-
Notifications
You must be signed in to change notification settings - Fork 896
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Scripted fields with the name "constructor" cause issues #1777
Comments
@jgough Thanks for the detailed reproduction steps, I reproduced the 2.0 behavior. Is it actually necessary to support |
I personally feel it's not essential to support it, but it seems odd that the code is done in a way that means some field names just aren't permitted here. What other reserved property names might cause collisions here? It would at least be good to give a warning when trying to use a reserved name. I stumbled across this one by accident, genuinely trying to use that as a field name. Took a while to figure out what was going on and that I didn't have a bug in my script! A warning would have helped here. |
Oh, yeah, I totally agree that it's an annoying and surprising bug. Whichever way we go, we'll want to solve for all currently reserved properties or names (because I also suspect that there are others). |
[Triage]: We should do the validation and prevent this. |
Do we have an ECD for fixing this bug ? |
Hey @ZilongX, the current plan for this is to prevent users from setting a reserve word. It might still fail for existing items. |
Thanks @kavilla , do we have a detailed list of reserved words or maybe a regex checking that customer should avoid using ? |
To me, it sounds like OpenSearch should ultimately validate and not accept these and if OpenSearch accepts them, Dashboards should honor them. While it would be nice for Dashboards to do validations too, I don't think it fits the long-term plans. |
Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. Related issue: opensearch-project#1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. Related issue: opensearch-project#1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
I have created a PR that we can backport to 1.x branch, however the second part of this issue I believe we can create another issue. It would appear it is more so a bug (along with other bugs) in the Discover window that prevents certain code from performing as expected. As we are targeted to rewrite the Discover page due to it being in Angular I believe we should create a separate issue to track this bug. Wdyt @ananzh |
Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. Related issue: opensearch-project#1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
I tagged it with |
Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. Related issue: opensearch-project#1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: opensearch-project#1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: #1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: #1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit 1a82ae3) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: #1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit 1a82ae3) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: #1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit 1a82ae3) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: #1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit 1a82ae3) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com>
…ject#2992) Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: opensearch-project#1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>
* Fixes folder timestamps being updated before copying files into them (#2964) * When updating the timestamps were requested, scanCopy first set the times and then copied content into the destination folder. On certain platforms, copying files into a folder updates its "Last Access Time" and that overwrites the just set timestamps. This PR, makes sure the timestamps are set only after copying the content. Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Fixes incorrect validation of time values in JUnit Reporter (#2965) Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Windows] Make `yarn pkg-version` work across platforms (#2963) * Makes `yarn pkg-version` work across platforms Signed-off-by: Miki <amoo_miki@yahoo.com> * Makes `yarn pkg-version` work across platforms Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Add Windows CI to the workflow (#2966) Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Makes tests covering plugin installation on cluster snapshots work across platforms (#2994) Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Bump loader-utils from 2.0.3 to 2.0.4 (#2892) Bumps [loader-utils](https://github.com/webpack/loader-utils) from 2.0.3 to 2.0.4. - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md) - [Commits](https://github.com/webpack/loader-utils/compare/v2.0.3...v2.0.4) --- updated-dependencies: - dependency-name: loader-utils dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Corrects the usage of leaflet-vega parameters (#3005) Fixes #2996, #2353 - Bump `leaflet-vega` to `^0.9.0` - they merged in our upstream PR and made a release - Fix the parameter name for passing `vega.parse` options. Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Add @manasvinibs as maintainer (#3006) Basic data points [OSD] 16 submitted PRs (https://github.com/opensearch-project/OpenSearch-Dashboards/pulls/manasvinibs) [OSD] 74 reviewed PRs (https://github.com/opensearch-project/OpenSearch-Dashboards/issues?q=reviewed-by%3Amanasvinibs) [OSD] 28 issues involved (https://github.com/opensearch-project/OpenSearch-Dashboards/issues?page=1&q=involves%3Amanasvinibs+is%3Aissue) Highlight Mana is assisting with extensions project which will be the next evolution of extending core functionality from OpenSearch Dashboards Mana implemented https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2734 which allows for a huge quality of life for local development for external plugin developers to utilize snapshots with a single CLI command compared to before when they would had to pull down OpenSearch build, install their plugin on OpenSearch, and ensure the proper configurations. This has caused historically problems when plugin teams do development and miss some steps per their onboard documentation/PR suggestion and get different results than expected. Mana has assisted reviewing PRs providing great insight on BWC tests, BWC in general, and the release process. Mana has added documentation from insight she has gained within the informal dev doc repo https://cptnb.github.io/opensearch-dashboards-dev-docs/ ensuring the spread of knowledge. Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Vis Builder] Add global data persistence for vis builder (#2896) * Add global data persistence for vis builder Persist filters, time range, time refresh interval for vis builder when we refresh or navigate to other apps such as dashboard, discover, timeline and visualize Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Automates chromedriver version selection for tests (#2990) Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Fixes `no-restricted-path` false-positives when `allowSameFolder` is true (#3020) `no-restricted-paths` compares source files and import statements, and their membership in restricted zones. However, when `allowSameFolder` is true, it failed to remove a trailing slash before validation which results in a false-positive. Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Doc] Add readme for global query persistence (#3001) Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [MD] Feature test connection (#2973) * test connection intial code Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * error handling Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * refactor Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * removing get cluster info dependency Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * refactor test connection Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * adding test cases and test connection on edit datasource Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * adding changelog comment Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * fixing bug on edit datasource page Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * refactor based on PR comments Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Chore] Add release notes for 1.3.7 (#3066) Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Chore] Add 2.4.1 release notes (#3070) * [Chore] Add 2.4.1 release notes Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Table Visualization][BUG] Fix Url content display (#2918) Currently, the new table can not format Url. If we set to use URL format in index pattern field, table will display it as string. In this PR, we switch the format from string to html. To make html understandable by react as a DOM element, we use dangerouslySetInnerHTML to transform it. For the security, since the content is not from random input but fetched from stored data, we should be safe as long as data is not messed. To provide more security protection, we also add dompurify package to sanitize the html content. Issue Resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2905 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Tests] Bumps `chromedriver` to v107 (#3017) * Removes manual resolution of `axios`. Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Removes minimatch manual resolution (#3019) * The minimatch resolution was no longer necessary after the upstream library that depended on v3.0.4 was removed in #2711. Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Bumps simple-git from 3.4.0 to 3.15.0 (#3036) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Co-authored-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Fix boktorbb alias. (#3085) Signed-off-by: dblock <dblock@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Bump decode-uri-component from 0.2.0 to 0.2.2 (#3009) Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2) --- updated-dependencies: - dependency-name: decode-uri-component dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [MD] Update url in tests to follow lychee url allowlist (#3099) Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Infrastructure] Add `untriaged` label to issues workflow (#3073) Credit to Peter Nied <petern@amazon.com> via https://github.com/opensearch-project/.github/pull/111 Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Update console to use core.http instead of jQuery.ajax (#3080) * Update console to use core.http instead of jQuery.ajax Signed-off-by: Yan Zeng <zengyan@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Maintenance] Exempt feature branches from changelog verification workflow (#3123) Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Gets rid of `github-checks-reporter` (#3126) Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Updates NOTICE file, adds validation to GitHub CI (#3051) * Aligns NOTICE with rules outlined in https://github.com/opensearch-project/.github/issues/21. * Adds NOTICE validation to the build and test workflow. * Fixes product name discrepancies between repository NOTICE file and the generated NOTICE file for the build. * Skips template-izing the build and test workflow since that's being worked on in #2991. Resolves #765 Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Doc] Add current plugin persistence implementation readme (#3081) * readme Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Add readme for current plugin data persistence implementation Added readme in root level doc folder Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Changelog and minor fixes Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * some modifications Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Table Visualization] Replace table visualization with React and DataGrid (#2863) * [Table Visualization] Replace table visualization with React and DataGrid In this PR, we add back functions to make new table usage to be consistent with the replaced one. * total function * percentage column * filter in/out Meanwhile, we also add back server. Functional tests are removed. We will add new functional test in opensearch-dashboards-functional-test repo. We also clean out some legacy codes. Issue Resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2855 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * add some data-test-subj and fix PR comments Signed-off-by: Anan Zhuang <ananzh@amazon.com> * Fix PR comments and add unit tests Signed-off-by: Anan Zhuang <ananzh@amazon.com> * remove listenOnChange Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [CVE] Update package info and changelog for loader-utils bump to 2.0.4 fixing CVE-2022-37599 and CVE-2022-37603 (#3031) Signed-off-by: Zilong Xia <zilongx@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Fixes misleading embeddable plugin error message (#3043) Resolves #1479 Resolves #3083 Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Vis Builder] Add redux store persistence (#3088) * add redux store persistence implement persistence without using state container or state sync utils, and it works with both the URL and session storage. Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * changelog and rebase Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Console log the error Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * rebase and changelog Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * add unit tests Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Adds config override to fix obsolete theme:version config value of v8 (beta) rendering issue (#3045) Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Adds retrying flaky jest tests (#2967) Signed-off-by: Miki <amoo_miki@yahoo.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [MD] Improve test connection (#3110) Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Bump node version from 14.20.0 to 14.20.1 to resolve CVE-2022-35256 (#3166) * Bump node version from 14.20.0 to 14.20.1 to resolve CVE-2022-35256 Signed-off-by: Zilong Xia <zilongx@amazon.com> * Update the PR number in CHANGELOG Signed-off-by: Zilong Xia <zilongx@amazon.com> Signed-off-by: Zilong Xia <zilongx@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [CI] update yarn timeout for GitHub workflow on Windows (#3118) Yarn 1.x seems to have an issue with timing on windows and mac when running. Source: https://github.com/yarnpkg/yarn/issues/8242#issuecomment-776561223 Increase timeout for Windows only. Issue: n/a Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Updated MAINTAINERS.md to match recommended opensearch-project format. (#3180) Signed-off-by: dblock <dblock@amazon.com> Signed-off-by: dblock <dblock@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [CI] Record functional test artifacts in case of failure (#3190) Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Increase timeout waiting for the exiting of an optimizer worker (#3193) Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [CI] Improve yarn's performance in workflows by caching yarn's cache folder (#3194) Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Vis Builder] Add app filter and query persistence without using state container (#3100) * connect without container Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Query and filter persistence working Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Rebase and changelog Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Simplify filter management Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * change function name Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * add unit test for function connect storage to query Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * changelog change Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * add comments and functional documentation in readme Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * add more documentation in data persistence readme about vis builder persistence Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * error handling Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * add function definition in data plugin api doc Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * document and comments Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * test (#3197) Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Update json5 to 1.0.2 and 2.2.3 (#3201) * Update json5 to 1.0.2 and 2.2.3 Signed-off-by: Matt Provost <provomat@amazon.com> * Update changelog Signed-off-by: Matt Provost <provomat@amazon.com> Signed-off-by: Matt Provost <provomat@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Chore] Add `vega-lite` v5 dependency and bundle from source (#3076) * [Chore] Add vega-lite v5 dep and bundle from source - Add vega-lite@^5.6.0 dependency - Update webpack config to build `vega-lite` from typescript source to target es5 - Add babel plugin for logical assignment operators - Selectively import only the vega-lite modules used - Update vega_parser tests Co-authored-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> * [Chore] Update vega-lite defaults and tests to v5 - Add test case for older vega-light spec parsing - Update default schema version in default spec, test specs, mocked saved objects - Fix indentation of comments in default spec - Update jest mock imports to use `vega-lite` Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Feature] Allow order control in `createAggConfig` (#3160) * [Feature] Allow order control in `createAggConfig` Add new optional boolean param that adds the new `AggConfig` to the beginning of the array rather than the end. Makes it easier to work with Pie or other visualizations with `Schemas` that set `mustBeFirst` Signed-off-by: Josh Romero <rmerqg@amazon.com> * [Chore] Add changelog Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [VisBuilder] Adds field unit tests (#3211) * Adds field tests Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds changelog Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Fix bug that prevents selected join field to be used (#3213) Remove setting join field even if it is already set. Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com> Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [VisBuilder] fixes filters for table visualisation (#3210) * fixes table vis for filter aggregation types Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Fixes filter and add error boundry Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds changelog Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [VisBuilder] Fixes pipeline aggs (#3137) * fixes pipeline aggs in visbuilder Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * adds changelog Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds unit tests Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * fixes pipeline aggs in visbuilder Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * adds changelog Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds unit tests Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * fixes unit tests Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Add v2.5.0 release notes (#3234) * Add v2.5.0 release notes Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> * Adds aliased vega-lite v5 dependency to the notes #3151 Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> * Address feedback comments Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> * Add #3197 to notes Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> * Address feedback comments Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> * Address feedback comments Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> * Address feedback comments Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [MD]Update test connection button text (#3247) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Update text and include new changes in the release notes 2.5.0 (#3251) Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Chore] fix comment typo (#3239) Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Docs] Fix documentation link for date math (#3207) - Add new documentation link - move from `noDocumentation` to `opensearch` fixes #2849 Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Fix detection of Chrome's version on Darwin (#3296) Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Maintenance] Bumps `re2` and `supertest` (#3018) * Removes manual resolution on `qs`. The latest version of `supertest` depends on v6.11.0. * Adds steps for upgrading `re2`. * Addresses CVE-2022-24999 (no issue opened) Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Add disablePrototypePoisoningProtection configuration (#2992) Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [CVE-2022-25860] Bumps simple-git from 3.15.1 to 3.16.0 (#3345) Issue Resolved https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3329 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Add 1.3.8 release notes (#3367) * Create 1.3.8 release notes Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com> * Remove unused tags Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com> * Remove old changelog Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com> * Fix typo Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com> * Address comments Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com> * Add PRs Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com> * Remove unreleased PR Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com> * Remove unreleased PR Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com> --------- Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Add BWC tests for 2.6.0 (#3356) Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Prevent primitive linting limitations from being applied to unit tests found under `src/setup_node_env` (#3403) Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Security] Bumps hapi/statehood to 7.0.4 (#3411) Bump hapi/statehood to 7.0.4 to solve security concerns. Issue Resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3406 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [CVE-2022-25881] Resolve http-cache-semantics to 4.1.1 (#3409) Signed-off-by: Su <szhongna@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [CVE-2023-25166] Bump formula to 3.0.1 (#3416) * [CVE-2023-25166] Bumps formula to 3.0.1 Signed-off-by: Su <szhongna@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Add new ui setting for size (#3399) Introduce new ui setting for custom vector map's size parameter. The default value is 1000. Users can increase this limit by updating this value in Advanced Settings. Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [search telemetry] Fixes search telemetry's observable object that won't be GC-ed (#3390) The search telemetry was disabled by default, there is a issue when search telemetry read configuration and creates an Observable object that won't be GC-ed. Signed-off-by: Tao Liu <liutaoaz@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Corrects NOTICE file copyright date range (#3308) * Corrects NOTICE file copyright date range * Follow-up on #3051 Resolves #765 Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> * Update CHANGELOG.md Co-authored-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Co-authored-by: Zhongnan Su <szhongna@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358 (#3359) * Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> --------- Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Added untriaged issue workflow. (#3427) * Created untriaged issue workflow. Signed-off-by: dblock <dblock@amazon.com> * Remove existing untriaged workflow with wrong name Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: dblock <dblock@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [MD] Support SigV4 as a new auth type of datasource (#3058) * [Multiple DataSource] Add support for SigV4 authentication Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Allow relaxing the Node.js runtime version requirement (#3402) With this change, the `engines.node` of `package.json` need not be a fixed version; it can be a range using a subset of formats defined by `semver`. A very limited subset of what [semver](https://github.com/npm/node-semver/blob/cb1ca1d5480a6c07c12ac31ba5f2071ed530c4ed/README.md#ranges) supports has been added; only a single comparator, composed of an operator and a version, is supported. The supported operators are * `>` Greater than * `>=` Greater than or equal to * `=` Equal * `~` Tilde ranges: Allows patch changes if a minor version is specified but if only a major version is specified, it allows minor changes. * `^` Caret ranges: Allows patch and minor updates when major is non-zero (and we will never have that). If no operator is specified, equality is assumed. Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [CVE-2023-25653] Bump node-jose to 2.2.0 (#3445) Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Upgrade yarn version to be compatible with @openearch-project/opensearch (#3443) * upgrade yarn version to 1.22.10 to be compatible with @openearch-project/opensearch Signed-off-by: Derek Ho <dxho@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Make build scripts find and use the latest version of Node.js that satisfies `engines.node` (#3467) * While building distributables, Node.js runtime is downloaded to be placed in the archivea. This logicwas modified to honor a range for `engines.node` by fetching the latest release of Node.js that satisfied the range. * Some tests covering the build, read a version from `.node-version` to compare with the results of actual function runs; these were changed to either use mocked values or honor the range and use the latest Node.js version. * Some variable and functions referred to `engines.node` as a version; they were corrected to call it a range. Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Relax Node.js version to `^14.20.1` and bump `.nvmrc` to `v14.21.3` (#3463) * `engines.node` is relaxed from `14.20.1` to `^14.20.1`: yarn and OSD will allow versions 14.20.1 or greater, but less than 15, to be used but do not impose upgrading to avoid being a breaking change. Users will be able to install any version of Node.js that satisfies `^14.20.1`, moving ahead without waiting for a change in OSD when new versions are released. * `.nvmrc` is bumped to the latest security patch: `14.21.3` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [MD] Integrate test connection to support SigV4 auth type (#3456) Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Add 2.6 release note (#3484) * a Signed-off-by: Anan Zhuang <ananzh@amazon.com> * Add 2.6 release note Signed-off-by: Anan Zhuang <ananzh@amazon.com> * Update release-notes/opensearch-dashboards.release-notes-2.6.0.md Co-authored-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * docs(DEVELOPER_GUIDE): Make getting started comprehensive and reorganize (#3421) * docs(DEVELOPER_GUIDE): Make getting started comprehensive and reorganize Enhance getting started guide for new contributors - Add key technology breakdown with links to code guidelines - Add robust prerequisite guide - Clarify forking workflow - Explain bootstrapping - Distinguish between recommended and optional/alternative steps - Add OS-specific guidance - Add tarball usage instructions Make other developer guide improvements: - Update TOC - Remove callout linking to EUI docs - Reorder code guidelines - Standardize header capitalization and make usage guide headers imperative fixes #3396 Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [BUG][TSVB] Fix serial diff agg link (#3503) Doc link was invalid and causing an undefined error. This prevented the UI from mounting properly. Issue(s) resolved: * https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3498 * https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3327 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Remove the unused `renovate.json5` file (#3489) Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Docs] fix typo in TSVB README (#3518) Fixes a small typo in TSVB README.md file. Issue: n/a Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Update caniuse to fix failed integration tests (#3538) Ran npx browserslist@latest --update-db to update caniuse package so the integration tests will pass. Issue: n/a Will be fixed in: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2329 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [CVE-2023-26486][CVE-2023-26487] Bump vega from 5.22.1 to 5.23.0 (#3533) Bump vega from 5.22.1 to 5.23.0. This will also bump vega-function from 5.13.0 to 5.13.1. Issue Resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3526 https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3525 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * [Dev] enable `opensearch snapshot` for Darwin (#3537) Enable the downloading of Darwin for running the command `yarn opensearch snapshot`. Darwin is not officially supported but snapshots are being built here: https://build.ci.opensearch.org/job/distribution-build-opensearch/ Issue resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2944 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Simplifies `re2` upgrade instructions (#3328) * Follow-up from #3018 Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> * Point in time management plugin and empty state (#2813) * point in time management plugin and empty state Signed-off-by: Ajay Gupta <ajyg@amazon.com> * updated to new license header Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [Vis Builder] Rename wizard on save modal and visualization table (#2645) * Rename wizard on save modal and visualization table Change the wizard reference in save modal title, toggle and visualization table Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Save visualization on save modal, VisBuilder for chart type Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * No experimental flag Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [@osd/cross-platform] Adds cross-platform helpers (#2681) Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Change save object type, wizard id and name to visBuilder (#2673) * Change save object type, wizard ID and Name to visBuilder Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Rename wizard in functional tests Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Finalize plugin-id and plugin-name and saved-object-type Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Change official name to VisBuilder Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Delete migration Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Fix functional test Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> * Update snapshot Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 (#2689) * [CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 Signed-off-by: Zilong Xia <zilongx@amazon.com> * Update CHANGELOG.md Signed-off-by: Zilong Xia <zilongx@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Add extension point in saved object management to register namespaces and show filter (#2656) * Create filter registry for saved object management to make filters extensible Signed-off-by: Craig Perkins <cwperx@amazon.com> * WIP on making fetchCounts generic Signed-off-by: Craig Perkins <cwperx@amazon.com> * First step at making scroll_counts generic Signed-off-by: Craig Perkins <cwperx@amazon.com> * Work on getting other filter counts with same object count endpoint Signed-off-by: Craig Perkins <cwperx@amazon.com> * Get tenant count options to display Signed-off-by: Craig Perkins <cwperx@amazon.com> * Extend find to work with namespaces for saved objects Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add missing filterFields Signed-off-by: Craig Perkins <cwperx@amazon.com> * Update jest tests Signed-off-by: Craig Perkins <cwperx@amazon.com> * Update saved_objects_table snapshot Signed-off-by: Craig Perkins <cwperx@amazon.com> * Append index to id to make unique Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add semi-colon Signed-off-by: Craig Perkins <cwperx@amazon.com> * Fix saved objects table tests with new id scheme Signed-off-by: Craig Perkins <cwperx@amazon.com> * Only append idx on config type to ensure Advanced Settings have a unique id across tenants Signed-off-by: Craig Perkins <cwperx@amazon.com> * Remove itemsClone in favor of showing only Advanced Settings of current tenant Signed-off-by: Craig Perkins <cwperx@amazon.com> * Revert snapshots in table.test.tsx Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add additional parse_query test Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add comma Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create namespaceRegistry to decouple security dashboards plugin and osd core Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add ability to register an alias Signed-off-by: Craig Perkins <cwperx@amazon.com> * Update parse query and add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Remove commented out code Signed-off-by: Craig Perkins <cwperx@amazon.com> * Address code review comments Signed-off-by: Craig Perkins <cwperx@amazon.com> * Override i18n if alias is regitered Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Removed Leftover X Pack references #2517 (#2638) x-pack references in the code are removed as per the given files in #2517 Issue Resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2517 Signed-off-by: vimal K <vimalinfo10@gmail.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Revert "[@osd/cross-platform] Adds cross-platform helpers (#2681)" (#2694) This reverts commit 887093d2d243045029b644680a3e8d0150318143. Now that downstream plugins and projects are unblocked from builds, we want to make these changes following our standard processes and automated checks Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [MD] Add design documents of multiple data source feature (#2538) * Add MD design documents, including high level design, user stories, client management detailed design Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Adds @osd/cross-platform (#2703) * Adds helper functions, @osd/cross-platform, to work around the differences of platforms Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [MD]Update MD data source documentation link (#2693) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Add `Skip-Changelog` label to skip changelog verification on certain PRs (#2726) Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Enable visbuilder by default (#2725) * Enable visbuilder by default Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds changelog entry Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [Save Object Aggregation View] Fix for export all after scroll count response changed in PR#2656 (#2696) * Fix for filterSavedObjectCounts for namespaceRegistry Signed-off-by: Craig Perkins <cwperx@amazon.com> * Fix saved_objects_table.test.tsx Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Correct reference to namespacesToInclude Signed-off-by: Craig Perkins <cwperx@amazon.com> * Use filteredTypeCounts Signed-off-by: Craig Perkins <cwperx@amazon.com> * Use namespaces similar to types for fetchObjects Signed-off-by: Craig Perkins <cwperx@amazon.com> * Use _all to represent query for all namespaces Signed-off-by: Craig Perkins <cwperx@amazon.com> * Pass all registered namespaces Signed-off-by: Craig Perkins <cwperx@amazon.com> * Switch back signature of scroll_count Signed-off-by: Craig Perkins <cwperx@amazon.com> * Change countOptions to options Signed-off-by: Craig Perkins <cwperx@amazon.com> * Use not not instead of in Signed-off-by: Craig Perkins <cwperx@amazon.com> * Filter namespaces to only include namespace that have been registered Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add filterQuery with tests Signed-off-by: Craig Perkins <cwperx@amazon.com> * Update license headers and address review comments Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Update backport workflow to ignore changelog conflicts (#2729) Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Tweak multiple data source design doc (#2724) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [Chore] Refactor and improve Discover field summaries (#2391) * [Chore] Refactor and improve field summaries * Convert to typescript * Fix types * Add tests Signed-off-by: Josh Romero <rmerqg@amazon.com> * [Test] Update functional test Groups are now naturally sorted by key, which requires selecting a different date filter Signed-off-by: Josh Romero <rmerqg@amazon.com> * [Chore] Add changelog entry Signed-off-by: Josh Romero <rmerqg@amazon.com> * [Chore] Refactor columns passing, fix bugs * pass columns explicitly as props * fix branding in core mocks * fix `toBeUndefined()` usage in tests * remove leftover comment * fix test subject * condense types Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Removes Add Integration button (#2723) * Removes Add Integration button Issue Resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2684 Signed-off-by: Bandini Bhopi <bandinib@amazon.com> * Adds changelog entry Signed-off-by: Bandini Bhopi <bandinib@amazon.com> Signed-off-by: Bandini Bhopi <bandinib@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Prevent backport workflow from running on umerged PRs (#2746) Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [Vis Builder] Enable VisBuilder cypress tests (#2728) * Enable VisBuilder cypress tests Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Adds changelog and fix env Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> * Run all tests Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [CI] update backport custom branch name (#2766) GitHub action for backporting got updated to change custom branch to head template. This was causing issues in clean up and skipping steps. Issue: n/a Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [Legacy Maps Plugin] Prevent reverse-tabnabbing (#2540) Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * change geckodriver version to make consistency (#2772) * change geckodriver version to make consistency Issue Resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2771 Signed-off-by: Anan Zhuang <ananzh@amazon.com> * combine https-proxy-agent in yarn.lock Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [Vis Builder] Add an experimental table visualization in vis builder (#2705) * [Vis Builder] Add an experimental table visualization in vis builder In this PR, we hook up an experimental table vis in vis builder. This table vis is a refactor of previous table. It is written in React and DataGrid component. In this PR, we did two main things: * add an experimental table visualization * enable it in vis builder Issue Resolved (hook up table in vis builder): https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2704 The experimental table vis has all the features from current table, including * restore table vis in react using a Datagrid component * datagrid component does not support splitted grids. For future transfer to OUI Datagrid, we create a tableGroup in visData for splitted grids. * restore basic pagenation, sort and format. * implement datagrid columns * display column title correctly * deangular and re-use formatted column * convert formatted column to data grid column * restore filter in and filter out value functions * format table cell to show Date and percent * restore showTotal feature: it allows table vis to show total, avg, min, max and count statics on count * restore export csv feature to table vis * split table in rows and columns Beside of restoring original features, there are some changes: * [IMPROVE] remove repeated column from split tables Currently, when we split table by columns, the split column is shown both in the table title and as a separate column. This is not needed. In this PR, we remove the repeated column in split tables in col. * [NEW FEATURE] adjustable table column width In the new table visualization, customer can adjust the column width as needed. Issue Resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2212 https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2213 https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2305 https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2379 https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2579 Since this is a hookup PR, we remove un-used table vis types and options because they could be defined in vis builder. We also create follow up issues for some un-resolved PR comments. Signed-off-by: Anan Zhuang <ananzh@amazon.com> * remove unused scss tyle Signed-off-by: Anan Zhuang <ananzh@amazon.com> * remove total func and percentage col total func and percentage col are two features that we might need to remove or re-invent for future table vis. For hookup purpose, it doesn't make sense to include some features that we would like to remove. this PR removes total func and percentage col in both table vis and vis builder Signed-off-by: Anan Zhuang <ananzh@amazon.com> * comment out cellActions currently filter in/out cell doesn't function in vis builder. we will coumment out cell actions for now. Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Security-CVEs fixes guidelines (#2674) * Security-CVEs fixes guidelines Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> * styling Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> * add example Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> * add documention Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [MD] Update default audit log path (#2793) - Fix the /tmp path issue seen on windows platform. - Change audit log to disable by default. Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * [Vis Builder] Add field summary popovers (#2682) * [Vis Builder] Add field summary popovers Much of the functionality was ported from `Discover`, but largely refactored. * Add utilities to get sampled hit summaries by field * Add popover summaries * Slight refactor of special `Count` pseudofield * Use observable subscription to update sampled hits Fixes #950 Signed-off-by: Josh Romero <rmerqg@amazon.com> * [Vis Builder] Add additional unit tests Signed-off-by: Josh Romero <rmerqg@amazon.com> * [VisBuilder] Update naming of summary field components Signed-off-by: Josh Romero <rmerqg@amazon.com> * [VisBuilder] Avoid prop passing by extracting custom hooks - refactor meta field identification Signed-off-by: Josh Romero <rmerqg@amazon.com> * [VisBuilder] Add TODOs with issue links, fix test ID Restores previous test ID for count field button Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Bump makelogs to remove dependency on got (#2801) * Also dusted off the lock file a bit Fixes #1764 Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * Change VisBuilder flag for docker config (#2804) Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> * addressed review comments Signed-off-by: Ajay Gupta <ajyg@amazon.com> * addressed review comments Signed-off-by: Ajay Gupta <ajyg@amazon.com> * addressed review comments Signed-off-by: Ajay Gupta <ajyg@amazon.com> * updated unit tests Signed-off-by: Ajay Gupta <ajyg@amazon.com> * dummy commit to retry build Signed-off-by: Ajay Gupta <ajyg@amazon.com> * address suggestions Signed-off-by: Ajay Gupta <ajyg@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Zilong Xia <zilongx@amazon.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: vimal K <vimalinfo10@gmail.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Bandini Bhopi <bandinib@amazon.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> Co-authored-by: Ajay Gupta <ajyg@amazon.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Co-authored-by: Miki <miki@amazon.com> Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com> Co-authored-by: Craig Perkins <craig5008@gmail.com> Co-authored-by: Vimal K <35750792+vimalMK@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Zhongnan Su <szhongna@amazon.com> Co-authored-by: Kristen Tian <105667444+kristenTian@users.noreply.github.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Co-authored-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Bandini <63824432+bandinib-amzn@users.noreply.github.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: himsgupta1122 <115103225+himsgupta1122@users.noreply.github.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> --------- Signed-off-by: Miki <amoo_miki@yahoo.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: dblock <dblock@amazon.com> Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Yan Zeng <zengyan@amazon.com> Signed-off-by: Zilong Xia <zilongx@amazon.com> Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com> Signed-off-by: Matt Provost <provomat@amazon.com> Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com> Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com> Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com> Signed-off-by: Tao Liu <liutaoaz@amazon.com> Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> Signed-off-by: Derek Ho <dxho@amazon.com> Signed-off-by: Ajay Gupta <ajyg@amazon.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: vimal K <vimalinfo10@gmail.com> Signed-off-by: Bandini Bhopi <bandinib@amazon.com> Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> Co-authored-by: Miki <miki@amazon.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com> Co-authored-by: Manideep Pabba <109986843+mpabba3003@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com> Co-authored-by: Kristen Tian <105667444+kristenTian@users.noreply.github.com> Co-authored-by: Daniel (dB.) Doubrovkine <dblock@dblock.org> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Co-authored-by: Zhongnan Su <szhongna@amazon.com> Co-authored-by: Yan Zeng <46499415+zengyan-amazon@users.noreply.github.com> Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com> Co-authored-by: Manasvini B Suryanarayana <manasvis@amazon.com> Co-authored-by: Daniel (dB.) Doubrovkine <dblock@amazon.com> Co-authored-by: Matt Provost <provomat@amazon.com> Co-authored-by: Miki <amoo_miki@yahoo.com> Co-authored-by: Vijayan Balasubramanian <vijayan.balasubramanian@gmail.com> Co-authored-by: Aozixuan Priscilla Guan <92183424+aoguan1990@users.noreply.github.com> Co-authored-by: Vijayan Balasubramanian <balasvij@amazon.com> Co-authored-by: Tao Liu <33105471+Flyingliuhub@users.noreply.github.com> Co-authored-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> Co-authored-by: Derek Ho <derek01778@gmail.com> Co-authored-by: Ajay Gupta <116780042+ajygupta@users.noreply.github.com> Co-authored-by: Ajay Gupta <ajyg@amazon.com> Co-authored-by: Craig Perkins <craig5008@gmail.com> Co-authored-by: Vimal K <35750792+vimalMK@users.noreply.github.com> Co-authored-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Bandini <63824432+bandinib-amzn@users.noreply.github.com> Co-authored-by: himsgupta1122 <115103225+himsgupta1122@users.noreply.github.com>
…ject#2992) Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: opensearch-project#1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: David Sinclair <david@sinclair.tech>
…ject#2992) Enables the configuration of `disablePrototypePoisoningProtection` by setting `opensearch.disablePrototypePoisoningProtection`. Enables users to store protected logs that include reserve words from JS without the OpenSearch JS client throwing errors. We should still consider transforming unsafe data values if a bad actor attempts to prototype pollute the cluster. More information: https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08 Related issue: opensearch-project#1777 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Signed-off-by: Kawika Avilla <kavilla414@gmail.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: David Sinclair <david@sinclair.tech>
I am unable to create a scripted field with the name
constructor
.On 1.3.2 I get the error "Script is invalid. View script preview for details". If I view the script preview then I get the error "Object contains forbidden prototype property". If I change the scripted field name to anything else then it works as expected.
On 2.0.0 I can create a scripted field called
constructor
, but if I view an object on the Discover tab then the object value isfunction Object() { [native code] }
, and not the value of the scripted field.To Reproduce
Steps to reproduce the behavior:
constructor
return true
On 1.3.2: The error "Script is invalid" is returned
On 2.0.0: Click the Discover tab to view a document in this index and look at the value of the scripted field.
Expected behavior
Expected to be able to save and use a scripted field with the name
constructor
OpenSearch Version
1.3.2 and 2.0.0
Dashboards Version
1.3.2 and 2.0.0
Screenshots
1.3.2:
2.0.0:
Host/Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: