This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or [setup this action to publish automatically](https://github.com/changesets/action#with-publishing). If you're not ready to do a release yet, that's fine, whenever you add more changesets to v2, this PR will be updated.
# Releases
## @hyperdx/common-utils@0.1.0
### Minor Changes
- 497fba8: Added support for querying gauge metric table with default detection for OTEL collector schema.
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or [setup this action to publish automatically](https://github.com/changesets/action#with-publishing). If you're not ready to do a release yet, that's fine, whenever you add more changesets to v2, this PR will be updated.
# Releases
## @hyperdx/common-utils@0.0.14
### Patch Changes
- 621bd55: feat: add session source and SourceKind enum
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to v2, this PR will be updated.
# Releases
## @hyperdx/common-utils@0.0.13
### Patch Changes
- b79433e: refactor: Extract alert configuration schema into AlertBaseSchema
When parsing a date with inferred parts, this commit changes the parser to assume that the intended date was in the past. This impacts individual date fields and date range fields.
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to v2, this PR will be updated.
# Releases
## @hyperdx/common-utils@0.0.12
### Patch Changes
- 418c293: feat: extract AlertChannelType to its own schema
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to v2, this PR will be updated.
# Releases
## @hyperdx/common-utils@0.0.11
### Patch Changes
- a483780: style: move types from renderChartConfig + add exceptions types
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to v2, this PR will be updated.
# Releases
## @hyperdx/common-utils@0.0.10
### Patch Changes
- fc4548f: feat: add alert schema + types
Co-authored-by: Warren <5959690+wrn14897@users.noreply.github.com>
This PR includes changes:
1. Rename `type` field to `thresholdType` (enum 'above' or 'below')
2. Introduce alert source enum ('saved_search' or 'tile')
3. Rename `dashboardId` field to `dashboard`
4. Deprecate unused `cron` field
5. Deprecate external alert translation layers
6. Deprecate `appType` flag
7. Copied over 'common' pkgs from app dir (mostly clickhouse query helpers + types) -> will become a sharable pkg between app and api
Disabling ASO had some issues with app navigation clashing with query parameter updates from all our nuqs usage. Switching to `next-runtime-env` and also changing the preset environment variables to `NEXT_PUBLIC_HDX_LOCAL_DEFAULT_CONNECTIONS` and `NEXT_PUBLIC_HDX_LOCAL_DEFAULT_SOURCES`, which is required for the package, but also makes it nice and clear that these are going to be publicly exposed environment variables.
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.5 to 6.5.7.
<details>
<summary>Commits</summary>
<ul>
<li><a href="3e46a48fdd"><code>3e46a48</code></a> 6.5.7</li>
<li><a href="accb61e9c1"><code>accb61e</code></a> lib: DER signature decoding correction</li>
<li><a href="03e06e135c"><code>03e06e1</code></a> 6.5.6</li>
<li><a href="7ac5360118"><code>7ac5360</code></a> Merge commit from fork</li>
<li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.7">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Bumps [webpack](https://github.com/webpack/webpack) from 5.91.0 to 5.94.0.
e notes</summary>
<p><em>Sourced from <a href="https://github.com/webpack/webpack/releases">webpack's releases</a>.</em></p>
<blockquote>
<h2>v5.94.0</h2>
<h2>Bug Fixes</h2>
<ul>
<li>Added runtime condition for harmony reexport checked</li>
<li>Handle properly <code>data</code>/<code>http</code>/<code>https</code> protocols in source maps</li>
<li>Make <code>bigint</code> optimistic when browserslist not found</li>
<li>Move <code>@types/eslint-scope</code> to dev deps</li>
<li>Related in asset stats is now always an array when no related found</li>
<li>Handle ASI for export declarations</li>
<li>Mangle destruction incorrect with export named default properly</li>
<li>Fixed unexpected asi generation with sequence expression</li>
<li>Fixed a lot of types</li>
</ul>
<h2>New Features</h2>
<ul>
<li>Added new external type "module-import"</li>
<li>Support <code>webpackIgnore</code> for <code>new URL()</code> construction</li>
<li>[CSS] <code>@import</code> pathinfo support</li>
</ul>
<h2>Security</h2>
<ul>
<li>Fixed DOM clobbering in auto public path</li>
</ul>
<h2>v5.93.0</h2>
<h2>Bug Fixes</h2>
<ul>
<li>Generate correct relative path to runtime chunks</li>
<li>Makes <code>DefinePlugin</code> quieter under default log level</li>
<li>Fixed mangle destructuring default in namespace import</li>
<li>Fixed consumption of eager shared modules for module federation</li>
<li>Strip slash for pretty regexp</li>
<li>Calculate correct contenthash for CSS generator options</li>
</ul>
<h2>New Features</h2>
<ul>
<li>Added the <code>binary</code> generator option for asset modules to explicitly keep source maps produced by loaders</li>
<li>Added the <code>modern-module</code> library value for tree shakable output</li>
<li>Added the <code>overrideStrict</code> option to override strict or non-strict mode for javascript modules</li>
</ul>
<h2>v5.92.1</h2>
<h2>Bug Fixes</h2>
<ul>
<li>Doesn't crash with an error when the css experiment is enabled and contenthash is used</li>
</ul>
<h2>v5.92.0</h2>
<h2>Bug Fixes</h2>
<ul>
<li>Correct tidle range's comutation for module federation</li>
<li>Consider runtime for pure expression dependency update hash</li>
<li>Return value in the <code>subtractRuntime</code> function for runtime logic</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="eabf85d858"><code>eabf85d</code></a> chore(release): 5.94.0</li>
<li><a href="955e057abc"><code>955e057</code></a> security: fix DOM clobbering in auto public path</li>
<li><a href="9822387362"><code>9822387</code></a> test: fix</li>
<li><a href="cbb86ede32"><code>cbb86ed</code></a> test: fix</li>
<li><a href="5ac3d7f2cd"><code>5ac3d7f</code></a> fix: unexpected asi generation with sequence expression</li>
<li><a href="2411661bd1"><code>2411661</code></a> security: fix DOM clobbering in auto public path</li>
<li><a href="b8c03d4772"><code>b8c03d4</code></a> fix: unexpected asi generation with sequence expression</li>
<li><a href="f46a03ccbc"><code>f46a03c</code></a> revert: do not use heuristic fallback for "module-import"</li>
<li><a href="60f189871a"><code>60f1898</code></a> fix: do not use heuristic fallback for "module-import"</li>
<li><a href="66306aa456"><code>66306aa</code></a> Revert "fix: module-import get fallback from externalsPresets"</li>
<li>Additional commits viewable in <a href="https://github.com/webpack/webpack/compare/v5.91.0...v5.94.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.5 to 4.0.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/micromatch/micromatch/releases">micromatch's releases</a>.</em></p>
<blockquote>
<h2>4.0.8</h2>
<p>Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md">micromatch's changelog</a>.</em></p>
<blockquote>
<h2>[4.0.8] - 2024-08-22</h2>
<ul>
<li>backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch</li>
</ul>
<h2>[4.0.7] - 2024-05-22</h2>
<ul>
<li>this is basically v4.0.5, with some README updates</li>
<li><strong>it is vulnerable to CVE-2024-4067</strong></li>
<li>Updated braces to v3.0.3 to avoid CVE-2024-4068</li>
<li>does NOT break API compatibility</li>
</ul>
<h2>[4.0.6] - 2024-05-21</h2>
<ul>
<li>Added <code>hasBraces</code> to check if a pattern contains braces.</li>
<li>Fixes CVE-2024-4067</li>
<li><strong>BREAKS API COMPATIBILITY</strong></li>
<li>Should be labeled as a major release, but it's not.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8bd704ec0d"><code>8bd704e</code></a> 4.0.8</li>
<li><a href="a0e68416a4"><code>a0e6841</code></a> run verb to generate README documentation</li>
<li><a href="4ec288484f"><code>4ec2884</code></a> Merge branch 'v4' into hauserkristof-feature/v4.0.8</li>
<li><a href="03aa805217"><code>03aa805</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/micromatch/issues/266">#266</a> from hauserkristof/feature/v4.0.8</li>
<li><a href="814f5f70ef"><code>814f5f7</code></a> lint</li>
<li><a href="67fcce6a10"><code>67fcce6</code></a> fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5</li>
<li><a href="113f2e3fa7"><code>113f2e3</code></a> fix: CVE numbers in CHANGELOG</li>
<li><a href="d9dbd9a266"><code>d9dbd9a</code></a> feat: updated CHANGELOG</li>
<li><a href="2ab13157f4"><code>2ab1315</code></a> fix: use actions/setup-node@v4</li>
<li><a href="1406ea38f3"><code>1406ea3</code></a> feat: rework test to work on macos with node 10,12 and 14</li>
<li>Additional commits viewable in <a href="https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Brand new date range picker with new features:
- More 1-click `Past N` options to choose from
- Ability to move the search time window 1h back and 1h forward with 1 click
- More robust start and end time inputs with natural language parsing
- `Around a time` option: allow set a time anchor with a +- 15m/1h/1d/etc windor
https://github.com/user-attachments/assets/1b01dea0-f150-44b6-9e4c-ea57d5ed6a63
Bumps [ws](https://github.com/websockets/ws) from 8.16.0 to 8.17.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>8.17.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a DoS vulnerability (<a href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>).</li>
</ul>
<p>A request with a number of headers exceeding the[<code>server.maxHeadersCount</code>][]
threshold could be used to crash a ws server.</p>
<pre lang="js"><code>const http = require('http');
const WebSocket = require('ws');
<p>const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;</p>
<p>for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;</p>
<pre><code>for (let j = 0; j &lt; chars.length; j++) {
const key = chars[i] + chars[j];
headers[key] = 'x';
if (++count === 2000) break;
}
</code></pre>
ction = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';</p>
<p>const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});</p>
<p>request.end();
});
</code></pre></p>
<p>The vulnerability was reported by <a href="https://github.com/rrlapointe">Ryan LaPointe</a> in <a href="https://redirect.github.com/websockets/ws/issues/2230">websockets/ws#2230</a>.</p>
<p>In vulnerable versions of ws, the issue can be mitigated in the following ways:</p>
<ol>
<li>Reduce the maximum allowed length of the request headers using the
[<code>--max-http-header-size=size</code>][] and/or the [<code>maxHeaderSize</code>][] options so
that no more headers than the <code>server.maxHeadersCount</code> limit can be sent.</li>
</ol>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="3c56601092"><code>3c56601</code></a> [dist] 8.17.1</li>
<li><a href="e55e5106f1"><code>e55e510</code></a> [security] Fix crash when the Upgrade header cannot be read (<a href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>)</li>
<li><a href="6a00029edd"><code>6a00029</code></a> [test] Increase code coverage</li>
<li><a href="ddfe4a804d"><code>ddfe4a8</code></a> [perf] Reduce the amount of <code>crypto.randomFillSync()</code> calls</li>
<li><a href="b73b11828d"><code>b73b118</code></a> [dist] 8.17.0</li>
<li><a href="29694a5905"><code>29694a5</code></a> [test] Use the <code>highWaterMark</code> variable</li>
<li><a href="934c9d6b93"><code>934c9d6</code></a> [ci] Test on node 22</li>
<li><a href="1817bac06e"><code>1817bac</code></a> [ci] Do not test on node 21</li>
<li><a href="96c9b3dedd"><code>96c9b3d</code></a> [major] Flip the default value of <code>allowSynchronousEvents</code> (<a href="https://redirect.github.com/websockets/ws/issues/2221">#2221</a>)</li>
<li><a href="e5f32c7e1e"><code>e5f32c7</code></a> [fix] Emit at most one event per event loop iteration (<a href="https://redirect.github.com/websockets/ws/issues/2218">#2218</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/8.16.0...8.17.1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
<details>
<summary>Commits</summary>
<ul>
<li><a href="74b2db2938"><code>74b2db2</code></a> 3.0.3</li>
<li><a href="88f1429a0f"><code>88f1429</code></a> update eslint. lint, fix unit tests.</li>
<li><a href="415d660c30"><code>415d660</code></a> Snyk js braces 6838727 (<a href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li>
<li><a href="190510f79d"><code>190510f</code></a> fix tests, skip 1 test in test/braces.expand</li>
<li><a href="716eb9f12d"><code>716eb9f</code></a> readme bump</li>
<li><a href="a5851e57f4"><code>a5851e5</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/braces/issues/37">#37</a> from coderaiser/fix/vulnerability</li>
<li><a href="2092bd1fb1"><code>2092bd1</code></a> feature: braces: add maxSymbols (<a href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li>
<li><a href="9f5b4cf473"><code>9f5b4cf</code></a> fix: vulnerability (<a href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li>
<li><a href="98414f9f1f"><code>98414f9</code></a> remove funding file</li>
<li><a href="665ab5d561"><code>665ab5d</code></a> update keepEscaping doc (<a href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Bumps [@grpc/grpc-js](https://github.com/grpc/grpc-node) from 1.8.14 to 1.8.22.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/grpc/grpc-node/releases"><code>@grpc/grpc-js</code>'s releases</a>.</em></p>
<blockquote>
<h2><code>@grpc/grpc-js</code> 1.8.22</h2>
<ul>
<li>Avoid buffering significantly more than <code>grpc.max_receive_message_size</code> per received message.</li>
</ul>
<h2><code>@grpc/grpc-js</code><a href="https://github.com/1"><code>@1</code></a>.8.21</h2>
<ul>
<li>Fix propagation of UNIMPLEMENTED error messages (<a href="https://redirect.github.com/grpc/grpc-node/issues/2528">#2528</a>)</li>
</ul>
<h2><code>@grpc/grpc-js</code> 1.8.20</h2>
<ul>
<li>Fix a crash when the channel option <code>grpc.keepalive_permit_without_calls</code> is set (<a href="https://redirect.github.com/grpc/grpc-node/issues/2519">#2519</a>)</li>
</ul>
<h2><code>@grpc/grpc-js</code> 1.8.19</h2>
<ul>
<li>Update keepalive behavior to more correctly handle short calls and long periods of inactivity (<a href="https://redirect.github.com/grpc/grpc-node/issues/2513">#2513</a>)</li>
</ul>
<h2><code>@grpc/grpc-js</code> 1.8.18</h2>
<ul>
<li>Fix reporting of call stacks in unary request errors (<a href="https://redirect.github.com/grpc/grpc-node/issues/2503">#2503</a>)</li>
<li>Fix reporting of proxy info in channelz socket responses (<a href="https://redirect.github.com/grpc/grpc-node/issues/2503">#2503</a>)</li>
</ul>
<h2><code>@grpc/grpc-js</code> 1.8.17</h2>
<ul>
<li>Disallow <code>pick_first</code> LB policy as the direct child of an <code>outlier_detection</code> LB policy (<a href="https://redirect.github.com/grpc/grpc-node/issues/2476">#2476</a>)</li>
</ul>
<h2><code>@grpc/grpc-js</code> 1.8.16</h2>
<ul>
<li>Fix missing <code>transport</code> trace logs (<a href="https://redirect.github.com/grpc/grpc-node/issues/2470">#2470</a>)</li>
</ul>
<h2><code>@grpc/grpc-js</code> 1.8.15</h2>
<ul>
<li>Fix a memory leak that could result from a specific pattern of recursive function calls (<a href="https://redirect.github.com/grpc/grpc-node/issues/2456">#2456</a>)</li>
<li>Ensure <code>status</code> and <code>error</code> events are consistently emitted asynchronously (<a href="https://redirect.github.com/grpc/grpc-node/issues/2456">#2456</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="a8a020339c"><code>a8a0203</code></a> Merge pull request from GHSA-7v5v-9h63-cj86</li>
<li><a href="3b110cddfe"><code>3b110cd</code></a> grpc-js: Bump to 1.8.22</li>
<li><a href="8e622220c8"><code>8e62222</code></a> grpc-js: Avoid buffering significantly more than max_receive_message_size per...</li>
<li><a href="9d8394738f"><code>9d83947</code></a> Merge pull request <a href="https://redirect.github.com/grpc/grpc-node/issues/2742">#2742</a> from sergiitk/backport-1.8-psm-interop-common-prod-t...</li>
<li><a href="00f348c486"><code>00f348c</code></a> Merge pull request <a href="https://redirect.github.com/grpc/grpc-node/issues/2729">#2729</a> from sergiitk/psm-interop-common-prod-tests</li>
<li><a href="36d105b195"><code>36d105b</code></a> Merge pull request <a href="https://redirect.github.com/grpc/grpc-node/issues/2737">#2737</a> from murgatroid99/backport-1.8-grpc-js_linkify-it_fix</li>
<li><a href="969e305027"><code>969e305</code></a> Merge pull request <a href="https://redirect.github.com/grpc/grpc-node/issues/2735">#2735</a> from murgatroid99/grpc-js_linkify-it_fix</li>
<li><a href="d78216f283"><code>d78216f</code></a> Merge pull request <a href="https://redirect.github.com/grpc/grpc-node/issues/2715">#2715</a> from sergiitk/backport-1.8-psm-interop-pkg-dev</li>
<li><a href="f38966aab5"><code>f38966a</code></a> Merge pull request <a href="https://redirect.github.com/grpc/grpc-node/issues/2712">#2712</a> from sergiitk/psm-interop-pkg-dev</li>
<li><a href="ffefff2570"><code>ffefff2</code></a> Merge pull request <a href="https://redirect.github.com/grpc/grpc-node/issues/2640">#2640</a> from XuanWang-Amos/backport-1.8-psm-interop-shared-b...</li>
<li>Additional commits viewable in <a href="https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.8.14...@grpc/grpc-js@1.8.22">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Bumps [ejs](https://github.com/mde/ejs) from 3.1.9 to 3.1.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/mde/ejs/releases">ejs's releases</a>.</em></p>
<blockquote>
<h2>v3.1.10</h2>
<p>Version 3.1.10</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d3f807dea9"><code>d3f807d</code></a> Version 3.1.10</li>
<li><a href="9ee26dde5d"><code>9ee26dd</code></a> Mocha TDD</li>
<li><a href="e469741dca"><code>e469741</code></a> Basic pollution protection</li>
<li><a href="715e9507fa"><code>715e950</code></a> Merge pull request <a href="https://redirect.github.com/mde/ejs/issues/756">#756</a> from Jeffrey-mu/main</li>
<li><a href="cabe3146ad"><code>cabe314</code></a> Include advanced usage examples</li>
<li><a href="29b076cdbb"><code>29b076c</code></a> Added header</li>
<li><a href="11503c79af"><code>11503c7</code></a> Merge branch 'main' of github.com:mde/ejs into main</li>
<li><a href="7690404e2f"><code>7690404</code></a> Added security banner to README</li>
<li><a href="f47d7aedd5"><code>f47d7ae</code></a> Update SECURITY.md</li>
<li><a href="828cea1687"><code>828cea1</code></a> Update SECURITY.md</li>
<li>Additional commits viewable in <a href="https://github.com/mde/ejs/compare/v3.1.9...v3.1.10">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6.
<details>
<summary>Commits</summary>
<ul>
<li><a href="35a517c586"><code>35a517c</code></a> Release version 1.15.6 of the npm package.</li>
<li><a href="c4f847f851"><code>c4f847f</code></a> Drop Proxy-Authorization across hosts.</li>
<li><a href="8526b4a1b2"><code>8526b4a</code></a> Use GitHub for disclosure.</li>
<li><a href="b1677ce001"><code>b1677ce</code></a> Release version 1.15.5 of the npm package.</li>
<li><a href="d8914f7982"><code>d8914f7</code></a> Preserve fragment in responseUrl.</li>
<li>See full diff in <a href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Bumps [passport](https://github.com/jaredhanson/passport) from 0.5.3 to 0.6.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md">passport's changelog</a>.</em></p>
<blockquote>
<h2>[0.6.0] - 2022-05-20</h2>
<h3>Added</h3>
<ul>
<li><code>authenticate()</code>, <code>req#login</code>, and <code>req#logout</code> accept a
<code>keepSessionInfo: true</code> option to keep session information after regenerating
the session.</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>req#login()</code> and <code>req#logout()</code> regenerate the the session and clear session
information by default.</li>
<li><code>req#logout()</code> is now an asynchronous function and requires a callback
function as the last argument.</li>
</ul>
<h3>Security</h3>
<ul>
<li>Improved robustness against session fixation attacks in cases where there is
physical access to the same system or the application is susceptible to
cross-site scripting (XSS).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c33067bc5a"><code>c33067b</code></a> 0.6.0</li>
<li><a href="3052bb4717"><code>3052bb4</code></a> Update changelog.</li>
<li><a href="42630cbd1f"><code>42630cb</code></a> Merge pull request <a href="https://redirect.github.com/jaredhanson/passport/issues/900">#900</a> from jaredhanson/fix-fixation</li>
<li><a href="8dd79fe5f3"><code>8dd79fe</code></a> Use utils-merge rather than Object.assign for compatibility.</li>
<li><a href="4f6bd5b254"><code>4f6bd5b</code></a> Change keepSessionData to keepSessionData.</li>
<li><a href="46756e56db"><code>46756e5</code></a> Silence verbose logging.</li>
<li><a href="987b1918a2"><code>987b191</code></a> Add tests.</li>
<li><a href="f8a175f114"><code>f8a175f</code></a> Add tests.</li>
<li><a href="29a90d68dd"><code>29a90d6</code></a> No need to guard callback existence.</li>
<li><a href="bfba8a1ab4"><code>bfba8a1</code></a> Add tests.</li>
<li>Additional commits viewable in <a href="https://github.com/jaredhanson/passport/compare/v0.5.3...v0.6.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Co-authored-by: Warren <5959690+wrn14897@users.noreply.github.com>
Bumps [ip](https://github.com/indutny/node-ip) from 2.0.0 to 2.0.1.
<details>
<summary>Commits</summary>
<ul>
<li><a href="3b0994a74e"><code>3b0994a</code></a> 2.0.1</li>
<li><a href="32f468f124"><code>32f468f</code></a> lib: fixed CVE-2023-42282 and added unit test</li>
<li>See full diff in <a href="https://github.com/indutny/node-ip/compare/v2.0.0...v2.0.1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Co-authored-by: Warren <5959690+wrn14897@users.noreply.github.com>
[Generic Webhook Option for Alerts
](https://github.com/hyperdxio/hyperdx/issues/2#issue-1893833428
)
### DETAILS:
This PR enables the creation and use of generic webhooks alongside the existing slack webhooks. This allows users to configure arbitrary webhook consumers/destinations with custom payloads.
For now the lack of signage/security features means more complex webhooks that perform actions on alert will most likely be gated off due to their internal requirements, but this should unlock a variety of message-focused consumers alongside the existing slack implementation. Query parameter usage was built into the migration and logic, and can be enabled in a later version when security options make those more complex use cases (like caching) worthwhile. For the time being many consumers allow/mirror QP functionality in the body of the request, and otherwise building into the url manually achieves the same purpose.
This implementation assumes and is limited to POST requests only, which is the ideal sender behavior and has exceptionally large coverage, but optionality for GETs and PUTs can be added in later versions if they are desired.
Message templating is still quite limited while the more robust templating system is in development, and users should refer to their specific consumer documentation for implementation.
As a minor addition, with the added complexity beyond just single slack webhooks, optional descriptions were also added to the webhook model and displayed on the settings page.
### V1+ NEXT STEPS:
- security/signature functionality
- user facing webhook edit functionality
- functionality to send webhook tests during creation
- alignment with current in-progress alert templating
- user facing queryParam functionality (and/or url building for ease of use)
### VISUALS:
**TEAM SETTINGS UPDATE:**
**GENERIC WEBHOOK CREATION:**
**ALERT CREATION UPDATE:**
