Commit Graph

179 Commits

Author SHA1 Message Date
dependabot[bot]
1e6c974844
Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#17736) 2024-03-21 11:26:14 -05:00
dependabot[bot]
8d3b018f5d
Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#17612) 2024-03-21 11:24:13 -05:00
Roberto Dip
89ae60ddec
fix tests run with -race in server/mdm/scep (#17274)
scheduled tests, which are run with `-race` are [failing][1], this was
fixed in the `etcd-io/bbolt` fork of the now archived `boltdb/bolt`, for
more details check [this issue][2].

since boltdb is used only for tests, and they're passing after switching
to the fork, this seems like a reasonable way to fix them.

[1]: https://github.com/fleetdm/fleet/actions/runs/8090809417
[2]: https://github.com/etcd-io/bbolt/issues/391

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-02-29 15:55:15 -03:00
Martin Angers
2dfb260850
Move nanodep dependency in monorepo (#16984) 2024-02-26 10:26:00 -05:00
Jahziel Villasana-Espinoza
272ce3187f
feat: move scep dependency inside the monorepo (#16988)
Following the pattern set up by Martin and Lucas for similar PRs. Can be
reviewed by commits:

1. move scep directory into monorepo
2. update import paths
3. update go.mod, go.sum
4. fix golint errors in scep package
5. skip a failing test that's been broken for a while
6. fix that failing test

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Manual QA for all new/changed functionality

Also verified that our test suite runs the `scep` tests.
2024-02-22 13:13:46 -05:00
Lucas Manuel Rodriguez
6ea8f49f22
Replace fasthttp with Go's stdlib (reduces memory footprint) (#16922)
#16423

- To reduce memory footprint I'm replacing fasthttp with Go's stdlib
http package:
- To reduce CPU usage while Fleet is down am adding a connection check
before sending logs (otherwise osquery-perf spends a lot of CPU
marshaling JSON).

With fasthttp (memory start growing when I bring Fleet down, because it
starts to buffer logs):

![output_fasthttp_cut](https://github.com/fleetdm/fleet/assets/2073526/05161817-581c-4518-9751-7c014160e139)
With golang (memory start growing when I bring Fleet down, because it
starts to buffer logs):

![output_go_cut](https://github.com/fleetdm/fleet/assets/2073526/abdf899b-a812-478b-b638-28336513456a)
2024-02-19 11:33:19 -03:00
Lucas Manuel Rodriguez
ea25ce4e9e
Fix Fleet Desktop bugs on Windows (#16402)
#15821

This PR is adding two improvements and fixing two Windows bugs in Fleet
Desktop:

## Improvement
- We are now capturing the stderr of Fleet Desktop. This helped me find
bug (1) below (otherwise the panic output below was hidden from us).
- To reduce complexity I'm removing the "Theme detection" routine
because we made the decision to use the colored icon for both themes...,
see here:
415d1f493b/orbit/cmd/desktop/desktop_windows.go (L21-L27)

## Bug fixes
1. Fleet Desktop icon not showing in the task bar. This was fixed by
updating to use the latest version of `fyne.io/systray`. (See
https://github.com/fyne-io/systray/issues/22#issuecomment-1173157898.)
2. Orbit now properly detects if Fleet Desktop isn't running on Windows.

Bug (1)'s panic output 
```
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0x72b14b]

goroutine 23 [running]:
fyne.io/systray.(*winTray).setTooltip(0x1eb5d40, {0x126923f?, 0x0?})
	/Users/luk/gopath/pkg/mod/fyne.io/systray@v1.10.0/systray_windows.go:260 +0xcb
fyne.io/systray.SetTooltip({0x126923f?, 0x125fc16?})
	/Users/luk/gopath/pkg/mod/fyne.io/systray@v1.10.0/systray_windows.go:961 +0x29
main.main.func1()
	/Users/luk/fleetdm/git/fleet/orbit/cmd/desktop/desktop.go:103 +0xba
fyne.io/systray.Register.func2()
	/Users/luk/gopath/pkg/mod/fyne.io/systray@v1.10.0/systray.go:98 +0x2f
created by fyne.io/systray.Register in goroutine 1
	/Users/luk/gopath/pkg/mod/fyne.io/systray@v1.10.0/systray.go:96 +0xb1
```

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-01-29 18:52:55 -03:00
Victor Lyuboslavsky
ab4c505f4b
Enroll secret in macOS keychain and Windows Credential Manager (#16068)
#13832

For macOS hosts, fleetd now stores and retrieves enroll secret from
macOS keychain.
- this feature must use the official signed and notarized version of
fleetd
- for contributors, this feature can disabled with either:
  - fleetctl package flag: --disable-keystore
  - fleetd runtime flag: --disable-keystore

This feature does not cover the MDM usecase where enroll secret is
stored in the MDM profile. This usecase will hopefully be worked on next
sprint with the MDM team.

For Windows hosts, fleetd now stores and retrieves enroll secret from
Windows Credential Manager.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-01-16 06:51:37 -06:00
Martin Angers
fc3304c902
Move nanomdm dependency in monorepo (#16015)
#15557 

Following the precedent that Lucas used for other similar PRs, the best
way to review is probably by commits.

* The first one simply copies over the files from the fork to the
monorepo
* Second one adjusts all import paths
* Third one tidies up the `go.mod` files
* Last one fixes the linter issues in the nanomdm package

# Checklist for submitter

- ~~Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.~~ (not a user-visible change)
- [x] Manual QA for all new/changed functionality (ran test suite,
re-generated mocks)

I also verified that our Go test suite did run the newly moved `nanomdm`
package steps:

```
ok  	github.com/fleetdm/fleet/v4/server/mdm/nanomdm/cryptoutil	0.003s	coverage: 0.0% of statements in github.com/fleetdm/fleet/v4/...
ok  	github.com/fleetdm/fleet/v4/server/mdm/nanomdm/mdm	0.005s	coverage: 46.2% of statements in github.com/fleetdm/fleet/v4/...
ok  	github.com/fleetdm/fleet/v4/server/mdm/nanomdm/service/certauth	1.320s	coverage: 20.7% of statements in github.com/fleetdm/fleet/v4/...
ok  	github.com/fleetdm/fleet/v4/server/mdm/nanomdm/storage/file	0.007s	coverage: 24.1% of statements in github.com/fleetdm/fleet/v4/...
```
2024-01-11 23:28:48 -03:00
Jahziel Villasana-Espinoza
e3ae0b34cc
chore: update go.mod to pull latest scep changes (#16044)
> 📜 Related issue: #15635

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

Tests were added in the scep repo:
https://github.com/fleetdm/scep/pull/1
2024-01-11 10:13:58 -05:00
dependabot[bot]
01afa82eea
Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#15950)
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl)
from 1.3.3 to 1.3.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/circl/releases">github.com/cloudflare/circl's
releases</a>.</em></p>
<blockquote>
<h2>CIRCL v1.3.7</h2>
<h3>What's Changed</h3>
<ul>
<li>build(deps): bump golang.org/x/crypto from
0.3.1-0.20221117191849-2c476679df9a to 0.17.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/467">cloudflare/circl#467</a></li>
<li>kyber: remove division by q in ciphertext compression by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/468">cloudflare/circl#468</a></li>
<li>Releasing CIRCL v1.3.7 by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/469">cloudflare/circl#469</a></li>
</ul>
<h3>New Contributors</h3>
<ul>
<li><a
href="https://github.com/dependabot"><code>@​dependabot</code></a> made
their first contribution in <a
href="https://redirect.github.com/cloudflare/circl/pull/467">cloudflare/circl#467</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/cloudflare/circl/compare/v1.3.6...v1.3.7">https://github.com/cloudflare/circl/compare/v1.3.6...v1.3.7</a></p>
<h2>CIRCL v1.3.6</h2>
<h3>What's Changed</h3>
<ul>
<li>internal: add TurboShake{128,256} by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/430">cloudflare/circl#430</a></li>
<li>Kangaroo12 draft -10 by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/431">cloudflare/circl#431</a></li>
<li>Add K12 as XOF by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/437">cloudflare/circl#437</a></li>
<li>xof/k12: Fix a typo in the package documentation by <a
href="https://github.com/cjpatton"><code>@​cjpatton</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/438">cloudflare/circl#438</a></li>
<li>Set CIRCL version for generated assembler code. by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/440">cloudflare/circl#440</a></li>
<li>Add tkn20 benchmarks by <a
href="https://github.com/tanyav2"><code>@​tanyav2</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/442">cloudflare/circl#442</a></li>
<li>Add partially blind RSA implementation by <a
href="https://github.com/chris-wood"><code>@​chris-wood</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/445">cloudflare/circl#445</a></li>
<li>Update doc.go by <a
href="https://github.com/nadimkobeissi"><code>@​nadimkobeissi</code></a>
in <a
href="https://redirect.github.com/cloudflare/circl/pull/447">cloudflare/circl#447</a></li>
<li>tss/rsa: key generation for threshold RSA (safe primes) by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/450">cloudflare/circl#450</a></li>
<li>Bumping Go version for CI jobs. by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/457">cloudflare/circl#457</a></li>
<li>Spelling by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/456">cloudflare/circl#456</a></li>
<li>blindrsa: updating blindrsa to be compliant with RFC9474 by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/464">cloudflare/circl#464</a></li>
<li>Releasing CIRCL v1.3.6 by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/465">cloudflare/circl#465</a></li>
</ul>
<h3>New Contributors</h3>
<ul>
<li><a
href="https://github.com/nadimkobeissi"><code>@​nadimkobeissi</code></a>
made their first contribution in <a
href="https://redirect.github.com/cloudflare/circl/pull/447">cloudflare/circl#447</a></li>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/cloudflare/circl/pull/456">cloudflare/circl#456</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.6">https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.6</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c48866b306"><code>c48866b</code></a>
Releasing CIRCL v1.3.7</li>
<li><a
href="75ef91e8a2"><code>75ef91e</code></a>
kyber: remove division by q in ciphertext compression</li>
<li><a
href="899732a432"><code>899732a</code></a>
build(deps): bump golang.org/x/crypto</li>
<li><a
href="99f0f715ca"><code>99f0f71</code></a>
Releasing CIRCL v1.3.6</li>
<li><a
href="e728d0d84e"><code>e728d0d</code></a>
Apply thibmeu code review suggestions</li>
<li><a
href="ceb2d90c49"><code>ceb2d90</code></a>
Updating blindrsa to be compliant with RFC9474.</li>
<li><a
href="44133f7032"><code>44133f7</code></a>
spelling: tripped</li>
<li><a
href="c2076d67b2"><code>c2076d6</code></a>
spelling: transposes</li>
<li><a
href="dad216659e"><code>dad2166</code></a>
spelling: title</li>
<li><a
href="171c41832e"><code>171c418</code></a>
spelling: threshold</li>
<li>Additional commits viewable in <a
href="https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cloudflare/circl&package-manager=go_modules&previous-version=1.3.3&new-version=1.3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10 11:46:55 -03:00
Lucas Manuel Rodriguez
417f45fc61
Move external dependency fleetdm/kolide-kit to monorepo (#15861)
#15556

We will need to pay attention when releasing fleet (the github actions
were modified to use the local file now).

Should be reviewed by commits (first commit is the actual adding of the
`version.go` file)

- [X] Manual QA for all new/changed functionality

Manually tested the following:
- `Settings -> My account` on the UI and checked the `/version` endpoint
response. (Or also visiting https://localhost:8080/version on a
browser).
- Ran `make fleetctl fleet`, `./build/fleetctl --version` and
`./build/fleet version`.
2024-01-02 18:22:52 -03:00
Lucas Manuel Rodriguez
38b8c9cc58
Move external dependency goose to monorepo (#15859)
#15555

Probably the best way to review this is commit by commit:
- First commit does the actual moving.
- Second commit fixes golangci-lint issues (in the least effort way to
avoid refactoring or rearrangement of some of the code).
- Third commit moves a printf to before the migration step is executed.
In the past some customers hitting migration issues (like migration
steps hanging or taking long to execute) and wanted to know which one
was it. The only way to know was to look at the repository and looking
for the next migration after the last one logged.

Checks:
- [X] Manual QA for all new/changed functionality

Manual tests:
- `make fleet && make db-reset`.
- Adding a new migration via `make migration name=Foobar` and then
running `./build/fleet prepare db`.
- Enrolling a new device to Fleet (smoke test).
2024-01-02 17:52:00 -03:00
dependabot[bot]
ac8bcea518
Bump github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0 (#15841)
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git)
from 5.4.2 to 5.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.11.0</h2>
<h2>What's Changed</h2>
<ul>
<li>git: validate reference names (<a
href="https://redirect.github.com/go-git/go-git/issues/929">#929</a>) by
<a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/950">go-git/go-git#950</a></li>
<li>git: stop iterating at oldest shallow when pulling. Fixes <a
href="https://redirect.github.com/go-git/go-git/issues/305">#305</a> by
<a href="https://github.com/dhoizner"><code>@​dhoizner</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/939">go-git/go-git#939</a></li>
<li>plumbing: object, enable renames in getFileStatsFromFilePatches by
<a href="https://github.com/djmoch"><code>@​djmoch</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/941">go-git/go-git#941</a></li>
<li>storage: filesystem, Add option to set a specific FS for alternates
by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/953">go-git/go-git#953</a></li>
<li>Align worktree validation with upstream and remove build warnings by
<a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/958">go-git/go-git#958</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/dhoizner"><code>@​dhoizner</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-git/go-git/pull/939">go-git/go-git#939</a></li>
<li><a href="https://github.com/djmoch"><code>@​djmoch</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-git/go-git/pull/941">go-git/go-git#941</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0">https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0</a></p>
<h2>v5.10.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Worktree, ignore ModeSocket files by <a
href="https://github.com/steiler"><code>@​steiler</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/930">go-git/go-git#930</a></li>
<li>git: add tracer package by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/916">go-git/go-git#916</a></li>
<li>remote: Flip clause for fast-forward only check by <a
href="https://github.com/adityasaky"><code>@​adityasaky</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/875">go-git/go-git#875</a></li>
<li>plumbing: transport/ssh, Fix nil pointer dereference caused when an
unreachable proxy server is set. Fixes <a
href="https://redirect.github.com/go-git/go-git/issues/900">#900</a> by
<a href="https://github.com/anandf"><code>@​anandf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/901">go-git/go-git#901</a></li>
<li>plumbing: uppload-server-info, implement upload-server-info by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/896">go-git/go-git#896</a></li>
<li>plumbing: optimise memory consumption for filesystem storage by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/799">go-git/go-git#799</a></li>
<li>plumbing: format/packfile, Refactor patch delta by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/908">go-git/go-git#908</a></li>
<li>plumbing: fix empty uploadpack request error by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/932">go-git/go-git#932</a></li>
<li>plumbing: transport/git, Improve tests error message by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/752">go-git/go-git#752</a></li>
<li>plumbing: format/pktline, Respect pktline error-line errors by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/936">go-git/go-git#936</a></li>
<li>utils: remove ioutil.Pipe and use std library io.Pipe by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/922">go-git/go-git#922</a></li>
<li>utils: move trace to utils by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/931">go-git/go-git#931</a></li>
<li>cli: separate go module for cli by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/914">go-git/go-git#914</a></li>
<li>build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/887">go-git/go-git#887</a></li>
<li>build: bump actions/setup-go from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/891">go-git/go-git#891</a></li>
<li>build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/888">go-git/go-git#888</a></li>
<li>build: bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/890">go-git/go-git#890</a></li>
<li>build: bump golang.org/x/sys from 0.13.0 to 0.14.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/907">go-git/go-git#907</a></li>
<li>build: bump golang.org/x/text from 0.13.0 to 0.14.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/906">go-git/go-git#906</a></li>
<li>build: bump golang.org/x/crypto from 0.14.0 to 0.15.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/917">go-git/go-git#917</a></li>
<li>build: bump golang.org/x/net from 0.17.0 to 0.18.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/918">go-git/go-git#918</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/anandf"><code>@​anandf</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-git/go-git/pull/901">go-git/go-git#901</a></li>
<li><a href="https://github.com/steiler"><code>@​steiler</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-git/go-git/pull/930">go-git/go-git#930</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1">https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1</a></p>
<h2>v5.10.0</h2>
<h2>What's Changed</h2>
<ul>
<li>PlainInitOptions.Bare and allow using InitOptions with
PlainInitWithOptions by <a
href="https://github.com/ThinkChaos"><code>@​ThinkChaos</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/782">go-git/go-git#782</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5d08d3bd94"><code>5d08d3b</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/958">#958</a>
from pjbgf/workval</li>
<li><a
href="5bd1d8f4ab"><code>5bd1d8f</code></a>
build: Ensure checkout is the first operation</li>
<li><a
href="b2c1982477"><code>b2c1982</code></a>
git: worktree, Align validation with upstream rules</li>
<li><a
href="cec7da63ca"><code>cec7da6</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/953">#953</a>
from pjbgf/alternates</li>
<li><a
href="8b47ceb1aa"><code>8b47ceb</code></a>
storage: filesystem, Add option to set a specific FS for alternates</li>
<li><a
href="4f61489104"><code>4f61489</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/941">#941</a>
from djmoch/filestats-rename</li>
<li><a
href="ae552ce0bf"><code>ae552ce</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/939">#939</a>
from dhoizner/fix-pull-after-shallow</li>
<li><a
href="cc1895b905"><code>cc1895b</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/950">#950</a>
from aymanbagabas/validate-ref</li>
<li><a
href="de1d5a5978"><code>de1d5a5</code></a>
git: validate reference names</li>
<li><a
href="d87110b492"><code>d87110b</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/948">#948</a>
from go-git/dependabot/go_modules/cli/go-git/github.c...</li>
<li>Additional commits viewable in <a
href="https://github.com/go-git/go-git/compare/v5.4.2...v5.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-git/go-git/v5&package-manager=go_modules&previous-version=5.4.2&new-version=5.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-29 11:38:17 -03:00
dependabot[bot]
6806f1b3a2
Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#15741)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from
0.14.0 to 0.17.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9d2ee975ef"><code>9d2ee97</code></a>
ssh: implement strict KEX protocol changes</li>
<li><a
href="4e5a26183e"><code>4e5a261</code></a>
ssh: close net.Conn on all NewServerConn errors</li>
<li><a
href="152cdb1503"><code>152cdb1</code></a>
x509roots/fallback: update bundle</li>
<li><a
href="fdfe1f8531"><code>fdfe1f8</code></a>
ssh: defer channel window adjustment</li>
<li><a
href="b8ffc16e10"><code>b8ffc16</code></a>
blake2b: drop Go 1.6, Go 1.8 compatibility</li>
<li><a
href="7e6fbd82c8"><code>7e6fbd8</code></a>
ssh: wrap errors from client handshake</li>
<li><a
href="bda2f3f5cf"><code>bda2f3f</code></a>
argon2: avoid clobbering BP</li>
<li><a
href="325b735346"><code>325b735</code></a>
ssh/test: skip TestSSHCLIAuth on Windows</li>
<li><a
href="1eadac50a5"><code>1eadac5</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="b2d7c26edb"><code>b2d7c26</code></a>
ssh: add (*Client).DialContext method</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/crypto/compare/v0.14.0...v0.17.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.14.0&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2023-12-22 15:19:32 -03:00
Sarah Gillespie
b660715e56
Add database migrations to support software titles feature (#15401)
Issue #15222
2023-12-01 11:33:07 -03:00
Jahziel Villasana-Espinoza
5131879292
feat: remove file if it exists before creating new one (#15186)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2023-11-22 14:04:38 -05:00
Lucas Manuel Rodriguez
4194c44131
Use NVD API 2.0 to download CVE information (#15102)
#14888

@getvictor This is ready for review, but keeping as draft as there are
probably many tests that need amending.

I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to
compare the current vulnerabilities found in our dogfood environment
with the vulnerabilities found by the code in this PR and both results
match:
```
go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 | tee out.txt
[...]
CVEs found and expected matched!
```

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [X] Manual QA for all new/changed functionality

---------

Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
2023-11-21 12:30:07 -06:00
Victor Lyuboslavsky
eada583ff1
Updating CPE generator to use new NVD API. (#15018)
Loom explaining changes (hit 5 min limit):
https://www.loom.com/share/e59b63bf638e4d9cad7984ef589b878d?sid=111fff75-115a-4a44-ae4f-6f25fede0d51

#14887

- [x] Need to merge fleetdm/nvd PR
https://github.com/fleetdm/nvd/pull/25 before this one.

# Checklist for submitter

- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- Manually tested (with corresponding fleetdm/fleet changes) in my
personal fork: https://github.com/getvictor/nvd/releases

# QA Plan (must be done before merging this PR, and after merging the
nvd PR)
- [ ] Fork https://github.com/fleetdm/nvd and point `generate.yml` to
this branch.
[example](9d8e54930b/.github/workflows/generate.yml (L26))
- [ ] Add NVD_API_KEY to nvd secrets, and run the the nvd generate
GitHub action. Get key:
https://nvd.nist.gov/developers/request-an-api-key
- [ ] Compare the generated `cpe-###.sqlite.gz` to the previous one. One
way is to open it up with sqlite3 and `select * from cpe_2 order by
cpe23;` and dump results to a CSV file. Known differences are:
   - New file has ~2,500 more records
- Backslashes are handled differently for `Backpack\CRUD` and `Philips
In.Sight B120\37` products -- not a new issue since we do not support
those products right now
- `cpe:2.3🅰️moodle:moodle:4.2.0:*:*:*:*:*:*:*` -- this appears OK.
Also, it is a PHP plugin, and we don't support these currently.
- [ ] Record the existing vulnerabilities of current hosts.
- [ ] Stop any running fleet server. Delete `/tmp/vulndbs/cpe.sqlite`.
Can also delete other files there, or not delete this file -- it should
be overwritten by the new file. Also delete all rows in software_cpe and
software_cve DB tables. (Or can just spin up a fresh fleet server with
fresh DB, and re-enroll hosts (after setting the new env variable
below))
- [ ] Find the path to the generated `cpe-###.sqlite.gz` file
- [ ] Set `FLEET_VULNERABILITIES_CPE_DATABASE_URL` environment variable
to the above path, and start fleet server.
- [ ] After server's vulnerabilities cron job runs, the new
vulnerabilities should match the previous vulnerabilities
2023-11-20 16:10:00 -06:00
Lucas Manuel Rodriguez
4cf682d78f
Downgrade osquery-go due to panics in Shutdown and add more logging (#15017)
#15022

The issue in the package is being fixed here
https://github.com/osquery/osquery-go/pull/117
But to not block on that we will downgrade the osquery-go version we
use.

- ~[ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.~
- ~[ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [ ] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-11-13 18:29:45 -03:00
dependabot[bot]
fa566dbf96
Bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.40.0 to 0.44.0 (#14588)
Bumps
[go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux](https://github.com/open-telemetry/opentelemetry-go-contrib)
from 0.40.0 to 0.44.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/releases">go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.20.0/v0.45.0/v0.14.0</h2>
<h3>Added</h3>
<ul>
<li>Set the description for the <code>rpc.server.duration</code> metric
in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4302">#4302</a>)</li>
<li>Add <code>NewServerHandler</code> and <code>NewClientHandler</code>
that return a <code>grpc.StatsHandler</code> used for gRPC
instrumentation in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/3002">#3002</a>)</li>
<li>Add new Prometheus bridge module in
<code>go.opentelemetry.io/contrib/bridges/prometheus</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4227">#4227</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Upgrade dependencies of OpenTelemetry Go to use the new <a
href="https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0"><code>v1.19.0</code>/<code>v0.42.0</code>/<code>v0.0.7</code>
release</a>.</li>
<li>Use <code>grpc.StatsHandler</code> for gRPC instrumentation in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/example</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4325">#4325</a>)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/puckpuck"><code>@​puckpuck</code></a>
made their first contribution in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/4302">open-telemetry/opentelemetry-go-contrib#4302</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/compare/v1.19.0...v1.20.0">https://github.com/open-telemetry/opentelemetry-go-contrib/compare/v1.19.0...v1.20.0</a></p>
<h2>Release v1.19.0/v0.44.0/v0.13.0</h2>
<h3>Added</h3>
<ul>
<li>Add <code>gcp.gce.instance.name</code> and
<code>gcp.gce.instance.hostname</code> resource attributes to
<code>go.opentelemetry.io/contrib/detectors/gcp</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4263">#4263</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/detectors/aws/ec2</code> have been
upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/detectors/aws/ecs</code> have been
upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/detectors/aws/eks</code> have been
upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/detectors/aws/lambda</code> have been
upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-lambda-go/otellambda</code>
have been upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)
<ul>
<li>The <code>faas.execution</code> attribute is now
<code>faas.invocation_id</code>.</li>
<li>The <code>faas.id</code> attribute is now
<code>aws.lambda.invoked_arn</code>.</li>
</ul>
</li>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-sdk-go-v2/otelaws</code>
have been upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li>
<li>The <code>http.request.method</code> attribute will only allow known
HTTP methods from the metrics generated by
<code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4277">#4277</a>)</li>
</ul>
<h3>Removed</h3>
<ul>
<li>The high cardinality attributes <code>net.sock.peer.addr</code>,
<code>net.sock.peer.port</code>, <code>http.user_agent</code>,
<code>enduser.id</code>, and <code>http.client_ip</code> were removed
from the metrics generated by
<code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4277">#4277</a>)</li>
<li>The deprecated
<code>go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego</code>
module is removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
<li>The deprecated
<code>go.opentelemetry.io/contrib/instrumentation/github.com/go-kit/kit/otelkit</code>
module is removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
<li>The deprecated
<code>go.opentelemetry.io/contrib/instrumentation/github.com/Shopify/sarama/otelsarama</code>
module is removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
<li>The deprecated
<code>go.opentelemetry.io/contrib/instrumentation/github.com/bradfitz/gomemcache/memcache/otelmemcache</code>
module is removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
<li>The deprecated
<code>go.opentelemetry.io/contrib/instrumentation/github.com/gocql/gocql/otelgocql</code>
module is removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/utsushiiro"><code>@​utsushiiro</code></a> made
their first contribution in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/4260">open-telemetry/opentelemetry-go-contrib#4260</a></li>
<li><a
href="https://github.com/RangelReale"><code>@​RangelReale</code></a>
made their first contribution in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/4230">open-telemetry/opentelemetry-go-contrib#4230</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/compare/v1.18.0...v1.19.0">https://github.com/open-telemetry/opentelemetry-go-contrib/compare/v1.18.0...v1.19.0</a></p>
<h2>Release v1.18.0/v0.43.0/v0.12.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md">go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux's
changelog</a>.</em></p>
<blockquote>
<h2>[1.19.0/0.44.0/0.13.0] - 2023-09-12</h2>
<h3>Added</h3>
<ul>
<li>Add <code>gcp.gce.instance.name</code> and
<code>gcp.gce.instance.hostname</code> resource attributes to
<code>go.opentelemetry.io/contrib/detectors/gcp</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4263">#4263</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/detectors/aws/ec2</code> have been
upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/detectors/aws/ecs</code> have been
upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/detectors/aws/eks</code> have been
upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/detectors/aws/lambda</code> have been
upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-lambda-go/otellambda</code>
have been upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)
<ul>
<li>The <code>faas.execution</code> attribute is now
<code>faas.invocation_id</code>.</li>
<li>The <code>faas.id</code> attribute is now
<code>aws.lambda.invoked_arn</code>.</li>
</ul>
</li>
<li>The semantic conventions used by
<code>go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-sdk-go-v2/otelaws</code>
have been upgraded to v1.21.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4265">#4265</a>)</li>
<li>The <code>http.request.method</code> attribute will only allow known
HTTP methods from the metrics generated by
<code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4277">#4277</a>)</li>
</ul>
<h3>Removed</h3>
<ul>
<li>The high cardinality attributes <code>net.sock.peer.addr</code>,
<code>net.sock.peer.port</code>, <code>http.user_agent</code>,
<code>enduser.id</code>, and <code>http.client_ip</code> were removed
from the metrics generated by
<code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4277">#4277</a>)</li>
<li>The deprecated
<code>go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego</code>
module is removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
<li>The deprecated
<code>go.opentelemetry.io/contrib/instrumentation/github.com/go-kit/kit/otelkit</code>
module is removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
<li>The deprecated
<code>go.opentelemetry.io/contrib/instrumentation/github.com/Shopify/sarama/otelsarama</code>
module is removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
<li>The deprecated
<code>go.opentelemetry.io/contrib/instrumentation/github.com/bradfitz/gomemcache/memcache/otelmemcache</code>
module is removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
<li>The deprecated
<code>go.opentelemetry.io/contrib/instrumentation/github.com/gocql/gocql/otelgocql</code>
module is removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
</ul>
<h2>[1.18.0/0.43.0/0.12.0] - 2023-08-28</h2>
<h3>Added</h3>
<ul>
<li>Add <code>NewMiddleware</code> function in
<code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/2964">#2964</a>)</li>
<li>The <code>go.opentelemetry.io/contrib/exporters/autoexport</code>
package to provide configuration of trace exporters with useful defaults
and environment variable support. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/2753">#2753</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4100">#4100</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4130">#4130</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4132">#4132</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4134">#4134</a>)</li>
<li><code>WithRouteTag</code> in
<code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>
adds HTTP route attribute to metrics. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/615">#615</a>)</li>
<li>Add <code>WithSpanOptions</code> option in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/3768">#3768</a>)</li>
<li>Add testing support for Go 1.21. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4233">#4233</a>)</li>
<li>Add <code>WithFilter</code> option to
<code>go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4230">#4230</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Change interceptors in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>
to disable <code>SENT</code>/<code>RECEIVED</code> events.
Use <code>WithMessageEvents()</code> to turn back on. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/3964">#3964</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>go.opentelemetry.io/contrib/detectors/gcp</code>: Detect
<code>faas.instance</code> instead of <code>faas.id</code>, since
<code>faas.id</code> is being removed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4198">#4198</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>AWS XRay Remote Sampling to cap <code>quotaBalance</code> to 1x
quota in <code>go.opentelemetry.io/contrib/samplers/aws/xray</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/3651">#3651</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/3652">#3652</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fdfa6e3abf"><code>fdfa6e3</code></a>
Release v1.19.0/v0.44.0/v0.13.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4299">#4299</a>)</li>
<li><a
href="aea75409c7"><code>aea7540</code></a>
build(deps): bump github.com/aws/aws-sdk-go in /detectors/aws/ec2 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4297">#4297</a>)</li>
<li><a
href="7e88614696"><code>7e88614</code></a>
Remove otelbeego, otelkit, otelsarama, otelmemcache, otelgocql (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4295">#4295</a>)</li>
<li><a
href="14f153ea4a"><code>14f153e</code></a>
build(deps): bump actions/checkout from 3 to 4 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4291">#4291</a>)</li>
<li><a
href="01c596d0e8"><code>01c596d</code></a>
dependabot updates Mon Sep 11 05:08:50 UTC 2023 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4294">#4294</a>)</li>
<li><a
href="50ca48f801"><code>50ca48f</code></a>
Remove high cardanility metrics from otelhttp (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4277">#4277</a>)</li>
<li><a
href="b6fc62f4da"><code>b6fc62f</code></a>
Update go versions used in workflow (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4278">#4278</a>)</li>
<li><a
href="7a8f53c611"><code>7a8f53c</code></a>
Add new gcp host attributes (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4263">#4263</a>)</li>
<li><a
href="aab5f49a93"><code>aab5f49</code></a>
[mux] Add request filters like otelhttp (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4230">#4230</a>)</li>
<li><a
href="3ad5a2c545"><code>3ad5a2c</code></a>
Deprecate otelmemcache, otelgocql (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/4164">#4164</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.40.0...zpages/v0.44.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux&package-manager=go_modules&previous-version=0.40.0&new-version=0.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2023-11-07 15:20:51 -03:00
Martin Angers
f42f4d48af
Implement the database migrations for the Windows profiles story. (#14973) 2023-11-07 09:28:43 -05:00
George Karr
51772873bc
Update to latest gon with notarytool until we find a better solution (#14918)
Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2023-11-03 18:56:30 -05:00
George Karr
970854e078
Switching systray dependency to one without glibc requirements (#14197) 2023-11-02 14:40:21 -05:00
Sharon Katz
ab7717009e
Add Kolide osquery tables 2023-11-01 20:11:35 -06:00
dependabot[bot]
8659155c98
Bump github.com/docker/docker from 23.0.4+incompatible to 24.0.7+incompatible (#14795)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
23.0.4+incompatible to 24.0.7+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v24.0.7</h2>
<h2>24.0.7</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.7">docker/cli,
24.0.7 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.7">moby/moby,
24.0.7 milestone</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Write overlay2 layer metadata atomically. <a
href="https://redirect.github.com/moby/moby/pull/46703">moby/moby#46703</a></li>
<li>Fix &quot;Rootful-in-Rootless&quot; Docker-in-Docker on systemd
version 250 and later. <a
href="https://redirect.github.com/moby/moby/pull/46626">moby/moby#46626</a></li>
<li>Fix <code>dockerd-rootless-setuptools.sh</code> when username
contains a backslash. <a
href="https://redirect.github.com/moby/moby/pull/46407">moby/moby#46407</a></li>
<li>Fix a bug that would prevent network sandboxes to be fully deleted
when stopping containers with no network attachments and when
<code>dockerd --bridge=none</code> is used. <a
href="https://redirect.github.com/moby/moby/pull/46702">moby/moby#46702</a></li>
<li>Fix a bug where cancelling an API request could interrupt container
restart. <a
href="https://redirect.github.com/moby/moby/pull/46697">moby/moby#46697</a></li>
<li>Fix an issue where containers would fail to start when providing
<code>--ip-range</code> with a range larger than the subnet. <a
href="https://redirect.github.com/docker/for-mac/issues/6870">docker/for-mac#6870</a></li>
<li>Fix data corruption with zstd output. <a
href="https://redirect.github.com/moby/moby/pull/46709">moby/moby#46709</a></li>
<li>Fix the conditions under which the container's MAC address is
applied. <a
href="https://redirect.github.com/moby/moby/pull/46478">moby/moby#46478</a></li>
<li>Improve the performance of the stats collector. <a
href="https://redirect.github.com/moby/moby/pull/46448">moby/moby#46448</a></li>
<li>Fix an issue with source policy rules ending up in the wrong order.
<a
href="https://redirect.github.com/moby/moby/pull/46441">moby/moby#46441</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Add support for Fedora 39 and Ubuntu 23.10. <a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/940">docker/docker-ce-packaging#940</a>,
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/955">docker/docker-ce-packaging#955</a></li>
<li>Fix <code>docker.socket</code> not getting disabled when
uninstalling the <code>docker-ce</code> RPM package. <a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/852">docker/docker-ce-packaging#852</a></li>
<li>Upgrade Go to <code>go1.20.10</code>. <a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/951">docker/docker-ce-packaging#951</a></li>
<li>Upgrade containerd to <code>v1.7.6</code> (static binaries only). <a
href="https://redirect.github.com/moby/moby/pull/46103">moby/moby#46103</a></li>
<li>Upgrade the <code>containerd.io</code> package to <a
href="https://github.com/containerd/containerd/releases/tag/v1.6.24"><code>v1.6.24</code></a>.</li>
</ul>
<h3>Security</h3>
<ul>
<li>Deny containers access to <code>/sys/devices/virtual/powercap</code>
by default. This change hardens against <a
href="https://scout.docker.com/v/CVE-2020-8694">CVE-2020-8694</a>, <a
href="https://scout.docker.com/v/CVE-2020-8695">CVE-2020-8695</a>, and
<a href="https://scout.docker.com/v/CVE-2020-12912">CVE-2020-12912</a>,
and an attack known as <a href="https://platypusattack.com/">the
PLATYPUS attack</a>. For more details, see <a
href="https://github.com/moby/moby/security/advisories/GHSA-jq35-85cj-fj4p">advisory</a>,
<a
href="c9ccbfad11">commit</a>.</li>
</ul>
<h2>v24.0.6</h2>
<h2>24.0.6</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.6">docker/cli,
24.0.6 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.6">moby/moby,
24.0.6 milestone</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>containerd storage backend: Fix <code>docker ps</code> failing when
a container image is no longer present in the content store. <a
href="https://redirect.github.com/moby/moby/pull/46095">moby/moby#46095</a></li>
<li>containerd storage backend: Fix <code>docker ps -s -a</code> and
<code>docker container prune</code> failing when a container image
config is no longer present in the content store. <a
href="https://redirect.github.com/moby/moby/pull/46097">moby/moby#46097</a></li>
<li>containerd storage backend: Fix <code>docker inspect</code> failing
when a container image config is no longer (or was never) present in the
content store. <a
href="https://redirect.github.com/moby/moby/pull/46244">moby/moby#46244</a></li>
<li>containerd storage backend: Fix diff and export with the
<code>overlayfs</code> snapshotter by using reference-counted rootfs
mounts. <a
href="https://redirect.github.com/moby/moby/pull/46266">moby/moby#46266</a></li>
<li>containerd storage backend: Fix a misleading error message when the
image platforms available locally do not match the desired platform. <a
href="https://redirect.github.com/moby/moby/pull/46300">moby/moby#46300</a></li>
<li>containerd storage backend: Fix the <code>FROM scratch</code>
Dockerfile instruction with the classic builder. <a
href="https://redirect.github.com/moby/moby/pull/46302">moby/moby#46302</a></li>
<li>containerd storage backend: Fix <code>mismatched image rootfs and
manifest layers</code> errors with the classic builder. <a
href="https://redirect.github.com/moby/moby/pull/46310">moby/moby#46310</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="311b9ff0aa"><code>311b9ff</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/46697">#46697</a>
from thaJeztah/24.0_backport_restart_nocancel</li>
<li><a
href="af608045ee"><code>af60804</code></a>
Merge pull request from GHSA-jq35-85cj-fj4p</li>
<li><a
href="3cf363e1ee"><code>3cf363e</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/46709">#46709</a>
from thaJeztah/24.0_backport_bump_compress</li>
<li><a
href="05d7386665"><code>05d7386</code></a>
daemon: daemon.containerRestart: don't cancel restart on context
cancel</li>
<li><a
href="649c9440f2"><code>649c944</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/46703">#46703</a>
from thaJeztah/24.0_backport_atomic-layer-data-write</li>
<li><a
href="9b20b1a5fe"><code>9b20b1a</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/46702">#46702</a>
from thaJeztah/24.0_backport_releaseNetwork_Network...</li>
<li><a
href="dd37b0b960"><code>dd37b0b</code></a>
vendor: github.com/klauspost/compress v1.17.2</li>
<li><a
href="7058c0d24d"><code>7058c0d</code></a>
vendor: github.com/klauspost/compress v1.16.5</li>
<li><a
href="57bd388582"><code>57bd388</code></a>
daemon: overlay2: Write layer metadata atomically</li>
<li><a
href="05d95fd503"><code>05d95fd</code></a>
daemon: release sandbox even when NetworkDisabled</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v23.0.4...v24.0.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=23.0.4+incompatible&new-version=24.0.7+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-01 13:52:56 -03:00
Lucas Manuel Rodriguez
512699614d
Update facebookincubator/nvdtools package to fix false positive (#14798)
#14543

Python's certifi package is ingested with the following version string:
`2023.7.22`.
The NVD dataset uses the following versioning: `2023.07.22`.

This PR updates the nvdtools package.

This is the fix in nvdtools that fixes this exact false positive:

c0d18738cd

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [X] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-10-30 17:20:28 -03:00
Marcos Oviedo
f0d77ab3db
Merging Bitlocker feature branch (#14350)
This relates to #12577

---------

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2023-10-06 19:04:33 -03:00
Roberto Dip
ea6b59f179
upgrade Go version to 1.21.1 (#13877)
For #13715, this:

- Upgrades the Go version to `1.21.1`, infrastructure changes are
addressed separately at https://github.com/fleetdm/fleet/pull/13878
- Upgrades the linter version, as the current version doesn't work well
after the Go upgrade
- Fixes new linting errors (we now get errors for memory aliasing in
loops! 🎉 )

After this is merged people will need to:

1. Update their Go version. I use `gvm` and I did it like:

```
$ gvm install go1.21.1
$ gvm use go1.21.1 --default
```

2. Update the local version of `golangci-lint`:

```
$ go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2
```

3. (optional) depending on your setup, you might need to re-install some
packages, for example:

```
# goimports to automatically import libraries
$  go install golang.org/x/tools/cmd/goimports@latest

# gopls for the language server
$ go install golang.org/x/tools/gopls@latest

# etc...
```
2023-09-13 15:59:35 -03:00
Martin Angers
7b0a0fbe5e
DB migrations for saved scripts (#13765) 2023-09-11 11:54:34 -04:00
gillespi314
e08bb000c9
Update nanomdm dependency (#12721)
Updates include:
- Fix issues where `GetBootstrapToken` returned `500` instead of no data
and no error per Apple MDM
[documentation](https://developer.apple.com/documentation/devicemanagement/get_bootstrap_token)
- Incorporate additional updates from the upstream nanomdm repo
2023-08-21 11:07:57 -03:00
Roberto Dip
19a5ae6465
update macadmins/osquery-extension to v0.0.15 (#13371)
changelog for the version bump can be found here:
https://github.com/macadmins/osquery-extension/releases/tag/v0.0.15

related to #13158 as this fixes a bug in the extension causing `profiles
show --type enrollment` to be run almost every time we queried something
from the `mdm` table.

I couldn't find any new tables. Other than that, some dependencies were
updated on their repo as well, most notably `osquery/osquery-go`
2023-08-18 12:38:49 -03:00
Martin Angers
6f77911ffe
Fix performance regression found in load testing (#12981) 2023-07-26 17:13:27 -04:00
gillespi314
410cbc3972
Add certificate management for Microsoft MDM (WSTEP) (#12543)
Issue #12261

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-06-29 19:31:53 -03:00
dependabot[bot]
349149ef6a
Bump github.com/aws/aws-sdk-go from 1.43.16 to 1.44.288 (#12466)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go)
from 1.43.16 to 1.44.288.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's
releases</a>.</em></p>
<blockquote>
<h1>Release v1.44.288 (2023-06-22)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/chime-sdk-identity</code>: Updates service API and
documentation</li>
<li><code>service/chime-sdk-messaging</code>: Updates service API and
documentation</li>
<li><code>service/kendra</code>: Updates service API and documentation
<ul>
<li>Introducing Amazon Kendra Retrieve API that can be used to retrieve
relevant passages or text excerpts given an input query.</li>
</ul>
</li>
<li><code>service/states</code>: Updates service API and documentation
<ul>
<li>Adds support for Versions and Aliases. Adds 8 operations:
PublishStateMachineVersion, DeleteStateMachineVersion,
ListStateMachineVersions, CreateStateMachineAlias,
DescribeStateMachineAlias, UpdateStateMachineAlias,
DeleteStateMachineAlias, ListStateMachineAliases</li>
</ul>
</li>
</ul>
<h1>Release v1.44.287 (2023-06-21)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/dynamodb</code>: Updates service API, documentation,
waiters, paginators, and examples
<ul>
<li>Documentation updates for DynamoDB</li>
</ul>
</li>
<li><code>service/elasticmapreduce</code>: Updates service API,
documentation, and paginators
<ul>
<li>This release introduces a new Amazon EMR EPI called
ListSupportedInstanceTypes that returns a list of all instance types
supported by a given EMR release.</li>
</ul>
</li>
<li><code>service/inspector2</code>: Updates service API and
documentation</li>
<li><code>service/mediaconvert</code>: Updates service API and
documentation
<ul>
<li>This release introduces the bandwidth reduction filter for the HEVC
encoder, increases the limits of outputs per job, and updates support
for the Nagra SDK to version 1.14.7.</li>
</ul>
</li>
<li><code>service/mq</code>: Updates service API and documentation
<ul>
<li>The Cross Region Disaster Recovery feature allows to replicate a
brokers state from one region to another in order to provide customers
with multi-region resiliency in the event of a regional outage.</li>
</ul>
</li>
<li><code>service/sagemaker</code>: Updates service API and
documentation
<ul>
<li>This release provides support in SageMaker for output files in
training jobs to be uploaded without compression and enable customer to
deploy uncompressed model from S3 to real-time inference Endpoints. In
addition, ml.trn1n.32xlarge is added to supported instance type list in
training job.</li>
</ul>
</li>
<li><code>service/transfer</code>: Updates service API and documentation
<ul>
<li>This release adds a new parameter StructuredLogDestinations to
CreateServer, UpdateServer APIs.</li>
</ul>
</li>
</ul>
<h1>Release v1.44.286 (2023-06-20)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/appflow</code>: Updates service API and
documentation</li>
<li><code>service/config</code>: Updates service API</li>
<li><code>service/ec2</code>: Updates service API and documentation
<ul>
<li>Adds support for targeting Dedicated Host allocations by assetIds in
AWS Outposts</li>
</ul>
</li>
<li><code>service/lambda</code>: Updates service API and documentation
<ul>
<li>This release adds RecursiveInvocationException to the Invoke API and
InvokeWithResponseStream API.</li>
</ul>
</li>
<li><code>service/redshift</code>: Updates service API, documentation,
and paginators
<ul>
<li>Added support for custom domain names for Redshift Provisioned
clusters. This feature enables customers to create a custom domain name
and use ACM to generate fully secure connections to it.</li>
</ul>
</li>
</ul>
<h1>Release v1.44.285 (2023-06-19)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/cloudformation</code>: Updates service API and
documentation
<ul>
<li>Specify desired CloudFormation behavior in the event of ChangeSet
execution failure using the CreateChangeSet OnStackFailure
parameter</li>
</ul>
</li>
<li><code>service/ec2</code>: Updates service API, documentation, and
examples
<ul>
<li>API changes to AWS Verified Access to include data from trust
providers in logs</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4db4de06bc"><code>4db4de0</code></a>
Release v1.44.288 (2023-06-22) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/4892">#4892</a>)</li>
<li><a
href="ac3d1b0ef2"><code>ac3d1b0</code></a>
Release v1.44.287 (2023-06-21) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/4891">#4891</a>)</li>
<li><a
href="e85309cb11"><code>e85309c</code></a>
Release v1.44.286 (2023-06-20) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/4890">#4890</a>)</li>
<li><a
href="d3b5bbea5d"><code>d3b5bbe</code></a>
Release v1.44.285 (2023-06-19) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/4889">#4889</a>)</li>
<li><a
href="87a671cef0"><code>87a671c</code></a>
Release v1.44.284 (2023-06-16) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/4887">#4887</a>)</li>
<li><a
href="efb91b58d6"><code>efb91b5</code></a>
Release v1.44.283 (2023-06-15) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/4884">#4884</a>)</li>
<li><a
href="8962904930"><code>8962904</code></a>
Release v1.44.282 (2023-06-13) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/4882">#4882</a>)</li>
<li><a
href="dd4970433c"><code>dd49704</code></a>
Release v1.44.281 (2023-06-12) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/4881">#4881</a>)</li>
<li><a
href="12e9c10fa1"><code>12e9c10</code></a>
Release v1.44.280 (2023-06-09) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/4880">#4880</a>)</li>
<li><a
href="a5bef15429"><code>a5bef15</code></a>
Release v1.44.279 (2023-06-08) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/4878">#4878</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go/compare/v1.43.16...v1.44.288">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-23 12:43:29 -07:00
gillespi314
e2243d24bf
Insert "verified" to mdm_apple_delivery_status table (#12033) 2023-05-30 14:11:42 -05:00
Lucas Manuel Rodriguez
6de555a181
Update sockjs-go package to v3.0.2 (#11884)
In #10957, a customer attempted to run a live query on ~60k devices. We
saw that Fleet receives all results from the devices, but stops sending
them to the browser. We believe this _might_ be a deadlock (we couldn't
confirm this because of lack of access to the Fleet instance itself).

We haven't fully confirmed this to be the reason of the
hang/missing-results, but it's worth updating because it [fixes a
possible deadlock in the
package](https://github.com/igm/sockjs-go/releases/tag/v3.0.2).

The remaining changes are the result of running `go mod tidy`.

- ~[ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.~
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [X] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-05-25 08:12:24 -03:00
Juan Fernandez
827c4a7c33
Feature 8058: Added resource.syso metadata file (#10783)
Addresses https://github.com/fleetdm/fleet/issues/8058, https://github.com/fleetdm/fleet/issues/11012 and https://github.com/fleetdm/fleet/issues/11013

This PR adds a new VERSIONINFO metadata file using the
https://github.com/josephspurrier/goversioninfo library.
2023-05-17 18:53:25 -03:00
Zach Wasserman
3f0111964f
Add macos_rsr table from macadmins extension (#11537)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Roberto Dip <me@roperzh.com>
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2023-05-05 11:02:28 -03:00
Martin Angers
b3993ebda4
Allow "not_before" timestamp for worker jobs, schedule more quickly (#11512) 2023-05-03 16:25:36 -04:00
Zachary Winnerman
2ec19979c2
APM Improvements (#11103)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-24 01:13:15 -04:00
dependabot[bot]
23a2964eef
Bump github.com/docker/docker from 20.10.23+incompatible to 23.0.4+incompatible (#11259)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
20.10.23+incompatible to 23.0.4+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v23.0.4</h2>
<h2>23.0.4</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/milestone/77?closed=1">docker/cli,
23.0.4 milestone</a></li>
<li><a
href="https://github.com/moby/moby/milestone/117?closed=1">moby/moby,
23.0.4 milestone</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Fix a performance regression in Docker CLI 23.0.0 <a
href="https://redirect.github.com/docker/cli/pull/4141">docker/cli#4141</a>.</li>
<li>Fix progress indicator on <code>docker cp</code> not functioning as
intended <a
href="https://redirect.github.com/docker/cli/pull/4157">docker/cli#4157</a>.</li>
<li>Fix shell completion for <code>docker compose --file</code> <a
href="https://redirect.github.com/docker/cli/pull/4177">docker/cli#4177</a>.</li>
<li>Fix an error caused by incorrect handling of
&quot;default-address-pools&quot; in <code>daemon.json</code> <a
href="https://redirect.github.com/moby/moby/pull/45246">moby/moby#45246</a>.</li>
</ul>
<h3>Packaging Updates</h3>
<ul>
<li>Fix missing packages for CentOS 9 Stream.</li>
<li>Upgrade Go to <code>1.19.8</code>. <a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/878">docker/docker-ce-packaging#878</a>,
<a
href="https://redirect.github.com/docker/cli/pull/4164">docker/cli#4164</a>,
<a
href="https://redirect.github.com/moby/moby/pull/45277">moby/moby#45277</a>,
which contains fixes for <a
href="https://github.com/advisories/GHSA-fp86-2355-v99r">CVE-2023-24537</a>,
<a
href="https://github.com/advisories/GHSA-v4m2-x4rp-hv22">CVE-2023-24538</a>,
<a
href="https://github.com/advisories/GHSA-8v5j-pwr7-w5f8">CVE-2023-24534</a>,
and <a
href="https://github.com/advisories/GHSA-9f7g-gqwh-jpf5">CVE-2023-24536</a></li>
</ul>
<h2>v23.0.3</h2>
<h2>23.0.3</h2>
<blockquote>
<p><strong>Note</strong></p>
<p>Due to an issue with CentOS 9 Stream's package repositories, packages
for
CentOS 9 are currently unavailable. Packages for CentOS 9 may be added
later,
or as part of the next (23.0.4) patch release.</p>
</blockquote>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Fixed a number of issues that can cause Swarm encrypted overlay
networks
to fail to uphold their guarantees, addressing <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841">CVE-2023-28841</a>,
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840">CVE-2023-28840</a>,
and
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842">CVE-2023-28842</a>.
<ul>
<li>A lack of kernel support for encrypted overlay networks now reports
as an error.</li>
<li>Encrypted overlay networks are eagerly set up, rather than waiting
for
multiple nodes to attach.</li>
<li>Encrypted overlay networks are now usable on Red Hat Enterprise
Linux 9
through the use of the <code>xt_bpf</code> kernel module.</li>
<li>Users of Swarm overlay networks should review <a
href="https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw">GHSA-vwm3-crmr-xfxw</a>
to ensure that unintentional exposure has not occurred.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cbce331930"><code>cbce331</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/45330">#45330</a>
from kevingentile/buildkit-3770</li>
<li><a
href="5f684cb072"><code>5f684cb</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/45331">#45331</a>
from thaJeztah/23.0_backport_rootless_script_bugs</li>
<li><a
href="3731ce10d4"><code>3731ce1</code></a>
Fix argument quoting bugs in dockerd-rootless.sh</li>
<li><a
href="23774ada04"><code>23774ad</code></a>
vendor: github.com/moby/buildkit
v0.10.7-0.20230412161310-d52b2d584242</li>
<li><a
href="90e8a0bbf5"><code>90e8a0b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/45323">#45323</a>
from thaJeztah/23.0_backport_vendor_sctp</li>
<li><a
href="9277e64444"><code>9277e64</code></a>
vendor: github.com/ishidawataru/sctp
v0.0.0-20230406120618-7ff4192f6ff2</li>
<li><a
href="cdb6200887"><code>cdb6200</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/45293">#45293</a>
from AkihiroSuda/backport-45283-23</li>
<li><a
href="09fbbd5677"><code>09fbbd5</code></a>
docker-rootless-setuptools.sh: improve readability of messages</li>
<li><a
href="4ca4705bf7"><code>4ca4705</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/45277">#45277</a>
from thaJeztah/23.0_bump_go1.19.8</li>
<li><a
href="d3e52936c3"><code>d3e5293</code></a>
[23.0] update go to go1.19.8</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v20.10.23...v23.0.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=20.10.23+incompatible&new-version=23.0.4+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2023-04-21 14:53:55 -07:00
Zachary Winnerman
b43aa3a911
Upgtade opentelemetry dependancies (#10950)
```
go get -u go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux go.opentelemetry.io/otel go.opentelemetry.io/otel/exporters/otlp/otlptrace go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc go.opentelemetry.io/otel/sdk; go mod tidy
```

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-21 14:19:47 -04:00
Zach Wasserman
9246a2e61a
Downgrade Docker client version (#10570)
A recent dependabot PR (#9792) upgraded the Docker library, resulting in
errors running some tests:

```
FLEET_VERSION_A=v4.28.0 FLEET_VERSION_B=main go test ./test/upgrade                                                                                                                                                                 *[main]
go: downloading github.com/stretchr/testify v1.8.2
--- FAIL: TestUpgradeAToB (34.73s)
    fleet_test.go:71: start fleet: Error response from daemon: client version 1.42 is too new. Maximum supported API version is 1.41
```

Even after upgrading Docker Desktop to the latest, this error still
persisted. It seems that Docker released a version of the client that is
newer than the latest version of the server.

Reverting to a supported client version.
2023-03-27 11:22:48 -07:00
gillespi314
2ddf377c73
Treat MDM profile not found error as if profile was successfully removed (#10579) 2023-03-20 10:47:07 -05:00
Roberto Dip
305392e7bb
enforce an uniform collation for all tables (#10515)
related to #10441, inspired by the prior work done in
https://github.com/kolide/fleet/pull/1360, this PR:

1. Adds a migration to use `utf8mb4_general_ci` as the default collation
for the database and all the tables. From [MySQL's documentation][1]:

> To change the table default character set and all character columns
    > (CHAR, VARCHAR, TEXT) to a new character set, use a statement like
    > this:
    >
    > ```
    > ALTER TABLE tbl_name CONVERT TO CHARACTER SET charset_name;
    > ```
> The statement also changes the collation of all character columns. If
> you specify no COLLATE clause to indicate which collation to use, the
    > statement uses default collation for the character set.

2. Changes the connection settings to use `utf8mb4_general_ci` as the
default collation, from the [driver docs][2]:

   > Sets the collation used for client-server interaction on
connection. In contrast to charset, collation does not issue additional
queries. If the specified collation is unavailable on the target server,
the connection will fail.

[1]: https://dev.mysql.com/doc/refman/5.7/en/alter-table.html
[2]: https://github.com/go-sql-driver/mysql


**TODO:** discuss how we can enforce this, is setting the database
default collation enough? should we add some kind of custom lint rule to
all migrations?

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2023-03-16 15:49:24 -03:00
gillespi314
c838395c44
Add profile name to host mdm apple profiles (#10455) 2023-03-14 11:21:52 -05:00
dependabot[bot]
f3ed6f3037
Bump github.com/kevinburke/go-bindata from 3.22.0+incompatible to 3.24.0+incompatible (#10186)
Bumps
[github.com/kevinburke/go-bindata](https://github.com/kevinburke/go-bindata)
from 3.22.0+incompatible to 3.24.0+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/kevinburke/go-bindata/releases">github.com/kevinburke/go-bindata's
releases</a>.</em></p>
<blockquote>
<p>v3.24.0</p>
<p>v3.23.0</p>
<p>test</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kevinburke/go-bindata/blob/master/CHANGELOG.md">github.com/kevinburke/go-bindata's
changelog</a>.</em></p>
<blockquote>
<h2>3.24.0</h2>
<p>Remove uses of io/ioutil; you must use Go 1.18 or higher with this
version of
go-bindata and its generated asset files.</p>
<p>Update generated doc comments for compatibility with Go's updated doc
comment
guidelines.</p>
<h2>3.21.0</h2>
<p>Replace &quot;Debug&quot; with &quot;AssetDebug&quot; to reduce the
likelihood of conflicts.</p>
<h2>3.20.0</h2>
<p>Add the &quot;Debug&quot; constant if assets have been generated
using the <code>--debug</code> flag
at the command line.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1b67e2de03"><code>1b67e2d</code></a>
v3.24.0</li>
<li><a
href="2708ad2791"><code>2708ad2</code></a>
CHANGELOG.md: prep for v3.24 release</li>
<li><a
href="5708eee1c2"><code>5708eee</code></a>
.github: add Go 1.18, 1.19</li>
<li><a
href="4a992e31ef"><code>4a992e3</code></a>
all: replace use of io/ioutil</li>
<li><a
href="adf7cd2dcf"><code>adf7cd2</code></a>
v3.23.0</li>
<li><a
href="54fe8e9bc4"><code>54fe8e9</code></a>
Release binaries for arm64</li>
<li><a
href="7ea0201288"><code>7ea0201</code></a>
.github: use latest Go versions</li>
<li><a
href="12dca65da1"><code>12dca65</code></a>
benchmark should write to tmp dir, not ./testdata. Fixes <a
href="https://github-redirect.dependabot.com/kevinburke/go-bindata/issues/42">#42</a>.</li>
<li><a
href="0d7fe269ac"><code>0d7fe26</code></a>
go-bindata: don't panic if given invalid regex</li>
<li><a
href="930726ace6"><code>930726a</code></a>
release: remove underscores from function names</li>
<li>Additional commits viewable in <a
href="https://github.com/kevinburke/go-bindata/compare/v3.22.0...v3.24.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/kevinburke/go-bindata&package-manager=go_modules&previous-version=3.22.0+incompatible&new-version=3.24.0+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-28 19:28:12 -08:00
dependabot[bot]
e28288a618
Bump github.com/go-kit/log from 0.2.0 to 0.2.1 (#10187)
Bumps [github.com/go-kit/log](https://github.com/go-kit/log) from 0.2.0
to 0.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-kit/log/releases">github.com/go-kit/log's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.1</h2>
<p>This release fixes a few small bugs and adds <code>level.Parse</code>
which allows levels to be set by a string input from e.g. flags or
environment variables. Thanks, <a
href="https://github.com/mcosta74"><code>@​mcosta74</code></a>!</p>
<h2>What's Changed</h2>
<ul>
<li>fix safeError &amp; safeString for json format by <a
href="https://github.com/dwiyanr"><code>@​dwiyanr</code></a> in <a
href="https://github-redirect.dependabot.com/go-kit/log/pull/20">go-kit/log#20</a></li>
<li>Update CI and add badges to README by <a
href="https://github.com/ChrisHines"><code>@​ChrisHines</code></a> in <a
href="https://github-redirect.dependabot.com/go-kit/log/pull/21">go-kit/log#21</a></li>
<li>Allow to configure allowed levels by string value by <a
href="https://github.com/mcosta74"><code>@​mcosta74</code></a> in <a
href="https://github-redirect.dependabot.com/go-kit/log/pull/22">go-kit/log#22</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/dwiyanr"><code>@​dwiyanr</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/go-kit/log/pull/20">go-kit/log#20</a></li>
<li><a href="https://github.com/mcosta74"><code>@​mcosta74</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/go-kit/log/pull/22">go-kit/log#22</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-kit/log/compare/v0.2.0...v0.2.1">https://github.com/go-kit/log/compare/v0.2.0...v0.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0b69c70493"><code>0b69c70</code></a>
Allow to configure allowed levels by string value (<a
href="https://github-redirect.dependabot.com/go-kit/log/issues/22">#22</a>)</li>
<li><a
href="3752ef76bb"><code>3752ef7</code></a>
Update CI and add badges to README (<a
href="https://github-redirect.dependabot.com/go-kit/log/issues/21">#21</a>)</li>
<li><a
href="2b8dc2beb3"><code>2b8dc2b</code></a>
fix safeError &amp; safeString for json format (<a
href="https://github-redirect.dependabot.com/go-kit/log/issues/20">#20</a>)</li>
<li>See full diff in <a
href="https://github.com/go-kit/log/compare/v0.2.0...v0.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-kit/log&package-manager=go_modules&previous-version=0.2.0&new-version=0.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-28 17:26:57 -08:00
dependabot[bot]
85a665aa6b
Bump golang.org/x/net from 0.5.0 to 0.7.0 (#9941)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to
0.7.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8e2b117aee"><code>8e2b117</code></a>
http2/hpack: avoid quadratic complexity in hpack decoding</li>
<li><a
href="547e7edf38"><code>547e7ed</code></a>
http2: avoid referencing ResponseWrite.Write parameter after
returning</li>
<li><a
href="39940adcaa"><code>39940ad</code></a>
html: parse comments per HTML spec</li>
<li><a
href="87ce33ecb4"><code>87ce33e</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="415cb6d518"><code>415cb6d</code></a>
all: fix some comments</li>
<li><a
href="7e3c19ca52"><code>7e3c19c</code></a>
all: correct typos in comments</li>
<li><a
href="296f09aa38"><code>296f09a</code></a>
http2: case insensitive handling for 100-continue</li>
<li><a
href="f8411da775"><code>f8411da</code></a>
nettest: fix tests on dragonfly and js/wasm</li>
<li>See full diff in <a
href="https://github.com/golang/net/compare/v0.5.0...v0.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.5.0&new-version=0.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-28 09:38:33 -08:00