# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
This adds CIS 2.3.6.x items from Windows 10 Enterprise. I tested all of
these on Windows Server 2019 as my Windows 10 machine hasn't arrived
yet, but they should be identical.
I originally thought this was not possible but I did not realize that
the GPO always seems to change the registry key and does not act as the
single source of truth, unlike profiles on macOS.
Intended to fix this error we are seeing in CI:
```
error generating coverage report: write |1: file already closed
```
It seems like perhaps a change in the way the test coverage is reported
in a recent Go version has interacted with the closing of stdout in
these tests.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Added/updated tests
- Add a reminder to specify any changes to permissions
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Andrew Baker <89049099+DrewBakerfdm@users.noreply.github.com>
```╷
│ Warning: Argument is deprecated
│
│ with aws_s3_bucket.osquery-results,
│ on firehose.tf line 7, in resource "aws_s3_bucket" "osquery-results":
│ 7: resource "aws_s3_bucket" "osquery-results" { #tfsec:ignore:aws-s3-encryption-customer-key:exp:2022-07-01 #tfsec:ignore:aws-s3-enable-versioning #tfsec:ignore:aws-s3-enable-bucket-logging:exp:2022-06-15
│
│ Use the aws_s3_bucket_lifecycle_configuration resource instead
│
│ (and 9 more similar warnings elsewhere)
╵
Success! The configuration is valid, but there were some validation warnings as shown above.
```
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Related to: https://github.com/fleetdm/fleet/issues/10210
Changes:
- Added `/experimental/okta-webflow`
- This page has a login form that accepts any input. When the login form
is submitted, the page shows the user a EULA.
- Updated policies, importer.less and routes
- Updated `layouts/layout-sandbox` to hide the website's header and
footer, and disable the Papercups chat widget when a variable named
`optimizeForAppleWebview` is set to `true`.
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
#8411
PS: I've opened #10209 to solve the issue with Golang Code Coverage CI
checks.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
import-glob-loader has a very old loader-utils dependency that triggers
security alerting. Hoping that replacing this will allow the
loader-utils version to be updated.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Bumps
[github.com/russellhaering/goxmldsig](https://github.com/russellhaering/goxmldsig)
from 1.1.0 to 1.1.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dfbd95396a"><code>dfbd953</code></a>
Bump Go versions in Travis</li>
<li><a
href="65601c817d"><code>65601c8</code></a>
Update dependencies</li>
<li><a
href="fb23e0af61"><code>fb23e0a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/71">#71</a>
from aporcupine/patch-1</li>
<li><a
href="ca2b448c7d"><code>ca2b448</code></a>
Explicitly check for case where SignatureValue is nil</li>
<li><a
href="3541f5e554"><code>3541f5e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/67">#67</a>
from santosh653/master</li>
<li><a
href="735e3c720c"><code>735e3c7</code></a>
Update .travis.yml</li>
<li><a
href="d6a59c7d76"><code>d6a59c7</code></a>
Update .travis.yml</li>
<li><a
href="add80e26e1"><code>add80e2</code></a>
Update .travis.yml</li>
<li><a
href="0bf1c10130"><code>0bf1c10</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/61">#61</a>
from pboyd04/UseCanonicalizationFromSigInfo</li>
<li><a
href="d396ec6179"><code>d396ec6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/russellhaering/goxmldsig/issues/39">#39</a>
from aykevl/fixes</li>
<li>Additional commits viewable in <a
href="https://github.com/russellhaering/goxmldsig/compare/v1.1.0...v1.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.21 to 2.2.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1543">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="32dc499307"><code>32dc499</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1547">#1547</a>
from github/update-v2.2.5-237a258d2</li>
<li><a
href="b742728ac2"><code>b742728</code></a>
Update changelog for v2.2.5</li>
<li><a
href="237a258d2b"><code>237a258</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1543">#1543</a>
from github/alexet/update-2.12.3</li>
<li><a
href="5972e6d72e"><code>5972e6d</code></a>
Fix lib file</li>
<li><a
href="164027e682"><code>164027e</code></a>
Fix bundle versions</li>
<li><a
href="3dde1f3512"><code>3dde1f3</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1540">#1540</a>
from cklin/expect-discarded-cache</li>
<li><a
href="d7d7567b0e"><code>d7d7567</code></a>
Unit tests for optimizeForLastQueryRun</li>
<li><a
href="0e4e857bab"><code>0e4e857</code></a>
Set optimizeForLastQueryRun on last run</li>
<li><a
href="08d1f21d4f"><code>08d1f21</code></a>
Calculate customQueryIndices early</li>
<li><a
href="f3bd25eefa"><code>f3bd25e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1544">#1544</a>
from github/aeisenberg/clean-cache</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/v2.1.21...32dc499307d133bb5085bae78498c0ac2cf762d5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
## Summary
This pull request is created by [Secure
Repo](https://app.stepsecurity.io/securerepo) at the request of @zwass.
Please merge the Pull Request to incorporate the requested changes.
Please tag @zwass on your message if you have any questions related to
the PR. You can also engage with the
[StepSecurity](https://github.com/step-security) team by tagging
@step-security-bot.
## Security Fixes
### Secure Dockerfiles
Pin image tags to digests in Dockerfiles. With the Docker v2 API
release, it became possible to use digests in place of tags when pulling
images or to use them in FROM lines in Dockerfiles.
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)
## Feedback
For bug reports, feature requests, and general feedback; please create
an issue in
[step-security/secure-repo](https://github.com/step-security/secure-repo).
To create such PRs, please visit https://app.stepsecurity.io/securerepo.
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
Bumps
[dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact)
from 2.23.0 to 2.26.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e780fc7bb"><code>5e780fc</code></a>
Use <code>commit</code> as <code>head_sha</code> to reduce number of API
calls (<a
href="https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/227">#227</a>)</li>
<li><a
href="b59d8c6a6c"><code>b59d8c6</code></a>
Add pagination to appropriate listWorkflowRunArtifacts call (<a
href="https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/225">#225</a>)</li>
<li><a
href="5004d5476e"><code>5004d54</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/219">#219</a>
from dawidd6/dependabot-npm_and_yarn-actions-artifact...</li>
<li><a
href="b1a9c91d1f"><code>b1a9c91</code></a>
build(deps): bump <code>@actions/artifact</code> from 1.1.0 to
1.1.1</li>
<li><a
href="bd10f381a9"><code>bd10f38</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/218">#218</a>
from dawidd6/dependabot-npm_and_yarn-adm-zip-0.5.10</li>
<li><a
href="61a654a8ce"><code>61a654a</code></a>
build(deps): bump adm-zip from 0.5.9 to 0.5.10</li>
<li><a
href="dcadc4bd45"><code>dcadc4b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/211">#211</a>
from koplo199/master</li>
<li><a
href="ceeb280c4f"><code>ceeb280</code></a>
Remove unnecessary semicolon</li>
<li><a
href="806bb52fe0"><code>806bb52</code></a>
Catch 'Artifact has expired' error</li>
<li><a
href="e6e25ac3a2"><code>e6e25ac</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/209">#209</a>
from dawidd6/v2</li>
<li>Additional commits viewable in <a
href="7847792dd4...5e780fc7bb">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Explain that Fleet automatically downloads the macOS update for the
end user
- Explain how to troubleshoot the scenario when the Mac says it's up to
date when it isn't
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Related to #9495, this adds the underlying methods to send a
configuration profile that enables FileVault and FileVault Escrow, so we
can fetch and decrypt the encryption key later on.
These methods still need to be called somewhere, and they might need to
be moved outside of `Service`, but at least this gives us a start.
Bumps
[github.com/kevinburke/go-bindata](https://github.com/kevinburke/go-bindata)
from 3.22.0+incompatible to 3.24.0+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/kevinburke/go-bindata/releases">github.com/kevinburke/go-bindata's
releases</a>.</em></p>
<blockquote>
<p>v3.24.0</p>
<p>v3.23.0</p>
<p>test</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kevinburke/go-bindata/blob/master/CHANGELOG.md">github.com/kevinburke/go-bindata's
changelog</a>.</em></p>
<blockquote>
<h2>3.24.0</h2>
<p>Remove uses of io/ioutil; you must use Go 1.18 or higher with this
version of
go-bindata and its generated asset files.</p>
<p>Update generated doc comments for compatibility with Go's updated doc
comment
guidelines.</p>
<h2>3.21.0</h2>
<p>Replace "Debug" with "AssetDebug" to reduce the
likelihood of conflicts.</p>
<h2>3.20.0</h2>
<p>Add the "Debug" constant if assets have been generated
using the <code>--debug</code> flag
at the command line.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1b67e2de03"><code>1b67e2d</code></a>
v3.24.0</li>
<li><a
href="2708ad2791"><code>2708ad2</code></a>
CHANGELOG.md: prep for v3.24 release</li>
<li><a
href="5708eee1c2"><code>5708eee</code></a>
.github: add Go 1.18, 1.19</li>
<li><a
href="4a992e31ef"><code>4a992e3</code></a>
all: replace use of io/ioutil</li>
<li><a
href="adf7cd2dcf"><code>adf7cd2</code></a>
v3.23.0</li>
<li><a
href="54fe8e9bc4"><code>54fe8e9</code></a>
Release binaries for arm64</li>
<li><a
href="7ea0201288"><code>7ea0201</code></a>
.github: use latest Go versions</li>
<li><a
href="12dca65da1"><code>12dca65</code></a>
benchmark should write to tmp dir, not ./testdata. Fixes <a
href="https://github-redirect.dependabot.com/kevinburke/go-bindata/issues/42">#42</a>.</li>
<li><a
href="0d7fe269ac"><code>0d7fe26</code></a>
go-bindata: don't panic if given invalid regex</li>
<li><a
href="930726ace6"><code>930726a</code></a>
release: remove underscores from function names</li>
<li>Additional commits viewable in <a
href="https://github.com/kevinburke/go-bindata/compare/v3.22.0...v3.24.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
