This is an automated email from the ASF dual-hosted git repository.
zhangbutao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new d85b87cfd75 HIVE-28496: Address CVE-2020-28487 due to 4.20.0 version
of vis.js (#5430)(Kiran Velumuri, reviewed by Shohei Okumiya, Stamatis
Zampetakis, Butao Zhang)
d85b87cfd75 is described below
commit d85b87cfd750623d365d39c73df6d58e1220128a
Author: Kiran Velumuri <[email protected]>
AuthorDate: Sat Sep 28 08:20:36 2024 +0530
HIVE-28496: Address CVE-2020-28487 due to 4.20.0 version of vis.js
(#5430)(Kiran Velumuri, reviewed by Shohei Okumiya, Stamatis Zampetakis, Butao
Zhang)
---
.../org/apache/hive/tmpl/QueryProfileTmpl.jamon | 2 +-
.../resources/hive-webapps/static/js/vis.min.js | 63 ----------------------
2 files changed, 1 insertion(+), 64 deletions(-)
diff --git a/service/src/jamon/org/apache/hive/tmpl/QueryProfileTmpl.jamon
b/service/src/jamon/org/apache/hive/tmpl/QueryProfileTmpl.jamon
index d870584870f..16d4d30afc9 100644
--- a/service/src/jamon/org/apache/hive/tmpl/QueryProfileTmpl.jamon
+++ b/service/src/jamon/org/apache/hive/tmpl/QueryProfileTmpl.jamon
@@ -57,7 +57,7 @@ private boolean showStats = false;
</%if>
</%if>
<%if showGraph %>
- <script type="text/javascript" src="/static/js/vis.min.js"></script>
+ <script type="text/javascript"
src="https://unpkg.com/[email protected]/standalone/umd/vis-network.min.js";></script>
<link href="/static/css/query-plan-graph.css" rel="stylesheet">
<script src="/static/js/query-plan-graph.js"></script>
</%if>
diff --git a/service/src/resources/hive-webapps/static/js/vis.min.js
b/service/src/resources/hive-webapps/static/js/vis.min.js
deleted file mode 100644
index 09730dabbc6..00000000000
--- a/service/src/resources/hive-webapps/static/js/vis.min.js
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * vis.js
- * https://github.com/almende/vis
- *
- * A dynamic, browser-based visualization library.
- *
- * @version 4.20.0
- * @date 2017-05-21
- *
- * @license
- * Copyright (C) 2011-2017 Almende B.V, http://almende.com
- *
- * Vis.js is dual licensed under both
- *
- * * The Apache 2.0 License
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * and
- *
- * * The MIT License
- * http://opensource.org/licenses/MIT
- *
- * Vis.js may be distributed under either license.
- */
-"use strict";!function(t,e){"object"==typeof exports&&"object"==typeof
module?module.exports=e():"function"==typeof
define&&define.amd?define([],e):"object"==typeof
exports?exports.vis=e():t.vis=e()}(this,function(){return function(t){function
e(o){if(i[o])return i[o].exports;var n=i[o]={exports:{},id:o,loaded:!1};return
t[o].call(n.exports,n,n.exports,e),n.loaded=!0,n.exports}var i={};return
e.m=t,e.c=i,e.p="",e(0)}([function(t,e,i){var
o=i(1);o.extend(e,i(87)),o.extend(e,i(116)),o.exte [...]
-s(e._tzm)||(t._tzm=e._tzm),s(e._isUTC)||(t._isUTC=e._isUTC),s(e._offset)||(t._offset=e._offset),s(e._pf)||(t._pf=p(e)),s(e._locale)||(t._locale=e._locale),xo.length>0)for(i=0;i<xo.length;i++)o=xo[i],n=e[o],s(n)||(t[o]=n);return
t}function g(t){v(this,t),this._d=new
Date(null!=t._d?t._d.getTime():NaN),this.isValid()||(this._d=new
Date(NaN)),!1===ko&&(ko=!0,e.updateOffset(this),ko=!1)}function y(t){return t
instanceof g||null!=t&&null!=t._isAMomentObject}function b(t){return
t<0?Math.ceil( [...]
-var t=this._data;return
this._milliseconds=os(this._milliseconds),this._days=os(this._days),this._months=os(this._months),t.milliseconds=os(t.milliseconds),t.seconds=os(t.seconds),t.minutes=os(t.minutes),t.hours=os(t.hours),t.months=os(t.months),t.years=os(t.years),this}function
$i(t,e,i,o){var n=Ge(e,i);return
t._milliseconds+=o*n._milliseconds,t._days+=o*n._days,t._months+=o*n._months,t._bubble()}function
to(t,e){return $i(this,t,e,1)}function eo(t,e){return $i(this,t,e,-1)}function
io [...]
-this._trigger("add",{items:e}),this._data.on&&this._data.on("*",this.listener)}},o.prototype.refresh=function(){var
t,e,i,o=this._data.getIds({filter:this._options&&this._options.filter}),n=(0,s.default)(this._ids),r={},a=[],h=[],d=[];for(e=0,i=o.length;e<i;e++)t=o[e],r[t]=!0,this._ids[t]||(a.push(t),this._ids[t]=!0);for(e=0,i=n.length;e<i;e++)t=n[e],r[t]||(h.push(t),d.push(this._data._data[t]),delete
this._ids[t]);this.length+=a.length-h.length,a.length&&this._trigger("add",{items:a}),h
[...]
-"function"==typeof
this.showTooltip?e.innerHTML=this.showTooltip(t.point):e.innerHTML="<table><tr><td>"+this.xLabel+":</td><td>"+t.point.x+"</td></tr><tr><td>"+this.yLabel+":</td><td>"+t.point.y+"</td></tr><tr><td>"+this.zLabel+":</td><td>"+t.point.z+"</td></tr></table>",e.style.left="0",e.style.top="0",this.frame.appendChild(e),this.frame.appendChild(i),this.frame.appendChild(o);var
n=e.offsetWidth,s=e.offsetHeight,r=i.offsetHeight,h=o.offsetWidth,d=o.offsetHeight,l=t.screen.x-n/2;l=Mat
[...]
-;return["auto","manipulation","pan-y","pan-x","pan-x
pan-y","none"].forEach(function(i){t[i]=!e||n.CSS.supports("touch-action",i)}),t}();J.prototype={set:function(t){"compute"==t&&(t=this.compute()),ne&&this.manager.element.style&&le[t]&&(this.manager.element.style[oe]=t),this.actions=t.toLowerCase().trim()},update:function(){this.set(this.manager.options.touchAction)},compute:function(){var
t=[];return
l(this.manager.recognizers,function(e){f(e.options.enable,[e])&&(t=t.concat(e.getTouc
[...]
-;if(o&&void
0!==i.domProps.centerContainer.width){e.convertHiddenOptions(t,i,o);for(var
n=t(i.range.start),s=t(i.range.end),r=i.range.end-i.range.start,a=r/i.domProps.centerContainer.width,h=0;h<o.length;h++)if(void
0!==o[h].repeat){var d=t(o[h].start),l=t(o[h].end);if("Invalid
Date"==d._d)throw new Error("Supplied start date is not valid:
"+o[h].start);if("Invalid Date"==l._d)throw new Error("Supplied end date is not
valid: "+o[h].end);var u=l-d;if(u>=4*a){var c=0,p=s.clone();switch(o[h [...]
-;["onAdd","onUpdate","onRemove","onMove","onMoving","onAddGroup","onMoveGroup","onRemoveGroup"].forEach(function(e){var
i=t[e];if(i){if(!(i instanceof Function))throw new Error("option "+e+" must be
a function "+e+"(item,
callback)");this.options[e]=i}}.bind(this)),this.markDirty()}},n.prototype.markDirty=function(t){this.groupIds=[],t&&t.refreshItems&&l.forEach(this.items,function(t){t.dirty=!0,t.displayed&&t.redraw()})},n.prototype.destroy=function(){this.hide(),this.setItems(null),thi
[...]
-h.push(this.step<=2?"vis-"+r.format("dddd").toLowerCase():""),h.push(t(r.date()-1));break;case"week":h.push("vis-week"+r.format("w")),h.push(i(r)),h.push(t(r.week()));break;case"month":h.push("vis-"+r.format("MMMM").toLowerCase()),h.push(o(r)),h.push(t(r.month()));break;case"year":h.push("vis-year"+r.year()),h.push(function(t){return
t.isSame(new Date,"year")?"
vis-current-year":""}(r)),h.push(t(r.year()))}return h.filter(String).join("
")},t.exports=o},function(t,e,i){function o(t,e,i){ [...]
-this._repaintDeleteButton(t.point)},o.prototype.show=function(){this.displayed||this.redraw()},o.prototype.hide=function(){this.displayed&&(this.dom.point.parentNode&&this.dom.point.parentNode.removeChild(this.dom.point),this.displayed=!1)},o.prototype.repositionX=function(){var
t=this.conversion.toScreen(this.data.start);this.options.rtl?(this.right=t-this.props.dot.width,this.dom.point.style.right=this.right+"px"):(this.left=t-this.props.dot.width,this.dom.point.style.left=this.left+"p
[...]
-this.optionsContainer=document.createElement("div"),this.optionsContainer.className="vis-configuration
vis-config-option-container",this.domElements.push(this.optionsContainer),this.domElements.push(s)}this._push()}},{key:"_push",value:function(){this.wrapper=document.createElement("div"),this.wrapper.className="vis-configuration-wrapper",this.container.appendChild(this.wrapper);for(var
t=0;t<this.domElements.length;t++)this.wrapper.appendChild(this.domElements[t]);this._showPopupIfNeede
[...]
-o.prototype._onRemoveGroups=function(t){for(var
e=0;e<t.length;e++)this._removeGroup(t[e]);this.forceGraphUpdate=!0,this.body.emitter.emit("_change",{queue:!0})},o.prototype._removeGroup=function(t){this.groups.hasOwnProperty(t)&&("right"==this.groups[t].options.yAxisOrientation?(this.yAxisRight.removeGroup(t),this.legendRight.removeGroup(t),this.legendRight.redraw()):(this.yAxisLeft.removeGroup(t),this.legendLeft.removeGroup(t),this.legendLeft.redraw()),delete
this.groups[t])},o.prototy [...]
-},function(t,e,i){function o(t,e){}var
n=i(88);o.calcPath=function(t,e){if(null!=t&&t.length>0){return
1==e.options.interpolation.enabled?o._catmullRom(t,e):o._linear(t)}},o.drawIcon=function(t,e,i,o,s,r){var
a,h,d=.5*s,l=n.getSVGElement("rect",r.svgElements,r.svg);if(l.setAttributeNS(null,"x",e),l.setAttributeNS(null,"y",i-d),l.setAttributeNS(null,"width",o),l.setAttributeNS(null,"height",2*d),l.setAttributeNS(null,"class","vis-outline"),a=n.getSVGElement("path",r.svgElements,r.svg),a.s
[...]
-;throw new SyntaxError('Syntax error in part "'+k(L,30)+'"')}function f(){var
t={};if(n(),p(),"strict"===L&&(t.strict=!0,p()),"graph"!==L&&"digraph"!==L||(t.type=L,p()),F===I.IDENTIFIER&&(t.id=L,p()),"{"!=L)throw
x("Angle bracket { expected");if(p(),m(t),"}"!=L)throw x("Angle bracket }
expected");if(p(),""!==L)throw x("End of file expected");return p(),delete
t.node,delete t.edge,delete t.graph,t}function
m(t){for(;""!==L&&"}"!=L;)v(t),";"===L&&p()}function v(t){var
e=g(t);if(e)return vo [...]
-this.fontOptions.constrainHeight=!1,this.fontOptions.minHgt=-1,this.fontOptions.valign="middle";var
a=f.topMost(o,"heightConstraint");if("number"==typeof
a)this.fontOptions.minHgt=Number(a);else if("object"===(void
0===a?"undefined":(0,d.default)(a))){var
h=f.topMost(o,["heightConstraint","minimum"]);"number"==typeof
h&&(this.fontOptions.minHgt=Number(h));var
l=f.topMost(o,["heightConstraint","valign"]);"string"==typeof
l&&("top"!==l&&"bottom"!==l||(this.fontOptions.valign=l))}}},{key:"c [...]
-this.resize(t,o,n),this.left=e-.5*this.width,this.top=i-.5*this.height;var
r=s.borderWidth/this.body.view.scale;t.lineWidth=Math.min(this.width,r),t.strokeStyle=s.borderColor,t.fillStyle=s.color,t.ellipse_vis(this.left,this.top,this.width,this.height),this.enableShadow(t,s),t.fill(),this.disableShadow(t,s),t.save(),r>0&&(this.enableBorderDashes(t,s),t.stroke(),this.disableBorderDashes(t,s)),t.restore(),this.updateBoundingBox(e,i,t,o,n),this.labelModule.draw(t,e,i,o,n)}},{key:"updateBound
[...]
-o.shape.width>o.shape.height?(e=o.x+.5*o.shape.width,i=o.y-n):(e=o.x+n,i=o.y-.5*o.shape.height),[e,i,n]}},{key:"_pointOnCircle",value:function(t,e,i,o){var
n=2*o*Math.PI;return{x:t+i*Math.cos(n),y:e-i*Math.sin(n)}}},{key:"_findBorderPositionCircle",value:function(t,e,i){for(var
o=i.x,n=i.y,s=i.low,r=i.high,a=i.direction,h=0,d=this.options.selfReferenceSize,l=void
0,u=void 0,c=void 0,p=void 0,f=void
0,m=.5*(s+r);s<=r&&h<10&&(m=.5*(s+r),l=this._pointOnCircle(o,n,d,m),u=Math.atan2(t.y-l.y,t
[...]
-!0===e.connected&&e.toId!==e.fromId&&void 0!==this.body.nodes[e.toId]&&void
0!==this.body.nodes[e.fromId]&&(void 0!==e.edgeType.via?(t=void
0===e.options.length?this.options.springLength:e.options.length,n=e.to,s=e.edgeType.via,r=e.from,this._calculateSpringForce(n,s,.5*t),this._calculateSpringForce(s,r,.5*t)):(t=void
0===e.options.length?1.5*this.options.springLength:e.options.length,this._calculateSpringForce(e.from,e.to,t)))}},{key:"_calculateSpringForce",value:function(t,e,i){var
o=t [...]
-this.body.emitter.on("unlockNode",this.releaseNode.bind(this))}return(0,a.default)(t,[{key:"setOptions",value:function(){var
t=arguments.length>0&&void
0!==arguments[0]?arguments[0]:{};this.options=t}},{key:"fit",value:function(){var
t=arguments.length>0&&void
0!==arguments[0]?arguments[0]:{nodes:[]},e=arguments.length>1&&void
0!==arguments[1]&&arguments[1],i=void 0,o=void 0;if(void
0!==t.nodes&&0!==t.nodes.length||(t.nodes=this.body.nodeIndices),!0===e){var
n=0;for(var s in this.body.no [...]
-;if(s.length>0)for(var r=0;r<s.length;r++)n=Math.max(n,t(s[r]))}return
i[o]=n,n}(t)}},{key:"levelDownstream",value:function(t,e){void
0===this.levels[e.id]&&(void
0===this.levels[t.id]&&(this.levels[t.id]=0),this.levels[e.id]=this.levels[t.id]+1)}},{key:"setMinLevelToZero",value:function(t){var
e=1e9;for(var i in t)t.hasOwnProperty(i)&&void
0!==this.levels[i]&&(e=Math.min(this.levels[i],e));for(var o in
t)t.hasOwnProperty(o)&&void
0!==this.levels[o]&&(this.levels[o]-=e)}},{key:"getTreeSi [...]
-this.manipulationDiv.appendChild(this.manipulationDOM["seperatorLineDiv"+t])}},{key:"_createAddNodeButton",value:function(t){var
e=this._createButton("addNode","vis-button
vis-add",t.addNode||this.options.locales.en.addNode);this.manipulationDiv.appendChild(e),this._bindHammerToDiv(e,this.addNodeMode.bind(this))}},{key:"_createAddEdgeButton",value:function(t){var
e=this._createButton("addEdge","vis-button
vis-connect",t.addEdge||this.options.locales.en.addEdge);this.manipulationDiv.appen
[...]
-//# sourceMappingURL=vis.map
