Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm audit fixes #3561

Merged
merged 1 commit into from
Mar 10, 2019
Merged

npm audit fixes #3561

merged 1 commit into from
Mar 10, 2019

Conversation

ranbena
Copy link
Contributor

@ranbena ranbena commented Mar 10, 2019

What type of PR is this? (check all applicable)

Description

Since #3405 npm's security audit feature prompts for some vulnerabilities found.

  • less upgraded
    AntD uses some css animation js and since we're importing ant less files directly, had to update a webpack config to allow it. I assume it can be turned off when we officially migrate to AntD? (BOOTSTRAP_REMOVE_ME?).

  • url-loaderupgraded
    Used for font fetching, works fine.

  • plotly.js not upgraded
    Although plotly.js security warning, there's no fix out.

@ghost ghost assigned ranbena Mar 10, 2019
@ghost ghost added the in progress label Mar 10, 2019
@kravets-levko
Copy link
Collaborator

@ranbena I'm just curious: why did you decide to not upgrade plotly?

@ranbena
Copy link
Contributor Author

ranbena commented Mar 10, 2019

@ranbena I'm just curious: why did you decide to not upgrade plotly?

Cause it won't fix the security vulnerability.
plotly/plotly.js#2822

Copy link
Member

@arikfr arikfr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

YOLO.

Copy link
Collaborator

@kravets-levko kravets-levko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ranbena I'll need latest version for #2292 anyway, that's why I'm asking 🙂

@arikfr
Copy link
Member

arikfr commented Mar 10, 2019

@kravets-levko it's common to have some regressions when upgrading Plotly, so I would do it separately and review the changes.

@arikfr
Copy link
Member

arikfr commented Mar 10, 2019

(by I above I meant whoever does the upgrade, not necessarily me 😄 )

@kravets-levko kravets-levko merged commit 5dc74e1 into master Mar 10, 2019
@ghost ghost removed the in progress label Mar 10, 2019
@kravets-levko kravets-levko deleted the audit branch March 10, 2019 11:37
@koooge koooge mentioned this pull request Mar 11, 2019
6 tasks
axeltlarsson added a commit to Jojnts/redash that referenced this pull request Jul 29, 2019
Squashed commits of the following:

* Delete an unused global (getredash#3231)

Signed-off-by: koooge <[email protected]>

* Fix: forked query wasn't opening in MULTI_ORG env (getredash#3236)

* Send argsrepr value with execute_query task (getredash#3235)

* request.view_args might be None and add org_id to ApiUser (getredash#3237)

* Handle the case when a QueryTracker is None and change order. (getredash#3238)

* Fix: Query editor duplicates keystrokes [getredash#2972] (getredash#3239)

* Simple user view (getredash#3244)

* show a simple user details page when viewing a user who isn't you (or you arent the admin)

* add a snapshot test

* lint

* getredash#3213 Scatter charts can have category Y axis (similar to Bubble) (getredash#3243)

* Upgrade requests package (getredash#3245)

* Support overriding the default Celery schedule database file via SCHEDULE_DB environment variable. (getredash#3056)

By default Celery will use a file celerybeat-schedule in the current directory.
This is an issue in a Kubernetes/Openshift environment as the file may be lost or even impossible to write.

* Closes getredash#2396: Add finer-grained scheduling. (getredash#2426)

* Closes getredash#187: Add finer-grained scheduling - backend.

* Closes getredash#2396 - Add finer-grained scheduling - frontend.

* Fix linting issues

* Rename ScheduleDialgo to .jsx

* Feature: Refresh schedule - code optimizations

* Feature: Refresh schedule - save/cancel actions

* Feature: Refresh schedule - styling (getredash#3247)

* Fix: Able to set out-of-range refresh interval

* Fix: Refresh schedule phrase overlaps title (getredash#3250)

* Add "Active at" column to user list. (getredash#3026)

* add last_active_at to users page

* Use our JSON encoder as the SQLAlchemy JSON serializer.

* Fixed some inconsistencies in the user query class methods.

* Minor cosmetic fixes.

* Add some make tasks for easier development.

* Add user detail sync system based on Redis backend.

There is a periodic Celery task that updates a new “details” JSONB column in the “user” table with the data from Redis.

Currently this is only used for tracking the date of last activity of a user but can be extended with other user information later.

Updates a few dependencies.

* Normalize a few Flask extension API names.

* Reduce implementation complexity of JSONEncoder.

* Use request_started signal to make sure we have a request context.

Otherwise loading the user based on the request won’t work.

* Fix test that checks if disabled users can login.

This correctly uses a URL path that includes the current organization and checks for the error message.

The previous test seems to have been a red herring.

* Minor cosmetic fixes.

* Remove needs_sync in favor of just deleting things.

* Misc review fixes.

* Ignore line length.

* Split redash.models import several modules.

* Move walrus UTC DateTimeField into redash.models.types.

* Restore distinctly loading dashboards.

* Simplify default values for user details.

* Define __repr__ methods generically.

* Consistently have underscore methods at the top of model methods.

* Fix tests.

* Split redash.models import several modules.

* Update to latest walrus and redis-py.

* Update kombu to 4.2.2 for redis-py 3.x compatibility.

* Remove redis-cli container after running Make task.

* Move buffer condition after datetime/time conditions.

* Update walrus to 0.7.1.

* Refactor some query APIs.

This uses the flask-sqlalchemy helpers consistently and makes more use of mixins.

* Post rebase fixes.

* Use correct kombu version

* Fix migration down revision

* Invitation Pending changes (getredash#3229)

* determine invitation_pending according to empty password. This commit will be reverted, I'm just deferring the implementation

* show '(Invitation Pending)' to users who haven't accepted their invitation yet

* allow resending invitations

* allow deletion of pending users from user list

* set invitation as not pending when following invite link

* prevent deleting activated users

* test that users who follow invitation links are set as non-pending invitations

* prevent re-using invitations

* invitees who use SSO will now also be marked as "non-pending"

* lint

* client: Remove estraverse (getredash#3254)

Signed-off-by: koooge <[email protected]>

* Redis based implementation of user active_at timestamp update (getredash#3256)

* Switch to simpler implementation
* Fix active_at update code
* Fix sync test

* update Flask-OAuthLib (getredash#3262)

* Fix invitation pending for existing users (getredash#3261)

* default `is_invitation_pending` to false and actively set it to true
when inviting users, so that existing users won't show "Invitation
Pending"

* fix tests that broke due to default is_invitation_pending value

* update Flask-OAuthLib

* [Data Sources] Implement Apache Drill (getredash#3188)

* Added support for Apache Drill datasource

* Improvements in `Drill` query runner and minor refactoring

1. Drill query runner now inherits from `BaseHTTPQueryRunner`, because they both have a lot of common code.
2. `BaseHTTPQueryRunner.get_response` method now accepts `http_method` argument (original implementation was only capable of sending `GET` HTTP requests).
3. Added `order` to `BaseHTTPRequestRunner` configuration schema to fix order of UI elements based on the schema.
4. Eliminated duplicate method `_guess_type` in `GoogleSpreadsheet`, `Results` and `Drill` query runners, moved `guess_type` to `redash.query_runner`.
5. Removed tests for `_guess_type` in `GoogleSpreadsheet`, `Results` and `Drill` query runners, merged them into single test case and moved to `tests.query_runner.test_utils`.
6. Various minor changes (code style, imports, etc).

* Fix: Refresh schedule interval count doesn't adhere to permission rules (getredash#3265)

* Fix: Refresh schedule interval count doesn't adhere to permission rules

* Fix “4.28 weeks” to “30 days”

* Merge interval type and count into one <Select>

* Fix: Refresh schedule durations not pluralized sufficiently (getredash#3268)

* Fix: Refresh schedule durations not pluralized sufficiently

* Allows omitting single value number in durationHumanize (getredash#3274)

* Verify admin email address (getredash#3267)

* add an  bit

* prompt on homepage when user's email hasn't been verified

* set e-mail as verified for new setups and invited users

* 👋 copy & paste invite links, it's time for verified e-mails!

* default `is_invitation_pending` to false and actively set it to true
when inviting users, so that existing users won't show "Invitation
Pending"

* fix tests that broke due to default is_invitation_pending value

* treat admin's e-mail address as verified

* add verification endpoint

* send verification e-mail

* Update client/app/components/empty-state/empty-state.html

Co-Authored-By: rauchy <[email protected]>

* Update redash/authentication/account.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/handlers/authentication.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/templates/emails/verify.html

Co-Authored-By: rauchy <[email protected]>

* Update redash/authentication/account.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/templates/verify.html

Co-Authored-By: rauchy <[email protected]>

* Update redash/templates/emails/verify.txt

Co-Authored-By: rauchy <[email protected]>

* add link in case redirects are disabled

* POSTing to /email_verification makes more sense than GETting /send_verification

* avoid sending invitations when no_invite is passed along

* Update client/app/pages/users/new.html

Co-Authored-By: rauchy <[email protected]>

* move e-mail verification prompt to home-page

* get rid of redundant $scope

* return JSON

* flip is_email_verified's default value so that existing users do not
show as not-verified

* e-mail verification propmt isn't dangerous, it just wants to warn you

* Scheduler tests (jest/enzyme) (getredash#3269)

* Setup enzyme and initial ScheduleDialog test

* Added tests for each schedule setting

* Added refreshOptions tests

* Added count out-of-range tests

* Added modal confirm/cancel tests

* Fixed tests failing due to server timezone difference

* Rebased to master

* Pleasant alert-warning colors (getredash#3276)

* Pleasant alert-warning colors

* Fix for json viewer primitive color

* handlers: Fix post users (getredash#3273)

* Update Antd to latest version + fix tests (getredash#3281)

* Pin version of pyparsing (getredash#3282)

* Separate Bootstrap/Ant styling (getredash#3279)

* Separate Ant less dependency tree

* Change order between variables and ant imports

* Remove inc/variables from ant.less

* Update input-height-base for antd

* Set same input-color for Ant and Bootstrap

* Dashboard Parameters (getredash#2756)

* getredash#2641 Step 1: split Add Widget/Add Textbox buttons

* Convert Add widget/textbox dialogs to React components

* getredash#2641 Step 2: Implement new dashboard parameters logic

* Resolve conflicts and fix build errors

* getredash#2641 Refactoring and improve code quality

* Add Edit parameter mappings dialog to the widget

* getredash#2641 Changes after code review

* Use Ant's Select component instead on <select> tags

* Fix Antd imports

* Fix Antd imports

* Fix Cannot read property 'getParametersDefs' of undefined

* Fix widgets static params bugs (don't show input, don't init from URL)

* Minor UI/UX fixes

* Migrate DynamicForm to React (getredash#3209)

* create DynamicForm React component

* Render fields based on target in DynamicForm

* Add missing title property to fields

* Fix style properties in DynamicForm

* Render File fields in DynamicForm

* Use React for middle component instead of Angular

* Functional save button

* Update label style

* Render functional actions

* Handle file inputs

* Update render methods to fix code climate issues

* Fix ant input number showing duplicate arrows

* Update DynamicForm style to be vertical

* Separate imports from antd in DynamicForm

* Add Feedback Icons to DynamicForm

* Change Action props on DynamicForm
- use type and pullRight instead of class prop
- update data sources and destinations pages accordingly

* Remove setDefaults method from DynamicForm fields

* Update antd version

* Remove unnecessary class selectors

* Remove another unnecessary class selector

* Remove tree validations and introduce ParameterizedQuery (getredash#3230)

* Fix invitation pending for older invitations (getredash#3298)

* explicitly look for a False under details['is_invitation_pending'] and
not any falsey result, to avoid locking out invitations which were
created before the Pending Invitation feature was introduced. Solves getredash#3297

* test that old invites (that do not have any is_invitation_pending flag set in their details object) are still acceptable

* Multifilter's dropdown cropped when visualization container is too small

* Use None as "not scheduled" default value of a query (getredash#3277)

* Use null as the default scheduled value.

* Don't serialize None to json, so we can use SQL is not null predicate.

* Fix warning about unicode in tests

* Handling empty query.schedule in UI (getredash#3283)

* Add migration to convert empty schedules to null and drop the not null contraint.

* Update form text colors (getredash#3296)

* Create ant variables and update form colors

* Remove less extension from imports in ant.less

* Update font-weight for labels

* Add percy snapshot for create data source page

* Remove bold in labels only for checkboxes and radio buttons

* Allow execution of highlighted subquery (getredash#3288)

* allow execution of selected subquery
* fix query save while highlighted
* don't modify queryText and update UI when running selected
* code style and transition
* Fix query selection execution background color
* make naming consistent

* override default integer/float formatting with environment variables (getredash#3307)

* Add regenerate function of user's API key (getredash#3224)

* Add regenerate function of user's API Key

* Update client/app/pages/users/show.js

Co-Authored-By: kyoshidajp <[email protected]>

* Remove unused error message

* Refactoring: Inline temp

* Update client/app/pages/users/show.js

Co-Authored-By: kyoshidajp <[email protected]>

* Change action event of regenerate user API key

* add wait time before percy data source page snapshot (getredash#3320)

* Fix an error of exporting dict value as Excel (getredash#3323)

* support for fetching all JQL results by way of pagination (getredash#3304)

* Use Ant's Paginator component; migrate SortIcon to React (getredash#3317)

* Textless query result endpoint (getredash#3311)

* add an endpoint for running a query by its id and (optional) parameters
without having to provide the query text

* check for access to query before running it

* Add configuration for the Support probot. (getredash#3327)

* Remove link to roadmap (getredash#3329)

It's no longer maintained 😢

* Filtering out incompatible dashboard params (getredash#3330)

* Add: Uptycs query runner (getredash#3319)

* adding uptycs query_runner in redash

* as per comment from Arik comment fixed the code

* fixed function_name

* fixed some indentation issues

* fixed the indentation issue and taken out customer_id from secret

* fixed the dependency of urllib3

* fixed the indententaton issue

* remved the urllib3 from requirements

* fixed the indentation issues

* added the new square image for Uptycs. Removed unnecessary variable and made ssl as an option

* fixed indentation issue

* Renamed SSL to verify_ssl and also added verify_ssl validate in verify in missing places

* Migrate PageHeader component to React (getredash#3324)

* Migrate PageHeader component to React

* CR1

* Convert Angular services to CommonJS-style and use them in React components instead of injecting (getredash#3331)

* Refine Auth service: remove dead code and fix race condition
* Export services in CommonJS style
* Refine Users, Events and OfflineListener services
* Refactor Notifications service - rewrite to CommonJS
* Replace Angular service injection with imports in React components
* Fix Footer tests
* Events service -> recordEvent function
* CR1

* Allow query owners to hard-overwrite query content in case of overlap with other user (getredash#2370)

* Hard overwrite on conflict for query owners (re getredash#283)

* Use AlertDialog instead of custom global function.

* Refine SettingsMenu service and <settings-screen> component (getredash#3339)

* Refine SettingsMenu service and <settings-screen> component

* Rename services/settingsMenu file to match default export name

* CR1

* Move BigQueryGCE to its own file (getredash#3356)

* Move BigQueryGCE to its own file

* Add missing import

* Add Percy Page Screenshots (getredash#3338)

* Add Percy Page Screenshots

* Add missing space

* WIP: Add dashboard details section for dashboard owner and more (getredash#2934)

Show dashboard creator on dashboard page

* getredash#3355 Widget params: Date/Date range value empty in static param input (getredash#3357)

* Refactor Policy and OrganizationStatus services (getredash#3345)

* Refactor Policy and OrganizationStatus services

* Cypress tests: preset the admin API key to a static value (getredash#3358)

* Server-side parameter validation (getredash#3315)

* stop testing `collect_query_parameters`, it's an implementation detail

* add tests for `missing_query_params`

* rename SQLQuery -> ParameterizedSqlQuery

* rename sql_query.py to parameterized_query.py

* split to parameterized queries and parameterized SQL queries, where
parameterized queries only do templating and parameterized SQL queries
add tree validation on top of it

* move missing parameter detection to ParameterizedQuery

* get rid of some old code

* fix tests

* set syntax to `custom`

* revert the max-age-related refactoring

* 👋 tree validations 😢

* BaseQueryRunner is no longer a factory for ParameterizedQuery, for now

* add an endpoint for running a query by its id and (optional) parameters
without having to provide the query text

* adds parameter schema to ParameterizedQuery

* adds parameter schema validation (currently for strings)

* validate number parameters

* validate date parameters

* validate parameters on POST /api/queries/<id>/results

* validate enum parameters

* validate date range parameters

* validate query-based dropdowns by preprocessing them at the handler
level and converting them to a populated enum

* change _is_date_range to be a tad more succinct

* a single assignment with a `map` is sufficiently explanatory

* Update redash/utils/parameterized_query.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/utils/parameterized_query.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/utils/parameterized_query.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/utils/parameterized_query.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/handlers/query_results.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/utils/parameterized_query.py

Co-Authored-By: rauchy <[email protected]>

* build error message inside the error

* support all types of numbers as number parameters

* check for permissions when populating query-based dropdowns

* check for access to query before running it

* check for empty rows when populating query-based enums

* don't bother loading query results if user doesn't have access

* 💥 on unexpected parameter types

* parameter schema default is a list, not a dictionary

* remove redundant null guards

* Frontend lint update (getredash#3253)

* client: Add lint command

Signed-off-by: koooge <[email protected]>

* client: Override eslint rule object-curly-newline to keep current style

Signed-off-by: koooge <[email protected]>

* client: Override eslint rule no-else-return to keep current style

Signed-off-by: koooge <[email protected]>

* client: Fix eslint import/named

Signed-off-by: koooge <[email protected]>

* client: eslint-5

Signed-off-by: koooge <[email protected]>

* codeclimate: Delete the old setting

Signed-off-by: koooge <[email protected]>

* client: Downgrade eslint 5 to 4 in codeclimate

Signed-off-by: koooge <[email protected]>

* client: npx install-peerdeps --dev eslint-config-airbnb

Signed-off-by: koooge <[email protected]>

* client: Enbale .jsx lint

Signed-off-by: koooge <[email protected]>

* client: Set warn

Signed-off-by: koooge <[email protected]>

* client: Fix lint indent, implicit-arrow-linebreak, lines-between-class-members

Signed-off-by: koooge <[email protected]>

* client: Disable eslint operator-linebreak

Signed-off-by: koooge <[email protected]>

* Revert "client: Downgrade eslint 5 to 4 in codeclimate"

This reverts commit f0fb0f0.

* client: Fix react/button-has-type

Signed-off-by: koooge <[email protected]>

* client: Disable an eslint rule react/jsx-one-expression-per-line

Signed-off-by: koooge <[email protected]>

* codeclimate: Disable no-multiple-empty-lines

Signed-off-by: koooge <[email protected]>

* client: Disable eslint react/destructuring-assignment

Signed-off-by: koooge <[email protected]>

* yandex_metrica: changed auth from params to headers (getredash#3360)

* Filename set when /results called directly (getredash#3359)

* filename set when /results called directly

* /results filename changed from query name to id

* Long line shortened

* Fix: Escape button in tag edit modal (getredash#3363)

* Update CodeClimate configuration format to Version 2 (getredash#3286)

* codeclimate: Update format v2
* codeclimate: Ignore generated files

* Fix: make ClickHouse password and username truly optional (getredash#3362)

* clickhouse optional password

* clickhouse URL and user made optional

* Migrate FavoritesControl component to React

* Migrate TagsList component to React

* CR1

* CR2

* Fix: Static param value not editable for Text/Number (getredash#3369)

* CR3

* Fix: static param text value is `[object Object]` (getredash#3371)

* Tune CodeClimate's config to make it less annoying (getredash#3370)

* Fix some incompatible dependencies (getredash#3348)

* Pin requests-oauthlib to work around incompatible deptree.

* Update boto3/botocore to fix incompatible deptree.

* Fix eslint errors

* CR1

* Migrate EmptyState component to React (getredash#3373)

* Migrate EmptyState component to React

* CR1

* CR2

* Widget param url prefix p to p_w (getredash#3380)

* Show disabled unpublished queries for alert and dashboard modals. (getredash#3347)

* BigQuery should correctly handle tmp tables that do not have a schema field. (getredash#3382)

* Alternative implementation: Step component

* Bring back data sources step for non admins

* No need to export Step

* Refine implementation, fix 'shouldShow' condition, fix eslint warnings

* Last refinements:

* Update Step implementation to be easier to read.
* Set some props to required to remove default value.

* Fix Cypress E2E failing in CI

* Fix Add datasource step; EmptyState.icon is optional

* Migrate "time ago" components to React (getredash#3385)

* Replace <am-time-ago> (angular-moment) and <rd-timer> with React component

* PropTypes: Moment validation

* Increase polling interval

* Refine component implementation

* Add tooltip with formatted date/time

* Refine component implementation

* fix lint error - getDerivedStateFromProps should be placed after state (getredash#3391)

* Add archived queries section to queries list. (getredash#2888)

* Add archived queries section to queries list.

* Refactor route building for list based controllers.

This also fixes the dashboard empty state page.

* Ignore to copy some files onto docker container (getredash#3388)

* Ignore to copy some files onto docker container

Signed-off-by: koooge <[email protected]>

* Dockerignore venv/

Signed-off-by: koooge <[email protected]>

* Make the logic around schedule['until'] easier to read (getredash#3376)

*  [Widget Params] Migrated edit params + new widget dialog to Ant Modal (getredash#3387)

* Use textless endpoint for pristine queries (getredash#3367)

* use the textless endpoint (/api/queries/:id/results) for pristine
queriest

* Revert "use the textless endpoint (/api/queries/:id/results) for pristine"

This reverts commit cd2cee7.

* move execution preparation to a different function, which will be soon
reused

* go to textless /api/queries/:id/results by default

* let the query view decide if text or textless endpoint is needed

* lint

* Fix: Selected item in dropdown unreadable (getredash#3398)

* Fix: only login user when it's the current user. (getredash#3396)

Otherwise it would login the admin as the user...

* Added pre-push hook (getredash#3390)

* [Widget Params] Switched parameter list to table style (all parts) (getredash#3332)

* [Widget Params] Split title and mapping editing

* [Widget Params] Restyled source editing

* [Widget Params] Switched parameter list to table style

* Displaying different labels and help phrases when changing type
Added link to knowledge base
Fixed issue with existing param default select value

* Add YAML support in QueryEditor (getredash#3395)

* Migrate Dashboards/Queries/Users list pages to React (getredash#3381)

* Refine existing implementation of dashboards/queries/users lists and a common base controller

* Migrate common list page controller to React and refactor it's logic

* Migrate Dashboard list page to React

* Migrate Queries list page to React

* Migrate Users list page to React

* Remove react-timeago dependency

* Use composition instead of inheritance

* Refine implementation

* Merge sidebar into single component

* Refine column definitions

* Use simple controller instead of React context

* Refine implementation

* Restore changes from getredash#2888

* Tweak Users list page

* Ability to render dynamically defined components

* Tweak users list page

* User list page for non-admins

* Fix: ItemsTable ignores isAvailable field

* Refine implementation

* Refine implementation

* Implement LiveItemsList as higher order component

* Some fixes

* Move some definitions to a better place

* Some fixes

* Refine components

* Refine UsersList page

* More comments for a god of comments

* Fix wrong tables size on smaller screens

* Tweak tables

* Fix: cohorts get stuck when passing strings instead of numbers. (getredash#3397)

* Fix: cohorts get stuck when passing strings instead of numbers.

Parse the value to get a number.

* Use parseInt for stage

* Remove redundant parseInt

* Refactor TagsControl; fix TagsEditorModal animation (getredash#3399)

* Refactor TagsControl; fix TagsEditorModal animation

* Update tooltip text

Co-Authored-By: kravets-levko <[email protected]>

* Update tooltip text

Co-Authored-By: kravets-levko <[email protected]>

* CR1

* [Bug fix] Few small bugs on Queries list page (getredash#3402)

* Link to query page
* Sidebar menu item title: `Archive` -> `Archived`
* Whitespaces in empty state block

* Coerce to moment when 'datetime' selected by user. (getredash#3150)

* Work around a resizing issue. (getredash#3412)

* Work around a resizing issue.

Fix getredash#3353.

* Add comment to remove this when we delete Angular.

Co-Authored-By: jezdez <[email protected]>

* Show active and pending users separately (for admins) (getredash#3400)

* Fix: “Add TextBox” dialog not opening (getredash#3414)

* [Widget Params] Title edit fixes (getredash#3413)

* [Codebase Improvement] Refine dialog wrapper and use it for all existing dialogs (getredash#3407)

* [UI/UX Improvement] Use Ant's Button component on users list page (getredash#3416)

* Unify query based dropdown population (getredash#3337)

* stop testing `collect_query_parameters`, it's an implementation detail

* add tests for `missing_query_params`

* rename SQLQuery -> ParameterizedSqlQuery

* rename sql_query.py to parameterized_query.py

* split to parameterized queries and parameterized SQL queries, where
parameterized queries only do templating and parameterized SQL queries
add tree validation on top of it

* move missing parameter detection to ParameterizedQuery

* get rid of some old code

* fix tests

* set syntax to `custom`

* revert the max-age-related refactoring

* 👋 tree validations 😢

* BaseQueryRunner is no longer a factory for ParameterizedQuery, for now

* add an endpoint for running a query by its id and (optional) parameters
without having to provide the query text

* adds parameter schema to ParameterizedQuery

* adds parameter schema validation (currently for strings)

* validate number parameters

* validate date parameters

* validate parameters on POST /api/queries/<id>/results

* validate enum parameters

* validate date range parameters

* validate query-based dropdowns by preprocessing them at the handler
level and converting them to a populated enum

* change _is_date_range to be a tad more succinct

* a single assignment with a `map` is sufficiently explanatory

* Update redash/utils/parameterized_query.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/utils/parameterized_query.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/utils/parameterized_query.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/utils/parameterized_query.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/handlers/query_results.py

Co-Authored-By: rauchy <[email protected]>

* Update redash/utils/parameterized_query.py

Co-Authored-By: rauchy <[email protected]>

* build error message inside the error

* support all types of numbers as number parameters

* check for permissions when populating query-based dropdowns

* check for access to query before running it

* check for empty rows when populating query-based enums

* don't bother loading query results if user doesn't have access

* 💥 on unexpected parameter types

* parameter schema default is a list, not a dictionary

* fix a totally unrelated typo

* remove redundant null guards

* introduce /dropdown.json endpoint with dummy data

* wire frontend to /dropdown.json

* always return name/value combos from /dropdown.json

* load actual data into /dropdown.json

* pluck correct values for `name` and `value`

* reuse dropdwon plucking logic in QueryResultResource

* simplify _get_dropdown_values

* when doing parameter validation, we only care about the value and not
the display name

* rename dropdown to dropdownOptions

* move dropdown_values to utils/parameterized_query.py

* stop converting queries to enums and encapsulate the work inside
ParameterizedQuery (almost - /dropdown.json would still access the
dropdown_values method)

* re-order arguments by importance

* test query parameter validation

* tests for dropdown_values logic

* remove `.json` suffix to the dropdown endpoint

* allow `BaseResource` to handle JSON stuff

* move _pluck_name_and_value outside its containing method

* case-insensitive lookup when plucking name and value

* separate concerns and simplify test isolation for `dropdown_values`

* pick the default column according to the order specified in the query
result columns attribute

* use `current_org` instead of passing `org`

* test that user has access to the query when calling the /dropdown
endpoint

* Added short modal specific styling (getredash#3366)

* Handle InterruptException in Athena query runnner like in the Presto query runner. (getredash#3403)

* Upgrade Sentry SDK (getredash#3418)

* replace raven with sentry-sdk

* use sentry-sdk in celery

* use sentry-sdk with flask

* unify Flask and Celery initializations for Sentry

* extract sentry stuff to own module

* it's time for Sentry 0.7.2

* [Bug fix] Show query result footer only when there is a query result. (getredash#3422)

* Bug fix] Saving a new query removes reference to last query result (getredash#3421)

* Correctly test if the current query result is for the current query.
* Serialize a new query with its visualizations.

* [Feature] Alternative implementation of dashboard param title editing (getredash#3417)

* Enable remote debugging with ptvsd (getredash#3419)

* open port 3000 for remote debugging

* add ptvsd

* use port 5678 to avoid changes in VSCode's default config

* attach to ptvsd

* no need to wait for attach

* actually, --debugger seems to be working

* create a new docker entry point for remote debugging

* alternative method to switch to debugging

* Converted Share modal to Ant (getredash#3424)

* [Bug fix] Notifications randomly shown with visible page or not shown with inactive page (getredash#3426)

* [Bug fix] Query Parameters: don't save urlPrefix (getredash#3427)

* Pre-commit hook to run on  modified files only (getredash#3410)

* Pre-commit hook to run on  modified files only

* Removed git add, fixed script dup

* Removed pre-push, testing related files only in pre-commit

* [Widget Params] Updated help url and tooltip (getredash#3428)

* send ip and user id to sentry (getredash#3430)

* Version update time ⏰ (getredash#3429)

* Version update time ⏰

* Need more ☕️

* HelpTrigger (getredash#3431)

* Moved to HelpTrigger

* Moved share dialog “Learn more” to HelpTrigger

* [Feature] Table visualization: Raise the upper limit of MAX_JSON_SIZE (getredash#3310)

* move constant value to clientConfig
* change name maxJsonSize to tableCellMaxJSONSize
* value from environment. default is 50000

* React version of UserEdit (getredash#3354)

* Update DynamicForm export

* Move UserShow to users folder

* Migrate User profile header and create DynamicForm for basic data

* Update UserShow to use UserProfile prop

* Add API Key input

* Add handler to regenerate API Key button

* Handle user profile save

* Add readOnly prop to DynamicForm and begin disabled user behavior

* Add Change Password Modal

* Remove action buttons for disabled users

* Add send password reset behavior

* Add minLength and password comparison to Password Modal

* Resend Invitation button

* Add Convert User Info

* Fix UserShow test

* Some code updates

* Add enable/disable user button

* Add UserPolicy as an idea

* Remove UserPolicy

* Create Edit Profile spec

* Move User profile screenshot to Edit Profile Spec

* Add tests for saving user and changing password errors

* CC is back :) - Fix trailing spaces

* Add test for succesful password update

* A few improvements from code review

* Remove Toggle User button when seeing your own profile

* Create InputWithCopy

* Fix possible errors when network is off and improve Email not sent alert

* Add default response object for $http possible errors

* Changes in UserEdit
- removed onClick from methods name
- regenerate API Key now uses InputWithCopy
- Password title added

* Update UserEdit render behavior and styling
- Password title changed to h5
- change rendering rules for actions
- Password modal is now closed when password is changed
- change DynamicForm readOnly to the fields and add hideSubmitButton

* Create ChangePasswordDialog and update UserEdit

* Fix possible console error

* Remove password match assertion from spec

* Fix typo

* [Feature] Sharing disabled if dashboard has query params (getredash#3439)

* Fix: remove widgets when deleting a visualization. (getredash#3423)

Closes getredash#3257.

* remove the word "type" from error message, as enum out-of-range errors (getredash#3449)

have nothing to do with types.

* Change: encrypt data source options. 🔓 (getredash#2970)

* Change: encrypt data source options
* Implement migration

* HelpTrigger to open in drawer (getredash#3436)

* HelpTrigger to open in drawer

* Fixed “typo”

* Simplified version - removed postMessage

* Changed some wording

* Add support for Amazon ES service with IAM authentication (getredash#3446)

* Add support for Amazon ES service with IAM authentication

* Add required dependency.

* Fix: ScheduleDialog won't render for "30 days" interval with no time value (getredash#3447)

* HelpTrigger in header (getredash#3457)

* Moved component from services->components

* Added help trigger to header

* Reverted tooltip-anchor swap

* Moved trigger location in html (to mirror saas)

* Removed white space

* Changed tooltip text to “Help”

* [Codebase improvement] Refine ItemsList base component (previously LiveItemsList) (getredash#3415)

* Fixes to Percy (getredash#3440)

* Add check for repository url

* Use CIRCLE_REPOSITORY_URL directly

* Change percy waiting to be with resources instead of time

* Add data sources types resource to Edit Data Source + eslint fixes

* Separate Page Screenshots in different spec files

* Version data - footer -> header menu (getredash#3458)

* [Bug fix] Widget oblivious to updated parameter values (getredash#3445)

* Fix: timedelta values were not JSON serialized properly (getredash#3463)

.

* Remove options NullPool does not support (getredash#3460)

* when working with a schema, fail in the case that there are parameters (getredash#3452)

which are not part of the schema

* Fix: when max_age is None the handler fails (getredash#3462)

* Fix: JS Map needs a set call rather than assignment (getredash#3464)

* Fix: ParameterizedQuery: support for upper cases column names. (getredash#3461)

* Fix: ParameterizedQuery: support for upper cases column names.

* Fix test name

* avoid Flask debug error message about strict slashes (getredash#3469)

* support e-mail verification for multi org setups (getredash#3468)

* Help trigger dynamic component (getredash#3472)

* Provide default value for .pop to avoid KeyError exception (getredash#3474)

* monitor "schemas" queue to run refresh_schema (getredash#3459)

* monitor "schemas" queue to run refresh_schema

`refresh_schema` tasks won't run because "schemas" queue isn't consumed
with default settings.
and it cause leaking redis storage, a "schemas" list is growing with time.

this PR fix it, adds "schemas" queue to monitor by celery.

* use scheduled_worker for "schemas" queue

instead of "adhoc_worker"

* Fix some flex layout issue (getredash#3476)

* Fix max-age issues on textless endpoint (getredash#3477)

* max_age should default to -1

* pass maxAge along to `execute`

* Cleaner approach for _is_collection_a_view (getredash#3113)

* Fix collection fields retreival bug when Views are present in MongoDB

* fixing _is_collection_a_view function

* Update redash/query_runner/mongodb.py

Co-Authored-By: jodevsa <[email protected]>

* using options() instead of try/except on collstats  to detect if a collection  is a view

* [Feature] Migrate Group List and Details pages to React (getredash#3411)

* [Feature, Tech debt] Improve list pages layout (getredash#3482)

* fix broken link in CONTRIBUTING.md (getredash#3483)

* Use series name as pie chart label (getredash#3484)

It was unconditionally using the column name; this uses the series name instead
if specified in the chart editor.

* Create PULL_REQUEST_TEMPLATE.md (getredash#3485)

* Fix update logo (getredash#3489)

* Fix prometheus query runner: get_schema and query range (getredash#3471)

* Pin SQLAlchemy-Utils version (getredash#3490)

Pin the version of SQLAlchemy-Utils following the discussion in getredash#2970.

* Add custom JSON encoder for PostgreSQL (getredash#3442)

To handle columns with [range types][1] and display them as a
string custom JSON encoder for PostgreSQL was added.

Merging this PR will fix issue getredash#1764

[1]:https://www.postgresql.org/docs/9.3/rangetypes.html

* Make sure Flask app created in Celery's worker process (getredash#3465)

* Make sure Flask app created in worker process

* Add reference to GitHub issue

* Update Percy token (getredash#3492)

* Fix DynamicForm ignoring default value for checkboxes (getredash#3487)

* Be more permissive when parameters are safe (getredash#3383)

* use the textless endpoint (/api/queries/:id/results) for pristine
queriest

* reverse conditional. not not is making me the headaches.

* add ParameterizedQuery#is_safe with an inital naive implementation which
treats any query with a text parameter as not safe. This will be
remedied later when DB drivers will handle these parameters.

* allow getting new query results even if user has only view permissions
to the data source (given that the query is safe)

* fix lint error - getDerivedStateFromProps should be placed after state

* Revert "use the textless endpoint (/api/queries/:id/results) for pristine"

This reverts commit cd2cee7.

* move execution preparation to a different function, which will be soon
reused

* go to textless /api/queries/:id/results by default

* let the query view decide if text or textless endpoint is needed

* allow safe queries to be executed in the UI even if the user has no
permission to execute and create new query results

* change `run_query`'s signature to accept a ParameterizedQuery instead of
constructing it inside

* use dict#get instead of a None guard

* use ParameterizedQuery in queries handler as well

* test that /queries/:id/results allows execution of safe queries even if
user has view_only permissions

* lint

* raise HTTP 400 when receiving invalid parameter values. Fixes getredash#3394

* remove unused methods

* avoid cyclic imports by importing only when needed

* verify that a ParameterizedQuery without any parameters is considered
safe

* introduce query.parameter_schema

* encapsulate ParameterizedQuery creation inside Query

* set invitation as not-pending in render_token_login_page only when (getredash#3500)

handling invites (as opposed to password reset links)

* adding gevent worker in requirements.txt, adding some gunicorn config… (getredash#3333)

* adding gevent worker in requirements.txt, adding some gunicorn configurable parameters with defaults

* reverting the change as it's going to be set via env variable(s)

* Verify address when users change their e-mail (getredash#3504)

* re-verify e-mail address on change

* send verification e-mail to the new address

* Support AWS IAM profile for Amazon Elasticsearch (getredash#3005)

* LDAP Authentication. Create two envars REDASH_LDAP_USE_SSL and REDASH_LDAP_AUTH_BIND (getredash#2776)

* Add two new envars. REDASH_LDAP_USE_SSL which determines if the connection will use ssl and LDAP_AUTH_BIND which determines if the binding is SIMPLE or ANONYMOUS

* Add use_ssl paremeter

* Rename LDAP_AUTH_BIND to LDAP_AUTH_METHOD and modify LDAP_SSL using parse_boolean

* Fix typo

* import ANONYMOUS constant from ldap3

* Add NTLM authentication

* Add comment to authentication method envar

* [Feature] Migrate Alerts List Page to React (getredash#3505)

*  Added <QuerySelector /> component (getredash#3494)

* Updated npm to support react hooks

* Added <QuerySelector />

* Changed selectQuery to also clear, completed 2->3 dots in msg, avoiding setSearching on stale rejection.

* Removed unused highlight lib

* CircleCI build improvements (getredash#3511)

* Make sure master builds tarball/docker image only when backend and frontend tests pass.

* Build a redash/preview image alongside redash/redash image.

* Fix version variable

* QuerySelector in Alert page (getredash#3501)

* Migrated query edit/add param dialog to React/AntD/Hooks (getredash#3488)

* Fixed navbar responsiveness (getredash#3510)

* Fixed navbar responsiveness

* Adjustments so that logo should never hide

* Fix verification_email endpoint when in MULTI_ORG mode (getredash#3502)

* append slug to /verification_email endpoint when in MULTI_ORG mode

* Revert "append slug to /verification_email endpoint when in MULTI_ORG mode"

This reverts commit 817fb03.

* fix for /email_verification in MULTI_ORG setups

* Fix eslint error on AlertsList (getredash#3518)

* Moved widget and dashboard save logic out of dialog (getredash#3522)

* Migrated AddTextboxDialog to AntD (getredash#3524)

* Migrate User Pages to React (getredash#3506)

* Create React version for the EmailSettingsWarning

* Migrate the Create User Page

* Migrate UserProfile to React

* Add /users/me to the routes (Percy ftw)

* Fix UserShow test spec

* Remove Error Messages component

* Show invitation link if email server not setup (getredash#3519)

* return invite link to client if e-mail server is not set up

* add a couple of tests to make sure invite links are only returned when neccessary

* show invite link when e-mail is not configured

* remove "an e-mail has been sent" when there's no e-mail configured

* return invite_url in re-invites as well. Also refactor to reuse the code.

* Use CreateUserDialog instead of Page

* Render invite link on Resend Invitation click

* Add email validation to DynamicForm

* Fix EmailWarning position + update user list with user creation success

* Fix console error on UserProfile

* Redirect from /users/new  + rename createUser -> showCreateUserDialog

* Use alert instead of toastr for user creation errors

* Remove logic from CreateUserDialog

* CR

* Use Promise.reject instead of throw to avoid console error

* Added UTC display to scheduler dialog (getredash#3517)

* [Refactor] Refine New user modal (getredash#3529)

* Add Hangouts Chat as alert destination (getredash#3525)

* Add support for Google Hangouts Chat as alert destination

* Remove redundant imports

* Remove code used for debugging

* Fix pep8 warnings

* Update redash/destinations/hangoutschat.py

Add friendly name by separating type and description

Co-Authored-By: pieter-venter <[email protected]>

* Fix pep8 warnings. Rename image to match desitnation type.

* Show message for unknown alert state in default color

* Remove Flask-Admin. (getredash#3532)

* Make the "celery" queue the default instead of "schema" to stay backward-compatible. (getredash#3534)

Fix getredash#3325.

* Remove duplicate column information for late-binding views (getredash#3537)

Since the svv_columns system view supports them now https://docs.aws.amazon.com/redshift/latest/dg/r_SVV_COLUMNS.html

* Remove docker-compose.production.yml in favor of setup/docker-compose.yml. (getredash#3533)

Fix getredash#3251.

* Param fix (getredash#3528)

* Name help text for date range only

* Autofocus on name input

* Form acts on enter key

* Fixed range check

* Fixed startsWith

* Pin pymapd version to 0.7.1 (getredash#3543)

Newer versions dropped support for Python 2. Closes getredash#3542.

* Fix long tag labels breaking table layout (getredash#3545)

* [Bug fix] Wrong behavior when clicking table rows on list pages (getredash#3540)

* Update PULL_REQUEST_TEMPLATE.md (getredash#3549)

* Fix: order dashboard favorites (getredash#3552)

## What type of PR is this? (check all applicable)

- [x] Refactor
- [x] Bug Fix

## Description

Move favorites list handlers to their relevant modules (`redash.handlers.queries` and `redash.handlers.dashboards`) and applied `order_results` to dashboards.

* Add: Docker entrypoint to do Celery healthchecks. (getredash#3548)

* Snowflake: add support for regions and enable by default (getredash#3550)

* Bring back Snowflake from its exile.

* Snowflake: add support for regions.

* Upgrade jest & babel (getredash#3405)

* Download Query Result links: use query name for downloaded filename (getredash#3559)

* getredash#3554 Download Query Result links: use query name for downloaded filename

* CR1

* New Celery/Queries Execution Status API (getredash#3057)

* Remove QueryTaskTracker

* Remove scheudling of cleanup_tasks

* Add Celery introspection tools

* First iteration of updating the admin API.

* Show more details

* Add option to skip building npm in Dockerfile

* Show started_at

* update the refresh schedule, as it's too fast

* Update Celery monitor to report on all active tasks.

* Update task parsing for new format

* WIP: improved celery status screen

* Fix property name.

* Update counters

* Update tab name

* Update counters names

* Move component to its own file and fix lint issues

* Add migratin to remove Redis keys

* Improve columns layout

* Remove skip_npm_build arg as it's not used anymore.

* Convert query from SQL to Python

* Simplify column definition.

* Show alert on error.

* Create weekly-digest.yml

* npm audit fixes (getredash#3561)

* [Bug fix] Handle errors on Group members, Group datasources and User profile pages (getredash#3564)

* Update Amazon Elasticsearch Service image (getredash#3567)

* Convert all dropdown values to strings to support parameter lookup (getredash#3563)

* convert all dropdown values to strings to support parameter lookup.
solves getredash#3562

* unicode all the way down

* show correct default values in QueryBasedParameterInput by converting
them to strings

* Prevent blank edit-in-place value (getredash#3557)

* change the order of configuration of the Elasticsearch data source to (getredash#3571)

make sense

* Fix webpack config to work with symlinks (getredash#3573)

* Append "UTC" to timestamp on embeds (in print view) (getredash#3574)

To communicate what timezone the timestamp is.

* Fork query does not fork tables but instead adds default table (getredash#3580)

* getredash#3572 Fork query does not fork tables but instead adds default table

* Fix code style

* CR1

* Add SAML scheme override env var (getredash#2947)

* Add SAML scheme override env var

* Make it pretty, please the linter

* 👋 goodbye, similar-code false positives. (getredash#3578)

* Fix for parameter mapping bug getredash#3581 (getredash#3582)

* Fix for parameter mapping bug getredash#3581

* Must run original snapshot with original dashboard params

* Schema Viewer Drawer (getredash#3291)

* Process extra column metadata for a few sql-based data sources.

* Add Table and Column metadata tables.

* Periodically update table and column schema tables in a celery task.

* Fetching schema returns data from table and column metadata tables.

* Add tests for backend changes.

* Front-end shows extra table metadata and uses new schema response.

* Delete datasource schema data when deleting a data source.

* Process and store data source schema when a data source is first created or after a migration.

* Tables should have a unique name per datasource.

* Addressing review comments.

* Update migration file for mixins.

* Appease PEP8

* Upgrade migration file for rebase.

* Cascade delete.

* Adding org_id

* Remove redundant column and table prefixes.

* Non-existing tables and columns should be filtered out on the server side not client side.

* Fetching table samples should be optional and should happen in a separate task per table.

* Allow users to force a schema refresh.

* Use updated_at to help prune old schema metadata periodically.

* Using settings.SCHEMAS_REFRESH_QUEUE

* Added alt+enter key binding (getredash#3479)

* Cypress test - dashboard create/archive (getredash#3565)

* Revert "Schema Viewer Drawer (getredash#3291)" (getredash#3585)

This reverts commit cb4d81d.

* Widget title link not updated when parameter value changes (getredash#3586)

* Revert "Add SAML scheme override env var (getredash#2947)" (getredash#3587)

This reverts commit 4768fd0.

* update to latest stable version (getredash#3588)

* [Codebase improvement] Reuse handlers base require_fields (getredash#3577)

* [Bug fix] Update user list when an user is created (getredash#3594)

* Fix: accept integer values in dropdowns. (getredash#3596)

* Textbox testing - add, remove, edit (getredash#3589)

* Update v7 CHANGELOG and version (getredash#3595)

* Fix: triggers not created for queries.search_vector (getredash#3634)

* Prepared for deployment to Aptible
* added processes to run in a Procfile
* exposed port 5000 in Dockerfile

* Fix: CircleCI release branch regex

* Do not attempt to create dashboard.tags

The `dashboards.tags` column is added manually to get the 969126bd800f
migration to work. That in turn breaks the "inline_tags" migration, this
commit fixes that.

* Add ja-redash-specific documentation

* Fix doc.md indentation

* Correct the upgrade instructions

Also, it turns out that you don't need to manually trigger `npm run
build` - for some reason that is done automatically.

* Update visualisations' colour palette

- the default base colours use seaborn's default palette
  (https://seaborn.pydata.org/tutorial/color_palettes.html)
- the extra colours were selected from the xkcd color survey
  (https://xkcd.com/color/rgb/)

* Attempt to mitigate ImportError bytes_type

* Fix some rebase issues
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants