**Related issue:** Resolves#34999
Reverts edit icon alignment.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [X] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34827
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
Follow up findings from running through the test plan
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
Bumps
[github.com/containerd/containerd](https://github.com/containerd/containerd)
from 1.7.27 to 1.7.29.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/containerd/containerd/releases">github.com/containerd/containerd's
releases</a>.</em></p>
<blockquote>
<h2>containerd 1.7.29</h2>
<p>Welcome to the v1.7.29 release of containerd!</p>
<p>The twenty-ninth patch release for containerd 1.7 contains various
fixes
and updates including security patches.</p>
<h3>Security Updates</h3>
<ul>
<li>
<p><strong>containerd</strong></p>
<ul>
<li><a
href="https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"><strong>GHSA-pwhc-rpq9-4c8w</strong></a></li>
<li><a
href="https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2"><strong>GHSA-m6hq-p25p-ffr2</strong></a></li>
</ul>
</li>
<li>
<p><strong>runc</strong></p>
<ul>
<li><a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"><strong>GHSA-qw9x-cqr3-wc7r</strong></a></li>
<li><a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"><strong>GHSA-cgrx-mc8f-2prm</strong></a></li>
<li><a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2"><strong>GHSA-9493-h29p-rfm2</strong></a></li>
</ul>
</li>
</ul>
<h3>Highlights</h3>
<h4>Image Distribution</h4>
<ul>
<li><strong>Update differ to handle zstd media types</strong> (<a
href="https://redirect.github.com/containerd/containerd/pull/12018">#12018</a>)</li>
</ul>
<h4>Runtime</h4>
<ul>
<li><strong>Update runc binary to v1.3.3</strong> (<a
href="https://redirect.github.com/containerd/containerd/pull/12480">#12480</a>)</li>
<li><strong>Fix lost container logs from quickly closing io</strong> (<a
href="https://redirect.github.com/containerd/containerd/pull/12375">#12375</a>)</li>
</ul>
<p>Please try out the release binaries and report any issues at
<a
href="https://github.com/containerd/containerd/issues">https://github.com/containerd/containerd/issues</a>.</p>
<h3>Contributors</h3>
<ul>
<li>Derek McGowan</li>
<li>Akihiro Suda</li>
<li>Phil Estes</li>
<li>Austin Vazquez</li>
<li>Sebastiaan van Stijn</li>
<li>ningmingxiao</li>
<li>Maksym Pavlenko</li>
<li>StepSecurity Bot</li>
<li>wheat2018</li>
</ul>
<h3>Changes</h3>
<!-- raw HTML omitted -->
<ul>
<li><a
href="442cb34bda"><code>442cb34bd</code></a>
Merge commit from fork</li>
<li><a
href="0450f046e6"><code>0450f046e</code></a>
Fix directory permissions</li>
<li><a
href="e5cb6ddb7a"><code>e5cb6ddb7</code></a>
Merge commit from fork</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="442cb34bda"><code>442cb34</code></a>
Merge commit from fork</li>
<li><a
href="e5cb6ddb7a"><code>e5cb6dd</code></a>
Merge commit from fork</li>
<li><a
href="9772966401"><code>9772966</code></a>
Merge pull request <a
href="https://redirect.github.com/containerd/containerd/issues/12486">#12486</a>
from dmcgowan/prepare-v1.7.29</li>
<li><a
href="1fc2daaf3e"><code>1fc2daa</code></a>
Prepare release notes for v1.7.29</li>
<li><a
href="93f710a528"><code>93f710a</code></a>
Merge pull request <a
href="https://redirect.github.com/containerd/containerd/issues/12480">#12480</a>
from k8s-infra-cherrypick-robot/cherry-pick-12475-t...</li>
<li><a
href="68d04befab"><code>68d04be</code></a>
Merge pull request <a
href="https://redirect.github.com/containerd/containerd/issues/12471">#12471</a>
from austinvazquez/1_7_update_ci_go_and_images</li>
<li><a
href="3f5f9f8727"><code>3f5f9f8</code></a>
runc: Update runc binary to v1.3.3</li>
<li><a
href="667409fb63"><code>667409f</code></a>
ci: bump Go 1.24.9, 1.25.3</li>
<li><a
href="294f8c027b"><code>294f8c0</code></a>
Update GHA runners to use latest images for basic binaries build</li>
<li><a
href="cf66b4141d"><code>cf66b41</code></a>
Update GHA runners to use latest image for most jobs</li>
<li>Additional commits viewable in <a
href="https://github.com/containerd/containerd/compare/v1.7.27...v1.7.29">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34652
This updates the TooltipTruncatedText component to use our
TooltipWrapper component. This helps us maintain consistency in our
tooltips.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35042
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Attempt at debugging #34776
Another attempt to further debug this issue. This attempt tries to
verify that the scopes for the token is correct, and is not overriden by
another call to the scopes.
The reason is that the `www-authenticate` response header is saying
`error="insufficient_scope"`
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
---------
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35166
Fix
- For an OS version, we first fetch the version with
max_vulnerabilities=0.
- If the OS version has vulnerabilities and it is non-Linux, then we
refetch the OS version without specifying the `max_vulnerabilities`
parameter, which fetches all vulnerabilities.
# Checklist for submitter
## Testing
- [x] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Improvements**
* Optimized vulnerability data loading for operating system details with
enhanced fetching strategy
* Improved loading state management for clearer visibility during data
retrieval on OS version pages
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Jacob Shandling <jacob@shandling.dev>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34533
Test change only. No functional changes.
# Checklist for submitter
## Testing
- [x] Added/updated automated tests
Fixes#32072.
Biggest changes are in the foreign vitals IdP (SCIM) guide:
* Moved Android from "coming soon" to live (true as of 4.75)
* Moved Okta-specific troubleshooting under the Okta section
* Moved "Other IdPs" into its own top level section instead of partway
through the Google section (looks like the result of a bad merge)
* Added a link to the labels guide where relevant
* Various minor clarity/grammar fixes based on running through the
process end-to-end with Okta
Additionally:
* Clarity fixes on labels docs
* Noted in contributing docs the existence of the Okta Integrator Free
plan for E2E testing SSO/SCIM flows
Adding breaking change note to Changes section of release article.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Attempt at solving #34776
This was verified by extracting the create topic, and getIamPolicy, and
without the flow.build it worked fine, but when added it started
failing.
Updated the guide to clarify the deployment process for CrowdStrike
Falcon on macOS, Linux, and Windows using Fleet. Added details on
installation steps, post-install scripts, and configuration profiles.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33778
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34776
Adds delay to subsequent retries on creation of Android enterprise
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
**Related issue:** Resolves#33436
This attempts to make the query to get the list of iOS and iPad devices
that need a refetch more resilient by ensuring the hosts are in the
nano_enrolled table and are currently enrolled.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [ ] Added/updated automated tests
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34973
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
