Merged
Conversation
Contributor
Summary of ChangesHello @HenryHengZJ, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request focuses on enhancing the Dockerfile for the application by implementing best practices for container security and build optimization. The primary goal is to transition the container to operate under a non-root user, thereby reducing potential security vulnerabilities. Additionally, the changes streamline the dependency installation and build processes, contributing to a more robust and efficient Docker image. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request is a great step towards improving the security of the Docker image by running the application as a non-root user. The consolidation of RUN commands is also a good improvement for image layer management. I've added a few suggestions to further optimize the Dockerfile for smaller image size, better caching, and improved security by using multi-stage builds. These changes will lead to a more robust and efficient production image.
# Conflicts: # Dockerfile
0xi4o
pushed a commit
that referenced
this pull request
Nov 19, 2025
* update dockerfile * Update Dockerfile
HenryHengZJ
added a commit
that referenced
this pull request
Nov 27, 2025
* feat: handle 429 errors and redirect to rate-limited page * fix: simplify rate-limited page and better 429 error handling * fix: status code in quotaUsage * update: add back to home button rate-limited page * chore: fix typos in docker/worker/Dockerfile (#5435) Fix typos in docker/worker/Dockerfile * chore: fix typos in packages/components/nodes/agentflow/Condition/Condition.ts (#5436) Fix typos in packages/components/nodes/agentflow/Condition/Condition.ts * chore: fix typos in packages/components/nodes/chatmodels/ChatHuggingFace/ChatHuggingFace.ts (#5437) Fix typos in packages/components/nodes/chatmodels/ChatHuggingFace/ChatHuggingFace.ts * chore: fix typos in packages/components/nodes/prompts/ChatPromptTemplate/ChatPromptTemplate.ts (#5438) Fix typos in packages/components/nodes/prompts/ChatPromptTemplate/ChatPromptTemplate.ts * docs: fix typos in packages/ui/src/layout/MainLayout/Sidebar/MenuList/NavGroup/index.jsx (#5444) Fix typos in packages/ui/src/layout/MainLayout/Sidebar/MenuList/NavGroup/index.jsx * docs: fix typos in packages/components/nodes/engine/SubQuestionQueryEngine/SubQuestionQueryEngine.ts (#5446) Fix typos in packages/components/nodes/engine/SubQuestionQueryEngine/SubQuestionQueryEngine.ts * docs: fix typos in packages/components/nodes/embeddings/AWSBedrockEmbedding/AWSBedrockEmbedding.ts (#5447) Fix typos in packages/components/nodes/embeddings/AWSBedrockEmbedding/AWSBedrockEmbedding.ts * docs: fix typos in packages/server/README.md (#5445) Fix typos in packages/server/README.md * Bugfix/Supervisor Node AzureChatOpenAI (#5448) Integrate AzureChatOpenAI into the Supervisor node to handle user requests alongside ChatOpenAI. This enhancement allows for improved multi-agent conversation management. * Chore/JSON Array (#5467) * add separate by JSON object * add file check for Unstructured * Enhance JSON DocumentLoader: Update label and description for 'Separate by JSON Object' option, and add type check for JSON objects in array processing. * Chore/Remove Deprecated File Path Unstructured (#5478) * Refactor UnstructuredFile and UnstructuredFolder loaders to remove deprecated file path handling and enhance folder path validation. Ensure folder paths are sanitized and validated against path traversal attacks. * Update UnstructuredFolder.ts * feat(security): enhance file path validation and implement non-root D… (#5474) * feat(security): enhance file path validation and implement non-root Docker user - Validate resolved full file paths including workspace boundaries in SecureFileStore - Resolve paths before validation in readFile and writeFile operations - Run Docker container as non-root flowise user (uid/gid 1001) - Apply proper file ownership and permissions for application files Prevents path traversal attacks and follows container security best practices * Add sensitive system directory validation and Flowise internal file protection * Update Dockerfile to use default node user * update validation patterns to include additional system binary directories (/usr/bin, /usr/sbin, /usr/local/bin) * added isSafeBrowserExecutable function to validate browser executable paths for Playwright and Puppeteer loaders --------- Co-authored-by: taraka-vishnumolakala <[email protected]> Co-authored-by: Henry Heng <[email protected]> Co-authored-by: Henry <[email protected]> * Chore/docker file non root (#5479) * update dockerfile * Update Dockerfile * remove read write file tools and imports (#5480) * Bugfix/Custom Function Libraries (#5472) * Updated the executeJavaScriptCode function to automatically detect and install required libraries from import/require statements in the provided code. * Update utils.ts * lint-fix * Release/3.0.11 (#5481) [email protected] * [email protected] * Chore/Disable Unstructure Folder (#5483) * commented out unstructure folder node * Update packages/components/nodes/documentloaders/Unstructured/UnstructuredFolder.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * update: condition for handling 429 errors * update: handle rate limit errors in auth pages * fix: crash due to missing import --------- Co-authored-by: Lê Nam Khánh <[email protected]> Co-authored-by: Henry Heng <[email protected]> Co-authored-by: Taraka Vishnumolakala <[email protected]> Co-authored-by: taraka-vishnumolakala <[email protected]> Co-authored-by: Henry <[email protected]> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
davehamptonusa
pushed a commit
to davehamptonusa/Flowise
that referenced
this pull request
Dec 8, 2025
* update dockerfile * Update Dockerfile
davehamptonusa
pushed a commit
to davehamptonusa/Flowise
that referenced
this pull request
Dec 8, 2025
* update dockerfile * Update Dockerfile
davehamptonusa
pushed a commit
to davehamptonusa/Flowise
that referenced
this pull request
Dec 8, 2025
…5440) * feat: handle 429 errors and redirect to rate-limited page * fix: simplify rate-limited page and better 429 error handling * fix: status code in quotaUsage * update: add back to home button rate-limited page * chore: fix typos in docker/worker/Dockerfile (FlowiseAI#5435) Fix typos in docker/worker/Dockerfile * chore: fix typos in packages/components/nodes/agentflow/Condition/Condition.ts (FlowiseAI#5436) Fix typos in packages/components/nodes/agentflow/Condition/Condition.ts * chore: fix typos in packages/components/nodes/chatmodels/ChatHuggingFace/ChatHuggingFace.ts (FlowiseAI#5437) Fix typos in packages/components/nodes/chatmodels/ChatHuggingFace/ChatHuggingFace.ts * chore: fix typos in packages/components/nodes/prompts/ChatPromptTemplate/ChatPromptTemplate.ts (FlowiseAI#5438) Fix typos in packages/components/nodes/prompts/ChatPromptTemplate/ChatPromptTemplate.ts * docs: fix typos in packages/ui/src/layout/MainLayout/Sidebar/MenuList/NavGroup/index.jsx (FlowiseAI#5444) Fix typos in packages/ui/src/layout/MainLayout/Sidebar/MenuList/NavGroup/index.jsx * docs: fix typos in packages/components/nodes/engine/SubQuestionQueryEngine/SubQuestionQueryEngine.ts (FlowiseAI#5446) Fix typos in packages/components/nodes/engine/SubQuestionQueryEngine/SubQuestionQueryEngine.ts * docs: fix typos in packages/components/nodes/embeddings/AWSBedrockEmbedding/AWSBedrockEmbedding.ts (FlowiseAI#5447) Fix typos in packages/components/nodes/embeddings/AWSBedrockEmbedding/AWSBedrockEmbedding.ts * docs: fix typos in packages/server/README.md (FlowiseAI#5445) Fix typos in packages/server/README.md * Bugfix/Supervisor Node AzureChatOpenAI (FlowiseAI#5448) Integrate AzureChatOpenAI into the Supervisor node to handle user requests alongside ChatOpenAI. This enhancement allows for improved multi-agent conversation management. * Chore/JSON Array (FlowiseAI#5467) * add separate by JSON object * add file check for Unstructured * Enhance JSON DocumentLoader: Update label and description for 'Separate by JSON Object' option, and add type check for JSON objects in array processing. * Chore/Remove Deprecated File Path Unstructured (FlowiseAI#5478) * Refactor UnstructuredFile and UnstructuredFolder loaders to remove deprecated file path handling and enhance folder path validation. Ensure folder paths are sanitized and validated against path traversal attacks. * Update UnstructuredFolder.ts * feat(security): enhance file path validation and implement non-root D… (FlowiseAI#5474) * feat(security): enhance file path validation and implement non-root Docker user - Validate resolved full file paths including workspace boundaries in SecureFileStore - Resolve paths before validation in readFile and writeFile operations - Run Docker container as non-root flowise user (uid/gid 1001) - Apply proper file ownership and permissions for application files Prevents path traversal attacks and follows container security best practices * Add sensitive system directory validation and Flowise internal file protection * Update Dockerfile to use default node user * update validation patterns to include additional system binary directories (/usr/bin, /usr/sbin, /usr/local/bin) * added isSafeBrowserExecutable function to validate browser executable paths for Playwright and Puppeteer loaders --------- Co-authored-by: taraka-vishnumolakala <[email protected]> Co-authored-by: Henry Heng <[email protected]> Co-authored-by: Henry <[email protected]> * Chore/docker file non root (FlowiseAI#5479) * update dockerfile * Update Dockerfile * remove read write file tools and imports (FlowiseAI#5480) * Bugfix/Custom Function Libraries (FlowiseAI#5472) * Updated the executeJavaScriptCode function to automatically detect and install required libraries from import/require statements in the provided code. * Update utils.ts * lint-fix * Release/3.0.11 (FlowiseAI#5481) [email protected] * [email protected] * Chore/Disable Unstructure Folder (FlowiseAI#5483) * commented out unstructure folder node * Update packages/components/nodes/documentloaders/Unstructured/UnstructuredFolder.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * update: condition for handling 429 errors * update: handle rate limit errors in auth pages * fix: crash due to missing import --------- Co-authored-by: Lê Nam Khánh <[email protected]> Co-authored-by: Henry Heng <[email protected]> Co-authored-by: Taraka Vishnumolakala <[email protected]> Co-authored-by: taraka-vishnumolakala <[email protected]> Co-authored-by: Henry <[email protected]> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.