Skip to content

feat: add persistency component to ChatInterface and cleanup message/conversation ids #556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

feat: add persistency component to ChatInterface and cleanup message/conversation ids #556

wants to merge 16 commits into from
+288 −72

Conversation

mhordynski
Copy link
Member

No description provided.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 14, 2025
edited
Loading

Trivy scanning results.

Report Summary

┌──────────────────────┬──────┬─────────────────┬─────────┐
│ Target │ Type │ Vulnerabilities │ Secrets │
├──────────────────────┼──────┼─────────────────┼─────────┤
│ ui/package-lock.json │ npm │ 1 │ - │
├──────────────────────┼──────┼─────────────────┼─────────┤
│ uv.lock │ uv │ 27 │ - │
└──────────────────────┴──────┴─────────────────┴─────────┘
Legend:

  • '-': Not scanned
  • '0': Clean (no security findings detected)

For OSS Maintainers: VEX Notice

If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/v0.61/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.

ui/package-lock.json (npm)

Total: 1 (MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────┼─────────────────────────────────────────────────────────────┤
│ @babel/runtime │ CVE-2025-27789 │ MEDIUM │ fixed │ 7.26.7 │ 7.26.10, 8.0.0-alpha.17 │ Babel is a compiler for writing next generation JavaScript. │
│ │ │ │ │ │ │ When using ...... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-27789
└────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────┴─────────────────────────────────────────────────────────────┘

uv.lock (uv)

Total: 27 (MEDIUM: 13, HIGH: 11, CRITICAL: 3)

┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ aiohttp │ CVE-2024-52303 │ MEDIUM │ fixed │ 3.10.8 │ 3.10.11 │ aiohttp: aiohttp memory leak when middleware is enabled when │
│ │ │ │ │ │ │ requesting a resource... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-52303
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-52304 │ │ │ │ │ aiohttp: aiohttp vulnerable to request smuggling due to │
│ │ │ │ │ │ │ incorrect parsing of chunk... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-52304
├──────────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ gradio │ CVE-2025-23042 │ CRITICAL │ │ 4.44.1 │ 5.11.0 │ Gradio Blocked Path ACL Bypass Vulnerability │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-23042
│ ├────────────────┼──────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-47867 │ HIGH │ │ │ 5.0.0 │ Gradio lacks integrity checking on the downloaded FRP client │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47867
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-47870 │ │ │ │ │ Gradio has a race condition in update_root_in_config may │
│ │ │ │ │ │ │ redirect user traffic │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47870
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-47871 │ │ │ │ │ Gradio uses insecure communication between the FRP client │
│ │ │ │ │ │ │ and server │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47871
│ ├────────────────┼──────────┤ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-47164 │ MEDIUM │ │ │ │ Gradio's is_in_or_equal function may be bypassed │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47164
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-47165 │ │ │ │ │ Gradio's CORS origin validation accepts the null origin │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47165
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-47167 │ │ │ │ │ Gradio vulnerable to SSRF in the path parameter of │
│ │ │ │ │ │ │ /queue/join │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47167
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-47868 │ │ │ │ │ Gradio has several components with post-process steps allow │
│ │ │ │ │ │ │ arbitrary file leaks │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47868
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-47872 │ │ │ │ │ Gradio has an XSS on every Gradio server via upload of │
│ │ │ │ │ │ │ HTML... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47872
├──────────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ h11 │ CVE-2025-43859 │ CRITICAL │ │ 0.14.0 │ 0.16.0 │ h11: h11 accepts some malformed Chunked-Encoding bodies │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-43859
├──────────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ jinja2 │ CVE-2024-56201 │ MEDIUM │ │ 3.1.4 │ 3.1.5 │ jinja2: Jinja has a sandbox breakout through malicious │
│ │ │ │ │ │ │ filenames │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-56201
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-56326 │ │ │ │ │ jinja2: Jinja has a sandbox breakout through indirect │
│ │ │ │ │ │ │ reference to format method... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-56326
│ ├────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2025-27516 │ │ │ │ 3.1.6 │ jinja2: Jinja sandbox breakout through attr filter selecting │
│ │ │ │ │ │ │ format method │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-27516
├──────────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ litellm │ CVE-2024-8984 │ HIGH │ │ 1.55.0 │ 1.56.2 │ LiteLLM Vulnerable to Denial of Service (DoS) via Crafted │
│ │ │ │ │ │ │ HTTP Request │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-8984
│ ├────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2025-0628 │ │ │ │ 1.61.15 │ LiteLLM Has an Improper Authorization Vulnerability │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-0628
├──────────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ python-multipart │ CVE-2024-53981 │ │ │ 0.0.12 │ 0.0.18 │ python-multipart: python-multipart has a DoS via deformation │
│ │ │ │ │ │ │ multipart/form-data boundary │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-53981
├──────────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ setuptools │ CVE-2025-47273 │ │ │ 75.1.0 │ 78.1.1 │ setuptools is a package that allows users to download, │
│ │ │ │ │ │ │ build, install, ...... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-47273
├──────────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ starlette │ CVE-2024-47874 │ │ │ 0.38.6 │ 0.40.0 │ starlette: Starlette Denial of service (DoS) via │
│ │ │ │ │ │ │ multipart/form-data │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-47874
├──────────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ torch │ CVE-2025-32434 │ CRITICAL │ │ 2.2.2 │ 2.6.0 │ PyTorch is a Python package that provides tensor computation │
│ │ │ │ │ │ │ with stro ...... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-32434
├──────────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ transformers │ CVE-2024-11392 │ HIGH │ │ 4.44.2 │ 4.48.0 │ transformers: Hugging Face Transformers MobileViTV2 │
│ │ │ │ │ │ │ Deserialization of Untrusted Data Remote Code Execution... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-11392
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-11393 │ │ │ │ │ transformers: Hugging Face Transformers MaskFormer Model │
│ │ │ │ │ │ │ Deserialization of Untrusted Data Remote Code... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-11393
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-11394 │ │ │ │ │ transformers: Hugging Face Transformers Trax Model │
│ │ │ │ │ │ │ Deserialization of Untrusted Data Remote Code... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-11394
│ ├────────────────┼──────────┤ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-12720 │ MEDIUM │ │ │ │ Transformers Regular Expression Denial of Service (ReDoS) │
│ │ │ │ │ │ │ vulnerability │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-12720
│ ├────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2025-1194 │ │ │ │ 4.50.0 │ Transformers Regular Expression Denial of Service (ReDoS) │
│ │ │ │ │ │ │ vulnerability │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-1194
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2025-2099 │ │ │ │ │ Hugging Face Transformers Regular Expression Denial of │
│ │ │ │ │ │ │ Service │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-2099
└──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mhordynski