Fix some security issues

[ZePan110]

Description

Fix some security issues.

Issues

List the issue or RFC link this PR is working on. If there is no such link, please mark it as n/a.

Type of change

List the type of change like below. Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds new functionality)
• Breaking change (fix or feature that would break existing design and interface)
• Others (enhancement, documentation, validation, etc.)

Dependencies

List the newly introduced 3rd party dependency if exists.

Tests

docker and helm test
https://github.com/opea-project/GenAIExamples/actions/runs/18516106845
trivy test
https://github.com/opea-project/GenAIExamples/actions/runs/18514829398
oneclick
http://github.com/opea-project/GenAIExamples/actions/runs/18519811203

[github-actions]

Dependency Review

The following issues were found:

• ❌ 1 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

Vulnerabilities

one_click_deploy/requirements.txt

Name	Version	Vulnerability	Severity
urllib3	2.2.3	urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation	moderate
		urllib3 does not control redirects in browsers and Node.js	moderate

License Issues

one_click_deploy/requirements.txt

Package	Version	License	Issue Type
ruamel-yaml	0.18.15	Null	Unknown License
ruamel-yaml-clib	0.2.8	Null	Unknown License

Scanned Files

• .github/workflows/_build_image.yml
• .github/workflows/_get-image-list.yml
• .github/workflows/_get-test-matrix.yml
• .github/workflows/_helm-e2e.yml
• .github/workflows/_run-docker-compose.yml
• .github/workflows/_run-one-click.yml
• .github/workflows/_trivy-scan.yml
• .github/workflows/check-online-doc-build.yml
• .github/workflows/dockerhub-description.yml
• .github/workflows/manual-docker-scan.yml
• .github/workflows/manual-freeze-tag.yml
• .github/workflows/mix-trellix.yml
• .github/workflows/pr-chart-e2e.yml
• .github/workflows/pr-check-duplicated-image.yml
• .github/workflows/pr-code-scan.yml
• .github/workflows/pr-dependency-review.yml
• .github/workflows/pr-dockerfile-path-and-build-yaml-scan.yml
• .github/workflows/pr-image-size.yml
• .github/workflows/pr-link-path-scan.yml
• .github/workflows/push-images-path-detection.yml
• .github/workflows/push-infra-issue-creation.yml
• .github/workflows/scorecard.yml
• .github/workflows/weekly-one-click-test.yml
• .github/workflows/weekly-update-images.yml
• one_click_deploy/requirements.txt

[Copilot]

Pull Request Overview

This PR appears to be a test update that modifies testing scripts and CI workflow configurations. The changes focus on updating dependency versions and improving test execution reliability.

• Updates Playwright version from unspecified to 1.44.0 with explicit version pinning
• Adds SHA256 hash pinning to GitHub Actions checkout action for enhanced security
• Removes redundant npm install command in favor of npm ci for more reliable builds

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
ChatQnA/tests/test_compose_openeuler_on_xeon.sh	Updates Playwright commands to use specific version 1.44.0 and removes redundant npm install
.github/workflows/weekly-one-click-test.yml	Adds SHA256 hash to checkout action for security pinning

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}