Update Fleet-maintained apps

[fleet-release]

Automated ingestion of latest Fleet-maintained app data.

Summary by CodeRabbit

• Chores
  • Updated Docker Desktop application support to version 4.71.0 for macOS and Windows platforms.
  • Updated Postman application support to version 12.8.0 for macOS and Windows platforms.
  • Updated Rider application support to version 2026.1.1 for macOS platform.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

Walkthrough

This pull request updates maintained-app definitions across multiple applications and platforms. Docker Desktop macOS and Windows versions are bumped from 4.70.0 to 4.71.0, Postman macOS and Windows versions are upgraded from 12.7.6 to 12.8.0, and Rider macOS is updated from 2026.1.0.1 to 2026.1.1. For each update, the corresponding version field, patched detection query, installer URL, and SHA256 checksum are modified to reflect the new release artifacts.

Possibly related PRs

• \Update Fleet-maintained apps #43452: Updates Docker Desktop macOS package metadata (version, patched query, installer URL, and checksum) in the same file.
• \Update Fleet-maintained apps #43603: Modifies Postman JSON entries across macOS and Windows platforms with identical field updates.
• \Update Fleet-maintained apps #43749: Updates Postman darwin.json and windows.json with version bumps and corresponding installer metadata.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Update Fleet-maintained apps' is generic but directly related to the changeset, which updates version configurations for multiple maintained apps (Docker Desktop, Postman, Rider).
Description check	✅ Passed	The description 'Automated ingestion of latest Fleet-maintained app data' is minimal but sufficient; it identifies the change as automated and related to app data, though it lacks detailed specifics about what was updated.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fma-2604271439

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

ee/maintained-apps/outputs/docker/windows.json (1)

9-12: Add ingestion-time integrity validation for installer metadata.

Given server/mdm/maintainedapps/sync.go (Lines 166-230) hydrates installer_url and sha256 directly from manifest JSON, consider adding CI/pipeline validation that fetches the artifact and verifies the declared SHA-256 before merge. This reduces bad-manifest risk from automated bumps.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ee/maintained-apps/outputs/docker/windows.json` around lines 9 - 12, Add a CI
check that fetches the declared installer_url and verifies it matches the
manifest sha256 before allowing the PR to merge: implement a pipeline step
(e.g., a GitHub Action or Make target) that reads the changed JSON (the
docker/windows.json), extracts installer_url and sha256, downloads the artifact
over HTTPS, computes its SHA‑256, and fails the job if the computed hash !=
declared sha256; wire this check to run on PRs touching maintained-app manifests
and document it as preventing bad-manifest bumps that would otherwise be
hydrated by server/mdm/maintainedapps/sync.go which currently trusts
installer_url and sha256 from the manifest.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@ee/maintained-apps/outputs/docker/windows.json`:
- Around line 9-12: Add a CI check that fetches the declared installer_url and
verifies it matches the manifest sha256 before allowing the PR to merge:
implement a pipeline step (e.g., a GitHub Action or Make target) that reads the
changed JSON (the docker/windows.json), extracts installer_url and sha256,
downloads the artifact over HTTPS, computes its SHA‑256, and fails the job if
the computed hash != declared sha256; wire this check to run on PRs touching
maintained-app manifests and document it as preventing bad-manifest bumps that
would otherwise be hydrated by server/mdm/maintainedapps/sync.go which currently
trusts installer_url and sha256 from the manifest.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 30c6ce42-b223-408b-9d2e-0e68f522f7cc

📥 Commits

Reviewing files that changed from the base of the PR and between d16e724 and 175e419.

📒 Files selected for processing (5)

• ee/maintained-apps/outputs/docker-desktop/darwin.json
• ee/maintained-apps/outputs/docker/windows.json
• ee/maintained-apps/outputs/postman/darwin.json
• ee/maintained-apps/outputs/postman/windows.json
• ee/maintained-apps/outputs/rider/darwin.json