bugfix: Filesystem check and error handling improvements #1964
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…crosoft#1926) # Description Adds a check for `/proc/sys/kernel/ftrace_enabled` before deciding to use fexit eBPF programs. When ftrace is disabled, the plugin will fall back to kprobes. ## Changes - Added `IsFtraceEnabled()` helper function in `pkg/plugin/common/common_linux.go` that reads `/proc/sys/kernel/ftrace_enabled` - Updated `getEbpfPayload()` to check ftrace status and log it - Modified `resolvePayload()` to accept `ftraceEnabled` parameter and only use fexit programs when ftrace is enabled (in addition to existing kernel version/architecture requirements) - Updated documentation to clarify that fexit programs require ftrace to be enabled ## Behavior - **Before**: Plugin would attempt to use fexit programs based only on kernel version and architecture, potentially failing when ftrace is disabled - **After**: Plugin checks ftrace status and gracefully falls back to kprobes when ftrace is disabled ## Related Issue If this pull request is related to any issue, please mention it here. Additionally, make sure that the issue is assigned to you before submitting this pull request. ## Checklist - [x] I have read the [contributing documentation](https://retina.sh/docs/Contributing/overview). - [x] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [x] I have correctly attributed the author(s) of the code. - [x] I have tested the changes locally. - [x] I have followed the project's style guidelines. - [x] I have updated the documentation, if necessary. - [x] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed Verified on kernel 6.6.0 with both ftrace enabled and disabled scenarios. When ftrace is enabled fexit programs are used. When ftrace is disabled, the plugin uses kprobes/kretprobes. <img width="1739" height="677" alt="image" src="https://github.com/user-attachments/assets/39ae49f2-7600-4ab0-aa68-8abd0c6d0472" /> <img width="1743" height="806" alt="image" src="https://github.com/user-attachments/assets/25aef3cf-fc27-4dae-8328-4d4e50d43ca9" /> ## Additional Notes Add any additional notes or context about the pull request here. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project.
Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.12.0 to 1.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/helm/kind-action/releases">helm/kind-action's releases</a>.</em></p> <blockquote> <h2>v1.13.0</h2> <h2>What's Changed</h2> <ul> <li>chore: verify sha256sum of kubectl by <a href="https://github.com/felix-kaestner"><code>@felix-kaestner</code></a> in <a href="https://redirect.github.com/helm/kind-action/pull/134">helm/kind-action#134</a></li> <li>Load GITHUB_PATH in PATH to use correct binaries when creating registry by <a href="https://github.com/gotha"><code>@gotha</code></a> in <a href="https://redirect.github.com/helm/kind-action/pull/133">helm/kind-action#133</a></li> <li>feat: Add cloud provider by <a href="https://github.com/waltermity"><code>@waltermity</code></a> in <a href="https://redirect.github.com/helm/kind-action/pull/135">helm/kind-action#135</a></li> <li>chore: bump kind to v0.29.0 by <a href="https://github.com/pmalek"><code>@pmalek</code></a> in <a href="https://redirect.github.com/helm/kind-action/pull/144">helm/kind-action#144</a></li> <li>Bump actions/checkout from 4.2.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/helm/kind-action/pull/145">helm/kind-action#145</a></li> <li>bug: respect 'install_only' action input value by <a href="https://github.com/mszostok"><code>@mszostok</code></a> in <a href="https://redirect.github.com/helm/kind-action/pull/147">helm/kind-action#147</a></li> <li>bump kind and kubectl and also nodejs by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://redirect.github.com/helm/kind-action/pull/150">helm/kind-action#150</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/felix-kaestner"><code>@felix-kaestner</code></a> made their first contribution in <a href="https://redirect.github.com/helm/kind-action/pull/134">helm/kind-action#134</a></li> <li><a href="https://github.com/gotha"><code>@gotha</code></a> made their first contribution in <a href="https://redirect.github.com/helm/kind-action/pull/133">helm/kind-action#133</a></li> <li><a href="https://github.com/waltermity"><code>@waltermity</code></a> made their first contribution in <a href="https://redirect.github.com/helm/kind-action/pull/135">helm/kind-action#135</a></li> <li><a href="https://github.com/pmalek"><code>@pmalek</code></a> made their first contribution in <a href="https://redirect.github.com/helm/kind-action/pull/144">helm/kind-action#144</a></li> <li><a href="https://github.com/mszostok"><code>@mszostok</code></a> made their first contribution in <a href="https://redirect.github.com/helm/kind-action/pull/147">helm/kind-action#147</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/helm/kind-action/compare/v1...v1.13.0">https://github.com/helm/kind-action/compare/v1...v1.13.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/helm/kind-action/commit/92086f6be054225fa813e0a4b13787fc9088faab"><code>92086f6</code></a> bump kind and kubectl and also nodejs (<a href="https://redirect.github.com/helm/kind-action/issues/150">#150</a>)</li> <li><a href="https://github.com/helm/kind-action/commit/7cd7463a0995e35ab5d0f2c119f892514f3a3778"><code>7cd7463</code></a> bug: respect 'install_only' action input value (<a href="https://redirect.github.com/helm/kind-action/issues/147">#147</a>)</li> <li><a href="https://github.com/helm/kind-action/commit/50ea670a058121270d63a63b4f1e361d722932e4"><code>50ea670</code></a> Bump actions/checkout from 4.2.2 to 5.0.0 (<a href="https://redirect.github.com/helm/kind-action/issues/145">#145</a>)</li> <li><a href="https://github.com/helm/kind-action/commit/b72c923563e6e80ea66e8e8c810798cc73e97e5e"><code>b72c923</code></a> chore: bump kind to v0.29.0 (<a href="https://redirect.github.com/helm/kind-action/issues/144">#144</a>)</li> <li><a href="https://github.com/helm/kind-action/commit/d4887be296b90d45c7a7aaf1379c0ebd88c8aa31"><code>d4887be</code></a> Add cloud provider (<a href="https://redirect.github.com/helm/kind-action/issues/135">#135</a>)</li> <li><a href="https://github.com/helm/kind-action/commit/d730aaf5682e7d9c25245c74b8a105b96decb21a"><code>d730aaf</code></a> Load GITHUB_PATH in PATH to use correct binaries when creating registry (<a href="https://redirect.github.com/helm/kind-action/issues/133">#133</a>)</li> <li><a href="https://github.com/helm/kind-action/commit/a6dfd8125dc1b321b8d533f5e6893a0fad2bf956"><code>a6dfd81</code></a> chore: verify sha256sum of kubectl (<a href="https://redirect.github.com/helm/kind-action/issues/134">#134</a>)</li> <li>See full diff in <a href="https://github.com/helm/kind-action/compare/v1.12.0...v1.13.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8 to 9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's releases</a>.</em></p> <blockquote> <h2>v9.0.0</h2> <p>In the scope of this release, we change Nodejs runtime from node20 to node24 (<a href="https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/">https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/</a>).</p> <h2>What's Changed</h2> <h3>Changes</h3> <ul> <li>feat: add install-only option by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1305">golangci/golangci-lint-action#1305</a></li> <li>feat: support Module Plugin System by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1306">golangci/golangci-lint-action#1306</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/golangci/golangci-lint-action/compare/v8.0.0...v9.0.0">https://github.com/golangci/golangci-lint-action/compare/v8.0.0...v9.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golangci/golangci-lint-action/commit/0a35821d5c230e903fcfe077583637dea1b27b47"><code>0a35821</code></a> docs: update readme</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/043b1b8d1c47e4591c1719682a050a7a0a82e19c"><code>043b1b8</code></a> feat: support Module Plugin System (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1306">#1306</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/a66d26a4652b1a0b28a56b7c8b194c20f7c0b7f6"><code>a66d26a</code></a> feat: add install-only option (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1305">#1305</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/7fe1b22e0c4632d6260fedfafd4b6025ac7418c3"><code>7fe1b22</code></a> build(deps): bump the dependencies group with 2 updates (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1303">#1303</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/14973f18c82b6d66679563f71666ccee11907cb2"><code>14973f1</code></a> build(deps-dev): bump the dev-dependencies group with 2 updates (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1299">#1299</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/8c2d575d9b37153325eebc4bb3a94cd09e1fae5d"><code>8c2d575</code></a> build(deps): bump <code>@types/node</code> from 24.8.1 to 24.9.1 in the dependencies group...</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/b002b6ecfcabe6ac0e2c6cba1bcc779eb34ac51f"><code>b002b6e</code></a> build(deps): bump actions/setup-node from 5 to 6 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1296">#1296</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/c13f4ed1a9a677a28be0df3e11c34a78db85c77c"><code>c13f4ed</code></a> build(deps): bump <code>@types/node</code> from 24.7.2 to 24.8.1 in the dependencies group...</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/b68d21b131098f33ec55c11c242113b4a10dc30a"><code>b68d21b</code></a> docs: improve readme</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/06188a2a4a13a4786b4584e086b2040214cd4ca5"><code>06188a2</code></a> build(deps): bump github/codeql-action from 3 to 4 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1293">#1293</a>)</li> <li>Additional commits viewable in <a href="https://github.com/golangci/golangci-lint-action/compare/v8...v9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#1950) # Description Windows build is timing out with the error below. The GA runner is running out of memory. Cleaning up before building the windows image makes enough space for the image to be build successfully. This logic was already introduced for the ` dev/v0.0.33-windows` branch here https://github.com/microsoft/retina/pull/1935/files `Build Agent Windows Images (windows, amd64, 2019) System.IO.IOException: No space left on device : '/home/runner/actions-runner/cached/_diag/Worker_20251124-112903-utc.log' at System.IO.RandomAccess.WriteAtOffset(SafeFileHandle handle, ReadOnlySpan1 buffer, Int64 fileOffset) at System.IO.StreamWriter.Flush(Boolean flushStream, Boolean flushEncoder) at System.Diagnostics.TextWriterTraceListener.Flush() at GitHub.Runner.Common.HostTraceListener.WriteHeader(String source, TraceEventType eventType, Int32 id) at System.Diagnostics.TraceSource.TraceEvent(TraceEventType eventType, Int32 id, String message) at GitHub.Runner.Worker.Worker.RunAsync(String pipeIn, String pipeOut) at GitHub.Runner.Worker.Program.MainAsync(IHostContext context, String[] args) System.IO.IOException: No space left on device : '/home/runner/actions-runner/cached/_diag/Worker_20251124-112903-utc.log' at System.IO.RandomAccess.WriteAtOffset(SafeFileHandle handle, ReadOnlySpan1 buffer, Int64 fileOffset) at System.IO.StreamWriter.Flush(Boolean flushStream, Boolean flushEncoder) at System.Diagnostics.TextWriterTraceListener.Flush() at GitHub.Runner.Common.HostTraceListener.WriteHeader(String source, TraceEventType eventType, Int32 id) at System.Diagnostics.TraceSource.TraceEvent(TraceEventType eventType, Int32 id, String message) at GitHub.Runner.Common.Tracing.Error(Exception exception) at GitHub.Runner.Worker.Program.MainAsync(IHostContext context, String[] args) Unhandled exception. System.IO.IOException: No space left on device : '/home/runner/actions-runner/cached/_diag/Worker_20251124-112903-utc.log' at System.IO.RandomAccess.WriteAtOffset(SafeFileHandle handle, ReadOnlySpan 1 buffer, Int64 fileOffset) at System.IO.StreamWriter.Flush(Boolean flushStream, Boolean flushEncoder) at System.Diagnostics.TextWriterTraceListener.Flush() at System.Diagnostics.TraceSource.Flush() at GitHub.Runner.Common.Tracing.Dispose(Boolean disposing) at GitHub.Runner.Common.Tracing.Dispose() at GitHub.Runner.Common.TraceManager.Dispose(Boolean disposing) at GitHub.Runner.Common.TraceManager.Dispose() at GitHub.Runner.Common.HostContext.Dispose(Boolean disposing) at GitHub.Runner.Common.HostContext.Dispose() at GitHub.Runner.Worker.Program.Main(String[] args)` ## Related Issue If this pull request is related to any issue, please mention it here. Additionally, make sure that the issue is assigned to you before submitting this pull request. ## Checklist - [x] I have read the [contributing documentation](https://retina.sh/docs/Contributing/overview). - [x] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [ ] I have correctly attributed the author(s) of the code. - [x] I have tested the changes locally. - [ ] I have followed the project's style guidelines. - [ ] I have updated the documentation, if necessary. - [ ] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed The github action workflow is succeeding Also build the windows ltsc2019 agent image and used it to create a capture. No issues found <img width="1923" height="898" alt="image" src="https://github.com/user-attachments/assets/3fa4f485-ab7e-4e46-807e-17cf9439be5f" /> ## Additional Notes This seems to be caused by an update to the base image for the ltsc2019 build Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project.
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.0.0 to 6.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v6.1.0</h2> <h2>What's Changed</h2> <h3>Enhancements</h3> <ul> <li>Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by <a href="https://github.com/nicholasngai"><code>@nicholasngai</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/665">actions/setup-go#665</a></li> <li>Add support for .tool-versions file and update workflow by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/673">actions/setup-go#673</a></li> <li>Add comprehensive breaking changes documentation for v6 by <a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/674">actions/setup-go#674</a></li> </ul> <h3>Dependency updates</h3> <ul> <li>Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/617">actions/setup-go#617</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/641">actions/setup-go#641</a></li> <li>Upgrade semver and <code>@types/semver</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/652">actions/setup-go#652</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/nicholasngai"><code>@nicholasngai</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/665">actions/setup-go#665</a></li> <li><a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/673">actions/setup-go#673</a></li> <li><a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/674">actions/setup-go#674</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v6...v6.1.0">https://github.com/actions/setup-go/compare/v6...v6.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-go/commit/4dc6199c7b1a012772edbd06daecab0f50c9053c"><code>4dc6199</code></a> Bump semver and <code>@types/semver</code> (<a href="https://redirect.github.com/actions/setup-go/issues/652">#652</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/f3787be646645f6c7bfecfa3e48f82a00d113834"><code>f3787be</code></a> Add comprehensive breaking changes documentation for v6 (<a href="https://redirect.github.com/actions/setup-go/issues/674">#674</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/3a0c2c82458cbb45a3cbfeeb2b91ce8f85420560"><code>3a0c2c8</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/setup-go/issues/641">#641</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/faf52423ec0d44c58f68e83b614bfcd99dded66f"><code>faf5242</code></a> Add support for .tool-versions file in setup-go, update workflow (<a href="https://redirect.github.com/actions/setup-go/issues/673">#673</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/7bc60db215a8b16959b0b5cccfdc95950d697b25"><code>7bc60db</code></a> Fall back to downloading from go.dev/dl instead of storage.googleapis.com/gol...</li> <li><a href="https://github.com/actions/setup-go/commit/c0137caad775660c0844396c52da96e560aba63d"><code>c0137ca</code></a> Bump eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking chang...</li> <li>See full diff in <a href="https://github.com/actions/setup-go/compare/44694675825211faa026b3c33043df3e48a5fa00...4dc6199c7b1a012772edbd06daecab0f50c9053c">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v5...v6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…rror (microsoft#1927) This patch fixes the operator precedence compilation warning when evaluating whether a packet is a SYN-ACK. This fix then introduced a stack size too large error, in which this patch also fixed by passing ct_keys by pointers instead of value to the helper functions. # Description Please provide a brief description of the changes made in this pull request. ## Related Issue If this pull request is related to any issue, please mention it here. Additionally, make sure that the issue is assigned to you before submitting this pull request. ## Checklist - [ ] I have read the [contributing documentation](https://retina.sh/docs/Contributing/overview). - [ ] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [ ] I have correctly attributed the author(s) of the code. - [ ] I have tested the changes locally. - [ ] I have followed the project's style guidelines. - [ ] I have updated the documentation, if necessary. - [ ] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed Please add any relevant screenshots or GIFs to showcase the changes made. ## Additional Notes Add any additional notes or context about the pull request here. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project. Signed-off-by: Quang Nguyen <[email protected]>
…nd_yarn group across 1 directory (microsoft#1933) Bumps the npm_and_yarn group with 1 update in the /site directory: [js-yaml](https://github.com/nodeca/js-yaml). Updates `js-yaml` from 3.14.1 to 3.14.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[3.14.2] - 2025-11-15</h2> <h3>Security</h3> <ul> <li>Backported v4.1.1 fix to v3</li> </ul> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (<<) operator.</li> </ul> <h2>[4.1.0] - 2021-04-15</h2> <h3>Added</h3> <ul> <li>Types are now exported as <code>yaml.types.XXX</code>.</li> <li>Every type now has <code>options</code> property with original arguments kept as they were (see <code>yaml.types.int.options</code> as an example).</li> </ul> <h3>Changed</h3> <ul> <li><code>Schema.extend()</code> now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as <code>abcd</code> instead of <code>cbad</code>).</li> </ul> <h2>[4.0.0] - 2021-01-03</h2> <h3>Changed</h3> <ul> <li>Check <a href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration guide</a> to see details for all breaking changes.</li> <li>Breaking: "unsafe" tags <code>!!js/function</code>, <code>!!js/regexp</code>, <code>!!js/undefined</code> are moved to <a href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a> package.</li> <li>Breaking: removed <code>safe*</code> functions. Use <code>load</code>, <code>loadAll</code>, <code>dump</code> instead which are all now safe by default.</li> <li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and <code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use <code>yaml.DEFAULT_SCHEMA</code> instead.</li> <li><code>yaml.Schema.create(schema, tags)</code> is removed, use <code>schema.extend(tags)</code> instead.</li> <li><code>!!binary</code> now always mapped to <code>Uint8Array</code> on load.</li> <li>Reduced nesting of <code>/lib</code> folder.</li> <li>Parse numbers according to YAML 1.2 instead of YAML 1.1 (<code>01234</code> is now decimal, <code>0o1234</code> is octal, <code>1:23</code> is parsed as string instead of base60).</li> <li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>, <code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li> <li>Line and column in exceptions are now formatted as <code>(X:Y)</code> instead of <code>at line X, column Y</code> (also present in compact format), <a href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li> <li>Code snippet created in exceptions now contains multiple lines with line numbers.</li> <li><code>dump()</code> now serializes <code>undefined</code> as <code>null</code> in collections and removes keys with <code>undefined</code> in mappings, <a href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li> <li><code>dump()</code> with <code>skipInvalid=true</code> now serializes invalid items in collections as null.</li> <li>Custom tags starting with <code>!</code> are now dumped as <code>!tag</code> instead of <code>!<!tag></code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li> <li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now shorthanded using <code>!!</code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li> </ul> <h3>Added</h3> <ul> <li>Added <code>.mjs</code> (es modules) support.</li> <li>Added <code>quotingType</code> and <code>forceQuotes</code> options for dumper to configure string literal style, <a href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li> <li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper (serializes <code>{ foo: null }</code> as "<code>foo: </code>"), <a href="https://redirect.github.com/nodeca/js-yaml/issues/570">#570</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0"><code>9963d36</code></a> 3.14.2 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1"><code>10d3c8e</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266"><code>5278870</code></a> fix prototype pollution in merge (<<) (<a href="https://redirect.github.com/nodeca/js-yaml/issues/731">#731</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/retina/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…t#1954) Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) from 9.7.1 to 9.7.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/redis/go-redis/releases">github.com/redis/go-redis/v9's releases</a>.</em></p> <blockquote> <h2>v9.7.3</h2> <h2>What's Changed</h2> <ul> <li>fix: handle network error on SETINFO (<a href="https://redirect.github.com/redis/go-redis/issues/3295">#3295</a>) (<a href="https://github.com/redis/go-redis/security/advisories/GHSA-92cp-5422-2mw7">CVE-2025-29923</a>)</li> <li>Deprecating misspelled <code>DisableIndentity</code> flag in the client options.</li> <li>Introducing <code>DisableIdentity</code> flag in the client options.</li> <li>Updating the documentation related to the new flag and the one that was deprecated.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/redis/go-redis/compare/v9.7.1...v9.7.3">https://github.com/redis/go-redis/compare/v9.7.1...v9.7.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/redis/go-redis/commit/a29d91d9ca72a9c26708fba7dc9872f339a3549e"><code>a29d91d</code></a> release 9.7.3, retract 9.7.2 (<a href="https://redirect.github.com/redis/go-redis/issues/3314">#3314</a>)</li> <li><a href="https://github.com/redis/go-redis/commit/ce3034c7b3ee8eeac5b6ac63a33e51db3602cf34"><code>ce3034c</code></a> bump version to 9.7.2</li> <li><a href="https://github.com/redis/go-redis/commit/0af2b32f9369d81e900e32907b8c1afb1e5d502d"><code>0af2b32</code></a> fix: handle network error on SETINFO (<a href="https://redirect.github.com/redis/go-redis/issues/3295">#3295</a>) (CVE-2025-29923)</li> <li>See full diff in <a href="https://github.com/redis/go-redis/compare/v9.7.1...v9.7.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/retina/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…dates (microsoft#1955) Bumps the npm_and_yarn group with 2 updates in the /site directory: [express](https://github.com/expressjs/express) and [node-forge](https://github.com/digitalbazaar/forge). Updates `express` from 4.21.2 to 4.22.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>v4.22.1</h2> <h2>What's Changed</h2> <ul> <li>Release: 4.22.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6934">expressjs/express#6934</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.22.0...v4.22.1">https://github.com/expressjs/express/compare/4.22.0...v4.22.1</a></p> <h2>4.22.0</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>Refactor: improve readability by <a href="https://github.com/sazk07"><code>@sazk07</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6190">expressjs/express#6190</a></li> <li>ci: add support for [email protected] by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6080">expressjs/express#6080</a></li> <li>Method functions with no path should error by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5957">expressjs/express#5957</a></li> <li>ci: updated github actions ci workflow by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6323">expressjs/express#6323</a></li> <li>ci: reorder <code>npm i</code> steps to fix ci for older node versions by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6336">expressjs/express#6336</a></li> <li>Backport: ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6506">expressjs/express#6506</a></li> <li>chore(4.x): wider range for query test skip by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6513">expressjs/express#6513</a></li> <li>use tilde notation for certain dependencies by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6905">expressjs/express#6905</a></li> <li>deps: [email protected] by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6909">expressjs/express#6909</a></li> <li>deps: use tilde notation for <code>qs</code> by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6919">expressjs/express#6919</a></li> <li>Release: 4.22.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6921">expressjs/express#6921</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.2...4.22.0">https://github.com/expressjs/express/compare/4.21.2...4.22.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/v4.22.1/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.22.1 / 2025-12-01</h1> <ul> <li>Revert security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> </ul> <h1>4.22.0 / 2025-12-01</h1> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> <li>deps: use tilde notation for dependencies</li> <li>deps: [email protected]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/expressjs/express/commit/12fae14531a78f19a2caaa5d4f58d9b01eaf3194"><code>12fae14</code></a> 4.22.1</li> <li><a href="https://github.com/expressjs/express/commit/5ddf311af32e772a77fd48b6266ce2f1ba330e1a"><code>5ddf311</code></a> Revert "sec: security patch for CVE-2024-51999"</li> <li><a href="https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e"><code>49744ab</code></a> 4.22.0 (<a href="https://redirect.github.com/expressjs/express/issues/6921">#6921</a>)</li> <li><a href="https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7"><code>6e97452</code></a> sec: security patch for CVE-2024-51999</li> <li><a href="https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5"><code>6a23d34</code></a> deps: use tilde notation for <code>qs</code> (<a href="https://redirect.github.com/expressjs/express/issues/6919">#6919</a>)</li> <li><a href="https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3"><code>8c12cdf</code></a> deps: [email protected] (<a href="https://redirect.github.com/expressjs/express/issues/6909">#6909</a>)</li> <li><a href="https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90"><code>7fea74f</code></a> deps: use tilde notation for certain dependencies (<a href="https://redirect.github.com/expressjs/express/issues/6905">#6905</a>)</li> <li><a href="https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944"><code>dac7a04</code></a> chore: wider range for query test skip (<a href="https://redirect.github.com/expressjs/express/issues/6513">#6513</a>)</li> <li><a href="https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241"><code>997919b</code></a> ci: add node.js 24 to test matrix (<a href="https://redirect.github.com/expressjs/express/issues/6506">#6506</a>)</li> <li><a href="https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1"><code>36fb59c</code></a> fix(ci): reorder <code>npm i</code> steps to fix ci for older node versions (<a href="https://redirect.github.com/expressjs/express/issues/6336">#6336</a>)</li> <li>Additional commits viewable in <a href="https://github.com/expressjs/express/compare/4.21.2...v4.22.1">compare view</a></li> </ul> </details> <br /> Updates `node-forge` from 1.3.1 to 1.3.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md">node-forge's changelog</a>.</em></p> <blockquote> <h2>1.3.2 - 2025-11-25</h2> <h3>Security</h3> <ul> <li><strong>HIGH</strong>: ASN.1 Validator Desynchronization <ul> <li>An Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-12816">CVE-2025-12816</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq">GHSA-5gfm-wpxj-wjgq</a></li> </ul> </li> <li><strong>HIGH</strong>: ASN.1 Unbounded Recursion <ul> <li>An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-66031">CVE-2025-66031</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27">GHSA-554w-wpv2-vw27</a></li> </ul> </li> <li><strong>MODERATE</strong>: ASN.1 OID Integer Truncation <ul> <li>An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-66030">CVE-2025-66030</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g">GHSA-65ch-62r8-g69g</a></li> </ul> </li> </ul> <h3>Fixed</h3> <ul> <li>[asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12 MAC verification bypass due to missing macData enforcement and improper asn1.validate routine.</li> <li>[asn1] Add <code>fromDer()</code> max recursion depth check. <ul> <li>Add a <code>asn1.maxDepth</code> global configurable maximum depth of 256.</li> <li>Add a <code>asn1.fromDer()</code> per-call <code>maxDepth</code> option.</li> <li><strong>NOTE</strong>: The default maximum is assumed to be higher than needed for valid data. If this assumption is false then this could be a breaking change. Please file an issue if there are use cases that need a higher maximum.</li> <li><strong>NOTE</strong>: The per-call <code>maxDepth</code> parameter has not been exposed up through all of the API stack due to the complexities involved. Please file an issue if there are use cases that require this instead of changing the default maximum.</li> </ul> </li> <li>[asn1] Improve OID handling. <ul> <li>Error on parsed OID values larger than <code>2**32 - 1</code>.</li> <li>Error on DER OID values larger than <code>2**53 - 1 </code>.</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/digitalbazaar/forge/commit/235ad3e70e4fdfdca4fdeb662dfba6588e2c38bd"><code>235ad3e</code></a> Release 1.3.2.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/25982441171dc9815c87d3d886c5c8a1d092b334"><code>2598244</code></a> Update changelog.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/0032dd0be8b6fb1b1092ef754d1dde91c10a95ad"><code>0032dd0</code></a> Fix typos.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/d75e08d255559ae401d9368346cacefde306e6df"><code>d75e08d</code></a> Run new security test.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/a5ce91d03df4dcfc025b74a5b7f50389942d49c9"><code>a5ce91d</code></a> Update changelog formatting.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/4652de6ddd833392e52d99b37abbbda76817c0b7"><code>4652de6</code></a> Cleanups.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/eb932d94fbd88655f46ac7a94a8e13e7ed8597f7"><code>eb932d9</code></a> Fix typo.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/db6954ba4b4440831a5112dea5d37ef68a28b878"><code>db6954b</code></a> Fix style.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/afbf7d8e0812014da134caa5a064cf55d1f61847"><code>afbf7d8</code></a> Align error message style.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/6607445859637442cf586eaa7fa06e99a2a8ae0b"><code>6607445</code></a> Revert minor changes.</li> <li>Additional commits viewable in <a href="https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/retina/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Description add validation of error to k8sWatcherErrorHandler ## Related Issue microsoft#1951 ## Checklist - [ ] I have read the [contributing documentation](https://retina.sh/docs/Contributing/overview). - [ ] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [ ] I have correctly attributed the author(s) of the code. - [ ] I have tested the changes locally. - [ ] I have followed the project's style guidelines. - [ ] I have updated the documentation, if necessary. - [ ] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed Please add any relevant screenshots or GIFs to showcase the changes made. ## Additional Notes Add any additional notes or context about the pull request here. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project. Signed-off-by: Alex Castilio dos Santos <[email protected]>
…t#1924) # Description I removed unused code from linux_util, specifically PrevTCPSockStats. I also added some entries to gitignore including test-summary(generated after make test) and ignoring logs. ## Related Issue This pr related to microsoft#1066 ## Checklist - [x] I have read the [contributing documentation](https://retina.sh/docs/Contributing/overview). - [x] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [x] I have correctly attributed the author(s) of the code. - [x] I have tested the changes locally. - [x] I have followed the project's style guidelines. - [x] I have updated the documentation, if necessary. - [x] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed I've provided two screenshots, one from make test, another is just linting. testing <img width="1276" height="743" alt="image" src="https://github.com/user-attachments/assets/4a32cf70-fdd7-4bf8-b2c9-15a3f736421e" /> Linting <img width="1280" height="745" alt="image" src="https://github.com/user-attachments/assets/85cce4db-4824-4eb8-861e-7d1ae24787b7" /> ## Additional Notes Add any additional notes or context about the pull request here. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project. Co-authored-by: Alex Castilio <[email protected]>
…n the npm_and_yarn group across 1 directory (microsoft#1956) Bumps the npm_and_yarn group with 1 update in the /site directory: [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast). Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/syntax-tree/mdast-util-to-hast/releases">mdast-util-to-hast's releases</a>.</em></p> <blockquote> <h2>13.2.1</h2> <h4>Fix</h4> <ul> <li>ab3a795 Fix support for spaces in class names</li> </ul> <h4>Types</h4> <ul> <li>efb5312 Refactor to use <code>@import</code>s</li> <li>a5bc210 Add declaration maps</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1">https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/174795b21f7757fffb54dd8d5fb4012f4751f791"><code>174795b</code></a> 13.2.1</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/3d05b3a715133df55689fe3753c2e47101315b4e"><code>3d05b3a</code></a> Update Node in Actions</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/ab3a79570a1afbfa7efef5d4a0cd9b5caafbc5d7"><code>ab3a795</code></a> Fix support for spaces in class names</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/efb531231020055e0dab7b39a18d80b569d5b566"><code>efb5312</code></a> Refactor to use <code>@import</code>s</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/a5bc210f1aa308e4c6141ac374893c9237fcd746"><code>a5bc210</code></a> Add declaration maps</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/b54955d4e123b0167eac13646333c809bb8f301c"><code>b54955d</code></a> Add <code>.tsbuildinfo</code> to <code>.gitignore</code></li> <li>See full diff in <a href="https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/retina/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Description Allow user to download all captures from a specific namespace or from all namespaces ## Related Issue microsoft#1836 ## Checklist - [x] I have read the [contributing documentation](https://retina.sh/docs/Contributing/overview). - [x] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [ ] I have correctly attributed the author(s) of the code. - [x] I have tested the changes locally. - [ ] I have followed the project's style guidelines. - [x] I have updated the documentation, if necessary. - [x] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed Please add any relevant screenshots or GIFs to showcase the changes made. ## Additional Notes Add any additional notes or context about the pull request here. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project.
…2.0 (microsoft#1947) Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.88.4 to 1.92.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/69a6df880a92d44f528b1754b680de66c2298c1b"><code>69a6df8</code></a> Release 2025-11-20</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/d97cf39b76283caf92bd79d9e9c70d3a72dc5e59"><code>d97cf39</code></a> Regenerated Clients</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/b3229249806091602f44b85e05a53ea5e99196f1"><code>b322924</code></a> Update endpoints model</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/1869e8974eede203e6ba34df1f2ebed89db33066"><code>1869e89</code></a> Update API model</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/466d9d579621ec9dc2c3f4a43fa2af0717e23667"><code>466d9d5</code></a> Release 2025-11-19.2</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/ca4b05e6bf0662b0897dafa8a7f4e8f1eec18ecc"><code>ca4b05e</code></a> Regenerated Clients</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/d780944614982ed36a2939ef37ccdd140f2d006b"><code>d780944</code></a> add logincreds provider (<a href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3230">#3230</a>)</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/115ff149b9e7c84e1613de8e450d4dba11aa51d8"><code>115ff14</code></a> Release 2025-11-19</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/964750d3a2f749460bb6ecefb2ac4549d3be30ca"><code>964750d</code></a> Regenerated Clients</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/5b181c46dd2ef92577c5660050ca7a12cc6dbe93"><code>5b181c4</code></a> Update API model</li> <li>Additional commits viewable in <a href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.88.4...service/s3/v1.92.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ks in DNS and TCP retrans plugins
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new mechanism to check and ensure required Linux filesystems are mounted before initializing plugins, improving error handling and preventing unexpected agent exits. The changes add a reusable function for filesystem checks and integrate it into the initialization logic of both the DNS and TCP retransmission plugins.
Filesystem check and error handling improvements:
CheckAndMountFilesystemsinpkg/plugin/common/filesystem_linux.goto verify and log the status of required filesystems (bpf,debugfs,tracefs) before plugin initialization, returning errors if critical filesystems are missing.pkg/plugin/dns/dns_linux.goandpkg/plugin/tcpretrans/tcpretrans_linux.goto callCheckAndMountFilesystemsin their respectiveInitmethods, logging errors and returning them to allow the agent to decide whether to continue or fail initialization. [1] [2]Code organization and dependencies:
commonpackage inpkg/plugin/tcpretrans/tcpretrans_linux.goto access the filesystem check functionality.fmtpackage import inpkg/plugin/dns/dns_linux.gofor error wrapping and formatting.# DescriptionPlease provide a brief description of the changes made in this pull request.
Related Issue
If this pull request is related to any issue, please mention it here. Additionally, make sure that the issue is assigned to you before submitting this pull request.
Checklist
git commit -S -s ...). See this documentation on signing commits.Screenshots (if applicable) or Testing Completed
Please add any relevant screenshots or GIFs to showcase the changes made.
Additional Notes
Add any additional notes or context about the pull request here.
Please refer to the CONTRIBUTING.md file for more information on how to contribute to this project.