For #25590.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
For #25349
This updates storybook and its addons to 8.4.7. This is done to remove
the transitive dependency on path-to-regexp,
which is no longer used in this version of storybook.
This will fix the original vulnerability issue for `path-to-regexp`
relates to #23128
updates mock service worker package as it was using a version of
`path-to-regexp` that had a high security vulnerability. This updated
version of msw uses a newer version of the package that does not have
this vulnerability
I had to add the `jest-fixed-dom` package to update msw as well as
update our version of typescript to 4.7
From [the
changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md):
> "This release is identical to 18.2 but adds warnings for deprecated
APIs and other changes that are needed for React 19."
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## Addresses full stack for #18554
- Add new `timezone` column to `calendar_events` table
- When fetched from Google's API, save calendar user's timezone in this
new column along with rest of event data
- Implement datastore method to retrieve the start time and timezone for
a host's next calendar event as a `HostMaintenanceWindow`
- Localize and add UTC offset to the `HostMaintenanceWindow`'s start
time according to its `timezone`
- Include the processed `HostMaintenanceWindow`, if present, in the
response to the `GET` `hosts/{id}` and `hosts/identifier/{identifier}`
endpoints
- Implement UI on the host details page to display this data
- Add new and update existing UI, core integration, datastore, and
`fleetctl` tests
- Update `date-fns` package to the latest version
<img width="1062" alt="Screenshot 2024-06-26 at 1 02 34 PM"
src="https://github.com/fleetdm/fleet/assets/61553566/c3ddad97-23da-42c1-b4ed-b7615ec88aed">
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified tables for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Adds a minimum supported node and yarn version to the project.
Currently if you are on an unsupported version of node or yarn, there is
no messaging telling you that is the issue. The build just fails, and
you are left to figure out it's because of your node version. With this
change, it will be much clearer why any of the node required commands
(e.g. make deps, make generate-dev, make lint-js, make test-js) are not
working, and it will tell you exactly which minimum version of node or
yarn you need.
**After the console error is clear about using an unsupported node
version**
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
- [x] Manual QA for all new/changed functionality
We need to patch some security issues with version updates, but
Storybook dependencies currently block them. This updates Storybook and
all addons to the latest version. I test building and serving Storybook
locally and no issues.
## Addresses #11037
### Implement the `privacy_preferences` table for the Fleetd Chrome
extension. Columns correspond to the available properties of
[`chrome.privacy`](https://developer.chrome.com/docs/extensions/reference/privacy/).
Chrome on mac:
<img width="816" alt="Screenshot 2023-06-23 at 11 55 21 AM"
src="https://github.com/fleetdm/fleet/assets/61553566/a4700749-6325-442e-acf2-c14b1c9adf8f">
Chromebook with enterprise access (actual use case):
* Chromebook w/o enterprise access: as you can see, sometimes certain
APIs are not available - this error occurs because the expected API
object that would have a `get` method is actually `undefined` TODO – How
to handle this case given that we want to let errors bubble up to the
level at which Fleet can catch them? Maybe it would be nice to catch
such errors and send them up to the Fleet layer, and still allow the
loop to continue to populate the columns whose APIs _are_ available.
_Decision: catch API errors here to preserve functionality of the
remaining columns_
- [x] Changes file
- [x] Manual QA
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## Addresses
[confidential/2940](https://github.com/fleetdm/confidential/issues/2940)
Patched a potential security issue in UI
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Upgrades webpack and other JS dependencies. This was primarily motivated
by GitHub reporting a vulnerability in Webpack (which shouldn't actually
effect our use of Webpack) and wanting to clean up some tech debt.
Note that equivalent functionality for url-loader and file-loader is now
included in webpack itself.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
import-glob-loader has a very old loader-utils dependency that triggers
security alerting. Hoping that replacing this will allow the
loader-utils version to be updated.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
* create new components for query side panel
* add reusable icon component that uses svg for icons
* integrate with new osquery_fleet_schema.json data
* update UI to work with osquery_fleet_schema.json
* add remark-gfm to safely support direct urls in markdown
* move fleet ace into markdown component so we can render code with ace editor
* add testing for new query sidebar
* remove incomplete tests for query sidepanel
* add google analytics to sandbox instances
* Add serverType variable to frontend handler
* update version of html-webpack-plugin
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
