# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
## Summary
This pull request is created by [Secure
Repo](https://app.stepsecurity.io/securerepo) at the request of @zwass.
Please merge the Pull Request to incorporate the requested changes.
Please tag @zwass on your message if you have any questions related to
the PR. You can also engage with the
[StepSecurity](https://github.com/step-security) team by tagging
@step-security-bot.
## Security Fixes
### Secure Dockerfiles
Pin image tags to digests in Dockerfiles. With the Docker v2 API
release, it became possible to use digests in place of tags when pulling
images or to use them in FROM lines in Dockerfiles.
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)
## Feedback
For bug reports, feature requests, and general feedback; please create
an issue in
[step-security/secure-repo](https://github.com/step-security/secure-repo).
To create such PRs, please visit https://app.stepsecurity.io/securerepo.
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
* Update go to 1.19.4
* Comment out failing package test
* Comment out ALL the packaging tests for windows for the moment
* Update go to 1.19.4
* Comment out failing package test
* Comment out ALL the packaging tests for windows for the moment
* Update changelog
* Bump versions
* Update changelog to reflect this being a security release
* Bump go to 1.19.1
* Bump remaining go-version to the 1.19.1
* Add extra paths for test-go
* Oops, putting the right path in the right place
* gofmt file
* gofmt ALL THE THINGS
* Moar changes
* Actually, go.mod doesn't like minor versions
* Add code for the shared infra part of the demo environment
* Checkin
* checkin
* Checkin for pre-provisioner, got terraform working
* Checkin with the pre-deployer working, now blocked by helm chart
* Add interface for helm
* Add some initial code for the JIT Provisioner lambda
Lots of code taken from https://gitlab.com/hmajid2301/articles/-/tree/master/41.%20Create%20a%20webapp%20with%20fizz
* Update helm chart to work with shared infra (#5621)
* Update helm chart to work with shared infra
* Update helm chart README to reflect changes.
* Checkin
* Checkin
* Checkin, Pre-provisioner actually works
* PreProvisioner is now complete
* Make changes to the JIT provisioner based off of actually learning how
to do stuff
* checkin
* Check in, broken currently
* Add all code except provisioning and emailing user
* Checkin
* Checkin, fixed kubernetes
* Checkin
* Forgot a file
* Finish jit provisioner, need to test now
* Checkin, switching to nginx ingress
* Fleets are now actually accessible
* JITProvisioner now returns working fleet instances
* Deprovisioner code done, just need a few bugs fixed
* Fix the deprovisioner so it works now and re-ip
* fixup
* Finished testing the deprovisioner
* Added monitoring and fixed some bugs
* Add stuff for #6548
* fixed per luke's suggestion
* Fix for inactive task definition arns
* move everything to the prod account
* Bump fleet version and fix a couple of bugs
* Fix a couple of bugs
* Lots of security fixes and a few bug fixes
* Rename demo to sandbox to match product's naming
* Revert "Update helm chart to work with shared infra (#5621)"
This reverts commit 610bbd1c00.
Co-authored-by: Robert Fairburn <8029478+rfairburn@users.noreply.github.com>
