Skip to content

TEST PR [IGNORE PLEASE] #16738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
silvarohan18 wants to merge 476 commits into
base: rel-3.44.0
Choose a base branch
from
Open

TEST PR [IGNORE PLEASE] #16738

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
476 commits
Select commit Hold shift + click to select a range
4adab4b
Run publish outside of make-dist.sh (#16377)
valenad1 Aug 29, 2024
356c1fa
Do not build haddoop and cat gradle.properties (#16378)
valenad1 Aug 29, 2024
62c1c25
Revert debug code from release script (#16379)
valenad1 Aug 29, 2024
8a76916
Merge remote-tracking branch 'origin/rel-3.46.0'
Aug 29, 2024
cd390df
GH-16312 constrainted glm issues [nocheck] (#16317) (#16383)
Sep 11, 2024
3dbb1c2
Merge remote-tracking branch 'origin/rel-3.46.0'
Sep 11, 2024
5deeb84
ht/fixed links (#16386)
hannah-tillman Sep 13, 2024
9e2edb2
Merge remote-tracking branch 'origin/rel-3.46.0'
Sep 13, 2024
d2023b1
GH-16360: Fix R package for Windows (#16369)
tomasfryda Sep 18, 2024
5e45e78
Merge remote-tracking branch 'origin/rel-3.46.0'
Sep 18, 2024
733c496
GH-16397 - remove sun licence from jar (#16398)
valenad1 Sep 23, 2024
db28d28
Merge remote-tracking branch 'origin/rel-3.46.0'
Sep 23, 2024
51c2594
Code/algorithm motivations [nocheck] [nochecks] (#16393)
shaunyogeshwaran Sep 25, 2024
6191acc
Add Zuzana Olajcova to the committers list (#16406)
maurever Oct 4, 2024
99aafb0
added rule_example (#16415)
shaunyogeshwaran Oct 11, 2024
b15ceac
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 11, 2024
d97dca2
GH-16338: Added group by clarification R example for `gb.control` (#1…
hannah-tillman Oct 15, 2024
7b7463e
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 15, 2024
248aa64
GH-16416 - update avro to fix CVE-2024-47561 (#16422)
valenad1 Oct 16, 2024
3c7b044
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 16, 2024
dd44587
GH-16208: Adding constrained GLM documentation to user guidem [nochec…
hannah-tillman Oct 21, 2024
eaccd47
GH-16423 upgrade protobuf , google-cloud-storage, and fix CVE-2024-72…
valenad1 Oct 21, 2024
c7f2d97
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 21, 2024
b481bdd
[GH-16333] fix pyplot warning (#16381)
krasinski Oct 22, 2024
d0899f8
[GH-16351] Do not call System.exit from water.tools [nocheck] (#16366)
krasinski Oct 23, 2024
2781e8e
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 23, 2024
3e4c39d
GH-16423 - fix hadoop jars after gcs upgrade [nocheck] (#16428)
valenad1 Oct 24, 2024
50aa9e0
GH-16423 - do not remove hadoop-shaded-protobuf_3_7 because of the fa…
valenad1 Oct 24, 2024
966a1f2
ht/numpy requirements (#16434)
hannah-tillman Oct 24, 2024
5c8584c
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 24, 2024
6aa97cc
GH-16361 allow longer pids by adding sys.ai.h2o.log.max.pid.length [n…
krasinski Oct 24, 2024
99f80a7
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 25, 2024
dc7bfa7
GH-16413: Adding HGLM solo algorithm page [nocheck] (#16419)
hannah-tillman Oct 26, 2024
9d6df9e
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 26, 2024
ac1d642
GH-16425 Add JDBC parameter validation [nocheck] (#16432)
krasinski Oct 27, 2024
51a67cb
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 27, 2024
57bc954
GH-8487: implement HGLM gaussian [nocheck] (#16403)
Oct 29, 2024
a7c8c08
[GH-15810] Allow the user to adjust parquet import timezone [nocheck]…
krasinski Oct 29, 2024
58c95ca
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 29, 2024
4056d47
GH-16182: Updating user guide page Welcome to reflect makersaurus gui…
hannah-tillman Oct 30, 2024
421def8
[GH-16333] fix pyplot warning (#16381) (#16441)
Oct 30, 2024
223639d
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 30, 2024
6a8f800
GH-16442: 3.46.0.6 Release Notes [nocheck] (#16443)
hannah-tillman Oct 31, 2024
c7361bb
Merge remote-tracking branch 'origin/rel-3.46.0'
Oct 31, 2024
6f19a16
reduce example width of hglm.R (#16446)
Nov 1, 2024
8954cfc
Merge remote-tracking branch 'origin/rel-3.46.0'
Nov 1, 2024
cca2428
Fix data url (#16448)
maurever Nov 13, 2024
8ff06da
GH-16319 Implement KNN backend [nocheck] (#16405)
maurever Dec 18, 2024
3febdca
GH-16472 - fix CVE-2024-52046 with mina-core upgrade (#16473)
valenad1 Jan 10, 2025
9e25432
GH-16472 - fix CVE-2024-52046 with mina-core upgrade (#16476)
valenad1 Jan 10, 2025
facf8f4
Merge remote-tracking branch 'origin/rel-3.46.0'
Jan 10, 2025
e1f71d8
GH-16480 - fix CVE-2024-5046 with mina-core upgrade to 2.2.4 (#16481)
valenad1 Jan 15, 2025
7618cbd
Merge remote-tracking branch 'origin/rel-3.46.0'
Jan 15, 2025
8ace742
GH-16482 - upgrade jetty and fix CVE-2024-6763, CVE-2024-8184, CVE-20…
valenad1 Jan 16, 2025
0985e47
Merge remote-tracking branch 'origin/rel-3.46.0'
Jan 16, 2025
3098efc
GH-16484 - fix s3 credentials after migration (#16485)
valenad1 Jan 20, 2025
5c8f847
GH-16484 - fix s3 credentials after migration (#16485) (#16487)
valenad1 Jan 21, 2025
1063af6
Update slack-alerts.yml (#16489)
valenad1 Jan 21, 2025
2f8530f
Update slack-alerts.yml (#16492)
valenad1 Jan 21, 2025
fa5f05b
Update slack-alerts.yml (#16494)
valenad1 Jan 21, 2025
3b56394
Update slack-alerts.yml (#16496)
valenad1 Jan 21, 2025
11e6c39
Merge remote-tracking branch 'origin/rel-3.46.0'
Jan 21, 2025
404254f
Sanitize input in slack action (#16498)
valenad1 Jan 22, 2025
6740655
Revert "Sanitize input in slack action" (#16500)
valenad1 Jan 22, 2025
39dc7c3
GH-16466 escape sequences (#16505)
valenad1 Jan 29, 2025
fbab18f
GH-16471 - replace hortonworks with private nexus repo (#16506)
valenad1 Jan 30, 2025
247686e
GH-16484 Merge release branch manually (#16517)
valenad1 Feb 6, 2025
efa63d3
GH-16507 remove hadoop hdp artefacts (#16508)
valenad1 Feb 6, 2025
bb1cf08
Merge pull request #16519 from h2oai/rel-3.46.0
valenad1 Feb 6, 2025
04cf910
Fixed Trivy and Prisma Security scan Issues in Pipeline (#16520)
silvarohan18 Feb 7, 2025
58fb2c4
GH-16484 merge rel branch manually (#16522)
valenad1 Feb 10, 2025
f62ec7f
Fix: JSON Injection Vulnerability in Slack Alerts (#16514)
movinsilva Feb 10, 2025
6969027
Merge pull request #16523 from h2oai/rel-3.46.0
valenad1 Feb 10, 2025
8b42e6c
Issue: h2oai/h2o-ops#785 fix: Improve issue title validation and remo…
movinsilva Feb 13, 2025
151ac11
Merge rel branch manually
valenad1 Feb 13, 2025
6c25f5a
[DevOps] Minimal Image Build Pipeline (#16516)
ChathurindaRanasinghe Feb 13, 2025
8992022
GH-16526 Bring back nightly (#16549)
valenad1 Feb 13, 2025
a72295a
GH-16526 - fix Makefile and add TODO comment (#16551)
valenad1 Feb 13, 2025
66835d7
Merge pull request #16552 from h2oai/rel-3.46.0
valenad1 Feb 13, 2025
24128f5
GH-16526 Debug nightly (#16553)
valenad1 Feb 18, 2025
860e89a
Merge branch 'master' into valenad-GH-16484-merge-branch-manually-and…
valenad1 Feb 18, 2025
77eea98
Merge pull request #16558 from h2oai/valenad-GH-16484-merge-branch-ma…
valenad1 Feb 18, 2025
924f1be
ci: add a multi branch pipeline for testing
ChathurindaRanasinghe Feb 19, 2025
e9f6f03
ci: Remove unwanted commit changes
ChathurindaRanasinghe Feb 19, 2025
95b1585
GH-16530 ci: add nightly merge pipeline (#16559)
ChathurindaRanasinghe Feb 20, 2025
62e4e0e
GH-16530 - change main to master (#16560)
valenad1 Feb 20, 2025
0f2ca59
GH-16526 Run test that are ok so far (only not deterministic issues) …
valenad1 Feb 20, 2025
5b9d9ce
Merge remote-tracking branch origin/rel-3.46.0
Feb 21, 2025
6e2e5f1
GH-16530 - ci: update repository name (#16562)
ChathurindaRanasinghe Feb 21, 2025
d43c96f
GH-16527 Nightly release pipeline (#16568)
valenad1 Feb 26, 2025
1757be4
ci(fix): Cancelling previous builds (#16569)
ChathurindaRanasinghe Feb 26, 2025
f52ea8e
Merge remote-tracking branch origin/rel-3.46.0
Feb 26, 2025
b6b3a47
GH-16527 Nightly release pipeline (#16568) (#16571)
valenad1 Feb 26, 2025
3f6c69f
Merge remote-tracking branch origin/rel-3.46.0
Feb 26, 2025
34e336f
GH-16527 Fix heml chart buckets and git credentials (#16577)
valenad1 Feb 26, 2025
10db306
Fetch after setting new remote (#16578)
valenad1 Feb 26, 2025
823752d
GH-16527 Fix heml chart buckets and git credentials (#16577)
valenad1 Feb 26, 2025
df06fe5
Fetch after setting new remote (#16578)
valenad1 Feb 26, 2025
ccfede7
Merge remote-tracking branch origin/rel-3.46.0
Feb 26, 2025
94aead0
GH-16550 Debug PR pipeline (#16570)
valenad1 Feb 27, 2025
c3b485d
Merge remote-tracking branch origin/rel-3.46.0
Feb 27, 2025
b9a8cb1
GH-16542 Build rest of the images (#16581)
valenad1 Feb 28, 2025
65692a2
Merge remote-tracking branch origin/rel-3.46.0
Mar 1, 2025
1916d7e
Update cleanup stage - release (#16582)
SandevDewthilina Mar 3, 2025
b7600ff
Update cleanup stage - release (#16582) (#16585)
valenad1 Mar 5, 2025
9aa1ad8
Merge remote-tracking branch origin/rel-3.46.0
Mar 5, 2025
51c94d1
GH-16527 Fix docker release - credentials, permissions(#16595)
valenad1 Mar 25, 2025
5f75f13
GH-16527 Fix docker release - credentials, permissions(#16595)
valenad1 Mar 25, 2025
efa0e4a
Merge pull request #16596 from h2oai/valenad-GH-16527-cherry-pick-doc…
valenad1 Mar 25, 2025
fd1a369
Merge remote-tracking branch origin/rel-3.46.0
Mar 25, 2025
479065f
Release notes for 3.46.0.7 (#16598)
valenad1 Mar 27, 2025
d7ed44b
Merge remote-tracking branch origin/rel-3.46.0
Mar 27, 2025
fc5f023
Add user as random number (#16600)
valenad1 Apr 8, 2025
0c28207
Merge remote-tracking branch origin/rel-3.46.0
Apr 9, 2025
3b93dea
GH-16592 Fix NPE when scoring CoxPH mojo from h2o 3.32.x.x (#16591)
Mathanraj-Sharma Apr 10, 2025
49d6da5
Merge remote-tracking branch origin/rel-3.46.0
Apr 11, 2025
76bb62c
Accept zero as offset for xgb models trained with offset
Mathanraj-Sharma Apr 22, 2025
f9acd4b
Merge pull request #16605 from h2oai/MR/master/issue-16590
Mathanraj-Sharma May 7, 2025
e6a314b
Merge remote-tracking branch origin/rel-3.46.0
May 8, 2025
cff1f64
GH-16603 allow to use lambda_ in the GridSearch (#16616)
valenad1 Jun 2, 2025
e4e8d35
Merge remote-tracking branch origin/rel-3.46.0
Jun 3, 2025
41dc639
Update run.py
silvarohan18 Jun 13, 2025
b22d2f3
Merge pull request #16627 from h2oai/silvarohan18-patch-2
silvarohan18 Jun 13, 2025
47d5518
Update run.py
silvarohan18 Jun 17, 2025
bc14959
Update run.py
silvarohan18 Jun 18, 2025
9f83892
Update run.py
silvarohan18 Jun 18, 2025
f714edd
GH-16622 Validate parameters also when user define jdbs with key-valu…
valenad1 Jun 18, 2025
f5ce0f5
Merge remote-tracking branch origin/rel-3.46.0
Jun 19, 2025
56fca16
Fix CVE-2025-48734 in commons-beanutils by upgrading to 1.11.0 (#16633)
valenad1 Jul 15, 2025
0298ee3
Follow up on GH-16622 - handle also string with URL encoding characte…
valenad1 Jul 15, 2025
3452306
Merge remote-tracking branch origin/rel-3.46.0
Jul 16, 2025
1adef6b
GH-16638 fix release after migration to Maven central (#16640)
valenad1 Jul 22, 2025
d14fce9
Merge remote-tracking branch origin/rel-3.46.0
Jul 23, 2025
4b28b6e
Remove Prisma scan from vulnerability check and leave only Trivy (#16…
valenad1 Jul 24, 2025
db9d2b0
Merge remote-tracking branch origin/rel-3.46.0
Jul 24, 2025
45d38a4
GH-16644 - Generate sitemap from documentation (#16645)
valenad1 Jul 25, 2025
47d548b
Merge remote-tracking branch origin/rel-3.46.0
Jul 25, 2025
fb2915c
GH-16652 Fix Parquet export - check for empty values before it is acc…
valenad1 Aug 13, 2025
bdcb675
Merge remote-tracking branch origin/rel-3.46.0
Aug 13, 2025
6c60694
Add single node and multi node test target for Github Actions testing…
silvarohan18 Aug 29, 2025
8ee2db3
GH-16423 - remove protobuf from jar (#16656)
valenad1 Sep 3, 2025
82518db
Merge remote-tracking branch origin/rel-3.46.0
Sep 4, 2025
804c413
Fix CVE-2025-53864 in nimbus-jose-jwt:9.37.4 (#16657)
valenad1 Sep 5, 2025
e7ff8c7
GH-16649 fix CVE-2024-48924 in commons-lang3:3.12.0 and 3.14.0 (#16658)
valenad1 Sep 5, 2025
1eb04e9
Merge remote-tracking branch origin/rel-3.46.0
Sep 6, 2025
ddf4534
GH-16652 - Fix for empty values in date type col (#16660)
valenad1 Sep 15, 2025
df3c22b
Merge remote-tracking branch origin/rel-3.46.0
Sep 16, 2025
2510ddb
fix(build): Fix leak in u-benchmarks. (#16654)
mmalohlava Sep 26, 2025
7345ada
docs updated (#16659)
maitreytalware Sep 26, 2025
7d9c93d
GH-16663 docs updated (#16659) (#16664)
valenad1 Sep 26, 2025
f2a31df
Merge remote-tracking branch origin/rel-3.46.0
Sep 27, 2025
d9c82e1
Follow up on GH-16649 - fix CVE-2024-48924 also for genmodel.jar (#16…
valenad1 Sep 30, 2025
1732586
Merge remote-tracking branch origin/rel-3.46.0
Oct 1, 2025
8bf1372
Release notest for 3.46.0.8 (#16668)
valenad1 Oct 7, 2025
2577b8a
GH-16667 security notes (#16669)
valenad1 Oct 7, 2025
7fb1484
Merge remote-tracking branch origin/rel-3.46.0
Oct 8, 2025
e91d4ef
GH-16638 - increase timeouts for curl (#16670)
valenad1 Oct 8, 2025
e8ed53f
GH-16638 - always fetch all tags (#16672)
valenad1 Oct 8, 2025
3f69e03
Merge remote-tracking branch origin/rel-3.46.0
Oct 9, 2025
c5e3aa4
feat(ci): Update Jenkinsfile to use 'h2o3_linux' label to use dedicaa…
movinsilva Oct 9, 2025
4d64fef
Check if path for ImportFiles endpoints contains a reference for itse…
valenad1 Oct 20, 2025
4469176
Merge remote-tracking branch origin/rel-3.46.0
Oct 21, 2025
9f8ef66
GH-16525 Fix vulnerability scan (#16683)
valenad1 Nov 5, 2025
82ad226
Merge remote-tracking branch origin/rel-3.46.0
Nov 6, 2025
059b3e0
GH-16524 GLM - control variables - Regression, Binomial (#16601)
maurever Nov 11, 2025
367019c
Merge remote-tracking branch origin/rel-3.46.0
Nov 12, 2025
fe2d83e
GH-16673: Fix AIC calculation in GLM (#16680)
tomasfryda Nov 12, 2025
087855a
Merge remote-tracking branch origin/rel-3.46.0
Nov 13, 2025
62301d7
Add distribution check with control variables (#16692)
maurever Nov 18, 2025
6c0f215
GH-16610: Fix floating point parsing issue (#16693)
tomasfryda Nov 19, 2025
0b9e3b1
GH-16694: Fix relevel (#16695)
tomasfryda Nov 19, 2025
e087018
Merge remote-tracking branch origin/rel-3.46.0
Nov 20, 2025
dcb0e98
Add distribution check with control variables (#16701)
maurever Nov 20, 2025
d534ea0
Merge remote-tracking branch origin/rel-3.46.0
Nov 21, 2025
ee90de5
GH-16698 release cleanup (#16699)
valenad1 Nov 21, 2025
3848b79
Merge remote-tracking branch origin/rel-3.46.0
Nov 21, 2025
c9cf852
Remove Sparkling Water from welcome and starting doc pages (#16704)
valenad1 Nov 22, 2025
2c5cfd2
Merge remote-tracking branch origin/rel-3.46.0
Nov 22, 2025
41b7514
GH-16705 - Release notest for 3.46.0.9 (#16706)
valenad1 Nov 24, 2025
f1f3df5
Merge remote-tracking branch origin/rel-3.46.0
Nov 24, 2025
b5e3b57
Integrate with Claude (#16700)
valenad1 Nov 24, 2025
0d2cd5c
Merge remote-tracking branch origin/rel-3.46.0
Nov 25, 2025
8249d9f
GH-16604 - remove HDP from supported version in the documentation (#1…
valenad1 Nov 26, 2025
123b3f8
Merge remote-tracking branch origin/rel-3.46.0
Nov 27, 2025
1f47231
GH-16129 fix public dockerfile (#16713)
valenad1 Dec 2, 2025
13a6fa2
GH-16129 - Run on python 3.11 in Dockerfile(#16715)
valenad1 Dec 2, 2025
09f3ee7
Merge remote-tracking branch origin/rel-3.46.0
Dec 3, 2025
db81690
GH-16718 remove support for python 3.6 - core (#16720)
valenad1 Dec 16, 2025
4555225
Update documentation to reflect Python 3.7 minimum version (#16722)
valenad1 Dec 16, 2025
af5eb5b
Merge remote-tracking branch origin/rel-3.46.0
Dec 17, 2025
f6573c9
Change bucket name for nightly builds in Jenkinsfile
silvarohan18 Jan 5, 2026
ac99a2a
Fix coxph mojo export (#16726)
tomasfryda Jan 6, 2026
05ca6ef
GH-16707: Add Support R 4.5 (#16714)
tomasfryda Jan 6, 2026
cd08ca8
Merge pull request #16725 from h2oai/rohan/h2o-3/change-s3-bucket
silvarohan18 Jan 6, 2026
34d6816
Change bucket name for nightly builds in Jenkinsfile (#16727)
valenad1 Jan 6, 2026
f26129f
Merge branch 'rel-3.46.0' into tomf_resolve_rel-3.46.0_merge_conflict
tomasfryda Jan 9, 2026
bef21a2
Merge pull request #16730 from h2oai/tomf_resolve_rel-3.46.0_merge_co…
tomasfryda Jan 9, 2026
174f428
Fix documentation for R package (#16728)
valenad1 Jan 11, 2026
bf90465
Merge remote-tracking branch origin/rel-3.46.0
Jan 12, 2026
c481e31
GH-16731: Change keywords internal to noRd (#16732)
tomasfryda Jan 12, 2026
cbc1c73
Add workflow to trigger vulnerability scan on push events
silvarohan18 Jan 12, 2026
268392d
Fix authorization token reference in vulnerability scan workflow
silvarohan18 Jan 12, 2026
1d62380
Merge remote-tracking branch origin/rel-3.46.0
Jan 12, 2026
2575412
Add permissions section to vulnerability scan workflow
silvarohan18 Jan 12, 2026
07f46a9
Add workflow_dispatch event to vulnerability scan trigger
silvarohan18 Jan 12, 2026
306376b
Merge pull request #16733 from h2oai/rohan/h2o-3/vulnerability-scan-t…
silvarohan18 Jan 12, 2026
9161fd1
Add trigger for H2O-3 DevOps workflows and vulnerability scan
silvarohan18 Jan 12, 2026
3bcd37a
Add package encoding cran check message (#16737)
tomasfryda Jan 13, 2026
dfb2832
Update trigger-h2o-3-devops.yml
silvarohan18 Jan 13, 2026
82eca35
Merge remote-tracking branch origin/rel-3.46.0
Jan 14, 2026
2c73a0f
GH-15991: Infogram pydocs updates (#15992)
shaunyogeshwaran Jan 19, 2026
eb3f6a4
Merge remote-tracking branch origin/rel-3.46.0
Jan 20, 2026
2fcc376
Update h2o-docs/src/product/automl.rst
shaunyogeshwaran Jan 21, 2026
ca8f12f
Update h2o-docs/src/product/automl.rst
shaunyogeshwaran Jan 21, 2026
ec1d30a
Merge pull request #16305 from h2oai/sy/#16216
shaunyogeshwaran Jan 21, 2026
07e8f10
GH-16433 Fixed misc small errors in GAM, GLM, ModelSelection toolboxe…
wendycwong Jan 21, 2026
91f4ffa
GH-16744 - upgrade log4j and fix CVE-2025-68161 (#16745)
valenad1 Jan 21, 2026
7c2fda8
Merge remote-tracking branch origin/rel-3.46.0
Jan 22, 2026
d88acfe
Merge pull request #16734 from h2oai/rohan/h2o-3/vulnerability-scan-t…
silvarohan18 Jan 22, 2026
b8f34f6
Add trigger for H2O-3 DevOps workflows and vulnerability scan
silvarohan18 Jan 12, 2026
6cb263e
Update trigger-h2o-3-devops.yml
silvarohan18 Jan 13, 2026
851b325
Merge pull request #16746 from h2oai/rohan/cherry-pick-16734-to-rel-3…
silvarohan18 Jan 22, 2026
2ee1f06
Merge remote-tracking branch origin/rel-3.46.0
Jan 23, 2026
ff5f135
GH-16747 - fix checkpullrequest stage (#16748)
valenad1 Jan 27, 2026
96fcd6b
Merge remote-tracking branch origin/rel-3.46.0
Jan 30, 2026
19a1d76
GH-16755 Fix xgboost h stats example (#16756)
valenad1 Feb 4, 2026
4144a90
Merge remote-tracking branch origin/rel-3.46.0
Feb 5, 2026
2b5645c
GH-16769: Control variables MOJO support for regression and binomial …
tomasfryda Mar 3, 2026
915eecb
Merge remote-tracking branch origin/rel-3.46.0
Mar 3, 2026
d4c103d
Upgrade jackson-databind because of GHSA-72hv-8253-57qq (#16774)
valenad1 Mar 9, 2026
b9ae2d3
GH-16775 - Add couple of postgres sql parameters to DEFAULT_JDBC_DISA…
valenad1 Mar 9, 2026
5643c0c
Merge remote-tracking branch origin/rel-3.46.0
Mar 10, 2026
f129642
GH-16778 - fix release credentials for conda (#16781)
valenad1 Mar 11, 2026
633ec6b
Merge remote-tracking branch origin/rel-3.46.0
Mar 11, 2026
8563bb9
GH-16782 - Release notes for 3.46.0.10 (#16783)
valenad1 Mar 11, 2026
12cc080
Merge remote-tracking branch origin/rel-3.46.0
Mar 11, 2026
d0b0868
Follow-up on GH-16782 - Update security.md with lows (#16788)
valenad1 Mar 25, 2026
7c41a45
Merge remote-tracking branch origin/rel-3.46.0
Mar 25, 2026
c2560e3
GH-16676 GLM: Remove offset effects (#16749)
maurever Apr 10, 2026
409066b
GH-16798: Fix inconsistencies in python type-hints (#16799)
tomasfryda Apr 10, 2026
52eabfc
Merge remote-tracking branch origin/rel-3.46.0
Apr 11, 2026
ecb3a40
Fix failing test (#16792)
tomasfryda Apr 14, 2026
5a5529c
GH-16786: Remove offset effect mojo (#16787)
tomasfryda Apr 14, 2026
fdcf844
Merge remote-tracking branch origin/rel-3.46.0
Apr 15, 2026
7a82296
Fix unexported method identical.integer64 (#16795)
tomasfryda Apr 15, 2026
f8b9bd2
Replace isFALSE with identical(x, FALSE) to ensure R < 3.5 compatibil…
tomasfryda Apr 15, 2026
ee0c7e5
Merge remote-tracking branch origin/rel-3.46.0
Apr 15, 2026
ce39cdd
GH-16758: Fix R shap summary plot (#16789)
tomasfryda Apr 15, 2026
9c6292b
GH-16804 - add h2o.make_derived_glm_model to _pkgdown.yml (#16805)
tomasfryda Apr 15, 2026
24d57b7
Merge remote-tracking branch origin/rel-3.46.0
Apr 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
49 changes: 31 additions & 18 deletions .github/workflows/slack-alerts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,34 @@
send-slack-alert:
runs-on: ubuntu-latest
steps:
- name: Post to a Slack channel
id: slack
uses: slackapi/slack-github-action@v1.23.0
with:
channel-id: 'h2o-3-github-issues'
payload: |
{
"text": ":github: *H2O-3 GitHub Issue Opened*",
"attachments": [
{
"text": "*Title:* ${{ github.event.issue.title }}\n*Link:* ${{ github.event.issue.html_url }}",
"color": "good",
"fallback": "Build Alert"
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
- name: Check issue title and URL
id: check
env:
ISSUE_TITLE: ${{ github.event.issue.title }}
ISSUE_URL: ${{ github.event.issue.html_url }}
run: |
if [[ ! "$ISSUE_TITLE" =~ ^[a-zA-Z0-9\ \-\_\:\'\(\)\`]+$ ]]; then
echo "Invalid characters in issue title"
exit 1
fi
echo "TITLE=$ISSUE_TITLE" >> $GITHUB_ENV
echo "URL=$ISSUE_URL" >> $GITHUB_ENV
Comment on lines +16 to +22

Check failure

Code scanning / CodeQL

Environment variable built from user-controlled sources Critical

Potential environment variable injection in
if [[ ! "$ISSUE_TITLE" =~ ^[a-zA-Z0-9\ \-\_\:\'\(\)\`]+$ ]]; thenecho "Invalid characters in issue title"exit 1fiecho "TITLE=$ISSUE_TITLE" >> $GITHUB_ENVecho "URL=$ISSUE_URL" >> $GITHUB_ENV
Loading
, which may be controlled by an external user (
issues
Loading
).

Copilot Autofix

AI 3 months ago

In general, to fix this class of issue you must ensure that any untrusted input used to construct environment variables is sanitized so it cannot introduce extra lines or malformed KEY=VALUE entries. For single-line environment variables, remove or reject newline characters and any other characters that could break the format; for multi-line variables, use unique, non-user-influenced delimiters.

For this specific workflow, the best fix is to sanitize ISSUE_TITLE and ISSUE_URL inside the shell step before writing them to $GITHUB_ENV. We should (1) keep the existing character whitelist check as a first line of defense, and (2) explicitly strip any newline (\n) and carriage return (\r) characters from both variables when echoing them into $GITHUB_ENV. This directly addresses the CodeQL path: data from github.event.issue.title and github.event.issue.html_url will only ever be written as a single safe line each. We don’t need to change the Slack payload step, because it only reads from already-sanitized env vars.

Concretely, in .github/workflows/slack-alerts.yml at lines 16–22, adjust the run: script to sanitize both variables before writing to $GITHUB_ENV. A simple and common pattern is:

SANITIZED_TITLE=$(printf '%s' "$ISSUE_TITLE" | tr -d '\n\r')
SANITIZED_URL=$(printf '%s' "$ISSUE_URL" | tr -d '\n\r')
echo "TITLE=$SANITIZED_TITLE" >> "$GITHUB_ENV"
echo "URL=$SANITIZED_URL" >> "$GITHUB_ENV"

We should also quote $GITHUB_ENV to be safe, and optionally keep the existing regex validation. No new imports or external dependencies are required; all used tools (printf, tr) are standard in the Ubuntu runner shell environment.

Suggested changeset 1
.github/workflows/slack-alerts.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/slack-alerts.yml b/.github/workflows/slack-alerts.yml
--- a/.github/workflows/slack-alerts.yml
+++ b/.github/workflows/slack-alerts.yml
@@ -18,8 +18,11 @@
             echo "Invalid characters in issue title"
             exit 1
           fi
-          echo "TITLE=$ISSUE_TITLE" >> $GITHUB_ENV
-          echo "URL=$ISSUE_URL" >> $GITHUB_ENV
+          # Remove any newline characters before writing to GITHUB_ENV to avoid injection
+          SANITIZED_TITLE=$(printf '%s' "$ISSUE_TITLE" | tr -d '\n\r')
+          SANITIZED_URL=$(printf '%s' "$ISSUE_URL" | tr -d '\n\r')
+          echo "TITLE=$SANITIZED_TITLE" >> "$GITHUB_ENV"
+          echo "URL=$SANITIZED_URL" >> "$GITHUB_ENV"
 
       - name: Post to a Slack channel
         id: slack
EOF
@@ -18,8 +18,11 @@
echo "Invalid characters in issue title"
exit 1
fi
echo "TITLE=$ISSUE_TITLE" >> $GITHUB_ENV
echo "URL=$ISSUE_URL" >> $GITHUB_ENV
# Remove any newline characters before writing to GITHUB_ENV to avoid injection
SANITIZED_TITLE=$(printf '%s' "$ISSUE_TITLE" | tr -d '\n\r')
SANITIZED_URL=$(printf '%s' "$ISSUE_URL" | tr -d '\n\r')
echo "TITLE=$SANITIZED_TITLE" >> "$GITHUB_ENV"
echo "URL=$SANITIZED_URL" >> "$GITHUB_ENV"

- name: Post to a Slack channel
id: slack
Copilot is powered by AI and may make mistakes. Always verify output.

- name: Post to a Slack channel
id: slack
uses: slackapi/slack-github-action@v1.23.0

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Send slack alerts for new GitHub issues' step
Uses Step: slack
Loading
uses 'slackapi/slack-github-action' with ref 'v1.23.0', not a pinned commit hash
with:
channel-id: "h2o-3-github-issues"
payload: |
{
"text": ":github: *H2O-3 GitHub Issue Opened*",
"attachments": [
{
"text": "*Title:* ${{ env.TITLE }}\n*Link:* ${{ env.URL }}",
"color": "good",
"fallback": "Build Alert"
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
151 changes: 0 additions & 151 deletions .github/workflows/snyk-scan.yml
View file
Open in desktop

This file was deleted.

23 changes: 23 additions & 0 deletions .github/workflows/trigger-h2o-3-devops.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# .github/workflows/trigger-h2o-3-devops.yml
name: Trigger H2O-3 DevOps Workflows

permissions:
contents: read

on:
push:
branches: [master, rel-3.46.0]
workflow_dispatch:

jobs:
trigger:
runs-on: ubuntu-latest
steps:
- name: Trigger Vulnerability Scan
run: |
curl -X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.H2O_3_DEVOPS_REPO_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/h2oai/h2o-3-devops/dispatches \
-d '{"event_type":"h2o3-push","client_payload":{"branch":"${{ github.ref_name }}","sha":"${{ github.sha }}"}}'
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,3 +114,5 @@ leak-check.out

# Terraform
.terraform/

.claude/
Loading
Loading