youngkingdom/ragflow
1
0
Fork 0
mirror of https://github.com/infiniflow/ragflow.git synced 2026-03-16 04:17:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
d688b72dff3902fe43ba2d3ca82b03530955d754
ragflow/web
History
guptas6est 7c79602c77 fix(web): upgrade lodash to 4.17.23 and dompurify to 3.3.2 to fix CVE-2026-0540 and CVE-2025-13465 (#13488) 
### What problem does this PR solve?

This PR fixes two security vulnerabilities in web dependencies
identified by Trivy:

1. CVE-2025-13465 (lodash): Prototype pollution vulnerability in _.unset
and _.omit functions
2. CVE-2026-0540 (dompurify): Cross-site scripting (XSS) vulnerability

**Changes:**
- Upgraded lodash from 4.17.21 to 4.17.23
- Upgraded dompurify from 3.3.1 to 3.3.2
- Added npm override to force monaco-editor's transitive dependency on
dompurify to use 3.3.2 (monaco-editor still depends on vulnerable 3.2.7)

Both upgrades are backward-compatible patch versions. Build verified
successfully with no breaking changes.

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
2026-03-12 19:04:26 +08:00
..
.husky
feat: format code before submitting it #1251 (#1252)
2024-06-24 14:48:21 +08:00
.storybook
feat(storybook): Storybook with Calendar and Modal components #9869 (#10626)
2025-10-17 09:58:52 +08:00
public
Fix: replace session page icons and fix nested list search functionality in filters (#13127)
2026-02-12 19:48:35 +08:00
src
Feat: inject sys.date into canvas (#13567)
2026-03-12 17:49:13 +08:00
.env
Remove 'DID YOU KNOW', when start front-end (#10853)
2025-10-28 19:40:58 +08:00
.env.development
Fix: Some bugs (#12441)
2026-01-05 15:28:57 +08:00
.env.production
Fix: Some bugs (#12441)
2026-01-05 15:28:57 +08:00
.eslintrc.cjs
refactor(ui): adjust global navigation bar style (#13419)
2026-03-05 20:47:29 +08:00
.gitignore
Feat: Use storybook to display public components. #9914 (#9915)
2025-09-04 17:03:36 +08:00
.npmrc
Fix: Limit node version #3547 (#3563)
2024-11-21 18:14:22 +08:00
.prettierignore
feat: install prettier to format code and add react-dev-inspector to locate code in the IDE faster (#44)
2024-01-29 15:02:27 +08:00
.prettierrc
Feat: Add background to next login page #3221 (#4474)
2025-01-14 13:43:18 +08:00
externals.d.ts
fix: cannot save the system model setting #468 (#508)
2024-04-23 17:46:56 +08:00
index.html
Refactor: UmiJs -> Vite (#12410)
2026-01-04 19:14:20 +08:00
jest-setup.ts
feat: test buildNodesAndEdgesFromDSLComponents (#940)
2024-05-27 19:35:14 +08:00
jest.config.ts
feat: test buildNodesAndEdgesFromDSLComponents (#940)
2024-05-27 19:35:14 +08:00
package-lock.json
fix(web): upgrade lodash to 4.17.23 and dompurify to 3.3.2 to fix CVE-2026-0540 and CVE-2025-13465 (#13488)
2026-03-12 19:04:26 +08:00
package.json
fix(web): upgrade lodash to 4.17.23 and dompurify to 3.3.2 to fix CVE-2026-0540 and CVE-2025-13465 (#13488)
2026-03-12 19:04:26 +08:00
postcss.config.cjs
Refactor: UmiJs -> Vite (#12410)
2026-01-04 19:14:20 +08:00
README.md
Update Admin UI user guide docs (#11183)
2025-11-11 20:29:20 +08:00
tailwind.config.js
Feat: Optimize the style of the chat page. (#13429)
2026-03-06 11:42:25 +08:00
tailwind.css
refactor(ui): adjust global navigation bar style (#13419)
2026-03-05 20:47:29 +08:00
tsconfig.json
Refactor: Refactoring OllamaModal using shadcn. #1036 (#12530)
2026-01-09 13:42:28 +08:00
tsconfig.node.json
Refactor: UmiJs -> Vite (#12410)
2026-01-04 19:14:20 +08:00
typings.d.ts
Feat: Add FilesTable #3221 (#4491)
2025-01-15 14:39:33 +08:00
vite.config.ts
Feat: Write the row and column numbers into the element's data attribute for easy code location. (#13368)
2026-03-04 20:50:58 +08:00

README.md

Install front-end dependencies

npm install

Launch front-end

npm run dev

The following output confirms a successful launch of the system:

Login to RAGFlow web UI

Open your browser and navigate to:

http://localhost:9222 or http://[YOUR_MACHINE_IP]:9222

Replace [YOUR_MACHINE_IP] with your actual machine IP address (e.g., http://192.168.1.49:9222).

Login to RAGFlow web admin UI

Open your browser and navigate to:

http://localhost:9222/admin or http://[YOUR_MACHINE_IP]:9222/admin

Replace [YOUR_MACHINE_IP] with your actual machine IP address (e.g., http://192.168.1.49:9222/admin).

Shutdown front-end

Ctrl + C or

kill -f "umi dev"