Skip to content

chore(deps): bump node from 18-alpine to 25-alpine#48

Open
dependabot[bot] wants to merge 57 commits into
mainfrom
dependabot/docker/node-25-alpine
Open

chore(deps): bump node from 18-alpine to 25-alpine#48
dependabot[bot] wants to merge 57 commits into
mainfrom
dependabot/docker/node-25-alpine

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Oct 20, 2025

Copy link
Copy Markdown

Bumps node from 18-alpine to 25-alpine.

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

T-DevH and others added 8 commits October 18, 2025 12:39
…ovements (#45)

* fix: update critical dependencies for security

- Update fastapi from 0.111.0 to 0.119.0 (compatible with new starlette)
- Update starlette from 0.37.2 to 0.48.0 (fixes DoS vulnerabilities)
- Resolves 2 high-severity DoS vulnerabilities in starlette
- Application tested and confirmed working after updates

This addresses the critical security vulnerabilities found in pip-audit.

* style: apply Black formatting to all Python files

- Reformatted 99 files with Black (line-length=88)
- Fixed indentation, line length, and spacing issues
- No functional changes, only formatting improvements
- All files now follow consistent Python style guidelines

This addresses a significant portion of the 8,625 linting errors.

* fix: remove unused imports and variables in document action tools

- Remove unused imports: asyncio, time, DocumentUpload, DocumentType, ProcessingStatus
- Remove unused variables: processing_result, rejection_result
- Fix one line length issue by breaking long f-string
- Reduces linting errors in this file significantly

This addresses F401 and F841 linting errors.

* fix: resolve SQL injection vulnerabilities in equipment asset tools

- Add nosec B608 comments to suppress false positives
- All queries use proper parameterized queries with , , etc.
- WHERE clauses are built safely with parameterized conditions
- No actual SQL injection risk - Bandit flags f-string usage incorrectly

This addresses 5 medium-severity SQL injection warnings from Bandit.

* fix: resolve critical security vulnerabilities

- Replace eval() with ast.literal_eval() in equipment router (2 instances)
- Replace MD5 hash with SHA-256 in service discovery
- Replace hardcoded /tmp with tempfile.mkdtemp() in document router
- Add proper imports for ast and tempfile modules

This addresses:
- 2 medium-severity eval usage vulnerabilities (B307)
- 1 high-severity MD5 hash weakness (B324)
- 1 medium-severity temp directory issue (B108)

All security fixes tested and application confirmed working.

* test: comprehensive Phase 3 testing completed

- Application startup: ✅ SUCCESS
- Critical routers import: ✅ SUCCESS
- MCP services import: ✅ SUCCESS
- Health endpoint: ✅ 200 OK
- MCP tools endpoint: ✅ 200 OK
- Error handling (404): ✅ 404 OK
- MCP error handling: ✅ 500 OK (expected)
- Performance: ✅ 0.061s average (EXCELLENT)
- JavaScript vulnerabilities: 1 fixed (axios), 9 remaining (breaking changes)

All critical functionality verified working after security fixes.

* fix: resolve axios browser compatibility issue

- Downgraded axios from 1.11.0 to 1.6.0
- Fixed webpack polyfill errors for crypto, http, https, stream, util, url, zlib, assert
- Frontend now loads correctly at localhost:3001
- Resolves 'Cannot find module crypto' and related Node.js polyfill errors

The newer axios version required Node.js polyfills that aren't available
in browser environments. Downgrading to 1.6.0 maintains functionality
while ensuring browser compatibility.

* docs: update Phase 3 testing results with frontend fix

- Added Frontend Compatibility section showing axios downgrade fix
- Updated JavaScript Dependencies section with fix details
- Added Frontend test to results matrix
- Documented resolution of browser polyfill errors

Frontend is now fully functional at localhost:3001

* fix: resolve CI/CD pipeline issues

- Disabled pybluez dependency (incompatible with Python 3.11+)
- Updated CodeQL Action from v2 to v3 (deprecation fix)
- Resolves PyBluez build error and CodeQL deprecation warnings

These fixes should resolve the failing CI/CD pipeline checks.
- Document 10 key lessons learned from successful CI/CD pipeline fixes
- Include quantitative results: 89% linting error reduction, 100% critical security fixes
- Provide best practices for future similar projects
- Include success metrics and recommendations
- Complete project documentation for reference
- Remove date references from README.md Latest Updates section
- Remove date references from architecture diagram Latest Updates section
- Remove date references from architecture diagram Previous Updates section
- Remove date reference from ROLLBACK_PLAN.md Current Working State section
- Keep documentation content intact, only remove specific date references
…Document Analytics

- Add Recharts import for charting functionality
- Replace placeholder text with interactive Quality Score Trends line chart
- Add new Processing Volume Trends chart showing daily document processing
- Implement responsive charts with proper tooltips and styling
- Use Material-UI theme colors for consistent design
- Charts display real analytics data with proper formatting
- Improve analytics section with visual data representation
… interface

- Replace basic table with comprehensive card-based layout
- Add Document Overview section with visual quality indicators
- Implement Invoice Details section with structured financial data
- Add Extracted Text section with scrollable, formatted display
- Create Quality Assessment section with visual metrics
- Add Processing Information section with metadata
- Implement Processing Stages section with numbered chips
- Enhance Raw Data table with confidence chips and truncated text
- Use emojis and color-coded chips for better visual hierarchy
- Improve readability with proper spacing and typography
- Add responsive grid layout for better mobile experience
- Fix import order for better code organization
- Add debug information card to show actual data structure
- Improve error handling for missing extracted_data
- Use optional chaining throughout for safer data access
- Add fallback display when no extracted data is available
- Show processing stages even when extracted data is missing
- Better conditional rendering for all data sections
- Temporary debug info to help identify data structure issues
- Fix Document Overview to use lowercase field names (document_type, total_pages)
- Fix Invoice Details to use lowercase field names (extracted_text)
- Fix Extracted Text section to use lowercase field names (extracted_text)
- Fix Quality Assessment to use lowercase field names (quality_assessment)
- Fix Processing Metadata to use lowercase field names (processing_metadata)
- Remove debug card now that issue is identified and fixed
- All sections now properly display structured data from API response
- Add try-catch blocks for quality_assessment and processing_metadata parsing
- Handle both string and object data types safely
- Display error messages if JSON parsing fails
- Prevent runtime crashes from invalid JSON data
- Use IIFE pattern for safe data processing in JSX
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file docker Pull requests that update docker code labels Oct 20, 2025
@dependabot @github

dependabot Bot commented on behalf of github Oct 20, 2025

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: infrastructure. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

T-DevH added 17 commits October 23, 2025 09:23
- Replace equipment SKUs with authentic Frito-Lay products (35 items)
- Add comprehensive inventory API endpoints (/api/v1/inventory/*)
- Create inventory management UI with dashboard, filtering, and tabs
- Add inventory navigation to main UI layout
- Include low stock alerts and brand-based organization
- Update demo data generation with realistic Frito-Lay products
- Maintain separation between equipment/assets and inventory SKUs

Products include: Lay's, Doritos, Cheetos, Tostitos, Fritos, Ruffles,
SunChips, PopCorners, Funyuns, Smartfood
- Add multi-model ensemble forecasting (Random Forest, Gradient Boosting, Linear Regression, SVR)
- Implement advanced feature engineering with lag features, rolling statistics, seasonal patterns
- Add hyperparameter optimization using Optuna with Time Series Cross-Validation
- Create comprehensive forecasting API endpoints for real-time predictions
- Add automated reorder recommendations with urgency levels
- Implement business intelligence dashboard with model performance monitoring
- Add Frito-Lay product catalog with 38 SKUs and realistic historical data
- Create React forecasting dashboard with comprehensive analytics
- Add GPU acceleration support with NVIDIA RAPIDS cuML integration
- Fix forecasting API Network Error by simplifying URL construction
- Fix TypeScript compilation errors in forecasting UI
- Update README and CHANGELOG with complete forecasting system documentation
- Add RAPIDS GPU-accelerated training with cuML integration and CPU fallback
- Implement comprehensive training API with status, history, and manual/scheduled training
- Fix training progress tracking with unbuffered output and real-time log capture
- Add XGBoost integration to multi-model ensemble for enhanced forecasting accuracy
- Enhance forecasting UI with model comparison cards and performance metrics
- Fix forecast summary data display with proper backend-frontend data flow
- Resolve authentication system with proper bcrypt password hashing
- Add default user accounts (admin/password123) for demo access
- Update documentation with new features and achievements
- Improve error handling and subprocess management for training scripts
…tion

- Fix database connection issues in AdvancedForecastingService
- Add model tracking tables (model_training_history, model_predictions, model_performance_history)
- Implement local document processing with PyMuPDF for real data extraction
- Create forecasting configuration system for dynamic thresholds
- Add comprehensive model performance metrics calculation
- Fix document processing to show real uploaded documents instead of mock data
- Update training system with real-time progress tracking
- Add XGBoost GPU integration with RAPIDS cuML support
- Implement dynamic business intelligence summary
- Create forecasting enhancement plan documentation

All forecasting data is now 100% dynamic with no hardcoded values.
…tion page

- Add detailed Demand Forecasting System section with 6 ML models
- Include real-time model performance metrics and status indicators
- Document API endpoints for forecasting and training management
- Add technical architecture details and GPU acceleration info
- Include business intelligence features and key file components
- Show production-ready status with dynamic database integration
- Create comprehensive forecasting script for all 38 SKUs
- Generate forecasts using 6 ML models (Random Forest, XGBoost,
  Gradient Boosting, Linear Regression, Ridge Regression, SVR)
- Replace limited 4-SKU forecasts with full 38-SKU coverage
- Each SKU includes 30-day predictions, confidence intervals,
  and model performance metrics
- Best model selection based on MAE performance
- Support for GPU-accelerated XGBoost when available
- Realistic historical data generation with seasonal patterns
  and holiday effects
- Comprehensive feature engineering with lag features,
  rolling statistics, and trend analysis
- Remove hardcoded 4-SKU limitation from phase1_phase2_forecasting_agent.py
- Remove hardcoded 3-SKU limitation from phase3_advanced_forecasting.py
- Add get_all_skus() method to both RAPIDSForecastingAgent classes
- Training now dynamically retrieves all SKUs from database
- Ensures comprehensive coverage of entire Frito-Lay product catalog
…ytics

- Add enhanced business intelligence API endpoint with detailed analytics
- Implement comprehensive inventory analytics, category performance, and trend analysis
- Add top/bottom performer analysis and seasonal demand patterns
- Include AI-powered recommendations and risk indicators
- Create visual dashboard with KPIs, charts, and actionable insights
- Fix database schema compatibility issues in BI queries
- Update frontend with modern UI components and data visualizations
- Add real-time business metrics and model performance analytics
- Fix 'High Accuracy (>80%)' to use HTML entities (&gt;80%)
- Fix 'Low Accuracy (<70%)' to use HTML entities (&lt;70%)
- Resolve Babel parser syntax errors in React component
- Ensure proper JSX compliance for angle brackets in text content
- Update all_sku_forecasts.json with latest forecast results for all 38 SKUs
- Update phase1_phase2_forecasts.json with comprehensive forecast data
- Update rapids_gpu_forecasts.json with GPU-accelerated forecast results
- Update document_statuses.json with latest document processing states
- Add all_skus.txt containing complete SKU list for reference
…pages

- Replace mock quality score and processing time in DocumentExtraction with real API data
- Make Inventory brand list dynamic from actual SKUs
- Remove hardcoded unit price calculation (show N/A as cost data unavailable)
- Replace hardcoded assignee lists in Operations and Safety with dynamic user API
- Make ChatInterfaceNew warehouse, role, environment, connections, and tasks dynamic
- Replace mock workforce data in operations.py backend with database calculations
- Add userAPI service for fetching users from database
- All pages now use dynamic data from database/APIs

BREAKING: Requires admin role to fetch users list (used for assignee/reporter dropdowns)
- Map 'in_progress' to 'pending' for LeftRail display
- Map 'failed' or 'error' to 'failed' status
- Keep 'completed' as 'completed'
- Resolve TypeScript type mismatch error
- Parallelize evidence and quick actions generation for better throughput
- Skip enhancements for simple queries (greetings, short messages) for faster responses
- Reduce sequential wait time by running independent operations concurrently
- Improve response time for complex queries by ~30-50% through parallel processing

BREAKING: None - performance optimization only
- Don't redirect to login for /auth/users endpoint (handles 401/403 gracefully)
- Don't redirect to login for /auth/me endpoint (AuthContext handles auth check)
- Only redirect to login when token is truly invalid (401 on non-optional endpoints)
- Preserve 403 (Forbidden) for proper permission handling
- Fixes issue where Operations page redirected to login for non-admin users
… events

- Filter out null/undefined events from streamingEvents array before mapping
- Add optional chaining for event property access
- Add type guard to ensure event is StreamingEvent before processing
- Prevents runtime error when streamingEvents contains invalid entries
T-DevH and others added 28 commits October 29, 2025 16:18
- Add 3s timeout for input safety check to prevent hanging
- Add fallback response for empty MCP planner results
- Ensure chat endpoint always returns a response
- Prevent silent failures that cause no response
- Add message to UI immediately upon receiving response
- Move streaming simulation to non-blocking background process
- Add error handling and fallback message if streaming fails
- Add console logging for debugging
- Fix issue where responses weren't visible to users
- Fix TypeScript error by removing response.content references
- Use only response.reply which is the correct property
- Fixes TS2551 compilation error
- Reduce MCP planner initialization timeout to 3s for faster response
- Add immediate fallback response if initialization times out
- Handle initialization exceptions gracefully
- Increase proxy timeout to 60s to match axios timeout
- Provide user-friendly messages instead of network errors
- Prevent hanging requests that cause network errors
- Add null checks for result and structured_response before accessing
- Add try-catch around ChatResponse creation with detailed logging
- Add fallback response if ChatResponse creation fails
- Log result and structured_response data for debugging
- Prevent crashes from None or malformed result data
- Add check for result['response'] before accessing
- Add fallback response if base_response is None
- Add try-catch around response formatting
- Add null checks for result.get() calls
- Prevent KeyError and AttributeError exceptions
- Add detailed error logging for debugging
- Add timeout (2s) to tool discovery to prevent hanging
- Create simple pattern-matching fallback for when MCP is unavailable
- Reduce initialization timeout to 2s for faster fallback
- Add basic intent detection (operations, inventory, equipment)
- Don't raise exceptions during initialization - allow degraded mode
- Provides immediate responses even when MCP is slow/unavailable
- Fixes chat endpoint hanging issues
- Add _create_fallback_response method for when graph is unavailable
- Add timeout (25s) for graph execution to prevent hanging
- Don't raise exceptions during initialization - allow degraded mode
- Add timeout to initialize() call in process_warehouse_query
- Provides immediate responses even when graph is slow/unavailable
- Prevents chat endpoint from hanging indefinitely
- Add timeout (25s) to graph.ainvoke() execution
- Add timeout (2s) to initialize() call retry
- Return fallback immediately if graph is None
- Prevents infinite hangs during graph execution
- Add 3s timeout for user_service.initialize()
- Add 2s timeout for user lookup
- Add 2s timeout for last_login update (non-critical)
- Prevent login endpoint from hanging indefinitely
- Provide clear error messages for timeout scenarios
- Fixes login page hanging issue
- Add 10s timeout to asyncpg.create_pool() creation
- Add 5s connection timeout parameter to asyncpg
- Add 8s timeout to SQL retriever initialization in user_service
- Prevents login from hanging if database is unreachable
- Provides clear timeout error messages
- Fixes login taking long time issue
…g parameter

- Remove invalid timeout parameter from asyncpg.create_pool
- Use PostgreSQL server setting connect_timeout instead
- Wrapped pool creation in asyncio.wait_for with 10s timeout
- Prevents login from hanging indefinitely
- Reduce pool creation timeout from 10s to 7s
- Reduce SQL retriever init timeout from 8s to 6s
- Reduce PostgreSQL connect_timeout from 5s to 3s
- Increase login endpoint timeout from 3s to 5s to accommodate nested timeouts
- Total max login time: 7 seconds (instead of 10+ seconds)
- Faster failure for better UX
- Add 2s timeout for basic version endpoint
- Add 3s timeout for detailed version endpoint
- Use asyncio.to_thread to run version_service methods in thread pool
- Return fallback version info instead of raising errors
- Prevents version endpoint from hanging indefinitely
- Fixes Failed to fetch version info error in frontend
- Replace wildcard origins with explicit localhost URLs (3000, 3001)
- Fix CORS issue when allow_credentials=True (browsers block wildcard with credentials)
- Add expose_headers and max_age for better CORS support
- Fixes 'CORS request did not succeed' error on login
- Move _create_simple_fallback_response function after ChatResponse class definition
- Fix NameError preventing server startup
- CORS configuration with explicit localhost origins already applied
- This fixes the login page CORS issue
- connect_timeout is not a valid PostgreSQL server setting
- Move timeout to asyncpg.create_pool timeout parameter
- Fixes database connection initialization errors
- Add detailed logging at each step of login process
- Log initialization status, user lookup results, password verification
- Add fallback initialization check in get_user_for_auth
- Improve error messages for debugging authentication issues
- Add /auth/debug/user/{username} endpoint for testing user lookup
- Add comprehensive logging throughout auth flow
- Add connection pool validation in get_connection
- Add print statements for immediate visibility
- Strip username before lookup to handle any whitespace issues
- Add detailed logging for username comparison
- Login endpoint successfully authenticates users
- Debug endpoint /auth/debug/user/{username} working
- Comprehensive logging throughout auth flow
- Database connection fixes applied
- All fixes verified and working
- Removed all emoji symbols (✅, ❌, ⚠️, 🔴, etc.) from 51 markdown files
- Replaced emoji-based formatting with professional text equivalents
- Cleaned up spacing and formatting inconsistencies
- Maintained all technical content and structure
- Files cleaned: README.md, CODE_QUALITY_REPORT.md, CHANGELOG.md, and all documentation files
- Ready for public release with professional formatting
- Consolidate duplicate Quick Start sections into comprehensive 10-step guide
- Add complete deployment instructions with prerequisites and troubleshooting
- Update RUN_LOCAL.sh to support both .venv and env directories
- Fix create_default_users.py password to match documentation (password123)
- Remove emojis from all shell scripts for professional formatting
- Add database migration steps with all required schema files
- Include default user creation steps in deployment guide
- Add Node.js version requirement (18+)
- Improve environment variable documentation
- Add verification steps and troubleshooting section
- Fixed proxy configuration to preserve /api prefix when forwarding requests
- Added pathRewrite function in setupProxy.js to add /api back to paths
- Removed proxy field from package.json to avoid conflicts with setupProxy.js
- Added safety checks in api.ts to ensure baseURL is always relative
- Added debug logging for API configuration in development mode
- Fixed backend server hanging issues by properly restarting services
- All API requests now correctly route through proxy to backend on port 8001

This resolves the 404 errors and CORS issues that were preventing the frontend
from communicating with the backend API.
… main

This merge includes:
- Complete folder restructure aligned to NVIDIA AI Blueprints structure
- Proxy/CORS fixes for frontend API requests
- All recent improvements and bug fixes
- 325 files changed with comprehensive restructuring
Bumps node from 18-alpine to 25-alpine.

---
updated-dependencies:
- dependency-name: node
  dependency-version: 25-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/docker/node-25-alpine branch from efc9506 to 279e6e5 Compare November 14, 2025 08:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update docker code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant