Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade tough-cookie and semver #90

Merged
merged 2 commits into from
Jul 11, 2023

Conversation

rupal-bq
Copy link
Contributor

@rupal-bq rupal-bq commented Jul 11, 2023

Description

  • Added tough-cookie v4.1.3 to resolution

Issues Resolved

CVE-2023-26136
CVE-2022-25883

Check List

  • New functionality includes testing.
    • All tests pass, including unit test, integration test and doctest
  • New functionality has been documented.
    • New functionality has javadoc added
    • New functionality has user manual doc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@rupal-bq rupal-bq changed the title Upgrade tough-cookie to fix CVE-2023-26136 Upgrade tough-cookie and semver Jul 11, 2023
@codecov
Copy link

codecov bot commented Jul 11, 2023

Codecov Report

Merging #90 (8fd9455) into main (9f93597) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main      #90   +/-   ##
=======================================
  Coverage   62.76%   62.76%           
=======================================
  Files          10       10           
  Lines         658      658           
  Branches      119      119           
=======================================
  Hits          413      413           
  Misses        192      192           
  Partials       53       53           
Flag Coverage Δ
dashboards-query-workbench 62.76% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@rupal-bq rupal-bq merged commit 1d15024 into opensearch-project:main Jul 11, 2023
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-90-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 1d150243b8bc4daeaa77e3905d0a586fb94087f7
# Push it to GitHub
git push --set-upstream origin backport/backport-90-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-90-to-2.x.

@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.9 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.9 2.9
# Navigate to the new working tree
cd .worktrees/backport-2.9
# Create a new branch
git switch --create backport/backport-90-to-2.9
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 1d150243b8bc4daeaa77e3905d0a586fb94087f7
# Push it to GitHub
git push --set-upstream origin backport/backport-90-to-2.9
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.9

Then, create a pull request where the base branch is 2.9 and the compare/head branch is backport/backport-90-to-2.9.

ps48 added a commit to ps48/dashboards-query-workbench that referenced this pull request Oct 5, 2023
* Updated MAINTAINERS.md to match recommended opensearch-project format. (opensearch-project#18)

Signed-off-by: dblock <[email protected]>

Signed-off-by: dblock <[email protected]>

* Add .whitesource configuration file (#1)

Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>

* Bump json5 from 2.2.1 to 2.2.3 (opensearch-project#20)

Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.2.1...v2.2.3)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* adding release notes (opensearch-project#28) (opensearch-project#30)

Signed-off-by: Shenoy Pratik <[email protected]>

Signed-off-by: Shenoy Pratik <[email protected]>
(cherry picked from commit 5dde647)

Co-authored-by: Shenoy Pratik <[email protected]>

* Rename plugin_helpers to plugin-helpers (opensearch-project#31)

Signed-off-by: Joshua Li <[email protected]>

* Add resolution for ansi-regex (opensearch-project#38)

Signed-off-by: Rupal Mahajan <[email protected]>

* Upgrade hapi-latest to fix CVE-2023-25166 (opensearch-project#39)

Signed-off-by: Rupal Mahajan <[email protected]>

* Created untriaged issue workflow. (opensearch-project#42)

Signed-off-by: dblock <[email protected]>

* Fix Node.js and Yarn installation in CI (opensearch-project#44)

Signed-off-by: Miki <[email protected]>

* add release notes for 2.6 query workbench (opensearch-project#48) (opensearch-project#50)

* add release notes for 2.6 query workbench

Signed-off-by: Derek Ho <[email protected]>

* add CI item in infra

Signed-off-by: Derek Ho <[email protected]>

---------

Signed-off-by: Derek Ho <[email protected]>
(cherry picked from commit 5cecd8d)

Co-authored-by: Derek Ho <[email protected]>

* baseline repo groups (opensearch-project#52)

Signed-off-by: Derek Ho <[email protected]>

* Add 2.7 release note (opensearch-project#57)

Signed-off-by: Chen Dai <[email protected]>

* Add fix for CVE-2023-2251 (opensearch-project#60)

Signed-off-by: Rupal Mahajan <[email protected]>

* update maintainers and code owners (opensearch-project#64)

* update maintainers and code owners

Signed-off-by: Derek Ho <[email protected]>

* add ani to codeowners

Signed-off-by: Derek Ho <[email protected]>

---------

Signed-off-by: Derek Ho <[email protected]>

* Add release notes for 2.8 (opensearch-project#75)

* Add release notes for 2.8

Signed-off-by: Joshua Li <[email protected]>

* Update release notes

Signed-off-by: Joshua Li <[email protected]>

---------

Signed-off-by: Joshua Li <[email protected]>

* Use valid json for mock data in unit tests (opensearch-project#76)

Signed-off-by: Joshua Li <[email protected]>

* Update default query. (opensearch-project#81)

Signed-off-by: Yury-Fridlyand <[email protected]>

* Update CI. (opensearch-project#82)

Signed-off-by: Yury-Fridlyand <[email protected]>

* Increment version to 3.0.0.0 (opensearch-project#66)

Signed-off-by: opensearch-ci-bot <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>

* Upgrade tough-cookie and semver (opensearch-project#90)

* Upgrade tough-cookie to fix CVE-2023-26136

Signed-off-by: Rupal Mahajan <[email protected]>

* Add semver resolution to patch CVE-2022-25883

Signed-off-by: Rupal Mahajan <[email protected]>

---------

Signed-off-by: Rupal Mahajan <[email protected]>

* Add release notes for 2.9.0 (opensearch-project#93)

Signed-off-by: Rupal Mahajan <[email protected]>

* Bump word-wrap from 1.2.3 to 1.2.4 (opensearch-project#99)

Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.4)

---
updated-dependencies:
- dependency-name: word-wrap
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update fail backport (opensearch-project#104)

Signed-off-by: Derek Ho <[email protected]>

* Update backport CI, add PR merged condition (opensearch-project#111)

Signed-off-by: Shenoy Pratik <[email protected]>

* Update searchbar snapshots according to upstream changes (opensearch-project#115)

Signed-off-by: Derek Ho <[email protected]>

* add release notes for 2.10.0 (opensearch-project#117)

Signed-off-by: Shenoy Pratik <[email protected]>

* Upgrade cypress/request (opensearch-project#120)

Signed-off-by: Simeon Widdis <[email protected]>

* Add table acceleration flyout (opensearch-project#128)

* Add table acceleration flyout

Signed-off-by: Shenoy Pratik <[email protected]>

* comment on hardcoded elements

Signed-off-by: Shenoy Pratik <[email protected]>

* additional comment on hardcoded

Signed-off-by: Shenoy Pratik <[email protected]>

* remove console logs

Signed-off-by: Shenoy Pratik <[email protected]>

* review fixes

Signed-off-by: Shenoy Pratik <[email protected]>

* revert version changes, inline type declare

Signed-off-by: Shenoy Pratik <[email protected]>

---------

Signed-off-by: Shenoy Pratik <[email protected]>

* Increment version to 3.0.0.0 (opensearch-project#121)

Signed-off-by: opensearch-ci-bot <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>

* Add materialized view visual builder and query builders (opensearch-project#129)

* add materialized view visual builder and query builders

Signed-off-by: Shenoy Pratik <[email protected]>

* organize header and PR comments

Signed-off-by: Shenoy Pratik <[email protected]>

---------

Signed-off-by: Shenoy Pratik <[email protected]>

* Define tables (opensearch-project#126)

* added changes for sidebar

Signed-off-by: sumukhswamy <[email protected]>

* added side bar with tables indexed

Signed-off-by: sumukhswamy <[email protected]>

* added dynamic element for tree view, addressed pr comments

Signed-off-by: sumukhswamy <[email protected]>

* made a few design and panel changes, addressed pr comments

Signed-off-by: sumukhswamy <[email protected]>

* changed the constants file

Signed-off-by: sumukhswamy <[email protected]>

* added changes for search bar removal, pr comments

Signed-off-by: sumukhswamy <[email protected]>

* readded console.log

Signed-off-by: sumukhswamy <[email protected]>

* updated test suites, removed search field

Signed-off-by: sumukhswamy <[email protected]>

* added changes for Data connection and combo box

Signed-off-by: sumukhswamy <[email protected]>

* updated mock for http query

Signed-off-by: sumukhswamy <[email protected]>

* updated mock template name in tests

Signed-off-by: sumukhswamy <[email protected]>

* addressed pr comments

Signed-off-by: sumukhswamy <[email protected]>

* addressed more comments

Signed-off-by: sumukhswamy <[email protected]>

* added error message for sidebar

Signed-off-by: sumukhswamy <[email protected]>

* updated snapshots

Signed-off-by: sumukhswamy <[email protected]>

---------

Signed-off-by: sumukhswamy <[email protected]>

* update packages and tsconfig (opensearch-project#130)

Signed-off-by: Shenoy Pratik <[email protected]>

* Update form validations and tests for acceleration  (opensearch-project#133)

* update form validaitons

Signed-off-by: Shenoy Pratik <[email protected]>

* update snapshots, add skipping validator

Signed-off-by: Shenoy Pratik <[email protected]>

* update sqlpage snapshot

Signed-off-by: Shenoy Pratik <[email protected]>

* add tests for acceleration create

Signed-off-by: Shenoy Pratik <[email protected]>

* update acceleration builder tests

Signed-off-by: Shenoy Pratik <[email protected]>

* update PR comments

Signed-off-by: Shenoy Pratik <[email protected]>

* adding fix for windows snapshots

Signed-off-by: Shenoy Pratik <[email protected]>

* update snapshot files

Signed-off-by: Shenoy Pratik <[email protected]>

---------

Signed-off-by: Shenoy Pratik <[email protected]>

* implementing async query support with polling (opensearch-project#131)

* successfully getting async post requests

Signed-off-by: Paul Sebastian <[email protected]>

* get query with hardcoded job id working

Signed-off-by: Paul Sebastian <[email protected]>

* working spark query after constant time wait

Signed-off-by: Paul Sebastian <[email protected]>

* added polling with some hardcoded values

Signed-off-by: Paul Sebastian <[email protected]>

* ability to switch between sources implemented

Signed-off-by: Paul Sebastian <[email protected]>

* implemented basic spinner

Signed-off-by: Paul Sebastian <[email protected]>

* small pr asks and cancellation implemented

Signed-off-by: Paul Sebastian <[email protected]>

* fixing small clear state issues

Signed-off-by: Paul Sebastian <[email protected]>

* reduce route name redundancy

Signed-off-by: Paul Sebastian <[email protected]>

* remove multiple query implementation for async

Signed-off-by: Paul Sebastian <[email protected]>

* needed to modify the endpoint

Signed-off-by: Paul Sebastian <[email protected]>

* default data source being Opensearch and updated snapshots

Signed-off-by: Paul Sebastian <[email protected]>

---------

Signed-off-by: Paul Sebastian <[email protected]>

* added the skipping index queries, covering index queries,updates the … (opensearch-project#134)

* added the skipping index queries, covering index queries,updates the data picker

Signed-off-by: sumukhswamy <[email protected]>

* added the skipping index queries, covering index queries,updates the data picker

Signed-off-by: sumukhswamy <[email protected]>

* reverted updates to yarn

Signed-off-by: sumukhswamy <[email protected]>

* updated tests, snapshots

Signed-off-by: sumukhswamy <[email protected]>

---------

Signed-off-by: sumukhswamy <[email protected]>

* Acceleration related changes and minor fixes (opensearch-project#135)

* add acc index flyout

Signed-off-by: Shenoy Pratik <[email protected]>

* remove [if not exists] from acc creation

Signed-off-by: Shenoy Pratik <[email protected]>

* merge tableview from main

Signed-off-by: Shenoy Pratik <[email protected]>

* adding acc index flyout

Signed-off-by: Shenoy Pratik <[email protected]>

* add hash router

Signed-off-by: Shenoy Pratik <[email protected]>

* hide materialized view index type

Signed-off-by: Shenoy Pratik <[email protected]>

* update snapshots

Signed-off-by: Shenoy Pratik <[email protected]>

* loading combo boxes for acc flyout

Signed-off-by: Shenoy Pratik <[email protected]>

* adding acceleration backend integ

Signed-off-by: Shenoy Pratik <[email protected]>

* update jest tests for acc flyout

Signed-off-by: Shenoy Pratik <[email protected]>

* add redirection support for home page

Signed-off-by: Shenoy Pratik <[email protected]>

* fix primary shards count and replica validation

Signed-off-by: Shenoy Pratik <[email protected]>

* remove the caution callout for acc flyout

Signed-off-by: Shenoy Pratik <[email protected]>

* support acc flyout redirection from data sources

Signed-off-by: Shenoy Pratik <[email protected]>

---------

Signed-off-by: Shenoy Pratik <[email protected]>

* disable buttons while running async query (opensearch-project#136)

* disable most buttons

Signed-off-by: Paul Sebastian <[email protected]>

* code editor read only

Signed-off-by: Paul Sebastian <[email protected]>

* disabled accelerate button

Signed-off-by: Paul Sebastian <[email protected]>

---------

Signed-off-by: Paul Sebastian <[email protected]>

* Design changes for the sidebar and update to create button (opensearch-project#138)

* added changes for loading, create button

Signed-off-by: sumukhswamy <[email protected]>

* removed comments, updated snapshots

Signed-off-by: sumukhswamy <[email protected]>

* addressed pr comments

Signed-off-by: sumukhswamy <[email protected]>

* addressed pr comments

Signed-off-by: sumukhswamy <[email protected]>

* addressed pr comments

Signed-off-by: sumukhswamy <[email protected]>

* updated snapshots, constant for skipping index

Signed-off-by: sumukhswamy <[email protected]>

---------

Signed-off-by: sumukhswamy <[email protected]>

* Load table fields for acceleration index flyout (opensearch-project#137)

* load table fields after table is selected

Signed-off-by: Shenoy Pratik <[email protected]>

* simplify the map function

Signed-off-by: Shenoy Pratik <[email protected]>

---------

Signed-off-by: Shenoy Pratik <[email protected]>

* Adding minor updates and bug fixes (opensearch-project#140)

* adding minor updates to acceleration ui

Signed-off-by: Shenoy Pratik <[email protected]>

* edits to acceleration index flyout

Signed-off-by: Shenoy Pratik <[email protected]>

* adding minor edits to table view

Signed-off-by: Shenoy Pratik <[email protected]>

* update snapshots

Signed-off-by: Shenoy Pratik <[email protected]>

* remove console log

Signed-off-by: Shenoy Pratik <[email protected]>

* minor fixes to namings and tableview

Signed-off-by: Shenoy Pratik <[email protected]>

* update tableview clear db

Signed-off-by: Shenoy Pratik <[email protected]>

---------

Signed-off-by: Shenoy Pratik <[email protected]>

---------

Signed-off-by: dblock <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Joshua Li <[email protected]>
Signed-off-by: Rupal Mahajan <[email protected]>
Signed-off-by: Miki <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
Signed-off-by: Chen Dai <[email protected]>
Signed-off-by: Yury-Fridlyand <[email protected]>
Signed-off-by: opensearch-ci-bot <[email protected]>
Signed-off-by: Shenoy Pratik <[email protected]>
Signed-off-by: Simeon Widdis <[email protected]>
Signed-off-by: sumukhswamy <[email protected]>
Signed-off-by: Paul Sebastian <[email protected]>
Co-authored-by: Daniel (dB.) Doubrovkine <[email protected]>
Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Co-authored-by: Joshua Li <[email protected]>
Co-authored-by: Rupal Mahajan <[email protected]>
Co-authored-by: Daniel (dB.) Doubrovkine <[email protected]>
Co-authored-by: Miki <[email protected]>
Co-authored-by: Derek Ho <[email protected]>
Co-authored-by: Chen Dai <[email protected]>
Co-authored-by: Yury-Fridlyand <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Co-authored-by: Simeon Widdis <[email protected]>
Co-authored-by: sumukhswamy <[email protected]>
Co-authored-by: Paul Sebastian <[email protected]>
Co-authored-by: Paul Sebastian <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 2.x backport 2.9 dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants