Commit Graph

11136 Commits

Author SHA1 Message Date
Gabriel Hernandez
bb63da41b7
add ddm activities to the UI (#17864)
relates to #17409

adds the ddm activities to the UI.

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
- [x] Manual QA for all new/changed functionality
2024-03-26 17:54:23 +00:00
Roberto Dip
f0ad942a57
implement status reports for DDM commands (#17831)
for #17408
2024-03-26 10:40:35 -03:00
Roberto Dip
44727ace3b
fix issues with ddm CLI (#17826)
for #17404. I couldn't find tests for this portion of the code, so full
tests for this section will need to be added during freeze.
2024-03-25 17:36:26 -03:00
Roberto Dip
95df7e2b0b
implement DDM cron and protocol bits (#17791)
for #17399
2024-03-25 17:32:27 -03:00
Gabriel Hernandez
d3c843801e
update UI to add support for mac ddm profiles (#17730)
relates to #17416

update UI to support new DDM profile types. this includes:

- updating Custom settings page
- updating the os settings modal  

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2024-03-25 19:15:33 +00:00
Gabriel Hernandez
577d5c27ea Merge branch 'main' into feat-macos-ddm 2024-03-25 11:11:40 +00:00
Sam Pfluger
04d4cbd647
Add "Archive a document" responsibility (#17824) 2024-03-23 15:39:46 -05:00
Eric
6145877c49
Website: Update logo carousel animation (#17820)
Closes: #17823

Changes:
- Updated the animation of the logo carousel on the homepage.
2024-03-23 11:56:27 -05:00
Eric
776ea4d7fd
Website: Update order of columns on osquery schema table pages. (#17818)
Related to: #17727
Changes:
- Updated the `build-static-content` script to sort the columns of
tables alphabetically by the name of the column when the pages for
fleetdm.com/tables are generated.
2024-03-22 19:36:06 -05:00
Eric
6ae3880704
Website: Update build script to exclude folders with an underscore prefix & rename docs/Deploy/kubernetes/ (#17817)
Closes: #17582

Changes:
- Updated the `build-static-content` script to not generate HTML pages
for files in subfolders that are prefixed with an underscore
- Renamed the `docs/Deploy/kubernetes` folder »
`docs/Deploy/_kubernetes`
- Documented this new behavior on the communications page of the
handbook.
- Updated commands on the Deploy Fleet on Kubernetes page.

---------

Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
2024-03-22 18:15:01 -05:00
StepSecurity Bot
80335d88d1
[StepSecurity] Apply security best practices (#17811) 2024-03-22 16:19:11 -05:00
Luke Heath
6ebc308eb4
[StepSecurity] ci: Harden GitHub Actions (#17780) 2024-03-22 15:32:23 -05:00
Luke Heath
b6ab842db2
Add EMs to engineering workflows codeowners (#17808) 2024-03-22 15:32:09 -05:00
RachelElysia
d5df23964b
Fleet UI: Clickable elements include cursor hover state (#17688) 2024-03-22 15:26:09 -04:00
RachelElysia
644dddce4f
[released bug] Fleet UI: standard query library platforms render prop… (#17712) 2024-03-22 15:12:19 -04:00
Luke Heath
b5a81f93d9
Add myself as codeowner to all engineering workflows (#17800) 2024-03-22 12:29:07 -05:00
Eric
413107b93a
Vuln dashboard: Update Okta SSO hook (#17773)
Closes: #17772
More context:
https://github.com/fleetdm/fleet/pull/17601#issuecomment-2013383611

Changes: 
- Updated the order of the vulnerability dashboard's HTTP middleware if
Okta SSO is enabled.
2024-03-22 12:01:15 -05:00
Eric
0d8b51a5b3
Website: Remove /upgrade page. (#17754)
Closes: #17477

Changes:
 - Removed the /upgrade page
 - Added a redirect: `/upgrade` » `/pricing`
2024-03-22 11:54:23 -05:00
Noah Talerman
6b28474362
Update product design handbook (#17790)
- Only notify channel if there are changes. Why? Less noise
2024-03-22 11:51:03 -05:00
Nathanael Holliday
2fe01741df
Update security-policies.md (#17648)
Replaced zwass with JoStableford and updated effective dates for the new
DRIs
2024-03-22 11:49:35 -05:00
Sarah Gillespie
60ba78fc9d
Additional backend support for DDM profiles (#17775) 2024-03-22 10:37:43 -05:00
Sam Pfluger
4246d25914
Update custom.js (#17795) 2024-03-22 10:32:18 -05:00
Marko Lisica
a71e4c7d92
Typo: "removing" /past from host's activities API (#16871)
Typo: "removing" /past from host's activities API

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-03-22 11:42:11 +01:00
Noah Talerman
3c33e83085
Update standard-query-library.yml (#17782)
- Policy's fail when they return no results
2024-03-21 18:48:56 -04:00
Noah Talerman
7ae21d2fda
Update macos-device-health.policies.yml (#17785)
- Add 1Password recovery kit policy
2024-03-21 18:38:05 -04:00
Eric
92771a629e
Website: Update build-static-content script to ignore pages in the docs/contributing/ folder. (#17706)
Closes: #17667

Changes:
- Updated `build-static-content` to skip pages in the docs/contributing
folder when Markdown pages are converted to HTML partials.
2024-03-21 17:26:35 -05:00
Eric
a9b5619d1c
Website: Update number of hosts input on /contact page (#17784)
Closes: https://github.com/fleetdm/confidential/issues/5826

Changes:
- Added a minimum to the number of hosts input on the /contact page
2024-03-21 17:16:22 -05:00
Noah Talerman
ceddd26a73
Update macos-device-health.policies.yml (#17783)
- Fix guest account and password policies
2024-03-21 17:57:21 -04:00
Eric
1d8e208c32
Vulnerability dashboard: Add a way to start a local vulnerability dashboard with Docker (#17676)
Related to: https://github.com/fleetdm/confidential/issues/5637

Changes:
- Added a way to start a vulnerability dashboard with Docker.
- Updated the folder readme to include instructions for starting the
vulnerability dashboard with docker
2024-03-21 16:31:20 -05:00
Eric
4aa854b9d4
Website: Update footer height. (#17781)
Closes: #17778

Changes:
- Updated the styles for pages with reduced footer links
2024-03-21 16:24:09 -05:00
Luke Heath
38ea8db7cd
Set GitHub workflow DRIs (#17777) 2024-03-21 16:04:53 -05:00
dependabot[bot]
424d7e576a
Bump webpack-dev-middleware from 6.1.1 to 6.1.2 (#17776) 2024-03-21 16:02:13 -05:00
StepSecurity Bot
8ae24ac4a9
[StepSecurity] ci: Harden GitHub Actions (#17767)
## Summary

This pull request is created by
[StepSecurity](https://app.stepsecurity.io/securerepo) at the request of
@lukeheath. Please merge the Pull Request to incorporate the requested
changes. Please tag @lukeheath on your message if you have any questions
related to the PR.
## Security Fixes

### Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make
authenticated calls to the GitHub API. GitHub recommends setting minimum
token permissions for the GITHUB_TOKEN.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions)
### Pinned Dependencies

GitHub Action tags and Docker tags are mutable. This poses a security
risk. GitHub's Security Hardening guide recommends pinning actions to
full length commit.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)


## Feedback
For bug reports, feature requests, and general feedback; please email
support@stepsecurity.io. To create such PRs, please visit
https://app.stepsecurity.io/securerepo.


Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-21 15:56:42 -05:00
Nathanael Holliday
43432f0835
Adding vendor process to handbook (#17554)
For reference: https://github.com/fleetdm/confidential/issues/5719

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

---------

Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
2024-03-21 15:56:12 -05:00
Rachael Shaw
44c3ba83e5
Reduce CIS benchmark documentation page contents (#17108)
+ Move specific CIS benchmark details into READMEs
+ Reduce content in Using Fleet > CIS Benchmarks

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2024-03-21 15:03:14 -05:00
Noah Talerman
1bb81c9e10
Update rest-api.md (#17686)
- Remove note about fleetd 
- Update note about MDM being turned on
2024-03-21 15:44:23 -04:00
George Karr
f287d23cf7
Adding a script to automate patch / minor releases (#17198)
This script was used to generate 4.45.1 and 4.46.0.

Workflow is tag issues with correct milestone, run `./patch_release.sh`
(with -m for release with more than bugfixes)

---------

Co-authored-by: George Karr <gkarr@xerithas-mac.local>
2024-03-21 14:30:39 -05:00
Sam Pfluger
9a91dad2a4
Added writing principles (#17392) 2024-03-21 14:16:54 -05:00
Dante Catalfamo
bd3e775e67
Windows MDM Fix Manual Detection (#17721)
#15565 

Replace the use of the isFederated registry key with a keys that check
for AAD (Azure Active Directory, now Entra ID)

Federated enrollment (`isFederated`) seems to be when windows uses a
Discovery MDM endpoint to get its policy and management endpoint
configuration. This is always the case when a client is enrolled with
fleet, so installations always show up as automatic.

It's being replaced by a different key, `AADResourceID`, which appears
to identify the resource that controls the automated deployment. In my
tests it only appears to be populated when the computer is enrolled
through automated deployments. This key appears on both Windows 10 and
11.

There is a similar key, `AADTenantID`, which appears to identify the
client (tenant) to the Azure cloud. I haven't seen this ID in our
systems, so it is likely exclusively used in Azure. Both this key and
`AADResourceID` seem to always be set at the same time, so we only
check for the `AADResourceID`.

I've also added documentation on the registry keys I've analyzed for future reference.
2024-03-21 15:09:05 -04:00
Jacob Thorne
8ed8f3daa7
Fix Incorrect Helm Chart Keys in MySQL Installation Documentation (#17160)
This PR addresses an issue in the documentation for installing the MySQL
chart using Helm. Previously, the documentation provided a Helm install
command that incorrectly referenced mysqlUser and mysqlDatabase.
However, these keys don't exist in the chart's values.yaml file anymore.
2024-03-21 13:59:45 -05:00
Katheryn Satterlee
f018f68e46
Update script execution documentation (#17147)
Removed reference to **Scripts** tab and added instructions for
accessing the **Run Script** modal from the host detail page.

# Checklist for submitter

Docs-only change

---------

Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-03-21 13:50:18 -05:00
dependabot[bot]
27a59ed37c
Bump grunt from 1.0.4 to 1.5.3 in /ee/vulnerability-dashboard (#17600)
Bumps [grunt](https://github.com/gruntjs/grunt) from 1.0.4 to 1.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gruntjs/grunt/releases">grunt's
releases</a>.</em></p>
<blockquote>
<h2>v1.5.3</h2>
<ul>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1745">#1745</a>
from gruntjs/fix-copy-op 572d79b</li>
<li>Patch up race condition in symlink copying.  58016ff</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1746">#1746</a>
from JamieSlome/patch-1 0749e1d</li>
<li>Create SECURITY.md  69b7c50</li>
</ul>
<p><a
href="https://github.com/gruntjs/grunt/compare/v1.5.2...v1.5.3">https://github.com/gruntjs/grunt/compare/v1.5.2...v1.5.3</a></p>
<h2>v1.5.2</h2>
<ul>
<li>Update Changelog  7f15fd5</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1743">#1743</a>
from gruntjs/cleanup-link b0ec6e1</li>
<li>Clean up link handling  433f91b</li>
</ul>
<p><a
href="https://github.com/gruntjs/grunt/compare/v1.5.1...v1.5.2">https://github.com/gruntjs/grunt/compare/v1.5.1...v1.5.2</a></p>
<h2>v1.5.1</h2>
<ul>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1742">#1742</a>
from gruntjs/update-symlink-test ad22608</li>
<li>Fix symlink test  0652305</li>
</ul>
<p><a
href="https://github.com/gruntjs/grunt/compare/v1.5.0...v1.5.1">https://github.com/gruntjs/grunt/compare/v1.5.0...v1.5.1</a></p>
<h2>v1.5.0</h2>
<ul>
<li>Updated changelog  b2b2c2b</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1740">#1740</a>
from gruntjs/update-deps-22-10 3eda6ae</li>
<li>Update testing matrix  47d32de</li>
<li>More updates  2e9161c</li>
<li>Remove console log  04b960e</li>
<li>Update dependencies, tests...  aad3d45</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1736">#1736</a>
from justlep/main fdc7056</li>
<li>support .cjs extension  e35fe54</li>
</ul>
<p><a
href="https://github.com/gruntjs/grunt/compare/v1.4.1...v1.5.0">https://github.com/gruntjs/grunt/compare/v1.4.1...v1.5.0</a></p>
<h2>v1.4.1</h2>
<ul>
<li>Update Changelog  e7625e5</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1731">#1731</a>
from gruntjs/update-options 5d67e34</li>
<li>Fix ci install  d13bf88</li>
<li>Switch to Actions  08896ae</li>
<li>Update grunt-known-options  eee0673</li>
<li>Add note about a breaking change  1b6e288</li>
</ul>
<p><a
href="https://github.com/gruntjs/grunt/compare/v1.4.0...v1.4.1">https://github.com/gruntjs/grunt/compare/v1.4.0...v1.4.1</a></p>
<h2>v1.4.0</h2>
<ul>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1728">#1728</a>
from gruntjs/update-deps-changelog 63b2e89</li>
<li>Update changelog and util dep  106ed17</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1727">#1727</a>
from gruntjs/update-deps-apr 49de70b</li>
<li>Update CLI and nodeunit  47cf8b6</li>
<li>Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1722">#1722</a>
from gruntjs/update-through e86db1c</li>
<li>Update deps  4952368</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/gruntjs/grunt/blob/main/CHANGELOG">grunt's
changelog</a>.</em></p>
<blockquote>
<p>v1.5.3
date: 2022-04-23
changes:
- Patch up race condition in symlink copying.
v1.5.2
date: 2022-04-12
changes:
- Unlink symlinks when copy destination is a symlink.
v1.5.1
date: 2022-04-11
changes:
- Fixed symlink destination handling.
v1.5.0
date: 2022-04-10
changes:
- Updated dependencies.
- Add symlink handling for copying files.
v1.4.1
date: 2021-05-24
changes:
- Fix --preload option to be a known option
- Switch to GitHub Actions
v1.4.0
date: 2021-04-21
changes:
- Security fixes in production and dev dependencies
- Liftup/Liftoff upgrade breaking change. Update your scripts to use
--preload instead of --require. Ref: <a
href="e7a969d670</a>.
v1.3.0
date: 2020-08-18
changes:
- Switch to use <code>safeLoad</code> for loading YML files via
<code>file.readYAML</code>.
- Upgrade legacy-log to ~3.0.0.
- Upgrade legacy-util to ~2.0.0.
v1.2.1
date: 2020-07-07
changes:
- Remove path-is-absolute dependency.
(PR: <a
href="https://redirect.github.com/gruntjs/grunt/pull/1715">gruntjs/grunt#1715</a>)
v1.2.0
date: 2020-07-03
changes:
- Allow usage of grunt plugins that are located in any location that
is visible to Node.js and NPM, instead of node_modules directly
inside package that have a dev dependency to these plugins.
(PR: <a
href="https://redirect.github.com/gruntjs/grunt/pull/1677">gruntjs/grunt#1677</a>)
- Removed coffeescript from dependencies. To ease transition, if
coffeescript is still around, Grunt will attempt to load it.
If it is not, and the user loads a CoffeeScript file,
Grunt will print a useful error indicating that the
coffeescript package should be installed as a dev dependency.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="82d79b8037"><code>82d79b8</code></a>
1.5.3</li>
<li><a
href="572d79b087"><code>572d79b</code></a>
Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1745">#1745</a>
from gruntjs/fix-copy-op</li>
<li><a
href="58016ffac5"><code>58016ff</code></a>
Patch up race condition in symlink copying.</li>
<li><a
href="0749e1da0d"><code>0749e1d</code></a>
Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1746">#1746</a>
from JamieSlome/patch-1</li>
<li><a
href="69b7c506cb"><code>69b7c50</code></a>
Create SECURITY.md</li>
<li><a
href="ac667b24ca"><code>ac667b2</code></a>
1.5.2</li>
<li><a
href="7f15fd5ad9"><code>7f15fd5</code></a>
Update Changelog</li>
<li><a
href="b0ec6e1242"><code>b0ec6e1</code></a>
Merge pull request <a
href="https://redirect.github.com/gruntjs/grunt/issues/1743">#1743</a>
from gruntjs/cleanup-link</li>
<li><a
href="433f91b78d"><code>433f91b</code></a>
Clean up link handling</li>
<li><a
href="d5969eccf2"><code>d5969ec</code></a>
1.5.1</li>
<li>Additional commits viewable in <a
href="https://github.com/gruntjs/grunt/compare/v1.0.4...v1.5.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=grunt&package-manager=npm_and_yarn&previous-version=1.0.4&new-version=1.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 13:41:49 -05:00
Roberto Dip
85209ae758
document permissions changes for Puppet gitops (#17367)
#15337

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-03-21 13:38:06 -05:00
Noah Talerman
4a0c62613f
API design: See macOS hosts that failed DEP profile assignment (#15461) (#16166)
API changes for the "See macOS hosts that failed DEP profile assignment"
(#15461) story
2024-03-21 13:33:35 -05:00
Marko Lisica
14786afe20
API design: Increase character limit for saved scripts (#16699)
API design for:
#16668

---------

Co-authored-by: Rachael Shaw <r@rachael.wtf>
2024-03-21 13:30:48 -05:00
dependabot[bot]
94da1ec032
Bump @okta/oidc-middleware from 4.0.1 to 5.0.0 in /ee/vulnerability-dashboard (#17601)
Bumps
[@okta/oidc-middleware](https://github.com/okta/okta-oidc-middleware)
from 4.0.1 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/okta/okta-oidc-middleware/releases"><code>@​okta/oidc-middleware</code>'s
releases</a>.</em></p>
<blockquote>
<h2>5.0.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/54">#54</a>
Requires Node &gt;= 12.19.0. Update production dependencies:
<ul>
<li><code>openid-client@5.1.9</code> (was 3.12.2)</li>
</ul>
</li>
</ul>
<h1>4.5.1</h1>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/43">#43</a>
fix: correctly preprends <code>appBaseUrl</code> to redirect url when
<code>appBaseUrl</code> contains a base path</li>
</ul>
<h2>4.5.0</h2>
<h3>Features</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/40">#40</a>
Allows passing <code>loginHint</code> to
<code>ensureAuthenticated</code></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/42">#42</a>
Fixes <code>appBaseUrl</code> option not prepending to login redirect
url</li>
</ul>
<h2>4.4.0</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/34">#34</a>
Fixes Org AS login issue</li>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/3">#3</a>
Call <code>res.redirect()</code> after custom
<code>routes.loginCallback.handler</code></li>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/37">#37</a>
fix: <code>.logout</code> no longer throws error without valid
credentials</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/okta/okta-oidc-middleware/blob/master/CHANGELOG.md"><code>@​okta/oidc-middleware</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>5.0.0</h1>
<h3>Breaking Changes</h3>
<ul>
<li><a href="">#</a> Requires Node &gt;= 12.19.0. Update production
dependencies:
<ul>
<li><code>openid-client@5.1.9</code> (was 3.12.2)</li>
</ul>
</li>
</ul>
<h1>4.6</h1>
<p>-<a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/53">#53</a>
Fix: prevents open redirects</p>
<h1>4.5.1</h1>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/43">#43</a>
fix: correctly preprends <code>appBaseUrl</code> to redirect url when
<code>appBaseUrl</code> contains a base path</li>
</ul>
<h1>4.5.0</h1>
<h3>Features</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/40">#40</a>
Allows passing <code>loginHint</code> to
<code>ensureAuthenticated</code></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/42">#42</a>
Fixes <code>appBaseUrl</code> option not prepending to login redirect
url</li>
</ul>
<h1>4.4.0</h1>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/34">#34</a>
Fixes Org AS login issue</li>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/3">#3</a>
Call <code>res.redirect()</code> after custom
<code>routes.loginCallback.handler</code></li>
<li><a
href="https://redirect.github.com/okta/okta-oidc-middleware/pull/37">#37</a>
fix: <code>.logout</code> no longer throws error without valid
credentials</li>
</ul>
<h1>4.3.0</h1>
<h3>Other</h3>
<ul>
<li>Release after migrating from monorepo</li>
<li></li>
</ul>
<h1>4.2.0</h1>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/okta/okta-oidc-js/pull/1020">#1020</a>
Fixes issue with UUID returning null</li>
</ul>
<h1>4.1.0</h1>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="50c093bcbc"><code>50c093b</code></a>
chore(deps): upgrade vulnerable dependencies (<a
href="https://redirect.github.com/okta/okta-oidc-middleware/issues/54">#54</a>)</li>
<li><a
href="5d10b3ccdd"><code>5d10b3c</code></a>
Prevent open redirects (<a
href="https://redirect.github.com/okta/okta-oidc-middleware/issues/53">#53</a>)</li>
<li><a
href="fe24bfc12e"><code>fe24bfc</code></a>
chore: Update dependencies</li>
<li><a
href="ebafab4916"><code>ebafab4</code></a>
chore: dev dependency upgrades</li>
<li><a
href="113e1a3678"><code>113e1a3</code></a>
chore: updates github issue template</li>
<li><a
href="a9b6ad22cd"><code>a9b6ad2</code></a>
Merge remote-tracking branch 'origin/4.5' into sw-backport-4.5.1</li>
<li><a
href="8b0691cae6"><code>8b0691c</code></a>
fix: if appBaseUrl includes a base path</li>
<li><a
href="94852df9a8"><code>94852df</code></a>
Releng: Revving up to version(s) 4.6.0 for artifact(s) None</li>
<li><a
href="4e1414e6c6"><code>4e1414e</code></a>
fixes: 'appBaseUrl' option not prepended to login redirect url</li>
<li><a
href="9c5e3b0fdc"><code>9c5e3b0</code></a>
feat: allow passing <code>loginHint</code> option to
<code>ensureAuthenticated</code></li>
<li>Additional commits viewable in <a
href="https://github.com/okta/okta-oidc-middleware/compare/@okta/oidc-middleware@4.0.1...okta-oidc-middleware-5.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@okta/oidc-middleware&package-manager=npm_and_yarn&previous-version=4.0.1&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 12:17:16 -05:00
Eric
36dafbd969
Update vulnerability dashboard deploy action & update github maintainers in custom.js (#17602)
Changes:
- Updated the deploy-vulnerability-dashboard workflow to use the correct
variables for the Heroku steps.
- Added GitHub maintainers to `website/config/custom.js` for the GitHub
workflows related to the vulnerability dashboard.
2024-03-21 11:58:45 -05:00
Noah Talerman
452d6b8d0d
Set host expiry in dogfood back (#17763)
- Back to off
2024-03-21 12:30:00 -04:00
dependabot[bot]
1e6c974844
Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#17736) 2024-03-21 11:26:14 -05:00
Rachael Shaw
fb68278b1b
Set host expiry window to 0 to see what happens (#17762)
^ what it says
2024-03-21 11:25:40 -05:00