mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
2c6bd879f8
6973 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Lucas Manuel Rodriguez
|
2c6bd879f8
|
Notify Go and Integration CI failures to new channel (#10235) | ||
dependabot[bot]
|
eb1194a0b4
|
Bump loader-utils from 1.4.0 to 1.4.2 (#10234)
Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.4.0 to 1.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack/loader-utils/releases">loader-utils's releases</a>.</em></p> <blockquote> <h2>v1.4.2</h2> <h3><a href="https://github.com/webpack/loader-utils/compare/v1.4.1...v1.4.2">1.4.2</a> (2022-11-11)</h3> <h3>Bug Fixes</h3> <ul> <li>ReDoS problem (<a href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/226">#226</a>) (<a href=" |
||
|
dependabot[bot]
|
12751b853f
|
Bump json5 from 1.0.1 to 1.0.2 (#10233)
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/json5/json5/releases">json5's releases</a>.</em></p> <blockquote> <h2>v1.0.2</h2> <ul> <li>Fix: Properties with the name <code>__proto__</code> are added to objects and arrays. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<a href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>). This has been backported to v1. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/298">#298</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/json5/json5/blob/main/CHANGELOG.md">json5's changelog</a>.</em></p> <blockquote> <h3>Unreleased [<a href="https://github.com/json5/json5/tree/main">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.3...HEAD">diff</a>]</h3> <h3>v2.2.3 [<a href="https://github.com/json5/json5/tree/v2.2.3">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.2...v2.2.3">diff</a>]</h3> <ul> <li>Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/299">#299</a>)</li> </ul> <h3>v2.2.2 [<a href="https://github.com/json5/json5/tree/v2.2.2">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.1...v2.2.2">diff</a>]</h3> <ul> <li>Fix: Properties with the name <code>__proto__</code> are added to objects and arrays. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<a href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>).</li> </ul> <h3>v2.2.1 [<a href="https://github.com/json5/json5/tree/v2.2.1">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.0...v2.2.1">diff</a>]</h3> <ul> <li>Fix: Removed dependence on minimist to patch CVE-2021-44906. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/266">#266</a>)</li> </ul> <h3>v2.2.0 [<a href="https://github.com/json5/json5/tree/v2.2.0">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.3...v2.2.0">diff</a>]</h3> <ul> <li>New: Accurate and documented TypeScript declarations are now included. There is no need to install <code>@types/json5</code>. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/236">#236</a>, <a href="https://github-redirect.dependabot.com/json5/json5/issues/244">#244</a>)</li> </ul> <h3>v2.1.3 [<a href="https://github.com/json5/json5/tree/v2.1.3">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.2...v2.1.3">diff</a>]</h3> <ul> <li>Fix: An out of memory bug when parsing numbers has been fixed. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/228">#228</a>, <a href="https://github-redirect.dependabot.com/json5/json5/issues/229">#229</a>)</li> </ul> <h3>v2.1.2 [<a href="https://github.com/json5/json5/tree/v2.1.2">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.1...v2.1.2">diff</a>]</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Zach Wasserman
|
515cdb918c
|
Replace import-glob-loader with node-sass-glob-importer (#10171)
import-glob-loader has a very old loader-utils dependency that triggers security alerting. Hoping that replacing this will allow the loader-utils version to be updated. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Manual QA for all new/changed functionality |
||
|
Zach Wasserman
|
c136b3bdfa
|
Update Fleet library versions used in Sandbox (#10230) | ||
JD
|
607a89b527
|
Clarification on NVD for MS Office in 4.28.0 Release Notes (#10226)
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
|
dependabot[bot]
|
37c9097ac0
|
Bump github.com/open-policy-agent/opa from 0.42.0 to 0.43.1 in /infrastructure/sandbox/JITProvisioner/lambda (#10225)
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.42.0 to 0.43.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/open-policy-agent/opa/releases">github.com/open-policy-agent/opa's releases</a>.</em></p> <blockquote> <h2>v0.43.1</h2> <p>This is a security release fixing the following vulnerabilities:</p> <ul> <li> <p>CVE-2022-36085: Respect unsafeBuiltinMap for 'with' replacements in the compiler</p> <p>See <a href="https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr">https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr</a> for all details.</p> </li> <li> <p>CVE-2022-27664 and CVE-2022-32190.</p> <p>Fixed by updating the Go version used in our builds to 1.18.6, see <a href="https://groups.google.com/g/golang-announce/c/x49AQzIVX-s">https://groups.google.com/g/golang-announce/c/x49AQzIVX-s</a>. Note that CVE-2022-32190 is most likely not relevant for OPA's usage of net/url. But since these CVEs tend to come up in security assessment tooling regardless, it's better to get it out of the way.</p> </li> </ul> <h2>v0.43.0</h2> <p>This release contains a number of fixes, enhancements, and performance improvements.</p> <h3>Object Insertion Optimization</h3> <p>Rego Object insertion operations did not scale linearly (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4625">#4625</a>) in the past, and experienced noticeable reallocation/memory movement overheads once the Object grew past 120k-150k keys in size.</p> <p>This release introduces different handling of Object internals during insert operations to avoid pathological reallocation behavior, and allows linear performance scaling up into the 500k key range and beyond.</p> <h3>Tooling, SDK, and Runtime</h3> <ul> <li>Add lines covered/not covered counts to test coverage report (authored by <a href="https://github.com/FarisR99"><code>@FarisR99</code></a>)</li> <li>Plugins: Status and logs plugins now accept any HTTP 2xx status code (authored by <a href="https://github.com/lvisterin"><code>@lvisterin</code></a>)</li> <li>Runtime: Generalize OS check for MacOS to other Unix-likes (authored by <a href="https://github.com/iamleot"><code>@iamleot</code></a>)</li> </ul> <h4>Bundles Fixes</h4> <p>The Bundles system received several bugfixes and performance improvements in this release:</p> <ul> <li>Bundle: <code>opa bundle</code> command now supports <code>.yml</code> files (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4859">#4859</a>) authored by <a href="https://github.com/Joffref"><code>@Joffref</code></a> reported by <a href="https://github.com/rdrgmnzsakt"><code>@rdrgmnzsakt</code></a></li> <li>Plugins/Bundle: Use unique temporary files for persisting activated bundles to disk (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4782">#4782</a>) authored by <a href="https://github.com/FredrikAppelros"><code>@FredrikAppelros</code></a> reported by <a href="https://github.com/FredrikAppelros"><code>@FredrikAppelros</code></a></li> <li>Server: Old policy path is now checked for bundle ownership before update (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4846">#4846</a>)</li> <li>Storage+Bundle: Old bundle data is now cleaned before new bundle activation (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4940">#4940</a>)</li> <li>Bundle: Paths are now normalized before bundle root check occurs to ensure checks are os-independent</li> </ul> <h4>Storage Fixes</h4> <p>The Storage system received mostly bugfixes, with a notable performance improvement for large bundles in this release:</p> <ul> <li>storage/inmem: Speed up bundle activation by avoiding unnecessary read operations (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4898">#4898</a>)</li> <li>storage/inmem: Paths are now created during truncate operations if they did not exist before</li> <li>storage/disk: Symlinks work with relative paths now (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4869">#4869</a>)</li> </ul> <h3>Rego and Topdown</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md">github.com/open-policy-agent/opa's changelog</a>.</em></p> <blockquote> <h2>0.43.1</h2> <p>This is a security release fixing the following vulnerabilities:</p> <ul> <li> <p>CVE-2022-36085: Respect unsafeBuiltinMap for 'with' replacements in the compiler</p> <p>See <a href="https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr">https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr</a> for all details.</p> </li> <li> <p>CVE-2022-27664 and CVE-2022-32190.</p> <p>Fixed by updating the Go version used in our builds to 1.18.6, see <a href="https://groups.google.com/g/golang-announce/c/x49AQzIVX-s">https://groups.google.com/g/golang-announce/c/x49AQzIVX-s</a>. Note that CVE-2022-32190 is most likely not relevant for OPA's usage of net/url. But since these CVEs tend to come up in security assessment tooling regardless, it's better to get it out of the way.</p> </li> </ul> <h2>0.43.0</h2> <p>This release contains a number of fixes, enhancements, and performance improvements.</p> <h3>Object Insertion Optimization</h3> <p>Rego Object insertion operations did not scale linearly (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4625">#4625</a>) in the past, and experienced noticeable reallocation/memory movement overheads once the Object grew past 120k-150k keys in size.</p> <p>This release introduces different handling of Object internals during insert operations to avoid pathological reallocation behavior, and allows linear performance scaling up into the 500k key range and beyond.</p> <h3>Tooling, SDK, and Runtime</h3> <ul> <li>Add lines covered/not covered counts to test coverage report (authored by <a href="https://github.com/FarisR99"><code>@FarisR99</code></a>)</li> <li>Plugins: Status and logs plugins now accept any HTTP 2xx status code (authored by <a href="https://github.com/lvisterin"><code>@lvisterin</code></a>)</li> <li>Runtime: Generalize OS check for MacOS to other Unix-likes (authored by <a href="https://github.com/iamleot"><code>@iamleot</code></a>)</li> </ul> <h4>Bundles Fixes</h4> <p>The Bundles system received several bugfixes and performance improvements in this release:</p> <ul> <li>Bundle: <code>opa bundle</code> command now supports <code>.yml</code> files (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4859">#4859</a>) authored by <a href="https://github.com/Joffref"><code>@Joffref</code></a> reported by <a href="https://github.com/rdrgmnzsakt"><code>@rdrgmnzsakt</code></a></li> <li>Plugins/Bundle: Use unique temporary files for persisting activated bundles to disk (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4782">#4782</a>) authored by <a href="https://github.com/FredrikAppelros"><code>@FredrikAppelros</code></a> reported by <a href="https://github.com/FredrikAppelros"><code>@FredrikAppelros</code></a></li> <li>Server: Old policy path is now checked for bundle ownership before update (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4846">#4846</a>)</li> <li>Storage+Bundle: Old bundle data is now cleaned before new bundle activation (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4940">#4940</a>)</li> <li>Bundle: Paths are now normalized before bundle root check occurs to ensure checks are os-independent</li> </ul> <h4>Storage Fixes</h4> <p>The Storage system received mostly bugfixes, with a notable performance improvement for large bundles in this release:</p> <ul> <li>storage/inmem: Speed up bundle activation by avoiding unnecessary read operations (<a href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4898">#4898</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
1a73517a7f
|
Bump github.com/russellhaering/goxmldsig from 1.1.0 to 1.1.1 in /infrastructure/sandbox/JITProvisioner/lambda (#10224)
Bumps [github.com/russellhaering/goxmldsig](https://github.com/russellhaering/goxmldsig) from 1.1.0 to 1.1.1. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
74e01c36ae
|
Bump github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.2 in /infrastructure/sandbox/PreProvisioner/lambda (#10223)
Bumps [github.com/theupdateframework/go-tuf](https://github.com/theupdateframework/go-tuf) from 0.3.0 to 0.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/theupdateframework/go-tuf/releases">github.com/theupdateframework/go-tuf's releases</a>.</em></p> <blockquote> <h2>v0.3.2</h2> <h2>Changelog</h2> <h3>Bug fixes</h3> <ul> <li>b6695e4ba6d0b98beb851054c0f187df8d54a639: fix(verify): backport "Fix a vulnerability in the verification of threshold si… (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/375">#375</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> </ul> <h2>v0.3.1</h2> <h2>Changelog</h2> <h3>Features</h3> <ul> <li>4bf58eb096f99647e7fd30447396c7a57202982f: feat: add <code>payload</code> and <code>add-signature</code> commands. (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/214">#214</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> <li>39c23cb5043ad2c0d873f7cc7191a7256f6a3cb6: feat: add workflow responsible for notifying of new TUF spec release (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/287">#287</a>) (<a href="https://github.com/rdimitrov"><code>@rdimitrov</code></a>)</li> <li>355e39cb2df220fc3961396a6d0e30bcf2c9ac12: feat: Implement TAP-12 support (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/310">#310</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>9a41055b8eee0fee60650c43037f35b919d72d7c: fix: check root metadata verification before snapshotting (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/293">#293</a>) (<a href="https://github.com/asraa"><code>@asraa</code></a>)</li> <li>e3efe988f0371d41c83686204dc6ae23285bf33c: fix: verify length and hashes of fetched bytes before parsing (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/325">#325</a>) (<a href="https://github.com/joshuagl"><code>@joshuagl</code></a>)</li> </ul> <h3>Others</h3> <ul> <li>ea0f98a4e1b72d7486e4e86baf7fd9a3ec1fc844: chore(deps): bump arnested/go-version-action from 1.0.67 to 1.0.69 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/288">#288</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>6722937104a3178b2b899c5ce1799de129ddb294: chore(deps): bump golangci/golangci-lint-action from 2.5.2 to 3.2.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/289">#289</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>e2594e68bf2239a0b60c576c47b5ede7ac8c8fe4: chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/290">#290</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>580db1958c1e16ee73d53055eb9793fde1110d8e: chore(deps): bump goreleaser/goreleaser-action from 2.9.1 to 3 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/294">#294</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>5884dab97151c7fd314ee34ac71bf0cf6167e21c: chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/295">#295</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>3b26aedfe985198bc88a9dda7525938c575ca046: chore(deps): bump arnested/go-version-action from 1.0.69 to 1.0.70 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/297">#297</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>041e818016131ec500c78ed8eb20fed9a5668861: chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/298">#298</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>ad96eca0239ec2cc9b6e408fbe42b2f9e9d6b1dd: chore(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/299">#299</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>36633af8d7a2162664a58f3fb1fe36a74e10428e: chore(deps): bump arnested/go-version-action from 1.0.70 to 1.1.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/300">#300</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>e24b175b00960136ecacb8111d9887d15ce47c6d: chore(deps): bump actions/setup-python from 3.1.2 to 4 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/311">#311</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>1684c680105f90a054f04e05b0f8ac540c4ef885: docs: Update CONTRIBUTING.md, add MAINTAINERS.md (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/309">#309</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> <li>4139c85cd7632c659bf00f4b2810c37eb8d71a2c: chore(deps): bump arnested/go-version-action from 1.1.0 to 1.1.3 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/316">#316</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>36a29309b2531255fc7d374c4055dcfab0fd04e8: build: update go version to 1.18 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/314">#314</a>) (<a href="https://github.com/asraa"><code>@asraa</code></a>)</li> <li>ae904d2bb977a54e6a5527513c4d398c8d9cc285: docs: Add DCO instructions (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/319">#319</a>) (<a href="https://github.com/znewman01"><code>@znewman01</code></a>)</li> <li>81cd9b36a8023d6e943f0f3cacfe664603fa3177: chore(deps): bump Python from 3.6 to 3.10 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/318">#318</a>) (<a href="https://github.com/rdimitrov"><code>@rdimitrov</code></a>)</li> <li>986a4c5a492be020d0ab16a5ea13b9963bf7af1f: chore(deps): bump requests from 2.27.1 to 2.28.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/317">#317</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>439ce47c43c772ad225101494db8307e97f869c3: chore(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/324">#324</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>3bb077e8c246429db8acafc78761de71cc4d6b62: chore(deps): bump requests from 2.28.0 to 2.28.1 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/332">#332</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>eed9e6c4d8eac821593800fd053d8cca5ee56137: chore(deps): bump github.com/stretchr/testify from 1.7.4 to 1.8.0 (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/331">#331</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li>0d40b25637fa35e4e546a0bafebaa7ee4591e172: test: fix flakey util test (<a href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/333">#333</a>) (<a href="https://github.com/asraa"><code>@asraa</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
05d38abc35
|
Bump github/codeql-action from 2.1.21 to 2.2.5 (#10220)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.21 to 2.2.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.2.5 - 24 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1543">#1543</a></li> </ul> <h2>2.2.4 - 10 Feb 2023</h2> <p>No user facing changes.</p> <h2>2.2.3 - 08 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li> </ul> <h2>2.2.2 - 06 Feb 2023</h2> <ul> <li>Fix an issue where customers using the CodeQL Action with the <a href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL Action sync tool</a> would not be able to obtain the CodeQL tools. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li> </ul> <h2>2.2.1 - 27 Jan 2023</h2> <p>No user facing changes.</p> <h2>2.2.0 - 26 Jan 2023</h2> <ul> <li>Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a> <ul> <li>This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions <a href="https://github.com/actions/runner-images">runner images</a>.</li> <li><strong>No change is required for the majority of workflows</strong>, including: <ul> <li>Workflows on GitHub.com hosted runners using the latest version (<code>v2</code>) of the CodeQL Action.</li> <li>Workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li> <li>Workflows on GitHub Enterprise Server.</li> </ul> </li> <li><strong>A change may be required</strong> for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>): <ul> <li>Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.</li> <li>Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (<code>v2</code>).</li> </ul> </li> <li><strong>Internal changes</strong> <ul> <li>These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses <a href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a> or relies on the precise location of CodeQL within the Actions tool cache.</li> <li>The tool cache now contains <strong>two</strong> recent CodeQL versions (previously <strong>one</strong>).</li> <li>Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under <code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously <code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li> </ul> </li> </ul> </li> <li>The maximum number of <a href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF runs</a> per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the <a href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub API documentation</a> for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.</li> <li>Update default CodeQL bundle version to 2.12.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li> <li>Fix a bug that forced the <code>init</code> Action to run for at least two minutes on JavaScript. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li> </ul> <h2>2.1.39 - 18 Jan 2023</h2> <ul> <li>CodeQL Action v1 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see <a href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this changelog post</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li> <li>Python automatic dependency installation will no longer fail for projects using Poetry that specify <code>virtualenvs.options.no-pip = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li> <li>Avoid printing a stack trace and error message when the action fails to find the SHA at the</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
17ecc388ec
|
Bump tfsec/tfsec-sarif-action from 0.1.3 to 0.1.4 (#10219)
Bumps [tfsec/tfsec-sarif-action](https://github.com/tfsec/tfsec-sarif-action) from 0.1.3 to 0.1.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tfsec/tfsec-sarif-action/releases">tfsec/tfsec-sarif-action's releases</a>.</em></p> <blockquote> <h2>v0.1.4</h2> <h2>What's Changed</h2> <ul> <li>Replace deprecated <code>set-output</code> usage with environment file <code>GITHUB_OUTPUT</code> by <a href="https://github.com/sivapalan"><code>@sivapalan</code></a> in <a href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/35">aquasecurity/tfsec-sarif-action#35</a></li> <li>Fix conditional expression for setting <code>TFSEC_VERSION</code> by <a href="https://github.com/sivapalan"><code>@sivapalan</code></a> in <a href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/36">aquasecurity/tfsec-sarif-action#36</a></li> <li>Forcing wget to use IPv4 by <a href="https://github.com/jasonjanderson"><code>@jasonjanderson</code></a> in <a href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/37">aquasecurity/tfsec-sarif-action#37</a></li> <li>add git and hg to docker image by <a href="https://github.com/bobcallaway"><code>@bobcallaway</code></a> in <a href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/33">aquasecurity/tfsec-sarif-action#33</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jasonjanderson"><code>@jasonjanderson</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/37">aquasecurity/tfsec-sarif-action#37</a></li> <li><a href="https://github.com/bobcallaway"><code>@bobcallaway</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/33">aquasecurity/tfsec-sarif-action#33</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/aquasecurity/tfsec-sarif-action/compare/v0.1.3...v0.1.4">https://github.com/aquasecurity/tfsec-sarif-action/compare/v0.1.3...v0.1.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
StepSecurity Bot
|
fb152b9114
|
Pin image SHA in Dockerfiles (#10205)
## Summary This pull request is created by [Secure Repo](https://app.stepsecurity.io/securerepo) at the request of @zwass. Please merge the Pull Request to incorporate the requested changes. Please tag @zwass on your message if you have any questions related to the PR. You can also engage with the [StepSecurity](https://github.com/step-security) team by tagging @step-security-bot. ## Security Fixes ### Secure Dockerfiles Pin image tags to digests in Dockerfiles. With the Docker v2 API release, it became possible to use digests in place of tags when pulling images or to use them in FROM lines in Dockerfiles. - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo). To create such PRs, please visit https://app.stepsecurity.io/securerepo. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Zach Wasserman <zach@fleetdm.com> |
||
|
dependabot[bot]
|
74a86ff0ab
|
Bump dawidd6/action-download-artifact from 2.23.0 to 2.26.0 (#10218)
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 2.23.0 to 2.26.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Zachary Winnerman
|
4b6da3dd62
|
bump version (#10216)
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
Noah Talerman
|
8f84442b9a
|
MDM docs: End user UX for OS updates (#10078)
- Explain that Fleet automatically downloads the macOS update for the end user - Explain how to troubleshoot the scenario when the Mac says it's up to date when it isn't |
||
|
Zachary Winnerman
|
714a628908
|
Update readmes (#10214)
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
RachelElysia
|
4c80e1808b
|
CIS - WIN10 - 2.3.10.X policies (#10178) | ||
Roberto Dip
|
164bb4bf5c
|
add logic to configure FileVault + escrow (#10160)
Related to #9495, this adds the underlying methods to send a configuration profile that enables FileVault and FileVault Escrow, so we can fetch and decrypt the encryption key later on. These methods still need to be called somewhere, and they might need to be moved outside of `Service`, but at least this gives us a start. |
||
|
dependabot[bot]
|
f3ed6f3037
|
Bump github.com/kevinburke/go-bindata from 3.22.0+incompatible to 3.24.0+incompatible (#10186)
Bumps [github.com/kevinburke/go-bindata](https://github.com/kevinburke/go-bindata) from 3.22.0+incompatible to 3.24.0+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/kevinburke/go-bindata/releases">github.com/kevinburke/go-bindata's releases</a>.</em></p> <blockquote> <p>v3.24.0</p> <p>v3.23.0</p> <p>test</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kevinburke/go-bindata/blob/master/CHANGELOG.md">github.com/kevinburke/go-bindata's changelog</a>.</em></p> <blockquote> <h2>3.24.0</h2> <p>Remove uses of io/ioutil; you must use Go 1.18 or higher with this version of go-bindata and its generated asset files.</p> <p>Update generated doc comments for compatibility with Go's updated doc comment guidelines.</p> <h2>3.21.0</h2> <p>Replace "Debug" with "AssetDebug" to reduce the likelihood of conflicts.</p> <h2>3.20.0</h2> <p>Add the "Debug" constant if assets have been generated using the <code>--debug</code> flag at the command line.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Mike McNeil
|
3d1e3b55f7
|
Update ceo-handbook.md (#10203)
. |
||
|
Zach Wasserman
|
1bc41a500e
|
Update oncall escalation docs (#10026)
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com> |
||
|
Zach Wasserman
|
9b1583bfc7
|
Fix incorrect integer conversion (#10188)
This was caught by CodeQL. We parsed as a 64 bit but then convert to a (possibly 32 bit) `uint`. It would be 64 bit on most platforms, but we actually use a 32 bit `int` type in MySQL as well. |
||
|
StepSecurity Bot
|
2154c13865
|
Pin actions to commit SHA (#10204)
## Summary This pull request is created by [Secure Repo](https://app.stepsecurity.io/securerepo) at the request of @zwass. Please merge the Pull Request to incorporate the requested changes. Please tag @zwass on your message if you have any questions related to the PR. You can also engage with the [StepSecurity](https://github.com/step-security) team by tagging @step-security-bot. ## Security Fixes ### Pinned Dependencies GitHub Action tags and Docker tags are mutable. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo). To create such PRs, please visit https://app.stepsecurity.io/securerepo. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> |
||
|
dependabot[bot]
|
e28288a618
|
Bump github.com/go-kit/log from 0.2.0 to 0.2.1 (#10187)
Bumps [github.com/go-kit/log](https://github.com/go-kit/log) from 0.2.0 to 0.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-kit/log/releases">github.com/go-kit/log's releases</a>.</em></p> <blockquote> <h2>v0.2.1</h2> <p>This release fixes a few small bugs and adds <code>level.Parse</code> which allows levels to be set by a string input from e.g. flags or environment variables. Thanks, <a href="https://github.com/mcosta74"><code>@mcosta74</code></a>!</p> <h2>What's Changed</h2> <ul> <li>fix safeError & safeString for json format by <a href="https://github.com/dwiyanr"><code>@dwiyanr</code></a> in <a href="https://github-redirect.dependabot.com/go-kit/log/pull/20">go-kit/log#20</a></li> <li>Update CI and add badges to README by <a href="https://github.com/ChrisHines"><code>@ChrisHines</code></a> in <a href="https://github-redirect.dependabot.com/go-kit/log/pull/21">go-kit/log#21</a></li> <li>Allow to configure allowed levels by string value by <a href="https://github.com/mcosta74"><code>@mcosta74</code></a> in <a href="https://github-redirect.dependabot.com/go-kit/log/pull/22">go-kit/log#22</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dwiyanr"><code>@dwiyanr</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/go-kit/log/pull/20">go-kit/log#20</a></li> <li><a href="https://github.com/mcosta74"><code>@mcosta74</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/go-kit/log/pull/22">go-kit/log#22</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-kit/log/compare/v0.2.0...v0.2.1">https://github.com/go-kit/log/compare/v0.2.0...v0.2.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Zach Wasserman
|
64cd97fc83
|
Remove debug on failure from integration test action (#10202)
This would cause the job to take much longer to report a failure. Instead, just add this line if debugging is necessary. |
||
|
dependabot[bot]
|
0ef74017ea
|
Bump docker/login-action from 2.0.0 to 2.1.0 (#10182)
Bumps [docker/login-action](https://github.com/docker/login-action) from 2.0.0 to 2.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v2.1.0</h2> <h2>What's Changed</h2> <ul> <li>Ensure AWS temp credentials are redacted in workflow logs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/login-action/issues/275">#275</a>)</li> <li>Bump <code>@actions/core</code> from 1.6.0 to 1.10.0 (<a href="https://github-redirect.dependabot.com/docker/login-action/issues/252">#252</a> <a href="https://github-redirect.dependabot.com/docker/login-action/issues/292">#292</a>)</li> <li>Bump <code>@aws-sdk/client-ecr</code> from 3.53.0 to 3.186.0 (<a href="https://github-redirect.dependabot.com/docker/login-action/issues/298">#298</a>)</li> <li>Bump <code>@aws-sdk/client-ecr-public</code> from 3.53.0 to 3.186.0 (<a href="https://github-redirect.dependabot.com/docker/login-action/issues/299">#299</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v2.0.0...v2.1.0">https://github.com/docker/login-action/compare/v2.0.0...v2.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
56b26753a5
|
Bump ossf/scorecard-action from 1.1.2 to 2.1.2 (#10180)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.1.2 to 2.1.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.1.2</h2> <h2>What's Changed</h2> <h3>Fixes</h3> <ul> <li>🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf statement. by <a href="https://github.com/spencerschrock"><code>@spencerschrock</code></a> in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054">ossf/scorecard-action#1054</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2">https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2</a></p> <h2>v2.1.1</h2> <h2>Scorecard version</h2> <p>This release use <a href="https://github.com/ossf/scorecard/releases/tag/v4.10.1">Scorecard's v4.10.1</a></p> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1">https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1</a></p> <h2>v2.1.0</h2> <h2>What's Changed</h2> <h3>Scorecard version</h3> <p>This release uses <a href="https://github.com/ossf/scorecard/releases/tag/v4.10.0">scorecard v4.10.0</a>.</p> <h3>Improvements</h3> <ul> <li>Docker build workflow by <a href="https://github.com/naveensrinivasan"><code>@naveensrinivasan</code></a> in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/981">ossf/scorecard-action#981</a></li> <li>Use root user in distroless to support GitHub Actions by <a href="https://github.com/spencerschrock"><code>@spencerschrock</code></a> in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/994">ossf/scorecard-action#994</a></li> <li>Disable pull_request_target by <a href="https://github.com/laurentsimon"><code>@laurentsimon</code></a> in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1031">ossf/scorecard-action#1031</a></li> </ul> <h3>Documentation</h3> <ul> <li>Add PAT section explaining risks by <a href="https://github.com/olivekl"><code>@olivekl</code></a> in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1024">ossf/scorecard-action#1024</a></li> <li>Make the badge text easier to copy by <a href="https://github.com/rajbos"><code>@rajbos</code></a> in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026">ossf/scorecard-action#1026</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/joycebrum"><code>@joycebrum</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/984">ossf/scorecard-action#984</a></li> <li><a href="https://github.com/rajbos"><code>@rajbos</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026">ossf/scorecard-action#1026</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0">https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0</a></p> <h2>v2.0.6</h2> <h2>What's Changed</h2> <ul> <li>Fix - Broken dockerfile by <a href="https://github.com/naveensrinivasan"><code>@naveensrinivasan</code></a> in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/979">ossf/scorecard-action#979</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6">https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6</a></p> <h2>v2.0.5</h2> <h2>What's Changed</h2> <ul> <li>Remove trailing space from example by <a href="https://github.com/jamacku"><code>@jamacku</code></a> in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/955">ossf/scorecard-action#955</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Jarod Reyes
|
39d337c4df
|
Adding product marketing Tiers to the Product section. (#10128)
Co-authored-by: Mo Zhu <mo@fleetdm.com> Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> |
||
|
Mike McNeil
|
2a11e88f3a
|
Clarify specialties (#10201)
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
Eric
|
9f87abe8d5
|
Regenerate osquery_fleet_schema.json (#10200)
Changes: - Ran the `generate-merged-schema` script to regenerate `schema/osquery_fleet_schema.json`. |
||
|
Mike McNeil
|
39d25e458c
|
Update shadow program (#10199)
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
|
Mike McNeil
|
2b4241c255
|
Redirect (/handbook/company/product-groups) (#10195) | ||
|
Eric
|
32a6feb70f
|
Handbook: Update Customers runbook (#10191)
Changes: - Rewrote the handbook section about how to change a customer's credit card - Added a section about how to resolve Algolia crawler errors |
||
Zay Hanlon
|
c9576a135f
|
Update to infra oncall process (#10162)
Update to infra oncall process --------- Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com> |
||
Martin Angers
|
4593c49ec4
|
Add disk_encryption option to config and team YAML (#10185) | ||
Luke Heath
|
ac3541659d
|
Remove e2e tests from github test workflow (#10176) | ||
Reed Haynes
|
ec6a4e91ef
|
Update README.md (#10175)
Update assignee parameter |
||
|
Zachary Winnerman
|
eff94f917a
|
Alb cidr list (#10184)
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
|
Zachary Winnerman
|
889247eeb3
|
Allow ALB Cidrs to be passed into the module (#10179)
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
|
Roberto Dip
|
69bb2abc18
|
modify query for when encryption key has newlines (#10094) | ||
|
Roberto Dip
|
af6d4059b9
|
Read enroll-secret and fleet-url from config profile on macOS (#10134)
This allows orbit to read enroll-secret and fleet-url from a configuration profile if both values are not set when the package is built. Part of https://github.com/fleetdm/fleet/issues/9459 |
||
Mike Thomas
|
d3c4b16348
|
website-release-post-cta (#10177)
I'm not sure what the official word is on these new CTAs while I've been away, but I've added Fleet Premium and Fleet MDM CTAs to the 4.28 release post. <img width="726" alt="image" src="https://user-images.githubusercontent.com/78363703/221949267-bfc66e22-9f17-4ee1-a11f-0df93f0ba441.png"> <img width="750" alt="image" src="https://user-images.githubusercontent.com/78363703/221949194-ff971a65-e326-4395-8dd4-362a5fb12234.png"> --------- Co-authored-by: Eric <eashaw@sailsjs.com> |
||
|
RachelElysia
|
7408a0df90
|
Fleet UI: Show query button added to policy results page (#10164) | ||
|
Martin Angers
|
e3ddb5f3ce
|
Support matching a host in orbit enrollment using the serial number (#9612) | ||
|
dependabot[bot]
|
9addac9f8e
|
Bump golang.org/x/net from 0.0.0-20220225172249-27dd8689420f to 0.7.0 in /infrastructure/sandbox/PreProvisioner/lambda (#10173)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220225172249-27dd8689420f to 0.7.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/golang/net/commits/v0.7.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fleetdm/fleet/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Zach Wasserman
|
dfba1d2511
|
Update codecov action (#10124) | ||
|
dependabot[bot]
|
8dc9c15bc6
|
Bump golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 in /infrastructure/sandbox/JITProvisioner/lambda (#10154)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220722155237-a158d28d115b to 0.7.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/golang/net/commits/v0.7.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fleetdm/fleet/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
85a665aa6b
|
Bump golang.org/x/net from 0.5.0 to 0.7.0 (#9941)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.7.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Reed Haynes
|
46ab8bfb0d
|
Update README.md (#10165)
Update reproduced orphans link with current team labels. |
||
|
Zach Wasserman
|
8f083f8d4c
|
Move JS deps to devDependencies (#10155)
Many of these dependencies are only used in development. |
