Bumps @microsoft/api-documenter and @microsoft/api-extractor
#1106
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Resolves opensearch-project#1063 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
added
dependencies
7 tasks
ananzh
approved these changes
Jan 7, 2022
zuochengding
approved these changes
Jan 7, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this pull request
Feb 10, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this pull request
Feb 10, 2022
# [28.1.0](elastic/elastic-charts@v28.0.1...v28.1.0) (2021-04-13) ### Bug Fixes * **legend:** sizing for short labels with scrollbar ([opensearch-project#1115](elastic/elastic-charts#1115)) ([ebf2552](elastic/elastic-charts@ebf2552)) * **xy:** negative bar highlight and click ([opensearch-project#1109](elastic/elastic-charts#1109)) ([065673c](elastic/elastic-charts@065673c)), closes [opensearch-project#1100](elastic/elastic-charts#1100) ### Features * **a11y:** improve chart figure ([opensearch-project#1104](elastic/elastic-charts#1104)) ([373ea72](elastic/elastic-charts@373ea72)) * **partition:** order slices and sectors ([opensearch-project#1112](elastic/elastic-charts#1112)) ([72c0d1b](elastic/elastic-charts@72c0d1b)) * **partitions:** small multipies events pass on smAccessorValue ([opensearch-project#1106](elastic/elastic-charts#1106)) ([0e1f7de](elastic/elastic-charts@0e1f7de)) * **xy:** optionally rounds the domain to nice values ([opensearch-project#1087](elastic/elastic-charts#1087)) ([9c2eefc](elastic/elastic-charts@9c2eefc)) * **xy:** specify pixel and ratio width for bars ([opensearch-project#1114](elastic/elastic-charts#1114)) ([6294d5f](elastic/elastic-charts@6294d5f)) * mosaic ([opensearch-project#1113](elastic/elastic-charts#1113)) ([15c0d78](elastic/elastic-charts@15c0d78))
ashwin-pc
added a commit
that referenced
this pull request
Feb 12, 2022
* [Git] update PR template (#937) Update template to remove javadoc check box since we do not have any javadocs and include how to run the tests we use to verify the build. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Add release notes for Dashboards 1.2.0 (#944) This is the backport PR for #944 Signed-off-by: Neumann <neumanns@amazon.com> * Add versioned document support in OSD This is PR is to add versioned document support in OSD. 1. Add logic to pick up doc version from package.json and convert it to `latest` if we are on default `main` branch. 2. Refactor doc_link_service to have 3 urls groups: opensearch, opensearchDashboards, and noDocumentation. 3. Update dynamic versioned doc links and clean up unused urls 4. Fix known url bug #769 5. Add unit tests for doclinks branch name conversion Signed-off-by: Zuocheng Ding <zding817@gmail.com> * [Branding] prevent logging when config not set (#941) Out of the box, the rendering service will check the config and see the default value and log an info message saying that the branding config is invalid or not set. Everytime you refresh the browser you will get those log messages. This sets it to only log error messages if the user sets the branding config and it is invalid. Include using default messages. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [Version] Increment to 2.0 (#973) Version bump from 1.2 to 2.0 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Add Lychee Link Checker into OSD (#938) 1. Fix broken links in OSD 2. Generate lycheeexcude list to filter out false negative warnings from test files or external links 3. Add TODO items for internal unavaiable links 4. Integrate with doc link service change. 5. Standardize all opensearch url with `https://opensearch.org/` and add unavilable urls into noDocument list Signed-off-by: Zuocheng Ding <zding817@gmail.com> * Fix Lychee Link Checker Error (#1011) Signed-off-by: Zuocheng Ding <zding817@gmail.com> * [CI] Add tests to github workflow Add unit tests to github workflow and also creating a "bad apples" environment variable. Some unit tests just fail on the CI for hardware issues. They should be improved but step one will be calling out the bad apples. Also due to the flakiness we can cache the previous run results and only run the tests that failed. It's too random to catch with the bad apples mechanism. But still added the continue on error for unit tests because it takes so long to re-run on the CI. So instead if it does fail we automatically echo there was a failure and ask them to re-run. However, if we can get permission for a github action that can add a comment to the PR then we could automatically add to PR. Next step will be improving. Also needed to limit the amount of workers because otherwise the hardware can't handle well so then it will accidentally create conflicts. This means we get an accurate test run but it is slower on the CI. Included integration tests which worked out of the box. Included e2e tests as well but it the chrome driver for the application was different from github's chrome so to run it I just upgraded it for the test run. Not ideal, ideally we should probably set up a docker env and install the specific versions since we are now depending on github's virtual env and the dependencies they installed there. But at least this is a first pace. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Add bwc tests for osd with bundle (#871) tests include the following cases: verify default page work verify advanced savings work verify filter and query work Disable eslint check Add eslint-disable comment Revise license content in plugins and support Simplify filter and query test modify test name and fix PR comment update license header and remove env files fix timestamp issue update eslint and license Particailly Resolved: opensearch-project/opensearch-build#705 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * Add more bwc tests for osd without bundles (#900) This PR adds the following bwc tests: 1) verify sample data work properly for bwc 2) verify timeline visualization work properly for bwc This PR also simplifies check_filter_and_query bwc test. It first removes Unique Visitors check because even fix the time interval, the number of unique visitors number is random. Then it simplifies this bwc test. add more tests in check_timeline and modify test names change one query content to make bwc tests more robust update license header add missing test and solve timestamp issue fix eslint and comments Partially Resolved: opensearch-project/opensearch-build#705 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * Add bwc test data for osd without bundle (#927) This PR contains 13 zipped bwc test data for osd without bundle. The data has been tested by osd-1.1 and osd-1.2. To use, here are the steps: 1)unzip the data to opensearch, for example: tar -xvf odfe-1.13.2.tar.gz You need to remove data folder first if there is one in opensearch 2)run opensearch: ./bin/opensearch 3)run dashboards: ./bin/opensearch-dashboards 4)run any cypress test Partically Resolved: opensearch-project/opensearch-build#705 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * Add bwc test data for osd with bundle (#940) This PR contains 13 zipped bwc test data for osd with bundle. The data has been tested by osd-1.1 and osd-1.2. To use, here are the steps: 1)unzip the data to opensearch, for example: tar -xvf odfe-1.13.2.tar.gz You need to remove data folder first if there is one in opensearch 2)run opensearch: ./bin/opensearch 3)run dashboards: ./bin/opensearch-dashboards 4)run any cypress test Besides the above manual process, we now offer a script in this PR: #931 To run bwc test using osd bundle data, use this command: ./cypress/bwctest-osd.sh -o /path/to/opensearch.tar.gz -d /path/to/opensearch-dashboards.tar.gz -b true Pls see more details in the above PR. fix data issue for eCommerse data resubmit data to fix timestamp issue Partically Resolved: opensearch-project/opensearch-build#705 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * Add more bwc tests for osd with bundles (#901) This PR adds the following bwc tests: 1)verify sample data work properly for bwc 2)verify timeline visualization work properly for bwc add more commands check in check_timeline and rename sample data check minimize the login time and make the tests more robust change query content to make bwc test more robust update license header solve timestamp issue fix comments and eslint Partically Resolved: opensearch-project/opensearch-build#705 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * [Backwards Compatibility] restore URL forwarding from legacy app Forwarding legacy app to the current format of the application. This enables the usage of stored URLs and other links that referenced the format of the application URL that mentioned the application name. Since we changed the URL forwarding we changed this value and released. So incase forks were made and depended on this legacy formatted reference of the application. It will still work. There are also references of the application. Issue resolved: #1013 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [Link] Fix yarnpkg link error Issue: https://yarnpkg.com/latest.msi is unavailable now and will be rerouted to a 404 page. Add it to link checker allow list to unblock the PR process. Signed-off-by: Zuocheng Ding <zding817@gmail.com> * Use the OpenSearch Dashboards logo in the READMEs Signed-off-by: Tommy Markley <markleyt@amazon.com> * Add .whitesource file to activate integration scan (#999) We already enable the access of WhiteSource integration with Github.com for this repo. However, the automatic PR of .whitesource is not created. We asked for the support from WhiteSource side and they suggested we could raise one by ourselves. This PR will also set the WhiteSource integration config mode to Local to be using the whitesource.config. Dashboards team can modify this configuration on their own to customize it. We are providing the one we had for all repos at this time. Issues Resolved opensearch-project/opensearch-build#721 * Add whitesource for to activate integration * Add links of documents for WhiteSource Signed-off-by: Zelin Hao <zelinhao@amazon.com> * [Build] remove legacy version check for plugin builds (#1029) Removes the SEMVAR check for external plugins. 7.9 is not relevant to the application. The semvar library was also preventing major.minor.patch.x which is the format from OpenSearch plugins. Related issue: #992 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [Node 14] Upgrades Node version from 10.24.1 to 14.18.2 (#1028) * Addresses syntax changes between Node.js v10 and v14. * Bumps dependencies to address build/compatibility issues: * Bumps `@types/node` from v10.17.26 to v14.17.32 * Bumps `@elastic/good` from v8.1.1-kibana2 to v9.0.1-kibana3 * Bumps `react` from v16.12.0 to v16.14.0 * Bumps `@microsoft/api-documenter` from v7.7.2 to v7.13.65 * Bumps `@microsoft/api-extractor` from v7.7.0 to v7.18.17 * Bumps `@types/webpack` from v4.41.3 to v4.41.31 * Bumps `@types/webpack-env` from v1.15.2 to v1.16.3 * Bumps `sass-loader` from v8.0.2 to v10.2.0 * Bumps `lmdb-store` from v0.6.10 to v1.6.11 * Bumps `node-sass` from "sass/node-sass#v5" to v6.0.1 * Adds `--no-deprecation` flag for integration tests caused by `shot` which is a downstream dependency of `hapi`. * Skips flaky server metrics collector tests * The ServerMetricsCollector tests are flaky and rely on the existing v17 hapi library that Dashboards depends on. This will be upgraded for the 2.0 release along with the Node.js upgrade. (#1073) * Bumps react from 16.12 to 16.14 to resolve unmet peer dependencies, but we still need a resolution to remove the old version. * Adds transformIgnorePattern for weak-lru-cache and ordered-binary to fix unit test jest failures. * Refactors node cache to improve logging and separate databases Signed-off-by: Bishoy Boktor <boktorbb@amazon.com> Co-authored-by: Tommy Markley <markleyt@amazon.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Ashwin Pc <ashwinpc@amazon.com> * Add a script to run one command for all bwc tests (#931) Currently, even we have bwc tests and data, to run bwc, we need to copy and unzip data in opensearch, then run opensearch, dashboards and cypress. This script will add more automation to allow us use one command to run all the tests. Here is the cmd: ./scripts/bwctest-osd.sh -o /path/to/opensearch.tar.gz -d /path/to/opensearch-dashboards.tar.gz -v versions -b true/false -o is the path to the tested opensearch. Here we need to rename the folder to opensearch and zip it -d is the path to the tested opensearch-dashboards. Also need to rename the folder to opensearch-dashboards and zip it -v is the optional version para. You can specify one version or multiple versions like "odfe-1.1.0, osd-1.0.0". If no pass, it will run all the versions defined in the script. -b is the optional osd type para. If pass true, it will run osd bundle. If pass false, it will run osd vanilla. The default is false. update the usage section with new parameters add license header and move the script in scripts folder modify bwc test script: 1)use curl command to check the opensearch and dashboards status 2)create test groups to eliminate if clauses 3)modify var names 4)wrap each block into functions to make it more reusable 5)add more comments clean out usage on port 5601 add test command and modify checking logic fix license Partically Resolved: opensearch-project/opensearch-build#705 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * [Map] Remove hardcoded AWS paths Clean up temp aws paths in code base. Add a configurable flag `showRegionBlockedWarning` into map plugin level config file. Signed-off-by: Zuocheng Ding <zding817@gmail.com> * [Docs] remove invalid reference in CONVENTIONS.md (#1110) Removed missed reference in CONVENTIONS.md. Issue related: #1109 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Upgrades babel, storybook, and postcss (#1104) * Upgrades dependencies to resolve react-dev-utils, browserslist, and postcss CVEs. * We have to stay on v6.3.x `@storybook` dependencies because of storybookjs/storybook#16837. 6.3.x still depends on older version of some of the `@babel` libraries. * The `autoprefixer` upgrade removes the browserslist warning during the build. * `css-loader`, `postcss-loader`, `postcss` upgrades were required to fix webpack errors. These upgrades contained a few breaking changes. * Minor version bumps to `react-router`, `react-router-dom`, and `styled-components` were done while troubleshooting bootstrap issues. Resolves #1055 Resolves #1094 Resolves #1095 Signed-off-by: Tommy Markley <markleyt@amazon.com> * Bumps microsoft api-documenter and api-extractor (#1106) Resolves #1063 Signed-off-by: Tommy Markley <markleyt@amazon.com> * Fixes incorrect license headers (#1131) Resolves #1130 Signed-off-by: Tommy Markley <markleyt@amazon.com> * Fixes linting errors (#1115) Signed-off-by: Tommy Markley <markleyt@amazon.com> * [Backwards Compatibility] update instructions in TESTING.md (#1030) fix PR comments Partially Resolved: opensearch-project/opensearch-build#705 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * [CI] upgrade to chromedriver 97 for github actions Github virtual env upgraded chrome: actions/runner-images#4861 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Disable WhiteSource check fails on commits/PRs (#1149) * WhiteSource is not properly comparing scans against the latest changes in `main`. This prevents the need to override checks to merge PRs for those who don't have access (like the Dashboards Core members). * Cleans up the WhiteSource config file. We don't need gradle, maven, go, python, or ruby scans enabled. * Replaces the deprecated `ignoreSourceFiles` config with `fileSystemScan`. Resolves #1150 Signed-off-by: Tommy Markley <markleyt@amazon.com> * Bump parse-link-header from 1.0.1 to 2.0.0 (#1108) Bumps [parse-link-header](https://github.com/thlorenz/parse-link-header) from 1.0.1 to 2.0.0. - [Release notes](https://github.com/thlorenz/parse-link-header/releases) - [Commits](thlorenz/parse-link-header@v1.0.1...v2.0.0) --- updated-dependencies: - dependency-name: parse-link-header dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Upgrades `hapi` from v17 to v20 (#1146) * Bumping 3 major versions ahead introduces many breaking changes. Hapi provides a detailed changelog: https://hapi.dev/resources/changelog * v18 notes: hapijs/hapi#3871 * v19 notes: hapijs/hapi#4017 * Bumps `raw-loader` from v3.1.0 to v4.0.2 to address a bootstrap warning. No breaking changes other than bumping Node.js to v10. * Removes the `--no-deprecation` flag for the integration tests since the newest version of hapi doesn't use the deprecated library. Resolves #1070 Resolves #1073 Resolves #1076 Resolves #1088 Resolves #1090 Signed-off-by: Tommy Markley <markleyt@amazon.com> * [BUG] fix disableWelcomeScreen config (#1143) disableWelcomeScreen was erroneously removed from being exposed to browser (for testing purposes) and was not able to pass the config to disable the welcome screen showing. Issue: #1138 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [Tests] configurable skip checksum verification (#1207) This enables configuring the skipping of checksum verification for integration and functional tests. The out-of-box experience enables tests to pull down an artifact of OpenSearch to run frontend tests against. However, if there was an issue with the publishing of the checksum, for example: opensearch-project/opensearch-build#1497 Then any CI for OpenSearch Dashboards is severely blocked. This lets the out-of-box experience get around this. This shouldn't be used permenantly and should be toggled off when no longer blocked. Issue resolved: #1205 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Bump nanoid from 3.1.30 to 3.2.0 (#1173) Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.30 to 3.2.0. - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.1.30...3.2.0) --- updated-dependencies: - dependency-name: nanoid dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Don't terminate the server on NodeDeprecationWarning (#1185) The last AWS SDK for Javascript that supports Node 10 (v3.45.0) emits a NodeDeprecationWarning to indicate that Node 10 is no longer supported. Without this workaround, this crashes the OSD server, so it becomes impossible to interact with other AWS services from within OSD (e.g., in a custom plugin) until the Node 14 upgrade is done. Signed-off-by: Thilo-Alexander Ginkel <tg@tgbyte.de> * Removes KUI Generator and related dependencies (#1105) * KUI is deprecated and we will not be adding new components. * Removes all dependencies that are no longer used in the package. * Updates the README to reflect the deprecation path. * Removes the create and document component scripts as well as the remaining references to generator-kui. Resolves #1059 Resolves #1061 Signed-off-by: Tommy Markley <markleyt@amazon.com> * Bump markdown-it from 10.0.0 to 12.3.2 (#1140) Bumps [markdown-it](https://github.com/markdown-it/markdown-it) from 10.0.0 to 12.3.2. - [Release notes](https://github.com/markdown-it/markdown-it/releases) - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@10.0.0...12.3.2) --- updated-dependencies: - dependency-name: markdown-it dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix createStateContainerReactHelpers documentation (#1213) Issues Resolved: #1197 Signed-off-by: Thilo-Alexander Ginkel <tg@tgbyte.de> * Bumps `node-fetch` from v2.6.1 to v2.6.7 (#1169) Resolves #1162 Signed-off-by: Tommy Markley <markleyt@amazon.com> * Removes deprecated `request` and `@percy/agent` (#1113) * Addresses first set of dependencies that are upstream from `json-schema@0.2.3`. There is more work to do but a webpack upgrade is required first. * Replaces usage of `request` in integration tests with `tough-cookie`. * `@percy/agent` is deprecated and is replaced by `@percy/cli`. * Bumps `follow-redirects` to address CVE. * Also removes unnecessary user management logic from functional tests. Resolves #1133 Incremental change towards addressing #1066 Signed-off-by: Tommy Markley <markleyt@amazon.com> * [Bug] fix incorrect import for opensearch aggs (#1192) Incorrect import statement that was introduced here: #688 Verified other imports and the rest look fine. Issue: n/a Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Re-enable WhiteSource check fails on commits/PRs (#1226) * WhiteSource seems to have resolved the previous bug, and we are still able to merge even if the check fails. Signed-off-by: Tommy Markley <markleyt@amazon.com> * Removes storybook package and related code (#1172) In order to address potential licensing issues as well as resolve related CVEs, all storybook code is removed. The storybook features have been broken since the fork and the work to fix everything was greater than removing it. Alternatives will be considered in the future. Resolves #1130 Resolves #1171 Signed-off-by: Tommy Markley <markleyt@amazon.com> * Run build and test workflow on all branches (#1222) * Skips feature branches * Use the `.nvmrc` file for the `node` version instead of a hard-coded version. Resolves #1023 Signed-off-by: Tommy Markley <markleyt@amazon.com> * Initial Drag and Drop plugin code (#946) * Initial Drag and Drop plugin code Signed-off-by: Ashwin Pc <ashwinpc@amazon.com> * Adds state management to Drag and Drop Signed-off-by: Ashwin Pc <ashwinpc@amazon.com> * Moves Drag and Drop to create visualization menu Signed-off-by: Ashwin Pc <ashwinpc@amazon.com> * Field Search in Data panel (#995) Add ability to search on index fields Signed-off-by: Abbas Hussain <abbas_10690@yahoo.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com> Co-authored-by: Zuocheng Ding <zding817@gmail.com> Co-authored-by: Anan <79961084+ananzh@users.noreply.github.com> Co-authored-by: Tommy Markley <markleyt@amazon.com> Co-authored-by: Zelin Hao <87548827+zelinh@users.noreply.github.com> Co-authored-by: Bishoy Boktor <65934617+boktorbb-amzn@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thilo-Alexander Ginkel <tg@tgbyte.de> Co-authored-by: Abbas Hussain <abbashus@amazon.com>
tmarkley
added
cve
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Mar 29, 2023
Issue Resolved: validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Mar 29, 2023
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
8 tasks
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Mar 29, 2023
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Mar 29, 2023
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Mar 29, 2023
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Mar 29, 2023
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Mar 30, 2023
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
seanneumann
pushed a commit
that referenced
this pull request
Mar 31, 2023
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR #1106. The solution is to backport it on 1.x. Backport PR: #1106 Issue Resolved: #1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com>
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Mar 31, 2023
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR #1106. The solution is to backport it on 1.x. Backport PR: #1106 Issue Resolved: #1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 53ae3cf) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Apr 3, 2023
…project#3725) validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com>
joshuarrrr
added a commit
that referenced
this pull request
Apr 11, 2023
….0 (#3753) * [CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0 (#3725) validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR #1106. The solution is to backport it on 1.x. Backport PR: #1106 Issue Resolved: #1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 53ae3cf) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md * add changelog Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Bumps dependencies to address the CVE.
Issues Resolved
Resolves #1063
Check List
yarn test:jestyarn test:jest_integrationyarn test:ftr