Automatically maintain bidirectional relationships between correlated sources. When a user selects a correlated source (e.g., Log → Metric), the target source is updated to link back (Metric → Log) if not already linked.
- Works for both new and existing sources
- Preserves existing correlations (no overwriting)
- Improves data consistency across the application
The api throws 504 and hangs when invalid credentials are given on login page.
> {"level":"error","message":"'caller', 'callee', and 'arguments' properties may not be accessed on strict mode functions or the arguments objects for calls to them","name":"TypeError","stack":"TypeError: 'caller', 'callee', and 'arguments' properties may not be accessed on strict mode functions or the arguments objects for calls to them\n at i (/app/packages/api/index.js:335:35331)\n at new i (/app/packages/api/index.js:335:35235)\n at PBKDF2Job.<anonymous> (/app/packages/api/index.js:335:38225)\n
at job.ondone (node:internal/crypto/pbkdf2:56:12)"
The root cause is due to the strict mode enforced by the esbuild. The fix here is to fork the `passport-local-mongoose` and fix the part that causes the error (edb1149704)
Ref: HDX-2036
Ref: HDX-1976
1. Updated release-xxx commands to prevent image tag overrides
2. Updated release workflow so that notify-xxx steps won't be triggered if no new app image was pushed
- Upgrades ClickHouse to 25.6, fixes breaking config change, needed for latest JSON type
- Upgrades OTel Collector to 0.129.1, fixes breaking config change, needed for latest JSON support in exporter
- Upgrades OTel OpAMP Supervisor to 0.128.0
- Fixes features to support JSON type columns in OTel in HyperDX (filtering, searching, graphing, opening rows, etc.)
Requires users to set `BETA_CH_OTEL_JSON_SCHEMA_ENABLED=true` in `ch-server` and `OTEL_AGENT_FEATURE_GATE_ARG='--feature-gates=clickhouse.json'` in `otel-collector` to enable JSON schema. Users must start a new ClickHouse DB or migrate their own table manually to enable as it is not schema compatible and migration is not automatic.
Closes HDX-1849, HDX-1969, HDX-1849, HDX-1966, HDX-1964
Co-authored-by: Tom Alexander <3245235+teeohhem@users.noreply.github.com>
Adds a download icon that allows users to download a csv of results. Note: In v1, this was a gear icon that brought up a modal with a few different search options, including adding additional columns. Since that functionality doesn't exist in v2 yet, I thought it was best to just have a direct icon for now.
Fixes: HDX-1590
Bumps [pbkdf2](https://github.com/crypto-browserify/pbkdf2) from 3.1.2 to 3.1.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md">pbkdf2's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/browserify/pbkdf2/compare/v3.1.2...v3.1.3">v3.1.3</a> - 2025-06-20</h2>
<h3>Commits</h3>
<ul>
<li>Only apps should have lockfiles <a href="8b067308ee"><code>8b06730</code></a></li>
<li>[lint] fix whitespace <a href="9a76e2f37e"><code>9a76e2f</code></a></li>
<li>[lint] fix parens/curlies/semis/etc <a href="6fd84bf64a"><code>6fd84bf</code></a></li>
<li>[meta] add <code>auto-changelog</code> <a href="796c38d428"><code>796c38d</code></a></li>
<li>[Tests] fix tests in node 17 <a href="3661fb0156"><code>3661fb0</code></a></li>
<li>Revert "[Tests] fix tests in node < 3" <a href="7431b57668"><code>7431b57</code></a></li>
<li>[Tests] fix tests in node < 3 <a href="eb9f97a66e"><code>eb9f97a</code></a></li>
<li>[Fix] ensure unknown algorithms throw + known ones match node <a href="26d4fd391e"><code>26d4fd3</code></a></li>
<li>[Tests] add GHA, always run nyc <a href="513906a735"><code>513906a</code></a></li>
<li>[lint] fix a few more rules <a href="ab04da834a"><code>ab04da8</code></a></li>
<li>[lint] switch to eslint <a href="89694cf7e4"><code>89694cf</code></a></li>
<li>[Tests] add coverage <a href="d0d534bfdc"><code>d0d534b</code></a></li>
<li>[Refactor] use <code>to-buffer</code> <a href="e3102a8cd4"><code>e3102a8</code></a></li>
<li>[readme] improve badges <a href="fca0c9d4c5"><code>fca0c9d</code></a></li>
<li>[Tests] remove unused travis file <a href="a2c7d93bbc"><code>a2c7d93</code></a></li>
<li>[meta] switch from <code>files</code> to <code>npmignore</code> <a href="7f31fbca52"><code>7f31fbc</code></a></li>
<li>[Tests] use .nycrc <a href="8d628e8d55"><code>8d628e8</code></a></li>
<li>[Refactor] minor tweaks <a href="fc61005c8c"><code>fc61005</code></a></li>
<li>[Deps] update <code>create-hmac</code>, <code>safe-buffer</code>, <code>sha.js</code> <a href="ae2a7d051c"><code>ae2a7d0</code></a></li>
<li>[Fix] pin <code>create-hash</code>, <code>ripemd160</code> due to breaking changes <a href="e07996890a"><code>e079968</code></a></li>
<li>[Tests] fix tests in node 3 <a href="45fbcf3043"><code>45fbcf3</code></a></li>
<li>[meta] skip publishing benchmarks <a href="19ea57bf11"><code>19ea57b</code></a></li>
<li>[Dev Deps] add missing peer dep <a href="645e252375"><code>645e252</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="3e40827b18"><code>3e40827</code></a> v3.1.3</li>
<li><a href="e3102a8cd4"><code>e3102a8</code></a> [Refactor] use <code>to-buffer</code></li>
<li><a href="7431b57668"><code>7431b57</code></a> Revert "[Tests] fix tests in node < 3"</li>
<li><a href="19ea57bf11"><code>19ea57b</code></a> [meta] skip publishing benchmarks</li>
<li><a href="a2c7d93bbc"><code>a2c7d93</code></a> [Tests] remove unused travis file</li>
<li><a href="645e252375"><code>645e252</code></a> [Dev Deps] add missing peer dep</li>
<li><a href="796c38d428"><code>796c38d</code></a> [meta] add <code>auto-changelog</code></li>
<li><a href="d0d534bfdc"><code>d0d534b</code></a> [Tests] add coverage</li>
<li><a href="7f31fbca52"><code>7f31fbc</code></a> [meta] switch from <code>files</code> to <code>npmignore</code></li>
<li><a href="fca0c9d4c5"><code>fca0c9d</code></a> [readme] improve badges</li>
<li>Additional commits viewable in <a href="https://github.com/crypto-browserify/pbkdf2/compare/v3.1.2...v3.1.3">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~ljharb">ljharb</a>, a new releaser for pbkdf2 since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Bumps [formidable](https://github.com/node-formidable/formidable) from 2.1.2 to 2.1.5.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/node-formidable/formidable/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Bumps [next](https://github.com/vercel/next.js) from 14.2.29 to 14.2.30.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p>
<blockquote>
<h2>v14.2.30</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Backport <code>config.allowedDevOrigins</code> (<a href="https://redirect.github.com/vercel/next.js/issues/80410">#80410</a>) (<a href="https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins">Learn More</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a href="https://github.com/ijjk"><code>@ijjk</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="243072b7a8"><code>243072b</code></a> v14.2.30</li>
<li><a href="f523d4a142"><code>f523d4a</code></a> [backport]: config.allowedDevOrigins (<a href="https://redirect.github.com/vercel/next.js/issues/80410">#80410</a>)</li>
<li>See full diff in <a href="https://github.com/vercel/next.js/compare/v14.2.29...v14.2.30">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Fixes HDX-1835
I tested this by running the main branch first via `cd packages/app && yarn dev:local`, loading localhost:8080 and clicked demo servers, pasting the json from the HDX-1835 linear ticket into the `hdx-local-source` localStorage slot, verified some sources gave that permissions issue, then closed the tab. Then I checked out this branch, opened a new tab with localhost:8080, selected demo servers, and all demo sources work as expected
