Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Scripted fields with the name "constructor" cause issues #1777

Closed
jgough opened this issue Jun 22, 2022 · 10 comments · Fixed by #2992
Closed

[BUG] Scripted fields with the name "constructor" cause issues #1777

jgough opened this issue Jun 22, 2022 · 10 comments · Fixed by #2992
Labels
bug Something isn't working discover for discover reinvent medium priority v2.6.0

Comments

@jgough
Copy link
Contributor

jgough commented Jun 22, 2022

I am unable to create a scripted field with the name constructor.

On 1.3.2 I get the error "Script is invalid. View script preview for details". If I view the script preview then I get the error "Object contains forbidden prototype property". If I change the scripted field name to anything else then it works as expected.

On 2.0.0 I can create a scripted field called constructor, but if I view an object on the Discover tab then the object value is function Object() { [native code] }, and not the value of the scripted field.

To Reproduce
Steps to reproduce the behavior:

  1. Go to Stack Management -> Index Patterns and select an index pattern
  2. Click Scripted fields -> Add scripted field
  3. Under Name type constructor
  4. Under Script type return true
  5. Click Create field

On 1.3.2: The error "Script is invalid" is returned
On 2.0.0: Click the Discover tab to view a document in this index and look at the value of the scripted field.

Expected behavior
Expected to be able to save and use a scripted field with the name constructor

OpenSearch Version
1.3.2 and 2.0.0

Dashboards Version
1.3.2 and 2.0.0

Screenshots
1.3.2:
image

2.0.0:
image

Host/Environment (please complete the following information):

  • Docker
  • Firefox 91.10.0esr
@jgough jgough added bug Something isn't working untriaged labels Jun 22, 2022
@joshuarrrr
Copy link
Member

@jgough Thanks for the detailed reproduction steps, I reproduced the 2.0 behavior.

Is it actually necessary to support constructor (or any other reserved string) as a valid field name? Or do you think it would also be sufficient to have proper validation in the scripted field form that makes sure names don't collide with reserved property names?

@jgough
Copy link
Contributor Author

jgough commented Jun 22, 2022

I personally feel it's not essential to support it, but it seems odd that the code is done in a way that means some field names just aren't permitted here. What other reserved property names might cause collisions here? It would at least be good to give a warning when trying to use a reserved name.

I stumbled across this one by accident, genuinely trying to use that as a field name. Took a while to figure out what was going on and that I didn't have a bug in my script! A warning would have helped here.

@joshuarrrr
Copy link
Member

Oh, yeah, I totally agree that it's an annoying and surprising bug. Whichever way we go, we'll want to solve for all currently reserved properties or names (because I also suspect that there are others).

@kavilla
Copy link
Member

kavilla commented Jul 5, 2022

[Triage]: We should do the validation and prevent this.

@ZilongX
Copy link
Collaborator

ZilongX commented Nov 3, 2022

Do we have an ECD for fixing this bug ?

@kavilla
Copy link
Member

kavilla commented Nov 3, 2022

Hey @ZilongX, the current plan for this is to prevent users from setting a reserve word. It might still fail for existing items.

@ZilongX
Copy link
Collaborator

ZilongX commented Nov 3, 2022

Thanks @kavilla , do we have a detailed list of reserved words or maybe a regex checking that customer should avoid using ?

@AMoo-Miki
Copy link
Collaborator

To me, it sounds like OpenSearch should ultimately validate and not accept these and if OpenSearch accepts them, Dashboards should honor them.

While it would be nice for Dashboards to do validations too, I don't think it fits the long-term plans.

kavilla added a commit to kavilla/OpenSearch-Dashboards-1 that referenced this issue Dec 1, 2022
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
kavilla added a commit to kavilla/OpenSearch-Dashboards-1 that referenced this issue Dec 1, 2022
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
@kavilla
Copy link
Member

kavilla commented Dec 1, 2022

I have created a PR that we can backport to 1.x branch, however the second part of this issue I believe we can create another issue. It would appear it is more so a bug (along with other bugs) in the Discover window that prevents certain code from performing as expected. As we are targeted to rewrite the Discover page due to it being in Angular I believe we should create a separate issue to track this bug. Wdyt @ananzh

kavilla added a commit to kavilla/OpenSearch-Dashboards-1 that referenced this issue Dec 1, 2022
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
@ananzh ananzh added the discover for discover reinvent label Dec 2, 2022
@ananzh
Copy link
Member

ananzh commented Dec 2, 2022

I have created a PR that we can backport to 1.x branch, however the second part of this issue I believe we can create another issue. It would appear it is more so a bug (along with other bugs) in the Discover window that prevents certain code from performing as expected. As we are targeted to rewrite the Discover page due to it being in Angular I believe we should create a separate issue to track this bug. Wdyt @ananzh

I tagged it with discover. We will keep it open. Is this okay?

kavilla added a commit to kavilla/OpenSearch-Dashboards-1 that referenced this issue Jan 24, 2023
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
kavilla added a commit to kavilla/OpenSearch-Dashboards-1 that referenced this issue Jan 24, 2023
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
@kavilla kavilla linked a pull request Jan 24, 2023 that will close this issue
8 tasks
ananzh added a commit that referenced this issue Jan 25, 2023
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
opensearch-trigger-bot bot pushed a commit that referenced this issue Jan 25, 2023
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
(cherry picked from commit 1a82ae3)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
opensearch-trigger-bot bot pushed a commit that referenced this issue Jan 25, 2023
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
(cherry picked from commit 1a82ae3)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
opensearch-trigger-bot bot pushed a commit that referenced this issue Jan 25, 2023
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
(cherry picked from commit 1a82ae3)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
ananzh added a commit that referenced this issue Jan 25, 2023
Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
(cherry picked from commit 1a82ae3)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Arpit-Bandejiya pushed a commit to Arpit-Bandejiya/OpenSearch-Dashboards that referenced this issue Mar 8, 2023
…ject#2992)

Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>
ananzh added a commit that referenced this issue Mar 8, 2023
* Fixes folder timestamps being updated before copying files into them (#2964)

* When updating the timestamps were requested, scanCopy first set the times and then copied content into the destination folder. On certain platforms, copying files into a folder updates its "Last Access Time" and that overwrites the just set timestamps. This PR, makes sure the timestamps are set only after copying the content.

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fixes incorrect validation of time values in JUnit Reporter (#2965)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Windows] Make `yarn pkg-version` work across platforms (#2963)

* Makes `yarn pkg-version` work across platforms

Signed-off-by: Miki <amoo_miki@yahoo.com>

* Makes `yarn pkg-version` work across platforms

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add Windows CI to the workflow (#2966)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Makes tests covering plugin installation on cluster snapshots work across platforms (#2994)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Bump loader-utils from 2.0.3 to 2.0.4 (#2892)

Bumps [loader-utils](https://github.com/webpack/loader-utils) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md)
- [Commits](https://github.com/webpack/loader-utils/compare/v2.0.3...v2.0.4)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Corrects the usage of leaflet-vega parameters (#3005)

Fixes #2996, #2353

- Bump `leaflet-vega` to `^0.9.0` - they merged in our upstream PR and made a release
- Fix the parameter name for passing `vega.parse` options.

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add @manasvinibs as maintainer (#3006)

Basic data points
[OSD] 16 submitted PRs (https://github.com/opensearch-project/OpenSearch-Dashboards/pulls/manasvinibs)
[OSD] 74 reviewed PRs (https://github.com/opensearch-project/OpenSearch-Dashboards/issues?q=reviewed-by%3Amanasvinibs)
[OSD] 28 issues involved (https://github.com/opensearch-project/OpenSearch-Dashboards/issues?page=1&q=involves%3Amanasvinibs+is%3Aissue)

Highlight
Mana is assisting with extensions project which will be the next evolution of extending core functionality from OpenSearch Dashboards
Mana implemented https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2734 which allows for a huge quality of life for local development for external plugin developers to utilize snapshots with a single CLI command compared to before when they would had to pull down OpenSearch build, install their plugin on OpenSearch, and ensure the proper configurations. This has caused historically problems when plugin teams do development and miss some steps per their onboard documentation/PR suggestion and get different results than expected.
Mana has assisted reviewing PRs providing great insight on BWC tests, BWC in general, and the release process.
Mana has added documentation from insight she has gained within the informal dev doc repo https://cptnb.github.io/opensearch-dashboards-dev-docs/ ensuring the spread of knowledge.

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Vis Builder] Add global data persistence for vis builder (#2896)

* Add global data persistence for vis builder

Persist filters, time range, time refresh interval for vis builder when we
refresh or navigate to other apps such as dashboard, discover, timeline and visualize

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Automates chromedriver version selection for tests (#2990)

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fixes `no-restricted-path` false-positives when `allowSameFolder` is true (#3020)

`no-restricted-paths` compares source files and import statements, and their membership in restricted zones. However, when `allowSameFolder` is true, it failed to remove a trailing slash before validation which results in a false-positive.

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Doc] Add readme for global query persistence (#3001)

Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD] Feature test connection (#2973)

* test connection intial code

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* error handling

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* refactor

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* removing get cluster info dependency

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* refactor test connection

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* adding test cases and test connection on edit datasource

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* adding changelog comment

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* fixing bug on edit datasource page

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

* refactor based on PR comments

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>

Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Chore] Add release notes for 1.3.7 (#3066)

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Chore] Add 2.4.1 release notes (#3070)

* [Chore] Add 2.4.1 release notes

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Table Visualization][BUG] Fix Url content display (#2918)

Currently, the new table can not format Url. If we
set to use URL format in index pattern field, table
will display it as string.

In this PR, we switch the format from string to html.
To make html understandable by react as a DOM element,
we use dangerouslySetInnerHTML to transform it. For the
security, since the content is not from random input but
fetched from stored data, we should be safe as long as
data is not messed.

To provide more security protection, we also add dompurify
package to sanitize the html content.

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2905

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Tests] Bumps `chromedriver` to v107 (#3017)

* Removes manual resolution of `axios`.

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Removes minimatch manual resolution (#3019)

* The minimatch resolution was no longer necessary after the upstream
library that depended on v3.0.4 was removed in #2711.

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Bumps simple-git from 3.4.0 to 3.15.0 (#3036)

Signed-off-by: Kristen Tian <tyarong@amazon.com>

Signed-off-by: Kristen Tian <tyarong@amazon.com>
Co-authored-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fix boktorbb alias. (#3085)

Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Bump decode-uri-component from 0.2.0 to 0.2.2 (#3009)

Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2.
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2)

---
updated-dependencies:
- dependency-name: decode-uri-component
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD] Update url in tests to follow lychee url allowlist (#3099)

Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Infrastructure] Add `untriaged` label to issues workflow (#3073)

Credit to Peter Nied <petern@amazon.com> via https://github.com/opensearch-project/.github/pull/111

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Update console to use core.http instead of jQuery.ajax (#3080)

* Update console to use core.http instead of jQuery.ajax

Signed-off-by: Yan Zeng <zengyan@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Maintenance] Exempt feature branches from changelog verification workflow (#3123)

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Gets rid of `github-checks-reporter` (#3126)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Updates NOTICE file, adds validation to GitHub CI (#3051)

* Aligns NOTICE with rules outlined in
https://github.com/opensearch-project/.github/issues/21.
* Adds NOTICE validation to the build and test workflow.
* Fixes product name discrepancies between repository NOTICE file and
the generated NOTICE file for the build.
* Skips template-izing the build and test workflow since that's being
worked on in #2991.

Resolves #765

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Doc] Add current plugin persistence implementation readme (#3081)

* readme

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Add readme for current plugin data persistence implementation

Added readme in root level doc folder

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Changelog and minor fixes

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* some modifications

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Table Visualization] Replace table visualization with React and DataGrid (#2863)

* [Table Visualization] Replace table visualization with React and DataGrid

In this PR, we add back functions to make new table usage to
be consistent with the replaced one.
* total function
* percentage column
* filter in/out

Meanwhile, we also add back server. Functional tests are removed.
We will add new functional test in opensearch-dashboards-functional-test
repo. We also clean out some legacy codes.

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2855

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* add some data-test-subj and fix PR comments

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* Fix PR comments and add unit tests

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* remove listenOnChange

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE] Update package info and changelog for loader-utils bump to 2.0.4 fixing CVE-2022-37599 and CVE-2022-37603 (#3031)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fixes misleading embeddable plugin error message (#3043)

Resolves #1479
Resolves #3083

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Vis Builder] Add redux store persistence (#3088)

* add redux store persistence

implement persistence without using state container or state sync utils, and it
works with both the URL and session storage.

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* changelog and rebase

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Console log the error

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* rebase and changelog

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* add unit tests

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Adds config override to fix obsolete theme:version config value of v8 (beta) rendering issue (#3045)

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Adds retrying flaky jest tests (#2967)

Signed-off-by: Miki <amoo_miki@yahoo.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD] Improve test connection (#3110)

Signed-off-by: Su <szhongna@amazon.com>

Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Bump node version from 14.20.0 to 14.20.1 to resolve CVE-2022-35256 (#3166)

* Bump node version from 14.20.0 to 14.20.1 to resolve CVE-2022-35256

Signed-off-by: Zilong Xia <zilongx@amazon.com>

* Update the PR number in CHANGELOG

Signed-off-by: Zilong Xia <zilongx@amazon.com>

Signed-off-by: Zilong Xia <zilongx@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CI] update yarn timeout for GitHub workflow on Windows (#3118)

Yarn 1.x seems to have an issue with timing on windows and
mac when running.

Source:
https://github.com/yarnpkg/yarn/issues/8242#issuecomment-776561223

Increase timeout for Windows only.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Updated MAINTAINERS.md to match recommended opensearch-project format. (#3180)

Signed-off-by: dblock <dblock@amazon.com>

Signed-off-by: dblock <dblock@amazon.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CI] Record functional test artifacts in case of failure (#3190)

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Increase timeout waiting for the exiting of an optimizer worker (#3193)

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CI] Improve yarn's performance in workflows by caching yarn's cache folder (#3194)

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Vis Builder] Add app filter and query persistence without using state container (#3100)

* connect without container

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Query and filter persistence working

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Rebase and changelog

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Simplify filter management

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* change function name

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* add unit test for function connect storage to query

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* changelog change

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* add comments and functional documentation in readme

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* add more documentation in data persistence readme about vis builder persistence

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* error handling

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* add function definition in data plugin api doc

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* document and comments

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* test (#3197)

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Update json5 to 1.0.2 and 2.2.3 (#3201)

* Update json5 to 1.0.2 and 2.2.3

Signed-off-by: Matt Provost <provomat@amazon.com>

* Update changelog

Signed-off-by: Matt Provost <provomat@amazon.com>

Signed-off-by: Matt Provost <provomat@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Chore] Add `vega-lite` v5 dependency and bundle from source (#3076)

* [Chore] Add vega-lite v5 dep and bundle from source

- Add vega-lite@^5.6.0 dependency
- Update webpack config to build `vega-lite` from typescript source to target es5
- Add babel plugin for logical assignment operators
- Selectively import only the vega-lite modules used
- Update vega_parser tests

Co-authored-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Chore] Update vega-lite defaults and tests to v5

- Add test case for older vega-light spec parsing
- Update default schema version in default spec, test specs, mocked saved objects
- Fix indentation of comments in default spec
- Update jest mock imports to use `vega-lite`

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Feature] Allow order control in `createAggConfig` (#3160)

* [Feature] Allow order control in `createAggConfig`

Add new optional boolean param that adds the new `AggConfig` to the beginning of the array rather than the end.
Makes it easier to work with Pie or other visualizations with `Schemas` that set `mustBeFirst`

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Chore] Add changelog

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [VisBuilder] Adds field unit tests (#3211)

* Adds field tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds changelog

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fix bug that prevents selected join field to be used (#3213)

Remove setting join field even if it is already set.

Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com>

Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [VisBuilder] fixes filters for table visualisation (#3210)

* fixes table vis for filter aggregation types

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Fixes filter and add error boundry

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds changelog

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [VisBuilder] Fixes pipeline aggs (#3137)

* fixes pipeline aggs in visbuilder

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* adds changelog

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds unit tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* fixes pipeline aggs in visbuilder

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* adds changelog

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds unit tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* fixes unit tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add v2.5.0 release notes (#3234)

* Add v2.5.0 release notes

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Adds aliased vega-lite v5 dependency to the notes #3151

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Address feedback comments

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Add #3197 to notes

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Address feedback comments

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Address feedback comments

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

* Address feedback comments

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD]Update test connection button text (#3247)

Signed-off-by: Kristen Tian <tyarong@amazon.com>

Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Update text and include new changes in the release notes 2.5.0 (#3251)

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Chore] fix comment typo (#3239)

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Docs] Fix documentation link for date math (#3207)

- Add new documentation link
- move from `noDocumentation` to `opensearch`

fixes #2849

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Fix detection of Chrome's version on Darwin (#3296)

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Maintenance] Bumps `re2` and `supertest` (#3018)

* Removes manual resolution on `qs`. The latest version of `supertest` depends on v6.11.0.
* Adds steps for upgrading `re2`.
* Addresses CVE-2022-24999 (no issue opened)

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add disablePrototypePoisoningProtection configuration (#2992)

Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE-2022-25860] Bumps simple-git from 3.15.1 to 3.16.0 (#3345)

Issue Resolved
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3329

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add 1.3.8 release notes (#3367)

* Create 1.3.8 release notes

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove unused tags

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove old changelog

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Fix typo

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Address comments

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Add PRs

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove unreleased PR

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

* Remove unreleased PR

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>

---------

Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add BWC tests for 2.6.0 (#3356)

Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Prevent primitive linting limitations from being applied to unit tests found under `src/setup_node_env` (#3403)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Security] Bumps hapi/statehood to 7.0.4 (#3411)

Bump hapi/statehood to 7.0.4 to solve security concerns.

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3406

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE-2022-25881] Resolve http-cache-semantics to 4.1.1 (#3409)

Signed-off-by: Su <szhongna@amazon.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE-2023-25166] Bump formula to 3.0.1 (#3416)

* [CVE-2023-25166] Bumps formula to 3.0.1

Signed-off-by: Su <szhongna@amazon.com>
Co-authored-by: Miki <amoo_miki@yahoo.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add new ui setting for size (#3399)

Introduce new ui setting for custom vector map's size
parameter. The default value is 1000.
Users can increase this limit by updating this value
in Advanced Settings.

Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [search telemetry] Fixes search telemetry's observable object that won't be GC-ed (#3390)

The search telemetry was disabled by default, there is a issue when search telemetry read configuration and creates an Observable object that won't be GC-ed.

Signed-off-by: Tao Liu <liutaoaz@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Corrects NOTICE file copyright date range (#3308)

* Corrects NOTICE file copyright date range

* Follow-up on #3051

Resolves #765

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Co-authored-by: Zhongnan Su <szhongna@amazon.com>
Co-authored-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358 (#3359)

* Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

* Upgrade vega-tooltip to 0.30.0 to support custom tooltips #3358

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

---------

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Added untriaged issue workflow. (#3427)

* Created untriaged issue workflow.

Signed-off-by: dblock <dblock@amazon.com>

* Remove existing untriaged workflow with wrong name

Signed-off-by: Josh Romero <rmerqg@amazon.com>

---------

Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD] Support SigV4 as a new auth type of datasource (#3058)

* [Multiple DataSource] Add support for SigV4 authentication

Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Allow relaxing the Node.js runtime version requirement (#3402)

With this change, the `engines.node` of `package.json` need not be a fixed version; it can be a range using a subset of formats defined by `semver`.

A very limited subset of what [semver](https://github.com/npm/node-semver/blob/cb1ca1d5480a6c07c12ac31ba5f2071ed530c4ed/README.md#ranges) supports has been added; only a single comparator, composed of an operator and a version, is supported.

The supported operators are
 *   `>`    Greater than
 *   `>=`   Greater than or equal to
 *   `=`    Equal
 *   `~`    Tilde ranges: Allows patch changes if a minor version is specified but if only a major version is specified, it allows minor changes.
 *   `^`    Caret ranges: Allows patch and minor updates when major is non-zero (and we will never have that).

If no operator is specified, equality is assumed.

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE-2023-25653] Bump node-jose to 2.2.0 (#3445)

Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Upgrade yarn version to be compatible with @openearch-project/opensearch (#3443)

* upgrade yarn version to 1.22.10 to be compatible with @openearch-project/opensearch

Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Make build scripts find and use the latest version of Node.js that satisfies `engines.node` (#3467)

* While building distributables, Node.js runtime is downloaded to be placed in the archivea. This logicwas modified to honor a range for `engines.node` by fetching the latest release of Node.js that satisfied the range.
* Some tests covering the build, read a version from `.node-version` to compare with the results of actual function runs; these were changed to either use mocked values or honor the range and use the latest Node.js version.
* Some variable and functions referred to `engines.node` as a version; they were corrected to call it a range.

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Relax Node.js version to `^14.20.1` and bump `.nvmrc` to `v14.21.3` (#3463)

* `engines.node` is relaxed from `14.20.1` to `^14.20.1`: yarn and OSD will allow versions 14.20.1 or greater, but less than 15, to be used but do not impose upgrading to avoid being a breaking change. Users will be able to install any version of Node.js that satisfies `^14.20.1`, moving ahead without waiting for a change in OSD when new versions are released.
* `.nvmrc` is bumped to the latest security patch: `14.21.3`

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [MD] Integrate test connection to support SigV4 auth type (#3456)

Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Add 2.6 release note (#3484)

* a

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* Add 2.6 release note

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* Update release-notes/opensearch-dashboards.release-notes-2.6.0.md

Co-authored-by: Josh Romero <rmerqg@amazon.com>

---------

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* docs(DEVELOPER_GUIDE): Make getting started comprehensive and reorganize (#3421)

* docs(DEVELOPER_GUIDE): Make getting started comprehensive and reorganize

Enhance getting started guide for new contributors
- Add key technology breakdown with links to code guidelines
- Add robust prerequisite guide
- Clarify forking workflow
- Explain bootstrapping
- Distinguish between recommended and optional/alternative steps
- Add OS-specific guidance
- Add tarball usage instructions

Make other developer guide improvements:
- Update TOC
- Remove callout linking to EUI docs
- Reorder code guidelines
- Standardize header capitalization and make usage guide headers imperative

fixes #3396

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [BUG][TSVB] Fix serial diff agg link (#3503)

Doc link was invalid and causing an undefined error. This
prevented the UI from mounting properly.

Issue(s) resolved:
* https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3498
* https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3327

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Remove the unused `renovate.json5` file (#3489)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Docs] fix typo in TSVB README (#3518)

Fixes a small typo in TSVB README.md file.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Update caniuse to fix failed integration tests (#3538)

Ran npx browserslist@latest --update-db to update caniuse package so
the integration tests will pass.

Issue:
n/a

Will be fixed in:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2329

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [CVE-2023-26486][CVE-2023-26487] Bump vega from 5.22.1 to 5.23.0 (#3533)

Bump vega from 5.22.1 to 5.23.0. This will also bump vega-function
from 5.13.0 to 5.13.1.

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3526
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3525

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* [Dev] enable `opensearch snapshot` for Darwin (#3537)

Enable the downloading of Darwin for running the command
`yarn opensearch snapshot`.

Darwin is not officially supported but snapshots are being
built here:
https://build.ci.opensearch.org/job/distribution-build-opensearch/

Issue resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2944

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Simplifies `re2` upgrade instructions (#3328)

* Follow-up from #3018

Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

* Point in time management plugin and empty state (#2813)

* point in time management plugin and empty state

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* updated to new license header

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Vis Builder] Rename wizard on save modal and visualization table (#2645)

* Rename wizard on save modal and visualization table

Change the wizard reference in save modal title, toggle and visualization table

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Save visualization on save modal, VisBuilder for chart type

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* No experimental flag

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [@osd/cross-platform] Adds cross-platform helpers (#2681)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Change save object type, wizard id and name to visBuilder (#2673)

* Change save object type, wizard ID and Name to visBuilder

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Rename wizard in functional tests

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Finalize plugin-id and plugin-name and saved-object-type

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Change official name to VisBuilder

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Delete migration

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Fix functional test

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

* Update snapshot

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>

Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 (#2689)

* [CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601

Signed-off-by: Zilong Xia <zilongx@amazon.com>

* Update CHANGELOG.md

Signed-off-by: Zilong Xia <zilongx@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Add extension point in saved object management to register namespaces and show filter (#2656)

* Create filter registry for saved object management to make filters extensible

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* WIP on making fetchCounts generic

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* First step at making scroll_counts generic

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Work on getting other filter counts with same object count endpoint

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Get tenant count options to display

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Extend find to work with namespaces for saved objects

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add missing filterFields

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Update jest tests

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Update saved_objects_table snapshot

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Append index to id to make unique

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add semi-colon

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Fix saved objects table tests with new id scheme

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Only append idx on config type to ensure Advanced Settings have a unique id across tenants

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Remove itemsClone in favor of showing only Advanced Settings of current tenant

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Revert snapshots in table.test.tsx

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add additional parse_query test

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add comma

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Create namespaceRegistry to decouple security dashboards plugin and osd core

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add ability to register an alias

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Update parse query and add to CHANGELOG

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Remove commented out code

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Address code review comments

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Override i18n if alias is regitered

Signed-off-by: Craig Perkins <cwperx@amazon.com>

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Removed Leftover X Pack references #2517 (#2638)

x-pack references in the code are removed as per the given files in #2517

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2517

Signed-off-by: vimal K <vimalinfo10@gmail.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Revert "[@osd/cross-platform] Adds cross-platform helpers (#2681)" (#2694)

This reverts commit 887093d2d243045029b644680a3e8d0150318143.

Now that downstream plugins and projects are unblocked from builds, we want to make these changes following our standard processes and automated checks

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [MD] Add design documents of multiple data source feature (#2538)

* Add MD design documents, including high level design, user stories, client management detailed design

Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Adds @osd/cross-platform (#2703)

* Adds helper functions, @osd/cross-platform, to work around the differences of platforms

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [MD]Update MD data source documentation link (#2693)

Signed-off-by: Kristen Tian <tyarong@amazon.com>

Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Add `Skip-Changelog` label to skip changelog verification on certain PRs (#2726)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Enable visbuilder by default (#2725)

* Enable visbuilder by default

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds changelog entry

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Save Object Aggregation View] Fix for export all after scroll count response changed in PR#2656 (#2696)

* Fix for filterSavedObjectCounts for namespaceRegistry

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Fix saved_objects_table.test.tsx

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add to CHANGELOG

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Correct reference to namespacesToInclude

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Use filteredTypeCounts

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Use namespaces similar to types for fetchObjects

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Use _all to represent query for all namespaces

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Pass all registered namespaces

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Switch back signature of scroll_count

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Change countOptions to options

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Use not not instead of in

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Filter namespaces to only include namespace that have been registered

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add filterQuery with tests

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Update license headers and address review comments

Signed-off-by: Craig Perkins <cwperx@amazon.com>

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Update backport workflow to ignore changelog conflicts (#2729)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Tweak multiple data source design doc (#2724)

Signed-off-by: Kristen Tian <tyarong@amazon.com>

Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Chore] Refactor and improve Discover field summaries (#2391)

* [Chore] Refactor and improve field summaries

* Convert to typescript
* Fix types
* Add tests

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Test] Update functional test

Groups are now naturally sorted by key, which requires selecting a different date filter

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Chore] Add changelog entry

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Chore] Refactor columns passing, fix bugs

* pass columns explicitly as props
* fix branding in core mocks
* fix `toBeUndefined()` usage in tests
* remove leftover comment
* fix test subject
* condense types

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Removes Add Integration button (#2723)

* Removes Add Integration button

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2684

Signed-off-by: Bandini Bhopi <bandinib@amazon.com>

* Adds changelog entry

Signed-off-by: Bandini Bhopi <bandinib@amazon.com>

Signed-off-by: Bandini Bhopi <bandinib@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Prevent backport workflow from running on umerged PRs (#2746)

Signed-off-by: Miki <amoo_miki@yahoo.com>

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Vis Builder] Enable VisBuilder cypress tests (#2728)

* Enable VisBuilder cypress tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Adds changelog and fix env

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

* Run all tests

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [CI] update backport custom branch name (#2766)

GitHub action for backporting got updated to change custom branch
to head template.

This was causing issues in clean up and skipping steps.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Legacy Maps Plugin] Prevent reverse-tabnabbing (#2540)

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* change geckodriver version to make consistency (#2772)

* change geckodriver version to make consistency

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2771

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* combine https-proxy-agent in yarn.lock

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Vis Builder] Add an experimental table visualization in vis builder (#2705)

* [Vis Builder] Add an experimental table visualization in vis builder

In this PR, we hook up an experimental table vis in vis builder. This
table vis is a refactor of previous table. It is written in React and
DataGrid component.

In this PR, we did two main things:
* add an experimental table visualization
* enable it in vis builder

Issue Resolved (hook up table in vis builder):
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2704

The experimental table vis has all the features from current table, including
* restore table vis in react using a Datagrid component
* datagrid component does not support splitted grids. For future transfer
to OUI Datagrid, we create a tableGroup in visData for splitted grids.
* restore basic pagenation, sort and format.
* implement datagrid columns
* display column title correctly
* deangular and re-use formatted column
* convert formatted column to data grid column
* restore filter in and filter out value functions
* format table cell to show Date and percent
* restore showTotal feature: it allows table vis to show total,
avg, min, max and count statics on count
* restore export csv feature to table vis
* split table in rows and columns

Beside of restoring original features, there are some changes:

* [IMPROVE] remove repeated column from split tables
Currently, when we split table by columns, the split column is shown
both in the table title and as a separate column. This is not needed.
In this PR, we remove the repeated column in split tables in col.
* [NEW FEATURE] adjustable table column width
In the new table visualization, customer can adjust the column width
as needed.

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2212
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2213
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2305
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2379
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2579

Since this is a hookup PR, we remove un-used table vis types and options
because they could be defined in vis builder.

We also create follow up issues for some un-resolved PR comments.

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* remove unused scss tyle

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* remove total func and percentage col

total func and percentage col are two features that we might
need to remove or re-invent for future table vis. For hookup
purpose, it doesn't make sense to include some features that
we would like to remove.

this PR removes total func and percentage col in both table
vis and vis builder

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* comment out cellActions
currently filter in/out cell doesn't function in vis builder.
we will coumment out cell actions for now.

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Security-CVEs fixes guidelines (#2674)

* Security-CVEs fixes guidelines

Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>

* styling

Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>

* add example

Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>

* add documention

Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>

Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [MD] Update default audit log path (#2793)

- Fix the /tmp path issue seen on windows platform.
- Change audit log to disable by default.

Signed-off-by: Kristen Tian <tyarong@amazon.com>

Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* [Vis Builder] Add field summary popovers (#2682)

* [Vis Builder] Add field summary popovers

Much of the functionality was ported from `Discover`, but
largely refactored.

* Add utilities to get sampled hit summaries by field
* Add popover summaries
* Slight refactor of special `Count` pseudofield
* Use observable subscription to update sampled hits

Fixes #950

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [Vis Builder] Add additional unit tests

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [VisBuilder] Update naming of summary field components

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [VisBuilder] Avoid prop passing by extracting custom hooks

- refactor meta field identification

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* [VisBuilder] Add TODOs with issue links, fix test ID

Restores previous test ID for count field button

Signed-off-by: Josh Romero <rmerqg@amazon.com>

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Bump makelogs to remove dependency on got (#2801)

* Also dusted off the lock file a bit

Fixes #1764

Signed-off-by: Miki <miki@amazon.com>

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* Change VisBuilder flag for docker config (#2804)

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>

Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* addressed review comments

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* addressed review comments

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* addressed review comments

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* updated unit tests

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* dummy commit to retry build

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

* address suggestions

Signed-off-by: Ajay Gupta <ajyg@amazon.com>

Signed-off-by: Ajay Gupta <ajyg@amazon.com>
Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Zilong Xia <zilongx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: vimal K <vimalinfo10@gmail.com>
Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Bandini Bhopi <bandinib@amazon.com>
Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
Co-authored-by: Ajay Gupta <ajyg@amazon.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Co-authored-by: Miki <miki@amazon.com>
Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com>
Co-authored-by: Craig Perkins <craig5008@gmail.com>
Co-authored-by: Vimal K <35750792+vimalMK@users.noreply.github.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Zhongnan Su <szhongna@amazon.com>
Co-authored-by: Kristen Tian <105667444+kristenTian@users.noreply.github.com>
Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
Co-authored-by: Craig Perkins <cwperx@amazon.com>
Co-authored-by: Bandini <63824432+bandinib-amzn@users.noreply.github.com>
Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: himsgupta1122 <115103225+himsgupta1122@users.noreply.github.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>

---------

Signed-off-by: Miki <amoo_miki@yahoo.com>
Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: abbyhu2000 <abigailhu2000@gmail.com>
Signed-off-by: mpabba3003 <amazonmanideep@gmail.com>
Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Signed-off-by: Kristen Tian <tyarong@amazon.com>
Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: Su <szhongna@amazon.com>
Signed-off-by: Yan Zeng <zengyan@amazon.com>
Signed-off-by: Zilong Xia <zilongx@amazon.com>
Signed-off-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Signed-off-by: Matt Provost <provomat@amazon.com>
Signed-off-by: Ashwin P Chandran <ashwinpc@amazon.com>
Signed-off-by: Vijayan Balasubramanian <balasvij@amazon.com>
Signed-off-by: Aozixuan Priscilla Guan <aoguan@amazon.com>
Signed-off-by: Tao Liu <liutaoaz@amazon.com>
Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>
Signed-off-by: Derek Ho <dxho@amazon.com>
Signed-off-by: Ajay Gupta <ajyg@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: vimal K <vimalinfo10@gmail.com>
Signed-off-by: Bandini Bhopi <bandinib@amazon.com>
Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
Co-authored-by: Miki <miki@amazon.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Qingyang(Abby) Hu <abigailhu2000@gmail.com>
Co-authored-by: Manideep Pabba <109986843+mpabba3003@users.noreply.github.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: Tommy Markley <5437176+tmarkley@users.noreply.github.com>
Co-authored-by: Kristen Tian <105667444+kristenTian@users.noreply.github.com>
Co-authored-by: Daniel (dB.) Doubrovkine <dblock@dblock.org>
Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
Co-authored-by: Zhongnan Su <szhongna@amazon.com>
Co-authored-by: Yan Zeng <46499415+zengyan-amazon@users.noreply.github.com>
Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com>
Co-authored-by: Manasvini B Suryanarayana <manasvis@amazon.com>
Co-authored-by: Daniel (dB.) Doubrovkine <dblock@amazon.com>
Co-authored-by: Matt Provost <provomat@amazon.com>
Co-authored-by: Miki <amoo_miki@yahoo.com>
Co-authored-by: Vijayan Balasubramanian <vijayan.balasubramanian@gmail.com>
Co-authored-by: Aozixuan Priscilla Guan <92183424+aoguan1990@users.noreply.github.com>
Co-authored-by: Vijayan Balasubramanian <balasvij@amazon.com>
Co-authored-by: Tao Liu <33105471+Flyingliuhub@users.noreply.github.com>
Co-authored-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>
Co-authored-by: Derek Ho <derek01778@gmail.com>
Co-authored-by: Ajay Gupta <116780042+ajygupta@users.noreply.github.com>
Co-authored-by: Ajay Gupta <ajyg@amazon.com>
Co-authored-by: Craig Perkins <craig5008@gmail.com>
Co-authored-by: Vimal K <35750792+vimalMK@users.noreply.github.com>
Co-authored-by: Craig Perkins <cwperx@amazon.com>
Co-authored-by: Bandini <63824432+bandinib-amzn@users.noreply.github.com>
Co-authored-by: himsgupta1122 <115103225+himsgupta1122@users.noreply.github.com>
sikhote pushed a commit to sikhote/OpenSearch-Dashboards that referenced this issue Apr 24, 2023
…ject#2992)

Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: David Sinclair <david@sinclair.tech>
sikhote pushed a commit to sikhote/OpenSearch-Dashboards that referenced this issue Apr 24, 2023
…ject#2992)

Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

We should still consider transforming unsafe data values if a bad actor
attempts to prototype pollute the cluster.

More information:
https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: David Sinclair <david@sinclair.tech>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working discover for discover reinvent medium priority v2.6.0
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants