dependabot[bot]
572c4945b8
Bump nanoid from 3.3.7 to 3.3.8 ( #24614 )
2024-12-10 14:07:29 -06:00
dependabot[bot]
d0d601a331
Bump cross-spawn from 7.0.3 to 7.0.5 ( #23878 )
2024-11-18 15:37:27 -06:00
Luke Heath
6ae225c211
Bump webpack dependency ( #23745 )
2024-11-12 16:03:10 -06:00
Gabriel Hernandez
7b39252852
remove express package ( #23576 )
2024-11-07 14:40:08 -06:00
Gabriel Hernandez
73d287eaeb
update msw (mock service worker) package to 2.5.1 ( #23480 )
...
relates to #23128
updates mock service worker package as it was using a version of
`path-to-regexp` that had a high security vulnerability. This updated
version of msw uses a newer version of the package that does not have
this vulnerability
I had to add the `jest-fixed-dom` package to update msw as well as
update our version of typescript to 4.7
2024-11-05 10:13:30 -06:00
jacobshandling
e58ecb0ddc
Update to React 18.3.1 (warnings to anticipate upgrade to React 19) ( #23394 )
...
From [the
changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md ):
> "This release is identical to 18.2 but adds warnings for deprecated
APIs and other changes that are needed for React 19."
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-11-04 10:00:22 -08:00
dependabot[bot]
f6e93778d3
Bump elliptic from 6.5.7 to 6.6.0 ( #23417 )
2024-11-01 16:28:42 -05:00
Luke Heath
bd35c6a12f
Bump Express version ( #23135 )
2024-10-28 11:53:14 -05:00
dependabot[bot]
db30ee1bd5
Bump markdown-to-jsx from 7.2.0 to 7.5.0 ( #22935 )
2024-10-17 18:31:28 -05:00
dependabot[bot]
f96501e1af
Bump dompurify from 3.0.3 to 3.1.3 ( #22133 )
2024-09-16 15:58:27 -05:00
dependabot[bot]
d38d1cde61
Bump express from 4.19.2 to 4.20.0 ( #21960 )
2024-09-11 16:45:44 -05:00
dependabot[bot]
f3b8addf50
Bump micromatch from 4.0.5 to 4.0.8 ( #21553 )
2024-08-27 11:19:02 -05:00
dependabot[bot]
83be4f1d8b
Bump elliptic from 6.5.4 to 6.5.7 ( #21371 )
2024-08-19 15:05:12 -05:00
dependabot[bot]
87f12388ae
Bump axios from 1.6.0 to 1.7.4 ( #21306 )
2024-08-19 14:51:17 -05:00
Martin Angers
c1c5c77dfc
Fix download software installer path ( #21255 )
...
Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
2024-08-13 11:45:03 -05:00
jacobshandling
91b9c4a107
Add host's next maintenance window to the hosts/{id} and hosts/identifier/{identifier} endpoints, and render that data on the host details page ( #19820 )
...
## Addresses full stack for #18554
- Add new `timezone` column to `calendar_events` table
- When fetched from Google's API, save calendar user's timezone in this
new column along with rest of event data
- Implement datastore method to retrieve the start time and timezone for
a host's next calendar event as a `HostMaintenanceWindow`
- Localize and add UTC offset to the `HostMaintenanceWindow`'s start
time according to its `timezone`
- Include the processed `HostMaintenanceWindow`, if present, in the
response to the `GET` `hosts/{id}` and `hosts/identifier/{identifier}`
endpoints
- Implement UI on the host details page to display this data
- Add new and update existing UI, core integration, datastore, and
`fleetctl` tests
- Update `date-fns` package to the latest version
<img width="1062" alt="Screenshot 2024-06-26 at 1 02 34 PM"
src="https://github.com/fleetdm/fleet/assets/61553566/c3ddad97-23da-42c1-b4ed-b7615ec88aed ">
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified tables for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2024-06-28 10:51:13 -07:00
dependabot[bot]
c23e1103a9
Bump ws from 6.2.2 to 6.2.3 ( #19815 )
2024-06-18 10:52:21 -07:00
dependabot[bot]
9c4b248cea
Bump braces from 3.0.2 to 3.0.3 ( #19677 )
2024-06-11 16:52:58 -07:00
dependabot[bot]
c62aeaf225
Bump ejs from 3.1.9 to 3.1.10 ( #18700 )
2024-05-02 14:41:07 -05:00
RachelElysia
6dabcd524c
Frontend: Improve URL and email validation ( #18445 )
2024-04-25 13:03:30 -04:00
Gabriel Hernandez
5bc4acf9e8
new dynamic and manual labels UI test and update react testing library ( #18369 )
...
tests for the new label pages
also updates react testing library and its plugins versions
- [x] Added/updated tests
2024-04-25 13:26:26 +01:00
dependabot[bot]
ffddd76b9c
Bump tar from 6.1.13 to 6.2.1 ( #18180 )
2024-04-10 12:35:42 -05:00
Victor Lyuboslavsky
ffc2d9f68a
Fixing frontend code scanning vulnerability alerts ( #18042 )
...
#17903
- Fixing https://osv.dev/vulnerability/GHSA-crh6-fp67-6883 by updating
@xmldom/xmldom@0.8.3 to @xmldom/xmldom@0.8.4
- Fixing https://osv.dev/vulnerability/GHSA-wf5p-g6vw-rhxx by overriding
axios@0.21.1 to axios@0.28.0
- Fixing https://osv.dev/vulnerability/GHSA-p6mc-m468-83gw by removing
lodash.set dependency by updating nock@13.2.4 to nock@13.5.4
- Fixing https://osv.dev/vulnerability/GHSA-4wf5-vphf-c2xc by updating
terser from 5.12.1 to 5.14.2
- Fixing https://osv.dev/vulnerability/GHSA-566m-qj78-rww5 and
https://osv.dev/vulnerability/GHSA-7fh5-64p2-3v2j by:
- Updating to autoprefixer@10.4.19, node-sass-glob-importer@5.3.3, and
postcss-loader@4.3.0
- Overriding css-selector-extract@3.3.6 to css-selector-extract@4.0.1
- Overriding css-node-extract@2.1.3 to css-node-extract@3.0.4 and
overriding its postcss dependency to ^8.4.31
2024-04-05 16:45:22 -05:00
dependabot[bot]
acb7959649
Bump express from 4.17.3 to 4.19.2 ( #17857 )
2024-03-26 10:07:50 -05:00
dependabot[bot]
424d7e576a
Bump webpack-dev-middleware from 6.1.1 to 6.1.2 ( #17776 )
2024-03-21 16:02:13 -05:00
dependabot[bot]
d896420421
Bump follow-redirects from 1.15.4 to 1.15.6 ( #17651 )
2024-03-21 11:25:27 -05:00
Gabriel Hernandez
3c2e4b8f4a
update UI to react 18 ( #17471 )
2024-03-13 19:09:16 +00:00
dependabot[bot]
f1bb19f96f
Bump ip from 2.0.0 to 2.0.1 ( #17009 )
2024-02-22 10:30:26 -06:00
dependabot[bot]
7134ea0f7d
Bump follow-redirects from 1.15.3 to 1.15.4 ( #16007 )
2024-01-10 17:23:13 -06:00
dependabot[bot]
eaec5e9ea5
Bump axios from 1.2.3 to 1.6.0 ( #15088 )
2023-11-10 14:07:31 -06:00
Jacob Shandling
bf8504a028
Refactor Tooltip Wrapper ( #13845 )
2023-11-07 13:15:49 -08:00
dependabot[bot]
6f168e9399
Bump graphql from 16.6.0 to 16.8.1 ( #14052 )
2023-11-03 13:25:30 -05:00
dependabot[bot]
239679ff36
Bump @babel/traverse from 7.19.4 to 7.23.2 ( #14856 )
2023-11-01 10:56:58 -05:00
Luke Heath
dec9f4a0c1
Update storybook versions ( #14841 )
...
We need to patch some security issues with version updates, but
Storybook dependencies currently block them. This updates Storybook and
all addons to the latest version. I test building and serving Storybook
locally and no issues.
2023-11-01 10:54:26 +00:00
dependabot[bot]
06ae87c2cf
Bump browserify-sign from 4.2.1 to 4.2.2 ( #14765 )
2023-10-31 09:52:22 -05:00
dependabot[bot]
580a65dd83
Bump semver from 5.7.1 to 5.7.2 ( #12710 )
2023-10-11 16:40:00 -05:00
dependabot[bot]
3c0e28fbc2
Bump tough-cookie from 4.1.2 to 4.1.3 ( #13836 )
2023-10-11 16:38:41 -05:00
Zach Wasserman
4ecc7db6d6
Complete removal of Cypress ( #13389 )
...
Remove the last of the dependencies and configuration around Cypress
since we no longer use it for testing.
2023-08-18 11:06:12 -06:00
dependabot[bot]
d458d25524
Bump word-wrap from 1.2.3 to 1.2.4 ( #12833 )
2023-07-26 11:04:16 -07:00
Jacob Shandling
2855bc8f7f
ChromeOS privacy_preferences table ( #12441 )
...
## Addresses #11037
### Implement the `privacy_preferences` table for the Fleetd Chrome
extension. Columns correspond to the available properties of
[`chrome.privacy`](https://developer.chrome.com/docs/extensions/reference/privacy/ ).
Chrome on mac:
<img width="816" alt="Screenshot 2023-06-23 at 11 55 21 AM"
src="https://github.com/fleetdm/fleet/assets/61553566/a4700749-6325-442e-acf2-c14b1c9adf8f ">
Chromebook with enterprise access (actual use case):
* Chromebook w/o enterprise access: as you can see, sometimes certain
APIs are not available - this error occurs because the expected API
object that would have a `get` method is actually `undefined` TODO – How
to handle this case given that we want to let errors bubble up to the
level at which Fleet can catch them? Maybe it would be nice to catch
such errors and send them up to the Fleet layer, and still allow the
loop to continue to populate the columns whose APIs _are_ available.
_Decision: catch API errors here to preserve functionality of the
remaining columns_
- [x] Changes file
- [x] Manual QA
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2023-06-23 14:52:16 -07:00
Luke Heath
ab9e823ac9
Increase software name container width ( #12296 )
2023-06-12 14:57:15 -05:00
Jacob Shandling
1c18765dfa
UI: Security patch ( #12229 )
...
## Addresses
[confidential/2940](https://github.com/fleetdm/confidential/issues/2940 )
Patched a potential security issue in UI
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2023-06-08 13:13:27 -04:00
Gabriel Hernandez
d027036985
add figma to storybook and a couple new stories ( #11521 )
...
add figma addon to storybook that allows us to link figma designed to
our storybook
2023-05-09 16:53:43 +01:00
Gabriel Hernandez
546225ed35
update storybook to work with webpack 5 and move babelrc into its own file out of package.json ( #11499 )
2023-05-03 17:50:17 +01:00
Zach Wasserman
a14228dd11
Upgrade webpack to v5 ( #11173 )
...
Upgrades webpack and other JS dependencies. This was primarily motivated
by GitHub reporting a vulnerability in Webpack (which shouldn't actually
effect our use of Webpack) and wanting to clean up some tech debt.
Note that equivalent functionality for url-loader and file-loader is now
included in webpack itself.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
2023-04-14 07:58:54 -07:00
dependabot[bot]
eb1194a0b4
Bump loader-utils from 1.4.0 to 1.4.2 ( #10234 )
...
Bumps [loader-utils](https://github.com/webpack/loader-utils ) from 1.4.0
to 1.4.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/webpack/loader-utils/releases ">loader-utils's
releases</a>.</em></p>
<blockquote>
<h2>v1.4.2</h2>
<h3><a
href="https://github.com/webpack/loader-utils/compare/v1.4.1...v1.4.2 ">1.4.2</a>
(2022-11-11)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>ReDoS problem (<a
href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/226 ">#226</a>)
(<a
href="17cbf8fa89https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1 ">1.4.1</a>
(2022-11-07)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>security problem (<a
href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/220 ">#220</a>)
(<a
href="4504e34c47https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md ">loader-utils's
changelog</a>.</em></p>
<blockquote>
<h3><a
href="https://github.com/webpack/loader-utils/compare/v1.4.1...v1.4.2 ">1.4.2</a>
(2022-11-11)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>ReDoS problem (<a
href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/226 ">#226</a>)
(<a
href="17cbf8fa89https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1 ">1.4.1</a>
(2022-11-07)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>security problem (<a
href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/220 ">#220</a>)
(<a
href="4504e34c47331ad5067d17cbf8fa89https://github-redirect.dependabot.com/webpack/loader-utils/issues/226 ">#226</a>)</li>
<li><a
href="8f082b39f64504e34c47https://github-redirect.dependabot.com/webpack/loader-utils/issues/220 ">#220</a>)</li>
<li>See full diff in <a
href="https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.2 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-01 12:39:57 -08:00
dependabot[bot]
12751b853f
Bump json5 from 1.0.1 to 1.0.2 ( #10233 )
...
Bumps [json5](https://github.com/json5/json5 ) from 1.0.1 to 1.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/json5/json5/releases ">json5's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.2</h2>
<ul>
<li>Fix: Properties with the name <code>__proto__</code> are added to
objects and arrays. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/199 ">#199</a>)
This also fixes a prototype pollution vulnerability reported by Jonathan
Gregson! (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/295 ">#295</a>).
This has been backported to v1. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/298 ">#298</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/json5/json5/blob/main/CHANGELOG.md ">json5's
changelog</a>.</em></p>
<blockquote>
<h3>Unreleased [<a
href="https://github.com/json5/json5/tree/main ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.3...HEAD ">diff</a>]</h3>
<h3>v2.2.3 [<a
href="https://github.com/json5/json5/tree/v2.2.3 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.2...v2.2.3 ">diff</a>]</h3>
<ul>
<li>Fix: json5@2.2.3 is now the 'latest' release according to npm
instead of
v1.0.2. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/299 ">#299</a>)</li>
</ul>
<h3>v2.2.2 [<a
href="https://github.com/json5/json5/tree/v2.2.2 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.1...v2.2.2 ">diff</a>]</h3>
<ul>
<li>Fix: Properties with the name <code>__proto__</code> are added to
objects and arrays.
(<a
href="https://github-redirect.dependabot.com/json5/json5/issues/199 ">#199</a>)
This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/295 ">#295</a>).</li>
</ul>
<h3>v2.2.1 [<a
href="https://github.com/json5/json5/tree/v2.2.1 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.0...v2.2.1 ">diff</a>]</h3>
<ul>
<li>Fix: Removed dependence on minimist to patch CVE-2021-44906. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/266 ">#266</a>)</li>
</ul>
<h3>v2.2.0 [<a
href="https://github.com/json5/json5/tree/v2.2.0 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.3...v2.2.0 ">diff</a>]</h3>
<ul>
<li>New: Accurate and documented TypeScript declarations are now
included. There
is no need to install <code>@types/json5</code>. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/236 ">#236</a>,
<a
href="https://github-redirect.dependabot.com/json5/json5/issues/244 ">#244</a>)</li>
</ul>
<h3>v2.1.3 [<a
href="https://github.com/json5/json5/tree/v2.1.3 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.2...v2.1.3 ">diff</a>]</h3>
<ul>
<li>Fix: An out of memory bug when parsing numbers has been fixed. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/228 ">#228</a>,
<a
href="https://github-redirect.dependabot.com/json5/json5/issues/229 ">#229</a>)</li>
</ul>
<h3>v2.1.2 [<a
href="https://github.com/json5/json5/tree/v2.1.2 ">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.1...v2.1.2 ">diff</a>]</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a62db1e51ee0c23fe45862a6540840https://github.com/json5/json5/compare/v1.0.1...v1.0.2 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-01 12:39:29 -08:00
Zach Wasserman
515cdb918c
Replace import-glob-loader with node-sass-glob-importer ( #10171 )
...
import-glob-loader has a very old loader-utils dependency that triggers
security alerting. Hoping that replacing this will allow the
loader-utils version to be updated.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
2023-03-01 12:33:42 -08:00
Zach Wasserman
8f083f8d4c
Move JS deps to devDependencies ( #10155 )
...
Many of these dependencies are only used in development.
2023-02-28 09:13:30 -08:00
Luke Heath
bc2c6e59f5
Update node-sass frontend dependency ( #9954 )
...
Due to the update in https://github.com/fleetdm/fleet/pull/9950 we need
to update our version of `node-sass` to support Node 19.
2023-02-20 14:23:19 -06:00
