microsoft · Demonkratiy · Oct 8, 2024 · Dec 4, 2023 · Dec 4, 2023 · Jan 18, 2024
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -1,29 +1,18 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
 name: "CodeQL"
 
 on:
   push:
-    branches: [ main ]
+    branches: [main, dev, certification]
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
+    branches: [main, dev, certification]
   schedule:
-    - cron: '38 0 * * 4'
+    - cron: '0 0 * * 3'
 
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    timeout-minutes: 60
     permissions:
       actions: read
       contents: read
@@ -32,40 +21,29 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
+        language: ['typescript']
+
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 2
+
+    - name: Use Node.js 18
+      uses: actions/setup-node@v2
+      with:
+        node-version: 18.x
+
+    - name: Install Dependencies
+      run: npm ci
 
-    # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
+      uses: github/codeql-action/autobuild@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v3
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 2.3.4.0
+### Visual changes:
+* Fix bug with resetting the selection
+
 ## 2.3.3.0
 ### Visual changes:
 * Fix bug with bookmarks

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "powerbi-visuals-wordcloud",
-  "version": "2.3.3.0",
+  "version": "2.3.4.0",
   "description": "Word Cloud is a visual representation of word frequency and value. Use it to get instant insight into the most important terms in a set.",
   "repository": {
     "type": "git",
@@ -33,9 +33,7 @@
     "d3-transition": "^3.0.1",
     "lodash.clone": "^4.5.0",
     "lodash.difference": "^4.5.0",
-    "lodash.flatten": "^4.4.0",
     "lodash.includes": "^4.3.0",
-    "lodash.isarray": "^4.0.0",
     "lodash.isempty": "^4.4.0",
     "lodash.isstring": "^4.0.1",
     "lodash.keys": "^4.2.0",
@@ -59,9 +57,7 @@
     "@types/karma": "^6.3.8",
     "@types/lodash.clone": "^4.5.9",
     "@types/lodash.difference": "^4.5.9",
-    "@types/lodash.flatten": "^4.4.9",
     "@types/lodash.includes": "^4.3.9",
-    "@types/lodash.isarray": "^4.0.9",
     "@types/lodash.isempty": "^4.4.9",
     "@types/lodash.isstring": "^4.0.9",
     "@types/lodash.keys": "^4.2.9",

diff --git a/pbiviz.json b/pbiviz.json
@@ -1,10 +1,10 @@
 {
   "visual": {
     "name": "WordCloud",
-    "displayName": "WordCloud 2.3.3.0",
+    "displayName": "WordCloud 2.3.4.0",
     "guid": "WordCloud1447959067750",
     "visualClassName": "WordCloud",
-    "version": "2.3.3.0",
+    "version": "2.3.4.0",
     "description": "Word Cloud is a visual representation of word frequency and value. Use it to get instant insight into the most important terms in a set.",
     "supportUrl": "https://community.powerbi.com",
     "gitHubUrl": "https://github.com/Microsoft/PowerBI-visuals-WordCloud"

diff --git a/src/WordCloud.ts b/src/WordCloud.ts
@@ -794,24 +794,7 @@ export class WordCloud implements IVisual {
         this.colorPalette = options.host.colorPalette;
         this.visualHost = options.host;
         const selectionManager: ISelectionManager = this.visualHost.createSelectionManager();
-        this.behavior = new WordCloudBehavior(selectionManager, 
-            (text: string): ISelectionId[] => {
-                const dataPoints: WordCloudDataPoint[] = this.data
-                    && this.data.dataPoints
-                    && this.data.dataPoints.filter((dataPoint: WordCloudDataPoint) => {
-                        return dataPoint.text.toLocaleLowerCase() === text;
-                    });
-
-                return (
-                    dataPoints && dataPoints[0] && dataPoints[0].selectionIds
-                    ? dataPoints[0].selectionIds
-                    : []
-                );
-            },
-            () => {
-                return this.data.dataPoints;
-            }
-        );
+        this.behavior = new WordCloudBehavior(selectionManager);
 
         this.layout = new VisualLayout(null, WordCloud.DefaultMargin);
 
@@ -1473,6 +1456,7 @@ export class WordCloud implements IVisual {
         };
 
         this.behavior.bindEvents(behaviorOptions);
+        this.behavior.renderSelection();
     }
 
     private scaleMainView(wordCloudDataView: WordCloudDataView): void {