Sync upstream/integration (a7f811c) -> release/5 2026-05-05#408
Open
Sync upstream/integration (a7f811c) -> release/5 2026-05-05#408
Conversation
## Description _flatted_ version updated to 3.4.2
…tion via Header Injection Chain ## Description Axios version up from 1.13.5 to 1.15.0
## Description - update @graphql-codegen/* dependencies to latest minor versions - Disable "no-redeclare" rule for _\*\*/graphql/__generated__/\*\*_ files due to function overloads generated by @graphql-codegen/typescript-react-apollo (dotansimha/graphql-code-generator-community@78ff366)
* lodash to 4.18.1 * @graphql-codegen/cli to 6.3.0 * @graphql-codegen/typescript to 5.0.10 * @graphql-codegen/typescript-resolvers to 5.1.8
…b quantifiers ## Description - _typescript-eslint_ updated to v8.58.2 - _picomatch_ updated to v2.3.2 || v4.0.4
… Denial of Service via multiple route parameters ## Description _path-to-regexp_ updated to v0.1.13
…bypass per-client rate limiting on servers with dual-stack network ## Description _express-rate-limit_ updated to v8.1.1
…ith non-matching literal in pattern ## Description _minimatch_ updated
abf1345 OSN-1412. [Dependabot] minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern 296d4eb OSN-1413. bump lodash-es to 4.18.1 0b7e232 OSN-1422. [Dependabot] xpress-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network 6af3731 OSN-1419. [Depenabot] path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters d6c63f9 OSN-1417. [Dependabot] Picomatch has a ReDoS vulnerability via extglob quantifiers dafc606 OSN-1413. Bump packages f191e95 OSN-1414. Bump terser-webpack-plugin to 5.4.0
- Use pull_request_target event - Update the manage-ui-label workflow by replacing the paths-filter action with a custom script that detects changes in ngui paths via the Pulls API - Replaced custom add/remove labels with inline scripts usin github api
* Update pnpm to 10.33.0 * Update workspace security settings to include minimumReleaseAge, trustPolicy, and blockExoticSubdeps
…bute ## Description _mdast-util-to-hast_ updated to v13.2.1
…eaders to Cross-Domain Redirect Targets ## Description _follow-redirects_ updated to v1.16.0
…-Contextualization ## Description _dompurify_ updated to v3.4.0
…cess hang and memory exhaustion ## Description _brace-expansion_ update to v1.1.13
…ble to prototype pollution ## Description _protocol-buffers-schema_ updated to v3.6.1
## Description _ajv_ updated
e8a317c OSN-1430. [Dependabot] ajv has ReDoS when using `$data` option 3f9f28d OSN-1428. [Dependabot] Mafintosh's protocol-buffers-schema is vulnerable to prototype pollution a82b059 OSN-1427. [Dependabot] brace-expansion: Zero-step sequence causes process hang and memory exhaustion 3c35a30 OSN-1426. [Dependabot] DOMPurify is vulnerable to mutation-XSS via Re-Contextualization 1327376 OSN-1425. [Dependabot] follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets 9aed4e0 OSN-1424. [Dependabot] mdast-util-to-hast has unsanitized class attribute b644759 OSN-1415. Update pnpm eefe1c0 OSN-1423: Update label workflows to use pull_request_target
…y nested YAML collections ## Description _yaml_ update
… denial of service ## Description _qs_ update
…pass via HTTP redirects → SSRF + cache persistence ## Description _webpack_ update
…rol Flow Scoping ## Description jsdom **Major** update to v26.1.0
108874d OSN-1437: Add data-test-ids to icons 8ebf88c OSN-1435. [Dependabot] @tootallnate/once vulnerable to Incorrect Control Flow Scoping 9357dc0 OSN-1433. [Dependabot] webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence f400895 OSN-1432. [Dependabot] qs's arrayLimit bypass in comma parsing allows denial of service 10d336e OSN-1431. [Dependabot] yaml is vulnerable to Stack Overflow via deeply nested YAML collections 5a11927 OS-7702. Initial support of Azure China
5578f70 OSN-XXXX. Skip discovery in region on InternalError
- Move the OpenTelemetry setup logic from the rest_api service to a shared library within tools. - Extend telemetry to auth and diworker services. - New ClickHouse and Kombu instrumentors. - Better etcd configuration structure. - Per-service instrumentors enable flags. - Makes ngui Apollo server forward the `X-Trace-Id` header to the client.
…f XS-Search (read-only Cross-Site Request Forgery) prevention ## Description - @apollo/server **Major** update to v5.5.0 - graphql minor update to v16.11.0 According to the [apollo/server@5.0.0 release notes](https://github.com/apollographql/apollo-server/releases/tag/%40apollo%2Fserver%405.0.0), upgrading from version **4** should not introduce major changes to the project. [Migrating tutorial](https://www.apollographql.com/docs/apollo-server/migration)
## Description Expenses indexes effectiveness ## Related issue number OSN-1447. ## Special notes <!-- Please provide additional information if required. --> ## Checklist * [ ] The pull request title is a good summary of the changes * [ ] Unit tests for the changes exist * [ ] New and existing unit tests pass locally
Migrate cloud account config from cryptocode to fernet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR syncs the latest changes from upstream to release branch.