-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add fix for CVE-2023-2251 #60
Conversation
Signed-off-by: Rupal Mahajan <[email protected]>
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #60 +/- ##
=======================================
Coverage 62.76% 62.76%
=======================================
Files 10 10
Lines 658 658
Branches 119 119
=======================================
Hits 413 413
Misses 192 192
Partials 53 53
Flags with carried forward coverage won't be shown. Click here to find out more. Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-60-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 e8bb51ef5943fcb9a52b35dde8e22685f2be004f
# Push it to GitHub
git push --set-upstream origin backport/backport-60-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.x Then, create a pull request where the |
Signed-off-by: Rupal Mahajan <[email protected]> (cherry picked from commit e8bb51e)
Signed-off-by: Rupal Mahajan <[email protected]> (cherry picked from commit e8bb51e) Co-authored-by: Rupal Mahajan <[email protected]>
[email protected] does not support node v10.24.1 This reverts commit e8bb51e.
[email protected] does not support node v10.24.1 This reverts commit e8bb51e. Signed-off-by: Ubuntu <[email protected]>
* Revert "Add fix for CVE-2023-2251 (#60)" [email protected] does not support node v10.24.1 This reverts commit e8bb51e. Signed-off-by: Ubuntu <[email protected]> * Update qs version for CVE-2022-24999 Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Ubuntu <[email protected]> * Update minimatch version for CVE-2022-3517 Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Ubuntu <[email protected]> * Add github workflows (#35) * Add github workflows Signed-off-by: Joshua Li <[email protected]> * Fix env name Signed-off-by: Joshua Li <[email protected]> --------- Signed-off-by: Joshua Li <[email protected]> Signed-off-by: Ubuntu <[email protected]> * Rerun CI without macos Signed-off-by: Rupal Mahajan <[email protected]> * Fix workflow for windows test Signed-off-by: Rupal Mahajan <[email protected]> * Revert "Fix workflow for windows test" This reverts commit 377e91b. Signed-off-by: Rupal Mahajan <[email protected]> * Update workflow Signed-off-by: Rupal Mahajan <[email protected]> * Revert "Update workflow" This reverts commit 85e22c1. Signed-off-by: Rupal Mahajan <[email protected]> * Retry CI Signed-off-by: Rupal Mahajan <[email protected]> * Retry workflow Signed-off-by: Rupal Mahajan <[email protected]> * Fix yaml syntax Signed-off-by: Rupal Mahajan <[email protected]> * Rerun CI Signed-off-by: Rupal Mahajan <[email protected]> * Try bash for test Signed-off-by: Rupal Mahajan <[email protected]> * Rerun workflow Signed-off-by: Rupal Mahajan <[email protected]> * Fix version Signed-off-by: Rupal Mahajan <[email protected]> * Fix Path Signed-off-by: Rupal Mahajan <[email protected]> * fix path Signed-off-by: Rupal Mahajan <[email protected]> * Fix node path issue Signed-off-by: Rupal Mahajan <[email protected]> --------- Signed-off-by: Ubuntu <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Joshua Li <[email protected]> Co-authored-by: Ubuntu <[email protected]> Co-authored-by: Joshua Li <[email protected]>
* Updated MAINTAINERS.md to match recommended opensearch-project format. (opensearch-project#18) Signed-off-by: dblock <[email protected]> Signed-off-by: dblock <[email protected]> * Add .whitesource configuration file (#1) Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com> * Bump json5 from 2.2.1 to 2.2.3 (opensearch-project#20) Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.1...v2.2.3) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * adding release notes (opensearch-project#28) (opensearch-project#30) Signed-off-by: Shenoy Pratik <[email protected]> Signed-off-by: Shenoy Pratik <[email protected]> (cherry picked from commit 5dde647) Co-authored-by: Shenoy Pratik <[email protected]> * Rename plugin_helpers to plugin-helpers (opensearch-project#31) Signed-off-by: Joshua Li <[email protected]> * Add resolution for ansi-regex (opensearch-project#38) Signed-off-by: Rupal Mahajan <[email protected]> * Upgrade hapi-latest to fix CVE-2023-25166 (opensearch-project#39) Signed-off-by: Rupal Mahajan <[email protected]> * Created untriaged issue workflow. (opensearch-project#42) Signed-off-by: dblock <[email protected]> * Fix Node.js and Yarn installation in CI (opensearch-project#44) Signed-off-by: Miki <[email protected]> * add release notes for 2.6 query workbench (opensearch-project#48) (opensearch-project#50) * add release notes for 2.6 query workbench Signed-off-by: Derek Ho <[email protected]> * add CI item in infra Signed-off-by: Derek Ho <[email protected]> --------- Signed-off-by: Derek Ho <[email protected]> (cherry picked from commit 5cecd8d) Co-authored-by: Derek Ho <[email protected]> * baseline repo groups (opensearch-project#52) Signed-off-by: Derek Ho <[email protected]> * Add 2.7 release note (opensearch-project#57) Signed-off-by: Chen Dai <[email protected]> * Add fix for CVE-2023-2251 (opensearch-project#60) Signed-off-by: Rupal Mahajan <[email protected]> * update maintainers and code owners (opensearch-project#64) * update maintainers and code owners Signed-off-by: Derek Ho <[email protected]> * add ani to codeowners Signed-off-by: Derek Ho <[email protected]> --------- Signed-off-by: Derek Ho <[email protected]> * Add release notes for 2.8 (opensearch-project#75) * Add release notes for 2.8 Signed-off-by: Joshua Li <[email protected]> * Update release notes Signed-off-by: Joshua Li <[email protected]> --------- Signed-off-by: Joshua Li <[email protected]> * Use valid json for mock data in unit tests (opensearch-project#76) Signed-off-by: Joshua Li <[email protected]> * Update default query. (opensearch-project#81) Signed-off-by: Yury-Fridlyand <[email protected]> * Update CI. (opensearch-project#82) Signed-off-by: Yury-Fridlyand <[email protected]> * Increment version to 3.0.0.0 (opensearch-project#66) Signed-off-by: opensearch-ci-bot <[email protected]> Co-authored-by: opensearch-ci-bot <[email protected]> * Upgrade tough-cookie and semver (opensearch-project#90) * Upgrade tough-cookie to fix CVE-2023-26136 Signed-off-by: Rupal Mahajan <[email protected]> * Add semver resolution to patch CVE-2022-25883 Signed-off-by: Rupal Mahajan <[email protected]> --------- Signed-off-by: Rupal Mahajan <[email protected]> * Add release notes for 2.9.0 (opensearch-project#93) Signed-off-by: Rupal Mahajan <[email protected]> * Bump word-wrap from 1.2.3 to 1.2.4 (opensearch-project#99) Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.4) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update fail backport (opensearch-project#104) Signed-off-by: Derek Ho <[email protected]> * Update backport CI, add PR merged condition (opensearch-project#111) Signed-off-by: Shenoy Pratik <[email protected]> * Update searchbar snapshots according to upstream changes (opensearch-project#115) Signed-off-by: Derek Ho <[email protected]> * add release notes for 2.10.0 (opensearch-project#117) Signed-off-by: Shenoy Pratik <[email protected]> * Upgrade cypress/request (opensearch-project#120) Signed-off-by: Simeon Widdis <[email protected]> * Add table acceleration flyout (opensearch-project#128) * Add table acceleration flyout Signed-off-by: Shenoy Pratik <[email protected]> * comment on hardcoded elements Signed-off-by: Shenoy Pratik <[email protected]> * additional comment on hardcoded Signed-off-by: Shenoy Pratik <[email protected]> * remove console logs Signed-off-by: Shenoy Pratik <[email protected]> * review fixes Signed-off-by: Shenoy Pratik <[email protected]> * revert version changes, inline type declare Signed-off-by: Shenoy Pratik <[email protected]> --------- Signed-off-by: Shenoy Pratik <[email protected]> * Increment version to 3.0.0.0 (opensearch-project#121) Signed-off-by: opensearch-ci-bot <[email protected]> Co-authored-by: opensearch-ci-bot <[email protected]> * Add materialized view visual builder and query builders (opensearch-project#129) * add materialized view visual builder and query builders Signed-off-by: Shenoy Pratik <[email protected]> * organize header and PR comments Signed-off-by: Shenoy Pratik <[email protected]> --------- Signed-off-by: Shenoy Pratik <[email protected]> * Define tables (opensearch-project#126) * added changes for sidebar Signed-off-by: sumukhswamy <[email protected]> * added side bar with tables indexed Signed-off-by: sumukhswamy <[email protected]> * added dynamic element for tree view, addressed pr comments Signed-off-by: sumukhswamy <[email protected]> * made a few design and panel changes, addressed pr comments Signed-off-by: sumukhswamy <[email protected]> * changed the constants file Signed-off-by: sumukhswamy <[email protected]> * added changes for search bar removal, pr comments Signed-off-by: sumukhswamy <[email protected]> * readded console.log Signed-off-by: sumukhswamy <[email protected]> * updated test suites, removed search field Signed-off-by: sumukhswamy <[email protected]> * added changes for Data connection and combo box Signed-off-by: sumukhswamy <[email protected]> * updated mock for http query Signed-off-by: sumukhswamy <[email protected]> * updated mock template name in tests Signed-off-by: sumukhswamy <[email protected]> * addressed pr comments Signed-off-by: sumukhswamy <[email protected]> * addressed more comments Signed-off-by: sumukhswamy <[email protected]> * added error message for sidebar Signed-off-by: sumukhswamy <[email protected]> * updated snapshots Signed-off-by: sumukhswamy <[email protected]> --------- Signed-off-by: sumukhswamy <[email protected]> * update packages and tsconfig (opensearch-project#130) Signed-off-by: Shenoy Pratik <[email protected]> * Update form validations and tests for acceleration (opensearch-project#133) * update form validaitons Signed-off-by: Shenoy Pratik <[email protected]> * update snapshots, add skipping validator Signed-off-by: Shenoy Pratik <[email protected]> * update sqlpage snapshot Signed-off-by: Shenoy Pratik <[email protected]> * add tests for acceleration create Signed-off-by: Shenoy Pratik <[email protected]> * update acceleration builder tests Signed-off-by: Shenoy Pratik <[email protected]> * update PR comments Signed-off-by: Shenoy Pratik <[email protected]> * adding fix for windows snapshots Signed-off-by: Shenoy Pratik <[email protected]> * update snapshot files Signed-off-by: Shenoy Pratik <[email protected]> --------- Signed-off-by: Shenoy Pratik <[email protected]> * implementing async query support with polling (opensearch-project#131) * successfully getting async post requests Signed-off-by: Paul Sebastian <[email protected]> * get query with hardcoded job id working Signed-off-by: Paul Sebastian <[email protected]> * working spark query after constant time wait Signed-off-by: Paul Sebastian <[email protected]> * added polling with some hardcoded values Signed-off-by: Paul Sebastian <[email protected]> * ability to switch between sources implemented Signed-off-by: Paul Sebastian <[email protected]> * implemented basic spinner Signed-off-by: Paul Sebastian <[email protected]> * small pr asks and cancellation implemented Signed-off-by: Paul Sebastian <[email protected]> * fixing small clear state issues Signed-off-by: Paul Sebastian <[email protected]> * reduce route name redundancy Signed-off-by: Paul Sebastian <[email protected]> * remove multiple query implementation for async Signed-off-by: Paul Sebastian <[email protected]> * needed to modify the endpoint Signed-off-by: Paul Sebastian <[email protected]> * default data source being Opensearch and updated snapshots Signed-off-by: Paul Sebastian <[email protected]> --------- Signed-off-by: Paul Sebastian <[email protected]> * added the skipping index queries, covering index queries,updates the … (opensearch-project#134) * added the skipping index queries, covering index queries,updates the data picker Signed-off-by: sumukhswamy <[email protected]> * added the skipping index queries, covering index queries,updates the data picker Signed-off-by: sumukhswamy <[email protected]> * reverted updates to yarn Signed-off-by: sumukhswamy <[email protected]> * updated tests, snapshots Signed-off-by: sumukhswamy <[email protected]> --------- Signed-off-by: sumukhswamy <[email protected]> * Acceleration related changes and minor fixes (opensearch-project#135) * add acc index flyout Signed-off-by: Shenoy Pratik <[email protected]> * remove [if not exists] from acc creation Signed-off-by: Shenoy Pratik <[email protected]> * merge tableview from main Signed-off-by: Shenoy Pratik <[email protected]> * adding acc index flyout Signed-off-by: Shenoy Pratik <[email protected]> * add hash router Signed-off-by: Shenoy Pratik <[email protected]> * hide materialized view index type Signed-off-by: Shenoy Pratik <[email protected]> * update snapshots Signed-off-by: Shenoy Pratik <[email protected]> * loading combo boxes for acc flyout Signed-off-by: Shenoy Pratik <[email protected]> * adding acceleration backend integ Signed-off-by: Shenoy Pratik <[email protected]> * update jest tests for acc flyout Signed-off-by: Shenoy Pratik <[email protected]> * add redirection support for home page Signed-off-by: Shenoy Pratik <[email protected]> * fix primary shards count and replica validation Signed-off-by: Shenoy Pratik <[email protected]> * remove the caution callout for acc flyout Signed-off-by: Shenoy Pratik <[email protected]> * support acc flyout redirection from data sources Signed-off-by: Shenoy Pratik <[email protected]> --------- Signed-off-by: Shenoy Pratik <[email protected]> * disable buttons while running async query (opensearch-project#136) * disable most buttons Signed-off-by: Paul Sebastian <[email protected]> * code editor read only Signed-off-by: Paul Sebastian <[email protected]> * disabled accelerate button Signed-off-by: Paul Sebastian <[email protected]> --------- Signed-off-by: Paul Sebastian <[email protected]> * Design changes for the sidebar and update to create button (opensearch-project#138) * added changes for loading, create button Signed-off-by: sumukhswamy <[email protected]> * removed comments, updated snapshots Signed-off-by: sumukhswamy <[email protected]> * addressed pr comments Signed-off-by: sumukhswamy <[email protected]> * addressed pr comments Signed-off-by: sumukhswamy <[email protected]> * addressed pr comments Signed-off-by: sumukhswamy <[email protected]> * updated snapshots, constant for skipping index Signed-off-by: sumukhswamy <[email protected]> --------- Signed-off-by: sumukhswamy <[email protected]> * Load table fields for acceleration index flyout (opensearch-project#137) * load table fields after table is selected Signed-off-by: Shenoy Pratik <[email protected]> * simplify the map function Signed-off-by: Shenoy Pratik <[email protected]> --------- Signed-off-by: Shenoy Pratik <[email protected]> * Adding minor updates and bug fixes (opensearch-project#140) * adding minor updates to acceleration ui Signed-off-by: Shenoy Pratik <[email protected]> * edits to acceleration index flyout Signed-off-by: Shenoy Pratik <[email protected]> * adding minor edits to table view Signed-off-by: Shenoy Pratik <[email protected]> * update snapshots Signed-off-by: Shenoy Pratik <[email protected]> * remove console log Signed-off-by: Shenoy Pratik <[email protected]> * minor fixes to namings and tableview Signed-off-by: Shenoy Pratik <[email protected]> * update tableview clear db Signed-off-by: Shenoy Pratik <[email protected]> --------- Signed-off-by: Shenoy Pratik <[email protected]> --------- Signed-off-by: dblock <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Joshua Li <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Miki <[email protected]> Signed-off-by: Derek Ho <[email protected]> Signed-off-by: Chen Dai <[email protected]> Signed-off-by: Yury-Fridlyand <[email protected]> Signed-off-by: opensearch-ci-bot <[email protected]> Signed-off-by: Shenoy Pratik <[email protected]> Signed-off-by: Simeon Widdis <[email protected]> Signed-off-by: sumukhswamy <[email protected]> Signed-off-by: Paul Sebastian <[email protected]> Co-authored-by: Daniel (dB.) Doubrovkine <[email protected]> Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: Joshua Li <[email protected]> Co-authored-by: Rupal Mahajan <[email protected]> Co-authored-by: Daniel (dB.) Doubrovkine <[email protected]> Co-authored-by: Miki <[email protected]> Co-authored-by: Derek Ho <[email protected]> Co-authored-by: Chen Dai <[email protected]> Co-authored-by: Yury-Fridlyand <[email protected]> Co-authored-by: opensearch-ci-bot <[email protected]> Co-authored-by: Simeon Widdis <[email protected]> Co-authored-by: sumukhswamy <[email protected]> Co-authored-by: Paul Sebastian <[email protected]> Co-authored-by: Paul Sebastian <[email protected]>
Description
Issues Resolved
CVE-2023-2251
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.