# Backport
This will backport the following commits from `main` to `8.6`:
- [Improve security of links using target=_blank
(#150049)](https://github.com/elastic/kibana/pull/150049)
<!--- Backport version: 8.9.7 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT [{"author":{"name":"Thomas
Watson","email":"watson@elastic.co"},"sourceCommit":{"committedDate":"2023-02-02T12:10:43Z","message":"Improve
security of links using target=_blank
(#150049)","sha":"4a1373c46fafe71be6334838413f71683ab263fa","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:all-open","v8.7.0"],"number":150049,"url":"https://github.com/elastic/kibana/pull/150049","mergeCommit":{"message":"Improve
security of links using target=_blank
(#150049)","sha":"4a1373c46fafe71be6334838413f71683ab263fa"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/150049","number":150049,"mergeCommit":{"message":"Improve
security of links using target=_blank
(#150049)","sha":"4a1373c46fafe71be6334838413f71683ab263fa"}}]}]
BACKPORT-->
Co-authored-by: Thomas Watson <watson@elastic.co>
# Backport
This will backport the following commits from `main` to `8.6`:
- [Fix core app routes
(#149462)](https://github.com/elastic/kibana/pull/149462)
<!--- Backport version: 8.9.7 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT [{"author":{"name":"Rudolf
Meijering","email":"skaapgif@gmail.com"},"sourceCommit":{"committedDate":"2023-01-25T19:13:34Z","message":"Fix
core app routes (#149462)\n\n## Summary\r\n\r\nSummarize your PR. If it
involves visual changes include a screenshot or\r\ngif.\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [ ] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[
]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n-
[ ] Any UI touched in this PR does not create any new axe
failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[ ] If a plugin configuration key changed, check if it needs to
be\r\nallowlisted in the cloud and added to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-
[ ] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[ ] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n###
Risk Matrix\r\n\r\nDelete this section if it is not applicable to this
PR.\r\n\r\nBefore closing this PR, invite QA, stakeholders, and other
developers to\r\nidentify risks that should be tested prior to the
change/feature\r\nrelease.\r\n\r\nWhen forming the risk matrix, consider
some of the following examples\r\nand how they may potentially impact
the change:\r\n\r\n| Risk | Probability | Severity | Mitigation/Notes
|\r\n\r\n|---------------------------|-------------|----------|-------------------------|\r\n|
Multiple Spaces—unexpected behavior in non-default Kibana
Space.\r\n| Low | High | Integration tests will verify that all features
are still\r\nsupported in non-default Kibana Space and when user
switches between\r\nspaces. |\r\n| Multiple nodes—Elasticsearch
polling might have race conditions\r\nwhen multiple Kibana nodes are
polling for the same tasks. | High | Low\r\n| Tasks are idempotent, so
executing them multiple times will not result\r\nin logical error, but
will degrade performance. To test for this case we\r\nadd plenty of unit
tests around this logic and document manual testing\r\nprocedure. |\r\n|
Code should gracefully handle cases when feature X or plugin Y
are\r\ndisabled. | Medium | High | Unit tests will verify that any
feature flag\r\nor plugin combination still results in our service
operational. |\r\n| [See more potential
risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
|\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for
breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"201fabc63ffc9c863b8fac1687b506efcbd178c1","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","backport:all-open","v8.7.0"],"number":149462,"url":"https://github.com/elastic/kibana/pull/149462","mergeCommit":{"message":"Fix
core app routes (#149462)\n\n## Summary\r\n\r\nSummarize your PR. If it
involves visual changes include a screenshot or\r\ngif.\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [ ] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[
]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n-
[ ] Any UI touched in this PR does not create any new axe
failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[ ] If a plugin configuration key changed, check if it needs to
be\r\nallowlisted in the cloud and added to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-
[ ] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[ ] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n###
Risk Matrix\r\n\r\nDelete this section if it is not applicable to this
PR.\r\n\r\nBefore closing this PR, invite QA, stakeholders, and other
developers to\r\nidentify risks that should be tested prior to the
change/feature\r\nrelease.\r\n\r\nWhen forming the risk matrix, consider
some of the following examples\r\nand how they may potentially impact
the change:\r\n\r\n| Risk | Probability | Severity | Mitigation/Notes
|\r\n\r\n|---------------------------|-------------|----------|-------------------------|\r\n|
Multiple Spaces—unexpected behavior in non-default Kibana
Space.\r\n| Low | High | Integration tests will verify that all features
are still\r\nsupported in non-default Kibana Space and when user
switches between\r\nspaces. |\r\n| Multiple nodes—Elasticsearch
polling might have race conditions\r\nwhen multiple Kibana nodes are
polling for the same tasks. | High | Low\r\n| Tasks are idempotent, so
executing them multiple times will not result\r\nin logical error, but
will degrade performance. To test for this case we\r\nadd plenty of unit
tests around this logic and document manual testing\r\nprocedure. |\r\n|
Code should gracefully handle cases when feature X or plugin Y
are\r\ndisabled. | Medium | High | Unit tests will verify that any
feature flag\r\nor plugin combination still results in our service
operational. |\r\n| [See more potential
risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
|\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for
breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"201fabc63ffc9c863b8fac1687b506efcbd178c1"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/149462","number":149462,"mergeCommit":{"message":"Fix
core app routes (#149462)\n\n## Summary\r\n\r\nSummarize your PR. If it
involves visual changes include a screenshot or\r\ngif.\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [ ] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[
]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n-
[ ] Any UI touched in this PR does not create any new axe
failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[ ] If a plugin configuration key changed, check if it needs to
be\r\nallowlisted in the cloud and added to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-
[ ] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[ ] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n###
Risk Matrix\r\n\r\nDelete this section if it is not applicable to this
PR.\r\n\r\nBefore closing this PR, invite QA, stakeholders, and other
developers to\r\nidentify risks that should be tested prior to the
change/feature\r\nrelease.\r\n\r\nWhen forming the risk matrix, consider
some of the following examples\r\nand how they may potentially impact
the change:\r\n\r\n| Risk | Probability | Severity | Mitigation/Notes
|\r\n\r\n|---------------------------|-------------|----------|-------------------------|\r\n|
Multiple Spaces—unexpected behavior in non-default Kibana
Space.\r\n| Low | High | Integration tests will verify that all features
are still\r\nsupported in non-default Kibana Space and when user
switches between\r\nspaces. |\r\n| Multiple nodes—Elasticsearch
polling might have race conditions\r\nwhen multiple Kibana nodes are
polling for the same tasks. | High | Low\r\n| Tasks are idempotent, so
executing them multiple times will not result\r\nin logical error, but
will degrade performance. To test for this case we\r\nadd plenty of unit
tests around this logic and document manual testing\r\nprocedure. |\r\n|
Code should gracefully handle cases when feature X or plugin Y
are\r\ndisabled. | Medium | High | Unit tests will verify that any
feature flag\r\nor plugin combination still results in our service
operational. |\r\n| [See more potential
risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
|\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for
breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"201fabc63ffc9c863b8fac1687b506efcbd178c1"}}]}]
BACKPORT-->
Co-authored-by: Rudolf Meijering <skaapgif@gmail.com>
# Backport
This will backport the following commits from `main` to `8.6`:
- [Do not skip UPDATE_TARGET_MAPPINGS if upgrading to a newer stack
version (#147503)](https://github.com/elastic/kibana/pull/147503)
<!--- Backport version: 8.9.7 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT [{"author":{"name":"Gerard
Soldevila","email":"gerard.soldevila@elastic.co"},"sourceCommit":{"committedDate":"2022-12-14T13:39:47Z","message":"Do
not skip UPDATE_TARGET_MAPPINGS if upgrading to a newer stack version
(#147503)\n\nFixes
https://github.com/elastic/kibana/issues/147450","sha":"4f72a2eb5beded9a3086de7766021d9b65a197f3","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","Team:Core","release_note:skip","Feature:Migrations","backport:prev-minor","v8.6.0","v8.7.0","v8.6.1"],"number":147503,"url":"https://github.com/elastic/kibana/pull/147503","mergeCommit":{"message":"Do
not skip UPDATE_TARGET_MAPPINGS if upgrading to a newer stack version
(#147503)\n\nFixes
https://github.com/elastic/kibana/issues/147450","sha":"4f72a2eb5beded9a3086de7766021d9b65a197f3"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/147503","number":147503,"mergeCommit":{"message":"Do
not skip UPDATE_TARGET_MAPPINGS if upgrading to a newer stack version
(#147503)\n\nFixes
https://github.com/elastic/kibana/issues/147450","sha":"4f72a2eb5beded9a3086de7766021d9b65a197f3"}}]}]
BACKPORT-->
Co-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>
# Backport
This will backport the following commits from `main` to `8.6`:
- [Reduce startup time by skipping update mappings step when possible
(#145604)](https://github.com/elastic/kibana/pull/145604)
<!--- Backport version: 8.9.7 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT [{"author":{"name":"Gerard
Soldevila","email":"gerard.soldevila@elastic.co"},"sourceCommit":{"committedDate":"2022-11-28T14:34:58Z","message":"Reduce
startup time by skipping update mappings step when possible
(#145604)\n\nThe goal of this PR is to reduce the startup times of
Kibana server by\r\nimproving the migration logic.\r\n\r\nFixes
https://github.com/elastic/kibana/issues/145743\r\nRelatedhttps://github.com/elastic/kibana/issues/144035)\r\n\r\nThe migration
logic is run systematically at startup, whether the\r\ncustomers are
upgrading or not.\r\nHistorically, these steps have been very quick, but
we recently found\r\nout about some customers that have more than **one
million** Saved\r\nObjects stored, making the overall startup process
slow, even when there\r\nare no migrations to perform.\r\n\r\nThis PR
specifically targets the case where there are no migrations
to\r\nperform, aka a Kibana node is started against an ES cluster that
is\r\nalready up to date wrt stack version and list of
plugins.\r\n\r\nIn this scenario, we aim at skipping the
`UPDATE_TARGET_MAPPINGS` step\r\nof the migration logic, which
internally runs the\r\n`updateAndPickupMappings` method, which turns out
to be expensive if the\r\nsystem indices contain lots of
SO.\r\n\r\n\r\nI locally tested the following scenarios too:\r\n\r\n-
**Fresh install.** The step is not even run, as the `.kibana`
index\r\ndid not exist ✅\r\n- **Stack version + list of plugins up to
date.** Simply restarting\r\nKibana after the fresh install. The step is
run and leads to `DONE`, as\r\nthe md5 hashes match those stored in
`.kibana._mapping._meta` ✅\r\n- **Faking re-enabling an old plugin.** I
manually removed one of the\r\nMD5 hashes from the stored
.kibana._mapping._meta through `curl`, and\r\nthen restarted Kibana. The
step is run and leads to\r\n`UPDATE_TARGET_MAPPINGS` as it used to
before the PR ✅\r\n- **Faking updating a plugin.** Same as the previous
one, but altering\r\nan existing md5 stored in the metas. ✅\r\n\r\nAnd
that is the curl command used to tamper with the stored
_meta:\r\n```bash\r\ncurl -X PUT
\"kibana:changeme@localhost:9200/.kibana/_mapping?pretty\" -H
'Content-Type: application/json' -d'\r\n{\r\n \"_meta\": {\r\n
\"migrationMappingPropertyHashes\": {\r\n \"references\":
\"7997cf5a56cc02bdc9c93361bde732b0\",\r\n }\r\n
}\r\n}\r\n'\r\n```","sha":"b1e18a0414ed99456706119d15173b687c6e7366","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Core","enhancement","release_note:skip","Feature:Migrations","backport:prev-minor","v8.7.0"],"number":145604,"url":"https://github.com/elastic/kibana/pull/145604","mergeCommit":{"message":"Reduce
startup time by skipping update mappings step when possible
(#145604)\n\nThe goal of this PR is to reduce the startup times of
Kibana server by\r\nimproving the migration logic.\r\n\r\nFixes
https://github.com/elastic/kibana/issues/145743\r\nRelatedhttps://github.com/elastic/kibana/issues/144035)\r\n\r\nThe migration
logic is run systematically at startup, whether the\r\ncustomers are
upgrading or not.\r\nHistorically, these steps have been very quick, but
we recently found\r\nout about some customers that have more than **one
million** Saved\r\nObjects stored, making the overall startup process
slow, even when there\r\nare no migrations to perform.\r\n\r\nThis PR
specifically targets the case where there are no migrations
to\r\nperform, aka a Kibana node is started against an ES cluster that
is\r\nalready up to date wrt stack version and list of
plugins.\r\n\r\nIn this scenario, we aim at skipping the
`UPDATE_TARGET_MAPPINGS` step\r\nof the migration logic, which
internally runs the\r\n`updateAndPickupMappings` method, which turns out
to be expensive if the\r\nsystem indices contain lots of
SO.\r\n\r\n\r\nI locally tested the following scenarios too:\r\n\r\n-
**Fresh install.** The step is not even run, as the `.kibana`
index\r\ndid not exist ✅\r\n- **Stack version + list of plugins up to
date.** Simply restarting\r\nKibana after the fresh install. The step is
run and leads to `DONE`, as\r\nthe md5 hashes match those stored in
`.kibana._mapping._meta` ✅\r\n- **Faking re-enabling an old plugin.** I
manually removed one of the\r\nMD5 hashes from the stored
.kibana._mapping._meta through `curl`, and\r\nthen restarted Kibana. The
step is run and leads to\r\n`UPDATE_TARGET_MAPPINGS` as it used to
before the PR ✅\r\n- **Faking updating a plugin.** Same as the previous
one, but altering\r\nan existing md5 stored in the metas. ✅\r\n\r\nAnd
that is the curl command used to tamper with the stored
_meta:\r\n```bash\r\ncurl -X PUT
\"kibana:changeme@localhost:9200/.kibana/_mapping?pretty\" -H
'Content-Type: application/json' -d'\r\n{\r\n \"_meta\": {\r\n
\"migrationMappingPropertyHashes\": {\r\n \"references\":
\"7997cf5a56cc02bdc9c93361bde732b0\",\r\n }\r\n
}\r\n}\r\n'\r\n```","sha":"b1e18a0414ed99456706119d15173b687c6e7366"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/145604","number":145604,"mergeCommit":{"message":"Reduce
startup time by skipping update mappings step when possible
(#145604)\n\nThe goal of this PR is to reduce the startup times of
Kibana server by\r\nimproving the migration logic.\r\n\r\nFixes
https://github.com/elastic/kibana/issues/145743\r\nRelatedhttps://github.com/elastic/kibana/issues/144035)\r\n\r\nThe migration
logic is run systematically at startup, whether the\r\ncustomers are
upgrading or not.\r\nHistorically, these steps have been very quick, but
we recently found\r\nout about some customers that have more than **one
million** Saved\r\nObjects stored, making the overall startup process
slow, even when there\r\nare no migrations to perform.\r\n\r\nThis PR
specifically targets the case where there are no migrations
to\r\nperform, aka a Kibana node is started against an ES cluster that
is\r\nalready up to date wrt stack version and list of
plugins.\r\n\r\nIn this scenario, we aim at skipping the
`UPDATE_TARGET_MAPPINGS` step\r\nof the migration logic, which
internally runs the\r\n`updateAndPickupMappings` method, which turns out
to be expensive if the\r\nsystem indices contain lots of
SO.\r\n\r\n\r\nI locally tested the following scenarios too:\r\n\r\n-
**Fresh install.** The step is not even run, as the `.kibana`
index\r\ndid not exist ✅\r\n- **Stack version + list of plugins up to
date.** Simply restarting\r\nKibana after the fresh install. The step is
run and leads to `DONE`, as\r\nthe md5 hashes match those stored in
`.kibana._mapping._meta` ✅\r\n- **Faking re-enabling an old plugin.** I
manually removed one of the\r\nMD5 hashes from the stored
.kibana._mapping._meta through `curl`, and\r\nthen restarted Kibana. The
step is run and leads to\r\n`UPDATE_TARGET_MAPPINGS` as it used to
before the PR ✅\r\n- **Faking updating a plugin.** Same as the previous
one, but altering\r\nan existing md5 stored in the metas. ✅\r\n\r\nAnd
that is the curl command used to tamper with the stored
_meta:\r\n```bash\r\ncurl -X PUT
\"kibana:changeme@localhost:9200/.kibana/_mapping?pretty\" -H
'Content-Type: application/json' -d'\r\n{\r\n \"_meta\": {\r\n
\"migrationMappingPropertyHashes\": {\r\n \"references\":
\"7997cf5a56cc02bdc9c93361bde732b0\",\r\n }\r\n
}\r\n}\r\n'\r\n```","sha":"b1e18a0414ed99456706119d15173b687c6e7366"}}]}]
BACKPORT-->
# Backport
This will backport the following commits from `main` to `8.6`:
- [Fix SO service status when migration is disabled
(#145693)](https://github.com/elastic/kibana/pull/145693)
<!--- Backport version: 8.9.7 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT [{"author":{"name":"Pierre
Gayvallet","email":"pierre.gayvallet@elastic.co"},"sourceCommit":{"committedDate":"2022-11-21T08:02:52Z","message":"Fix
SO service status when migration is disabled (#145693)\n\n##
Summary\r\n\r\nFix
https://github.com/elastic/kibana/issues/145558\r\n\r\nhave the SO
service status properly be green instead of being stuck to\r\nred when
the SO migration was skipped using `migration.skip:
true`.\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"75100868427f10ec8ed19a2bae811263c0ded311","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Core","release_note:skip","backport:prev-minor","v8.6.0","v8.7.0"],"number":145693,"url":"https://github.com/elastic/kibana/pull/145693","mergeCommit":{"message":"Fix
SO service status when migration is disabled (#145693)\n\n##
Summary\r\n\r\nFix
https://github.com/elastic/kibana/issues/145558\r\n\r\nhave the SO
service status properly be green instead of being stuck to\r\nred when
the SO migration was skipped using `migration.skip:
true`.\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"75100868427f10ec8ed19a2bae811263c0ded311"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/145693","number":145693,"mergeCommit":{"message":"Fix
SO service status when migration is disabled (#145693)\n\n##
Summary\r\n\r\nFix
https://github.com/elastic/kibana/issues/145558\r\n\r\nhave the SO
service status properly be green instead of being stuck to\r\nred when
the SO migration was skipped using `migration.skip:
true`.\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"75100868427f10ec8ed19a2bae811263c0ded311"}}]}]
BACKPORT-->
# Backport
This will backport the following commits from `main` to `8.6`:
- [Add CSP header to all requests, including api requests
(#144902)](https://github.com/elastic/kibana/pull/144902)
<!--- Backport version: 8.9.7 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT [{"author":{"name":"Thomas
Watson","email":"watson@elastic.co"},"sourceCommit":{"committedDate":"2022-11-16T20:45:10Z","message":"Add
CSP header to all requests, including api requests
(#144902)\n\nPreviously `/api/*` requests didn't include a
`Content-Security-Policy`\r\nheader, now they do.\r\n\r\nCloses
#143871","sha":"5550ab6cb10fbfddf437a74900103bb33dd1afa4","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","backport:all-open","v8.7.0"],"number":144902,"url":"https://github.com/elastic/kibana/pull/144902","mergeCommit":{"message":"Add
CSP header to all requests, including api requests
(#144902)\n\nPreviously `/api/*` requests didn't include a
`Content-Security-Policy`\r\nheader, now they do.\r\n\r\nCloses
#143871","sha":"5550ab6cb10fbfddf437a74900103bb33dd1afa4"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/144902","number":144902,"mergeCommit":{"message":"Add
CSP header to all requests, including api requests
(#144902)\n\nPreviously `/api/*` requests didn't include a
`Content-Security-Policy`\r\nheader, now they do.\r\n\r\nCloses
#143871","sha":"5550ab6cb10fbfddf437a74900103bb33dd1afa4"}}]}]
BACKPORT-->
Co-authored-by: Thomas Watson <watson@elastic.co>
## Summary
Fix https://github.com/elastic/kibana/issues/144255
Create the `@kbn/core-root-server-internal` package, and move `Root`,
`Server` and `bootstrap` to it.
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
* Updated EUI to version 67.1.2. Updated instaces of ButtonColor from EUI to EuiButtonColor.
* Updated to EuiCard instances that utilize the betaBadgeProps object to return an empty string instead of undefined when the label is unavailable
* Removed two instances of the deprecated internetExplorerOnly() mixin
* Updated two instances of the ButtonColor import to EuiButtonColor as is was renamed in PR #6150
* Updated snapshots in Jest Test Suite #1 to account for EuiButton and EuiCard Emotion conversions. Updated snapshots for EuiTooltip as it now contains the new EuiToolTipAnchor component that replaced the tooltip anchor styles
* Updated snapshots in Jest Test Suite #2 to account forEuiButton, EuiDescriptionList, EuiButtonIcon, and EuiBadge Emotion conversions.
* Updated snapshots in Jest Test Suite #3 to account for EuiDescriptionList, EuiButton, and EuiBadge Emotion conversions. Updated snapshots for EuiTooltip as if now contains the new EuiTooltipAnchor component that replaced the tooltop anchor styles
* Updated snapshots in Jest Test Suite #4 to account for EuiButton Emotion conversion.
* Updated snapshots in Jest Test Suite #5 to account for EuiButton Emotion conversion.
* Updated snapshots in Jest Test Suite #8 to account for EuiButtonIcon and EuiButton Emotion conversions. Updated snapshots for EuiTooltip as it now contains the new EuiTooltipAnchor component that replaced the tooltip anchor styles.
* Updated snapshots in Jest Test Suite #9 to account for EuiFlyout and EuiButton Emotion conversions.
* Updated snapshots in Jest Test Suite #10 to account for EuiButton, EuiBadge, EuiButtonIcon, and EuiCard Emotion conversions. Updated snapshots for EuiToolTtip as it now contains the new EuiTooltipAnchor component that replaced the tooltip anchor styles
* Updated instances of EuiButtonIconColor to use EuiButtonIconProps['color'] as it was removed in PR #6150
* Updated tests that target EuiButton to simulate click events to target a generic button to prevent undefined click event errors
* Updated snapshots in Jest Test Suite #1 to account for EuiButton and EuiCard Emotion conversions
* Added the EuiFlyout mixins and variables to Lens Sass file as EuiFlyout has been converted to Emotion and the Sass styles are no longer available in EUI
* Added the EuiCallOutTypes variable to Step Progress Sass file as EuiCallOut has been converted to Emotion and the Sass styles are no longer available in EUI
* Updated snapshots in Jest Test Suite #2 to account for recent Emotion conversions.
Updated snapshots in server_status.test.tsx to render EuiBadge before checking the snapshots to reduce the snapshot churn caused by Emotion.
Updated tests that target EuiButton to simulate click events to target a generic button to prevent undefined click event errors
* [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'
* Added imports for the added flyout mixin. Removed references to EuiCallOut mixin as the component has been converted to Emotion and is no longer available for use.
* Updated unit tests and snapshots in Jest Test Suite #10.
Updated snaphshots to account for EuiBadge, EuiDescriptionList, EuiFlyout, and EuiCard Emotion conversions. Updated snapshots for EuiTooltip as it now contains the new EuiTooltipAnchor component that replaced the tooltip anchor styles.
Updated tests that target EuiButton to simulate click events to target a generic button element to prevent undefined click event errors
* Updated unit tests in Jest Test Suite #11 that target EuiButton to simulate click events to target a generic button to prevent undefined click event errors
* Updated unit tests in Jest Test Suite #12 by updating tests that target EuiButton to simulate click events. Instead, these tests now target a generic button element to prevent undefined click event errors
* Updated unit tests in Jest Test Suite #1 by updating tests that target EuiButton to simulate click events. Instead, these tests now target a generic button element to prevent undefined click event errors
* Updated unit tests in Jest Test Suite #2 by updating tests that use EuiButton to simulate click events. Instead, these test have been updated to target a button element to prevent undefined click event errors.
* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'
* Updated reference to mixins Sass file.
Updated snapshots for Jest Test Suite #5 to account for EuiButton Emotion conversion. Updated unit tests that target EuiButton to simulate click events. These tests have been updated to target a button element to prevent undefined click event errors
* Updated unit tests in Jest Test Suites 3, 7, 8, 13, and 14.
Updated snapshot to account for EuiButton Emotion conversion.
Updated tests that target EuiButton to simulate click events. These tests now target a generic button element to prevent undefined click event errors.
Updated a few snapshots by adding .render() before checking the snapshot. This will prevent large snapshots coming from recent Emotion conversions
* Updated snapshots in Jest Test Suite #10 to account for the recent EuiButton Emotion conversion
* Updated unit tests in Jest Test Suite #2 by editing tests that target EuiButton to simulate click events. These tests now target a button element in order to prevent undefinde click event errors
* Updated snapshots in Jest Test Suite #10 to account for EuiButton and EuiDescriptionList Emotion conversions
* Updated test cases in Jest Test Suites 3, 7, and 8. Updated snapshots to account for EuiButton and EuiPagination Emotion conversions.
Updated tests that target EuiButton to simulate click events. These tests now target a button element to prevent undefined click errors
* Updated test cases in Jest Test Suite 14. Updated snapshots to account for EuiButton Emotion conversion. Opted to use .render() when updating a few snapshots to reduce the large length of snapshots caused by Emotion
* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'
* Revised a change to betaBadgeProps to ensure that the label is available. If not, the value for the badge with be set to undefined.
* Resolved two linting errors
* Resolved two linting errors
* Updated Jest unit tests in various suites.
Updated snapshots to account for EuiButton Emotion conversion. Updated snapshots for EuiTooltip as it now contains the new EuiTooltipAnchor component that replaced the tooltip anchor styles.
* Updated EuiFlyout in query_flyout.tsx to remove the onClick function from maskProps as it is no longer available. Updated this flyout to use ownFocus and not to close when the overlay mask is clicked.
* Removed the use of EuiButtonIconColor in favor of EuiButtonIconProps['color']
* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'
* Updated Cypress test looking for strict equality on EuiPaginationButton class names to match a substring of the Emotion generated class name
* Removed unneeded debugging code. Updated snapshots for various test suites to account for the recent EuiButton Emotion conversion
* Updated a few EuiButton, EuiButtonEmpty, and EuiText components that set the color as ghost. The ghost color mode has been deprecated as of PR #6150. These components now are wrapped in EuiThemeProvider with a dark colorMode to create the previous ghost color.
* Resolved TS error with EuiCard betaBadgeProps
* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'
* Remove references to now-removed EuiFlyout CSS classes/vars
* Remove now-removed euiBadge className references
- Convert directly to EuiBadge instead of using CSS
- Remove confusing and now-possibly-irrelevant CSS badge overrides - left/right icons are now set via JSX and not via flex-direction
* Pre-emptively fix various euiOverlayMask CSS overrides
- this data attr isn't technically in yet but will be once https://github.com/elastic/eui/pull/6289 merges
- at the very least this isn't breaking any more than it currently already is!
* Update to v67.1.3
* v67.1.4
* Resolved test failing test case in Security/Manage/Blocklist. The test did not remove focus from the last combo box in the form, which didn't allow the disbaled attribute to be removed from the flyout submit button. I've updated the mock file for Blocklist to return focus to the first form element in the flyout to allow the disabled attribute to be removed.
* Updated snapshots to account for the recent EuiText Emotion conversion
* Fix Log's custom tooltips relying on EuiTooltip classNames that no longer exist
* Fix Vega vis custom tooltips relying on EuiTooltip classNames that no longer exist
- this one is trickier than Log's as it's not using React, so we need to use Emotion's Global to set a static className
* Convert remaining vega_vis.scss to Emotion
- as an example of how other global + non global styles could be handled in the future
* Fix references to removed `euiPaginationButton-isActive` className
- use aria-current attribute instead
* Added missing EuiFlyoutAnimation keyframes for EuiFlyout. This resolved test that failed because they used onAnimationEnd because the FlyoutAnimation could not be found.
* Reolved Jest Tests in suites 1 and 5. Updated snapshots to account for the recent EuiButton Emotion conversion. Updated snapshots for EuiToolTip as it now contains the new EuiToolTipAnchor component that replaced the tooltip anchor styles.
* iterate on rules_list.test.tsx
* bump eui to v67.1.5
* Updatde snapshots for jest test suites to account for the recent EuiButton, EuiOverlayMask, EuiTooltip, and EuiBadge Emotion conversions
* Resolved failing security test by updating the target element for CONNECTOR_TITLE. EuiCard has recently been converted to Emotion and the card title is no longer wrapper in a span.
* Resolved failing test case in Runtime Fields. The modify runtime field test was failing because the combobox responsbible for adding and updating scripts was not appearing. The textbox did not appear because the shared setFieldScript function targets and toggles the script textbox when opening the flyout. When a runtime field is being modified, the toggle is already active and using the shared function will trigger the toggle again (losing access to the script textbox).
Also resolved an issue that prevented the warning EuiCallout to appear when changing the type of a runtime field from its original type. Resolved this by adding an enter keypress at the end of setFieldType function to confirm the type selection, thus triggering the EuiCallout
* Resolved two tests that were failing in Lens. These test were failing because they were checking for equality in class names that no longer exist within EuiButtonGroup as it was recently converted to Emotion. These tests were updated to check for a substring of the new and longer class name
* Quick fix in test case failing because of misspelling in data-test-sub
* Updated snapshot for Jest test case as EuiButton as recently been converted to Emotion
* Removed console.log statement. Oops!
* Resolved a failing test case in Lens. They were failing because they were checking for equality in class names that no longer exist within EuiButtonGroup as it was recently converted to Emotion. These tests were updated to check for a substring of the new and longer class name.
Updated a Security test case by giving a target button the data-test-subj attribute for easier querying
* Removed reference to EuiFlyout mixin as it has been converted to Emotion. Updated the reference to an interal copy of EuiFlyout styles
* Corrected spelling error in EuiFlyout animation in Lens app
* Update EUI with latest backport
* Update button snapshots
* fix another button snapshot
* More snapshot fixes
* [EuiButton][Security] Fix button relying on now-removed `euiButton__text` CSS
- replace removed CSS with `eui-textTruncate` util instead
- combine/DRY out unnecessary span - was affecting min-width of truncation util
+ increase screenshot diff limit - this was smaller than updating the actual baseline screenshots for whatever reason (likely render diff between local and CI)
* Fix remaining Jest tests affected by Emotion conversions
- because Emotion creates its own wrapper, `.first()` can no longer be used - prefer `.last()` instead
* Fix Jest test affected by EuiButton Emotion conversion + removed modifier class
- targeting the native DOM node + filtering by disabled true/false gets us back to the 'correct' lengths
* Fix + improve flyout test
- `.last()` changes to account for EuiButton Emotion conversion is needed, but the last onClose assertion still fails due to us having modified inputs, and the confirm modal being displayed
- split test into two separate tests - one testing the onClose call, and the other testing the confirm modal
* derpin
* Skip rules_list Jest suite
* Update new EuiButton snapshot
* Upgraded EUI version to 67.1.7
* [EuiCard] Update snapshots
* [EuiPopover] Update snapshots
* [QA] Fix missing Vega warn/error message colors
;_;
* [CI] Auto-commit changed files from 'node scripts/generate codeowners'
* Fix Lens kbnToolbarButton regressions
- Caused by flattening of EUI button CSS specificity
- background-color was previously relying on isDisabled CSS specificity to override its #fff color
- `text` color modifier & `!important` is no longer needed and overrides Emotion CSS flatly
- isDisabled class is no longer needed - euiButton no longer sets `pointer-events: none` on disabled buttons (fixes tooltip bug in webkit as well)
* Backport EUI 67.1.8 fixes
* Update EuiCard snapshots
* Fix EuiModal form wrapper causing overflow issues
- see https://elastic.github.io/eui/#/layout/modal#forms-in-a-modal
* Workaround for `.kbnOverlayMountWrapper` mount point causing overflow issues
- not sure what all is using this modal service to be honest, but the wrapper is causing issues with the modal layout, this fixes overflow issues but will not fix any mask-image issues as a result
* more snapshot updates
* EuiButton - added textProps to EuiButton to prevent very long button names from spilling over outside of the container
* EuiButton - Update EuiButton related snapshots. Updated tests that target EuiButton directly to use a data-telementary-id for more specific element querying required by Emotion
* QA - Removed unnecessary comment in code
* Temporary fix for EuiCard[selectable][layout=horizontal] instances on security solutions' rule page
* Temporary fix for EuiCard[selectable][layout=horizontal] instances on osquery live query and canvas's datasource selector
* [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'
* Fix CSS specificity, where canvas's solutionToolbarButton's background-color now takes precedence over EuiButton's primary styles
* Removed update to search_marker_tooltip that removed the euiTooltip styles and replaced then with Emotion styling. Added EuiTooltip Sass styles for the component to rely on to test for a styling bug that is causing the tooltip and the tooltip arrow to be out of sync with each other.
* Lint Sass file
* Lint Sass file
* Removed overflow:hidden style from .vgaVis_view as it was causing euiScrollStyles not to present the scroll bars in Vega Vis
* Remove typo from EuiButton textProps object. 'className' should not have been included in the actual class name
* Revert tooltip Sass
This reverts commit 20e6ead571, a5cd2de901, and c605cbd7b9
* Fix Emotion tooltip arrows
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Constance Chen <constance.chen@elastic.co>
Co-authored-by: Chandler Prall <chandler.prall@elastic.co>
The removed packages were empty becuase the packages for which they provide
types now ship with their own types. So they are no longer needed.
The following command was run to find them:
find node_modules/@types \
-mindepth 1 \
-maxdepth 1 \
-type d '!' \
-exec test -e "{}/index.d.ts" ';' \
-print
In this case that produced the following output:
node_modules/@types/moment-timezone
node_modules/@types/strip-ansi
node_modules/@types/joi
node_modules/@types/rrule
node_modules/@types/vfile-message
node_modules/@types/reduce-reducers
node_modules/@types/react-resize-detector
node_modules/@types/pretty-ms
Except for `vfile-message` all of these were direct dependencies and could be
removed.
* Use brotli compression
* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'
* Add integration test for brotli support
* Use import instead of require()
* Suppress build error on importing brok
* [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'
* add brok as explicit package dep
* add `server.compression.brotli` config settings
* update documentation
* fix test utils
* fix more test configs
* add tests for endpoints too
* remove against endpoint for now
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: pgayvallet <pierre.gayvallet@elastic.co>
* Bump `elastic/elasticsearch` to `8.4.0-canary.1`
* fixing package violations
* some xpack violations
* remove more unused ts-expect-error
* started muting errors
* start adapting watcher
* fix more usages
* fix more usages
* fixing more usages
* just one more
* more usages
* infra usages
* moar types
* fix unit test
* adapt more usages
* fixes in FTR tests
* try to fix kbn/es-types
* last fixes?
* Fix SO export sorting algorithm
* improve var name
* adapt another unit test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Bumps version to 8.6.0
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
* Ignore version in snapshot
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
* Skip test with Kibana version in assertion
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
