Jacob Shandling
55fe65e062
Update aggregate profiles api ( #10274 )
...
* Change order of returned json fields
* Change field "failed" to "failing"
- [x] Manual QA
- [x] Updated docs
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2023-03-03 15:35:47 -08:00
Artemis Tosini
07a045301b
Add macOS CIS 2.6.7 (Administrator password for preferences) ( #10259 )
...
This adds a test for if passwords are required are required to access
some system-wide preferences on macOS. It's marked as "Manual" in the
CIS pdf but I wasn't sure how to copy that into here.
2023-03-03 15:41:51 -05:00
Benjamin Edwards
dc210d594b
missed config translation ( #10294 )
...
missed setting the new rotation configs when wiring up all the
dependencies in fleet serve
2023-03-03 15:28:58 -05:00
Sharon Katz
cf18f1f79f
CIS_MAC13_5.2.5 ( #10251 )
2023-03-03 15:14:00 -05:00
Sharon Katz
2295575fdb
CIS_MAC13_2.8.1 ( #10192 )
2023-03-03 15:12:23 -05:00
Marcos Oviedo
a2e8a787c9
Pushing CIS policies check for 2.2.8 to 2.2.39 ( #10283 )
...
This relates to #9848
2023-03-03 17:05:07 -03:00
Marcos Oviedo
aafc59bd7e
CIS policies for 2.3.14.x-2.3.15.x ( #10211 )
...
This relates to #9923
2023-03-03 16:56:11 -03:00
Marcos Oviedo
83fb9d312c
CIS policies for 2.3.11.x ( #10167 )
...
This relates to #9851
2023-03-03 16:42:22 -03:00
Sharon Katz
0867679eeb
CIS_MAC13_6.3.2 ( #10258 )
2023-03-03 14:15:03 -05:00
Lucas Manuel Rodriguez
e0cbc3aad7
Add automation for win-10 cis policies and fix yaml ( #10289 )
2023-03-03 16:11:04 -03:00
Sharon Katz
1741c4ddd3
CIS_MAC13_5.2.3_5.2.4 ( #10248 )
2023-03-03 14:06:15 -05:00
gillespi314
deb5bea3ff
Escape SCEP challenge for MDM enrollment profile XML ( #10261 )
2023-03-03 12:59:21 -06:00
Zachary Winnerman
2933a7bdaa
Add ability to use sidecars ( #10287 )
...
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-03 13:50:48 -05:00
Marcos Oviedo
f7c1cc0c87
Pushing changes for cis2.3.8 to cis2.3.9 compliance checks ( #10115 )
...
This relates to #9851
2023-03-03 15:49:53 -03:00
RachelElysia
db9ed90b0c
CIS - WIN10 - 9.3.X policies ( #10253 )
2023-03-03 13:37:03 -05:00
gillespi314
21c6733c1b
Release schedule lock when triggered run spans schedule interval ( #10240 )
2023-03-03 12:14:10 -06:00
RachelElysia
82e81a7b06
CIS - WIN10 - 9.2.X policies ( #10254 )
2023-03-03 13:13:09 -05:00
RachelElysia
0b4ae4f621
CIS - WIN10 - 18.X.X policies ( #10286 )
2023-03-03 12:52:18 -05:00
JD
38a10d364c
Add link to Cyber Security Summit blog hero image ( #10285 )
2023-03-03 10:49:13 -05:00
Artemis Tosini
1dcced4554
Add Windows 10 CIS 2.3.6.x ( #10036 )
...
This adds CIS 2.3.6.x items from Windows 10 Enterprise. I tested all of
these on Windows Server 2019 as my Windows 10 machine hasn't arrived
yet, but they should be identical.
I originally thought this was not possible but I did not realize that
the GPO always seems to change the registry key and does not act as the
single source of truth, unlike profiles on macOS.
2023-03-03 10:47:10 -05:00
Benjamin Edwards
1fb1870ca7
add tier trial that behaves the same as premium ( #10157 )
2023-03-03 10:46:50 -05:00
Zach Wasserman
ca2e30e59c
Fix error writing coverage when running tests ( #10278 )
...
Intended to fix this error we are seeing in CI:
```
error generating coverage report: write |1: file already closed
```
It seems like perhaps a change in the way the test coverage is reported
in a recent Go version has interacted with the closing of stdout in
these tests.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Added/updated tests
2023-03-02 17:11:15 -08:00
Noah Talerman
1e9c928628
Issue templates: Update story ( #10277 )
...
- Add a reminder to specify any changes to permissions
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-02 17:37:17 -06:00
JD
14989b24af
Seattle Bellevue Cyber Security Summit Blogpost ( #10276 )
...
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Andrew Baker <89049099+DrewBakerfdm@users.noreply.github.com>
2023-03-02 17:24:33 -05:00
RachelElysia
6b2cebd4f1
CIS - WIN10 - 2.3.17.X ( #10275 )
2023-03-02 17:18:02 -05:00
dependabot[bot]
fdc55aabc4
Bump actions/cache from 3.0.8 to 3.2.6 ( #10268 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.8 to
3.2.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases ">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Updated branch in Force deletion of caches by <a
href="https://github.com/t-dedah "><code>@t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1108 ">actions/cache#1108</a></li>
<li>Fix zstd not being used after zstd version upgrade to 1.5.4 on
hosted runners by <a
href="https://github.com/pdotl "><code>@pdotl</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1118 ">actions/cache#1118</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.6 ">https://github.com/actions/cache/compare/v3...v3.2.6 </a></p>
<h2>v3.2.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Rewrite readmes by <a
href="https://github.com/jsoref "><code>@jsoref</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1085 ">actions/cache#1085</a></li>
<li>Fixed typos and formatting in docs by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1076 ">actions/cache#1076</a></li>
<li>Fixing paths for OSes by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1101 ">actions/cache#1101</a></li>
<li>Release patch version update by <a
href="https://github.com/Phantsure "><code>@Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1105 ">actions/cache#1105</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jsoref "><code>@jsoref</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1085 ">actions/cache#1085</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.5 ">https://github.com/actions/cache/compare/v3...v3.2.5 </a></p>
<h2>v3.2.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Update json5 package version by <a
href="https://github.com/vsvipul "><code>@vsvipul</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1065 ">actions/cache#1065</a></li>
<li>Cache recipes for cache, restore and save actions by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1055 ">actions/cache#1055</a></li>
<li>Add gnu tar and zstd as pre-requisites for windows self-hosted
runners by <a href="https://github.com/pdotl "><code>@pdotl</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1068 ">actions/cache#1068</a></li>
<li>Fix a whitespace typo by <a
href="https://github.com/kurtmckee "><code>@kurtmckee</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1074 ">actions/cache#1074</a></li>
<li>📝 <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1045 ">#1045</a>
update using the <code>set-output</code> command is deprecated by <a
href="https://github.com/siguikesse "><code>@siguikesse</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1046 ">actions/cache#1046</a></li>
<li>Fix referenced output key in save action readme by <a
href="https://github.com/ruudk "><code>@ruudk</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1061 ">actions/cache#1061</a></li>
<li>Update workflows to use reusable-workflows by <a
href="https://github.com/jongwooo "><code>@jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1066 ">actions/cache#1066</a></li>
<li>Introduce add-to-project step & rename workflow files by <a
href="https://github.com/pallavx "><code>@pallavx</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1077 ">actions/cache#1077</a></li>
<li>chore: Fix syntax error typo by <a
href="https://github.com/vHeemstra "><code>@vHeemstra</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1081 ">actions/cache#1081</a></li>
<li>Update caching-strategies.md by <a
href="https://github.com/kpfleming "><code>@kpfleming</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1084 ">actions/cache#1084</a></li>
<li>Added another usage hint to foresee <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1072 ">#1072</a>
by <a href="https://github.com/maybeec "><code>@maybeec</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1089 ">actions/cache#1089</a></li>
<li>Add <code>fail-on-cache-miss</code> option by <a
href="https://github.com/cdce8p "><code>@cdce8p</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1036 ">actions/cache#1036</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kurtmckee "><code>@kurtmckee</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1074 ">actions/cache#1074</a></li>
<li><a
href="https://github.com/siguikesse "><code>@siguikesse</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1046 ">actions/cache#1046</a></li>
<li><a href="https://github.com/ruudk "><code>@ruudk</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1061 ">actions/cache#1061</a></li>
<li><a href="https://github.com/pallavx "><code>@pallavx</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1077 ">actions/cache#1077</a></li>
<li><a href="https://github.com/vHeemstra "><code>@vHeemstra</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1081 ">actions/cache#1081</a></li>
<li><a href="https://github.com/kpfleming "><code>@kpfleming</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1084 ">actions/cache#1084</a></li>
<li><a href="https://github.com/maybeec "><code>@maybeec</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1089 ">actions/cache#1089</a></li>
<li><a href="https://github.com/cdce8p "><code>@cdce8p</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1036 ">actions/cache#1036</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.4 ">https://github.com/actions/cache/compare/v3...v3.2.4 </a></p>
<h2>v3.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Add Mint example by <a
href="https://github.com/uhooi "><code>@uhooi</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1051 ">actions/cache#1051</a></li>
<li>Fixed broken link by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1057 ">actions/cache#1057</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md ">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -> node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files > 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624 ">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689 ">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834 ">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809 ">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833 ">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810 ">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888 ">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891 ">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984 ">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="69d9d449achttps://github-redirect.dependabot.com/actions/cache/issues/1118 ">#1118</a>
from actions/pdotl/zstd-hotfix</li>
<li><a
href="8d3a1e02aab1db4b48977d4d6f7ffd8f7fa5d71595b455a0fb81b7281936https://github-redirect.dependabot.com/actions/cache/issues/1108 ">#1108</a>)</li>
<li><a
href="6998d139ddhttps://github-redirect.dependabot.com/actions/cache/issues/1105 ">#1105</a>)</li>
<li><a
href="2b8105bdaehttps://github-redirect.dependabot.com/actions/cache/issues/1101 ">#1101</a>)</li>
<li><a
href="e08330827dhttps://github-redirect.dependabot.com/actions/cache/issues/1076 ">#1076</a>)</li>
<li>Additional commits viewable in <a
href="fd5de65bc8...69d9d449achttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.8&new-version=3.2.6 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-02 13:51:13 -08:00
Noah Talerman
57f628e6e7
MDM docs: Add MDM server in Apple Business Manager ( #10236 )
...
- Add instructions for creating an MDM server in ABM
2023-03-02 14:02:06 -05:00
Mike McNeil
550865e363
Update open roles ( #10264 )
...
.
2023-03-02 12:55:44 -06:00
Luke Heath
b4c9fac47e
Add enrollment profile download to okta demo workflow ( #10256 )
2023-03-02 11:35:10 -06:00
Jacob Shandling
c17c7b2b57
UI: Add missing step to manual Turn on MDM modal ( #10232 )
...
<img width="752" alt="Screenshot 2023-03-01 at 3 04 49 PM"
src="https://user-images.githubusercontent.com/61553566/222286958-56cd0bac-0354-47ef-81c7-9ccd41626e2e.png ">
**Checklist for submitter**
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2023-03-02 09:15:55 -08:00
Zach Wasserman
f8f3a1e335
Update OSSF Scorecards action ( #10255 )
...
Based on the current recommended configuration from
https://github.com/ossf/scorecard-action#installation .
2023-03-02 09:14:42 -08:00
Zachary Winnerman
23a494e291
Remove unused code in dogfood ( #10249 )
...
```╷
│ Warning: Argument is deprecated
│
│ with aws_s3_bucket.osquery-results,
│ on firehose.tf line 7, in resource "aws_s3_bucket" "osquery-results":
│ 7: resource "aws_s3_bucket" "osquery-results" { #tfsec:ignore:aws-s3-encryption-customer-key:exp:2022-07-01 #tfsec:ignore:aws-s3-enable-versioning #tfsec:ignore:aws-s3-enable-bucket-logging:exp:2022-06-15
│
│ Use the aws_s3_bucket_lifecycle_configuration resource instead
│
│ (and 9 more similar warnings elsewhere)
╵
Success! The configuration is valid, but there were some validation warnings as shown above.
```
2023-03-02 11:02:59 -05:00
Sharon Katz
8c9d33f455
MAC CIS 13_2.1.1.2 ( #10161 )
2023-03-02 10:04:27 -05:00
Sharon Katz
a19d73511e
MAC CIS 13_2.1.1.1 ( #10120 )
2023-03-02 09:54:37 -05:00
Mike McNeil
b016c5546a
Maximum allowable adjustments to standard contract terms ( #10241 )
...
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-01 21:03:58 -06:00
Zach Wasserman
2ed2940683
Generate targets for osqueryd 5.8.1 ( #10245 )
2023-03-01 17:51:15 -08:00
Eric
4770a780b4
Website: Add /demo/okta-webflow ( #10238 )
...
Related to: https://github.com/fleetdm/fleet/issues/10210
Changes:
- Added `/experimental/okta-webflow`
- This page has a login form that accepts any input. When the login form
is submitted, the page shows the user a EULA.
- Updated policies, importer.less and routes
- Updated `layouts/layout-sandbox` to hide the website's header and
footer, and disable the Papercups chat widget when a variable named
`optimizeForAppleWebview` is set to `true`.
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
2023-03-01 19:08:47 -06:00
Eric
e7476c6a9d
Website: Remove /osquery-management from download-sitemap.js ( #10239 )
...
https://github.com/fleetdm/fleet/pull/10207#issuecomment-1451073086
Changes:
- Removed the `/osquery-management` landing page from
`download-sitemap.js`
2023-03-01 18:55:37 -06:00
gillespi314
615052a9ac
Create new API endpoint to provide aggregate status count of MDM profiles applying to hosts ( #10194 )
2023-03-01 18:36:59 -06:00
Mike Thomas
732780a259
created-osquery-management-landpage ( #10207 )
...
In this PR, I have:
- created an osquery management landing page for our upcoming ad
campaign.
~The WIP content is where we ended up after our review session.~
~For reference, the original content can be found on Figma:
https://www.figma.com/file/Jzo81K6E4jC0mcjD4JsWM8/%F0%9F%9A%A7-fleetdm.com-(scratchpad)?node-id=389%3A0~
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
2023-03-01 16:09:07 -08:00
Lucas Manuel Rodriguez
9864048ee9
Allow setting user roles during JIT provisioning ( #10193 )
...
#8411
PS: I've opened #10209 to solve the issue with Golang Code Coverage CI
checks.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-01 20:18:40 -03:00
Lucas Manuel Rodriguez
2c6bd879f8
Notify Go and Integration CI failures to new channel ( #10235 )
2023-03-01 20:14:07 -03:00
dependabot[bot]
eb1194a0b4
Bump loader-utils from 1.4.0 to 1.4.2 ( #10234 )
...
Bumps [loader-utils](https://github.com/webpack/loader-utils ) from 1.4.0
to 1.4.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/webpack/loader-utils/releases ">loader-utils's
releases</a>.</em></p>
<blockquote>
<h2>v1.4.2</h2>
<h3><a
href="https://github.com/webpack/loader-utils/compare/v1.4.1...v1.4.2 ">1.4.2</a>
(2022-11-11)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>ReDoS problem (<a
href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/226 ">#226</a>)
(<a
href="17cbf8fa89https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1 ">1.4.1</a>
(2022-11-07)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>security problem (<a
href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/220 ">#220</a>)
(<a
href="4504e34c47https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md ">loader-utils's
changelog</a>.</em></p>
<blockquote>
<h3><a
href="https://github.com/webpack/loader-utils/compare/v1.4.1...v1.4.2 ">1.4.2</a>
(2022-11-11)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>ReDoS problem (<a
href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/226 ">#226</a>)
(<a
href="17cbf8fa89https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1 ">1.4.1</a>
(2022-11-07)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>security problem (<a
href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/220 ">#220</a>)
(<a
href="4504e34c47331ad5067d17cbf8fa89https://github-redirect.dependabot.com/webpack/loader-utils/issues/226 ">#226</a>)</li>
<li><a
href="8f082b39f64504e34c47https://github-redirect.dependabot.com/webpack/loader-utils/issues/220 ">#220</a>)</li>
<li>See full diff in <a
href="https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.2 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-01 12:39:57 -08:00
dependabot[bot]
12751b853f
Bump json5 from 1.0.1 to 1.0.2 ( #10233 )
...
Bumps [json5](https://github.com/json5/json5 ) from 1.0.1 to 1.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/json5/json5/releases ">json5's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.2</h2>
<ul>
<li>Fix: Properties with the name <code>__proto__</code> are added to
objects and arrays. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/199 ">#199</a>)
This also fixes a prototype pollution vulnerability reported by Jonathan
Gregson! (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/295 ">#295</a>).
This has been backported to v1. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/298 ">#298</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/json5/json5/blob/main/CHANGELOG.md ">json5's
changelog</a>.</em></p>
<blockquote>
<h3>Unreleased [<a
href="https://github.com/json5/json5/tree/main ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.3...HEAD ">diff</a>]</h3>
<h3>v2.2.3 [<a
href="https://github.com/json5/json5/tree/v2.2.3 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.2...v2.2.3 ">diff</a>]</h3>
<ul>
<li>Fix: json5@2.2.3 is now the 'latest' release according to npm
instead of
v1.0.2. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/299 ">#299</a>)</li>
</ul>
<h3>v2.2.2 [<a
href="https://github.com/json5/json5/tree/v2.2.2 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.1...v2.2.2 ">diff</a>]</h3>
<ul>
<li>Fix: Properties with the name <code>__proto__</code> are added to
objects and arrays.
(<a
href="https://github-redirect.dependabot.com/json5/json5/issues/199 ">#199</a>)
This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/295 ">#295</a>).</li>
</ul>
<h3>v2.2.1 [<a
href="https://github.com/json5/json5/tree/v2.2.1 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.0...v2.2.1 ">diff</a>]</h3>
<ul>
<li>Fix: Removed dependence on minimist to patch CVE-2021-44906. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/266 ">#266</a>)</li>
</ul>
<h3>v2.2.0 [<a
href="https://github.com/json5/json5/tree/v2.2.0 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.3...v2.2.0 ">diff</a>]</h3>
<ul>
<li>New: Accurate and documented TypeScript declarations are now
included. There
is no need to install <code>@types/json5</code>. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/236 ">#236</a>,
<a
href="https://github-redirect.dependabot.com/json5/json5/issues/244 ">#244</a>)</li>
</ul>
<h3>v2.1.3 [<a
href="https://github.com/json5/json5/tree/v2.1.3 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.2...v2.1.3 ">diff</a>]</h3>
<ul>
<li>Fix: An out of memory bug when parsing numbers has been fixed. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/228 ">#228</a>,
<a
href="https://github-redirect.dependabot.com/json5/json5/issues/229 ">#229</a>)</li>
</ul>
<h3>v2.1.2 [<a
href="https://github.com/json5/json5/tree/v2.1.2 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.1...v2.1.2 ">diff</a>]</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a62db1e51ee0c23fe45862a6540840https://github.com/json5/json5/compare/v1.0.1...v1.0.2 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-01 12:39:29 -08:00
Zach Wasserman
515cdb918c
Replace import-glob-loader with node-sass-glob-importer ( #10171 )
...
import-glob-loader has a very old loader-utils dependency that triggers
security alerting. Hoping that replacing this will allow the
loader-utils version to be updated.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
2023-03-01 12:33:42 -08:00
Zach Wasserman
c136b3bdfa
Update Fleet library versions used in Sandbox ( #10230 )
2023-03-01 15:22:14 -05:00
JD
607a89b527
Clarification on NVD for MS Office in 4.28.0 Release Notes ( #10226 )
...
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-01 11:52:42 -08:00
dependabot[bot]
37c9097ac0
Bump github.com/open-policy-agent/opa from 0.42.0 to 0.43.1 in /infrastructure/sandbox/JITProvisioner/lambda ( #10225 )
...
Bumps
[github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa )
from 0.42.0 to 0.43.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-policy-agent/opa/releases ">github.com/open-policy-agent/opa's
releases</a>.</em></p>
<blockquote>
<h2>v0.43.1</h2>
<p>This is a security release fixing the following vulnerabilities:</p>
<ul>
<li>
<p>CVE-2022-36085: Respect unsafeBuiltinMap for 'with' replacements in
the compiler</p>
<p>See <a
href="https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr ">https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr </a>
for all details.</p>
</li>
<li>
<p>CVE-2022-27664 and CVE-2022-32190.</p>
<p>Fixed by updating the Go version used in our builds to 1.18.6,
see <a
href="https://groups.google.com/g/golang-announce/c/x49AQzIVX-s ">https://groups.google.com/g/golang-announce/c/x49AQzIVX-s </a>.
Note that CVE-2022-32190 is most likely not relevant for OPA's usage of
net/url.
But since these CVEs tend to come up in security assessment tooling
regardless,
it's better to get it out of the way.</p>
</li>
</ul>
<h2>v0.43.0</h2>
<p>This release contains a number of fixes, enhancements, and
performance improvements.</p>
<h3>Object Insertion Optimization</h3>
<p>Rego Object insertion operations did not scale linearly (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4625 ">#4625</a>)
in the past, and experienced noticeable reallocation/memory movement
overheads once the Object grew past 120k-150k keys in size.</p>
<p>This release introduces different handling of Object internals during
insert operations to avoid pathological reallocation behavior, and
allows linear performance scaling up into the 500k key range and
beyond.</p>
<h3>Tooling, SDK, and Runtime</h3>
<ul>
<li>Add lines covered/not covered counts to test coverage report
(authored by <a
href="https://github.com/FarisR99 "><code>@FarisR99</code></a>)</li>
<li>Plugins: Status and logs plugins now accept any HTTP 2xx status code
(authored by <a
href="https://github.com/lvisterin "><code>@lvisterin</code></a>)</li>
<li>Runtime: Generalize OS check for MacOS to other Unix-likes (authored
by <a href="https://github.com/iamleot "><code>@iamleot</code></a>)</li>
</ul>
<h4>Bundles Fixes</h4>
<p>The Bundles system received several bugfixes and performance
improvements in this release:</p>
<ul>
<li>Bundle: <code>opa bundle</code> command now supports
<code>.yml</code> files (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4859 ">#4859</a>)
authored by <a
href="https://github.com/Joffref "><code>@Joffref</code></a> reported by
<a
href="https://github.com/rdrgmnzsakt "><code>@rdrgmnzsakt</code></a></li>
<li>Plugins/Bundle: Use unique temporary files for persisting activated
bundles to disk (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4782 ">#4782</a>)
authored by <a
href="https://github.com/FredrikAppelros "><code>@FredrikAppelros</code></a>
reported by <a
href="https://github.com/FredrikAppelros "><code>@FredrikAppelros</code></a></li>
<li>Server: Old policy path is now checked for bundle ownership before
update (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4846 ">#4846</a>)</li>
<li>Storage+Bundle: Old bundle data is now cleaned before new bundle
activation (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4940 ">#4940</a>)</li>
<li>Bundle: Paths are now normalized before bundle root check occurs to
ensure checks are os-independent</li>
</ul>
<h4>Storage Fixes</h4>
<p>The Storage system received mostly bugfixes, with a notable
performance improvement for large bundles in this release:</p>
<ul>
<li>storage/inmem: Speed up bundle activation by avoiding unnecessary
read operations (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4898 ">#4898</a>)</li>
<li>storage/inmem: Paths are now created during truncate operations if
they did not exist before</li>
<li>storage/disk: Symlinks work with relative paths now (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4869 ">#4869</a>)</li>
</ul>
<h3>Rego and Topdown</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md ">github.com/open-policy-agent/opa's
changelog</a>.</em></p>
<blockquote>
<h2>0.43.1</h2>
<p>This is a security release fixing the following vulnerabilities:</p>
<ul>
<li>
<p>CVE-2022-36085: Respect unsafeBuiltinMap for 'with' replacements in
the compiler</p>
<p>See <a
href="https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr ">https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr </a>
for all details.</p>
</li>
<li>
<p>CVE-2022-27664 and CVE-2022-32190.</p>
<p>Fixed by updating the Go version used in our builds to 1.18.6,
see <a
href="https://groups.google.com/g/golang-announce/c/x49AQzIVX-s ">https://groups.google.com/g/golang-announce/c/x49AQzIVX-s </a>.
Note that CVE-2022-32190 is most likely not relevant for OPA's usage of
net/url.
But since these CVEs tend to come up in security assessment tooling
regardless,
it's better to get it out of the way.</p>
</li>
</ul>
<h2>0.43.0</h2>
<p>This release contains a number of fixes, enhancements, and
performance improvements.</p>
<h3>Object Insertion Optimization</h3>
<p>Rego Object insertion operations did not scale linearly (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4625 ">#4625</a>)
in the past, and experienced noticeable reallocation/memory movement
overheads once the Object grew past 120k-150k keys in size.</p>
<p>This release introduces different handling of Object internals during
insert
operations to avoid pathological reallocation behavior, and allows
linear
performance scaling up into the 500k key range and beyond.</p>
<h3>Tooling, SDK, and Runtime</h3>
<ul>
<li>Add lines covered/not covered counts to test coverage report
(authored by <a
href="https://github.com/FarisR99 "><code>@FarisR99</code></a>)</li>
<li>Plugins: Status and logs plugins now accept any HTTP 2xx status code
(authored by <a
href="https://github.com/lvisterin "><code>@lvisterin</code></a>)</li>
<li>Runtime: Generalize OS check for MacOS to other Unix-likes (authored
by <a href="https://github.com/iamleot "><code>@iamleot</code></a>)</li>
</ul>
<h4>Bundles Fixes</h4>
<p>The Bundles system received several bugfixes and performance
improvements in this release:</p>
<ul>
<li>Bundle: <code>opa bundle</code> command now supports
<code>.yml</code> files (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4859 ">#4859</a>)
authored by <a
href="https://github.com/Joffref "><code>@Joffref</code></a> reported by
<a
href="https://github.com/rdrgmnzsakt "><code>@rdrgmnzsakt</code></a></li>
<li>Plugins/Bundle: Use unique temporary files for persisting activated
bundles to disk (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4782 ">#4782</a>)
authored by <a
href="https://github.com/FredrikAppelros "><code>@FredrikAppelros</code></a>
reported by <a
href="https://github.com/FredrikAppelros "><code>@FredrikAppelros</code></a></li>
<li>Server: Old policy path is now checked for bundle ownership before
update (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4846 ">#4846</a>)</li>
<li>Storage+Bundle: Old bundle data is now cleaned before new bundle
activation (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4940 ">#4940</a>)</li>
<li>Bundle: Paths are now normalized before bundle root check occurs to
ensure checks are os-independent</li>
</ul>
<h4>Storage Fixes</h4>
<p>The Storage system received mostly bugfixes, with a notable
performance improvement for large bundles in this release:</p>
<ul>
<li>storage/inmem: Speed up bundle activation by avoiding unnecessary
read operations (<a
href="https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4898 ">#4898</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="196c92df8b3e8c754ed0b78756fa64d75bbdd0f9https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4949 ">#4949</a>)</li>
<li><a
href="a99e5a9aa6https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4947 ">#4947</a>)</li>
<li><a
href="8f63046fb9https://github-redirect.dependabot.com/open-policy-agent/opa/issues/4944 ">#4944</a>)</li>
<li><a
href="462d51850chttps://github-redirect.dependabot.com/open-policy-agent/opa/issues/4946 ">#4946</a>)</li>
<li><a
href="eff91f755chttps://github-redirect.dependabot.com/open-policy-agent/opa/issues/4941 ">#4941</a>)</li>
<li><a
href="1c1957c57bhttps://github-redirect.dependabot.com/open-policy-agent/opa/issues/4936 ">#4936</a>)</li>
<li><a
href="7f78653f9chttps://github-redirect.dependabot.com/open-policy-agent/opa/issues/4934 ">#4934</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-policy-agent/opa/compare/v0.42.0...v0.43.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-01 11:43:58 -08:00
dependabot[bot]
1a73517a7f
Bump github.com/russellhaering/goxmldsig from 1.1.0 to 1.1.1 in /infrastructure/sandbox/JITProvisioner/lambda ( #10224 )
...
Bumps
[github.com/russellhaering/goxmldsig](https://github.com/russellhaering/goxmldsig )
from 1.1.0 to 1.1.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dfbd95396a65601c817dfb23e0af61https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/71 ">#71</a>
from aporcupine/patch-1</li>
<li><a
href="ca2b448c7d3541f5e554https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/67 ">#67</a>
from santosh653/master</li>
<li><a
href="735e3c720cd6a59c7d76add80e26e10bf1c10130https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/61 ">#61</a>
from pboyd04/UseCanonicalizationFromSigInfo</li>
<li><a
href="d396ec6179https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/39 ">#39</a>
from aykevl/fixes</li>
<li>Additional commits viewable in <a
href="https://github.com/russellhaering/goxmldsig/compare/v1.1.0...v1.1.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-01 11:43:35 -08:00
dependabot[bot]
74e01c36ae
Bump github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.2 in /infrastructure/sandbox/PreProvisioner/lambda ( #10223 )
...
Bumps
[github.com/theupdateframework/go-tuf](https://github.com/theupdateframework/go-tuf )
from 0.3.0 to 0.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/theupdateframework/go-tuf/releases ">github.com/theupdateframework/go-tuf's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.2</h2>
<h2>Changelog</h2>
<h3>Bug fixes</h3>
<ul>
<li>b6695e4ba6d0b98beb851054c0f187df8d54a639: fix(verify): backport
"Fix a vulnerability in the verification of threshold si… (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/375 ">#375</a>)
(<a
href="https://github.com/znewman01 "><code>@znewman01</code></a>)</li>
</ul>
<h2>v0.3.1</h2>
<h2>Changelog</h2>
<h3>Features</h3>
<ul>
<li>4bf58eb096f99647e7fd30447396c7a57202982f: feat: add
<code>payload</code> and <code>add-signature</code> commands. (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/214 ">#214</a>)
(<a
href="https://github.com/znewman01 "><code>@znewman01</code></a>)</li>
<li>39c23cb5043ad2c0d873f7cc7191a7256f6a3cb6: feat: add workflow
responsible for notifying of new TUF spec release (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/287 ">#287</a>)
(<a
href="https://github.com/rdimitrov "><code>@rdimitrov</code></a>)</li>
<li>355e39cb2df220fc3961396a6d0e30bcf2c9ac12: feat: Implement TAP-12
support (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/310 ">#310</a>)
(<a
href="https://github.com/znewman01 "><code>@znewman01</code></a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>9a41055b8eee0fee60650c43037f35b919d72d7c: fix: check root metadata
verification before snapshotting (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/293 ">#293</a>)
(<a href="https://github.com/asraa "><code>@asraa</code></a>)</li>
<li>e3efe988f0371d41c83686204dc6ae23285bf33c: fix: verify length and
hashes of fetched bytes before parsing (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/325 ">#325</a>)
(<a href="https://github.com/joshuagl "><code>@joshuagl</code></a>)</li>
</ul>
<h3>Others</h3>
<ul>
<li>ea0f98a4e1b72d7486e4e86baf7fd9a3ec1fc844: chore(deps): bump
arnested/go-version-action from 1.0.67 to 1.0.69 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/288 ">#288</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>6722937104a3178b2b899c5ce1799de129ddb294: chore(deps): bump
golangci/golangci-lint-action from 2.5.2 to 3.2.0 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/289 ">#289</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>e2594e68bf2239a0b60c576c47b5ede7ac8c8fe4: chore(deps): bump
actions/setup-go from 3.0.0 to 3.1.0 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/290 ">#290</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>580db1958c1e16ee73d53055eb9793fde1110d8e: chore(deps): bump
goreleaser/goreleaser-action from 2.9.1 to 3 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/294 ">#294</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>5884dab97151c7fd314ee34ac71bf0cf6167e21c: chore(deps): bump
actions/setup-go from 3.1.0 to 3.2.0 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/295 ">#295</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>3b26aedfe985198bc88a9dda7525938c575ca046: chore(deps): bump
arnested/go-version-action from 1.0.69 to 1.0.70 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/297 ">#297</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>041e818016131ec500c78ed8eb20fed9a5668861: chore(deps): bump
github.com/secure-systems-lab/go-securesystemslib (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/298 ">#298</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>ad96eca0239ec2cc9b6e408fbe42b2f9e9d6b1dd: chore(deps): bump
github.com/stretchr/testify from 1.7.1 to 1.7.2 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/299 ">#299</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>36633af8d7a2162664a58f3fb1fe36a74e10428e: chore(deps): bump
arnested/go-version-action from 1.0.70 to 1.1.0 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/300 ">#300</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>e24b175b00960136ecacb8111d9887d15ce47c6d: chore(deps): bump
actions/setup-python from 3.1.2 to 4 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/311 ">#311</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>1684c680105f90a054f04e05b0f8ac540c4ef885: docs: Update
CONTRIBUTING.md, add MAINTAINERS.md (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/309 ">#309</a>)
(<a
href="https://github.com/znewman01 "><code>@znewman01</code></a>)</li>
<li>4139c85cd7632c659bf00f4b2810c37eb8d71a2c: chore(deps): bump
arnested/go-version-action from 1.1.0 to 1.1.3 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/316 ">#316</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>36a29309b2531255fc7d374c4055dcfab0fd04e8: build: update go version
to 1.18 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/314 ">#314</a>)
(<a href="https://github.com/asraa "><code>@asraa</code></a>)</li>
<li>ae904d2bb977a54e6a5527513c4d398c8d9cc285: docs: Add DCO instructions
(<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/319 ">#319</a>)
(<a
href="https://github.com/znewman01 "><code>@znewman01</code></a>)</li>
<li>81cd9b36a8023d6e943f0f3cacfe664603fa3177: chore(deps): bump Python
from 3.6 to 3.10 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/318 ">#318</a>)
(<a
href="https://github.com/rdimitrov "><code>@rdimitrov</code></a>)</li>
<li>986a4c5a492be020d0ab16a5ea13b9963bf7af1f: chore(deps): bump requests
from 2.27.1 to 2.28.0 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/317 ">#317</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>439ce47c43c772ad225101494db8307e97f869c3: chore(deps): bump
github.com/stretchr/testify from 1.7.2 to 1.7.4 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/324 ">#324</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>3bb077e8c246429db8acafc78761de71cc4d6b62: chore(deps): bump requests
from 2.28.0 to 2.28.1 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/332 ">#332</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>eed9e6c4d8eac821593800fd053d8cca5ee56137: chore(deps): bump
github.com/stretchr/testify from 1.7.4 to 1.8.0 (<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/331 ">#331</a>)
(<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li>0d40b25637fa35e4e546a0bafebaa7ee4591e172: test: fix flakey util test
(<a
href="https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/333 ">#333</a>)
(<a href="https://github.com/asraa "><code>@asraa</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b6695e4ba60d40b25637https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/333 ">#333</a>)</li>
<li><a
href="eed9e6c4d8https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/331 ">#331</a>)</li>
<li><a
href="3bb077e8c2https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/332 ">#332</a>)</li>
<li><a
href="e3efe988f0https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/325 ">#325</a>)</li>
<li><a
href="439ce47c43https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/324 ">#324</a>)</li>
<li><a
href="986a4c5a49https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/317 ">#317</a>)</li>
<li><a
href="81cd9b36a8https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/318 ">#318</a>)</li>
<li><a
href="355e39cb2dhttps://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/310 ">#310</a>)</li>
<li><a
href="ae904d2bb9https://github-redirect.dependabot.com/theupdateframework/go-tuf/issues/319 ">#319</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/theupdateframework/go-tuf/compare/v0.3.0...v0.3.2 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-01 11:42:48 -08:00
