-
Notifications
You must be signed in to change notification settings - Fork 885
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump joi
to v14 to avoid the possibility of prototype poisoning in a nested dependency
#3952
Conversation
bafdd76
to
f33ecb0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@AMoo-Miki Do we need to update joi in osd-config-schema
as well?
"joi": "^13.5.2", |
|
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #3952 +/- ##
=======================================
Coverage 66.44% 66.44%
=======================================
Files 3229 3229
Lines 62068 62068
Branches 9599 9599
=======================================
Hits 41238 41238
Misses 18527 18527
Partials 2303 2303
Flags with carried forward coverage won't be shown. Click here to find out more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Would be great to get this into 2.7.
…a nested dependency Signed-off-by: Miki <miki@amazon.com>
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-3952-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 ca0bb8f63f5db103c4ea2ca21fd41dc66310d957
# Push it to GitHub
git push --set-upstream origin backport/backport-3952-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-2.x Then, create a pull request where the |
* Fix header icon (#3910) (#3915) * fixes header change * Update src/core/public/chrome/ui/header/header_help_menu.tsx * fixes snapshots --------- (cherry picked from commit 3cca088) Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Add server side private IP blocking for data source endpoints validation (#3912) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Docs (Jest): Update jest documentation links (#3931) Signed-off-by: Josh Romero <rmerqg@amazon.com> * Revert "[CCI] Replace jquery usage in console plugin with native methods (#3733)" (#3929) This reverts commit ffe4556. * [BUG][Dashboard listing] push to history if dashboard otherwise nav (#3922) History push will just to the current route. However, dashboardsProvider was implemented with the expectation that it was a different app. So when a plugin registered it was attempting to navigate to `app/dashboard#/app/{url}` Add tests and extra data test subject. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * remove jquery console release note for #3929 revert (#3930) Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> * [CCI] Update js-yaml to v4.0.5 (#3770) * Update js-yaml to 4.0.5 (#3659) * Update CHANGELOG.md (#3659) Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> --------- Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Update README.md (#3788) * Update README.md Signed-off-by: Melissa Vagi <vagimeli@amazon.com> * Update README.md Co-authored-by: Miki <amoo_miki@yahoo.com> --------- Signed-off-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> * Bump yaml to 2.2.2 (#3947) Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com> * Bump `joi` to v14 to avoid the possibility of prototype poisoning in a nested dependency (#3952) Signed-off-by: Miki <miki@amazon.com> * [Doc] Add communication guide (#3837) * docs(COMMUNICATION): Add communication guide with info on slack, forum, and developer office hours link from README, CONTRIBUTING, DEVELOPER_GUIDE Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> * Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976) The latest version of chromedriver is 112.0.1 which does not support node 14. This PR hardcodes chromedriver to 112.0.0 temporarily. Pls revert it once we bump to node 18. Issue Resolved #3975 Signed-off-by: ananzh <ananzh@amazon.com> * Fix wording and duplicate code in embeddable example plugin (#3911) * Fix wording and duplicate code in embeddable example plugin Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Fix some wording in the embeddable readme Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> --------- Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * [CI] setup Chrome and utilize binary path (#3997) Within the CI, the virtual runner that we are utilizing has Chrome installed already. The version of Chrome is installed periodically. The most recent version of Chrome requires updates to dependencies that drop support for Node 14. This downloads chrome in the CI and then checks the chromedriver from the environment variable `TEST_BROWSER_BINARY_PATH`. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [Dashboards listing] fix listing limit (#4021) Initial page size was passed to the search function instead of the listing limit causing the max amount received to be significantly less than the previously implementation. Saved objects per page is `20` by default and the listing limit per page is `1000` by default. Issue: #4017 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [CCI] Fix EUI/OUI type errors (#3798) * Update find_test_subject imports for tests Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Update to available imports for findTestSubject Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Fix available import for Query and custom icon Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Add changelog entry Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Add ts-ignore Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> --------- Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> * Fix bottom bar visibility using create portal (#3336) (#3978) Signed-off-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Andrey Myssak <andreymyssak@gmail.com> * Adds threshold to code coverage changes for project (#4040) * Fixes code coverage workflow failures for the project test due to inderect flakey changes Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds changelog Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> --------- Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Updates PR template for screenshots and test instructions (#4042) Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Replace re2 with RegExp in timeline and add unit tests (#3908) Remove re2 usage and replace it with JavaScript built-in RegExp object. Also add more unit tests to make sure that using RegExp has same expressions as using re2 library. Issue Resolve #3901 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * [Console] [CCI] Remove unused ul element and its custom styling. (#3993) * remove unused ul element Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update CHANGELOG.md Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Add 1.3.10 release note (#4060) (#4063) * Add release note for 1.3.10 * Address comments and add one CVE PR --------- (cherry picked from commit 4371587) Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * [Multiple Datasource] Support Amazon OpenSearch Serverless (#3957) * [Multiple Datasource]Support Amazon OpenSearch Serverless in SigV4 * remove experimental text in yml * Refactor create data source form for authentication Signed-off-by: Su <szhongna@amazon.com> * Remove Sass from `tile_map` plugin (#4110) * Remove Sass from tile_map plugin Signed-off-by: Matt Provost <provomat@amazon.com> * Update changelog Signed-off-by: Matt Provost <provomat@amazon.com> --------- Signed-off-by: Matt Provost <provomat@amazon.com> * Design for New Saved Object Service Interface for Custom Repository (#3954) * Adds design document for new saved object service interface for custom repository Signed-off-by: Bandini Bhopi <bandinib@amazon.com> * enhance grouping for context menu options (#3924) * enhance grouping for context menu options * build panels tests and more comments Signed-off-by: David Sinclair <dsincla@rei.com> --------- Signed-off-by: David Sinclair <david@sinclair.tech> Signed-off-by: David Sinclair <dsincla@rei.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Adding Tao and Zilong to MAINTAINERS (#4137) * Adding Tao and Zilong to MAINTAINERS Signed-off-by: Yan Zeng <zengyan@amazon.com> * [MD]Update data-test-subj for functional tests & fix bug in edit flow (#4126) Signed-off-by: Su <szhongna@amazon.com> * Add support for Node.js >=14.20.1 <19 (#4071) * Bump Node.js requirements to 18 Signed-off-by: Miki <miki@amazon.com> * Replace `lmdb-store` with `lmdb` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Bump `elastic-apm-node` to the latest minor Signed-off-by: Miki <miki@amazon.com> * Replace webpack and plugins with a patched version that uses xxhash64 * Use `xxhash64` as the hashing algorithm of webpack * Upgrade `globby` * Remove `fibers` Signed-off-by: Miki <miki@amazon.com> * Replace `fs.rmdir` with `fs.rm` in cross-platform tests Signed-off-by: Miki <miki@amazon.com> * Increase listener limit Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Add promise-stripping serializer Signed-off-by: Miki <miki@amazon.com> * Bump heap for CI Signed-off-by: Miki <miki@amazon.com> * Correct use of fs/promises in @osd/pm Signed-off-by: Miki <miki@amazon.com> * Use fs/promise in plugin post-install cleanup Signed-off-by: Miki <miki@amazon.com> * Set the test server's host to `0.0.0.0` Signed-off-by: Miki <miki@amazon.com> * Sync `.node-version` file Signed-off-by: Miki <miki@amazon.com> * Support both `isPrimary`, for Node 18, and `isMaster`, for Node 14 Signed-off-by: Miki <miki@amazon.com> * Add types when using `isDeepStrictEqual` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Add names to `SchemaError` to log more specific errors Signed-off-by: Miki <miki@amazon.com> * Fix failing vega visualization tests outside the CI Signed-off-by: Miki <miki@amazon.com> * Fix snapshot of errors thrown for undefined accessors Signed-off-by: Miki <miki@amazon.com> * Fix flakiness of log_rotator Signed-off-by: Miki <miki@amazon.com> * Fix asynchronous `fs` usafe in plugin discover Signed-off-by: Miki <miki@amazon.com> * Fix mocks in @osd/optimizer Signed-off-by: Miki <miki@amazon.com> * Fix memory leaks caused by setting states on unloaded components Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Bump Node in Dockerfile Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Remove the response `close` event as an indicator of the requesting finishing #3601 (comment) Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * [BWC] Timeout after 3 mins of waiting for OSD to be running in tests Signed-off-by: Miki <miki@amazon.com> * Make build use the same node version that tests are run against Signed-off-by: Miki <miki@amazon.com> * Make Node resolve DNS by IPv4 first * This is helpful to resolve `locahost` to `127.0.0.1` Signed-off-by: Miki <miki@amazon.com> * Standardize patterns used by plugin discovery * Enhance absolute path serialization on Windows Signed-off-by: Miki <amoo_miki@yahoo.com> * Mock fetch in SenseEditor tests Signed-off-by: Miki <amoo_miki@yahoo.com> * Restore node-sass usage to fix build performance * `sass-loader@10` is the last version that supports webpack@4 * `sass` is extremely slow when using the legacy API (`render`) and to use the "Modern API" (`compileStringAsync`), `sass-loader@13` would be needed. * The performance of `sass@10` is made acceptable only with `fibers` but that is deprecated and doesn't work on Node 18 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Miki <miki@amazon.com> * Revert "[CI] setup Chrome and utilize binary path (#3997)" This reverts commit 0188d05 Signed-off-by: Miki <miki@amazon.com> * Prevent fast-fail while running functional test in CI Signed-off-by: Miki <miki@amazon.com> * Revert "Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976)" This reverts commit 5ea0cbe. Signed-off-by: Miki <miki@amazon.com> * Save Cypress results artifacts during CI Signed-off-by: Miki <miki@amazon.com> * Add missing required dependency on `set-value` * Also force all to ^4.1.0 due to a vulnerability fixed in 3.1.0. Signed-off-by: Miki <miki@amazon.com> * Prevent multiple calls to bootstrap's shutdown Signed-off-by: Miki <miki@amazon.com> * Use Node 18.16.0 in distributions * Bump jest-canvas-mock to fix failing tests * Extend Node engines versions Signed-off-by: Miki <miki@amazon.com> * Normalize test snapshots across Node 14, 16, and 18 Signed-off-by: Miki <miki@amazon.com> * Update CHANGELOG for Node.js >=14.20.1 <19 support Signed-off-by: Miki <miki@amazon.com> --------- Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Remove timeline application (#3971) * Remove timeline application In this PR, we made the following changes: First of all, clean out some advanced settings specific to timeline application and tests. * Remove timelion:default_rows: This setting defines the default number of rows that a new Timelion sheet should have. * Remove timelion:default_rows: This setting defines the default number of columns that a new Timelion sheet should have. * Remove timelion:showTutorial. Second, remove src/plugin/timeline completely and modify timeline vis. Third, remove all the functional tests related to timeline application. Issue resolve #3519 #3593 Signed-off-by: ananzh <ananzh@amazon.com> --------- Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: ananzh <ananzh@amazon.com> * Use `exec` in the CLI shell scripts to prevent new process creation (#3955) Signed-off-by: Miki <miki@amazon.com> * chore (lychee): Add company.net to exclusion list (#4171) Signed-off-by: Josh Romero <rmerqg@amazon.com> * Bundle Node 14 as a fallback for operating systems that cannot run Node 18 (#4151) Signed-off-by: ananzh <ananzh@amazon.com> Signed-off-by: Miki <miki@amazon.com> * Refactor authentication description message (#4179) resolves #4173 Signed-off-by: Su <szhongna@amazon.com> --------- Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> Signed-off-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: ananzh <ananzh@amazon.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> Signed-off-by: Sergey Myssak <sergey.myssak@gmail.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Matt Provost <provomat@amazon.com> Signed-off-by: Bandini Bhopi <bandinib@amazon.com> Signed-off-by: David Sinclair <david@sinclair.tech> Signed-off-by: David Sinclair <dsincla@rei.com> Signed-off-by: Yan Zeng <zengyan@amazon.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Ashish Agrawal <ashisagr@amazon.com> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Kristen Tian <105667444+kristenTian@users.noreply.github.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Co-authored-by: Andrey Myssak <40265277+andreymyssak@users.noreply.github.com> Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> Co-authored-by: Manasvini B Suryanarayana <manasvis@amazon.com> Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Co-authored-by: Alexei Karikov <karikov.alist.ru@gmail.com> Co-authored-by: Andrey Myssak <andreymyssak@gmail.com> Co-authored-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Zhongnan Su <szhongna@amazon.com> Co-authored-by: Matt Provost <provomat@amazon.com> Co-authored-by: Bandini <63824432+bandinib-amzn@users.noreply.github.com> Co-authored-by: David Sinclair <24573542+sikhote@users.noreply.github.com> Co-authored-by: Yan Zeng <46499415+zengyan-amazon@users.noreply.github.com>
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-2.8 2.8
# Navigate to the new working tree
pushd ../.worktrees/backport-2.8
# Create a new branch
git switch --create backport/backport-3952-to-2.8
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 ca0bb8f63f5db103c4ea2ca21fd41dc66310d957
# Push it to GitHub
git push --set-upstream origin backport/backport-3952-to-2.8
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-2.8 Then, create a pull request where the |
…e poisoning in a nested dependency Backport PR opensearch-project#3952 Signed-off-by: Miki <miki@amazon.com>
…e poisoning in a nested dependency Backport PR opensearch-project#3952 Signed-off-by: Miki <miki@amazon.com>
…e poisoning in a nested dependency Backport PR opensearch-project#3952 Signed-off-by: Miki <miki@amazon.com>
…e poisoning in a nested dependency Backport PR opensearch-project#3952 Signed-off-by: Miki <miki@amazon.com>
…e poisoning in a nested dependency Backport PR opensearch-project#3952 Signed-off-by: Miki <miki@amazon.com>
* Fix header icon (#3910) (#3915) * fixes header change * Update src/core/public/chrome/ui/header/header_help_menu.tsx * fixes snapshots --------- (cherry picked from commit 3cca088) Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Add server side private IP blocking for data source endpoints validation (#3912) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Docs (Jest): Update jest documentation links (#3931) Signed-off-by: Josh Romero <rmerqg@amazon.com> * Revert "[CCI] Replace jquery usage in console plugin with native methods (#3733)" (#3929) This reverts commit ffe4556. * [BUG][Dashboard listing] push to history if dashboard otherwise nav (#3922) History push will just to the current route. However, dashboardsProvider was implemented with the expectation that it was a different app. So when a plugin registered it was attempting to navigate to `app/dashboard#/app/{url}` Add tests and extra data test subject. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * remove jquery console release note for #3929 revert (#3930) Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> * [CCI] Update js-yaml to v4.0.5 (#3770) * Update js-yaml to 4.0.5 (#3659) * Update CHANGELOG.md (#3659) Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> --------- Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Update README.md (#3788) * Update README.md Signed-off-by: Melissa Vagi <vagimeli@amazon.com> * Update README.md Co-authored-by: Miki <amoo_miki@yahoo.com> --------- Signed-off-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> * Bump yaml to 2.2.2 (#3947) Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com> * Bump `joi` to v14 to avoid the possibility of prototype poisoning in a nested dependency (#3952) Signed-off-by: Miki <miki@amazon.com> * [Doc] Add communication guide (#3837) * docs(COMMUNICATION): Add communication guide with info on slack, forum, and developer office hours link from README, CONTRIBUTING, DEVELOPER_GUIDE Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> * Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976) The latest version of chromedriver is 112.0.1 which does not support node 14. This PR hardcodes chromedriver to 112.0.0 temporarily. Pls revert it once we bump to node 18. Issue Resolved #3975 Signed-off-by: ananzh <ananzh@amazon.com> * Fix wording and duplicate code in embeddable example plugin (#3911) * Fix wording and duplicate code in embeddable example plugin Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Fix some wording in the embeddable readme Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> --------- Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * [CI] setup Chrome and utilize binary path (#3997) Within the CI, the virtual runner that we are utilizing has Chrome installed already. The version of Chrome is installed periodically. The most recent version of Chrome requires updates to dependencies that drop support for Node 14. This downloads chrome in the CI and then checks the chromedriver from the environment variable `TEST_BROWSER_BINARY_PATH`. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [Dashboards listing] fix listing limit (#4021) Initial page size was passed to the search function instead of the listing limit causing the max amount received to be significantly less than the previously implementation. Saved objects per page is `20` by default and the listing limit per page is `1000` by default. Issue: #4017 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [CCI] Fix EUI/OUI type errors (#3798) * Update find_test_subject imports for tests Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Update to available imports for findTestSubject Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Fix available import for Query and custom icon Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Add changelog entry Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Add ts-ignore Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> --------- Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> * Fix bottom bar visibility using create portal (#3336) (#3978) Signed-off-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Andrey Myssak <andreymyssak@gmail.com> * Adds threshold to code coverage changes for project (#4040) * Fixes code coverage workflow failures for the project test due to inderect flakey changes Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds changelog Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> --------- Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Updates PR template for screenshots and test instructions (#4042) Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Replace re2 with RegExp in timeline and add unit tests (#3908) Remove re2 usage and replace it with JavaScript built-in RegExp object. Also add more unit tests to make sure that using RegExp has same expressions as using re2 library. Issue Resolve #3901 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * [Console] [CCI] Remove unused ul element and its custom styling. (#3993) * remove unused ul element Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update CHANGELOG.md Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Add 1.3.10 release note (#4060) (#4063) * Add release note for 1.3.10 * Address comments and add one CVE PR --------- (cherry picked from commit 4371587) Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * [Multiple Datasource] Support Amazon OpenSearch Serverless (#3957) * [Multiple Datasource]Support Amazon OpenSearch Serverless in SigV4 * remove experimental text in yml * Refactor create data source form for authentication Signed-off-by: Su <szhongna@amazon.com> * Remove Sass from `tile_map` plugin (#4110) * Remove Sass from tile_map plugin Signed-off-by: Matt Provost <provomat@amazon.com> * Update changelog Signed-off-by: Matt Provost <provomat@amazon.com> --------- Signed-off-by: Matt Provost <provomat@amazon.com> * Design for New Saved Object Service Interface for Custom Repository (#3954) * Adds design document for new saved object service interface for custom repository Signed-off-by: Bandini Bhopi <bandinib@amazon.com> * enhance grouping for context menu options (#3924) * enhance grouping for context menu options * build panels tests and more comments Signed-off-by: David Sinclair <dsincla@rei.com> --------- Signed-off-by: David Sinclair <david@sinclair.tech> Signed-off-by: David Sinclair <dsincla@rei.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Adding Tao and Zilong to MAINTAINERS (#4137) * Adding Tao and Zilong to MAINTAINERS Signed-off-by: Yan Zeng <zengyan@amazon.com> * [MD]Update data-test-subj for functional tests & fix bug in edit flow (#4126) Signed-off-by: Su <szhongna@amazon.com> * Add support for Node.js >=14.20.1 <19 (#4071) * Bump Node.js requirements to 18 Signed-off-by: Miki <miki@amazon.com> * Replace `lmdb-store` with `lmdb` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Bump `elastic-apm-node` to the latest minor Signed-off-by: Miki <miki@amazon.com> * Replace webpack and plugins with a patched version that uses xxhash64 * Use `xxhash64` as the hashing algorithm of webpack * Upgrade `globby` * Remove `fibers` Signed-off-by: Miki <miki@amazon.com> * Replace `fs.rmdir` with `fs.rm` in cross-platform tests Signed-off-by: Miki <miki@amazon.com> * Increase listener limit Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Add promise-stripping serializer Signed-off-by: Miki <miki@amazon.com> * Bump heap for CI Signed-off-by: Miki <miki@amazon.com> * Correct use of fs/promises in @osd/pm Signed-off-by: Miki <miki@amazon.com> * Use fs/promise in plugin post-install cleanup Signed-off-by: Miki <miki@amazon.com> * Set the test server's host to `0.0.0.0` Signed-off-by: Miki <miki@amazon.com> * Sync `.node-version` file Signed-off-by: Miki <miki@amazon.com> * Support both `isPrimary`, for Node 18, and `isMaster`, for Node 14 Signed-off-by: Miki <miki@amazon.com> * Add types when using `isDeepStrictEqual` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Add names to `SchemaError` to log more specific errors Signed-off-by: Miki <miki@amazon.com> * Fix failing vega visualization tests outside the CI Signed-off-by: Miki <miki@amazon.com> * Fix snapshot of errors thrown for undefined accessors Signed-off-by: Miki <miki@amazon.com> * Fix flakiness of log_rotator Signed-off-by: Miki <miki@amazon.com> * Fix asynchronous `fs` usafe in plugin discover Signed-off-by: Miki <miki@amazon.com> * Fix mocks in @osd/optimizer Signed-off-by: Miki <miki@amazon.com> * Fix memory leaks caused by setting states on unloaded components Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Bump Node in Dockerfile Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Remove the response `close` event as an indicator of the requesting finishing #3601 (comment) Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * [BWC] Timeout after 3 mins of waiting for OSD to be running in tests Signed-off-by: Miki <miki@amazon.com> * Make build use the same node version that tests are run against Signed-off-by: Miki <miki@amazon.com> * Make Node resolve DNS by IPv4 first * This is helpful to resolve `locahost` to `127.0.0.1` Signed-off-by: Miki <miki@amazon.com> * Standardize patterns used by plugin discovery * Enhance absolute path serialization on Windows Signed-off-by: Miki <amoo_miki@yahoo.com> * Mock fetch in SenseEditor tests Signed-off-by: Miki <amoo_miki@yahoo.com> * Restore node-sass usage to fix build performance * `sass-loader@10` is the last version that supports webpack@4 * `sass` is extremely slow when using the legacy API (`render`) and to use the "Modern API" (`compileStringAsync`), `sass-loader@13` would be needed. * The performance of `sass@10` is made acceptable only with `fibers` but that is deprecated and doesn't work on Node 18 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Miki <miki@amazon.com> * Revert "[CI] setup Chrome and utilize binary path (#3997)" This reverts commit 0188d05 Signed-off-by: Miki <miki@amazon.com> * Prevent fast-fail while running functional test in CI Signed-off-by: Miki <miki@amazon.com> * Revert "Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976)" This reverts commit 5ea0cbe. Signed-off-by: Miki <miki@amazon.com> * Save Cypress results artifacts during CI Signed-off-by: Miki <miki@amazon.com> * Add missing required dependency on `set-value` * Also force all to ^4.1.0 due to a vulnerability fixed in 3.1.0. Signed-off-by: Miki <miki@amazon.com> * Prevent multiple calls to bootstrap's shutdown Signed-off-by: Miki <miki@amazon.com> * Use Node 18.16.0 in distributions * Bump jest-canvas-mock to fix failing tests * Extend Node engines versions Signed-off-by: Miki <miki@amazon.com> * Normalize test snapshots across Node 14, 16, and 18 Signed-off-by: Miki <miki@amazon.com> * Update CHANGELOG for Node.js >=14.20.1 <19 support Signed-off-by: Miki <miki@amazon.com> --------- Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Remove timeline application (#3971) * Remove timeline application In this PR, we made the following changes: First of all, clean out some advanced settings specific to timeline application and tests. * Remove timelion:default_rows: This setting defines the default number of rows that a new Timelion sheet should have. * Remove timelion:default_rows: This setting defines the default number of columns that a new Timelion sheet should have. * Remove timelion:showTutorial. Second, remove src/plugin/timeline completely and modify timeline vis. Third, remove all the functional tests related to timeline application. Issue resolve #3519 #3593 Signed-off-by: ananzh <ananzh@amazon.com> --------- Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: ananzh <ananzh@amazon.com> * Use `exec` in the CLI shell scripts to prevent new process creation (#3955) Signed-off-by: Miki <miki@amazon.com> * chore (lychee): Add company.net to exclusion list (#4171) Signed-off-by: Josh Romero <rmerqg@amazon.com> * Bundle Node 14 as a fallback for operating systems that cannot run Node 18 (#4151) Signed-off-by: ananzh <ananzh@amazon.com> Signed-off-by: Miki <miki@amazon.com> * Refactor authentication description message (#4179) resolves #4173 Signed-off-by: Su <szhongna@amazon.com> * [CI] skip checksum verification for cypress tests (#4188) Snapshot checksum verification caused failure in test runs: #4187 Skipping the verification to enable the tests run as the snapshot of OpenSearch should not impact the tests. Issue: n/a Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Adds plugin manifest config to define OpenSearch plugin dependency and verifies if it is installed (#3116) Resolves Issue -#2799 Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> * [Table Visualization] Remove custom styling for text-align:center in favor of OUI utility class. (#4164) * remove custom styling in favor of oui utility class Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update CHANGELOG.md Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Add new MAINTAINERS to CODEOWNERS file (#4199) * Add new code owners Signed-off-by: Tao Liu <liutaoaz@amazon.com> * modify changelog.md Signed-off-by: Tao Liu <liutaoaz@amazon.com> --------- Signed-off-by: Tao Liu <liutaoaz@amazon.com> * Add 2.8.0 release notes (#4204) * Add 2.8.0 release notes Co-authored-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Chore(CHANGELOG): Update with 2.7, 2.8 releases (#3890) * Chore(CHANGELOG): Update with 2.7 release * align changelog with 2.8 release notes * update 2.8 release notes * add 1.3.10 release notes to changelog --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> * [Saved Object Service] Adds Repository Factory Provider (#4149) * Adds Repository Factory Provider Signed-off-by: Bandini Bhopi <bandinib@amazon.com> * add category option for context menus (#4144) * enhance grouping for context menu options Signed-off-by: David Sinclair <david@sinclair.tech> * change log Signed-off-by: David Sinclair <david@sinclair.tech> * remove type export Signed-off-by: David Sinclair <david@sinclair.tech> * revert border and prevent destroy options Signed-off-by: David Sinclair <david@sinclair.tech> * update comments for building panels Signed-off-by: David Sinclair <dsincla@rei.com> * build panels tests and more comments Signed-off-by: David Sinclair <dsincla@rei.com> * add category option for context menus Signed-off-by: David Sinclair <dsincla@rei.com> * changelog Signed-off-by: David Sinclair <dsincla@rei.com> * add order to groups Signed-off-by: David Sinclair <dsincla@rei.com> * documentation, shorter copyrighty, minor cleanup Signed-off-by: David Sinclair <dsincla@rei.com> * changelog Signed-off-by: David Sinclair <dsincla@rei.com> --------- Signed-off-by: David Sinclair <david@sinclair.tech> Signed-off-by: David Sinclair <dsincla@rei.com> Signed-off-by: Ashish Agrawal <ashish81394@gmail.com> Co-authored-by: Ashish Agrawal <ashish81394@gmail.com> * [CCI] Add bluebird replaces for src/plugins/saved_objects (#4026) * Add bluebird replaces for src/plugins/saved_objects * Add changelog entry --------- Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Validate and correct change log after 2.8 release (#4275) Signed-off-by: Su <szhongna@amazon.com> --------- Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> Signed-off-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: ananzh <ananzh@amazon.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> Signed-off-by: Sergey Myssak <sergey.myssak@gmail.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Matt Provost <provomat@amazon.com> Signed-off-by: Bandini Bhopi <bandinib@amazon.com> Signed-off-by: David Sinclair <david@sinclair.tech> Signed-off-by: David Sinclair <dsincla@rei.com> Signed-off-by: Yan Zeng <zengyan@amazon.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Tao Liu <liutaoaz@amazon.com> Signed-off-by: Ashish Agrawal <ashish81394@gmail.com> Signed-off-by: Ashish Agrawal <ashisagr@amazon.com> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Kristen Tian <105667444+kristenTian@users.noreply.github.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Co-authored-by: Andrey Myssak <40265277+andreymyssak@users.noreply.github.com> Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> Co-authored-by: Manasvini B Suryanarayana <manasvis@amazon.com> Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Co-authored-by: Alexei Karikov <karikov.alist.ru@gmail.com> Co-authored-by: Andrey Myssak <andreymyssak@gmail.com> Co-authored-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Zhongnan Su <szhongna@amazon.com> Co-authored-by: Matt Provost <provomat@amazon.com> Co-authored-by: Bandini <63824432+bandinib-amzn@users.noreply.github.com> Co-authored-by: David Sinclair <24573542+sikhote@users.noreply.github.com> Co-authored-by: Yan Zeng <46499415+zengyan-amazon@users.noreply.github.com> Co-authored-by: Tao Liu <33105471+Flyingliuhub@users.noreply.github.com>
This didn't actually ship in 1.3.10, so I've updated the label. |
Backported to 2.x here #4206 |
…ity of prototype poisoning in a nested dependency (#4345) * [1.x backport] Bump `joi` to v14 to avoid the possibility of prototype poisoning in a nested dependency (#4211) Backport PR #3952 Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Miki <miki@amazon.com> (cherry picked from commit 4626066) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md * update changelog Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Description
The
clone
method inhoek@5
, a dependency ofjoi@13
, uses techniques that make prototype poisoning possible. The flaw doesn't exist inhoek@6
, a dependency ofjoi@14
.Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr