-
Notifications
You must be signed in to change notification settings - Fork 898
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use a forced CSP-compliant interpreter with Vega visualizations #2352
Use a forced CSP-compliant interpreter with Vega visualizations #2352
Conversation
* Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com>
Codecov Report
@@ Coverage Diff @@
## main #2352 +/- ##
==========================================
- Coverage 66.55% 66.55% -0.01%
==========================================
Files 3169 3170 +1
Lines 60313 60318 +5
Branches 9182 9181 -1
==========================================
+ Hits 40141 40144 +3
- Misses 17979 17981 +2
Partials 2193 2193
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
|
version "0.8.6" | ||
resolved "https://registry.yarnpkg.com/leaflet-vega/-/leaflet-vega-0.8.6.tgz#dd4090a6123cb983c2b732d53ec9e4daa53736b2" | ||
integrity sha1-3UCQphI8uYPCtzLVPsnk2qU3NrI= | ||
"leaflet-vega@npm:@amoo-miki/leaflet-vega@0.8.7": |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there plan to use an official fork? I think in the past there was a previous issue where people questioned using a personalized dependency
for [1], no. vega PR is under review. leaflet-vega hasn't been reviewed yet. |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.x 1.x
# Navigate to the new working tree
cd .worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-2352-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bebbcca30d4b3f43c800eb5360681d2072d0ba7c
# Push it to GitHub
git push --set-upstream origin backport/backport-2352-to-1.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.x Then, create a pull request where the |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.3 1.3
# Navigate to the new working tree
cd .worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-2352-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bebbcca30d4b3f43c800eb5360681d2072d0ba7c
# Push it to GitHub
git push --set-upstream origin backport/backport-2352-to-1.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.3 Then, create a pull request where the |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.2 1.2
# Navigate to the new working tree
cd .worktrees/backport-1.2
# Create a new branch
git switch --create backport/backport-2352-to-1.2
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bebbcca30d4b3f43c800eb5360681d2072d0ba7c
# Push it to GitHub
git push --set-upstream origin backport/backport-2352-to-1.2
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.2 Then, create a pull request where the |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.1 1.1
# Navigate to the new working tree
cd .worktrees/backport-1.1
# Create a new branch
git switch --create backport/backport-2352-to-1.1
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bebbcca30d4b3f43c800eb5360681d2072d0ba7c
# Push it to GitHub
git push --set-upstream origin backport/backport-2352-to-1.1
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.1 Then, create a pull request where the |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.0 1.0
# Navigate to the new working tree
cd .worktrees/backport-1.0
# Create a new branch
git switch --create backport/backport-2352-to-1.0
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bebbcca30d4b3f43c800eb5360681d2072d0ba7c
# Push it to GitHub
git push --set-upstream origin backport/backport-2352-to-1.0
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.0 Then, create a pull request where the |
* Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca)
* Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca)
…lizations backport PR:opensearch-project#2352 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
backport PR:opensearch-project#2352 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
backport PR:opensearch-project#2352 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
backport PR:opensearch-project#2352 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
backport PR:opensearch-project#2352 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
backport PR:opensearch-project#2352 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
… (#2354) * Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca) Co-authored-by: Miki <miki@amazon.com>
backport PR:#2352 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Miki <miki@amazon.com>
* Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit bebbcca)
* Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit bebbcca)
* Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit bebbcca)
* Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca)
* Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca)
* Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca)
… (#2372) * Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca) Co-authored-by: Miki <miki@amazon.com>
… (#2355) * Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca) Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
… (#2373) * Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca) Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
… (#2371) * Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca) Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
…search-project#2352) (opensearch-project#2371) * Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> (cherry picked from commit bebbcca) Co-authored-by: Miki <miki@amazon.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
…search-project#2352) * Pass `options` to `vega.parse` to enable inclusion of parsed ASTs * Introduce the forced CSP-compliant interpreter that prevents evaluation of unsafe methods * Modified the consumed `leaflet-vega` package to one that honors `options` Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Miki <miki@amazon.com> Signed-off-by: Sergey V. Osipov <sipopo@yandex.ru>
options
tovega.parse
to enable inclusion of parsed ASTsleaflet-vega
package to one that honorsoptions
Signed-off-by: Miki miki@amazon.com
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr