Skip to content

feat(search): add list fields endpoint + pagination#3

Draft
Totodore wants to merge 2 commits intomainfrom
feat-list-fields-quickwit
Draft

feat(search): add list fields endpoint + pagination#3
Totodore wants to merge 2 commits intomainfrom
feat-list-fields-quickwit

Conversation

@Totodore
Copy link

Description

Describe the proposed changes made in this PR.

How was this PR tested?

Describe how you tested this PR.

@github-actions
Copy link

github-actions bot commented Feb 25, 2026

Logo
Checkmarx One – Scan Summary & Detailsd35d4251-8f05-4f1e-b87e-1eabde284e83


New Issues (7) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 CRITICAL CVE-2026-25547 Npm-@isaacs/brace-expansion-5.0.0
detailsRecommended version: 5.0.1
Description: @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
2 HIGH CVE-2026-26996 Npm-minimatch-10.1.1
detailsRecommended version: 10.2.1
Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
3 MEDIUM CVE-2025-64718 Npm-js-yaml-4.1.0
detailsRecommended version: 4.1.1
Description: js-yaml is a JavaScript YAML parser and dumper. In js-yaml versions through 3.14.1 and 4.x through 4.1.0, it's possible for an attacker to modify t...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
4 MEDIUM Secret_Leak_in_Logs /quickwit/quickwit-search/src/list_terms.rs: 91
detailsMethod at line 144 of /quickwit/quickwit-search/src/list_terms.rs leaks the secret failed_splits to the log.
Attack Vector
5 LOW Cx8bc4df28-fcf5 Npm-debug-3.2.7
detailsRecommended version: 4.4.0
Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
6 LOW Cx8bc4df28-fcf5 Npm-debug-4.3.4
detailsRecommended version: 4.4.0
Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
7 LOW Cxda14f253-4e52 Npm-bluebird-3.7.2
detailsDescription: The package `bluebird` is vulnerable to memory leak, when running the function longStackTraces() with the flag `--expose_gc`. This causes a signifi...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package

Fixed Issues (5) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
LOW Filtering_Sensitive_Logs /src/atlassian/jira/JiraClient.py: 152
LOW Filtering_Sensitive_Logs /src/atlassian/jira/JiraClient.py: 152
LOW Filtering_Sensitive_Logs /src/atlassian/jira/JiraClient.py: 152
LOW Filtering_Sensitive_Logs /src/atlassian/jira/JiraClient.py: 152
LOW Filtering_Sensitive_Logs /src/atlassian/jira/JiraClient.py: 121

@Totodore Totodore force-pushed the feat-list-fields-quickwit branch 3 times, most recently from 5e03d9b to 79c11e2 Compare February 26, 2026 12:34
@Totodore Totodore force-pushed the feat-list-fields-quickwit branch from 79c11e2 to 1288bfb Compare February 26, 2026 13:11
@github-actions
Copy link

YARN is no longer allowed. Kindly replace the lockfile using PNPM. Found in ./quickwit/quickwit-ui/yarn.lock

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant