Bump joi to v14 to avoid the possibility of prototype poisoning in a nested dependency
#3952
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AMoo-Miki
requested review from
ananzh,
kavilla,
seanneumann,
ashwin-pc,
joshuarrrr,
abbyhu2000,
zengyan-amazon,
kristenTian,
zhongnansu and
manasvinibs
as code owners
AMoo-Miki
force-pushed
the
bump-hoek
branch
2 times, most recently
from
bafdd76
to
f33ecb0
Compare
zhongnansu
reviewed
Apr 27, 2023
There was a problem hiding this comment.
@AMoo-Miki Do we need to update joi in osd-config-schema as well?
|
zhongnansu
previously approved these changes
Apr 27, 2023
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #3952 +/- ##
=======================================
Coverage 66.44% 66.44%
=======================================
Files 3229 3229
Lines 62068 62068
Branches 9599 9599
=======================================
Hits 41238 41238
Misses 18527 18527
Partials 2303 2303
Flags with carried forward coverage won't be shown. Click here to find out more. |
seanneumann
previously approved these changes
Apr 27, 2023
…a nested dependency Signed-off-by: Miki <miki@amazon.com>
zhongnansu
approved these changes
May 1, 2023
ashwin-pc
approved these changes
May 2, 2023
|
The backport to To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-3952-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 ca0bb8f63f5db103c4ea2ca21fd41dc66310d957
# Push it to GitHub
git push --set-upstream origin backport/backport-3952-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-2.xThen, create a pull request where the |
lezzago
added a commit
that referenced
this pull request
Jun 1, 2023
* Fix header icon (#3910) (#3915) * fixes header change * Update src/core/public/chrome/ui/header/header_help_menu.tsx * fixes snapshots --------- (cherry picked from commit 3cca088) Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Add server side private IP blocking for data source endpoints validation (#3912) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Docs (Jest): Update jest documentation links (#3931) Signed-off-by: Josh Romero <rmerqg@amazon.com> * Revert "[CCI] Replace jquery usage in console plugin with native methods (#3733)" (#3929) This reverts commit ffe4556. * [BUG][Dashboard listing] push to history if dashboard otherwise nav (#3922) History push will just to the current route. However, dashboardsProvider was implemented with the expectation that it was a different app. So when a plugin registered it was attempting to navigate to `app/dashboard#/app/{url}` Add tests and extra data test subject. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * remove jquery console release note for #3929 revert (#3930) Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> * [CCI] Update js-yaml to v4.0.5 (#3770) * Update js-yaml to 4.0.5 (#3659) * Update CHANGELOG.md (#3659) Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> --------- Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Update README.md (#3788) * Update README.md Signed-off-by: Melissa Vagi <vagimeli@amazon.com> * Update README.md Co-authored-by: Miki <amoo_miki@yahoo.com> --------- Signed-off-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> * Bump yaml to 2.2.2 (#3947) Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com> * Bump `joi` to v14 to avoid the possibility of prototype poisoning in a nested dependency (#3952) Signed-off-by: Miki <miki@amazon.com> * [Doc] Add communication guide (#3837) * docs(COMMUNICATION): Add communication guide with info on slack, forum, and developer office hours link from README, CONTRIBUTING, DEVELOPER_GUIDE Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> * Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976) The latest version of chromedriver is 112.0.1 which does not support node 14. This PR hardcodes chromedriver to 112.0.0 temporarily. Pls revert it once we bump to node 18. Issue Resolved #3975 Signed-off-by: ananzh <ananzh@amazon.com> * Fix wording and duplicate code in embeddable example plugin (#3911) * Fix wording and duplicate code in embeddable example plugin Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Fix some wording in the embeddable readme Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> --------- Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * [CI] setup Chrome and utilize binary path (#3997) Within the CI, the virtual runner that we are utilizing has Chrome installed already. The version of Chrome is installed periodically. The most recent version of Chrome requires updates to dependencies that drop support for Node 14. This downloads chrome in the CI and then checks the chromedriver from the environment variable `TEST_BROWSER_BINARY_PATH`. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [Dashboards listing] fix listing limit (#4021) Initial page size was passed to the search function instead of the listing limit causing the max amount received to be significantly less than the previously implementation. Saved objects per page is `20` by default and the listing limit per page is `1000` by default. Issue: #4017 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [CCI] Fix EUI/OUI type errors (#3798) * Update find_test_subject imports for tests Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Update to available imports for findTestSubject Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Fix available import for Query and custom icon Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Add changelog entry Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Add ts-ignore Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> --------- Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> * Fix bottom bar visibility using create portal (#3336) (#3978) Signed-off-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Andrey Myssak <andreymyssak@gmail.com> * Adds threshold to code coverage changes for project (#4040) * Fixes code coverage workflow failures for the project test due to inderect flakey changes Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds changelog Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> --------- Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Updates PR template for screenshots and test instructions (#4042) Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Replace re2 with RegExp in timeline and add unit tests (#3908) Remove re2 usage and replace it with JavaScript built-in RegExp object. Also add more unit tests to make sure that using RegExp has same expressions as using re2 library. Issue Resolve #3901 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * [Console] [CCI] Remove unused ul element and its custom styling. (#3993) * remove unused ul element Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update CHANGELOG.md Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Add 1.3.10 release note (#4060) (#4063) * Add release note for 1.3.10 * Address comments and add one CVE PR --------- (cherry picked from commit 4371587) Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * [Multiple Datasource] Support Amazon OpenSearch Serverless (#3957) * [Multiple Datasource]Support Amazon OpenSearch Serverless in SigV4 * remove experimental text in yml * Refactor create data source form for authentication Signed-off-by: Su <szhongna@amazon.com> * Remove Sass from `tile_map` plugin (#4110) * Remove Sass from tile_map plugin Signed-off-by: Matt Provost <provomat@amazon.com> * Update changelog Signed-off-by: Matt Provost <provomat@amazon.com> --------- Signed-off-by: Matt Provost <provomat@amazon.com> * Design for New Saved Object Service Interface for Custom Repository (#3954) * Adds design document for new saved object service interface for custom repository Signed-off-by: Bandini Bhopi <bandinib@amazon.com> * enhance grouping for context menu options (#3924) * enhance grouping for context menu options * build panels tests and more comments Signed-off-by: David Sinclair <dsincla@rei.com> --------- Signed-off-by: David Sinclair <david@sinclair.tech> Signed-off-by: David Sinclair <dsincla@rei.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Adding Tao and Zilong to MAINTAINERS (#4137) * Adding Tao and Zilong to MAINTAINERS Signed-off-by: Yan Zeng <zengyan@amazon.com> * [MD]Update data-test-subj for functional tests & fix bug in edit flow (#4126) Signed-off-by: Su <szhongna@amazon.com> * Add support for Node.js >=14.20.1 <19 (#4071) * Bump Node.js requirements to 18 Signed-off-by: Miki <miki@amazon.com> * Replace `lmdb-store` with `lmdb` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Bump `elastic-apm-node` to the latest minor Signed-off-by: Miki <miki@amazon.com> * Replace webpack and plugins with a patched version that uses xxhash64 * Use `xxhash64` as the hashing algorithm of webpack * Upgrade `globby` * Remove `fibers` Signed-off-by: Miki <miki@amazon.com> * Replace `fs.rmdir` with `fs.rm` in cross-platform tests Signed-off-by: Miki <miki@amazon.com> * Increase listener limit Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Add promise-stripping serializer Signed-off-by: Miki <miki@amazon.com> * Bump heap for CI Signed-off-by: Miki <miki@amazon.com> * Correct use of fs/promises in @osd/pm Signed-off-by: Miki <miki@amazon.com> * Use fs/promise in plugin post-install cleanup Signed-off-by: Miki <miki@amazon.com> * Set the test server's host to `0.0.0.0` Signed-off-by: Miki <miki@amazon.com> * Sync `.node-version` file Signed-off-by: Miki <miki@amazon.com> * Support both `isPrimary`, for Node 18, and `isMaster`, for Node 14 Signed-off-by: Miki <miki@amazon.com> * Add types when using `isDeepStrictEqual` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Add names to `SchemaError` to log more specific errors Signed-off-by: Miki <miki@amazon.com> * Fix failing vega visualization tests outside the CI Signed-off-by: Miki <miki@amazon.com> * Fix snapshot of errors thrown for undefined accessors Signed-off-by: Miki <miki@amazon.com> * Fix flakiness of log_rotator Signed-off-by: Miki <miki@amazon.com> * Fix asynchronous `fs` usafe in plugin discover Signed-off-by: Miki <miki@amazon.com> * Fix mocks in @osd/optimizer Signed-off-by: Miki <miki@amazon.com> * Fix memory leaks caused by setting states on unloaded components Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Bump Node in Dockerfile Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Remove the response `close` event as an indicator of the requesting finishing #3601 (comment) Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * [BWC] Timeout after 3 mins of waiting for OSD to be running in tests Signed-off-by: Miki <miki@amazon.com> * Make build use the same node version that tests are run against Signed-off-by: Miki <miki@amazon.com> * Make Node resolve DNS by IPv4 first * This is helpful to resolve `locahost` to `127.0.0.1` Signed-off-by: Miki <miki@amazon.com> * Standardize patterns used by plugin discovery * Enhance absolute path serialization on Windows Signed-off-by: Miki <amoo_miki@yahoo.com> * Mock fetch in SenseEditor tests Signed-off-by: Miki <amoo_miki@yahoo.com> * Restore node-sass usage to fix build performance * `sass-loader@10` is the last version that supports webpack@4 * `sass` is extremely slow when using the legacy API (`render`) and to use the "Modern API" (`compileStringAsync`), `sass-loader@13` would be needed. * The performance of `sass@10` is made acceptable only with `fibers` but that is deprecated and doesn't work on Node 18 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Miki <miki@amazon.com> * Revert "[CI] setup Chrome and utilize binary path (#3997)" This reverts commit 0188d05 Signed-off-by: Miki <miki@amazon.com> * Prevent fast-fail while running functional test in CI Signed-off-by: Miki <miki@amazon.com> * Revert "Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976)" This reverts commit 5ea0cbe. Signed-off-by: Miki <miki@amazon.com> * Save Cypress results artifacts during CI Signed-off-by: Miki <miki@amazon.com> * Add missing required dependency on `set-value` * Also force all to ^4.1.0 due to a vulnerability fixed in 3.1.0. Signed-off-by: Miki <miki@amazon.com> * Prevent multiple calls to bootstrap's shutdown Signed-off-by: Miki <miki@amazon.com> * Use Node 18.16.0 in distributions * Bump jest-canvas-mock to fix failing tests * Extend Node engines versions Signed-off-by: Miki <miki@amazon.com> * Normalize test snapshots across Node 14, 16, and 18 Signed-off-by: Miki <miki@amazon.com> * Update CHANGELOG for Node.js >=14.20.1 <19 support Signed-off-by: Miki <miki@amazon.com> --------- Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Remove timeline application (#3971) * Remove timeline application In this PR, we made the following changes: First of all, clean out some advanced settings specific to timeline application and tests. * Remove timelion:default_rows: This setting defines the default number of rows that a new Timelion sheet should have. * Remove timelion:default_rows: This setting defines the default number of columns that a new Timelion sheet should have. * Remove timelion:showTutorial. Second, remove src/plugin/timeline completely and modify timeline vis. Third, remove all the functional tests related to timeline application. Issue resolve #3519 #3593 Signed-off-by: ananzh <ananzh@amazon.com> --------- Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: ananzh <ananzh@amazon.com> * Use `exec` in the CLI shell scripts to prevent new process creation (#3955) Signed-off-by: Miki <miki@amazon.com> * chore (lychee): Add company.net to exclusion list (#4171) Signed-off-by: Josh Romero <rmerqg@amazon.com> * Bundle Node 14 as a fallback for operating systems that cannot run Node 18 (#4151) Signed-off-by: ananzh <ananzh@amazon.com> Signed-off-by: Miki <miki@amazon.com> * Refactor authentication description message (#4179) resolves #4173 Signed-off-by: Su <szhongna@amazon.com> --------- Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> Signed-off-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: ananzh <ananzh@amazon.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> Signed-off-by: Sergey Myssak <sergey.myssak@gmail.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Matt Provost <provomat@amazon.com> Signed-off-by: Bandini Bhopi <bandinib@amazon.com> Signed-off-by: David Sinclair <david@sinclair.tech> Signed-off-by: David Sinclair <dsincla@rei.com> Signed-off-by: Yan Zeng <zengyan@amazon.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Ashish Agrawal <ashisagr@amazon.com> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Kristen Tian <105667444+kristenTian@users.noreply.github.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Co-authored-by: Andrey Myssak <40265277+andreymyssak@users.noreply.github.com> Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> Co-authored-by: Manasvini B Suryanarayana <manasvis@amazon.com> Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Co-authored-by: Alexei Karikov <karikov.alist.ru@gmail.com> Co-authored-by: Andrey Myssak <andreymyssak@gmail.com> Co-authored-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Zhongnan Su <szhongna@amazon.com> Co-authored-by: Matt Provost <provomat@amazon.com> Co-authored-by: Bandini <63824432+bandinib-amzn@users.noreply.github.com> Co-authored-by: David Sinclair <24573542+sikhote@users.noreply.github.com> Co-authored-by: Yan Zeng <46499415+zengyan-amazon@users.noreply.github.com>
|
The backport to To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-2.8 2.8
# Navigate to the new working tree
pushd ../.worktrees/backport-2.8
# Create a new branch
git switch --create backport/backport-3952-to-2.8
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 ca0bb8f63f5db103c4ea2ca21fd41dc66310d957
# Push it to GitHub
git push --set-upstream origin backport/backport-3952-to-2.8
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-2.8Then, create a pull request where the |
ananzh
pushed a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Jun 1, 2023
…e poisoning in a nested dependency Backport PR opensearch-project#3952 Signed-off-by: Miki <miki@amazon.com>
8 tasks
ananzh
pushed a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Jun 1, 2023
…e poisoning in a nested dependency Backport PR opensearch-project#3952 Signed-off-by: Miki <miki@amazon.com>
ananzh
pushed a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Jun 1, 2023
…e poisoning in a nested dependency Backport PR opensearch-project#3952 Signed-off-by: Miki <miki@amazon.com>
8 tasks
ananzh
pushed a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Jun 1, 2023
…e poisoning in a nested dependency Backport PR opensearch-project#3952 Signed-off-by: Miki <miki@amazon.com>
8 tasks
manasvinibs
pushed a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Jun 14, 2023
…e poisoning in a nested dependency Backport PR opensearch-project#3952 Signed-off-by: Miki <miki@amazon.com>
lezzago
added a commit
that referenced
this pull request
Jun 19, 2023
* Fix header icon (#3910) (#3915) * fixes header change * Update src/core/public/chrome/ui/header/header_help_menu.tsx * fixes snapshots --------- (cherry picked from commit 3cca088) Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Add server side private IP blocking for data source endpoints validation (#3912) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Docs (Jest): Update jest documentation links (#3931) Signed-off-by: Josh Romero <rmerqg@amazon.com> * Revert "[CCI] Replace jquery usage in console plugin with native methods (#3733)" (#3929) This reverts commit ffe4556. * [BUG][Dashboard listing] push to history if dashboard otherwise nav (#3922) History push will just to the current route. However, dashboardsProvider was implemented with the expectation that it was a different app. So when a plugin registered it was attempting to navigate to `app/dashboard#/app/{url}` Add tests and extra data test subject. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * remove jquery console release note for #3929 revert (#3930) Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> * [CCI] Update js-yaml to v4.0.5 (#3770) * Update js-yaml to 4.0.5 (#3659) * Update CHANGELOG.md (#3659) Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> --------- Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Update README.md (#3788) * Update README.md Signed-off-by: Melissa Vagi <vagimeli@amazon.com> * Update README.md Co-authored-by: Miki <amoo_miki@yahoo.com> --------- Signed-off-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> * Bump yaml to 2.2.2 (#3947) Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com> * Bump `joi` to v14 to avoid the possibility of prototype poisoning in a nested dependency (#3952) Signed-off-by: Miki <miki@amazon.com> * [Doc] Add communication guide (#3837) * docs(COMMUNICATION): Add communication guide with info on slack, forum, and developer office hours link from README, CONTRIBUTING, DEVELOPER_GUIDE Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> * Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976) The latest version of chromedriver is 112.0.1 which does not support node 14. This PR hardcodes chromedriver to 112.0.0 temporarily. Pls revert it once we bump to node 18. Issue Resolved #3975 Signed-off-by: ananzh <ananzh@amazon.com> * Fix wording and duplicate code in embeddable example plugin (#3911) * Fix wording and duplicate code in embeddable example plugin Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Fix some wording in the embeddable readme Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> --------- Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * [CI] setup Chrome and utilize binary path (#3997) Within the CI, the virtual runner that we are utilizing has Chrome installed already. The version of Chrome is installed periodically. The most recent version of Chrome requires updates to dependencies that drop support for Node 14. This downloads chrome in the CI and then checks the chromedriver from the environment variable `TEST_BROWSER_BINARY_PATH`. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [Dashboards listing] fix listing limit (#4021) Initial page size was passed to the search function instead of the listing limit causing the max amount received to be significantly less than the previously implementation. Saved objects per page is `20` by default and the listing limit per page is `1000` by default. Issue: #4017 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * [CCI] Fix EUI/OUI type errors (#3798) * Update find_test_subject imports for tests Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Update to available imports for findTestSubject Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Fix available import for Query and custom icon Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Add changelog entry Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Add ts-ignore Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> --------- Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> * Fix bottom bar visibility using create portal (#3336) (#3978) Signed-off-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Andrey Myssak <andreymyssak@gmail.com> * Adds threshold to code coverage changes for project (#4040) * Fixes code coverage workflow failures for the project test due to inderect flakey changes Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds changelog Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> --------- Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Updates PR template for screenshots and test instructions (#4042) Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Replace re2 with RegExp in timeline and add unit tests (#3908) Remove re2 usage and replace it with JavaScript built-in RegExp object. Also add more unit tests to make sure that using RegExp has same expressions as using re2 library. Issue Resolve #3901 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * [Console] [CCI] Remove unused ul element and its custom styling. (#3993) * remove unused ul element Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update CHANGELOG.md Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Add 1.3.10 release note (#4060) (#4063) * Add release note for 1.3.10 * Address comments and add one CVE PR --------- (cherry picked from commit 4371587) Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * [Multiple Datasource] Support Amazon OpenSearch Serverless (#3957) * [Multiple Datasource]Support Amazon OpenSearch Serverless in SigV4 * remove experimental text in yml * Refactor create data source form for authentication Signed-off-by: Su <szhongna@amazon.com> * Remove Sass from `tile_map` plugin (#4110) * Remove Sass from tile_map plugin Signed-off-by: Matt Provost <provomat@amazon.com> * Update changelog Signed-off-by: Matt Provost <provomat@amazon.com> --------- Signed-off-by: Matt Provost <provomat@amazon.com> * Design for New Saved Object Service Interface for Custom Repository (#3954) * Adds design document for new saved object service interface for custom repository Signed-off-by: Bandini Bhopi <bandinib@amazon.com> * enhance grouping for context menu options (#3924) * enhance grouping for context menu options * build panels tests and more comments Signed-off-by: David Sinclair <dsincla@rei.com> --------- Signed-off-by: David Sinclair <david@sinclair.tech> Signed-off-by: David Sinclair <dsincla@rei.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> * Adding Tao and Zilong to MAINTAINERS (#4137) * Adding Tao and Zilong to MAINTAINERS Signed-off-by: Yan Zeng <zengyan@amazon.com> * [MD]Update data-test-subj for functional tests & fix bug in edit flow (#4126) Signed-off-by: Su <szhongna@amazon.com> * Add support for Node.js >=14.20.1 <19 (#4071) * Bump Node.js requirements to 18 Signed-off-by: Miki <miki@amazon.com> * Replace `lmdb-store` with `lmdb` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Bump `elastic-apm-node` to the latest minor Signed-off-by: Miki <miki@amazon.com> * Replace webpack and plugins with a patched version that uses xxhash64 * Use `xxhash64` as the hashing algorithm of webpack * Upgrade `globby` * Remove `fibers` Signed-off-by: Miki <miki@amazon.com> * Replace `fs.rmdir` with `fs.rm` in cross-platform tests Signed-off-by: Miki <miki@amazon.com> * Increase listener limit Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Add promise-stripping serializer Signed-off-by: Miki <miki@amazon.com> * Bump heap for CI Signed-off-by: Miki <miki@amazon.com> * Correct use of fs/promises in @osd/pm Signed-off-by: Miki <miki@amazon.com> * Use fs/promise in plugin post-install cleanup Signed-off-by: Miki <miki@amazon.com> * Set the test server's host to `0.0.0.0` Signed-off-by: Miki <miki@amazon.com> * Sync `.node-version` file Signed-off-by: Miki <miki@amazon.com> * Support both `isPrimary`, for Node 18, and `isMaster`, for Node 14 Signed-off-by: Miki <miki@amazon.com> * Add types when using `isDeepStrictEqual` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Add names to `SchemaError` to log more specific errors Signed-off-by: Miki <miki@amazon.com> * Fix failing vega visualization tests outside the CI Signed-off-by: Miki <miki@amazon.com> * Fix snapshot of errors thrown for undefined accessors Signed-off-by: Miki <miki@amazon.com> * Fix flakiness of log_rotator Signed-off-by: Miki <miki@amazon.com> * Fix asynchronous `fs` usafe in plugin discover Signed-off-by: Miki <miki@amazon.com> * Fix mocks in @osd/optimizer Signed-off-by: Miki <miki@amazon.com> * Fix memory leaks caused by setting states on unloaded components Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Bump Node in Dockerfile Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Remove the response `close` event as an indicator of the requesting finishing #3601 (comment) Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * [BWC] Timeout after 3 mins of waiting for OSD to be running in tests Signed-off-by: Miki <miki@amazon.com> * Make build use the same node version that tests are run against Signed-off-by: Miki <miki@amazon.com> * Make Node resolve DNS by IPv4 first * This is helpful to resolve `locahost` to `127.0.0.1` Signed-off-by: Miki <miki@amazon.com> * Standardize patterns used by plugin discovery * Enhance absolute path serialization on Windows Signed-off-by: Miki <amoo_miki@yahoo.com> * Mock fetch in SenseEditor tests Signed-off-by: Miki <amoo_miki@yahoo.com> * Restore node-sass usage to fix build performance * `sass-loader@10` is the last version that supports webpack@4 * `sass` is extremely slow when using the legacy API (`render`) and to use the "Modern API" (`compileStringAsync`), `sass-loader@13` would be needed. * The performance of `sass@10` is made acceptable only with `fibers` but that is deprecated and doesn't work on Node 18 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Miki <miki@amazon.com> * Revert "[CI] setup Chrome and utilize binary path (#3997)" This reverts commit 0188d05 Signed-off-by: Miki <miki@amazon.com> * Prevent fast-fail while running functional test in CI Signed-off-by: Miki <miki@amazon.com> * Revert "Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976)" This reverts commit 5ea0cbe. Signed-off-by: Miki <miki@amazon.com> * Save Cypress results artifacts during CI Signed-off-by: Miki <miki@amazon.com> * Add missing required dependency on `set-value` * Also force all to ^4.1.0 due to a vulnerability fixed in 3.1.0. Signed-off-by: Miki <miki@amazon.com> * Prevent multiple calls to bootstrap's shutdown Signed-off-by: Miki <miki@amazon.com> * Use Node 18.16.0 in distributions * Bump jest-canvas-mock to fix failing tests * Extend Node engines versions Signed-off-by: Miki <miki@amazon.com> * Normalize test snapshots across Node 14, 16, and 18 Signed-off-by: Miki <miki@amazon.com> * Update CHANGELOG for Node.js >=14.20.1 <19 support Signed-off-by: Miki <miki@amazon.com> --------- Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> * Remove timeline application (#3971) * Remove timeline application In this PR, we made the following changes: First of all, clean out some advanced settings specific to timeline application and tests. * Remove timelion:default_rows: This setting defines the default number of rows that a new Timelion sheet should have. * Remove timelion:default_rows: This setting defines the default number of columns that a new Timelion sheet should have. * Remove timelion:showTutorial. Second, remove src/plugin/timeline completely and modify timeline vis. Third, remove all the functional tests related to timeline application. Issue resolve #3519 #3593 Signed-off-by: ananzh <ananzh@amazon.com> --------- Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: ananzh <ananzh@amazon.com> * Use `exec` in the CLI shell scripts to prevent new process creation (#3955) Signed-off-by: Miki <miki@amazon.com> * chore (lychee): Add company.net to exclusion list (#4171) Signed-off-by: Josh Romero <rmerqg@amazon.com> * Bundle Node 14 as a fallback for operating systems that cannot run Node 18 (#4151) Signed-off-by: ananzh <ananzh@amazon.com> Signed-off-by: Miki <miki@amazon.com> * Refactor authentication description message (#4179) resolves #4173 Signed-off-by: Su <szhongna@amazon.com> * [CI] skip checksum verification for cypress tests (#4188) Snapshot checksum verification caused failure in test runs: #4187 Skipping the verification to enable the tests run as the snapshot of OpenSearch should not impact the tests. Issue: n/a Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Adds plugin manifest config to define OpenSearch plugin dependency and verifies if it is installed (#3116) Resolves Issue -#2799 Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> * [Table Visualization] Remove custom styling for text-align:center in favor of OUI utility class. (#4164) * remove custom styling in favor of oui utility class Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update CHANGELOG.md Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Add new MAINTAINERS to CODEOWNERS file (#4199) * Add new code owners Signed-off-by: Tao Liu <liutaoaz@amazon.com> * modify changelog.md Signed-off-by: Tao Liu <liutaoaz@amazon.com> --------- Signed-off-by: Tao Liu <liutaoaz@amazon.com> * Add 2.8.0 release notes (#4204) * Add 2.8.0 release notes Co-authored-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> * Chore(CHANGELOG): Update with 2.7, 2.8 releases (#3890) * Chore(CHANGELOG): Update with 2.7 release * align changelog with 2.8 release notes * update 2.8 release notes * add 1.3.10 release notes to changelog --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> * [Saved Object Service] Adds Repository Factory Provider (#4149) * Adds Repository Factory Provider Signed-off-by: Bandini Bhopi <bandinib@amazon.com> * add category option for context menus (#4144) * enhance grouping for context menu options Signed-off-by: David Sinclair <david@sinclair.tech> * change log Signed-off-by: David Sinclair <david@sinclair.tech> * remove type export Signed-off-by: David Sinclair <david@sinclair.tech> * revert border and prevent destroy options Signed-off-by: David Sinclair <david@sinclair.tech> * update comments for building panels Signed-off-by: David Sinclair <dsincla@rei.com> * build panels tests and more comments Signed-off-by: David Sinclair <dsincla@rei.com> * add category option for context menus Signed-off-by: David Sinclair <dsincla@rei.com> * changelog Signed-off-by: David Sinclair <dsincla@rei.com> * add order to groups Signed-off-by: David Sinclair <dsincla@rei.com> * documentation, shorter copyrighty, minor cleanup Signed-off-by: David Sinclair <dsincla@rei.com> * changelog Signed-off-by: David Sinclair <dsincla@rei.com> --------- Signed-off-by: David Sinclair <david@sinclair.tech> Signed-off-by: David Sinclair <dsincla@rei.com> Signed-off-by: Ashish Agrawal <ashish81394@gmail.com> Co-authored-by: Ashish Agrawal <ashish81394@gmail.com> * [CCI] Add bluebird replaces for src/plugins/saved_objects (#4026) * Add bluebird replaces for src/plugins/saved_objects * Add changelog entry --------- Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> * Validate and correct change log after 2.8 release (#4275) Signed-off-by: Su <szhongna@amazon.com> --------- Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Andrey Myssak <andreymyssak@gmail.com> Signed-off-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: ananzh <ananzh@amazon.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Alexei Karikov <karikov.alist.ru@gmail.com> Signed-off-by: Sergey Myssak <sergey.myssak@gmail.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Matt Provost <provomat@amazon.com> Signed-off-by: Bandini Bhopi <bandinib@amazon.com> Signed-off-by: David Sinclair <david@sinclair.tech> Signed-off-by: David Sinclair <dsincla@rei.com> Signed-off-by: Yan Zeng <zengyan@amazon.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Tao Liu <liutaoaz@amazon.com> Signed-off-by: Ashish Agrawal <ashish81394@gmail.com> Signed-off-by: Ashish Agrawal <ashisagr@amazon.com> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Kristen Tian <105667444+kristenTian@users.noreply.github.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Co-authored-by: Andrey Myssak <40265277+andreymyssak@users.noreply.github.com> Co-authored-by: Sergey Myssak <sergey.myssak@gmail.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> Co-authored-by: Manasvini B Suryanarayana <manasvis@amazon.com> Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Co-authored-by: Alexei Karikov <karikov.alist.ru@gmail.com> Co-authored-by: Andrey Myssak <andreymyssak@gmail.com> Co-authored-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Zhongnan Su <szhongna@amazon.com> Co-authored-by: Matt Provost <provomat@amazon.com> Co-authored-by: Bandini <63824432+bandinib-amzn@users.noreply.github.com> Co-authored-by: David Sinclair <24573542+sikhote@users.noreply.github.com> Co-authored-by: Yan Zeng <46499415+zengyan-amazon@users.noreply.github.com> Co-authored-by: Tao Liu <33105471+Flyingliuhub@users.noreply.github.com>
|
This didn't actually ship in 1.3.10, so I've updated the label. |
4 tasks
|
Backported to 2.x here #4206 |
joshuarrrr
added a commit
that referenced
this pull request
Jul 26, 2023
…ity of prototype poisoning in a nested dependency (#4345) * [1.x backport] Bump `joi` to v14 to avoid the possibility of prototype poisoning in a nested dependency (#4211) Backport PR #3952 Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Miki <miki@amazon.com> (cherry picked from commit 4626066) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md * update changelog Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The
clonemethod inhoek@5, a dependency ofjoi@13, uses techniques that make prototype poisoning possible. The flaw doesn't exist inhoek@6, a dependency ofjoi@14.Check List
yarn test:jestyarn test:jest_integrationyarn test:ftr