Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-0155 (Medium) detected in follow-redirects-1.12.1.tgz, follow-redirects-1.14.3.tgz #1133

Closed
mend-for-github.aaakk.us.kg bot opened this issue Jan 11, 2022 · 0 comments · Fixed by #1113
Assignees
Labels
cve Security vulnerabilities detected by Dependabot or Mend high severity High severity CVE Mend: dependency security vulnerability Security vulnerability detected by Mend v2.0.0

Comments

@mend-for-github.aaakk.us.kg
Copy link

mend-for-github.aaakk.us.kg bot commented Jan 11, 2022

CVE-2022-0155 - Medium Severity Vulnerability

Vulnerable Libraries - follow-redirects-1.12.1.tgz, follow-redirects-1.14.3.tgz

follow-redirects-1.12.1.tgz

HTTP and HTTPS modules that follow redirects.

Library home page: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.12.1.tgz

Dependency Hierarchy:

  • agent-0.28.6.tgz (Root Library)
    • follow-redirects-1.12.1.tgz (Vulnerable Library)
follow-redirects-1.14.3.tgz

HTTP and HTTPS modules that follow redirects.

Library home page: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.3.tgz

Dependency Hierarchy:

  • agent-0.28.6.tgz (Root Library)
    • axios-0.21.4.tgz
      • follow-redirects-1.14.3.tgz (Vulnerable Library)

Found in base branch: main

Vulnerability Details

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

Publish Date: 2022-01-10

URL: CVE-2022-0155

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/

Release Date: 2022-01-10

Fix Resolution: follow-redirects - v1.14.7

@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Jan 11, 2022
@tmarkley tmarkley added cve Security vulnerabilities detected by Dependabot or Mend high severity High severity CVE labels Jan 12, 2022
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot changed the title CVE-2022-0155 (High) detected in follow-redirects-1.14.3.tgz CVE-2022-0155 (High) detected in follow-redirects-1.12.1.tgz, follow-redirects-1.14.3.tgz Jan 14, 2022
@tmarkley tmarkley self-assigned this Jan 18, 2022
tmarkley pushed a commit to tmarkley/OpenSearch-Dashboards that referenced this issue Jan 18, 2022
* Addresses first set of dependencies that are upstream from
`[email protected]`. There is more work to do but a webpack upgrade is
required first.
* Replaces usage of `request` in integration tests with `tough-cookie`.
* `@percy/agent` is deprecated and is replaced by `@percy/cli`.
* Bumps `follow-redirects- to address CVE.
* Also removes unnecessary user management logic from functional tests.

Resolves opensearch-project#1133
Incremental change towards addressing opensearch-project#1066

Signed-off-by: Tommy Markley <[email protected]>
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot changed the title CVE-2022-0155 (High) detected in follow-redirects-1.12.1.tgz, follow-redirects-1.14.3.tgz CVE-2022-0155 (Medium) detected in follow-redirects-1.12.1.tgz, follow-redirects-1.14.3.tgz Jan 26, 2022
tmarkley pushed a commit to tmarkley/OpenSearch-Dashboards that referenced this issue Feb 3, 2022
* Addresses first set of dependencies that are upstream from
`[email protected]`. There is more work to do but a webpack upgrade is
required first.
* Replaces usage of `request` in integration tests with `tough-cookie`.
* `@percy/agent` is deprecated and is replaced by `@percy/cli`.
* Bumps `follow-redirects- to address CVE.
* Also removes unnecessary user management logic from functional tests.

Resolves opensearch-project#1133
Incremental change towards addressing opensearch-project#1066

Signed-off-by: Tommy Markley <[email protected]>
tmarkley pushed a commit to tmarkley/OpenSearch-Dashboards that referenced this issue Feb 4, 2022
* Addresses first set of dependencies that are upstream from
`[email protected]`. There is more work to do but a webpack upgrade is
required first.
* Replaces usage of `request` in integration tests with `tough-cookie`.
* `@percy/agent` is deprecated and is replaced by `@percy/cli`.
* Bumps `follow-redirects- to address CVE.
* Also removes unnecessary user management logic from functional tests.

Resolves opensearch-project#1133
Incremental change towards addressing opensearch-project#1066

Signed-off-by: Tommy Markley <[email protected]>
tmarkley pushed a commit to tmarkley/OpenSearch-Dashboards that referenced this issue Feb 7, 2022
* Addresses first set of dependencies that are upstream from
`[email protected]`. There is more work to do but a webpack upgrade is
required first.
* Replaces usage of `request` in integration tests with `tough-cookie`.
* `@percy/agent` is deprecated and is replaced by `@percy/cli`.
* Bumps `follow-redirects- to address CVE.
* Also removes unnecessary user management logic from functional tests.

Resolves opensearch-project#1133
Incremental change towards addressing opensearch-project#1066

Signed-off-by: Tommy Markley <[email protected]>
tmarkley pushed a commit that referenced this issue Feb 8, 2022
* Addresses first set of dependencies that are upstream from
`[email protected]`. There is more work to do but a webpack upgrade is
required first.
* Replaces usage of `request` in integration tests with `tough-cookie`.
* `@percy/agent` is deprecated and is replaced by `@percy/cli`.
* Bumps `follow-redirects` to address CVE.
* Also removes unnecessary user management logic from functional tests.

Resolves #1133
Incremental change towards addressing #1066

Signed-off-by: Tommy Markley <[email protected]>
@tmarkley tmarkley added the v2.0.0 label Feb 8, 2022
AMoo-Miki pushed a commit to AMoo-Miki/OpenSearch-Dashboards that referenced this issue Feb 10, 2022
ashwin-pc added a commit that referenced this issue Feb 12, 2022
* [Git] update PR template (#937)

Update template to remove javadoc check box since we do not have any
javadocs and include how to run the tests we use to verify the build.

Signed-off-by: Kawika Avilla <[email protected]>

* Add release notes for Dashboards 1.2.0 (#944)

This is the backport PR for #944

Signed-off-by: Neumann <[email protected]>

* Add versioned document support in OSD

This is PR is to add versioned document support in OSD.
1. Add logic to pick up doc version from package.json and convert it to `latest` if we are on default `main` branch.
2. Refactor doc_link_service to have 3 urls groups: opensearch, opensearchDashboards, and noDocumentation.
3. Update dynamic versioned doc links and clean up unused urls
4. Fix known url bug  #769
5. Add unit tests for doclinks branch name conversion

Signed-off-by: Zuocheng Ding <[email protected]>

* [Branding] prevent logging when config not set (#941)

Out of the box, the rendering service will check the config
and see the default value and log an info message saying that
the branding config is invalid or not set. Everytime
you refresh the browser you will get those log messages.

This sets it to only log error messages if the user sets
the branding config and it is invalid.

Include using default messages.

Signed-off-by: Kawika Avilla <[email protected]>

* [Version] Increment to 2.0 (#973)

Version bump from 1.2 to 2.0

Signed-off-by: Kawika Avilla <[email protected]>

* Add Lychee Link Checker into OSD (#938)

1. Fix broken links in OSD
2. Generate lycheeexcude list to filter out false negative warnings from test files or external links
3. Add TODO items for internal unavaiable links
4. Integrate with doc link service change.
5. Standardize all opensearch url with `https://opensearch.org/` and add unavilable urls into noDocument list

Signed-off-by: Zuocheng Ding <[email protected]>

* Fix Lychee Link Checker Error (#1011)

Signed-off-by: Zuocheng Ding <[email protected]>

* [CI] Add tests to github workflow

Add unit tests to github workflow and also creating a "bad apples"
environment variable. Some unit tests just fail on the CI for
hardware issues. They should be improved but step one will be
calling out the bad apples.

Also due to the flakiness we can cache the previous run results
and only run the tests that failed. It's too random to catch
with the bad apples mechanism. But still added the continue on
error for unit tests because it takes so long to re-run on the
CI. So instead if it does fail we automatically echo there
was a failure and ask them to re-run. However, if we can get
permission for a github action that can add a comment to the PR
then we could automatically add to PR.

Next step will be improving.

Also needed to limit the amount of workers because otherwise the
hardware can't handle well so then it will accidentally create conflicts.
This means we get an accurate test run but it is slower on the CI.

Included integration tests which worked out of the box.

Included e2e tests as well but it the chrome driver for the application
was different from github's chrome so to run it I just upgraded it for
the test run. Not ideal, ideally we should probably set up a
docker env and install the specific versions since we are now
depending on github's virtual env and the dependencies they installed
there. But at least this is a first pace.

Signed-off-by: Kawika Avilla <[email protected]>

* Add bwc tests for osd with bundle (#871)

tests include the following cases:
verify default page work
verify advanced savings work
verify filter and query work

Disable eslint check
Add eslint-disable comment
Revise license content in plugins and support
Simplify filter and query test
modify test name and fix PR comment
update license header and remove env files
fix timestamp issue
update eslint and license

Particailly Resolved:
opensearch-project/opensearch-build#705

Signed-off-by: Anan Zhuang <[email protected]>

* Add more bwc tests for osd without bundles (#900)

This PR adds the following bwc tests:
1) verify sample data work properly for bwc
2) verify timeline visualization work properly for bwc
This PR also simplifies check_filter_and_query bwc test.
It first removes Unique Visitors check because even fix
the time interval, the number of unique visitors number
is random. Then it simplifies this bwc test.

add more tests in check_timeline and modify test names
change one query content to make bwc tests more robust
update license header
add missing test and solve timestamp issue
fix eslint and comments

Partially Resolved:
opensearch-project/opensearch-build#705

Signed-off-by: Anan Zhuang <[email protected]>

* Add bwc test data for osd without bundle (#927)

This PR contains 13 zipped bwc test data for osd without bundle.
The data has been tested by osd-1.1 and osd-1.2. To use, here are
the steps:
1)unzip the data to opensearch, for example:
tar -xvf odfe-1.13.2.tar.gz
You need to remove data folder first if there is one in opensearch
2)run opensearch: ./bin/opensearch
3)run dashboards: ./bin/opensearch-dashboards
4)run any cypress test

Partically Resolved:
opensearch-project/opensearch-build#705

Signed-off-by: Anan Zhuang <[email protected]>

* Add bwc test data for osd with bundle (#940)

This PR contains 13 zipped bwc test data for osd with bundle.
The data has been tested by osd-1.1 and osd-1.2. To use, here are
the steps:
1)unzip the data to opensearch, for example:
tar -xvf odfe-1.13.2.tar.gz
You need to remove data folder first if there is one in opensearch
2)run opensearch: ./bin/opensearch
3)run dashboards: ./bin/opensearch-dashboards
4)run any cypress test

Besides the above manual process, we now offer a script in this PR:
#931

To run bwc test using osd bundle data, use this command:
./cypress/bwctest-osd.sh
-o /path/to/opensearch.tar.gz
-d /path/to/opensearch-dashboards.tar.gz
-b true

Pls see more details in the above PR.

fix data issue for eCommerse data
resubmit data to fix timestamp issue

Partically Resolved:
opensearch-project/opensearch-build#705

Signed-off-by: Anan Zhuang <[email protected]>

* Add more bwc tests for osd with bundles (#901)

This PR adds the following bwc tests:
1)verify sample data work properly for bwc
2)verify timeline visualization work properly for bwc

add more commands check in check_timeline and rename sample data check
minimize the login time and make the tests more robust
change query content to make bwc test more robust
update license header
solve timestamp issue
fix comments and eslint

Partically Resolved:

opensearch-project/opensearch-build#705

Signed-off-by: Anan Zhuang <[email protected]>

* [Backwards Compatibility] restore URL forwarding from legacy app

Forwarding legacy app to the current format of the application.
This enables the usage of stored URLs and other links that referenced
the format of the application URL that mentioned the application name.

Since we changed the URL forwarding we changed this value and released.
So incase forks were made and depended on this legacy formatted reference
of the application. It will still work. There are also references of the
application.

Issue resolved:
#1013

Signed-off-by: Kawika Avilla <[email protected]>

* [Link] Fix yarnpkg link error

Issue: https://yarnpkg.com/latest.msi is unavailable now and will be rerouted to a 404 page.
Add it to link checker allow list to unblock the PR process.

Signed-off-by: Zuocheng Ding <[email protected]>

* Use the OpenSearch Dashboards logo in the READMEs

Signed-off-by: Tommy Markley <[email protected]>

* Add .whitesource file to activate integration scan (#999)

We already enable the access of WhiteSource integration with Github.com for this repo. However, the automatic PR of .whitesource is not created. We asked for the support from WhiteSource side and they suggested we could raise one by ourselves. This PR will also set the WhiteSource integration config mode to Local to be using the whitesource.config. Dashboards team can modify this configuration on their own to customize it. We are providing the one we had for all repos at this time.

Issues Resolved
opensearch-project/opensearch-build#721

* Add whitesource for to activate integration
* Add links of documents for WhiteSource

Signed-off-by: Zelin Hao <[email protected]>

* [Build] remove legacy version check for plugin builds (#1029)

Removes the SEMVAR check for external plugins. 7.9 is not relevant
to the application.

The semvar library was also preventing major.minor.patch.x which is the
format from OpenSearch plugins.

Related issue:
#992

Signed-off-by: Kawika Avilla <[email protected]>

* [Node 14] Upgrades Node version from 10.24.1 to 14.18.2 (#1028)

* Addresses syntax changes between Node.js v10 and v14.
* Bumps dependencies to address build/compatibility issues:
* Bumps `@types/node` from v10.17.26 to v14.17.32
* Bumps `@elastic/good` from v8.1.1-kibana2 to v9.0.1-kibana3
* Bumps `react` from v16.12.0 to v16.14.0
* Bumps `@microsoft/api-documenter` from v7.7.2 to v7.13.65
* Bumps `@microsoft/api-extractor` from v7.7.0 to v7.18.17
* Bumps `@types/webpack` from v4.41.3 to v4.41.31
* Bumps `@types/webpack-env` from v1.15.2 to v1.16.3
* Bumps `sass-loader` from v8.0.2 to v10.2.0
* Bumps `lmdb-store` from v0.6.10 to v1.6.11
* Bumps `node-sass` from "sass/node-sass#v5" to v6.0.1
* Adds `--no-deprecation` flag for integration tests caused by `shot`
which is a downstream dependency of `hapi`.
* Skips flaky server metrics collector tests
* The ServerMetricsCollector tests are flaky and rely on the existing
v17 hapi library that Dashboards depends on. This will be upgraded
for the 2.0 release along with the Node.js upgrade. (#1073)
* Bumps react from 16.12 to 16.14 to resolve unmet peer 
dependencies, but we still need a resolution to remove the old version.
* Adds transformIgnorePattern for weak-lru-cache and ordered-binary
to fix unit test jest failures.
* Refactors node cache to improve logging and separate databases

Signed-off-by: Bishoy Boktor <[email protected]>
Co-authored-by: Tommy Markley <[email protected]>
Co-authored-by: Kawika Avilla <[email protected]>
Co-authored-by: Ashwin Pc <[email protected]>

* Add a script to run one command for all bwc tests (#931)

Currently, even we have bwc tests and data, to run bwc, we need
to copy and unzip data in opensearch, then run opensearch,
dashboards and cypress. This script will add more automation to
allow us use one command to run all the tests. Here is the cmd:

./scripts/bwctest-osd.sh
-o /path/to/opensearch.tar.gz
-d /path/to/opensearch-dashboards.tar.gz
-v versions
-b true/false

-o is the path to the tested opensearch. Here we need to rename
the folder to opensearch and zip it
-d is the path to the tested opensearch-dashboards. Also need to
rename the folder to opensearch-dashboards and zip it
-v is the optional version para. You can specify one version or
multiple versions like "odfe-1.1.0, osd-1.0.0". If no pass, it will
run all the versions defined in the script.
-b is the optional osd type para. If pass true, it will run osd bundle.
If pass false, it will run osd vanilla. The default is false.

update the usage section with new parameters
add license header and move the script in scripts folder

modify bwc test script:
1)use curl command to check the opensearch and dashboards status
2)create test groups to eliminate if clauses
3)modify var names
4)wrap each block into functions to make it more reusable
5)add more comments

clean out usage on port 5601
add test command and modify checking logic
fix license

Partically Resolved:
opensearch-project/opensearch-build#705

Signed-off-by: Anan Zhuang <[email protected]>

* [Map] Remove hardcoded AWS paths

Clean up temp aws paths in code base.
Add a configurable flag `showRegionBlockedWarning` into map plugin level config file.

Signed-off-by: Zuocheng Ding <[email protected]>

* [Docs] remove invalid reference in CONVENTIONS.md (#1110)

Removed missed reference in CONVENTIONS.md.

Issue related:
#1109

Signed-off-by: Kawika Avilla <[email protected]>

* Upgrades babel, storybook, and postcss (#1104)

* Upgrades dependencies to resolve react-dev-utils, browserslist, and
postcss CVEs.
* We have to stay on v6.3.x `@storybook` dependencies because of
storybookjs/storybook#16837. 6.3.x still
depends on older version of some of the `@babel` libraries.
* The `autoprefixer` upgrade removes the browserslist warning during the
build.
* `css-loader`, `postcss-loader`, `postcss` upgrades were required to
fix webpack errors. These upgrades contained a few breaking changes.
* Minor version bumps to `react-router`, `react-router-dom`, and
`styled-components` were done while troubleshooting bootstrap issues.

Resolves #1055
Resolves #1094
Resolves #1095

Signed-off-by: Tommy Markley <[email protected]>

* Bumps microsoft api-documenter and api-extractor (#1106)

Resolves #1063

Signed-off-by: Tommy Markley <[email protected]>

* Fixes incorrect license headers (#1131)

Resolves #1130

Signed-off-by: Tommy Markley <[email protected]>

* Fixes linting errors (#1115)

Signed-off-by: Tommy Markley <[email protected]>

* [Backwards Compatibility] update instructions in TESTING.md (#1030)

fix PR comments

Partially Resolved:
opensearch-project/opensearch-build#705

Signed-off-by: Anan Zhuang <[email protected]>

* [CI] upgrade to chromedriver 97 for github actions

Github virtual env upgraded chrome:
actions/runner-images#4861

Signed-off-by: Kawika Avilla <[email protected]>

* Disable WhiteSource check fails on commits/PRs (#1149)

* WhiteSource is not properly comparing scans against the latest changes
in `main`. This prevents the need to override checks to merge PRs for
those who don't have access (like the Dashboards Core members).
* Cleans up the WhiteSource config file. We don't need gradle,
maven, go, python, or ruby scans enabled.
* Replaces the deprecated `ignoreSourceFiles` config with
`fileSystemScan`.

Resolves #1150 

Signed-off-by: Tommy Markley <[email protected]>

* Bump parse-link-header from 1.0.1 to 2.0.0 (#1108)

Bumps [parse-link-header](https://github.com/thlorenz/parse-link-header) from 1.0.1 to 2.0.0.
- [Release notes](https://github.com/thlorenz/parse-link-header/releases)
- [Commits](thlorenz/parse-link-header@v1.0.1...v2.0.0)

---
updated-dependencies:
- dependency-name: parse-link-header
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Upgrades `hapi` from v17 to v20 (#1146)

* Bumping 3 major versions ahead introduces many breaking changes. Hapi
provides a detailed changelog: https://hapi.dev/resources/changelog
* v18 notes: hapijs/hapi#3871
* v19 notes: hapijs/hapi#4017
* Bumps `raw-loader` from v3.1.0 to v4.0.2 to address a bootstrap
warning. No breaking changes other than bumping Node.js to v10.
* Removes the `--no-deprecation` flag for the integration tests since
the newest version of hapi doesn't use the deprecated library.

Resolves #1070
Resolves #1073
Resolves #1076
Resolves #1088
Resolves #1090

Signed-off-by: Tommy Markley <[email protected]>

* [BUG] fix disableWelcomeScreen config (#1143)

disableWelcomeScreen was erroneously removed from being exposed to browser (for testing purposes)
and was not able to pass the config to disable the welcome screen showing.

Issue:
#1138

Signed-off-by: Kawika Avilla <[email protected]>

* [Tests] configurable skip checksum verification (#1207)

This enables configuring the skipping of checksum verification for
integration and functional tests. The out-of-box experience enables
tests to pull down an artifact of OpenSearch to run frontend tests
against. However, if there was an issue with the publishing of the
checksum, for example:
opensearch-project/opensearch-build#1497

Then any CI for OpenSearch Dashboards is severely blocked.

This lets the out-of-box experience get around this. This shouldn't
be used permenantly and should be toggled off when no longer blocked.

Issue resolved:
#1205

Signed-off-by: Kawika Avilla <[email protected]>

* Bump nanoid from 3.1.30 to 3.2.0 (#1173)

Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.30 to 3.2.0.
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.1.30...3.2.0)

---
updated-dependencies:
- dependency-name: nanoid
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Don't terminate the server on NodeDeprecationWarning (#1185)

The last AWS SDK for Javascript that supports Node 10 (v3.45.0) emits a NodeDeprecationWarning to indicate that Node 10
is no longer supported. Without this workaround, this crashes the OSD server, so it becomes impossible to interact with
other AWS services from within OSD (e.g., in a custom plugin) until the Node 14 upgrade is done.

Signed-off-by: Thilo-Alexander Ginkel <[email protected]>

* Removes KUI Generator and related dependencies (#1105)

* KUI is deprecated and we will not be adding new components.
* Removes all dependencies that are no longer used in the package.
* Updates the README to reflect the deprecation path.
* Removes the create and document component scripts as well as the
remaining references to generator-kui.

Resolves #1059
Resolves #1061

Signed-off-by: Tommy Markley <[email protected]>

* Bump markdown-it from 10.0.0 to 12.3.2 (#1140)

Bumps [markdown-it](https://github.com/markdown-it/markdown-it) from 10.0.0 to 12.3.2.
- [Release notes](https://github.com/markdown-it/markdown-it/releases)
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@10.0.0...12.3.2)

---
updated-dependencies:
- dependency-name: markdown-it
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix createStateContainerReactHelpers documentation (#1213)

Issues Resolved:
#1197

Signed-off-by: Thilo-Alexander Ginkel <[email protected]>

* Bumps `node-fetch` from v2.6.1 to v2.6.7 (#1169)

Resolves #1162

Signed-off-by: Tommy Markley <[email protected]>

* Removes deprecated `request` and `@percy/agent` (#1113)

* Addresses first set of dependencies that are upstream from
`[email protected]`. There is more work to do but a webpack upgrade is
required first.
* Replaces usage of `request` in integration tests with `tough-cookie`.
* `@percy/agent` is deprecated and is replaced by `@percy/cli`.
* Bumps `follow-redirects` to address CVE.
* Also removes unnecessary user management logic from functional tests.

Resolves #1133
Incremental change towards addressing #1066

Signed-off-by: Tommy Markley <[email protected]>

* [Bug] fix incorrect import for opensearch aggs (#1192)

Incorrect import statement that was introduced here:
#688

Verified other imports and the rest look fine.

Issue:
n/a

Signed-off-by: Kawika Avilla <[email protected]>

* Re-enable WhiteSource check fails on commits/PRs (#1226)

* WhiteSource seems to have resolved the previous bug, and we are still
able to merge even if the check fails.

Signed-off-by: Tommy Markley <[email protected]>

* Removes storybook package and related code (#1172)

In order to address potential licensing issues as well as resolve related CVEs, 
all storybook code is removed. The storybook features have been broken
since the fork and the work to fix everything was greater than removing it. 
Alternatives will be considered in the future.

Resolves #1130 
Resolves #1171

Signed-off-by: Tommy Markley <[email protected]>

* Run build and test workflow on all branches (#1222)

* Skips feature branches
* Use the `.nvmrc` file for the `node` version instead of a hard-coded
version.

Resolves #1023

Signed-off-by: Tommy Markley <[email protected]>

* Initial Drag and Drop plugin code (#946)

* Initial Drag and Drop plugin code

Signed-off-by: Ashwin Pc <[email protected]>

* Adds state management to Drag and Drop

Signed-off-by: Ashwin Pc <[email protected]>

* Moves Drag and Drop to create visualization menu

Signed-off-by: Ashwin Pc <[email protected]>

* Field Search in Data panel  (#995)

Add ability to search on index fields
Signed-off-by: Abbas Hussain <[email protected]>

Co-authored-by: Kawika Avilla <[email protected]>
Co-authored-by: Sean Neumann <[email protected]>
Co-authored-by: Zuocheng Ding <[email protected]>
Co-authored-by: Anan <[email protected]>
Co-authored-by: Tommy Markley <[email protected]>
Co-authored-by: Zelin Hao <[email protected]>
Co-authored-by: Bishoy Boktor <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thilo-Alexander Ginkel <[email protected]>
Co-authored-by: Abbas Hussain <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cve Security vulnerabilities detected by Dependabot or Mend high severity High severity CVE Mend: dependency security vulnerability Security vulnerability detected by Mend v2.0.0
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant