Merge remote-tracking branch 'powerbi/master' into release-1 #387
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…pt SDK **Issue:** `powerbi-client` library has no exported member `Create`  **Changes in this PR:** 1. Added `Create` export from `create.ts` module in `powerbi-client.ts` file.  Related work items: #1076058
Minor version bump 2.22.3 This release will contain 1 change: Pull Request 383914: [JavaScript SDK]: Add Create export in the JavaScript SDK We need to release the export of create interface so we can consume it in SDK wrppers
Upgrade wpmp version
2.22.4 version bump This version bump includes the upgrade of WPMP from ^2 to ^2.7
Enabled CodeQL and SDL: Buddy test run: https://dev.azure.com/powerbi/Embedded/_build?definitionId=8484&_a=summary
…om/en-us/azure/devops/pipelines/process/scheduled-triggers?view=azure-devops&tabs=yaml) to run a weekly build on Saturday at midnight. See [cron syntax](https://learn.microsoft.com/en-us/azure/devops/pipelines/process/scheduled-triggers?view=azure-devops&tabs=yaml#cron-syntax) to adjust the schedule as needed. This change ensures that this repo meets static analysis requirements as per the [Mandatory SDL Requirement](https://liquid.microsoft.com/Web/Object/Read/ms.security/Requirements/Microsoft.Security.SystemsADM.10201). [FAQs] (https://strikecommunity.azurewebsites.net/articles/9931/continuous-sdl-faq-codeql.html), which requires a fresh codeql build every 30 days. To check whether your repository has been onboarded visit the [Lookup Service] (https://semmleportal.azurewebsites.net/lookup) and enter your repository URL - you should see the main branch of your repo in the list. contact [email protected] for further help & details --- For feedback or questions about this PR, please find the contact information in the above description. If none exists, please contact the [Gardener team](mailto:[email protected]) to help route. --- This change was automatically generated by [1ES Gardener](https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/gardener/1es-gardener) (a [MerlinBot](https://aka.ms/MerlinBot) extension) which is an initiative by the 1ES team to help repos stay up-to-date with latest tools, features, and best practices.
Updating models version to 1.13.0
#839888 add getSmartNarrativeInsights to report Related work items: #839888
Following MSRC case as malicious site can be injected as the embed iframe src, added embed URL validation to ensure the host is an allowed PBI src. A valid embed url protocol is "https:" The valid hosts names are ([retrieved from EV2-deployment repository - all of ida_PowerBIFeUrl key values](https://dev.azure.com/powerbi/PowerBIClients/_search?action=contents&text=ida_PowerBIFeUrl path%3A*envParams*&type=code&lp=code-Project&filters=ProjectFilters{PowerBIClients}RepositoryFilters{PowerBIClients-EV2-Deployment}&pageSize=25&result=DefaultCollection/PowerBIClients/PowerBIClients-EV2-Deployment/GBmaster//WFE/AppService/ADM/Public/INT/envParams.txt)): - app.powerbi.com, - app.powerbi.cn, - app.powerbigov.us, - app.mil.powerbigov.us, - app.high.powerbigov.us, - app.powerbi.eaglex.ic.gov, - app.powerbi.microsoft.scloud, - powerbi-df.analysis-df.windows.net, - CST WFE URLs: 'https://{cst-name}.analysis.windows-int.net' - daily.powerbi.com - dxt.powerbi.com - msit.powerbi.com Embed URL validation should include fabric embed URL. All of the above should be covered by the following regex expressions: .+\.powerbi.com$ - daily.powerbi.com - dxt.powerbi.com - msit.powerbi.com - app.powerbi.com FF: ^app(.mil.|.high.|.)powerbigov.us$ - app.powerbigov.us, - app.mil.powerbigov.us, - app.high.powerbigov.us Edog: .+\.analysis-df.windows.net$ Onebox and CSTs: .+\.analysis.windows-int.net$ Fabric URLs: .+\.fabric.microsoft.com$ **Please look into the test cases in utils.spec.ts to see the valid and invalid embe urls** Related work items: #1245653
version bump 2.3.0
Client-side APIs are not supported for rdl reports. Ideally, we should refactor our code to have one validation for all APIs. This requires major changes in the SDK code. So, I added this missing validation per request from customer especially that this API name is not clear that it is Power BI report specifc and might be misleading for customers. [Incident 474677846 : [PowerBI] CSS - Embedded (User Owns Data/Apps Owns Data): <Programmatic refresh of paginated report in embedded doesn't work>](https://portal.microsofticm.com/imp/v3/incidents/incident/474677846/summary)
removed global flag from valid embed hosts validation to resolve bug introduced with 2.23.0 release: Issue reported [here](https://community.fabric.microsoft.com/t5/Developer/bd-p/Developer) and by @<Sergey Pustynsky> from datahub (attaching Sergey's description): We started to get "Invalid embed URL detected. Either URL hostname or protocol are invalid. Please use Power BI REST APIs to get the valid URL"; in Datahub embed scenario. We have 2 tabs, each one renders iframe with different configs. Once it rendered OK, 2nd time fails on error. It caused by this code, which looks valid The result of this check is inconsistent (once returns true, once false) over the same data. It's possibly related to RegEx statefullness. Do we really need this global flag in RegEx definition? Symptoms: `When a RegExp object is created with the global (g) or sticky (y) flag, it maintains an internal lastIndex property. This property is used to determine where to start the next match attempt during subsequent calls to .test() or .exec() methods. After each match attempt, lastIndex is updated. This means if a match is found, the next call to .test() will start searching from the position after the last match, which can lead to the following outcomes: If the next call does not find a match (because it starts searching from a non-zero lastIndex), .test() will return false. If you call .test() again after it returns false, lastIndex is reset to 0, and the regex is evaluated from the beginning of the string, potentially returning true again if a match is found from the start.` Related work items: #1362247
version bump 2.23.1, minor bug fix of embed url validation
may-hartov
changed the title
may-hartov
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.