fix: 依赖更新

Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write #106 @isaacs/brace-expansion has Uncontrolled Resource Consumption #107 jwt-go allows excessive memory allocation during header parsing #24 golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange #29 部分文件修复
2026-06-12 18:11:42 +08:00 · 2026-02-04 18:10:06 +08:00
parent 76d648245c
commit 8c9e7652ec
19 changed files with 322 additions and 95 deletions
@@ -15,9 +15,8 @@ set -e
 export NEXT_PUBLIC_DEPLOY_ENV=${DEPLOY_ENV}
 export NEXT_PUBLIC_EDITION=${EDITION}
 export NEXT_PUBLIC_BASE_PATH=${NEXT_PUBLIC_BASE_PATH}
-# Use absolute URLs to avoid "Failed to construct 'URL': Invalid URL" in browser when CONSOLE_API_URL/APP_API_URL are empty
-export NEXT_PUBLIC_API_PREFIX=${CONSOLE_API_URL:-http://127.0.0.1:5001}/console/api
-export NEXT_PUBLIC_PUBLIC_API_PREFIX=${APP_API_URL:-http://127.0.0.1:5001}/api
+export NEXT_PUBLIC_API_PREFIX=${CONSOLE_API_URL}/console/api
+export NEXT_PUBLIC_PUBLIC_API_PREFIX=${APP_API_URL}/api
 export NEXT_PUBLIC_MARKETPLACE_API_PREFIX=${MARKETPLACE_API_URL}/api/v1
 export NEXT_PUBLIC_MARKETPLACE_URL_PREFIX=${MARKETPLACE_URL}
 export NEXT_PUBLIC_COOKIE_DOMAIN=${NEXT_PUBLIC_COOKIE_DOMAIN}
@@ -44,7 +43,7 @@ export NEXT_PUBLIC_MAX_PARALLEL_LIMIT=${MAX_PARALLEL_LIMIT}
 export NEXT_PUBLIC_MAX_ITERATIONS_NUM=${MAX_ITERATIONS_NUM}
 export NEXT_PUBLIC_MAX_TREE_DEPTH=${MAX_TREE_DEPTH}
 # extend start: admin
-export NEXT_PUBLIC_ADMIN_API_URL=${CONSOLE_API_URL:-http://127.0.0.1:5001}/admin/api
+export NEXT_PUBLIC_ADMIN_API_URL=${CONSOLE_API_URL}/admin/api
 # extend stop: admin

 pm2 start /app/web/server.js --name dify-web --cwd /app/web -i ${PM2_INSTANCES} --no-daemon