Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Table Visualization][Bug] Fix Url content display in table #2918

Merged
merged 1 commit into from
Dec 15, 2022

Conversation

ananzh
Copy link
Member

@ananzh ananzh commented Nov 22, 2022

Description

Currently, the new table can not format Url. If we set to use URL format in index pattern field, table will display it as string.

In this PR, we switch the format from string to html. To make html understandable by react as a DOM element, we use dangerouslySetInnerHTML to transform it. For the security, since the content is not from random input but fetched from stored data, we should be safe as long as data is not messed.

To provide more security protection, we also add dompurify package to sanitize the html content.

Issue Resolved:

#2905

More discussions:

#2905 (comment)

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@ananzh ananzh self-assigned this Nov 22, 2022
@ananzh ananzh added tableVis table visualization visualizations Issues and PRs related to visualizations bug Something isn't working v2.5.0 'Issues and PRs related to version v2.5.0' labels Nov 22, 2022
@ananzh ananzh changed the title [Table Visualization][Bug] Fix Url content display [Table Visualization][Bug] Fix Url content display in table Nov 22, 2022
@ananzh ananzh marked this pull request as ready for review November 23, 2022 01:21
@ananzh ananzh requested a review from a team as a code owner November 23, 2022 01:21
const htmlContent = column.formatter.convert(rawContent, 'html');
const formattedContent = (
// eslint-disable-next-line
<div dangerouslySetInnerHTML={{ __html: dompurify.sanitize(htmlContent) }} />
Copy link
Member

@ashwin-pc ashwin-pc Nov 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the only way to do this? afaik the goal here was just to make links possible for table cell elements. Cant we do that in a simpler way without allowing full blown HTML in a table cell?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I share Ashwin's discomfort with this approach in general, so I dug a bit deeper in the code base to try to figure out why things are set up this way. And my takeaway is that this fix is OK as is (and matches similar implementations in other visualizations like metric and markdown, and discover), but that the entire concept of a field formatter that outputs raw HTML strings is not desirable or necessary long-term.

  1. It seems the primary purpose of the field formatters (provided by the data plugin) is plain text formatting, which seems both sensible and necessary. I see no need to get rid of these or fundamentally change them.
  2. Only 3 of the converters also have a htmlConvert method: color, source, and url. These return string-ified HTML from templates, so using them in React is awkward and requires dangerouslySetInnerHTML. Given the project's evolution from Angular to React, we'd be better off with formatters that just provide components rather than HTML strings, but that's out of scope for this PR
  3. Whenever we use dangerouslySetInnerHTML (which should decrease over time), we should follow the convention of providing an explanatory comment. For example, see
    /*
    * Justification for dangerouslySetInnerHTML:
    * This is one of the visualizations which makes use of the HTML field formatters.
    * Since these formatters produce raw HTML, this visualization needs to be able to render them as-is, relying
    * on the field formatter to only produce safe HTML.
    * `metric.value` is set by the MetricVisComponent, so this component must make sure this value never contains
    * any unsafe HTML (e.g. by bypassing the field formatter).
    */

Copy link
Member Author

@ananzh ananzh Nov 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @ashwin-pc, there are 3 types for url format that could be set into indexPattern field. There are link, img and audio.
There are two converter in OSD, one is html and one is text. For these 3 types, here is a compare of text converter vs html converter

  • img
"/plugins/indexPatternManagement/assets/icons/177.120.218.48.png"
vs
"<span ng-non-bindable><img src="/plugins/indexPatternManagement/assets/icons/177.120.218.48.png" alt="A dynamically-specified image located at /plugins/indexPatternManagement/assets/icons/177.120.218.48.png" style="width:auto; height:auto; max-width:none; max-height:none;"></span>"
  • audio
"177.120.218.48"
vs
"<span ng-non-bindable><audio controls preload="none" src="177.120.218.48"></span>"
  • link
"177.120.218.48"
vs
"<span ng-non-bindable><a href="http://localhost:5603/jxv/app/177.120.218.48" target="_blank" rel="noopener noreferrer">177.120.218.48</a></span>"

@AMoo-Miki suggested using EUILink, but it only works form link. It doesn't work for img and audio. To make it format correctly, we have to use html converter then we need to translate these html contents.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I opened an issue here

Copy link
Member

@ashwin-pc ashwin-pc Nov 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the detailed context @joshuarrrr @ananzh. Yeah I can get behind that solution.

@@ -51,8 +52,12 @@ export const TableVisComponent = ({
const colIndex = columns.findIndex((col) => col.id === columnId);
const column = columns[colIndex];
// use formatter to format raw content
// this can format date and percentage data
const formattedContent = column.formatter.convert(rawContent, 'text');
// this can format url, date and percentage data
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit - this list is not exhaustive; it can actually format lots of other data types too

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will modify the comment msg

// this can format url, date and percentage data
const htmlContent = column.formatter.convert(rawContent, 'html');
const formattedContent = (
// eslint-disable-next-line
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of completely disabling eslint for the line, we should use the specific rule and add an explanatory comment (see comment below).

<div dangerouslySetInnerHTML={{ __html: dompurify.sanitize(htmlContent) }} /> // eslint-disable-line react/no-danger

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will add this. thx

@ananzh ananzh force-pushed the table-html branch 2 times, most recently from f78337d to 501aebc Compare November 28, 2022 22:51
@ananzh
Copy link
Member Author

ananzh commented Nov 28, 2022

@ashwin-pc @joshuarrrr, just see that in metrics vis, we also use this dangerouslySetInnerHTML and doesn't include a dompurify package to sanitize the content.

      <div
         className="mtrVis__value"
         style={metricValueStyle}
          /*
           * Justification for dangerouslySetInnerHTML:
           * This is one of the visualizations which makes use of the HTML field formatters.
           * Since these formatters produce raw HTML, this visualization needs to be able to render them as-is, relying
           * on the field formatter to only produce safe HTML.
           * `metric.value` is set by the MetricVisComponent, so this component must make sure this value never contains
           * any unsafe HTML (e.g. by bypassing the field formatter).
           */
          dangerouslySetInnerHTML={{ __html: metric.value }} // eslint-disable-line react/no-danger
        />

As commented by @kavilla here, seems we should also sanitize other vis contents. But I think it should be a separate issue or raise another PR, since this is a bug fix, right?

@codecov-commenter
Copy link

codecov-commenter commented Nov 28, 2022

Codecov Report

Merging #2918 (de01754) into main (a26fb43) will decrease coverage by 0.04%.
The diff coverage is 69.11%.

@@            Coverage Diff             @@
##             main    #2918      +/-   ##
==========================================
- Coverage   66.70%   66.65%   -0.05%     
==========================================
  Files        3219     3219              
  Lines       61477    61531      +54     
  Branches     9418     9431      +13     
==========================================
+ Hits        41010    41016       +6     
- Misses      18227    18277      +50     
+ Partials     2240     2238       -2     
Flag Coverage Δ
Linux 66.60% <69.11%> (-0.05%) ⬇️
Windows 66.60% <69.11%> (-0.06%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...c/plugins/data_source/server/client/client_pool.ts 58.82% <ø> (ø)
...gins/data_source/server/client/configure_client.ts 63.63% <31.81%> (-23.55%) ⬇️
.../plugins/data_source/server/data_source_service.ts 71.42% <66.66%> (-3.58%) ⬇️
...ents/edit_data_source/components/header/header.tsx 93.75% <75.00%> (-6.25%) ⬇️
.../data_source_management/public/components/utils.ts 95.83% <75.00%> (-4.17%) ⬇️
...components/create_form/create_data_source_form.tsx 96.96% <83.33%> (-1.40%) ⬇️
...rce/components/edit_form/edit_data_source_form.tsx 90.76% <86.66%> (-0.69%) ⬇️
...-eslint-plugin-eslint/rules/no_restricted_paths.js 96.96% <100.00%> (ø)
...e_data_source_wizard/create_data_source_wizard.tsx 97.50% <100.00%> (+0.72%) ⬆️
...c/components/edit_data_source/edit_data_source.tsx 88.23% <100.00%> (+0.48%) ⬆️
... and 4 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

joshuarrrr
joshuarrrr previously approved these changes Dec 14, 2022
@joshuarrrr
Copy link
Member

@ananzh Do you mind also opening an issue for

As commented by @kavilla #2905 (comment), seems we should also sanitize other vis contents. But I think it should be a separate issue or raise another PR, since this is a bug fix, right?

Even if we complete #2932, we may still have other instances of html that needs sanitation. And it's a parallel fix someone may decide to pickup before we can complete 2932.

@ananzh
Copy link
Member Author

ananzh commented Dec 14, 2022

#2932

Hey @joshuarrrr, thanks for the comment. I will create an issue to track all the other instances of html that needs sanitation. Will raise a PR for that.

@joshuarrrr
Copy link
Member

@ananzh Should this also be backported to 2.x (and not to 1.x or 1.3)?

Currently, the new table can not format Url. If we
set to use URL format in index pattern field, table
will display it as string.

In this PR, we switch the format from string to html.
To make html understandable by react as a DOM element,
we use dangerouslySetInnerHTML to transform it. For the
security, since the content is not from random input but
fetched from stored data, we should be safe as long as
data is not messed.

To provide more security protection, we also add dompurify
package to sanitize the html content.

Issue Resolved:
opensearch-project#2905

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
@ananzh
Copy link
Member Author

ananzh commented Dec 14, 2022

@joshuarrrr yes, since it is a change of table in 2.4, I added backport to 2.x

@ananzh
Copy link
Member Author

ananzh commented Dec 14, 2022

Issue for all other html content using dangerouslySetInnerHTML
#3082

@ashwin-pc ashwin-pc merged commit b16ee64 into opensearch-project:main Dec 15, 2022
opensearch-trigger-bot bot pushed a commit that referenced this pull request Dec 15, 2022
Currently, the new table can not format Url. If we
set to use URL format in index pattern field, table
will display it as string.

In this PR, we switch the format from string to html.
To make html understandable by react as a DOM element,
we use dangerouslySetInnerHTML to transform it. For the
security, since the content is not from random input but
fetched from stored data, we should be safe as long as
data is not messed.

To provide more security protection, we also add dompurify
package to sanitize the html content.

Issue Resolved:
#2905

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
(cherry picked from commit b16ee64)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
sipopo pushed a commit to sipopo/OpenSearch-Dashboards that referenced this pull request Dec 16, 2022
…t#2918)

Currently, the new table can not format Url. If we
set to use URL format in index pattern field, table
will display it as string.

In this PR, we switch the format from string to html.
To make html understandable by react as a DOM element,
we use dangerouslySetInnerHTML to transform it. For the
security, since the content is not from random input but
fetched from stored data, we should be safe as long as
data is not messed.

To provide more security protection, we also add dompurify
package to sanitize the html content.

Issue Resolved:
opensearch-project#2905

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Sergey Osipov <sipopo@yandex.ru>
@@ -354,6 +355,7 @@
"d3-cloud": "1.2.5",
"dedent": "^0.7.0",
"delete-empty": "^2.0.0",
"dompurify": "^2.4.1",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ananzh looks like this conflicts with the reporting plugin https://github.com/opensearch-project/reporting/blob/main/dashboards-reports/package.json#L22. Should we create a PR into their repo?

kavilla added a commit to kavilla/dashboards-reports that referenced this pull request Dec 20, 2022
In this PR:
opensearch-project/OpenSearch-Dashboards#2918

Dom purify was defined to a bug. Due to the version conflict,
Dashboards Reports is unable to build. So bumping up version.

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
rupal-bq pushed a commit to opensearch-project/reporting that referenced this pull request Dec 27, 2022
In this PR:
opensearch-project/OpenSearch-Dashboards#2918

Dom purify was defined to a bug. Due to the version conflict,
Dashboards Reports is unable to build. So bumping up version.

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
kavilla pushed a commit that referenced this pull request Jan 3, 2023
Currently, the new table can not format Url. If we
set to use URL format in index pattern field, table
will display it as string.

In this PR, we switch the format from string to html.
To make html understandable by react as a DOM element,
we use dangerouslySetInnerHTML to transform it. For the
security, since the content is not from random input but
fetched from stored data, we should be safe as long as
data is not messed.

To provide more security protection, we also add dompurify
package to sanitize the html content.

Issue Resolved:
#2905

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
rupal-bq added a commit to opensearch-project/dashboards-reporting that referenced this pull request Jan 5, 2023
* Upgrade dompurify to match upstream (#598)

In this PR:
opensearch-project/OpenSearch-Dashboards#2918

Dom purify was defined to a bug. Due to the version conflict,
Dashboards Reports is unable to build. So bumping up version.

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

* Update workflow

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Fix macos workflow

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Change nick-invision to nick-fields to fix worklfow actions

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Rupal Mahajan <maharup@amazon.com>
Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
Arpit-Bandejiya pushed a commit to Arpit-Bandejiya/OpenSearch-Dashboards that referenced this pull request Jan 13, 2023
…t#2918)

Currently, the new table can not format Url. If we
set to use URL format in index pattern field, table
will display it as string.

In this PR, we switch the format from string to html.
To make html understandable by react as a DOM element,
we use dangerouslySetInnerHTML to transform it. For the
security, since the content is not from random input but
fetched from stored data, we should be safe as long as
data is not messed.

To provide more security protection, we also add dompurify
package to sanitize the html content.

Issue Resolved:
opensearch-project#2905

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>
Arpit-Bandejiya pushed a commit to Arpit-Bandejiya/OpenSearch-Dashboards that referenced this pull request Mar 8, 2023
…t#2918)

Currently, the new table can not format Url. If we
set to use URL format in index pattern field, table
will display it as string.

In this PR, we switch the format from string to html.
To make html understandable by react as a DOM element,
we use dangerouslySetInnerHTML to transform it. For the
security, since the content is not from random input but
fetched from stored data, we should be safe as long as
data is not messed.

To provide more security protection, we also add dompurify
package to sanitize the html content.

Issue Resolved:
opensearch-project#2905

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>
ananzh added a commit that referenced this pull request Mar 8, 2023
* Fixes folder timestamps being updated before copying files into them (#2964)

* When updating the timestamps were requested, scanCopy first set the times and then copied content into the destination folder. On certain platforms, copying files into a folder updates its "Last Access Time" and that overwrites the just set timestamps. This PR, makes sure the timestamps are set only after copying the content.

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fixes incorrect validation of time values in JUnit Reporter (#2965)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Windows] Make `yarn pkg-version` work across platforms (#2963)

* Makes `yarn pkg-version` work across platforms

Signed-off-by: Miki <amoo_miki@yahoo.com>

* Makes `yarn pkg-version` work across platforms

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add Windows CI to the workflow (#2966)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Makes tests covering plugin installation on cluster snapshots work across platforms (#2994)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Bump loader-utils from 2.0.3 to 2.0.4 (#2892)

Bumps [loader-utils](https://github.com/webpack/loader-utils) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md)
- [Commits](https://github.com/webpack/loader-utils/compare/v2.0.3...v2.0.4)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Corrects the usage of leaflet-vega parameters (#3005)

Fixes #2996, #2353

- Bump `leaflet-vega` to `^0.9.0` - they merged in our upstream PR and made a release
- Fix the parameter name for passing `vega.parse` options.

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add @manasvinibs as maintainer (#3006)

Basic data points
[OSD] 16 submitted PRs (https://github.com/opensearch-project/OpenSearch-Dashboards/pulls/manasvinibs)
[OSD] 74 reviewed PRs (https://github.com/opensearch-project/OpenSearch-Dashboards/issues?q=reviewed-by%3Amanasvinibs)
[OSD] 28 issues involved (https://github.com/opensearch-project/OpenSearch-Dashboards/issues?page=1&q=involves%3Amanasvinibs+is%3Aissue)

Highlight
Mana is assisting with extensions project which will be the next evolution of extending core functionality from OpenSearch Dashboards
Mana implemented https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2734 which allows for a huge quality of life for local development for external plugin developers to utilize snapshots with a single CLI command compared to before when they would had to pull down OpenSearch build, install their plugin on OpenSearch, and ensure the proper configurations. This has caused historically problems when plugin teams do development and miss some steps per their onboard documentation/PR suggestion and get different results than expected.
Mana has assisted reviewing PRs providing great insight on BWC tests, BWC in general, and the release process.
Mana has added documentation from insight she has gained within the informal dev doc repo https://cptnb.github.io/opensearch-dashboards-dev-docs/ ensuring the spread of knowledge.

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Vis Builder] Add global data persistence for vis builder (#2896)

* Add global data persistence for vis builder

Persist filters, time range, time refresh interval for vis builder when we
refresh or navigate to other apps such as dashboard, discover, timeline and visualize

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Automates chromedriver version selection for tests (#2990)

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fixes `no-restricted-path` false-positives when `allowSameFolder` is true (#3020)

`no-restricted-paths` compares source files and import statements, and their membership in restricted zones. However, when `allowSameFolder` is true, it failed to remove a trailing slash before validation which results in a false-positive.

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Doc] Add readme for global query persistence (#3001)

Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD] Feature test connection (#2973)

* test connection intial code

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* error handling

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* refactor

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* removing get cluster info dependency

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* refactor test connection

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* adding test cases and test connection on edit datasource

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* adding changelog comment

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* fixing bug on edit datasource page

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* refactor based on PR comments

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Chore] Add release notes for 1.3.7 (#3066)

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Chore] Add 2.4.1 release notes (#3070)

* [Chore] Add 2.4.1 release notes

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Table Visualization][BUG] Fix Url content display (#2918)

Currently, the new table can not format Url. If we
set to use URL format in index pattern field, table
will display it as string.

In this PR, we switch the format from string to html.
To make html understandable by react as a DOM element,
we use dangerouslySetInnerHTML to transform it. For the
security, since the content is not from random input but
fetched from stored data, we should be safe as long as
data is not messed.

To provide more security protection, we also add dompurify
package to sanitize the html content.

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2905

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Tests] Bumps `chromedriver` to v107 (#3017)

* Removes manual resolution of `axios`.

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Removes minimatch manual resolution (#3019)

* The minimatch resolution was no longer necessary after the upstream
library that depended on v3.0.4 was removed in #2711.

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Bumps simple-git from 3.4.0 to 3.15.0 (#3036)

Signed-off-by: Kristen Tian <tyarong@amazon.com>

Signed-off-by: Kristen Tian <tyarong@amazon.com>
Co-authored-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fix boktorbb alias. (#3085)

Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Bump decode-uri-component from 0.2.0 to 0.2.2 (#3009)

Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2.
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2)

---
updated-dependencies:
- dependency-name: decode-uri-component
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD] Update url in tests to follow lychee url allowlist (#3099)

Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Infrastructure] Add `untriaged` label to issues workflow (#3073)

Credit to Peter Nied <petern@amazon.com> via https://github.com/opensearch-project/.github/pull/111

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Update console to use core.http instead of jQuery.ajax (#3080)

* Update console to use core.http instead of jQuery.ajax

Signed-off-by: Yan Zeng <zengyan@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Maintenance] Exempt feature branches from changelog verification workflow (#3123)

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Gets rid of `github-checks-reporter` (#3126)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Updates NOTICE file, adds validation to GitHub CI (#3051)

* Aligns NOTICE with rules outlined in
https://github.com/opensearch-project/.github/issues/21.
* Adds NOTICE validation to the build and test workflow.
* Fixes product name discrepancies between repository NOTICE file and
the generated NOTICE file for the build.
* Skips template-izing the build and test workflow since that's being
worked on in #2991.

Resolves #765

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Doc] Add current plugin persistence implementation readme (#3081)

* readme

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Add readme for current plugin data persistence implementation

Added readme in root level doc folder

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Changelog and minor fixes

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* some modifications

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Table Visualization] Replace table visualization with React and DataGrid (#2863)

* [Table Visualization] Replace table visualization with React and DataGrid

In this PR, we add back functions to make new table usage to
be consistent with the replaced one.
* total function
* percentage column
* filter in/out

Meanwhile, we also add back server. Functional tests are removed.
We will add new functional test in opensearch-dashboards-functional-test
repo. We also clean out some legacy codes.

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2855

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* add some data-test-subj and fix PR comments

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* Fix PR comments and add unit tests

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* remove listenOnChange

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE] Update package info and changelog for loader-utils bump to 2.0.4 fixing CVE-2022-37599 and CVE-2022-37603 (#3031)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fixes misleading embeddable plugin error message (#3043)

Resolves #1479
Resolves #3083

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Vis Builder] Add redux store persistence (#3088)

* add redux store persistence

implement persistence without using state container or state sync utils, and it
works with both the URL and session storage.

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* changelog and rebase

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Console log the error

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* rebase and changelog

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* add unit tests

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Adds config override to fix obsolete theme:version config value of v8 (beta) rendering issue (#3045)

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Adds retrying flaky jest tests (#2967)

Signed-off-by: Miki <amoo_miki@yahoo.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD] Improve test connection (#3110)

Signed-off-by: Su <szhongna@amazon.com>

Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Bump node version from 14.20.0 to 14.20.1 to resolve CVE-2022-35256 (#3166)

* Bump node version from 14.20.0 to 14.20.1 to resolve CVE-2022-35256

Signed-off-by: Zilong Xia <zilongx@amazon.com>

* Update the PR number in CHANGELOG

Signed-off-by: Zilong Xia <zilongx@amazon.com>

Signed-off-by: Zilong Xia <zilongx@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CI] update yarn timeout for GitHub workflow on Windows (#3118)

Yarn 1.x seems to have an issue with timing on windows and
mac when running.

Source:
https://github.com/yarnpkg/yarn/issues/8242#issuecomment-776561223

Increase timeout for Windows only.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Updated MAINTAINERS.md to match recommended opensearch-project format. (#3180)

Signed-off-by: dblock <dblock@amazon.com>

Signed-off-by: dblock <dblock@amazon.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CI] Record functional test artifacts in case of failure (#3190)

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Increase timeout waiting for the exiting of an optimizer worker (#3193)

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CI] Improve yarn's performance in workflows by caching yarn's cache folder (#3194)

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Vis Builder] Add app filter and query persistence without using state container (#3100)

* connect without container

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Query and filter persistence working

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Rebase and changelog

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Simplify filter management

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* change function name

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* add unit test for function connect storage to query

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* changelog change

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* add comments and functional documentation in readme

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* add more documentation in data persistence readme about vis builder persistence

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* error handling

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* add function definition in data plugin api doc

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* document and comments

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* test (#3197)

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Update json5 to 1.0.2 and 2.2.3 (#3201)

* Update json5 to 1.0.2 and 2.2.3

Signed-off-by: Matt Provost <provomat@amazon.com>

* Update changelog

Signed-off-by: Matt Provost <provomat@amazon.com>

Signed-off-by: Matt Provost <provomat@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Chore] Add `vega-lite` v5 dependency and bundle from source (#3076)

* [Chore] Add vega-lite v5 dep and bundle from source

- Add vega-lite@^5.6.0 dependency
- Update webpack config to build `vega-lite` from typescript source to target es5
- Add babel plugin for logical assignment operators
- Selectively import only the vega-lite modules used
- Update vega_parser tests

Co-authored-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Chore] Update vega-lite defaults and tests to v5

- Add test case for older vega-light spec parsing
- Update default schema version in default spec, test specs, mocked saved objects
- Fix indentation of comments in default spec
- Update jest mock imports to use `vega-lite`

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Feature] Allow order control in `createAggConfig` (#3160)

* [Feature] Allow order control in `createAggConfig`

Add new optional boolean param that adds the new `AggConfig` to the beginning of the array rather than the end.
Makes it easier to work with Pie or other visualizations with `Schemas` that set `mustBeFirst`

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Chore] Add changelog

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [VisBuilder] Adds field unit tests (#3211)

* Adds field tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds changelog

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fix bug that prevents selected join field to be used (#3213)

Remove setting join field even if it is already set.

Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com>

Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [VisBuilder] fixes filters for table visualisation (#3210)

* fixes table vis for filter aggregation types

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Fixes filter and add error boundry

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds changelog

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [VisBuilder] Fixes pipeline aggs (#3137)

* fixes pipeline aggs in visbuilder

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* adds changelog

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds unit tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* fixes pipeline aggs in visbuilder

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* adds changelog

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds unit tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* fixes unit tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add v2.5.0 release notes (#3234)

* Add v2.5.0 release notes

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Adds aliased vega-lite v5 dependency to the notes #3151

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Address feedback comments

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Add #3197 to notes

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Address feedback comments

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Address feedback comments

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Address feedback comments

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD]Update test connection button text (#3247)

Signed-off-by: Kristen Tian <tyarong@amazon.com>

Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Update text and include new changes in the release notes 2.5.0 (#3251)

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Chore] fix comment typo (#3239)

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Docs] Fix documentation link for date math (#3207)

- Add new documentation link
- move from `noDocumentation` to `opensearch`

fixes #2849

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fix detection of Chrome's version on Darwin (#3296)

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Maintenance] Bumps `re2` and `supertest` (#3018)

* Removes manual resolution on `qs`. The latest version of `supertest` depends on v6.11.0.
* Adds steps for upgrading `re2`.
* Addresses CVE-2022-24999 (no issue opened)

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add disablePrototypePoisoningProtection configuration (#2992)

Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE-2022-25860] Bumps simple-git from 3.15.1 to 3.16.0 (#3345)

Issue Resolved
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3329

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add 1.3.8 release notes (#3367)

* Create 1.3.8 release notes

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove unused tags

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove old changelog

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Fix typo

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Address comments

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Add PRs

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove unreleased PR

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove unreleased PR

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

---------

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add BWC tests for 2.6.0 (#3356)

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Prevent primitive linting limitations from being applied to unit tests found under `src/setup_node_env` (#3403)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Security] Bumps hapi/statehood to 7.0.4 (#3411)

Bump hapi/statehood to 7.0.4 to solve security concerns.

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3406

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE-2022-25881] Resolve http-cache-semantics to 4.1.1 (#3409)

Signed-off-by: Su <szhongna@amazon.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE-2023-25166] Bump formula to 3.0.1 (#3416)

* [CVE-2023-25166] Bumps formula to 3.0.1

Signed-off-by: Su <szhongna@amazon.com>
Co-authored-by: Miki <amoo_miki@yahoo.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add new ui setting for size (#3399)

Introduce new ui setting for custom vector map's size
parameter. The default value is 1000.
Users can increase this limit by updating this value
in Advanced Settings.

Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [search telemetry] Fixes search telemetry's observable object that won't be GC-ed (#3390)

The search telemetry was disabled by default, there is a issue when search telemetry read configuration and creates an Observable object that won't be GC-ed.

Signed-off-by: Tao Liu <liutaoaz@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Corrects NOTICE file copyright date range (#3308)

* Corrects NOTICE file copyright date range

* Follow-up on #3051

Resolves #765

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Co-authored-by: Zhongnan Su <szhongna@amazon.com>
Co-authored-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358 (#3359)

* Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

---------

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Added untriaged issue workflow. (#3427)

* Created untriaged issue workflow.

Signed-off-by: dblock <dblock@amazon.com>

* Remove existing untriaged workflow with wrong name

Signed-off-by: Josh Romero <rmerqg@amazon.com>

---------

Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD] Support SigV4 as a new auth type of datasource (#3058)

* [Multiple DataSource] Add support for SigV4 authentication

Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Allow relaxing the Node.js runtime version requirement (#3402)

With this change, the `engines.node` of `package.json` need not be a fixed version; it can be a range using a subset of formats defined by `semver`.

A very limited subset of what [semver](https://github.com/npm/node-semver/blob/cb1ca1d5480a6c07c12ac31ba5f2071ed530c4ed/README.md#ranges) supports has been added; only a single comparator, composed of an operator and a version, is supported.

The supported operators are
 *   `>`    Greater than
 *   `>=`   Greater than or equal to
 *   `=`    Equal
 *   `~`    Tilde ranges: Allows patch changes if a minor version is specified but if only a major version is specified, it allows minor changes.
 *   `^`    Caret ranges: Allows patch and minor updates when major is non-zero (and we will never have that).

If no operator is specified, equality is assumed.

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE-2023-25653] Bump node-jose to 2.2.0 (#3445)

Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Upgrade yarn version to be compatible with @openearch-project/opensearch (#3443)

* upgrade yarn version to 1.22.10 to be compatible with @openearch-project/opensearch

Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Make build scripts find and use the latest version of Node.js that satisfies `engines.node` (#3467)

* While building distributables, Node.js runtime is downloaded to be placed in the archivea. This logicwas modified to honor a range for `engines.node` by fetching the latest release of Node.js that satisfied the range.
* Some tests covering the build, read a version from `.node-version` to compare with the results of actual function runs; these were changed to either use mocked values or honor the range and use the latest Node.js version.
* Some variable and functions referred to `engines.node` as a version; they were corrected to call it a range.

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Relax Node.js version to `^14.20.1` and bump `.nvmrc` to `v14.21.3` (#3463)

* `engines.node` is relaxed from `14.20.1` to `^14.20.1`: yarn and OSD will allow versions 14.20.1 or greater, but less than 15, to be used but do not impose upgrading to avoid being a breaking change. Users will be able to install any version of Node.js that satisfies `^14.20.1`, moving ahead without waiting for a change in OSD when new versions are released.
* `.nvmrc` is bumped to the latest security patch: `14.21.3`

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD] Integrate test connection to support SigV4 auth type (#3456)

Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add 2.6 release note (#3484)

* a

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* Add 2.6 release note

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* Update release-notes/opensearch-dashboards.release-notes-2.6.0.md

Co-authored-by: Josh Romero <rmerqg@amazon.com>

---------

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* docs(DEVELOPER_GUIDE): Make getting started comprehensive and reorganize (#3421)

* docs(DEVELOPER_GUIDE): Make getting started comprehensive and reorganize

Enhance getting started guide for new contributors
- Add key technology breakdown with links to code guidelines
- Add robust prerequisite guide
- Clarify forking workflow
- Explain bootstrapping
- Distinguish between recommended and optional/alternative steps
- Add OS-specific guidance
- Add tarball usage instructions

Make other developer guide improvements:
- Update TOC
- Remove callout linking to EUI docs
- Reorder code guidelines
- Standardize header capitalization and make usage guide headers imperative

fixes #3396

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [BUG][TSVB] Fix serial diff agg link (#3503)

Doc link was invalid and causing an undefined error. This
prevented the UI from mounting properly.

Issue(s) resolved:
* https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3498
* https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3327

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Remove the unused `renovate.json5` file (#3489)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Docs] fix typo in TSVB README (#3518)

Fixes a small typo in TSVB README.md file.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Update caniuse to fix failed integration tests (#3538)

Ran npx browserslist@latest --update-db to update caniuse package so
the integration tests will pass.

Issue:
n/a

Will be fixed in:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2329

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE-2023-26486][CVE-2023-26487] Bump vega from 5.22.1 to 5.23.0 (#3533)

Bump vega from 5.22.1 to 5.23.0. This will also bump vega-function
from 5.13.0 to 5.13.1.

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3526
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3525

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Dev] enable `opensearch snapshot` for Darwin (#3537)

Enable the downloading of Darwin for running the command
`yarn opensearch snapshot`.

Darwin is not officially supported but snapshots are being
built here:
https://build.ci.opensearch.org/job/distribution-build-opensearch/

Issue resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2944

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Simplifies `re2` upgrade instructions (#3328)

* Follow-up from #3018

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Point in time management plugin and empty state (#2813)

* point in time management plugin and empty state

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* updated to new license header

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Vis Builder] Rename wizard on save modal and visualization table (#2645)

* Rename wizard on save modal and visualization table

Change the wizard reference in save modal title, toggle and visualization table

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Save visualization on save modal, VisBuilder for chart type

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* No experimental flag

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [@osd/cross-platform] Adds cross-platform helpers (#2681)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Change save object type, wizard id and name to visBuilder (#2673)

* Change save object type, wizard ID and Name to visBuilder

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Rename wizard in functional tests

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Finalize plugin-id and plugin-name and saved-object-type

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Change official name to VisBuilder

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Delete migration

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Fix functional test

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Update snapshot

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 (#2689)

* [CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601

Signed-off-by: Zilong Xia <zilongx@amazon.com>

* Update CHANGELOG.md

Signed-off-by: Zilong Xia <zilongx@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Add extension point in saved object management to register namespaces and show filter (#2656)

* Create filter registry for saved object management to make filters extensible

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* WIP on making fetchCounts generic

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* First step at making scroll_counts generic

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Work on getting other filter counts with same object count endpoint

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Get tenant count options to display

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Extend find to work with namespaces for saved objects

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add missing filterFields

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Update jest tests

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Update saved_objects_table snapshot

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Append index to id to make unique

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add semi-colon

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Fix saved objects table tests with new id scheme

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Only append idx on config type to ensure Advanced Settings have a unique id across tenants

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Remove itemsClone in favor of showing only Advanced Settings of current tenant

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Revert snapshots in table.test.tsx

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add additional parse_query test

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add comma

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Create namespaceRegistry to decouple security dashboards plugin and osd core

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add ability to register an alias

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Update parse query and add to CHANGELOG

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Remove commented out code

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Address code review comments

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Override i18n if alias is regitered

Signed-off-by: Craig Perkins <cwperx@amazon.com>

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Removed Leftover X Pack references #2517 (#2638)

x-pack references in the code are removed as per the given files in #2517

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2517

Signed-off-by: vimal K <vimalinfo10@gmail.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Revert "[@osd/cross-platform] Adds cross-platform helpers (#2681)" (#2694)

This reverts commit 887093d2d243045029b644680a3e8d0150318143.

Now that downstream plugins and projects are unblocked from builds, we want to make these changes following our standard processes and automated checks

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [MD] Add design documents of multiple data source feature (#2538)

* Add MD design documents, including high level design, user stories, client management detailed design

Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Adds @osd/cross-platform (#2703)

* Adds helper functions, @osd/cross-platform, to work around the differences of platforms

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [MD]Update MD data source documentation link (#2693)

Signed-off-by: Kristen Tian <tyarong@amazon.com>

Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Add `Skip-Changelog` label to skip changelog verification on certain PRs (#2726)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Enable visbuilder by default (#2725)

* Enable visbuilder by default

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds changelog entry

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Save Object Aggregation View] Fix for export all after scroll count response changed in PR#2656 (#2696)

* Fix for filterSavedObjectCounts for namespaceRegistry

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Fix saved_objects_table.test.tsx

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add to CHANGELOG

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Correct reference to namespacesToInclude

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Use filteredTypeCounts

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Use namespaces similar to types for fetchObjects

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Use _all to represent query for all namespaces

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Pass all registered namespaces

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Switch back signature of scroll_count

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Change countOptions to options

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Use not not instead of in

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Filter namespaces to only include namespace that have been registered

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add filterQuery with tests

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Update license headers and address review comments

Signed-off-by: Craig Perkins <cwperx@amazon.com>

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Update backport workflow to ignore changelog conflicts (#2729)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Tweak multiple data source design doc (#2724)

Signed-off-by: Kristen Tian <tyarong@amazon.com>

Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Chore] Refactor and improve Discover field summaries (#2391)

* [Chore] Refactor and improve field summaries

* Convert to typescript
* Fix types
* Add tests

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Test] Update functional test

Groups are now naturally sorted by key, which requires selecting a different date filter

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Chore] Add changelog entry

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Chore] Refactor columns passing, fix bugs

* pass columns explicitly as props
* fix branding in core mocks
* fix `toBeUndefined()` usage in tests
* remove leftover comment
* fix test subject
* condense types

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Removes Add Integration button (#2723)

* Removes Add Integration button

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2684

Signed-off-by: Bandini Bhopi <bandinib@amazon.com>

* Adds changelog entry

Signed-off-by: Bandini Bhopi <bandinib@amazon.com>

Signed-off-by: Bandini Bhopi <bandinib@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Prevent backport workflow from running on umerged PRs (#2746)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Vis Builder] Enable VisBuilder cypress tests (#2728)

* Enable VisBuilder cypress tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds changelog and fix env

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Run all tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [CI] update backport custom branch name (#2766)

GitHub action for backporting got updated to change custom branch
to head template.

This was causing issues in clean up and skipping steps.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Legacy Maps Plugin] Prevent reverse-tabnabbing (#2540)

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* change geckodriver version to make consistency (#2772)

* change geckodriver version to make consistency

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2771

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* combine https-proxy-agent in yarn.lock

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Vis Builder] Add an experimental table visualization in vis builder (#2705)

* [Vis Builder] Add an experimental table visualization in vis builder

In this PR, we hook up an experimental table vis in vis builder. This
table vis is a refactor of previous table. It is written in React and
DataGrid component.

In this PR, we did two main things:
* add an experimental table visualization
* enable it in vis builder

Issue Resolved (hook up table in vis builder):
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2704

The experimental table vis has all the features from current table, including
* restore table vis in react using a Datagrid component
* datagrid component does not support splitted grids. For future transfer
to OUI Datagrid, we create a tableGroup in visData for splitted grids.
* restore basic pagenation, sort and format.
* implement datagrid columns
* display column title correctly
* deangular and re-use formatted column
* convert formatted column to data grid column
* restore filter in and filter out value functions
* format table cell to show Date and percent
* restore showTotal feature: it allows table vis to show total,
avg, min, max and count statics on count
* restore export csv feature to table vis
* split table in rows and columns

Beside of restoring original features, there are some changes:

* [IMPROVE] remove repeated column from split tables
Currently, when we split table by columns, the split column is shown
both in the table title and as a separate column. This is not needed.
In this PR, we remove the repeated column in split tables in col.
* [NEW FEATURE] adjustable table column width
In the new table visualization, customer can adjust the column width
as needed.

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2212
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2213
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2305
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2379
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2579

Since this is a hookup PR, we remove un-used table vis types and options
because they could be defined in vis builder.

We also create follow up issues for some un-resolved PR comments.

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* remove unused scss tyle

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* remove total func and percentage col

total func and percentage col are two features that we might
need to remove or re-invent for future table vis. For hookup
purpose, it doesn't make sense to include some features that
we would like to remove.

this PR removes total func and percentage col in both table
vis and vis builder

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* comment out cellActions
currently filter in/out cell doesn't function in vis builder.
we will coumment out cell actions for now.

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Security-CVEs fixes guidelines (#2674)

* Security-CVEs fixes guidelines

Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>

* styling

Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>

* add example

Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>

* add documention

Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>

Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [MD] Update default audit log path (#2793)

- Fix the /tmp path issue seen on windows platform.
- Change audit log to disable by default.

Signed-off-by: Kristen Tian <tyarong@amazon.com>

Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Vis Builder] Add field summary popovers (#2682)

* [Vis Builder] Add field summary popovers

Much of the functionality was ported from `Discover`, but
largely refactored.

* Add utilities to get sampled hit summaries by field
* Add popover summaries
* Slight refactor of special `Count` pseudofield
* Use observable subscription to update sampled hits

Fixes #950

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Vis Builder] Add additional unit tests

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [VisBuilder] Update naming of summary field components

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [VisBuilder] Avoid prop passing by extracting custom hooks

- refactor meta field identification

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [VisBuilder] Add TODOs with issue links, fix test ID

Restores previous test ID for count field button

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Bump makelogs to remove dependency on got (#2801)

* Also dusted off the lock file a bit

Fixes #1764

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Change VisBuilder flag for docker config (#2804)

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* addressed review comments

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* addressed review comments

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* addressed review comments

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* updated unit tests

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* dummy commit to retry build

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* address suggestions

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

Signed-off-by: Ajay Gupta <ajyg@amazon.com>
Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Zilong Xia <zilongx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: vimal K <vimalinfo10@gmail.com>
Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Bandini Bhopi <bandinib@amazon.com>
Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
Co-authored-by: Ajay Gupta <ajyg@amazon.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Co-authored-by: Miki <miki@amazon.com>
Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com>
Co-authored-by: Craig Perkins <craig5008@gmail.com>
Co-authored-by: Vimal K <35750792+vimalMK@users.noreply.github.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Zhongnan Su <szhongna@amazon.com>
Co-authored-by: Kristen Tian <105667444+kristenTian@users.noreply.github.com>
Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
Co-authored-by: Craig Perkins <cwperx@amazon.com>
Co-authored-by: Bandini <63824432+bandinib-amzn@users.noreply.github.com>
Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: himsgupta1122 <115103225+himsgupta1122@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

---------

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>
Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Yan Zeng <zengyan@amazon.com>
Signed-off-by: Zilong Xia <zilongx@amazon.com>
Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Signed-off-by: Matt Provost <provomat@amazon.com>
Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com>
Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>
Signed-off-by: Tao Liu <liutaoaz@amazon.com>
Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>
Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: vimal K <vimalinfo10@gmail.com>
Signed-off-by: Bandini Bhopi <bandinib@amazon.com>
Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
Co-authored-by: Miki <miki@amazon.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Co-authored-by: Manideep Pabba <109986843+mpabba3003@users.noreply.github.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Co-authored-by: Kristen Tian <105667444+kristenTian@users.noreply.github.com>
Co-authored-by: Daniel (dB.) Doubrovkine <dblock@dblock.org>
Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
Co-authored-by: Zhongnan Su <szhongna@amazon.com>
Co-authored-by: Yan Zeng <46499415+zengyan-amazon@users.noreply.github.com>
Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com>
Co-authored-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Co-authored-by: Daniel (dB.) Doubrovkine <dblock@amazon.com>
Co-authored-by: Matt Provost <provomat@amazon.com>
Co-authored-by: Miki <amoo_miki@yahoo.com>
Co-authored-by: Vijayan Balasubramanian <vijayan.balasubramanian@gmail.com>
Co-authored-by: Aozixuan Priscilla Guan <92183424+aoguan1990@users.noreply.github.com>
Co-authored-by: Vijayan Balasubramanian <balasvij@amazon.com>
Co-authored-by: Tao Liu <33105471+Flyingliuhub@users.noreply.github.com>
Co-authored-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>
Co-authored-by: Derek Ho <derek01778@gmail.com>
Co-authored-by: Ajay Gupta <116780042+ajygupta@users.noreply.github.com>
Co-authored-by: Ajay Gupta <ajyg@amazon.com>
Co-authored-by: Craig Perkins <craig5008@gmail.com>
Co-authored-by: Vimal K <35750792+vimalMK@users.noreply.github.com>
Co-authored-by: Craig Perkins <cwperx@amazon.com>
Co-authored-by: Bandini <63824432+bandinib-amzn@users.noreply.github.com>
Co-authored-by: himsgupta1122 <115103225+himsgupta1122@users.noreply.github.com>
sikhote pushed a commit to sikhote/OpenSearch-Dashboards that referenced this pull request Apr 24, 2023
…t#2918)

Currently, the new table can not format Url. If we
set to use URL format in index pattern field, table
will display it as string.

In this PR, we switch the format from string to html.
To make html understandable by react as a DOM element,
we use dangerouslySetInnerHTML to transform it. For the
security, since the content is not from random input but
fetched from stored data, we should be safe as long as
data is not messed.

To provide more security protection, we also add dompurify
package to sanitize the html content.

Issue Resolved:
opensearch-project#2905

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: David Sinclair <david@sinclair.tech>
sikhote pushed a commit to sikhote/OpenSearch-Dashboards that referenced this pull request Apr 24, 2023
…t#2918)

Currently, the new table can not format Url. If we
set to use URL format in index pattern field, table
will display it as string.

In this PR, we switch the format from string to html.
To make html understandable by react as a DOM element,
we use dangerouslySetInnerHTML to transform it. For the
security, since the content is not from random input but
fetched from stored data, we should be safe as long as
data is not messed.

To provide more security protection, we also add dompurify
package to sanitize the html content.

Issue Resolved:
opensearch-project#2905

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: David Sinclair <david@sinclair.tech>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 2.x bug Something isn't working tableVis table visualization v2.5.0 'Issues and PRs related to version v2.5.0' visualizations Issues and PRs related to visualizations
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants