Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MINOR: Update Data Insights Configurations to enable more fine control management #19884

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

MINOR: Update Data Insights Configurations to enable more fine control management #19884

wants to merge 4 commits into from

Conversation

IceS2
Copy link
Contributor

@IceS2 IceS2 commented Feb 19, 2025

Increases the amount of control the users have on the Data Insights Application by exposing more granular controls.

Type of change:

  • Improvement

Checklist:

  • I have read the CONTRIBUTING document.
  • My PR title is Fixes <issue-number>: <short explanation>
  • I have commented on my code, particularly in hard-to-understand areas.
  • For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

@github-actions github-actions bot added Ingestion safe to test Add this label to run secure Github workflows on PRs labels Feb 19, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 19, 2025
edited
Loading

🛡️ TRIVY SCAN RESULT 🛡️

Target: openmetadata-ingestion-base-slim:trivy (debian 11.11)

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: Java

Vulnerabilities (46)

Package Vulnerability ID Severity Installed Version Fixed Version
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 🚨 HIGH 2.11.4 2.13.2.1, 2.12.6.1
com.fasterxml.jackson.core:jackson-databind CVE-2021-46877 🚨 HIGH 2.11.4 2.12.6, 2.13.1
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 🚨 HIGH 2.11.4 2.12.7.1, 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 🚨 HIGH 2.11.4 2.12.7.1, 2.13.4
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 🚨 HIGH 2.13.0 2.13.2.1, 2.12.6.1
com.fasterxml.jackson.core:jackson-databind CVE-2021-46877 🚨 HIGH 2.13.0 2.12.6, 2.13.1
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 🚨 HIGH 2.13.0 2.12.7.1, 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 🚨 HIGH 2.13.0 2.12.7.1, 2.13.4
com.google.code.gson:gson CVE-2022-25647 🚨 HIGH 2.2.4 2.8.9
com.google.protobuf:protobuf-java CVE-2021-22569 🚨 HIGH 2.5.0 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22570 🚨 HIGH 2.5.0 3.15.0
com.google.protobuf:protobuf-java CVE-2022-3509 🚨 HIGH 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 🚨 HIGH 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2024-7254 🚨 HIGH 2.5.0 3.25.5, 4.27.5, 4.28.2
com.google.protobuf:protobuf-java CVE-2021-22569 🚨 HIGH 3.3.0 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22570 🚨 HIGH 3.3.0 3.15.0
com.google.protobuf:protobuf-java CVE-2022-3509 🚨 HIGH 3.3.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 🚨 HIGH 3.3.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2024-7254 🚨 HIGH 3.3.0 3.25.5, 4.27.5, 4.28.2
com.google.protobuf:protobuf-java CVE-2021-22569 🚨 HIGH 3.7.1 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22570 🚨 HIGH 3.7.1 3.15.0
com.google.protobuf:protobuf-java CVE-2022-3509 🚨 HIGH 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 🚨 HIGH 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2024-7254 🚨 HIGH 3.7.1 3.25.5, 4.27.5, 4.28.2
com.nimbusds:nimbus-jose-jwt CVE-2023-52428 🚨 HIGH 9.8.1 9.37.2
commons-io:commons-io CVE-2024-47554 🚨 HIGH 2.11.0 2.14.0
commons-io:commons-io CVE-2024-47554 🚨 HIGH 2.8.0 2.14.0
dnsjava:dnsjava CVE-2024-25638 🚨 HIGH 2.1.7 3.6.0
io.airlift:aircompressor CVE-2024-36114 🚨 HIGH 0.21 0.27
net.minidev:json-smart CVE-2021-31684 🚨 HIGH 1.3.2 1.3.3, 2.4.4
net.minidev:json-smart CVE-2023-1370 🚨 HIGH 1.3.2 2.4.9
org.apache.avro:avro CVE-2024-47561 🔥 CRITICAL 1.11.0 1.11.4
org.apache.avro:avro CVE-2023-39410 🚨 HIGH 1.11.0 1.11.3
org.apache.avro:avro CVE-2024-47561 🔥 CRITICAL 1.7.7 1.11.4
org.apache.avro:avro CVE-2023-39410 🚨 HIGH 1.7.7 1.11.3
org.apache.derby:derby CVE-2022-46337 🔥 CRITICAL 10.14.2.0 10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0
org.apache.hadoop:hadoop-common CVE-2022-25168 🔥 CRITICAL 3.3.2 2.10.2, 3.2.4, 3.3.3
org.apache.ivy:ivy CVE-2022-46751 🚨 HIGH 2.5.1 2.5.2
org.apache.mesos:mesos CVE-2018-1330 🚨 HIGH 1.4.3 1.6.0
org.apache.spark:spark-hive-thriftserver_2.12 CVE-2024-23945 🚨 HIGH 3.3.4 3.4.2
org.apache.thrift:libthrift CVE-2019-0205 🚨 HIGH 0.12.0 0.13.0
org.apache.thrift:libthrift CVE-2020-13949 🚨 HIGH 0.12.0 0.14.0
org.apache.zookeeper:zookeeper CVE-2023-44981 🔥 CRITICAL 3.6.2 3.7.2, 3.8.3, 3.9.1
org.xerial.snappy:snappy-java CVE-2023-34455 🚨 HIGH 1.1.8.4 1.1.10.1
org.xerial.snappy:snappy-java CVE-2023-43642 🚨 HIGH 1.1.8.4 1.1.10.4
org.yaml:snakeyaml CVE-2022-1471 🚨 HIGH 1.31 2.0

🛡️ TRIVY SCAN RESULT 🛡️

Target: Node.js

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: Python

Vulnerabilities (1)

Package Vulnerability ID Severity Installed Version Fixed Version
Werkzeug CVE-2024-34069 🚨 HIGH 2.2.3 3.0.3

🛡️ TRIVY SCAN RESULT 🛡️

Target: /etc/ssl/private/ssl-cert-snakeoil.key

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: /ingestion/pipelines/extended_sample_data.yaml

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: /ingestion/pipelines/lineage.yaml

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: /ingestion/pipelines/sample_data.json

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: /ingestion/pipelines/sample_data.yaml

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: /ingestion/pipelines/sample_usage.json

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: /ingestion/pipelines/sample_usage.yaml

No Vulnerabilities Found

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 19, 2025
edited
Loading

🛡️ TRIVY SCAN RESULT 🛡️

Target: openmetadata-server:trivy (alpine 3.21.3)

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: Java

No Vulnerabilities Found

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 19, 2025
edited
Loading

🛡️ TRIVY SCAN RESULT 🛡️

Target: openmetadata-ingestion:trivy (debian 12.9)

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: Java

Vulnerabilities (46)

Package Vulnerability ID Severity Installed Version Fixed Version
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 🚨 HIGH 2.11.4 2.13.2.1, 2.12.6.1
com.fasterxml.jackson.core:jackson-databind CVE-2021-46877 🚨 HIGH 2.11.4 2.12.6, 2.13.1
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 🚨 HIGH 2.11.4 2.12.7.1, 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 🚨 HIGH 2.11.4 2.12.7.1, 2.13.4
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 🚨 HIGH 2.13.0 2.13.2.1, 2.12.6.1
com.fasterxml.jackson.core:jackson-databind CVE-2021-46877 🚨 HIGH 2.13.0 2.12.6, 2.13.1
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 🚨 HIGH 2.13.0 2.12.7.1, 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 🚨 HIGH 2.13.0 2.12.7.1, 2.13.4
com.google.code.gson:gson CVE-2022-25647 🚨 HIGH 2.2.4 2.8.9
com.google.protobuf:protobuf-java CVE-2021-22569 🚨 HIGH 2.5.0 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22570 🚨 HIGH 2.5.0 3.15.0
com.google.protobuf:protobuf-java CVE-2022-3509 🚨 HIGH 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 🚨 HIGH 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2024-7254 🚨 HIGH 2.5.0 3.25.5, 4.27.5, 4.28.2
com.google.protobuf:protobuf-java CVE-2021-22569 🚨 HIGH 3.3.0 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22570 🚨 HIGH 3.3.0 3.15.0
com.google.protobuf:protobuf-java CVE-2022-3509 🚨 HIGH 3.3.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 🚨 HIGH 3.3.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2024-7254 🚨 HIGH 3.3.0 3.25.5, 4.27.5, 4.28.2
com.google.protobuf:protobuf-java CVE-2021-22569 🚨 HIGH 3.7.1 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22570 🚨 HIGH 3.7.1 3.15.0
com.google.protobuf:protobuf-java CVE-2022-3509 🚨 HIGH 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 🚨 HIGH 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2024-7254 🚨 HIGH 3.7.1 3.25.5, 4.27.5, 4.28.2
com.nimbusds:nimbus-jose-jwt CVE-2023-52428 🚨 HIGH 9.8.1 9.37.2
commons-io:commons-io CVE-2024-47554 🚨 HIGH 2.11.0 2.14.0
commons-io:commons-io CVE-2024-47554 🚨 HIGH 2.8.0 2.14.0
dnsjava:dnsjava CVE-2024-25638 🚨 HIGH 2.1.7 3.6.0
io.airlift:aircompressor CVE-2024-36114 🚨 HIGH 0.21 0.27
net.minidev:json-smart CVE-2021-31684 🚨 HIGH 1.3.2 1.3.3, 2.4.4
net.minidev:json-smart CVE-2023-1370 🚨 HIGH 1.3.2 2.4.9
org.apache.avro:avro CVE-2024-47561 🔥 CRITICAL 1.11.0 1.11.4
org.apache.avro:avro CVE-2023-39410 🚨 HIGH 1.11.0 1.11.3
org.apache.avro:avro CVE-2024-47561 🔥 CRITICAL 1.7.7 1.11.4
org.apache.avro:avro CVE-2023-39410 🚨 HIGH 1.7.7 1.11.3
org.apache.derby:derby CVE-2022-46337 🔥 CRITICAL 10.14.2.0 10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0
org.apache.hadoop:hadoop-common CVE-2022-25168 🔥 CRITICAL 3.3.2 2.10.2, 3.2.4, 3.3.3
org.apache.ivy:ivy CVE-2022-46751 🚨 HIGH 2.5.1 2.5.2
org.apache.mesos:mesos CVE-2018-1330 🚨 HIGH 1.4.3 1.6.0
org.apache.spark:spark-hive-thriftserver_2.12 CVE-2024-23945 🚨 HIGH 3.3.4 3.4.2
org.apache.thrift:libthrift CVE-2019-0205 🚨 HIGH 0.12.0 0.13.0
org.apache.thrift:libthrift CVE-2020-13949 🚨 HIGH 0.12.0 0.14.0
org.apache.zookeeper:zookeeper CVE-2023-44981 🔥 CRITICAL 3.6.2 3.7.2, 3.8.3, 3.9.1
org.xerial.snappy:snappy-java CVE-2023-34455 🚨 HIGH 1.1.8.4 1.1.10.1
org.xerial.snappy:snappy-java CVE-2023-43642 🚨 HIGH 1.1.8.4 1.1.10.4
org.yaml:snakeyaml CVE-2022-1471 🚨 HIGH 1.31 2.0

🛡️ TRIVY SCAN RESULT 🛡️

Target: Node.js

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: Python

Vulnerabilities (2)

Package Vulnerability ID Severity Installed Version Fixed Version
Werkzeug CVE-2024-34069 🚨 HIGH 2.2.3 3.0.3
setuptools CVE-2024-6345 🚨 HIGH 65.5.1 70.0.0

🛡️ TRIVY SCAN RESULT 🛡️

Target: /home/airflow/openmetadata-airflow-apis/openmetadata_managed_apis.egg-info/PKG-INFO

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: /etc/ssl/private/ssl-cert-snakeoil.key

No Vulnerabilities Found

🛡️ TRIVY SCAN RESULT 🛡️

Target: /home/airflow/.local/lib/python3.10/site-packages/openmetadata_managed_apis-1.6.0.0.dev0.dist-info/METADATA

No Vulnerabilities Found

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 19, 2025
edited
Loading

Jest test Coverage

UI tests summary

Lines Statements Branches Functions
Coverage: 64%
 64.74% (41462/64041) 41.11% (16765/40781) 44.37% (5059/11402)

@IceS2 IceS2 mentioned this pull request Feb 24, 2025
Open
3 tasks
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'open-metadata-ui'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'open-metadata-ingestion'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Ingestion safe to test Add this label to run secure Github workflows on PRs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@IceS2