From 1ff99bf0357a668a532806e7eca7aa096cdf5b79 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Jun 2024 22:38:26 +0000 Subject: [PATCH 1/5] Bump langchain-experimental from 0.0.52 to 0.0.61 in /app/backend Bumps [langchain-experimental](https://github.com/langchain-ai/langchain) from 0.0.52 to 0.0.61. - [Release notes](https://github.com/langchain-ai/langchain/releases) - [Commits](https://github.com/langchain-ai/langchain/commits/langchain-experimental==0.0.61) --- updated-dependencies: - dependency-name: langchain-experimental dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- app/backend/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/backend/requirements.txt b/app/backend/requirements.txt index 08e429b2..9fa12ada 100644 --- a/app/backend/requirements.txt +++ b/app/backend/requirements.txt @@ -13,7 +13,7 @@ fastapi == 0.109.1 fastapi-utils == 0.2.1 uvicorn == 0.23.2 numexpr == 2.10.0 -langchain-experimental==0.0.52 +langchain-experimental==0.0.61 microsoft-bing-websearch==1.0.0 tabulate==0.9.0 matplotlib==3.8.3 From fa4b003c14481f78d21484b3f1c0b928d8fe2f26 Mon Sep 17 00:00:00 2001 From: Ashvith <49021230+asbanger@users.noreply.github.com> Date: Tue, 25 Jun 2024 23:16:09 +0800 Subject: [PATCH 2/5] Update requirements.txt Updating the dependencies --- app/backend/requirements.txt | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/app/backend/requirements.txt b/app/backend/requirements.txt index 9fa12ada..d30c7152 100644 --- a/app/backend/requirements.txt +++ b/app/backend/requirements.txt @@ -1,9 +1,9 @@ #### Any version change made here should also be made and tested for the enrichment and function apps in /functions and /app/enrichment azure-identity==1.16.1 Flask==2.3.2 -langchain==0.1.16 +langchain==0.2.5 azure-mgmt-cognitiveservices==13.5.0 -openai==1.17.0 +openai==1.24.0 # azure-search-documents==11.4.0 azure-search-documents==11.4.0b11 azure-storage-blob==12.16.0 @@ -22,6 +22,7 @@ pandas==2.2.1 python-multipart==0.0.9 Pillow==10.3.0 wikipedia==1.4.0 -langchain-openai == 0.1.3 +langchain-openai == 0.1.7 pytest==8.2.1 -python-dotenv==1.0.1 \ No newline at end of file +python-dotenv==1.0.1 +langchain-community==0.2.5 From 9d0fcadbafd36ac57c589b2a11b054d39f841575 Mon Sep 17 00:00:00 2001 From: Ashvith <49021230+asbanger@users.noreply.github.com> Date: Wed, 26 Jun 2024 22:39:03 +0800 Subject: [PATCH 3/5] Update tabulardataassistant.py Update tabular assistant --- app/backend/approaches/tabulardataassistant.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/backend/approaches/tabulardataassistant.py b/app/backend/approaches/tabulardataassistant.py index 3b045a4b..fedf946f 100644 --- a/app/backend/approaches/tabulardataassistant.py +++ b/app/backend/approaches/tabulardataassistant.py @@ -106,7 +106,7 @@ def process_agent_scratch_pad(question, df): deployment_name=OPENAI_DEPLOYMENT_NAME) question = save_chart(question) - pdagent = create_pandas_dataframe_agent(chat, df, verbose=True,agent_type=AgentType.OPENAI_FUNCTIONS) + pdagent = create_pandas_dataframe_agent(chat, df, verbose=True,agent_type=AgentType.OPENAI_FUNCTIONS,allow_dangerous_code=True , handle_parsing_errors=True ) for chunk in pdagent.stream({"input": question}): if "actions" in chunk: for action in chunk["actions"]: @@ -134,8 +134,8 @@ def process_agent_response(question): deployment_name=OPENAI_DEPLOYMENT_NAME) - pdagent = create_pandas_dataframe_agent(chat, dffinal, verbose=True,handle_parsing_errors=True,agent_type=AgentType.OPENAI_FUNCTIONS) + pdagent = create_pandas_dataframe_agent(chat, dffinal, verbose=True,handle_parsing_errors=True,agent_type=AgentType.OPENAI_FUNCTIONS, allow_dangerous_code=True) for chunk in pdagent.stream({"input": question}): if "output" in chunk: output = f'Final Output: ```{chunk["output"]}```' - return output \ No newline at end of file + return output From 3420f07ddcc2a6ada2124f6e3e8705110664d578 Mon Sep 17 00:00:00 2001 From: dayland Date: Tue, 2 Jul 2024 02:05:24 +0100 Subject: [PATCH 4/5] Add extra warning documentation for allow_dangerous_code flag --- app/backend/approaches/tabulardataassistant.py | 6 ++++++ docs/features/features.md | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/app/backend/approaches/tabulardataassistant.py b/app/backend/approaches/tabulardataassistant.py index fedf946f..d55a5c86 100644 --- a/app/backend/approaches/tabulardataassistant.py +++ b/app/backend/approaches/tabulardataassistant.py @@ -106,6 +106,12 @@ def process_agent_scratch_pad(question, df): deployment_name=OPENAI_DEPLOYMENT_NAME) question = save_chart(question) + # This agent relies on access to a python repl tool which can execute arbitrary code. + # This can be dangerous and requires a specially sandboxed environment to be safely used. + # Failure to properly sandbox this class can lead to arbitrary code execution vulnerabilities, + # which can lead to data breaches, data loss, or other security incidents. You must opt in + # to use this functionality by setting allow_dangerous_code=True. + # https://api.python.langchain.com/en/latest/agents/langchain_experimental.agents.agent_toolkits.pandas.base.create_pandas_dataframe_agent.html pdagent = create_pandas_dataframe_agent(chat, df, verbose=True,agent_type=AgentType.OPENAI_FUNCTIONS,allow_dangerous_code=True , handle_parsing_errors=True ) for chunk in pdagent.stream({"input": question}): if "actions" in chunk: diff --git a/docs/features/features.md b/docs/features/features.md index 138fcf61..b50d2fac 100644 --- a/docs/features/features.md +++ b/docs/features/features.md @@ -97,6 +97,12 @@ To learn more, please visit the [Cognitive Search](/docs/features/cognitive_sear We are rolling out the Math Assistant and Tabular Data Assistant in a preview mode. The Math Assistant combines natural language understanding with robust mathematical reasoning, enabling users to express mathematical queries in plain language and receive step-by-step solutions and insights.The Tabular Data Assistants allows users to ask natural language questions about tabular data stored in CSV files and extract insights from structured datasets with the ability to filter, aggregate, and perform computations on CSV data. The key strength of Agents lies in their ability to autonomously reason about tasks, decompose them into steps, and determine the appropriate tools and data sources to leverage, all without the need for predefined task definitions or rigid workflows.The Math Assistant and Tabular Data assistant are being released in preview mode as we continue to evaluate and mitigate the potential risks associated with autonomous reasoning Agents, such as misuse of external tools, lack of transparency, biased outputs, privacy concerns, and remote code execution vulnerabilities. With future release we plan work to enhance the safety and robustness of these autonomous reasoning capabilities. +### :warning: Security Notice + +The Tabular Data Assistant relies on access to a python repl tool which can execute arbitrary code. This can be dangerous and requires a specially sandboxed environment to be safely used. Failure to run this code in a properly sandboxed environment can lead to arbitrary code execution vulnerabilities, which can lead to data breaches, data loss, or other security incidents. + +Do not use this code with untrusted inputs, with elevated permissions, or without consulting your security team about proper sandboxing! + ## Customization and Personalization **User-Selectable Options:** Users can fine-tune their interactions by adjusting settings such as temperature and persona, tailoring the AI experience to their specific needs. From 9274a943d658aee44c5617311604e7bd88562291 Mon Sep 17 00:00:00 2001 From: dayland Date: Tue, 2 Jul 2024 02:07:47 +0100 Subject: [PATCH 5/5] Adding additional warning on deployment.md --- docs/deployment/deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deployment/deployment.md b/docs/deployment/deployment.md index f03e821c..a6eefcac 100644 --- a/docs/deployment/deployment.md +++ b/docs/deployment/deployment.md @@ -58,7 +58,7 @@ ENABLE_WEB_CHAT | Yes | Defaults to `false`. This feature flag will enable the a ENABLE_BING_SAFE_SEARCH | No | Defaults to `true`. If you are using the `ENABLE_WEB_CHAT`feature you can set the following values to enable safe search on the Bing v7 Search APIs. ENABLE_UNGROUNDED_CHAT | Defaults to `false`. This feature flag will enable the ability to interact directly with an LLM. This experience will be similar to the Azure OpenAI Playground. ENABLE_MATH_ASSISTANT | Yes | Defaults to `true`. This feature flag will enable the Math Assistant tab in the Information Assistant website. Read more information on the [Math Assistant](/docs/features/features.md) -ENABLE_TABULAR_DATA_ASSISTANT | Yes | Defaults to `true`. This feature flag will enable the Tabular Data Assistant tab in the Information Assistant website. Read more information about the [Tabular Data Assistant](/docs/features/features.md) +ENABLE_TABULAR_DATA_ASSISTANT | Yes | Defaults to `true`. This feature flag will enable the Tabular Data Assistant tab in the Information Assistant website. Read more information about the [Tabular Data Assistant](/docs/features/features.md). Read the security warnings on the Tabular Data Assistant feature page when deploying this feature. ENABLE_SHAREPOINT_CONNECTOR | Yes | Defaults to `false`. This feature flag enabled the ability to ingest data from SharePoint document stores into the Information Assistant. When enabled, be sure to set the `SHAREPOINT_TO_SYNC` parameter for your SharePoint sites. Read more about configuring the [SharePoint Connector](/docs/features/sharepoint.md). This feature flag is **NOT** compatible with `AZURE_ENVIRONMENT=AzureUSGovernment`. SHAREPOINT_TO_SYNC | No | This is a JSON Array of Objects for SharePoint Sites and their entry folders. The app will crawl down from the folder specified for each site. Specifying "/Shared Documents" will crawl all the documents in your SharePoint. `[{"url": "https://SharePoint.com/", "folder": "/Shared Documents"}]` This will **overwrite** any prior changes you've made to config.json. Information on setting up SharePoint Ingestion can be found here [SharePoint Connector](/docs/features/sharepoint.md) ENABLE_MULTIMEDIA | Yes | Defaults to `false`. This feature flag should not be changed at this time. The multimedia feature is still in development. Enabling this feature will deploy an Azure Video Indexer instance in your resource group only.