePan110 Date: Tue, 9 Dec 2025 16:39:57 +0800 Subject: [PATCH 1/3] Fix security issue Signed-off-by: ZePan110 --- AgentQnA/docker_compose/intel/hpu/gaudi/compose.yaml | 2 +- ArbPostHearingAssistant/ui/gradio/requirements.txt | 2 +- CodeGen/ui/gradio/requirements.txt | 2 +- DocSum/ui/gradio/requirements.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/AgentQnA/docker_compose/intel/hpu/gaudi/compose.yaml b/AgentQnA/docker_compose/intel/hpu/gaudi/compose.yaml index 8680b83443..7179427132 100644 --- a/AgentQnA/docker_compose/intel/hpu/gaudi/compose.yaml +++ b/AgentQnA/docker_compose/intel/hpu/gaudi/compose.yaml @@ -128,7 +128,7 @@ services: OPENAI_API_BASE_URLS: ${SUPERVISOR_AGENT_ENDPOINT} ENABLE_OLLAMA_API: False vllm-service: - image: opea/vllm-gaudi:1.4 + image: opea/vllm-gaudi:1.22.0 container_name: vllm-gaudi-server ports: - "8086:8000" diff --git a/ArbPostHearingAssistant/ui/gradio/requirements.txt b/ArbPostHearingAssistant/ui/gradio/requirements.txt index b6ccce5a66..095dee2b06 100644 --- a/ArbPostHearingAssistant/ui/gradio/requirements.txt +++ b/ArbPostHearingAssistant/ui/gradio/requirements.txt @@ -1,4 +1,4 @@ -gradio==5.11.0 +gradio>5.22.0,<=5.34.0 numpy==1.26.4 Pillow==10.3.0 diff --git a/CodeGen/ui/gradio/requirements.txt b/CodeGen/ui/gradio/requirements.txt index 2a4c8e1a30..14b3080e22 100644 --- a/CodeGen/ui/gradio/requirements.txt +++ b/CodeGen/ui/gradio/requirements.txt @@ -1,4 +1,4 @@ -gradio==5.22.0 +gradio>5.22.0,<=5.34.0 numpy==1.26.4 opencv-python==4.10.0.82 Pillow==10.3.0 diff --git a/DocSum/ui/gradio/requirements.txt b/DocSum/ui/gradio/requirements.txt index 5824f07218..27687edf4e 100644 --- a/DocSum/ui/gradio/requirements.txt +++ b/DocSum/ui/gradio/requirements.txt @@ -1,5 +1,5 @@ docx2txt -gradio==5.11.0 +gradio>5.22.0,<=5.34.0 langchain_community moviepy==1.0.3 numpy==1.26.4 From a015f22310c980c0ec36bb32ed7668f1782e973f Mon Sep 17 00:00:00 2001 From: ZePan110 Date: Wed, 10 Dec 2025 11:08:37 +0800 Subject: [PATCH 2/3] Fix Signed-off-by: ZePan110 --- AgentQnA/docker_compose/intel/hpu/gaudi/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AgentQnA/docker_compose/intel/hpu/gaudi/compose.yaml b/AgentQnA/docker_compose/intel/hpu/gaudi/compose.yaml index 7179427132..8680b83443 100644 --- a/AgentQnA/docker_compose/intel/hpu/gaudi/compose.yaml +++ b/AgentQnA/docker_compose/intel/hpu/gaudi/compose.yaml @@ -128,7 +128,7 @@ services: OPENAI_API_BASE_URLS: ${SUPERVISOR_AGENT_ENDPOINT} ENABLE_OLLAMA_API: False vllm-service: - image: opea/vllm-gaudi:1.22.0 + image: opea/vllm-gaudi:1.4 container_name: vllm-gaudi-server ports: - "8086:8000" From 86c0b40aed5ecab680d2ab1d1d7a7faa49d7ff29 Mon Sep 17 00:00:00 2001 From: ZePan110 Date: Wed, 10 Dec 2025 14:36:31 +0800 Subject: [PATCH 3/3] Fix CodeQL issue Signed-off-by: ZePan110 --- .github/workflows/pr-image-size.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-image-size.yml b/.github/workflows/pr-image-size.yml index 0274423875..ffd432c7bd 100644 --- a/.github/workflows/pr-image-size.yml +++ b/.github/workflows/pr-image-size.yml @@ -128,7 +128,7 @@ jobs: - name: Download origin artifact log if: env.skip != 'true' - uses: actions/download-artifact@7a1cd3216ca9260cd8022db641d960b1db4d1be4 + uses: actions/download-artifact@v4.1.3 with: name: build-comments path: merged-files @@ -159,7 +159,7 @@ jobs: all_comments: ${{ steps.summary.outputs.all_comments }} steps: - name: Download Summary - uses: actions/download-artifact@7a1cd3216ca9260cd8022db641d960b1db4d1be4 + uses: actions/download-artifact@v4.1.3 with: name: build-comments path: downloaded-files