This may be needed for CIS 2.3.2.2 check:
```
Correct date and time settings are required for authentication protocols, file creation,
modification dates and log entries. Ensure that time on the computer is within
acceptable limits. Truly accurate time is measured within milliseconds. For this audit, a
drift under four and a half minutes passes the control check. Since Kerberos is one of
the important features of macOS integration into Directory systems, the guidance here
is to warn you before there could be an impact to operations. From the perspective of
accurate time, this check is not strict, so it may be too great for your organization. Your
organization can adjust to a smaller offset value as needed.
```
#9239
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Improve https://github.com/fleetdm/fleet/pull/9336 providing default
settings similar to the OpenAI playground, including a higher
temperature and number of maximum tokens. Also fixes prefix trimming.
This improves https://github.com/fleetdm/fleet/pull/9336 by eliminating
junk text and encouraging better replies. Uses an h1 to emphasize the
issue title, so that short issues don't get weird and truncated, and the
bot reply stays focused on the main point of the issue.
Bumps golang from 1.19.2-bullseye to 1.19.5-bullseye.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Doing this could cause the package to update and therefore generate a
dirty worktree after a run of `make deps-go`. Goreleaser will refuse to
make a build on a dirty work tree (which is probably the behavior we
want, as we only want to build with committed changes).
This PR will change our github issues template from the previous
**new-feature-work** to **Story** and **sub-task**.
It can only be tested after merging to main.
# Testing required:
After merging this PR to main, make sure that when creating a new issue,
these templates are available instead of the old one.
# Checklist for submitter
- [ ] Manual QA for all new/changed functionality
.
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Changes:
- Added a "Number of devices" input to the MDM beta signup form on the
`/device-management` page.
- Updated `website/api/controllers/deliver-mdm-beta-signup.js` to accept
a `numberOfHosts` input, and to include that value in the request to the
Zapier webhook.
Changes:
- Added three errors to
`website/api/helpers/get-extended-osquery-schema.js` that are thrown if
a YAML schema table has:
- A `platforms` value that is not an array
- A `description` value that is not a string
- A `columns` value that is not an array
- Updated the `platforms` of YAML schema tables in `schema/tables/` that
had string `platforms` values
- Regenerated `/schema/osquery_fleet_schema.json`
.
We want the sandcastle branch as a source (but it could be anything we
choose), but a vX.Y.Z-A version tag over in the sandbox, so split those
into 2 asked variables.
Changes:
- Updated the version of the osquery schema we merge with Fleet's
overrides (`5.6.0` » `5.7.0`)
- Ran the `generate-merged-schema` script to regenerate
`schema/osquery_fleet_schema.json`
. .
Changes:
- Added a "MDM required" tag to the queries in the standard query
library that use the `managed_policies` table.
- Updated the build script to add a `requiresMdm` value to queries added
to `builtStaticContent.queries`, and to set it to true if a query has
the "MDM required" tags
- Updated the `/queries` page to add a "Requires MDM" badge to queries
that have `requiresMdm: true`
. . .
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Related to: https://github.com/fleetdm/fleet/issues/9266
Changes:
- Updated the width of the modal form on the `/device-management` page.
- Updated the form inputs on the `/device-management` page to clear
errors when a user changes the input.
- Updated button styles to match wireframes.
- Updated the page indicator in the scrollable-tweets component.
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
Changes:
- Updated the Fleet sandbox registration page to make a first name, last
name, and organization required.
- Removed the "REQUIRED" label from the email address input on the Fleet
Sandbox registration page and removed styles for it from the page's
stylesheet.
- Updated the `organization` input of `signup.js` to be required.
- Changed the POST request to Zapier in `signup.js` to always use the
information provided.
Changes:
- Updated the `build-static-content` script to use a GitHub API token
for requests if one is provided e.g., `sails run build-static-content
--githubAccessToken="foo"`
- Updated the `build-for-prod` npm script to run the
`build-static-content` script with a variable named `BUILD_SCRIPT_ARGS`.
- Updated the "Deploy Fleet website" and "Test Fleet website" workflows
to run the `build-for-prod` script with a GitHub API token
. .
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
