Bumps [cipher-base](https://github.com/crypto-browserify/cipher-base) from 1.0.4 to 1.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md">cipher-base's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6">v1.0.6</a> - 2024-11-26</h2>
<h3>Commits</h3>
<ul>
<li>[Fix] io.js 3.0 - Node.js 5.3 typed array support <a href="b7ddd2ac24"><code>b7ddd2a</code></a></li>
</ul>
<h2><a href="https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5">v1.0.5</a> - 2024-11-17</h2>
<h3>Commits</h3>
<ul>
<li>[Tests] standard -> eslint, make test dir, etc <a href="ae02fd6624"><code>ae02fd6</code></a></li>
<li>[Tests] migrate from travis to GHA <a href="66387d7146"><code>66387d7</code></a></li>
<li>[meta] fix package.json indentation <a href="5c02918ac5"><code>5c02918</code></a></li>
<li>[Fix] return valid values on multi-byte-wide TypedArray input <a href="8fd136432c"><code>8fd1364</code></a></li>
<li>[meta] add <code>auto-changelog</code> <a href="88dc806806"><code>88dc806</code></a></li>
<li>[meta] add <code>npmignore</code> and <code>safe-publish-latest</code> <a href="7a137d749c"><code>7a137d7</code></a></li>
<li>Only apps should have lockfiles <a href="42528f291d"><code>42528f2</code></a></li>
<li>[Deps] update <code>inherits</code>, <code>safe-buffer</code> <a href="0e7a2d9a33"><code>0e7a2d9</code></a></li>
<li>[meta] add missing <code>engines.node</code> <a href="f2dc13e47b"><code>f2dc13e</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f5249f9461"><code>f5249f9</code></a> v1.0.6</li>
<li><a href="b7ddd2ac24"><code>b7ddd2a</code></a> [Fix] io.js 3.0 - Node.js 5.3 typed array support</li>
<li><a href="f03cebfdad"><code>f03cebf</code></a> v1.0.5</li>
<li><a href="88dc806806"><code>88dc806</code></a> [meta] add <code>auto-changelog</code></li>
<li><a href="7a137d749c"><code>7a137d7</code></a> [meta] add <code>npmignore</code> and <code>safe-publish-latest</code></li>
<li><a href="5c02918ac5"><code>5c02918</code></a> [meta] fix package.json indentation</li>
<li><a href="8fd136432c"><code>8fd1364</code></a> [Fix] return valid values on multi-byte-wide TypedArray input</li>
<li><a href="66387d7146"><code>66387d7</code></a> [Tests] migrate from travis to GHA</li>
<li><a href="f2dc13e47b"><code>f2dc13e</code></a> [meta] add missing <code>engines.node</code></li>
<li><a href="0e7a2d9a33"><code>0e7a2d9</code></a> [Deps] update <code>inherits</code>, <code>safe-buffer</code></li>
<li>Additional commits viewable in <a href="https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.6">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~ljharb">ljharb</a>, a new releaser for cipher-base since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Bumps [sha.js](https://github.com/crypto-browserify/sha.js) from 2.4.11 to 2.4.12.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/browserify/sha.js/blob/master/CHANGELOG.md">sha.js's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/browserify/sha.js/compare/v2.4.11...v2.4.12">v2.4.12</a> - 2025-07-01</h2>
<h3>Commits</h3>
<ul>
<li>[eslint] switch to eslint <a href="7acadfbd3a"><code>7acadfb</code></a></li>
<li>[meta] add <code>auto-changelog</code> <a href="b46e7116eb"><code>b46e711</code></a></li>
<li>[eslint] fix package.json indentation <a href="df9d521e16"><code>df9d521</code></a></li>
<li>[Tests] migrate from travis to GHA <a href="c43c64adc6"><code>c43c64a</code></a></li>
<li>[Fix] support multi-byte wide typed arrays <a href="f2a258e9f2"><code>f2a258e</code></a></li>
<li>[meta] reorder package.json <a href="d8d77c0a72"><code>d8d77c0</code></a></li>
<li>[meta] add <code>npmignore</code> <a href="35aec35c66"><code>35aec35</code></a></li>
<li>[Tests] avoid console logs <a href="73e33ae0ca"><code>73e33ae</code></a></li>
<li>[Tests] fix tests run in batch <a href="262913006e"><code>2629130</code></a></li>
<li>[Tests] drop node requirement to 0.10 <a href="00c7f234aa"><code>00c7f23</code></a></li>
<li>[Dev Deps] update <code>buffer</code>, <code>hash-test-vectors</code>, <code>standard</code>, <code>tape</code>, <code>typedarray</code> <a href="92b5de5f67"><code>92b5de5</code></a></li>
<li>[Tests] drop node requirement to v3 <a href="9b5eca80fd"><code>9b5eca8</code></a></li>
<li>[meta] set engines to <code>&gt;= 4</code> <a href="807084c5c0"><code>807084c</code></a></li>
<li>Only apps should have lockfiles <a href="c72789c7a1"><code>c72789c</code></a></li>
<li>[Deps] update <code>inherits</code>, <code>safe-buffer</code> <a href="5428cfc6f7"><code>5428cfc</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a href="2dbe0aab41"><code>2dbe0aa</code></a></li>
<li>update README to reflect LICENSE <a href="8938256dbb"><code>8938256</code></a></li>
<li>[Dev Deps] add missing peer dep <a href="d52889688c"><code>d528896</code></a></li>
<li>[Dev Deps] remove unused <code>buffer</code> dep <a href="94ca7247f4"><code>94ca724</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="eb4ea2fd3d"><code>eb4ea2f</code></a> v2.4.12</li>
<li><a href="d8d77c0a72"><code>d8d77c0</code></a> [meta] reorder package.json</li>
<li><a href="df9d521e16"><code>df9d521</code></a> [eslint] fix package.json indentation</li>
<li><a href="35aec35c66"><code>35aec35</code></a> [meta] add <code>npmignore</code></li>
<li><a href="d52889688c"><code>d528896</code></a> [Dev Deps] add missing peer dep</li>
<li><a href="b46e7116eb"><code>b46e711</code></a> [meta] add <code>auto-changelog</code></li>
<li><a href="94ca7247f4"><code>94ca724</code></a> [Dev Deps] remove unused <code>buffer</code> dep</li>
<li><a href="2dbe0aab41"><code>2dbe0aa</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li>
<li><a href="73e33ae0ca"><code>73e33ae</code></a> [Tests] avoid console logs</li>
<li><a href="f2a258e9f2"><code>f2a258e</code></a> [Fix] support multi-byte wide typed arrays</li>
<li>Additional commits viewable in <a href="https://github.com/crypto-browserify/sha.js/compare/v2.4.11...v2.4.12">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~ljharb">ljharb</a>, a new releaser for sha.js since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
Expecting users to create schemas in the form of
```
INDEX inv_idx lower(Body) TYPE text(tokenizer = 'default') GRANULARITY 64
```
default tokenizer, and lower(Body) specifically
Closes HDX-2221
One reference to hyperdx docs in [LOCAL.md](c2160536ac/LOCAL.md (L71)) remains because we don't have a Management APIs section in ClickStack docs yet
Group the alert tasks fetched from mongo into groups based on what needs to run from the same connection. This sets up for further optimizations and connection reuse.
plus the fix to reduce bloat in opamp agent logs
Users should be able to mount the custom otel collector config file and add/overrider receivers, processors and exporters
For example:
```
receivers:
hostmetrics:
collection_interval: 5s
scrapers:
cpu:
load:
memory:
disk:
filesystem:
network:
# override the default processors
processors:
batch:
send_batch_size: 10000
timeout: 10s
memory_limiter:
limit_mib: 2000
service:
pipelines:
metrics/hostmetrics:
receivers: [hostmetrics]
# attach existing processors
processors: [memory_limiter, batch]
# attach existing exporters
exporters: [clickhouse]
```
This will add a new `hostmetrics` receiver + `metrics/hostmetrics` pipeline and update existing `batch` + `memory_limiter` processors
WARNING: This feature is still in beta, and future updates may change how it works, potentially affecting compatibility
Ref: HDX-1865
I have problem with dynamic field in clickhouse json datatype. My database looks for now like this
```
│ CREATE TABLE click.log_json_better ↴│
│↳( ↴│
│↳ `log` JSON, ↴│
│↳ `ingest_time` DateTime64(9) DEFAULT now64(9) ↴│
│↳)
```
If some field contains string like bellow
`SELECT log.message, FROM click.log_json_better WHERE ...`
with result
```
log.message──┐
1. │ {"took":7,"errors":false,"items":[{"create":{...trunc # sometimes valid json, sometimes not
```
but this is representation, select for whole log
```
SELECT log
FROM click.log_json_better
WHERE (ingest_time = parseDateTime64BestEffort('2025-08-11T10:27:01.901588629Z', 9))...
```
truncated result with message part
```
trunc...4-536e18d9ad92"},"message":"{\"took\":7,\"errors\":false,\"items\...truc
```
<img width="1222" height="116" alt="image" src="https://github.com/user-attachments/assets/bee99ec4-708f-4a32-a7a0-4082bdc73a6c" />
so it's stored as escaped string and API is returning it as escaped string as well
`"{\"took\":7,\"errors\":false...trunc`
<img width="1731" height="553" alt="image" src="https://github.com/user-attachments/assets/97a2b608-490f-47cb-909e-3d7f9e411cc0" />
Then when I clicked on such row, it is escaped again and created query has no match in DB.
```
AND toString(`log`.message) = '{\\\"took\\\":4,...
```
<img width="1538" height="81" alt="image" src="https://github.com/user-attachments/assets/92f85860-2a1f-499b-b52a-f076e3fe0ecb" />
so I've made a simple fix with SqlString.raw. I've tried to match record with md5, to not use whole field content for search query, but no luck with playing around with escaping and stripping escaping.
At first, I've removed `Search value/object key too large.` error, because this was problem that I've encountered as first, trowing error crashed whole UI. I've had no problem with string 10x larger than 1000 chars.
Closes HDX-1955
This allows the frontend to use a more optimized ORDER BY clause for tables that have a time bucketed sort key for large scale performance
We now store `createdBy` in the `Alert` document when the alert
is created. This new field references the `User` document of the
currently logged in user. The property is optional to support
existing alerts in the database.
This information is also displayed in various places where alert
details are displayed. Older documents without the new field should
display nothing, resulting in the existing UX.
1. Merge all clickhouse client setting related endpoints into one `/clickhouse-settings` plus controllers
2. Add tooltips to the setting UIs
3. Introduce `metadataMaxRowsToRead` setting for tweaking metadata query perf
Ref: HDX-2075
Related: HDX-2023
<img width="871" height="374" alt="image" src="https://github.com/user-attachments/assets/1824452f-8045-430d-9e26-5d31bcf38dcf" />
This commit refactors some of the alert logic and establishes a provider-like model so that different providers can be built based on the environment where the HyperDX alerts are being executed. The default provider implements the same alert code, just broken across some different types.
Automatically maintain bidirectional relationships between correlated sources. When a user selects a correlated source (e.g., Log → Metric), the target source is updated to link back (Metric → Log) if not already linked.
- Works for both new and existing sources
- Preserves existing correlations (no overwriting)
- Improves data consistency across the application
The api throws 504 and hangs when invalid credentials are given on login page.
> {"level":"error","message":"'caller', 'callee', and 'arguments' properties may not be accessed on strict mode functions or the arguments objects for calls to them","name":"TypeError","stack":"TypeError: 'caller', 'callee', and 'arguments' properties may not be accessed on strict mode functions or the arguments objects for calls to them\n at i (/app/packages/api/index.js:335:35331)\n at new i (/app/packages/api/index.js:335:35235)\n at PBKDF2Job.<anonymous> (/app/packages/api/index.js:335:38225)\n
at job.ondone (node:internal/crypto/pbkdf2:56:12)"
The root cause is due to the strict mode enforced by the esbuild. The fix here is to fork the `passport-local-mongoose` and fix the part that causes the error (edb1149704)
Ref: HDX-2036
