Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update @elastic/fleet dependencies (main) #201196

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Update @elastic/fleet dependencies (main) #201196

wants to merge 3 commits into from

Conversation

elastic-renovate-prod[bot]
Copy link
Contributor

@elastic-renovate-prod elastic-renovate-prod bot commented Nov 21, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
@types/js-search (source) devDependencies patch ^1.4.0 -> ^1.4.4
isbinaryfile dependencies major 4.0.2 -> 5.0.4
js-search dependencies major ^1.4.3 -> ^2.0.1
openpgp (source) dependencies major 5.10.1 -> 6.0.1
remark-gfm dependencies major 1.0.0 -> 4.0.0

Release Notes

gjtorikian/isBinaryFile (isbinaryfile)

v5.0.4

Compare Source

v5.0.3

Compare Source

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

v4.0.10

Compare Source

v4.0.9

Compare Source

v4.0.8

Compare Source

v4.0.6

Compare Source

v4.0.5

Compare Source

v4.0.4

Compare Source

v4.0.3

Compare Source

bvaughn/js-search (js-search)

v2.0.1

Compare Source

README update. (No code changes.)

v2.0.0

Compare Source

Added es modules support for bundlers via "module" field and for node via "exports" field.
Commonjs output is no longer provided. Entry point is UMD now.
UMD/ESM are bundled with rollup which reduced minified bundle size twice from 17432 to 7759 bytes!
Flow types are distributed with sources.

openpgpjs/openpgpjs (openpgp)

v6.0.1

Compare Source

What's Changed

  • Fix ES imports for webpack: declare exports.browser entrypoint as higher priority than import
  • Fix openpgp.verify/decrypt with expectSigned: true and format: 'binary' (#​1805)
  • TS: fix generateKey (options.type) and PrivateKey.getDecryptionKeys() type declarations (#​1807)
  • Update hash algorithm preferences order by (#​1804)

Full Changelog: openpgpjs/openpgpjs@v6.0.0...v6.0.1

v6.0.0

Compare Source

What's Changed

OpenPGP.js v6 adds support for the new version of the OpenPGP specification, RFC 9580. It also increases compliance with the specification, as demonstrated by the OpenPGP interoperability test suite.

OpenPGP.js v6 only makes minor API changes.
This is the first stable release of OpenPGP.js v6: no more breaking changes to the high-level API will be made until the next major release.

For the changes since the previous pre-release (v6.0.0-beta.3.patch.1), see the end of this message.
Here we list a summary of the main changes since v5:

Platform support changes
  • The library is now declared as a module (type: module in package.json), and declares exports, alongside the legacy package.json entrypoints, which should ensure backwards compatibility. Still, bundlers might be affected by the package.json changes depending on how they load the library.
  • Node.js:
    • Drop support for Node.js versions below 18 (OpenPGP.js v5 supported Node.js v14 and above).
    • Streaming: drop support for native Node Readable stream: require passing Node Web Streams (#​1716)
  • Web:
    • Require availability of the Web Crypto API's SubtleCrypto (insecure contexts are no longer supported, as SubtleCrypto is not available there)
    • Require availability of the Web Streams API, since it's now supported in all browsers (applications can load a polyfill if they need to support older browser versions: see README)
    • Require availability of native BigInts (not supported by e.g. Safari 13 and below, see full compatibility table)
    • Argon2 has been added as S2K algorithm (on all platforms). For performance reasons, the implementation relies on a WASM module, thus web apps might need to make changes to their CSP policy in order to use the feature. Alternatively, since the Argon2 WASM module is only loaded if needed, apps can manually reject password-encrypted messages and private keys which use Argon2 by checking e.g. SymEncryptedSessionKeyPacket.s2k?.type === 'argon2' or SecretKeyPacket|SecretSubkeyPacket.keyPacket.s2k?.type === 'argon2'.
Breaking API changes
  • Ensure primary key meets strength and algo requirements when encrypting/verifying/signing using subkeys (#​1719)
  • read[Private]Key: support parsing key blocks (return first parsable key); previously, parsing would fail if a block with more than one key was given in input (#​1755)
  • PrivateKey.getDecryptionKeys will now throw if no decryption key is found (#​1789). Previously, an empty array was returned. As a consequence of this change, some openpgp.decrypt errors will be more specific.
  • Refuse to use keys without key flags (see config.allowMissingKeyFlags below)
  • Randomize v4 and v5 signatures via custom notation (#​1737): while this notation solution is interoperable, it will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases. For this reason, the option config.nonDeterministicSignaturesViaNotation (defaulting to true) has been added to turn off the feature.
  • AEAD-encrypted v4 keys from OpenPGP.js v5 or older (namely keys generated without .v5Keys flag and encrypted with config.aeadProtect = true) cannot be decrypted by OpenPGP.js v6 (via decryptKey) out-of-the-box (see config.parseAEADEncryptedV4KeysAsLegacy below) (#​1672)
  • Parsing of v5 keys and v5 signatures now requires turning on the corresponding config flag (see config.enableParsingV5Entities below). The affected entities are non-standard, and in the RFC 9580 they have been superseded by v6 keys, v6 signatures and SEIPDv2 encrypted data, respectively. However, generation of v5 entities was supported behind config flags in OpenPGP.js v5, and some other libraries, hence parsing them might be necessary in some cases. (#​1774 , #​1779)
Configuration changes
  • RFC 9580 has updated parts of the draft RFC 4880bis as implemented by OpenPGP.js v4 and v5. Related changes in v6 are:
    • Drop the config.v5Keys flag and corresponding key generation. The flag is replaced by .v6Keys, and results in a different key format.
    • The config.aeadProtect flag has a different effect than in v5:
    • Add config.parseAEADEncryptedV4KeysAsLegacy to allow decrypting AEAD-encrypted v4 keys from OpenPGP.js v5 or older (namely keys generated without .v5Keys flag and encrypted with config.aeadProtect = true) (#​1672).
    • Add config.enableParsingV5Entities to enable parsing support for v5 entities (https://github.com/openpgpjs/openpgpjs/pull/1774 , #​1779)
  • Add config.allowMissingKeyFlags to bypass the missing key flag check (see https://github.com/openpgpjs/openpgpjs/pull/1677)
  • Drop config.minBytesForWebCrypto, and always use WebCrypto if available, since there is no longer a performance overhead for small messages.
  • Rename EdDSA-related enums following the standardization of new key formats:
    • Drop enums.publicKey.eddsa in favour of enums.publicKey.eddsaLegacy
    • Rename string value of enums.curve.ed25519Legacy to 'ed25519Legacy' (was: 'ed25519')
    • Rename string value of enums.curve.curve25519Legacy to 'curve25519Legacy' (was: 'curve25519')
  • Rename config.useIndutnyElliptic to .useEllipticFallback, to reflect the change of underlying library.
  • Remove enums.symmetric.plaintext (internally unused)
  • Rename NIST curves to disambiguate the names with the Brainpool curves (#​1721).:
    • the identifiers enums.curve.p256, .p384, .p521 are now marked as @deprecated (to be dropped in the main release)
    • the new identifiers are, respectively: enums.curve.nistP256, .nistP384, .nistP521.
    • the corresponding values have been changed from 'p256','p384','p521' to 'nistP256', 'nistP384', 'nistP521' (these new values are expected by generateKey, for the options.curve argument).
  • Remove config.deflateLevel (#​1717)
  • Drop config.revocationsExpire, always honor revocation expiration (#​1736): the option used to default to false, and ignore revocation expirations. We now honor those expirations, namely match the behavior resulting from setting the option to true.
  • Change the default preferred hash algorithm (config.preferredHashAlgorithm) to SHA512 (#​1801)
New API options
  • In openpgp.sign, recipientKeys and recipientUserIDs options have been added. These can be used to influence the selection of the hash algorithm via the algorithm preferences of the recipient keys, to ensure that the recipients will support the selected hash algorithm.
    Similarly, when signing+encrypting using openpgp.encrypt, the encryptionKeys are now used to determine the preferred hash algorithms, instead of the signingKeys. (https://github.com/openpgpjs/openpgpjs/pull/1802)

Full Changelog: openpgpjs/openpgpjs@v5.11.0...v6.0.0.

For additional context about the changes introduced by OpenPGP.js v6, you can also refer to the changelog of the various prereleases, starting from v6.0.0-alpha.0.

Changes since v6.0.0-beta.3.patch.1: the main changes since the previous pre-release are the changes to the handling of preferred hash algorithms mentioned above (#​1801 and #​1802). For the full changelog, see openpgpjs/openpgpjs@v6.0.0-beta.3.patch.1...v6.0.0.

v5.11.2

Compare Source

What's Changed

  • openpgp.verify: fix bug preventing verification of detached signatures over streamed data (#​1762)

Full Changelog: openpgpjs/openpgpjs@v5.11.1...v5.11.2

v5.11.1

Compare Source

What's Changed

  • Patch for Node v18.19.1+, 20.11.1+ and 21.6.2+: use JS fallback code for RSA decryption on Node when PKCS#1 is not supported (see #​1728).

Full Changelog: openpgpjs/openpgpjs@v5.11.0...v5.11.1

v5.11.0

Compare Source

What's Changed

Full Changelog: openpgpjs/openpgpjs@v5.10.2...v5.11.0

v5.10.2

Compare Source

What's Changed

  • Fix CFB decryption performance in JS fallback for ciphers other than AES (#​1679)
  • Minor: fix packet validity check for new curve25519 keys without key flags

Full Changelog: openpgpjs/openpgpjs@v5.10.1...v5.10.2

remarkjs/remark-gfm (remark-gfm)

v4.0.0

Compare Source

Change
  • b8cc334 Update @types/mdast, unified, utilities
    migrate: update too
  • 9eb0f54 Change to use exports
    migrate: don’t use private APIs
  • 5715c93 Change to require Node.js 16
    migrate: update too

Full Changelog: remarkjs/remark-gfm@3.0.1...4.0.0

v3.0.1

Compare Source

Full Changelog: remarkjs/remark-gfm@3.0.0...3.0.1

v3.0.0

Compare Source

  • 890005e Add support for GFM footnotes
    (if you were using remark-footnotes before, you should remove it!)
    (how footnotes are turned to HTML is done in remark-rehype, please update that too)

Full Changelog: remarkjs/remark-gfm@2.0.0...3.0.0

v2.0.0

Compare Source

Full Changelog: remarkjs/remark-gfm@1.0.0...2.0.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@elastic-renovate-prod elastic-renovate-prod bot added backport:all-open Backport to all branches that could still receive a release release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team labels Nov 21, 2024
@elastic-renovate-prod elastic-renovate-prod bot requested a review from a team November 21, 2024 14:06
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@elastic-renovate-prod elastic-renovate-prod bot force-pushed the renovate/main-@elasticfleet-dependencies branch from 0ab934c to 29913a3 Compare November 21, 2024 21:13
@elastic-renovate-prod elastic-renovate-prod bot force-pushed the renovate/main-@elasticfleet-dependencies branch from 29913a3 to 43fb1b7 Compare December 3, 2024 19:18
@juliaElastic
Copy link
Contributor

/ci

@juliaElastic
Copy link
Contributor

The integrations page doesn't seem to load:
image

@juliaElastic
Copy link
Contributor

Seeing an error like this in local kibana logs:

       ERROR in /Users/juliabardi/kibana/node_modules/micromark-util-decode-numeric-character-reference/index.js 23:11
       │          Module parse failed: Identifier directly after number (23:11)
       │          You may need an appropriate loader to handle this file type, currently no loaders are configured to process this file. See https://webpack.js.org/concepts#loaders
       │          |   code > 126 && code < 160 ||
       │          |   // Lone high surrogates and low surrogates.
       │          >   code > 55_295 && code < 57_344 ||
       │          |   // Noncharacters.
       │          |   code > 64_975 && code < 65_008 || /* eslint-disable no-bitwise */
       │           @ /Users/juliabardi/kibana/node_modules/micromark-util-decode-string/index.js 2:0-100 42:11-42
       │           @ /Users/juliabardi/kibana/node_modules/mdast-util-to-markdown/lib/util/association.js
       │           @ /Users/juliabardi/kibana/node_modules/mdast-util-to-markdown/lib/index.js
       │           @ /Users/juliabardi/kibana/node_modules/mdast-util-to-markdown/index.js
       │           @ /Users/juliabardi/kibana/node_modules/mdast-util-gfm-table/lib/index.js
       │           @ /Users/juliabardi/kibana/node_modules/mdast-util-gfm-table/index.js
       │           @ /Users/juliabardi/kibana/node_modules/mdast-util-gfm/lib/index.js
       │           @ /Users/juliabardi/kibana/node_modules/mdast-util-gfm/index.js
       │           @ /Users/juliabardi/kibana/node_modules/remark-gfm/lib/index.js
       │           @ /Users/juliabardi/kibana/node_modules/remark-gfm/index.js
       │           @ ./public/applications/integrations/sections/epm/screens/detail/overview/readme.tsx
       │           @ ./public/applications/integrations/sections/epm/screens/detail/overview/overview.tsx
       │           @ ./public/applications/integrations/sections/epm/screens/detail/overview/index.ts
       │           @ ./public/applications/integrations/sections/epm/screens/detail/index.tsx
       │           @ ./public/applications/integrations/sections/epm/index.tsx
       │           @ ./public/applications/integrations/app.tsx
       │           @ ./public/applications/integrations/index.tsx
       │           @ ./public/plugin.ts
       │           @ ./public/index.ts
       │           @ /Users/juliabardi/kibana/packages/kbn-optimizer/src/worker/entry_point_creator.ts
       │          
       │          ERROR in /Users/juliabardi/kibana/node_modules/micromark-util-sanitize-uri/index.js 79:22
       │          Module parse failed: Identifier directly after number (79:22)
       │          You may need an appropriate loader to handle this file type, currently no loaders are configured to process this file. See https://webpack.js.org/concepts#loaders
       │          |     }
       │          |     // Astral.
       │          >     else if (code > 55_295 && code < 57_344) {
       │          |       const next = value.charCodeAt(index + 1);
       │          | 
       │           @ /Users/juliabardi/kibana/node_modules/micromark-extension-gfm-footnote/lib/html.js 7:0-58 94:23-34 122:25-36
       │           @ /Users/juliabardi/kibana/node_modules/micromark-extension-gfm-footnote/index.js
       │           @ /Users/juliabardi/kibana/node_modules/micromark-extension-gfm/index.js
       │           @ /Users/juliabardi/kibana/node_modules/remark-gfm/lib/index.js
       │           @ /Users/juliabardi/kibana/node_modules/remark-gfm/index.js
       │           @ ./public/applications/integrations/sections/epm/screens/detail/overview/readme.tsx
       │           @ ./public/applications/integrations/sections/epm/screens/detail/overview/overview.tsx
       │           @ ./public/applications/integrations/sections/epm/screens/detail/overview/index.ts
       │           @ ./public/applications/integrations/sections/epm/screens/detail/index.tsx
       │           @ ./public/applications/integrations/sections/epm/index.tsx
       │           @ ./public/applications/integrations/app.tsx
       │           @ ./public/applications/integrations/index.tsx
       │           @ ./public/plugin.ts
       │           @ ./public/index.ts
       │           @ /Users/juliabardi/kibana/packages/kbn-optimizer/src/worker/entry_point_creator.ts

@juliaElastic juliaElastic requested a review from a team as a code owner December 4, 2024 10:38
@juliaElastic
Copy link
Contributor

/ci

1 similar comment
@juliaElastic
Copy link
Contributor

/ci

@elastic-renovate-prod
Copy link
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

juliaElastic
juliaElastic reviewed Dec 4, 2024
View reviewed changes
package.json Outdated
@@ -1207,7 +1207,7 @@
"object-hash": "^1.3.1",
"object-path-immutable": "^3.1.1",
"openai": "^4.72.0",
"openpgp": "5.10.1",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems the licence check failed for this one

❌ /.buildkite/scripts/steps/checks/licenses.sh: 27s | 0s
  | warn [quick-checks] --- Check Licenses
  | (node:5147) [DEP0170] DeprecationWarning: The URL https://github.com:crypto-browserify/browserify-rsa.git is invalid. Future versions of Node.js will throw an error.
  | (Use `node --trace-deprecation ...` to show where the warning was created)
  | ERROR Non-conforming licenses:
  | openpgp
  | version: 6.0.1
  | all licenses: LGPL-3.0+
  | invalid licenses: LGPL-3.0+
  | path: node_modules/openpgp
 

<br class="Apple-interchange-newline">

@juliaElastic juliaElastic force-pushed the renovate/main-@elasticfleet-dependencies branch from 1036d0d to 0985762 Compare December 4, 2024 13:38
@juliaElastic
Copy link
Contributor

/ci

@elasticmachine
Copy link
Contributor

elasticmachine commented Dec 4, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

History

@Ikuni17
Copy link
Contributor

Ikuni17 commented Dec 4, 2024

@juliaElastic I think the build issues are due to some of these packages being changed to ESM only, but I only quickly skimmed. Possibly need to restrict the version in renovate.json until Webpack 5 upgrade.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliaElastic juliaElastic juliaElastic left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
backport:all-open Backport to all branches that could still receive a release release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@elasticmachine @juliaElastic @Ikuni17