[Feature Request]: Better project dependency management #1052
Description
Is there an existing issue for the same feature request?
- I have checked the existing issues.
Describe the feature you'd like
Discussed in https://github.com/orgs/infiniflow/discussions/1269
Originally posted by http403 June 1, 2024
Hi community and members of infiniflow,
Will the community be interested in pausing the development of RAGFlow a bit, and restructure the project using better dependency management tool? I'm trying to make the Docker image smaller by cutting out the GPU specific dependencies, which I use Poetry to aid me, and I discover few dependencies conflicts:
volcengineneedpycryptodome==3.9.9gotpycryptodome=3.20.0volcengineneedpytz==2020.5gotpytz==2024.1bcembeddingneedtransformers>=4.35.0,<4.37.0gottransformer==4.38.1
Note: bcembedding and volcengine aren't version pinned
It will be nice to use some form of dependency management tools like Poetry or Pipenv to avoid such issues. Not to mention PyCryptodome 3.9.9 and pytz both released in 2020, which are very old which PyCryptodome have CVE-2023-52323 vulnerability before version 3.19.1.
Again, I don't mind chime in my time to make it happen.