Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update platform security modules (main) #173232

Merged
merged 4 commits into from
Dec 20, 2023
Merged

Update platform security modules (main) #173232

merged 4 commits into from
Dec 20, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 12, 2023
edited by kibanamachine
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@types/node-forge (source) ^1.3.1 -> ^1.3.10 age adoption passing confidence
@types/tough-cookie (source) ^4.0.2 -> ^4.0.5 age adoption passing confidence
@types/xml-crypto (source) ^1.4.2 -> ^1.4.6 age adoption passing confidence
formik (source) ^2.2.9 -> ^2.4.5 age adoption passing confidence
tough-cookie ^4.1.2 -> ^4.1.3 age adoption passing confidence
xml-crypto ^3.0.1 -> ^5.0.0 age adoption passing confidence

Release Notes

jaredpalmer/formik (formik)

v2.4.5

Compare Source

Patch Changes

v2.4.4

Compare Source

Patch Changes

v2.4.3

Compare Source

Patch Changes

v2.4.2

Compare Source

Patch Changes

v2.4.1

Compare Source

Patch Changes

  • 2b194c2 #​3808 Thanks @​NagaiKoki! - fix type of setFieldValue function

  • 708bcb2 #​3813 Thanks @​probablyup! - Revert FieldArray "shouldComponentUpdate" performance optimization. As it turns out, it's a common use case to have JSX controlled via non-Formik state/props inside of FieldArray, so it's not safe to cancel re-renders here.

  • 187e47d #​3815 Thanks @​probablyup! - Revert Yup transform support for the time being, this may be re-introduced in a future release under an opt-in prop.

v2.4.0

Compare Source

Minor Changes

v2.3.3

Compare Source

Patch Changes
  • f075a0c #​3798 Thanks @​probablyup! - Fixed the use of generics for the ArrayHelpers type such that any[] is the default array type and for each individual method the array item type can be overridden if necessary.

v2.3.2

Compare Source

Patch Changes

  • f086b5a #​3237 Thanks @​pieplu! - Changed getIn to return undefined when it can't find a value AND a parent of that value is "falsy" ( "" / 0 / null / false )

  • 6d8f018 #​3792 Thanks @​probablyup! - Update the type for setFieldValue to reflect the returned Promise and potential returned error(s).

v2.3.0

Compare Source

Minor Changes

  • 73de78d #​3788 Thanks @​probablyup! - Added typescript generics to ArrayHelpers interface and its methods so that users who use TypeScript can set the type for their arrays and have type safety on array utils. I have also gone ahead and made supplying a type for the generic optional for the sake of backwards compatibility so any existing TS code that does not give a type for the FieldArray will continue to work as they always have.

  • 39a7bf7 #​3786 Thanks @​probablyup! - Yup by default only allows for cross-field validation within the
    same field object. This is not that useful in most scenarios because
    a sufficiently-complex form will have several yup.object() in the
    schema.

    const deepNestedSchema = Yup.object({
  object: Yup.object({
    nestedField: Yup.number().required(),
  }),
  object2: Yup.object({
    // this doesn't work because `object.nestedField` is outside of `object2`
    nestedFieldWithRef: Yup.number()
      .min(0)
      .max(Yup.ref('object.nestedField')),
  }),
});

    However, Yup offers something called context which can operate across
    the entire schema when using a \$ prefix:

    const deepNestedSchema = Yup.object({
  object: Yup.object({
    nestedField: Yup.number().required(),
  }),
  object2: Yup.object({
    // this works because of the "context" feature, enabled by $ prefix
    nestedFieldWithRef: Yup.number()
      .min(0)
      .max(Yup.ref('$object.nestedField')),
  }),
});

    With this change, you may now validate against any field in the entire schema,
    regardless of position when using the \$ prefix.

v2.2.10

Compare Source

Patch Changes

  • 22e236e #​3784 Thanks @​probablyup! - Improve performance of the FieldArray component by adding a shouldComponentUpdate check; this should help avoid unnecessary re-renders which may affect the performance of a form.

  • bc9cb28 #​3785 Thanks @​probablyup! - Fixed field error state for array fields that have an error and become empty through an API like arrayHelpers.remove.

    The prior behavior resolved the field error to [undefined], now it is simply undefined.

  • 9cbf150 #​3787 Thanks @​probablyup! - Fix infinite loop issue in Field when field helpers (setTouched, etc) are used as an argument in React.useEffect.

  • 9c75a9f #​3780 Thanks @​probablyup! - Fixed an issue with array field errors being incorrectly split into an array of individual characters instead of an array of error strings.

  • 35fa4cc #​3783 Thanks @​probablyup! - Fix validation of deep.dot.path field references when using the validateField API.

node-saml/xml-crypto (xml-crypto)

v5.0.0

Compare Source

💣 Major Changes
  • [breaking-change] Mark getKeyInfo() private as it has no public consumers #​412
  • [breaking-change] Remove the default for getKeyInfoContent forcing a consumer to choose #​411
  • [documentation] [breaking-change] Remove default for transformation algorithm #​410
  • [breaking-change] Remove default for signature algorithm #​408
  • [breaking-change] Remove default for digest algorithm #​406
  • [breaking-change] Remove default canonicalization algorithm #​405
  • [chore] [breaking-change] Improve code clarity; remove unused functions #​397
  • [breaking-change] Move validation messages to each reference #​396
  • [breaking-change] Make references accessible only via get/set #​395
  • [chore] [breaking-change] Reduce public interface by making some methods private #​394
  • [chore] [breaking-change] Update build to support Node@16 #​385
🚀 Minor Changes
  • [enhancement] Add support for directly querying a node to see if it has passed validation #​389
  • [enhancement] Add method for checking if element is signed #​368
🔗 Dependencies
  • [dependencies] [javascript] Bump @​typescript-eslint/eslint-plugin from 5.62.0 to 6.13.0 #​422
  • [dependencies] [javascript] Bump @​prettier/plugin-xml from 3.2.1 to 3.2.2 #​423
  • [dependencies] [javascript] Bump @​types/mocha from 10.0.2 to 10.0.6 #​421
  • [dependencies] [javascript] Bump @​types/chai from 4.3.6 to 4.3.11 #​419
  • [dependencies] [javascript] Bump prettier from 3.0.3 to 3.1.0 #​418
  • [dependencies] [javascript] Bump typescript from 5.2.2 to 5.3.2 #​415
  • [dependencies] [javascript] Bump eslint from 8.51.0 to 8.54.0 #​414
  • [dependencies] [github_actions] Bump actions/setup-node from 3 to 4 #​413
  • [dependencies] [javascript] Bump @​babel/traverse from 7.22.4 to 7.23.2 #​407
  • [dependencies] [github_actions] Bump actions/checkout from 3 to 4 #​392
  • [dependencies] [javascript] Bump eslint-plugin-deprecation from 1.4.1 to 2.0.0 #​390
  • [dependencies] [javascript] Bump typescript from 5.1.6 to 5.2.2 #​383
  • [dependencies] [javascript] Bump eslint-config-prettier from 8.8.0 to 9.0.0 #​381
  • [dependencies] Update dependencies; move to @​xmldom-scoped is-dom-node package #​402
🐛 Bug Fixes
  • [bug] Ensure the X509Certificate tag is properly prefixed #​377
  • [bug] Fix transform processing regression #​379
  • [bug] Enforce consistent transform processing #​380
📚 Documentation
  • [documentation] Clarify use of in signature validation #​401
⚙️ Technical Tasks
  • [chore] Use is-dom-node for DOM node checking and narrowing #​388
  • [chore] Improve and simplify validation logic #​373
  • [chore] Add additional type checking #​369

v4.1.0

Compare Source

💣 Major Changes
  • [bug] [breaking-change] Fix pemToDer() return type #​364
⚙️ Technical Tasks
  • [chore] Improve exported typings #​367
  • [chore] Use stricter typing in tests #​366
  • [chore] Consistently reference xmldom #​365
  • [chore] Rename findChilds() to findChildren() #​363

v4.0.1

Compare Source

🐛 Bug Fixes
  • [bug] Use correct type for options #​360
  • [bug] Fix validationErrors type #​361

v4.0.0

Compare Source

💣 Major Changes
  • [documentation] [breaking-change] Expand the options, move idmode into options, fix types #​323
  • [breaking-change] Refactor classes into their own files #​318
  • [breaking-change] Prefer ES6 classes to prototypical inheritance #​316
  • [breaking-change] Rename signingCert -> publicCert and signingKey -> privateKey #​315
  • [semver-major] [breaking-change] Add support for in ; remove KeyInfoProvider #​301
  • [semver-major] Target an LTS version of Node #​299
🚀 Minor Changes
  • [enhancement] Exports C14nCanonicalization, ExclusiveCanonicalization #​336
🔗 Dependencies
  • [dependencies] [javascript] Bump @​xmldom/xmldom from 0.8.8 to 0.8.10 #​358
  • [dependencies] [javascript] Bump @​typescript-eslint/eslint-plugin from 5.60.1 to 5.62.0 #​357
  • [dependencies] [javascript] Bump @​prettier/plugin-xml from 2.2.0 to 3.1.1 #​356
  • [dependencies] [javascript] Bump prettier from 2.8.8 to 3.0.0 #​350
  • [dependencies] [javascript] Bump release-it from 15.11.0 to 16.1.3 #​352
  • [dependencies] [javascript] Bump prettier-plugin-packagejson from 2.4.3 to 2.4.5 #​353
  • [dependencies] [javascript] Bump @​typescript-eslint/parser from 5.60.1 to 5.62.0 #​354
  • [dependencies] [javascript] Bump typescript from 5.1.5 to 5.1.6 #​351
  • [dependencies] [javascript] Bump word-wrap from 1.2.3 to 1.2.4 #​348
  • [dependencies] [javascript] Bump eslint from 8.42.0 to 8.45.0 #​344
  • [dependencies] Update gren for better support for branches #​340
  • [dependencies] [github_actions] Bump codecov/codecov-action from 3.1.1 to 3.1.4 #​290
🐛 Bug Fixes
  • [bug] Fix issue in case when namespace has no prefix #​330
  • [bug] Use correct path for code coverage reports #​302
⚙️ Technical Tasks
  • [chore] Enforce eslint no-unused-vars #​349
  • [chore] Enforce eslint deprecation #​347
  • [chore] Enforce eslint prefer-template #​346
  • [chore] Enforce eslint no-this-alias #​345
  • [chore] Convert this project to TypeScript #​325
  • [chore] Rename files in preparation for TS migration #​343
  • [chore] Don't force master branch when generating changelog #​342
  • [chore] Enforce eslint no-unused-vars #​322
  • [chore] Enforce eslint no-prototype-builtins #​321
  • [chore] Enforce eslint eqeqeq rule #​320
  • [chore] Update types #​319
  • [chore] Adjust code to pass eslint prefer-const #​312
  • [chore] Adjust code to pass eslint no-var #​311
  • [chore] Adjust code to pass eslint curly #​310
  • [chore] Adjust code to pass eslint one-var #​309
  • [chore] Typings #​295
  • [chore] Lint code for new linting rules #​300
  • [chore] Make linting rules more strict #​293
  • [chore] Replace Nodeunit with Mocha #​294

v3.2.0

Compare Source

v3.1.0

Compare Source

🚀 Minor Changes
  • [enhancement] Add support for appending attributes to KeyInfo element #​285
  • [enhancement] Use inclusiveNamespacesPrefixList to generate InclusiveNamespaces #​284
  • [enhancement] build: add release-it to facilitate builds #​275
  • [enhancement] [documentation] feat: add type declaration #​277
  • [enhancement] make FileKeyInfo extensible for compatibility with TypeScript #​273
  • [enhancement] Updated getKeyInfo function with actual implementation #​249
🔗 Dependencies
  • [dependencies] Update dependencies #​296
  • [dependencies] Bump minimatch from 3.0.4 to 3.1.2 #​276
  • [dependencies] [javascript] Bump qs from 6.5.2 to 6.5.3 #​271
📚 Documentation
  • [documentation] [chore] Adjust references for node-saml organization #​298
⚙️ Technical Tasks

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added backport:all-open Backport to all branches that could still receive a release release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Dec 12, 2023
@renovate renovate bot requested a review from a team December 12, 2023 22:01
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@azasypkin azasypkin self-requested a review December 20, 2023 13:21
@azasypkin azasypkin self-assigned this Dec 20, 2023
@renovate renovate bot requested a review from a team as a code owner December 20, 2023 13:28
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Dec 20, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

@azasypkin azasypkin removed their request for review December 20, 2023 14:56
azasypkin
azasypkin reviewed Dec 20, 2023
View reviewed changes
package.json
@@ -1473,7 +1473,6 @@
"@types/webpack-env": "^1.15.3",
"@types/webpack-merge": "^4.1.5",
"@types/webpack-sources": "^0.1.4",
"@types/xml-crypto": "^1.4.2",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: xml-crypto 5.x is shipped with its own types now.

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
security 575.2KB 575.6KB +390.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @azasypkin

@azasypkin azasypkin requested a review from a team December 20, 2023 16:07
@azasypkin
Copy link
Member

@elasticmachine run elasticsearch-ci/docs

@azasypkin azasypkin merged commit 35d79a9 into main Dec 20, 2023
34 checks passed
@azasypkin azasypkin deleted the renovate/main-platform-security-modules branch December 20, 2023 19:58
@kibanamachine kibanamachine mentioned this pull request Dec 20, 2023
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Dec 20, 2023
@renovate
Update platform security modules (main) (elastic#173232)
93b3094 
(cherry picked from commit 35d79a9)
@kibanamachine
Copy link
Contributor

💔 Some backports could not be created

Status Branch Result
7.17 Backport failed because of merge conflicts
8.12

Note: Successful backport PRs will be merged automatically after passing CI.

Manual backport

To create the backport manually run:

node scripts/backport --pr 173232

Questions ?

Please refer to the Backport tool documentation

@kibanamachine kibanamachine mentioned this pull request Dec 21, 2023
Merged
@azasypkin azasypkin mentioned this pull request Dec 21, 2023
Merged
@azasypkin
Copy link
Member

💚 All backports created successfully

Status Branch Result
7.17

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

azasypkin pushed a commit to azasypkin/kibana that referenced this pull request Dec 21, 2023
@renovate
Update platform security modules (main) (elastic#173232)
9fdc542 
(cherry picked from commit 35d79a9)

# Conflicts:
#	package.json
#	packages/kbn-mock-idp-plugin/common/utils.ts
#	yarn.lock
kibanamachine added a commit that referenced this pull request Dec 21, 2023
@kibanamachine @renovate
[8.12] Update platform security modules (main) (#173232) (#173788)
73751e9 
# Backport

This will backport the following commits from `main` to `8.12`:
- [Update platform security modules (main)
(#173232)](#173232)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"renovate[bot]","email":"29139614+renovate[bot]@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-12-20T19:58:38Z","message":"Update
platform security modules (main)
(#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","backport:all-open","v8.13.0"],"number":173232,"url":"https://github.com/elastic/kibana/pull/173232","mergeCommit":{"message":"Update
platform security modules (main)
(#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/173232","number":173232,"mergeCommit":{"message":"Update
platform security modules (main)
(#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291"}}]}]
BACKPORT-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
azasypkin added a commit that referenced this pull request Dec 21, 2023
@azasypkin @renovate
[7.17] Update platform security modules (main) (#173232) (#173812)
360cf36 
# Backport

This will backport the following commits from `main` to `7.17`:
- [Update platform security modules (main)
(#173232)](#173232)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"renovate[bot]","email":"29139614+renovate[bot]@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-12-20T19:58:38Z","message":"Update
platform security modules (main)
(#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","backport:all-open","v8.13.0"],"number":173232,"url":"https://github.com/elastic/kibana/pull/173232","mergeCommit":{"message":"Update
platform security modules (main)
(#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/173232","number":173232,"mergeCommit":{"message":"Update
platform security modules (main)
(#173232)","sha":"35d79a901d9c690fbb128f138203799f97826291"}},{"url":"https://github.com/elastic/kibana/pull/173788","number":173788,"branch":"8.12","state":"OPEN"}]}]
BACKPORT-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azasypkin azasypkin azasypkin left review comments

@pgayvallet pgayvallet pgayvallet approved these changes

@SiddharthMantri SiddharthMantri SiddharthMantri approved these changes

Assignees

@azasypkin azasypkin

Labels
backport:all-open Backport to all branches that could still receive a release release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v7.17.17 v8.12.0 v8.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@elasticmachine @kibana-ci @azasypkin @kibanamachine @SiddharthMantri @pgayvallet