-
Notifications
You must be signed in to change notification settings - Fork 889
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE-2023-2251] Bump yaml to 2.2.2 #3947
[CVE-2023-2251] Bump yaml to 2.2.2 #3947
Conversation
fd25f9d
to
ef5f32b
Compare
Signed-off-by: Manasvini B Suryanarayana <[email protected]>
ef5f32b
to
c7453de
Compare
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #3947 +/- ##
==========================================
- Coverage 66.44% 66.38% -0.06%
==========================================
Files 3229 3229
Lines 62068 62068
Branches 9599 9599
==========================================
- Hits 41238 41202 -36
- Misses 18527 18557 +30
- Partials 2303 2309 +6
Flags with carried forward coverage won't be shown. Click here to find out more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Signed-off-by: Manasvini B Suryanarayana <[email protected]> Co-authored-by: Sean Neumann <[email protected]> (cherry picked from commit a8ace28) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
@manasvinibs Is this being added to 2.7.0? If so it also needs a backport to 2.7 label. If not, we should label it for 2.8.0. |
I don't think its going into 2.7.0. |
Signed-off-by: Manasvini B Suryanarayana <[email protected]> Co-authored-by: Sean Neumann <[email protected]> (cherry picked from commit a8ace28) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Fix header icon (#3910) (#3915) * fixes header change * Update src/core/public/chrome/ui/header/header_help_menu.tsx * fixes snapshots --------- (cherry picked from commit 3cca088) Signed-off-by: Ashwin P Chandran <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <[email protected]> * Add server side private IP blocking for data source endpoints validation (#3912) Signed-off-by: Kristen Tian <[email protected]> * Docs (Jest): Update jest documentation links (#3931) Signed-off-by: Josh Romero <[email protected]> * Revert "[CCI] Replace jquery usage in console plugin with native methods (#3733)" (#3929) This reverts commit ffe4556. * [BUG][Dashboard listing] push to history if dashboard otherwise nav (#3922) History push will just to the current route. However, dashboardsProvider was implemented with the expectation that it was a different app. So when a plugin registered it was attempting to navigate to `app/dashboard#/app/{url}` Add tests and extra data test subject. Signed-off-by: Kawika Avilla <[email protected]> * remove jquery console release note for #3929 revert (#3930) Signed-off-by: Josh Romero <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> * [CCI] Update js-yaml to v4.0.5 (#3770) * Update js-yaml to 4.0.5 (#3659) * Update CHANGELOG.md (#3659) Co-authored-by: Sergey Myssak <[email protected]> Signed-off-by: Andrey Myssak <[email protected]> --------- Signed-off-by: Andrey Myssak <[email protected]> Signed-off-by: Josh Romero <[email protected]> Co-authored-by: Sergey Myssak <[email protected]> Co-authored-by: Josh Romero <[email protected]> * Update README.md (#3788) * Update README.md Signed-off-by: Melissa Vagi <[email protected]> * Update README.md Co-authored-by: Miki <[email protected]> --------- Signed-off-by: Melissa Vagi <[email protected]> Co-authored-by: Miki <[email protected]> Co-authored-by: Miki <[email protected]> * Bump yaml to 2.2.2 (#3947) Signed-off-by: Manasvini B Suryanarayana <[email protected]> Co-authored-by: Sean Neumann <[email protected]> * Bump `joi` to v14 to avoid the possibility of prototype poisoning in a nested dependency (#3952) Signed-off-by: Miki <[email protected]> * [Doc] Add communication guide (#3837) * docs(COMMUNICATION): Add communication guide with info on slack, forum, and developer office hours link from README, CONTRIBUTING, DEVELOPER_GUIDE Signed-off-by: Josh Romero <[email protected]> --------- Signed-off-by: Josh Romero <[email protected]> * Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976) The latest version of chromedriver is 112.0.1 which does not support node 14. This PR hardcodes chromedriver to 112.0.0 temporarily. Pls revert it once we bump to node 18. Issue Resolved #3975 Signed-off-by: ananzh <[email protected]> * Fix wording and duplicate code in embeddable example plugin (#3911) * Fix wording and duplicate code in embeddable example plugin Signed-off-by: abbyhu2000 <[email protected]> * Fix some wording in the embeddable readme Signed-off-by: abbyhu2000 <[email protected]> --------- Signed-off-by: abbyhu2000 <[email protected]> * [CI] setup Chrome and utilize binary path (#3997) Within the CI, the virtual runner that we are utilizing has Chrome installed already. The version of Chrome is installed periodically. The most recent version of Chrome requires updates to dependencies that drop support for Node 14. This downloads chrome in the CI and then checks the chromedriver from the environment variable `TEST_BROWSER_BINARY_PATH`. Signed-off-by: Kawika Avilla <[email protected]> * [Dashboards listing] fix listing limit (#4021) Initial page size was passed to the search function instead of the listing limit causing the max amount received to be significantly less than the previously implementation. Saved objects per page is `20` by default and the listing limit per page is `1000` by default. Issue: #4017 Signed-off-by: Kawika Avilla <[email protected]> * [CCI] Fix EUI/OUI type errors (#3798) * Update find_test_subject imports for tests Signed-off-by: Alexei Karikov <[email protected]> * Update to available imports for findTestSubject Signed-off-by: Alexei Karikov <[email protected]> * Fix available import for Query and custom icon Signed-off-by: Alexei Karikov <[email protected]> * Add changelog entry Signed-off-by: Alexei Karikov <[email protected]> * Add ts-ignore Signed-off-by: Alexei Karikov <[email protected]> --------- Signed-off-by: Alexei Karikov <[email protected]> Co-authored-by: Qingyang(Abby) Hu <[email protected]> * Fix bottom bar visibility using create portal (#3336) (#3978) Signed-off-by: Sergey Myssak <[email protected]> Co-authored-by: Andrey Myssak <[email protected]> * Adds threshold to code coverage changes for project (#4040) * Fixes code coverage workflow failures for the project test due to inderect flakey changes Signed-off-by: Ashwin P Chandran <[email protected]> * Adds changelog Signed-off-by: Ashwin P Chandran <[email protected]> --------- Signed-off-by: Ashwin P Chandran <[email protected]> * Updates PR template for screenshots and test instructions (#4042) Signed-off-by: Ashwin P Chandran <[email protected]> * Replace re2 with RegExp in timeline and add unit tests (#3908) Remove re2 usage and replace it with JavaScript built-in RegExp object. Also add more unit tests to make sure that using RegExp has same expressions as using re2 library. Issue Resolve #3901 Signed-off-by: Anan Zhuang <[email protected]> * [Console] [CCI] Remove unused ul element and its custom styling. (#3993) * remove unused ul element Signed-off-by: Sirazh Gabdullin <[email protected]> * Update CHANGELOG.md Signed-off-by: Sirazh Gabdullin <[email protected]> --------- Signed-off-by: Sirazh Gabdullin <[email protected]> * Add 1.3.10 release note (#4060) (#4063) * Add release note for 1.3.10 * Address comments and add one CVE PR --------- (cherry picked from commit 4371587) Signed-off-by: abbyhu2000 <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * [Multiple Datasource] Support Amazon OpenSearch Serverless (#3957) * [Multiple Datasource]Support Amazon OpenSearch Serverless in SigV4 * remove experimental text in yml * Refactor create data source form for authentication Signed-off-by: Su <[email protected]> * Remove Sass from `tile_map` plugin (#4110) * Remove Sass from tile_map plugin Signed-off-by: Matt Provost <[email protected]> * Update changelog Signed-off-by: Matt Provost <[email protected]> --------- Signed-off-by: Matt Provost <[email protected]> * Design for New Saved Object Service Interface for Custom Repository (#3954) * Adds design document for new saved object service interface for custom repository Signed-off-by: Bandini Bhopi <[email protected]> * enhance grouping for context menu options (#3924) * enhance grouping for context menu options * build panels tests and more comments Signed-off-by: David Sinclair <[email protected]> --------- Signed-off-by: David Sinclair <[email protected]> Signed-off-by: David Sinclair <[email protected]> Signed-off-by: Josh Romero <[email protected]> Co-authored-by: Josh Romero <[email protected]> * Adding Tao and Zilong to MAINTAINERS (#4137) * Adding Tao and Zilong to MAINTAINERS Signed-off-by: Yan Zeng <[email protected]> * [MD]Update data-test-subj for functional tests & fix bug in edit flow (#4126) Signed-off-by: Su <[email protected]> * Add support for Node.js >=14.20.1 <19 (#4071) * Bump Node.js requirements to 18 Signed-off-by: Miki <[email protected]> * Replace `lmdb-store` with `lmdb` Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Bump `elastic-apm-node` to the latest minor Signed-off-by: Miki <[email protected]> * Replace webpack and plugins with a patched version that uses xxhash64 * Use `xxhash64` as the hashing algorithm of webpack * Upgrade `globby` * Remove `fibers` Signed-off-by: Miki <[email protected]> * Replace `fs.rmdir` with `fs.rm` in cross-platform tests Signed-off-by: Miki <[email protected]> * Increase listener limit Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Add promise-stripping serializer Signed-off-by: Miki <[email protected]> * Bump heap for CI Signed-off-by: Miki <[email protected]> * Correct use of fs/promises in @osd/pm Signed-off-by: Miki <[email protected]> * Use fs/promise in plugin post-install cleanup Signed-off-by: Miki <[email protected]> * Set the test server's host to `0.0.0.0` Signed-off-by: Miki <[email protected]> * Sync `.node-version` file Signed-off-by: Miki <[email protected]> * Support both `isPrimary`, for Node 18, and `isMaster`, for Node 14 Signed-off-by: Miki <[email protected]> * Add types when using `isDeepStrictEqual` Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Add names to `SchemaError` to log more specific errors Signed-off-by: Miki <[email protected]> * Fix failing vega visualization tests outside the CI Signed-off-by: Miki <[email protected]> * Fix snapshot of errors thrown for undefined accessors Signed-off-by: Miki <[email protected]> * Fix flakiness of log_rotator Signed-off-by: Miki <[email protected]> * Fix asynchronous `fs` usafe in plugin discover Signed-off-by: Miki <[email protected]> * Fix mocks in @osd/optimizer Signed-off-by: Miki <[email protected]> * Fix memory leaks caused by setting states on unloaded components Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Bump Node in Dockerfile Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Remove the response `close` event as an indicator of the requesting finishing #3601 (comment) Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * [BWC] Timeout after 3 mins of waiting for OSD to be running in tests Signed-off-by: Miki <[email protected]> * Make build use the same node version that tests are run against Signed-off-by: Miki <[email protected]> * Make Node resolve DNS by IPv4 first * This is helpful to resolve `locahost` to `127.0.0.1` Signed-off-by: Miki <[email protected]> * Standardize patterns used by plugin discovery * Enhance absolute path serialization on Windows Signed-off-by: Miki <[email protected]> * Mock fetch in SenseEditor tests Signed-off-by: Miki <[email protected]> * Restore node-sass usage to fix build performance * `sass-loader@10` is the last version that supports webpack@4 * `sass` is extremely slow when using the legacy API (`render`) and to use the "Modern API" (`compileStringAsync`), `sass-loader@13` would be needed. * The performance of `sass@10` is made acceptable only with `fibers` but that is deprecated and doesn't work on Node 18 Signed-off-by: Anan Zhuang <[email protected]> Signed-off-by: Miki <[email protected]> * Revert "[CI] setup Chrome and utilize binary path (#3997)" This reverts commit 0188d05 Signed-off-by: Miki <[email protected]> * Prevent fast-fail while running functional test in CI Signed-off-by: Miki <[email protected]> * Revert "Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976)" This reverts commit 5ea0cbe. Signed-off-by: Miki <[email protected]> * Save Cypress results artifacts during CI Signed-off-by: Miki <[email protected]> * Add missing required dependency on `set-value` * Also force all to ^4.1.0 due to a vulnerability fixed in 3.1.0. Signed-off-by: Miki <[email protected]> * Prevent multiple calls to bootstrap's shutdown Signed-off-by: Miki <[email protected]> * Use Node 18.16.0 in distributions * Bump jest-canvas-mock to fix failing tests * Extend Node engines versions Signed-off-by: Miki <[email protected]> * Normalize test snapshots across Node 14, 16, and 18 Signed-off-by: Miki <[email protected]> * Update CHANGELOG for Node.js >=14.20.1 <19 support Signed-off-by: Miki <[email protected]> --------- Signed-off-by: Miki <[email protected]> Signed-off-by: Miki <[email protected]> Signed-off-by: Anan Zhuang <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Remove timeline application (#3971) * Remove timeline application In this PR, we made the following changes: First of all, clean out some advanced settings specific to timeline application and tests. * Remove timelion:default_rows: This setting defines the default number of rows that a new Timelion sheet should have. * Remove timelion:default_rows: This setting defines the default number of columns that a new Timelion sheet should have. * Remove timelion:showTutorial. Second, remove src/plugin/timeline completely and modify timeline vis. Third, remove all the functional tests related to timeline application. Issue resolve #3519 #3593 Signed-off-by: ananzh <[email protected]> --------- Signed-off-by: Anan Zhuang <[email protected]> Signed-off-by: ananzh <[email protected]> * Use `exec` in the CLI shell scripts to prevent new process creation (#3955) Signed-off-by: Miki <[email protected]> * chore (lychee): Add company.net to exclusion list (#4171) Signed-off-by: Josh Romero <[email protected]> * Bundle Node 14 as a fallback for operating systems that cannot run Node 18 (#4151) Signed-off-by: ananzh <[email protected]> Signed-off-by: Miki <[email protected]> * Refactor authentication description message (#4179) resolves #4173 Signed-off-by: Su <[email protected]> --------- Signed-off-by: Ashwin P Chandran <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Kristen Tian <[email protected]> Signed-off-by: Josh Romero <[email protected]> Signed-off-by: Kawika Avilla <[email protected]> Signed-off-by: Andrey Myssak <[email protected]> Signed-off-by: Melissa Vagi <[email protected]> Signed-off-by: Manasvini B Suryanarayana <[email protected]> Signed-off-by: Miki <[email protected]> Signed-off-by: ananzh <[email protected]> Signed-off-by: abbyhu2000 <[email protected]> Signed-off-by: Alexei Karikov <[email protected]> Signed-off-by: Sergey Myssak <[email protected]> Signed-off-by: Anan Zhuang <[email protected]> Signed-off-by: Sirazh Gabdullin <[email protected]> Signed-off-by: Su <[email protected]> Signed-off-by: Matt Provost <[email protected]> Signed-off-by: Bandini Bhopi <[email protected]> Signed-off-by: David Sinclair <[email protected]> Signed-off-by: David Sinclair <[email protected]> Signed-off-by: Yan Zeng <[email protected]> Signed-off-by: Miki <[email protected]> Signed-off-by: Ashish Agrawal <[email protected]> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <[email protected]> Co-authored-by: Kristen Tian <[email protected]> Co-authored-by: Kawika Avilla <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Andrey Myssak <[email protected]> Co-authored-by: Sergey Myssak <[email protected]> Co-authored-by: Melissa Vagi <[email protected]> Co-authored-by: Miki <[email protected]> Co-authored-by: Miki <[email protected]> Co-authored-by: Manasvini B Suryanarayana <[email protected]> Co-authored-by: Sean Neumann <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> Co-authored-by: Qingyang(Abby) Hu <[email protected]> Co-authored-by: Alexei Karikov <[email protected]> Co-authored-by: Andrey Myssak <[email protected]> Co-authored-by: Sirazh Gabdullin <[email protected]> Co-authored-by: Zhongnan Su <[email protected]> Co-authored-by: Matt Provost <[email protected]> Co-authored-by: Bandini <[email protected]> Co-authored-by: David Sinclair <[email protected]> Co-authored-by: Yan Zeng <[email protected]>
* Fix header icon (#3910) (#3915) * fixes header change * Update src/core/public/chrome/ui/header/header_help_menu.tsx * fixes snapshots --------- (cherry picked from commit 3cca088) Signed-off-by: Ashwin P Chandran <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <[email protected]> * Add server side private IP blocking for data source endpoints validation (#3912) Signed-off-by: Kristen Tian <[email protected]> * Docs (Jest): Update jest documentation links (#3931) Signed-off-by: Josh Romero <[email protected]> * Revert "[CCI] Replace jquery usage in console plugin with native methods (#3733)" (#3929) This reverts commit ffe4556. * [BUG][Dashboard listing] push to history if dashboard otherwise nav (#3922) History push will just to the current route. However, dashboardsProvider was implemented with the expectation that it was a different app. So when a plugin registered it was attempting to navigate to `app/dashboard#/app/{url}` Add tests and extra data test subject. Signed-off-by: Kawika Avilla <[email protected]> * remove jquery console release note for #3929 revert (#3930) Signed-off-by: Josh Romero <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> * [CCI] Update js-yaml to v4.0.5 (#3770) * Update js-yaml to 4.0.5 (#3659) * Update CHANGELOG.md (#3659) Co-authored-by: Sergey Myssak <[email protected]> Signed-off-by: Andrey Myssak <[email protected]> --------- Signed-off-by: Andrey Myssak <[email protected]> Signed-off-by: Josh Romero <[email protected]> Co-authored-by: Sergey Myssak <[email protected]> Co-authored-by: Josh Romero <[email protected]> * Update README.md (#3788) * Update README.md Signed-off-by: Melissa Vagi <[email protected]> * Update README.md Co-authored-by: Miki <[email protected]> --------- Signed-off-by: Melissa Vagi <[email protected]> Co-authored-by: Miki <[email protected]> Co-authored-by: Miki <[email protected]> * Bump yaml to 2.2.2 (#3947) Signed-off-by: Manasvini B Suryanarayana <[email protected]> Co-authored-by: Sean Neumann <[email protected]> * Bump `joi` to v14 to avoid the possibility of prototype poisoning in a nested dependency (#3952) Signed-off-by: Miki <[email protected]> * [Doc] Add communication guide (#3837) * docs(COMMUNICATION): Add communication guide with info on slack, forum, and developer office hours link from README, CONTRIBUTING, DEVELOPER_GUIDE Signed-off-by: Josh Romero <[email protected]> --------- Signed-off-by: Josh Romero <[email protected]> * Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976) The latest version of chromedriver is 112.0.1 which does not support node 14. This PR hardcodes chromedriver to 112.0.0 temporarily. Pls revert it once we bump to node 18. Issue Resolved #3975 Signed-off-by: ananzh <[email protected]> * Fix wording and duplicate code in embeddable example plugin (#3911) * Fix wording and duplicate code in embeddable example plugin Signed-off-by: abbyhu2000 <[email protected]> * Fix some wording in the embeddable readme Signed-off-by: abbyhu2000 <[email protected]> --------- Signed-off-by: abbyhu2000 <[email protected]> * [CI] setup Chrome and utilize binary path (#3997) Within the CI, the virtual runner that we are utilizing has Chrome installed already. The version of Chrome is installed periodically. The most recent version of Chrome requires updates to dependencies that drop support for Node 14. This downloads chrome in the CI and then checks the chromedriver from the environment variable `TEST_BROWSER_BINARY_PATH`. Signed-off-by: Kawika Avilla <[email protected]> * [Dashboards listing] fix listing limit (#4021) Initial page size was passed to the search function instead of the listing limit causing the max amount received to be significantly less than the previously implementation. Saved objects per page is `20` by default and the listing limit per page is `1000` by default. Issue: #4017 Signed-off-by: Kawika Avilla <[email protected]> * [CCI] Fix EUI/OUI type errors (#3798) * Update find_test_subject imports for tests Signed-off-by: Alexei Karikov <[email protected]> * Update to available imports for findTestSubject Signed-off-by: Alexei Karikov <[email protected]> * Fix available import for Query and custom icon Signed-off-by: Alexei Karikov <[email protected]> * Add changelog entry Signed-off-by: Alexei Karikov <[email protected]> * Add ts-ignore Signed-off-by: Alexei Karikov <[email protected]> --------- Signed-off-by: Alexei Karikov <[email protected]> Co-authored-by: Qingyang(Abby) Hu <[email protected]> * Fix bottom bar visibility using create portal (#3336) (#3978) Signed-off-by: Sergey Myssak <[email protected]> Co-authored-by: Andrey Myssak <[email protected]> * Adds threshold to code coverage changes for project (#4040) * Fixes code coverage workflow failures for the project test due to inderect flakey changes Signed-off-by: Ashwin P Chandran <[email protected]> * Adds changelog Signed-off-by: Ashwin P Chandran <[email protected]> --------- Signed-off-by: Ashwin P Chandran <[email protected]> * Updates PR template for screenshots and test instructions (#4042) Signed-off-by: Ashwin P Chandran <[email protected]> * Replace re2 with RegExp in timeline and add unit tests (#3908) Remove re2 usage and replace it with JavaScript built-in RegExp object. Also add more unit tests to make sure that using RegExp has same expressions as using re2 library. Issue Resolve #3901 Signed-off-by: Anan Zhuang <[email protected]> * [Console] [CCI] Remove unused ul element and its custom styling. (#3993) * remove unused ul element Signed-off-by: Sirazh Gabdullin <[email protected]> * Update CHANGELOG.md Signed-off-by: Sirazh Gabdullin <[email protected]> --------- Signed-off-by: Sirazh Gabdullin <[email protected]> * Add 1.3.10 release note (#4060) (#4063) * Add release note for 1.3.10 * Address comments and add one CVE PR --------- (cherry picked from commit 4371587) Signed-off-by: abbyhu2000 <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * [Multiple Datasource] Support Amazon OpenSearch Serverless (#3957) * [Multiple Datasource]Support Amazon OpenSearch Serverless in SigV4 * remove experimental text in yml * Refactor create data source form for authentication Signed-off-by: Su <[email protected]> * Remove Sass from `tile_map` plugin (#4110) * Remove Sass from tile_map plugin Signed-off-by: Matt Provost <[email protected]> * Update changelog Signed-off-by: Matt Provost <[email protected]> --------- Signed-off-by: Matt Provost <[email protected]> * Design for New Saved Object Service Interface for Custom Repository (#3954) * Adds design document for new saved object service interface for custom repository Signed-off-by: Bandini Bhopi <[email protected]> * enhance grouping for context menu options (#3924) * enhance grouping for context menu options * build panels tests and more comments Signed-off-by: David Sinclair <[email protected]> --------- Signed-off-by: David Sinclair <[email protected]> Signed-off-by: David Sinclair <[email protected]> Signed-off-by: Josh Romero <[email protected]> Co-authored-by: Josh Romero <[email protected]> * Adding Tao and Zilong to MAINTAINERS (#4137) * Adding Tao and Zilong to MAINTAINERS Signed-off-by: Yan Zeng <[email protected]> * [MD]Update data-test-subj for functional tests & fix bug in edit flow (#4126) Signed-off-by: Su <[email protected]> * Add support for Node.js >=14.20.1 <19 (#4071) * Bump Node.js requirements to 18 Signed-off-by: Miki <[email protected]> * Replace `lmdb-store` with `lmdb` Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Bump `elastic-apm-node` to the latest minor Signed-off-by: Miki <[email protected]> * Replace webpack and plugins with a patched version that uses xxhash64 * Use `xxhash64` as the hashing algorithm of webpack * Upgrade `globby` * Remove `fibers` Signed-off-by: Miki <[email protected]> * Replace `fs.rmdir` with `fs.rm` in cross-platform tests Signed-off-by: Miki <[email protected]> * Increase listener limit Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Add promise-stripping serializer Signed-off-by: Miki <[email protected]> * Bump heap for CI Signed-off-by: Miki <[email protected]> * Correct use of fs/promises in @osd/pm Signed-off-by: Miki <[email protected]> * Use fs/promise in plugin post-install cleanup Signed-off-by: Miki <[email protected]> * Set the test server's host to `0.0.0.0` Signed-off-by: Miki <[email protected]> * Sync `.node-version` file Signed-off-by: Miki <[email protected]> * Support both `isPrimary`, for Node 18, and `isMaster`, for Node 14 Signed-off-by: Miki <[email protected]> * Add types when using `isDeepStrictEqual` Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Add names to `SchemaError` to log more specific errors Signed-off-by: Miki <[email protected]> * Fix failing vega visualization tests outside the CI Signed-off-by: Miki <[email protected]> * Fix snapshot of errors thrown for undefined accessors Signed-off-by: Miki <[email protected]> * Fix flakiness of log_rotator Signed-off-by: Miki <[email protected]> * Fix asynchronous `fs` usafe in plugin discover Signed-off-by: Miki <[email protected]> * Fix mocks in @osd/optimizer Signed-off-by: Miki <[email protected]> * Fix memory leaks caused by setting states on unloaded components Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Bump Node in Dockerfile Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Remove the response `close` event as an indicator of the requesting finishing #3601 (comment) Signed-off-by: Miki <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * [BWC] Timeout after 3 mins of waiting for OSD to be running in tests Signed-off-by: Miki <[email protected]> * Make build use the same node version that tests are run against Signed-off-by: Miki <[email protected]> * Make Node resolve DNS by IPv4 first * This is helpful to resolve `locahost` to `127.0.0.1` Signed-off-by: Miki <[email protected]> * Standardize patterns used by plugin discovery * Enhance absolute path serialization on Windows Signed-off-by: Miki <[email protected]> * Mock fetch in SenseEditor tests Signed-off-by: Miki <[email protected]> * Restore node-sass usage to fix build performance * `sass-loader@10` is the last version that supports webpack@4 * `sass` is extremely slow when using the legacy API (`render`) and to use the "Modern API" (`compileStringAsync`), `sass-loader@13` would be needed. * The performance of `sass@10` is made acceptable only with `fibers` but that is deprecated and doesn't work on Node 18 Signed-off-by: Anan Zhuang <[email protected]> Signed-off-by: Miki <[email protected]> * Revert "[CI] setup Chrome and utilize binary path (#3997)" This reverts commit 0188d05 Signed-off-by: Miki <[email protected]> * Prevent fast-fail while running functional test in CI Signed-off-by: Miki <[email protected]> * Revert "Temporarily hardcode chromedriver to 112.0.0 to enable all ftr tests (#3976)" This reverts commit 5ea0cbe. Signed-off-by: Miki <[email protected]> * Save Cypress results artifacts during CI Signed-off-by: Miki <[email protected]> * Add missing required dependency on `set-value` * Also force all to ^4.1.0 due to a vulnerability fixed in 3.1.0. Signed-off-by: Miki <[email protected]> * Prevent multiple calls to bootstrap's shutdown Signed-off-by: Miki <[email protected]> * Use Node 18.16.0 in distributions * Bump jest-canvas-mock to fix failing tests * Extend Node engines versions Signed-off-by: Miki <[email protected]> * Normalize test snapshots across Node 14, 16, and 18 Signed-off-by: Miki <[email protected]> * Update CHANGELOG for Node.js >=14.20.1 <19 support Signed-off-by: Miki <[email protected]> --------- Signed-off-by: Miki <[email protected]> Signed-off-by: Miki <[email protected]> Signed-off-by: Anan Zhuang <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> * Remove timeline application (#3971) * Remove timeline application In this PR, we made the following changes: First of all, clean out some advanced settings specific to timeline application and tests. * Remove timelion:default_rows: This setting defines the default number of rows that a new Timelion sheet should have. * Remove timelion:default_rows: This setting defines the default number of columns that a new Timelion sheet should have. * Remove timelion:showTutorial. Second, remove src/plugin/timeline completely and modify timeline vis. Third, remove all the functional tests related to timeline application. Issue resolve #3519 #3593 Signed-off-by: ananzh <[email protected]> --------- Signed-off-by: Anan Zhuang <[email protected]> Signed-off-by: ananzh <[email protected]> * Use `exec` in the CLI shell scripts to prevent new process creation (#3955) Signed-off-by: Miki <[email protected]> * chore (lychee): Add company.net to exclusion list (#4171) Signed-off-by: Josh Romero <[email protected]> * Bundle Node 14 as a fallback for operating systems that cannot run Node 18 (#4151) Signed-off-by: ananzh <[email protected]> Signed-off-by: Miki <[email protected]> * Refactor authentication description message (#4179) resolves #4173 Signed-off-by: Su <[email protected]> * [CI] skip checksum verification for cypress tests (#4188) Snapshot checksum verification caused failure in test runs: #4187 Skipping the verification to enable the tests run as the snapshot of OpenSearch should not impact the tests. Issue: n/a Signed-off-by: Kawika Avilla <[email protected]> * Adds plugin manifest config to define OpenSearch plugin dependency and verifies if it is installed (#3116) Resolves Issue -#2799 Signed-off-by: Manasvini B Suryanarayana <[email protected]> * [Table Visualization] Remove custom styling for text-align:center in favor of OUI utility class. (#4164) * remove custom styling in favor of oui utility class Signed-off-by: Sirazh Gabdullin <[email protected]> * Update CHANGELOG.md Signed-off-by: Sirazh Gabdullin <[email protected]> --------- Signed-off-by: Sirazh Gabdullin <[email protected]> * Add new MAINTAINERS to CODEOWNERS file (#4199) * Add new code owners Signed-off-by: Tao Liu <[email protected]> * modify changelog.md Signed-off-by: Tao Liu <[email protected]> --------- Signed-off-by: Tao Liu <[email protected]> * Add 2.8.0 release notes (#4204) * Add 2.8.0 release notes Co-authored-by: Josh Romero <[email protected]> Signed-off-by: Kawika Avilla <[email protected]> * Chore(CHANGELOG): Update with 2.7, 2.8 releases (#3890) * Chore(CHANGELOG): Update with 2.7 release * align changelog with 2.8 release notes * update 2.8 release notes * add 1.3.10 release notes to changelog --------- Signed-off-by: Josh Romero <[email protected]> * [Saved Object Service] Adds Repository Factory Provider (#4149) * Adds Repository Factory Provider Signed-off-by: Bandini Bhopi <[email protected]> * add category option for context menus (#4144) * enhance grouping for context menu options Signed-off-by: David Sinclair <[email protected]> * change log Signed-off-by: David Sinclair <[email protected]> * remove type export Signed-off-by: David Sinclair <[email protected]> * revert border and prevent destroy options Signed-off-by: David Sinclair <[email protected]> * update comments for building panels Signed-off-by: David Sinclair <[email protected]> * build panels tests and more comments Signed-off-by: David Sinclair <[email protected]> * add category option for context menus Signed-off-by: David Sinclair <[email protected]> * changelog Signed-off-by: David Sinclair <[email protected]> * add order to groups Signed-off-by: David Sinclair <[email protected]> * documentation, shorter copyrighty, minor cleanup Signed-off-by: David Sinclair <[email protected]> * changelog Signed-off-by: David Sinclair <[email protected]> --------- Signed-off-by: David Sinclair <[email protected]> Signed-off-by: David Sinclair <[email protected]> Signed-off-by: Ashish Agrawal <[email protected]> Co-authored-by: Ashish Agrawal <[email protected]> * [CCI] Add bluebird replaces for src/plugins/saved_objects (#4026) * Add bluebird replaces for src/plugins/saved_objects * Add changelog entry --------- Signed-off-by: Alexei Karikov <[email protected]> * Validate and correct change log after 2.8 release (#4275) Signed-off-by: Su <[email protected]> --------- Signed-off-by: Ashwin P Chandran <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Kristen Tian <[email protected]> Signed-off-by: Josh Romero <[email protected]> Signed-off-by: Kawika Avilla <[email protected]> Signed-off-by: Andrey Myssak <[email protected]> Signed-off-by: Melissa Vagi <[email protected]> Signed-off-by: Manasvini B Suryanarayana <[email protected]> Signed-off-by: Miki <[email protected]> Signed-off-by: ananzh <[email protected]> Signed-off-by: abbyhu2000 <[email protected]> Signed-off-by: Alexei Karikov <[email protected]> Signed-off-by: Sergey Myssak <[email protected]> Signed-off-by: Anan Zhuang <[email protected]> Signed-off-by: Sirazh Gabdullin <[email protected]> Signed-off-by: Su <[email protected]> Signed-off-by: Matt Provost <[email protected]> Signed-off-by: Bandini Bhopi <[email protected]> Signed-off-by: David Sinclair <[email protected]> Signed-off-by: David Sinclair <[email protected]> Signed-off-by: Yan Zeng <[email protected]> Signed-off-by: Miki <[email protected]> Signed-off-by: Tao Liu <[email protected]> Signed-off-by: Ashish Agrawal <[email protected]> Signed-off-by: Ashish Agrawal <[email protected]> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <[email protected]> Co-authored-by: Kristen Tian <[email protected]> Co-authored-by: Kawika Avilla <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Andrey Myssak <[email protected]> Co-authored-by: Sergey Myssak <[email protected]> Co-authored-by: Melissa Vagi <[email protected]> Co-authored-by: Miki <[email protected]> Co-authored-by: Miki <[email protected]> Co-authored-by: Manasvini B Suryanarayana <[email protected]> Co-authored-by: Sean Neumann <[email protected]> Co-authored-by: Anan Zhuang <[email protected]> Co-authored-by: Qingyang(Abby) Hu <[email protected]> Co-authored-by: Alexei Karikov <[email protected]> Co-authored-by: Andrey Myssak <[email protected]> Co-authored-by: Sirazh Gabdullin <[email protected]> Co-authored-by: Zhongnan Su <[email protected]> Co-authored-by: Matt Provost <[email protected]> Co-authored-by: Bandini <[email protected]> Co-authored-by: David Sinclair <[email protected]> Co-authored-by: Yan Zeng <[email protected]> Co-authored-by: Tao Liu <[email protected]>
Description
Bump package yaml to 2.2.2 to resolve CVE-2023-2251
Opensearch Dashboard has transitive dependency on package yaml. Upgrading direct dependencies to its updated version does not resolve package yaml to 2.2.2 version. Hence adding selective dependency resolution to yaml package.
Issues Resolved
#3946
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr