Dependency Updates

[kaituo]

Description

This PR includes updates to several dependencies in order to address known Common Vulnerabilities and Exposures (CVEs). The following dependencies have been updated:

• axios
• minimist
• moment
• minimatch

It's worth noting that the updated versions were determined based on the analysis of CVE scopes (the range of affected versions) and by referring to working versions used in other repositories or branches. The following sources were consulted:

alerting-dashboards-plugin
opensearch-js
anomaly-detection-dashboards-plugin
OpenSearch-Dashboards

Testing:

• did basic e2e smoke testing.

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov-commenter]

Codecov Report

Merging #463 (54dd6c1) into 1.3 (0113155) will not change coverage.
The diff coverage is n/a.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@           Coverage Diff           @@
##              1.3     #463   +/-   ##
=======================================
  Coverage   45.91%   45.91%           
=======================================
  Files         150      150           
  Lines        4957     4957           
  Branches      956      956           
=======================================
  Hits         2276     2276           
  Misses       2463     2463           
  Partials      218      218           

[kaituo]

Cypress tests failed:

[email protected] postinstall /home/runner/work/anomaly-detection-dashboards-plugin/anomaly-detection-dashboards-plugin/opensearch-dashboards-functional-test/node_modules/cypress
node index.js --exec install

Note: Overriding Cypress cache directory to: /home/runner/.cache/Cypress

  Previous installs of Cypress may not be found.

Cypress 5.6.0 is installed in /home/runner/.cache/Cypress/5.6.0

added 224 packages in 396.097s
/opt/hostedtoolcache/node/10.24.1/x64/bin/npx cypress cache list
┌─────────┬───────────────┐
│ version │ last used │
├─────────┼───────────────┤
│ 12.11.0 │ 7 minutes ago │
├─────────┼───────────────┤
│ 5.6.0 │ 7 minutes ago │
└─────────┴───────────────┘
Using custom test command: yarn run cypress run --env SECURITY_ENABLED=false --spec cypress/integration/plugins/anomaly-detection-dashboards-plugin/.js
run tests command "yarn run cypress run --env SECURITY_ENABLED=false --spec cypress/integration/plugins/anomaly-detection-dashboards-plugin/.js"
current working directory "/home/runner/work/anomaly-detection-dashboards-plugin/anomaly-detection-dashboards-plugin/opensearch-dashboards-functional-test"
/opt/hostedtoolcache/node/10.24.1/x64/bin/yarn run cypress run --env SECURITY_ENABLED=false --spec cypress/integration/plugins/anomaly-detection-dashboards-plugin/.js
yarn run v1.21.1
$ /home/runner/work/anomaly-detection-dashboards-plugin/anomaly-detection-dashboards-plugin/opensearch-dashboards-functional-test/node_modules/.bin/cypress run --env SECURITY_ENABLED=false --spec 'cypress/integration/plugins/anomaly-detection-dashboards-plugin/.js'
Cypress could not verify that this server is running:

http://localhost:5601

We are verifying this server because it has been configured as your baseUrl.

Cypress automatically waits until your server is accessible before running tests.

We will try connecting to it 3 more times...
We will try connecting to it 2 more times...
We will try connecting to it 1 more time...

Cypress failed to verify that your server is running.

Please start this server and then run Cypress again.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
Error: The process '/opt/hostedtoolcache/node/10.24.1/x64/bin/yarn' failed with exit code 1

This starts failing since last December: https://github.com/opensearch-project/anomaly-detection-dashboards-plugin/commits/1.3

Will not fix and use manual test to cover instead.

[ohltyler]

LGTM!

[amitgalitz]

I see the integ test failures are the same as when I made the updates here: #452. Are you suggesting pushing anyway as you think its unreleated?

[kaituo]

I see the integ test failures are the same as when I made the updates here: #452. Are you suggesting pushing anyway as you think its unreleated?

found the error:
FATAL Error: Failed to initialize plugins:
Plugin “anomalyDetectionDashboards” is only compatible with OpenSearch Dashboards version “1.3.9", but used OpenSearch Dashboards version is “1.3.10”. (incompatible-version, /home/runner/work/anomaly-detection-dashboards-plugin/anomaly-detection-dashboards-plugin/OpenSearch-Dashboards/plugins/anomaly-detection-dashboards-plugin/opensearch_dashboards.json)

let me increment ad dashboard version to 1.3.10

[kaituo]

Remote integ tests still failed when running OpenSearch with plugin:

• What went wrong:
  Could not determine the dependencies of task ':run'.

Can't get https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/1.3.10/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-job-scheduler-1.3.10.0.zip to /home/runner/work/anomaly-detection-dashboards-plugin/anomaly-detection-dashboards-plugin/anomaly-detection/src/test/resources/job-scheduler/opensearch-job-scheduler-1.3.10.0.zip

[kaituo]

@amitgalitz Won't be able to fix now as job scheduler 1.3.10 zip is not available. Please see above.

[amitgalitz]

thanks for also updating to 1.3.10