Motivation: add a check for a common issue I see humans and AI agents
making, so that we don't have to waste time on it in code reviews.
Resolves#42635
Note: This lint check has been mostly AI generated. I don't think it
needs a thorough review because it is not production code and not even
test code. Any issues will be obvious from usage by contributors.
Add a custom go/analysis analyzer that detects map[T]bool variables
used as sets (where only the literal `true` is ever assigned) and
suggests using map[T]struct{} instead, which is the idiomatic Go
approach for sets — zero memory for values and unambiguous semantics.
The analyzer minimizes false positives by:
- Only flagging when ALL indexed assignments use the literal `true`
- Skipping variables initialized from function calls (unknown source)
- Skipping variables reassigned from unknown sources
- Skipping function parameters and exported package-level variables
- Skipping range loop variables
Integrated as an incremental linter (new/changed code only) to avoid
breaking existing code.
Running this check on our whole codebase flags valid cases:
```
cmd/fleet/serve.go:306:2: map[string]bool used as a set; consider map[string]struct{} instead (setboolcheck)
allowedHostIdentifiers := map[string]bool{
^
cmd/fleetctl/fleetctl/generate_gitops.go:189:3: map[string]bool used as a set; consider map[string]struct{} instead (setboolcheck)
handled := make(map[string]bool, len(renames)*2)
^
cmd/fleetctl/fleetctl/generate_gitops.go:1593:2: map[uint]bool used as a set; consider map[uint]struct{} instead (setboolcheck)
m := make(map[uint]bool, len(ids))
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Added a new code analyzer to detect maps used as boolean sets and
recommend more efficient alternatives for better performance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Scott Gress <scott@fleetdm.com>
## Summary
- Updated the press boilerplate text in the marketing handbook page
(`handbook/marketing/README.md`) with refreshed messaging that
highlights Fleet's built-in AI capabilities, plain English
configuration, deployment flexibility, and Fleet Cloud option.
Built for [Ashish
Kuthiala](https://fleetdm.slack.com/archives/D0AG9JQ53GA/p1774990303517969)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
**Related issue:** Resolves#41571
Changing the way delta artifacts are generated.
`changed_files_today.txt` and `changed_files_yesterday.txt` will always
look back into git history for any commits added yesterday and today.
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Bug Fixes**
* Improved repository synchronization to ensure local state accurately
reflects the remote main branch.
* Enhanced file change detection logic for more reliable identification
of modified files.
* Refined output file handling to maintain consistency across
synchronization cycles.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- Configures internal alb to log to the same bucket as the public alb
- Adds support for osquery-perf task size (cpu/memory) configuration
- Updates defaults for osquery-perf extra_flags
- Updates default enroll.sh loop sleep_time from 60s -> 300s
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#40317
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [ ] Added/updated automated tests
With the current router we have in place, we can't really test `<Link>`
elements, so our ability to make useful automated tests is pretty
limited here. I extracted the fleet name sorting code into an exported
function and added some tests for that.
- [X] QA'd all new/changed functionality manually
- [X] verified that when All Fleets is selected in dropdown, navigating
to Controls switches to Workstations
- [X] verified that when another fleet is selected in dropdown,
navigating to Controls maintains that selection
- [X] verified that when a fleet is selected in dropdown, navigating to
the dashboard changes to All Fleets
- [X] verified that when "Unassigned" is present in the fleets dropdown,
it is at the bottom
- [X] verified that when using a permalink to the dashboard with a fleet
selected (e.g. `?fleet_id=1`), the correct fleet shows as selected
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42184
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added support for GitOps exceptions per entity type (labels, software,
secrets), allowing specific areas to bypass GitOps mode restrictions
when configured.
* **Bug Fixes**
* Improved GitOps mode behavior to properly respect per-entity-type
exception settings across software, labels, and secrets management.
* **Tests**
* Extended test coverage for GitOps exception handling scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42591
Docs updated here: https://github.com/fleetdm/fleet/pull/42653/changes
# Checklist for submitter
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced Windows MDM profile deletion and cleanup to properly handle
shared configuration settings across multiple profiles, preventing
unintended removal of settings required by other profiles.
* Improved reliability of profile management when multiple profiles use
overlapping configuration settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#39190https://www.loom.com/share/3c1828f03c584756b7ed8f3ba75a1038
<img width="1840" height="1196" alt="Screenshot 2026-03-30 at 1 08
32 PM"
src="https://github.com/user-attachments/assets/592c9396-65b4-4723-99e7-63f9ee0264c1"
/>
- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Resolved host filtering by software version when the version is not
available on the selected team; now returns software information instead
of an error.
* Fixed a related UI issue caused by the original filtering behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Replaces separate cadences for different event types (field/sales
events settled per sprint, conferences settled per quarter) with a
single quarterly event strategy meeting that covers all event types
(conferences, field/sales events, and GitOps workshops).
- Simplifies the meeting agenda from a two-step process to one decision
covering all events for the following quarter.
## Changes
In `handbook/marketing/event-execution.md`, the "Settle event strategy"
section was updated to:
- Remove the two separate settlement timelines (1 sprint for
field/sales, 1 quarter for conferences)
- Establish one quarterly meeting cadence for all event types
- Consolidate the meeting agenda into a single step instead of
"first...next..."
Built for
[mikermcneil](https://fleetdm.slack.com/archives/D0AFASLRHNU/p1774469541717269)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
Co-authored-by: Ashish Kuthiala <53918208+akuthiala@users.noreply.github.com>
## Summary
Instead of removing the hotel check-in time block entirely, this PR
updates the CEO travel instructions to:
- Keep the 30-minute check-in time block, but never schedule it before
the hotel's official check-in time
- If the CEO arrives before the hotel's check-in time, call the hotel
ahead of time to request early check-in and note it in the calendar
event agenda
- If early check-in is not available, schedule the check-in at the
hotel's official check-in time
Built for [Savannah
Friend](https://fleetdm.slack.com/archives/D0AK3T404H3/p1774560399725619)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
We're keeping the tested version at 6 for now until we have a CI matrix
to test multiple versions. We run both 6.x and 7.x in production and if
we shipped 7+ code we'd break things.
This PR also fixes a spot I missed when mentioning MySQL version
compatibility.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34433 Part 2
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information. Added by first PR
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Profiles now install during device enrollment setup
* **Bug Fixes**
* Enhanced Apple MDM profile synchronization to handle concurrent
processing scenarios
* Improved profile reconciliation to prevent conflicts when multiple
workers process the same device simultaneously
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42492
Includes changes from running ingestions on all FMAs
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#41710
Updates (only) macOS software title names on FMA catalog sync.
Updates software title names on installer upload for Windows FMAs with
an upgrade code.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
Resolves#42456.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [X] Confirmed that the fix is not expected to adversely impact load
test results
Related issue: Resolves https://github.com/fleetdm/fleet/issues/41571
It appears that there is some sort of error with shallow cloning.
```
Run echo "=== Generating OSV Artifacts for Ubuntu ==="
=== Generating OSV Artifacts for Ubuntu ===
=== OSV Repository Sync ===
Repository exists, updating with rolling window...
fatal: error processing shallow info: 4
Error: Process completed with exit code 128.
```
Since we are only keeping a limited history of the repository via cache
before re-clone, fall back to doing a regular `git pull`. This avoids
the complicated shallow cloning / Git having to reconcile the
overlapping but different shallow boundaries, which can cause "error
processing shallow info: 4".
## Testing
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Modified repository synchronization to use full fetches instead of
rolling-window shallow fetches.
* Updated sync status messaging for clarity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.18.0
to 0.38.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="23ae9ed61c"><code>23ae9ed</code></a>
tiff: cap buffer growth to prevent OOM from malicious IFD offset</li>
<li><a
href="e589e60f29"><code>e589e60</code></a>
webp: allow VP8L + VP8X(with alpha)</li>
<li><a
href="fe7d73de74"><code>fe7d73d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="e3d762b1d3"><code>e3d762b</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li><a
href="833c6ed987"><code>833c6ed</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="bc7fe0b43a"><code>bc7fe0b</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="c53c97f4ed"><code>c53c97f</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="9032ff7c7b"><code>9032ff7</code></a>
all: eliminate vet diagnostics</li>
<li><a
href="9c9d08c65c"><code>9c9d08c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="742b1b756d"><code>742b1b7</code></a>
all: fix some comments</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/image/compare/v0.18.0...v0.38.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#36751
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
- [X] Verified that `fleetctl generate-gitops` correctly outputs
policies with `install_software.fleet_maintained_app_slug` populated
when the policies have FMA automation
- [X] Verified that running `fleetctl gitops` using files with
`install_software.fleet_maintained_app_slug` creates/updates FMA policy
automation correctly
- [X] Verified no changes to the above for custom packages or VPP apps
- [X] Verified that when software is excepted from GitOps, FMA policy
automations still work (correctly validates FMAs exist before applying)
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [X] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
checking on this
- [X] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [X] Verified that any relevant UI is disabled when GitOps mode is
enabled
Bumps [jsrsasign](https://github.com/kjur/jsrsasign) from 11.1.0 to
11.1.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kjur/jsrsasign/blob/master/ChangeLog.txt">jsrsasign's
changelog</a>.</em></p>
<blockquote>
<p>ChangeLog for jsrsasign</p>
<ul>
<li>Changes from 11.1.0 to 11.1.1 (2026-Feb-20)
<ul>
<li>security fix for DSA and BigInteger
<ul>
<li>PR <a
href="https://redirect.github.com/kjur/jsrsasign/issues/651">#651</a>,
<a
href="https://redirect.github.com/kjur/jsrsasign/issues/650">#650</a>,
<a
href="https://redirect.github.com/kjur/jsrsasign/issues/649">#649</a>,
<a
href="https://redirect.github.com/kjur/jsrsasign/issues/648">#648</a>,
<a
href="https://redirect.github.com/kjur/jsrsasign/issues/647">#647</a>,
<a
href="https://redirect.github.com/kjur/jsrsasign/issues/646">#646</a>,
<a
href="https://redirect.github.com/kjur/jsrsasign/issues/645">#645</a>.
Thank you <a
href="https://github.com/Kr0remer"><code>@Kr0remer</code></a></li>
<li>After assigned CVE number reports will be added.</li>
</ul>
</li>
<li>SECURITY.md added. Thank you <a
href="https://github.com/njg7194"><code>@njg7194</code></a></li>
</ul>
</li>
</ul>
<p>restore KJUR.crypto.Cipher class without RSA/RSAOAEP support</p>
<ul>
<li>Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
<ul>
<li>src/crypto.js
<ul>
<li>restore KJUR.crypto.Cipher class without RSA and RSAOAEP
encryption/decryption support</li>
</ul>
</li>
</ul>
</li>
</ul>
<p>remove RSA and RSAOAEP encryption for Marvin attack</p>
<ul>
<li>Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
<ul>
<li>remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack
(<a
href="https://redirect.github.com/kjur/jsrsasign/issues/598">#598</a>)</li>
<li>src/crypto.js
<ul>
<li>remove KJUR.crypto.Cipher class for RSA and RSAOAEP
encryption/decryption</li>
</ul>
</li>
<li>ext/{rsa,rsa2}.js
remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class</li>
</ul>
</li>
</ul>
<p>enhanced support for encrypted PKCS8</p>
<ul>
<li>Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
<ul>
<li>KEYUTIL.getPEM is updated not to use weak ciphers (<a
href="https://redirect.github.com/kjur/jsrsasign/issues/599">#599</a>)
<ul>
<li>default encryptionScheme is changed from des-EDE3-CBC to
aes256-CBC</li>
<li>default prf is changed from hmacWithSHA1 to hmacWithSHA256</li>
</ul>
</li>
<li>src/keyutil.js
<ul>
<li>more encrypted PKCS#8 private key support
<ul>
<li>KEYUTIL.getKey now supports encrypted PKCS#8 private key with
aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as
psudorandom function.</li>
<li>KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM
priavte key.</li>
</ul>
</li>
</ul>
</li>
<li>src/crypto.js
<ul>
<li>Cipher.decrypt/encrypt now supports symmetric ciphers
(des-EDE3-CBC,aes128-CBC,aes256-CBC)</li>
</ul>
</li>
<li>src/base64x.js
<ul>
<li>function inttohex and twoscompl are added</li>
</ul>
</li>
<li>src/asn1.js
<ul>
<li>ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use
twoscompl.</li>
</ul>
</li>
<li>src/asn1x509.js
<ul>
<li>aes*-CBC and hmacWithSHA* OIDs are added</li>
</ul>
</li>
<li>test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
<ul>
<li>update and add some test cases for above</li>
</ul>
</li>
<li>stop bower support (bower.json removed)</li>
</ul>
</li>
</ul>
<p>X509.getExtSubjectDirectoryAttributes another bugfix</p>
<ul>
<li>Changes from 10.8.5 to 10.8.6 (2023-Apr-26)
<ul>
<li>src/x509.js
<ul>
<li>another bugfix X509.getExtSubjectDirectoryAttributes method</li>
</ul>
</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e2b136e9ea"><code>e2b136e</code></a>
11.1.1 release</li>
<li><a
href="e2e417efac"><code>e2e417e</code></a>
Merge pull request <a
href="https://redirect.github.com/kjur/jsrsasign/issues/641">#641</a>
from njg7194/add-security-policy</li>
<li><a
href="77f177673e"><code>77f1776</code></a>
Merge pull request <a
href="https://redirect.github.com/kjur/jsrsasign/issues/651">#651</a>
from Kr0emer/fix/bug-007-isprobableprime-negative</li>
<li><a
href="5ea1c32bb2"><code>5ea1c32</code></a>
Merge pull request <a
href="https://redirect.github.com/kjur/jsrsasign/issues/650">#650</a>
from Kr0emer/fix/bug-006-modpow-negative-exponent</li>
<li><a
href="ee4b013478"><code>ee4b013</code></a>
Merge pull request <a
href="https://redirect.github.com/kjur/jsrsasign/issues/647">#647</a>
from Kr0emer/fix/bug-003-dsa-nonce-compareto</li>
<li><a
href="37b4c06b14"><code>37b4c06</code></a>
Merge pull request <a
href="https://redirect.github.com/kjur/jsrsasign/issues/646">#646</a>
from Kr0emer/fix/bug-002-dsa-domain-params-validation</li>
<li><a
href="d89f0ec6d5"><code>d89f0ec</code></a>
fix(crypto): correct compareTo checks in BigInteger RNG helpers</li>
<li><a
href="02fa75d1db"><code>02fa75d</code></a>
fix(jsbn2): reject non-positive values in primality checks</li>
<li><a
href="f508dddf7e"><code>f508ddd</code></a>
Merge branch 'master' into fix/bug-002-dsa-domain-params-validation</li>
<li><a
href="ca5b027240"><code>ca5b027</code></a>
Merge pull request <a
href="https://redirect.github.com/kjur/jsrsasign/issues/648">#648</a>
from Kr0emer/fix/bug-004-modinverse-dos</li>
<li>Additional commits viewable in <a
href="https://github.com/kjur/jsrsasign/compare/11.1.0...11.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
