FIX: update qs version

[derek-ho]

Signed-off-by: Derek Ho [email protected]

Description

[Describe what this change achieves]

Issues Resolved

CVE-2022-24999

Check List

• New functionality includes testing.
  • All tests pass, including unit test, integration test and doctest
• New functionality has been documented.
  • New functionality has javadoc added
  • New functionality has user manual doc added
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[mengweieric]

Did you run cypress tests on 1.3? Seems like we are upgrading from 6.5.2 to 6.10.3 which has a 5 minor versions change.

[derek-ho]

Did you run cypress tests on 1.3? Seems like we are upgrading from 6.5.2 to 6.10.3 which has a 5 minor versions change.

@mengweieric a good call out... I have never ran cypress before -> I'm getting a few failures locally, is that expected? Does that happen even on 2.x? Are cypress tests flaky? We may want to hold off on merging this if not....

[mengweieric]

Did you run cypress tests on 1.3? Seems like we are upgrading from 6.5.2 to 6.10.3 which has a 5 minor versions change.

@mengweieric a good call out... I have never ran cypress before -> I'm getting a few failures locally, is that expected? Does that happen even on 2.x? Are cypress tests flaky? We may want to hold off on merging this if not....

Could be flaky tests, what are those failed? 1.3 branch should have all cypress tests passed.

[derek-ho]

Did you run cypress tests on 1.3? Seems like we are upgrading from 6.5.2 to 6.10.3 which has a 5 minor versions change.

@mengweieric a good call out... I have never ran cypress before -> I'm getting a few failures locally, is that expected? Does that happen even on 2.x? Are cypress tests flaky? We may want to hold off on merging this if not....

Could be flaky tests, what are those failed? 1.3 branch should have all cypress tests passed.

@mengweieric tests are still running... a few examples:
3) Saves a query on explorer page
Saves a query on event tab of explorer page:
AssertionError: Timed out retrying: Expected to find content: 'Mock Flight Events Overview' within the element: <button.euiLink.euiLink--primary> but never did.
at Context.eval (http://localhost:5601/__cypress/tests?p=.cypress/integration/1_event_analytics.spec.js:289:73)

4. Saves a query on explorer page
   Saves a visualization on visualization tab of explorer page:
   AssertionError: Timed out retrying: Expected to find content: 'Mock Flight count by destination' within the element: <button.euiLink.euiLink--primary> but never did.
   at Context.eval (http://localhost:5601/__cypress/tests?p=.cypress/integration/1_event_analytics.spec.js:304:73)

5. Saves a query on explorer page
   Saves a visualization to an existing panel:
   AssertionError: Timed out retrying: Expected to find element: input[value="Mock Testing Panels"], but never found it.
   at Context.eval (http://localhost:5601/__cypress/tests?p=.cypress/integration/1_event_analytics.spec.js:321:8)

Failed 5 for event analytics, 6 for notebooks so far. I can't tell if they're flaky or something changed in the code?

[rupal-bq]

you can use qs 6.5.3 for this CVE. Fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4
Ref: https://www.cve.org/CVERecord?id=CVE-2022-24999

[joshuali925]

i think this is not necessary, ~ doesn't restrict patch version, but it's ok

[opensearch-trigger-bot]

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.x 1.x
# Navigate to the new working tree
cd .worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-1316-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 b56ff10d138fc41aeb734bcd1457f8e9ebab8e78
# Push it to GitHub
git push --set-upstream origin backport/backport-1316-to-1.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-1316-to-1.x.