Skip to content

Feature/filtering queries#99

Open
tomusher wants to merge 4 commits into
feature/async-public-apifrom
feature/filtering-queries
Open

Feature/filtering queries#99
tomusher wants to merge 4 commits into
feature/async-public-apifrom
feature/filtering-queries

Conversation

@tomusher
Copy link
Copy Markdown
Member

@tomusher tomusher commented Dec 6, 2024

This is an initial version of a filtering API for indexes, allowing users to filter the returned documents using filter objects.

@nickmoreton
Copy link
Copy Markdown

nickmoreton commented Jun 18, 2025
edited
Loading

Hi @tomusher I am seeing the same errors when CI runs without any changes: https://github.com/torchbox-forks/wagtail-vector-index/actions/runs/15729950065
Are there any plans to update this package? It's not broken for me but seems to be using more recent dependencies that have now been upgraded that would satisfy most if not all of the warnings below.

┌─────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │  Status  │ Installed Version │ Fixed Version │                           Title                            │
├─────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ aiohttp │ CVE-2024-52304 │ MEDIUM   │ fixed    │ 3.10.5            │ 3.10.11       │ aiohttp: aiohttp vulnerable to request smuggling due to    │
│         │                │          │          │                   │               │ incorrect parsing of chunk...                              │
│         │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2024-52304                 │
├─────────┼────────────────┼──────────┤          ├───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ litellm │ CVE-2024-5751  │ CRITICAL │          │ 1.40.15           │ 1.40.16       │ litellm vulnerable to remote code execution based on using │
│         │                │          │          │                   │               │ eval unsafely                                              │
│         │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2024-5751                  │
│         ├────────────────┼──────────┤          │                   ├───────────────┼────────────────────────────────────────────────────────────┤
│         │ CVE-2024-10188 │ HIGH     │          │                   │ 1.53.1.dev1   │ LiteLLM Vulnerable to Denial of Service (DoS)              │
│         │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2024-10188                 │
│         ├────────────────┤          │          │                   ├───────────────┼────────────────────────────────────────────────────────────┤
│         │ CVE-2024-6587  │          │          │                   │ 1.44.8        │ LiteLLM Server-Side Request Forgery (SSRF) vulnerability   │
│         │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2024-6587                  │
│         ├────────────────┤          │          │                   ├───────────────┼────────────────────────────────────────────────────────────┤
│         │ CVE-2024-8984  │          │          │                   │ 1.56.2        │ LiteLLM Vulnerable to Denial of Service (DoS) via Crafted  │
│         │                │          │          │                   │               │ HTTP Request                                               │
│         │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2024-8984                  │
│         ├────────────────┤          │          │                   ├───────────────┼────────────────────────────────────────────────────────────┤
│         │ CVE-2024-9606  │          │          │                   │ 1.44.12       │ LiteLLM Reveals Portion of API Key via a Logging File      │
│         │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2024-9606                  │
│         ├────────────────┤          ├──────────┤                   ├───────────────┼────────────────────────────────────────────────────────────┤
│         │ CVE-2025-0330  │          │ affected │                   │               │ LiteLLM Has a Leakage of Langfuse API Keys                 │
│         │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2025-0330                  │
│         ├────────────────┤          ├──────────┤                   ├───────────────┼────────────────────────────────────────────────────────────┤
│         │ CVE-2025-0628  │          │ fixed    │                   │ 1.61.15       │ LiteLLM Has an Improper Authorization Vulnerability        │
│         │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2025-0628                  │
└─────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘

@mgax
Copy link
Copy Markdown
Member

mgax commented Mar 19, 2026

It looks like revision 937627d removes the upper bound for the litellm dependency, and it's not that different from v0.10.0: v0.10.0...937627d. Might be worth pinning wagtail-vector-index to that particular commit instead of v0.10.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tomusher @nickmoreton @mgax