Commit Graph

14 Commits

Author SHA1 Message Date
dependabot[bot]
5a426c86b0
Bump golang from 1.20.3-alpine to 1.20.5-alpine (#12206)
Bumps golang from 1.20.3-alpine to 1.20.5-alpine.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-23 12:31:37 -07:00
dependabot[bot]
0198b24037
Bump golang from 1.20.1-alpine to 1.20.3-alpine (#10961)
Bumps golang from 1.20.1-alpine to 1.20.3-alpine.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.20.1-alpine&new-version=1.20.3-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 11:59:47 -04:00
StepSecurity Bot
fb152b9114
Pin image SHA in Dockerfiles (#10205)
## Summary

This pull request is created by [Secure
Repo](https://app.stepsecurity.io/securerepo) at the request of @zwass.
Please merge the Pull Request to incorporate the requested changes.
Please tag @zwass on your message if you have any questions related to
the PR. You can also engage with the
[StepSecurity](https://github.com/step-security) team by tagging
@step-security-bot.

## Security Fixes

### Secure Dockerfiles

Pin image tags to digests in Dockerfiles. With the Docker v2 API
release, it became possible to use digests in place of tags when pulling
images or to use them in FROM lines in Dockerfiles.

- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)


## Feedback
For bug reports, feature requests, and general feedback; please create
an issue in
[step-security/secure-repo](https://github.com/step-security/secure-repo).
To create such PRs, please visit https://app.stepsecurity.io/securerepo.


Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2023-03-01 11:37:00 -08:00
dependabot[bot]
318a12a5fa
Bump golang from 1.19.5-alpine to 1.20.1-alpine (#10099)
Bumps golang from 1.19.5-alpine to 1.20.1-alpine.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.19.5-alpine&new-version=1.20.1-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 18:16:21 -08:00
dependabot[bot]
6a0bd26076
Bump golang from 1.19.2-bullseye to 1.19.5-bullseye (#9282)
Bumps golang from 1.19.2-bullseye to 1.19.5-bullseye.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.19.2-bullseye&new-version=1.19.5-bullseye)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-13 17:09:14 -08:00
Andrew Baker
ff969e8ddc
Drew bakerfdm remove email mentions (#8641)
* Remove email address for redudancy

Call to actions at the bottom of the page offer better forms of communication to join the community, trial Fleet, or ask questions.

* Remove email mention

* Remove email mention

* Remove email mention
2022-11-10 11:59:08 -05:00
dependabot[bot]
ddc47b3096
Bump golang from 1.19.1-bullseye to 1.19.2-bullseye (#8091)
Bumps golang from 1.19.1-bullseye to 1.19.2-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-10 18:45:01 -03:00
Tomas Touceda
8457e55b53
Bump go to 1.19.1 (#7690)
* Bump go to 1.19.1

* Bump remaining go-version to the 1.19.1

* Add extra paths for test-go

* Oops, putting the right path in the right place

* gofmt file

* gofmt ALL THE THINGS

* Moar changes

* Actually, go.mod doesn't like minor versions
2022-09-12 20:32:43 -03:00
dependabot[bot]
6f0e0873ca
Bump golang from 1.18.4-bullseye to 1.19.0-bullseye (#7039)
* Bump golang from 1.18.4-bullseye to 1.19.0-bullseye

Bumps golang from 1.18.4-bullseye to 1.19.0-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update other golang deps as well

* Update missing go mods

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2022-08-10 17:00:01 -03:00
dependabot[bot]
541432eb7f
Bump golang from 1.18.3-bullseye to 1.18.4-bullseye (#6647)
Bumps golang from 1.18.3-bullseye to 1.18.4-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-14 08:04:49 -03:00
dependabot[bot]
8fe63d1260
Bump golang from 1.17.8-bullseye to 1.18.3-bullseye (#6062)
Bumps golang from 1.17.8-bullseye to 1.18.3-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-14 08:44:18 -07:00
Roberto Dip
f507cdc078
use the new device client in Fleet Desktop (#5988)
This uses the new device client introduced in #5987 to perform requests from Fleet Desktop.

Related to #5697
2022-06-02 12:37:26 -03:00
Lucas Manuel Rodriguez
7839716b8d
Prepare TUF scripts for CI and support different dev setups (#5616)
* Prepare TUF scripts for CI and support different dev setups

* Allow only generating selected platforms for pkgs

* Force linux/amd64 on Dockerfile to support M1
2022-05-11 17:00:18 -03:00
Lucas Manuel Rodriguez
b6bbbbe186
Add (beta) support for Fleet Desktop to linux (#5221)
* Add (beta) support for Fleet Desktop to linux

* Add dependency for linux desktop

* Amend makefile uname check

* Clarify env vars used for linux in execuser

* Add final set of fixes

* Remove -it from docker run

* Add desktop to the update runner for Linux

* Re-arrange tag.gz and fix upgrade check for linux desktop
2022-05-04 11:14:12 -03:00