Skip to content

Add more filtering to Vulnerability Exposure chart (frontend)#47674

Merged
sgress454 merged 11 commits into
mainfrom
sgress454/44746-cve-filtering-frontend
Jun 19, 2026
Merged

Add more filtering to Vulnerability Exposure chart (frontend)#47674
sgress454 merged 11 commits into
mainfrom
sgress454/44746-cve-filtering-frontend

Conversation

@sgress454

@sgress454 sgress454 commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Related issue: For #44746

Checklist for submitter

If some of the following don't apply, delete the relevant line.

  • Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
    See Changes files for more information.

Testing

  • Added/updated automated tests
  • QA'd all new/changed functionality manually
    • Changing the filters in the UI causes the related API params to be set
    • Changing the software filters causes the "filtered" tooltip to show up and include info about software filters
    • Changing the host filters causes the "filtered" tooltip to show up and include info about host filters
    • Changing both host and software filters causes the "filtered" tooltip to show up and include info about both filters
    • CVE search works and utilizes infinite scroll

Summary by CodeRabbit

Release Notes

  • New Features

    • Added software category filtering options to vulnerability charts.
    • Added EPSS range filtering with validation to refine results.
    • Added known exploit toggle and CVE exclusion capabilities.
    • Improved filter status display with tabbed interface.
  • Tests

    • Added comprehensive test coverage for software filtering and validation logic.
  • Style

    • Enhanced filter UI styling and interactivity.

@sgress454 sgress454 changed the title Sgress454/44746 CVE filtering frontend Add CVE filtering to vulns chart Jun 16, 2026
@sgress454

Copy link
Copy Markdown
Contributor Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@codecov

codecov Bot commented Jun 16, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 48.26087% with 119 lines in your changes missing coverage. Please review.
✅ Project coverage is 67.26%. Comparing base (c370a96) to head (d60bcd6).
⚠️ Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
.../pages/DashboardPage/cards/ChartCard/ChartCard.tsx 32.09% 54 Missing and 1 partial ⚠️
...ds/ChartCard/ChartFilterModal/ChartFilterModal.tsx 0.00% 45 Missing ⚠️
...artFilterModal/SoftwareFilters/SoftwareFilters.tsx 70.31% 19 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main   #47674      +/-   ##
==========================================
- Coverage   67.27%   67.26%   -0.02%     
==========================================
  Files        3644     3647       +3     
  Lines      230327   230548     +221     
  Branches    11842    12086     +244     
==========================================
+ Hits       154963   155084     +121     
- Misses      61439    61542     +103     
+ Partials    13925    13922       -3     
Flag Coverage Δ
backend 68.90% <100.00%> (+<0.01%) ⬆️
frontend 58.17% <48.03%> (-0.05%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8bcd2c46-5e9f-483f-bcda-325353ecc9bb

📥 Commits

Reviewing files that changed from the base of the PR and between 241de16 and d60bcd6.

📒 Files selected for processing (1)
  • changes/44746-more-filtering-in-vulns-chart
✅ Files skipped from review due to trivial changes (1)
  • changes/44746-more-filtering-in-vulns-chart

Walkthrough

The PR adds CVE-specific software filtering to the dashboard ChartCard. New CVE_SOFTWARE_CATEGORIES constants and extended IChartFilters/IChartApiParams interfaces establish the data contracts. An SoftwareFilters component is introduced with category checkboxes, a KEV toggle, and expandable Advanced options including EPSS min/max inputs and a debounced CVE exclusion picker with infinite scroll. ChartFilterModal gains a metric prop and tabbed layout that renders SoftwareFilters for CVE datasets; EPSS validation can disable the Apply button. ChartCard wires the new filter state into query param construction (scaling EPSS 0–100 to 0.0–1.0, serializing software filters) and replaces the prior "Filtered" badge with a tooltip-wrapped clickable pill that opens the modal on the relevant tab.

Possibly related PRs

  • fleetdm/fleet#47470: The main PR's frontend CVE chart filter UI (software category constants + query construction for software_filters, has_known_exploit, epss_min/epss_max, and exclude_vulnerabilities) directly matches the retrieved PR's backend CVE chart API/request filter fields and category constants.
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely describes the main change: adding filtering to the Vulnerability Exposure chart on the frontend.
Description check ✅ Passed The PR description follows the template structure with checked items for changes file and testing (automated tests and manual QA with specific test cases documented).
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch sgress454/44746-cve-filtering-frontend

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@frontend/pages/DashboardPage/cards/ChartCard/ChartCard.tsx`:
- Around line 113-119: The `softwareFilterLines` function currently shows the
software category text whenever any categories are selected, but since all
categories are selected by default, this causes the Software section to appear
in the filter summary even when the user hasn't actually narrowed their
selection. Fix this by changing the condition that determines when to add
category text: instead of checking if `cats.length` is truthy, only add the
category text when the user has actually narrowed their selection, meaning the
number of selected categories is less than the total number of available
CVE_SOFTWARE_CATEGORIES. This way, the filter summary will only show the
Software section when categories have been actively filtered, not just when the
defaults are used.

In
`@frontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/SoftwareFilters.tsx`:
- Around line 75-89: The useQuery hook for fetching vulnerability data in the
SoftwareFilters component is running unconditionally, causing unnecessary
network requests even when Advanced options are collapsed. Add an enabled
property to the useQuery configuration options object (which currently contains
keepPreviousData and staleTime) and set it to showAdvanced to prevent the query
from executing until the user actually expands the Advanced options section.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b280c682-2fe1-4add-bb71-fefbd9a2f987

📥 Commits

Reviewing files that changed from the base of the PR and between 6bddcc8 and 241de16.

📒 Files selected for processing (12)
  • frontend/interfaces/charts.ts
  • frontend/pages/DashboardPage/cards/ChartCard/ChartCard.tsx
  • frontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/ChartFilterModal.tsx
  • frontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/SoftwareFilters.tests.tsx
  • frontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/SoftwareFilters.tsx
  • frontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/_styles.scss
  • frontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/helpers.tests.ts
  • frontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/helpers.ts
  • frontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/index.ts
  • frontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/index.ts
  • frontend/pages/DashboardPage/cards/ChartCard/_styles.scss
  • frontend/services/entities/charts.ts

Comment thread frontend/pages/DashboardPage/cards/ChartCard/ChartCard.tsx
@sgress454 sgress454 force-pushed the sgress454/44746-cve-filtering-frontend branch from bf8065a to f388d9d Compare June 17, 2026 16:21
@sgress454 sgress454 changed the title Add CVE filtering to vulns chart Add more filtering to Vulnerability Exposure chart Jun 17, 2026
@sgress454 sgress454 marked this pull request as ready for review June 18, 2026 01:23
@sgress454 sgress454 requested review from a team as code owners June 18, 2026 01:23

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

@sgress454 sgress454 changed the title Add more filtering to Vulnerability Exposure chart Add more filtering to Vulnerability Exposure chart (frontend) Jun 18, 2026
lukeheath
lukeheath previously approved these changes Jun 19, 2026
sgress454 added a commit that referenced this pull request Jun 19, 2026
#47470)

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #44746 

# Details

* Adds the ability to filter historical CVE data by software type, EPSS,
CVSS, CVE ID (exclude only) and "has known exploit"
* Hard-codes the CVSS filter to 9.0+ for now, since that's the only data
that's been collected thus far
* Un-gates the collection code so that it will collect CVE data for
_all_ severities (but still in the restricted set of software)

Related PRs [update the
front-end](#47674) to allow sending
these filters, and [update
GitOps](#47634) to allow changing
the default filters.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.

## Testing

- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually

### Manual test plan — CVE chart filtering (backend smoke test)

#### Setup
- Premium dev server running with a few hosts carrying vulnerable
software (so `cve_meta` / `software_cve` /
  `operating_system_vulnerabilities` are populated)
- Chart data present — collector ran once, or seeded: `go run
./tools/charts-backfill --dataset cve
  --use-tracked-cves --days 7`
  - API token exported and helper set:
    ```bash
    BASE=https://localhost:8080/api/v1/fleet/charts
peak() { curl -sk -H "Authorization: Bearer $TOKEN" "$BASE/$1" | jq
'[.data[].value] | max'; }

####  Checks (compare against the no-filter baseline)

- [x] Baseline returns data — GET /charts/cve?days=7 returns a data
series; .filters is empty/default
- [x] Severity force-pinned to critical — cve?days=7 and
cve?days=7&severity_min=0&severity_max=10 give identical
  peaks (no low-severity leak; client severity ignored)
- [x] Category narrowing — software_categories=browsers ≤ baseline;
software_categories=os,browsers,office,adobe ==
  baseline
- [x] OS category includes kernel — software_categories=os returns
OS-vuln + Linux-kernel CVE counts
  - [x] Known-exploit narrowing — known_exploit=true ≤ baseline
- [x] EPSS narrowing — epss_min=0.9 ≤ baseline; epss_min=0&epss_max=1 ==
baseline (EPSS is 0.0–1.0 on the API)
- [x] Exclude is subtractive + tolerant — excluding a visible CVE
lowers/keeps counts; exclude_cves=CVE-0000-00000
  == baseline (no-op)
- [x] Filters echo back — filtered requests return applied values under
.filters
- [x] Uptime untouched — GET /charts/uptime?days=7 returns its normal
series
- [x] Free-tier safety (optional) — on non-Premium, /charts/cve returns
an empty series, no error
  - [x] > 0 rows from:
  SELECT COUNT(DISTINCT scd.entity_id) AS below_critical
  FROM host_scd_data scd JOIN cve_meta cm ON cm.cve = scd.entity_id
  WHERE scd.dataset='cve' AND cm.cvss_score < 9.0;
  - (confirms lower-severity CVEs are stored)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary of changes

* **New Features**
* Added advanced CVE chart request filters: software categories,
known-exploit flag, EPSS min/max, severity min/max, and excluded CVEs.
* Expanded CVE chart coverage to use the full “collectible” CVE set,
with filtering applied when serving chart data.

* **Tests**
* Added coverage for collecting collectible CVEs and resolving chart
entities based on filter combinations and exclusions.

* **Chores**
  * Updated CVE chart backfill to use collectible CVE discovery.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Base automatically changed from sgress454/44746-add-cve-filtering to main June 19, 2026 15:52
@sgress454 sgress454 dismissed lukeheath’s stale review June 19, 2026 15:52

The base branch was changed.

Use slices.Concat instead of append(swArgs, metaArgs...) so the combined
args slice doesn't risk aliasing swArgs's backing array.
An empty software-category selection is indistinguishable from no filter
on the chart read path (empty list collapses to nil = all categories), so
deselecting every category showed all CVEs instead of none. Block Apply
and show an inline validation error until at least one category is selected.
The Hosts tab renders inside .chart-filter-modal__form, which carries the
bottom margin before the action buttons; the Software tab rendered
SoftwareFilters directly and so had no gap. Wrap it in the same __form
div so both tabs space identically.
@sgress454 sgress454 force-pushed the sgress454/44746-cve-filtering-frontend branch from a938394 to d60bcd6 Compare June 19, 2026 16:06
@qodo-free-for-open-source-projects

Copy link
Copy Markdown

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: test-go (fleetctl, mysql:8.0.44) / test

Failed stage: Run Go Tests [❌]

Failed test name: TestIntegrationsVulnerabilityDataStream

Failure summary:

The action failed because a Go integration test failed:
- TestIntegrationsVulnerabilityDataStream
failed in cmd/fleetctl/integrationtest/vuln after 98.13s.
- Failure location:
cmd/fleetctl/integrationtest/vuln/vulnerability_data_stream_test.go:44.
- Error: Error downloading
OSV artifacts: failed to download OSV for Ubuntu versions: [2504], indicating the test could not
fetch required OSV vulnerability artifacts for Ubuntu 25.04.
- The test failure caused make test-go
to exit non-zero (make[1]: *** [Makefile:291: .run-go-tests] Error 1, then make: *** [Makefile:406:
test-go] Error 2), which failed the GitHub Actions job.

Relevant error logs:
1:  Runner name: 'ubuntu-8core-1000927868'
2:  Runner group name: 'default larger runners'
...

983:  �[36;1mattempt=1�[0m
984:  �[36;1m�[0m
985:  �[36;1mwhile [ $attempt -le $max_attempts ]; do�[0m
986:  �[36;1m  echo "Attempt $attempt of $max_attempts"�[0m
987:  �[36;1m�[0m
988:  �[36;1m  # Try to connect to MySQL�[0m
989:  �[36;1m  if wait_for_mysql "mysql_test"; then�[0m
990:  �[36;1m    # If MySQL is ready, try to connect to MySQL replica�[0m
991:  �[36;1m    if wait_for_mysql "mysql_replica_test"; then�[0m
992:  �[36;1m      # Both are ready, we're done�[0m
993:  �[36;1m      echo "All MySQL connections successful"�[0m
994:  �[36;1m      exit 0�[0m
995:  �[36;1m    fi�[0m
996:  �[36;1m  fi�[0m
997:  �[36;1m�[0m
998:  �[36;1m  # If we get here, at least one connection failed�[0m
999:  �[36;1m  echo "Failed to connect to MySQL on attempt $attempt"�[0m
1000:  �[36;1m�[0m
1001:  �[36;1m  if [ $attempt -lt $max_attempts ]; then�[0m
1002:  �[36;1m    echo "Restarting containers and trying again..."�[0m
1003:  �[36;1m    restart_containers�[0m
1004:  �[36;1m  else�[0m
1005:  �[36;1m    echo "Maximum attempts reached. Failing the job."�[0m
1006:  �[36;1m    exit 1�[0m
...

1292:  go: downloading github.com/AbGuthrie/goquery/v2 v2.0.1
1293:  go: downloading github.com/davecgh/go-spew v1.1.1
1294:  go: downloading github.com/tj/assert v0.0.3
1295:  go: downloading github.com/hashicorp/golang-lru v0.5.4
1296:  go: downloading github.com/c-bata/go-prompt v0.2.3
1297:  go: downloading github.com/pmezard/go-difflib v1.0.0
1298:  go: downloading github.com/stretchr/objx v0.5.2
1299:  go: downloading github.com/pkg/term v0.0.0-20190109203006-aa71e9d9e942
1300:  github.com/fleetdm/fleet/v4/cmd/fleetctl:
1301:  github.com/fleetdm/fleet/v4/cmd/fleetctl/fleetctl/testing_utils:
1302:  github.com/fleetdm/fleet/v4/cmd/fleetctl/fleetctl/goquerycmd:
1303:  github.com/fleetdm/fleet/v4/cmd/fleetctl/fleetctl/fleetctltest:
1304:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest:
1305:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/preview:
1306:  �[32m✓�[0m Integrations preview (49.92s)
1307:  �[32m✓�[0m Preview fails on invalid license key (0.00s)
1308:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/package:
...

1419:  �[32m✓�[0m Apply specs deprecated keys app config windows updates.grace period days not a number (0.45s)
1420:  �[32m✓�[0m Apply specs deprecated keys app config windows updates.grace period days out of range (0.48s)
1421:  �[32m✓�[0m Apply specs deprecated keys config with FIM values for agent options (#869 9) (0.45s)
1422:  �[32m✓�[0m Apply specs deprecated keys config with blank required org name (0.36s)
1423:  �[32m✓�[0m Apply specs deprecated keys config with blank required server url (0.41s)
1424:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options command-line flags (0.34s)
1425:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options data type in dry-run (0.38s)
1426:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options data type with force (0.42s)
1427:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options in dry-run (0.43s)
1428:  �[32m✓�[0m Apply specs deprecated keys config with invalid key type (0.43s)
1429:  �[32m✓�[0m Apply specs deprecated keys config with invalid value for agent options command-line flags (0.50s)
1430:  �[32m✓�[0m Apply specs deprecated keys config with unknown key (0.41s)
1431:  �[32m✓�[0m Apply specs deprecated keys config with valid agent options command-line flags (0.36s)
1432:  �[32m✓�[0m Apply specs deprecated keys dry-run set with unsupported spec (0.45s)
1433:  �[32m✓�[0m Apply specs deprecated keys dry-run set with various specs, appconfig warning for legacy (0.43s)
1434:  �[32m✓�[0m Apply specs deprecated keys dry-run set with various specs, no errors (0.42s)
1435:  �[32m✓�[0m Apply specs deprecated keys empty config (0.47s)
...

1438:  �[32m✓�[0m Apply specs deprecated keys invalid agent options dry-run (0.44s)
1439:  �[32m✓�[0m Apply specs deprecated keys invalid agent options field type (0.45s)
1440:  �[32m✓�[0m Apply specs deprecated keys invalid agent options field type in overrides (0.42s)
1441:  �[32m✓�[0m Apply specs deprecated keys invalid agent options for existing team (0.46s)
1442:  �[32m✓�[0m Apply specs deprecated keys invalid agent options for new team (0.51s)
1443:  �[32m✓�[0m Apply specs deprecated keys invalid agent options force (0.51s)
1444:  �[32m✓�[0m Apply specs deprecated keys invalid known key's value type for team cannot be forced (0.49s)
1445:  �[32m✓�[0m Apply specs deprecated keys invalid team agent options command-line flag (0.38s)
1446:  �[32m✓�[0m Apply specs deprecated keys invalid top-level key for team (0.52s)
1447:  �[32m✓�[0m Apply specs deprecated keys macos updates deadline set but minimum version empty (0.35s)
1448:  �[32m✓�[0m Apply specs deprecated keys macos updates minimum version set but deadline empty (0.50s)
1449:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with incomplete date (0.48s)
1450:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with invalid date (0.34s)
1451:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with timestamp (0.43s)
1452:  �[32m✓�[0m Apply specs deprecated keys macos updates.minimum version with build version (0.45s)
1453:  �[32m✓�[0m Apply specs deprecated keys missing required failing policies destination url (0.46s)
1454:  �[32m✓�[0m Apply specs deprecated keys missing required host status days count (0.45s)
...

1462:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption true (0.43s)
1463:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption with invalid value type (0.46s)
1464:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption without a value (0.43s)
1465:  �[32m✓�[0m Apply specs deprecated keys unknown key for team can be forced (0.41s)
1466:  �[32m✓�[0m Apply specs deprecated keys valid team agent options command-line flag (0.39s)
1467:  �[32m✓�[0m Apply specs deprecated keys windows updates unset valid (0.43s)
1468:  �[32m✓�[0m Apply specs deprecated keys windows updates valid (0.43s)
1469:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days but grace period empty (0.37s)
1470:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days not a number (0.40s)
1471:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days out of range (0.50s)
1472:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days but deadline empty (0.41s)
1473:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days not a number (0.41s)
1474:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days out of range (0.42s)
1475:  �[32m✓�[0m Apply specs dry-run set with unsupported spec (0.56s)
1476:  �[32m✓�[0m Apply specs dry-run set with various specs, appconfig warning for legacy (0.45s)
1477:  �[32m✓�[0m Apply specs dry-run set with various specs, no errors (0.41s)
1478:  �[32m✓�[0m Apply specs empty config (0.37s)
...

1481:  �[32m✓�[0m Apply specs invalid agent options dry-run (0.40s)
1482:  �[32m✓�[0m Apply specs invalid agent options field type (0.39s)
1483:  �[32m✓�[0m Apply specs invalid agent options field type in overrides (0.37s)
1484:  �[32m✓�[0m Apply specs invalid agent options for existing team (0.42s)
1485:  �[32m✓�[0m Apply specs invalid agent options for new team (0.47s)
1486:  �[32m✓�[0m Apply specs invalid agent options force (0.36s)
1487:  �[32m✓�[0m Apply specs invalid known key's value type for team cannot be forced (0.51s)
1488:  �[32m✓�[0m Apply specs invalid team agent options command-line flag (0.45s)
1489:  �[32m✓�[0m Apply specs invalid top-level key for team (0.48s)
1490:  �[32m✓�[0m Apply specs macos updates deadline set but minimum version empty (0.36s)
1491:  �[32m✓�[0m Apply specs macos updates minimum version set but deadline empty (0.50s)
1492:  �[32m✓�[0m Apply specs macos updates.deadline with incomplete date (0.43s)
1493:  �[32m✓�[0m Apply specs macos updates.deadline with invalid date (0.45s)
1494:  �[32m✓�[0m Apply specs macos updates.deadline with timestamp (0.34s)
1495:  �[32m✓�[0m Apply specs macos updates.minimum version with build version (0.35s)
1496:  �[32m✓�[0m Apply specs missing required failing policies destination url (0.49s)
1497:  �[32m✓�[0m Apply specs missing required host status days count (0.41s)
...

1516:  �[32m✓�[0m Apply specs windows updates.grace period days not a number (0.38s)
1517:  �[32m✓�[0m Apply specs windows updates.grace period days out of range (0.51s)
1518:  �[32m✓�[0m Apply team specs (0.55s)
1519:  �[32m✓�[0m Apply user roles (0.56s)
1520:  �[32m✓�[0m Apply user roles deprecated (0.44s)
1521:  �[32m✓�[0m Apply windows updates (0.38s)
1522:  �[32m✓�[0m Apply windows updates field omitted (0.00s)
1523:  �[32m✓�[0m Apply windows updates with null values (0.00s)
1524:  �[32m✓�[0m Apply windows updates with values (0.00s)
1525:  �[32m✓�[0m Can apply intervals in nanoseconds (0.39s)
1526:  �[32m✓�[0m Can apply intervals using durations (0.50s)
1527:  �[32m✓�[0m Clean status code err (0.00s)
1528:  �[32m✓�[0m Clean status code err bare wrapped status code err (0.00s)
1529:  �[32m✓�[0m Clean status code err nil (0.00s)
1530:  �[32m✓�[0m Clean status code err outer-wrapped status code err (0.00s)
1531:  �[32m✓�[0m Clean status code err plain error untouched (0.00s)
1532:  �[32m✓�[0m Compute label changes (0.00s)
...

1588:  �[32m✓�[0m Filename functions (0.00s)
1589:  �[32m✓�[0m Filename functions outfile name builds a file name using the name provided + current time (0.00s)
1590:  �[32m✓�[0m Filename functions outfile name with ext builds a file name using the name and extension provided + current time (0.00s)
1591:  �[32m✓�[0m FleetctlUpgradePacks empty packs (0.44s)
1592:  �[32m✓�[0m FleetctlUpgradePacks no pack (0.41s)
1593:  �[32m✓�[0m FleetctlUpgradePacks non empty (0.47s)
1594:  �[32m✓�[0m FleetctlUpgradePacks not admin (0.42s)
1595:  �[32m✓�[0m Format XML (0.00s)
1596:  �[32m✓�[0m Format XML XML with attributes (0.00s)
1597:  �[32m✓�[0m Format XML basic XML (0.00s)
1598:  �[32m✓�[0m Format XML empty XML (0.00s)
1599:  �[32m✓�[0m Format XML invalid XML (0.00s)
1600:  �[32m✓�[0m Format XML nested XML (0.00s)
1601:  �[32m✓�[0m Generate MDM apple (0.74s)
1602:  �[32m✓�[0m Generate MDM apple BM (0.53s)
1603:  �[32m✓�[0m Generate MDM apple CSR API call fails (0.35s)
1604:  �[32m✓�[0m Generate MDM apple successful run (0.39s)
1605:  �[32m✓�[0m Generate MDMVPP tokens (0.00s)
1606:  �[32m✓�[0m Generate MDMVPP tokens get VPP tokens error (0.00s)
1607:  �[32m✓�[0m Generate MDMVPP tokens multiple tokens with different teams (0.00s)
...

1624:  �[32m✓�[0m Generate org settings masked google calendar api key (0.00s)
1625:  �[32m✓�[0m Generate policies (0.00s)
1626:  �[32m✓�[0m Generate policies patch policy orphaned from fleet maintained app (0.00s)
1627:  �[32m✓�[0m Generate queries (0.00s)
1628:  �[32m✓�[0m Generate software (0.00s)
1629:  �[32m✓�[0m Generate software auto update schedule (0.00s)
1630:  �[32m✓�[0m Generate software script packages (0.00s)
1631:  �[32m✓�[0m Generate team settings (0.00s)
1632:  �[32m✓�[0m Generate team settings insecure (0.00s)
1633:  �[32m✓�[0m Generated org settings no SSO (0.00s)
1634:  �[32m✓�[0m Generated org settings okta conditional access not included (0.00s)
1635:  �[32m✓�[0m Get MDM command results (0.39s)
1636:  �[32m✓�[0m Get MDM command results command flag required (0.00s)
1637:  �[32m✓�[0m Get MDM command results command not found (0.01s)
1638:  �[32m✓�[0m Get MDM command results command results empty (0.01s)
1639:  �[32m✓�[0m Get MDM command results command results error (0.01s)
1640:  �[32m✓�[0m Get MDM command results darwin command results (0.00s)
1641:  �[32m✓�[0m Get MDM command results host specific results (0.00s)
1642:  �[32m✓�[0m Get MDM command results windows command results (0.00s)
1643:  �[32m✓�[0m Get MDM commands (0.48s)
1644:  �[32m✓�[0m Get apple BM (1.52s)
1645:  �[32m✓�[0m Get apple BM free license (0.32s)
1646:  �[32m✓�[0m Get apple BM premium license, multiple tokens (0.41s)
1647:  �[32m✓�[0m Get apple BM premium license, no token (0.41s)
1648:  �[32m✓�[0m Get apple BM premium license, single token (0.38s)
1649:  �[32m✓�[0m Get apple MDM (0.36s)
1650:  �[32m✓�[0m Get carve (0.68s)
1651:  �[32m✓�[0m Get carve with error (0.37s)
1652:  �[32m✓�[0m Get carves (0.38s)
...

1666:  �[32m✓�[0m Get hosts MDM get hosts - -mdm - -mdm-pending - (0.00s)
1667:  �[32m✓�[0m Get hosts MDM get hosts - -mdm-pending - -yaml - expected list hosts yaml.yml (0.00s)
1668:  �[32m✓�[0m Get hosts get hosts - -json - -remove-deprecated-keys (0.00s)
1669:  �[32m✓�[0m Get hosts get hosts - -json - expected list hosts json.json (0.00s)
1670:  �[32m✓�[0m Get hosts get hosts - -json test host - expected host detail response json.json (0.00s)
1671:  �[32m✓�[0m Get hosts get hosts - -yaml - expected list hosts yaml.yml (0.01s)
1672:  �[32m✓�[0m Get hosts get hosts - -yaml test host - expected host detail response yaml.yml (0.00s)
1673:  �[32m✓�[0m Get label (0.38s)
1674:  �[32m✓�[0m Get label usage include and exclude allowed (0.00s)
1675:  �[32m✓�[0m Get label usage include and exclude allowed macos (0.00s)
1676:  �[32m✓�[0m Get label usage include and exclude allowed macos# 01 (0.00s)
1677:  �[32m✓�[0m Get label usage include and exclude allowed macos# 02 (0.00s)
1678:  �[32m✓�[0m Get label usage include and exclude allowed windows (0.00s)
1679:  �[32m✓�[0m Get label usage include and exclude allowed windows# 01 (0.00s)
1680:  �[32m✓�[0m Get label usage include and exclude allowed windows# 02 (0.00s)
1681:  �[32m✓�[0m Get label usage include exclude overlap error (0.00s)
1682:  �[32m✓�[0m Get label usage include exclude overlap error macos (0.00s)
1683:  �[32m✓�[0m Get label usage include exclude overlap error macos# 01 (0.00s)
1684:  �[32m✓�[0m Get label usage include exclude overlap error macos# 02 (0.00s)
1685:  �[32m✓�[0m Get label usage include exclude overlap error windows (0.00s)
1686:  �[32m✓�[0m Get label usage include exclude overlap error windows# 01 (0.00s)
1687:  �[32m✓�[0m Get label usage include exclude overlap error windows# 02 (0.00s)
1688:  �[32m✓�[0m Get label usage multiple label keys error (0.00s)
1689:  �[32m✓�[0m Get label usage multiple label keys error macos (0.00s)
1690:  �[32m✓�[0m Get label usage multiple label keys error windows (0.00s)
1691:  �[32m✓�[0m Get label usage policy scopes (0.00s)
...

1707:  �[32m✓�[0m Get queries as observer team observer (0.01s)
1708:  �[32m✓�[0m Get query (0.44s)
1709:  �[32m✓�[0m Get query labels include all (0.35s)
1710:  �[32m✓�[0m Get reports labels include all (0.41s)
1711:  �[32m✓�[0m Get software titles (0.40s)
1712:  �[32m✓�[0m Get software versions (0.44s)
1713:  �[32m✓�[0m Get teams (0.85s)
1714:  �[32m✓�[0m Get teams YAML and apply (0.37s)
1715:  �[32m✓�[0m Get teams by name (0.42s)
1716:  �[32m✓�[0m Get teams expired license (0.46s)
1717:  �[32m✓�[0m Get teams not expired license (0.39s)
1718:  �[32m✓�[0m Get teams software from source of truth (0.39s)
1719:  �[32m✓�[0m Get user roles (0.41s)
1720:  �[32m✓�[0m Git ops ABM (5.79s)
1721:  �[32m✓�[0m Git ops ABM backwards compat (0.59s)
1722:  �[32m✓�[0m Git ops ABM both keys errors (0.38s)
1723:  �[32m✓�[0m Git ops ABM deprecated config with two tokens in the db fails (0.52s)
1724:  �[32m✓�[0m Git ops ABM new key all valid (0.62s)
1725:  �[32m✓�[0m Git ops ABM new key multiple elements (0.68s)
1726:  �[32m✓�[0m Git ops ABM no team is supported (0.52s)
1727:  �[32m✓�[0m Git ops ABM non existent org name fails (0.49s)
1728:  �[32m✓�[0m Git ops ABM not provided teams defaults to no team (0.68s)
1729:  �[32m✓�[0m Git ops ABM renamed new key all valid (0.71s)
1730:  �[32m✓�[0m Git ops ABM using an undefined team errors (0.61s)
1731:  �[32m✓�[0m Git ops EULA setting (4.30s)
...

1734:  �[32m✓�[0m Git ops EULA setting not a PDF file (0.49s)
1735:  �[32m✓�[0m Git ops EULA setting relative path to working dir to pdf file (no existing EULA uploaded) (0.52s)
1736:  �[32m✓�[0m Git ops EULA setting relative path to yaml file to pdf file (no existing EULA uploaded) (0.54s)
1737:  �[32m✓�[0m Git ops EULA setting uploading the same EULA again (0.53s)
1738:  �[32m✓�[0m Git ops EULA setting valid new pdf file (different EULA already uploaded) (0.59s)
1739:  �[32m✓�[0m Git ops EULA setting valid pdf file (no existing EULA uploaded) (0.56s)
1740:  �[32m✓�[0m Git ops MDM auth settings (0.55s)
1741:  �[32m✓�[0m Git ops SMTP settings (0.68s)
1742:  �[32m✓�[0m Git ops SSO server URL (0.62s)
1743:  �[32m✓�[0m Git ops SSO settings (0.52s)
1744:  �[32m✓�[0m Git ops android certificates add (0.71s)
1745:  �[32m✓�[0m Git ops android certificates change (0.63s)
1746:  �[32m✓�[0m Git ops android certificates delete all (0.40s)
1747:  �[32m✓�[0m Git ops android certificates delete one (0.41s)
1748:  �[32m✓�[0m Git ops app store app auto update (0.51s)
1749:  �[32m✓�[0m Git ops app store app auto update invalid auto-update window triggers error and does not call update software title auto update config (0.01s)
1750:  �[32m✓�[0m Git ops app store app auto update no auto update settings and no existing schedule does not call update software title auto update config (0.02s)
1751:  �[32m✓�[0m Git ops app store app auto update update software title auto update config is applied for i OS VPP apps (0.02s)
1752:  �[32m✓�[0m Git ops app store app auto update update software title auto update config is not called when no VPP apps provided (0.02s)
1753:  �[32m✓�[0m Git ops apple OS updates (0.40s)
1754:  �[32m✓�[0m Git ops apple OS updates ios updates (0.01s)
1755:  �[32m✓�[0m Git ops apple OS updates ios updates os updated when existing OS update declaration (0.01s)
1756:  �[32m✓�[0m Git ops apple OS updates ipados updates (0.01s)
1757:  �[32m✓�[0m Git ops apple OS updates ipados updates os updated when existing OS update declaration (0.01s)
1758:  �[32m✓�[0m Git ops apple OS updates macos updates (0.01s)
1759:  �[32m✓�[0m Git ops apple OS updates macos updates os updated when existing OS update declaration (0.01s)
1760:  �[32m✓�[0m Git ops basic global and no team (0.54s)
1761:  �[32m✓�[0m Git ops basic global and no team basic global and no-team.yml (0.05s)
1762:  �[32m✓�[0m Git ops basic global and no team both global and no-team.yml define controls -- should fail (0.02s)
1763:  �[32m✓�[0m Git ops basic global and no team controls only defined in no-team.yml (0.05s)
1764:  �[32m✓�[0m Git ops basic global and no team global DOES NOT define controls -- should fail (0.01s)
1765:  �[32m✓�[0m Git ops basic global and no team global and no-team.yml DO NOT define controls -- should fail (0.01s)
1766:  �[32m✓�[0m Git ops basic global and no team global defines software -- should fail (0.01s)
1767:  �[32m✓�[0m Git ops basic global and no team no-team provided without global -- should fail (0.01s)
1768:  �[32m✓�[0m Git ops basic global and no team no-team.yml defines policy with calendar events enabled -- should fail (0.01s)
1769:  �[32m✓�[0m Git ops basic global and no team unassigned provided without global -- should fail (0.01s)
1770:  �[32m✓�[0m Git ops basic global and team (0.65s)
...

1776:  �[32m✓�[0m Git ops custom settings global macos windows custom settings valid.yml (0.69s)
1777:  �[32m✓�[0m Git ops custom settings global windows custom settings invalid label mix 2 .yml (0.58s)
1778:  �[32m✓�[0m Git ops custom settings global windows custom settings invalid label mix.yml (0.41s)
1779:  �[32m✓�[0m Git ops custom settings global windows custom settings unknown label.yml (0.50s)
1780:  �[32m✓�[0m Git ops custom settings team macos custom settings valid deprecated.yml (0.48s)
1781:  �[32m✓�[0m Git ops custom settings team macos windows custom settings invalid labels mix 2 .yml (0.45s)
1782:  �[32m✓�[0m Git ops custom settings team macos windows custom settings invalid labels mix.yml (0.46s)
1783:  �[32m✓�[0m Git ops custom settings team macos windows custom settings unknown label.yml (0.53s)
1784:  �[32m✓�[0m Git ops custom settings team macos windows custom settings valid.yml (0.48s)
1785:  �[32m✓�[0m Git ops dry run rejects invalid label platform (0.39s)
1786:  �[32m✓�[0m Git ops exception enforcement (0.43s)
1787:  �[32m✓�[0m Git ops exception enforcement free tier (0.35s)
1788:  �[32m✓�[0m Git ops exceptions preserve omitted keys (0.49s)
1789:  �[32m✓�[0m Git ops features (0.52s)
1790:  �[32m✓�[0m Git ops filename validation (0.00s)
1791:  �[32m✓�[0m Git ops fleet failing policies webhook policy IDs (0.42s)
1792:  �[32m✓�[0m Git ops fleet webhooks and tickets enabled (0.55s)
...

1944:  �[32m✓�[0m New basic file structure has expected files (0.00s)
1945:  �[32m✓�[0m New basic file structure replaces and escapes org name template var (0.00s)
1946:  �[32m✓�[0m New basic file structure strips .template. from output filenames (0.00s)
1947:  �[32m✓�[0m New dir flag (0.01s)
1948:  �[32m✓�[0m New existing dir with force (0.01s)
1949:  �[32m✓�[0m New existing dir without force (0.00s)
1950:  �[32m✓�[0m New org name YAML quoting (0.01s)
1951:  �[32m✓�[0m New org name validation (0.01s)
1952:  �[32m✓�[0m New org name validation at max length (0.01s)
1953:  �[32m✓�[0m New org name validation control characters stripped (0.01s)
1954:  �[32m✓�[0m New org name validation only control characters (0.00s)
1955:  �[32m✓�[0m New org name validation only whitespace (0.00s)
1956:  �[32m✓�[0m New org name validation too long (0.00s)
1957:  �[32m✓�[0m New output messages (0.01s)
1958:  �[32m✓�[0m New template stripping (0.01s)
1959:  �[32m✓�[0m Print auth error (0.43s)
1960:  �[32m✓�[0m Print auth error SSO disabled shows default login message (0.00s)
1961:  �[32m✓�[0m Print auth error SSO enabled shows SSO instructions (0.00s)
1962:  �[32m✓�[0m Render template (0.00s)
...

1982:  �[32m✓�[0m Run api command get scripts full path missing (0.00s)
1983:  �[32m✓�[0m Run api command get scripts team (0.00s)
1984:  �[32m✓�[0m Run api command get scripts team no cache (0.00s)
1985:  �[32m✓�[0m Run api command get typo (0.00s)
1986:  �[32m✓�[0m Run api command upload script (0.00s)
1987:  �[32m✓�[0m Run script command (0.66s)
1988:  �[32m✓�[0m Run script command disabled scripts globally (0.00s)
1989:  �[32m✓�[0m Run script command host not found (0.01s)
1990:  �[32m✓�[0m Run script command invalid file type (0.00s)
1991:  �[32m✓�[0m Run script command invalid hashbang (0.00s)
1992:  �[32m✓�[0m Run script command invalid utf 8 (0.00s)
1993:  �[32m✓�[0m Run script command missing one of script-path and script-nqme (0.00s)
1994:  �[32m✓�[0m Run script command output truncated (0.01s)
1995:  �[32m✓�[0m Run script command posix shell hashbang (0.01s)
1996:  �[32m✓�[0m Run script command script empty (0.01s)
1997:  �[32m✓�[0m Run script command script failed (0.01s)
1998:  �[32m✓�[0m Run script command script killed (0.01s)
...

2053:  �[32m✓�[0m Validate git ops group EUA global-only run degrades id p but the team's in-run file disables EU A: accepted (0.00s)
2054:  �[32m✓�[0m Validate git ops group EUA global-only run degrades id p while a stored team keeps EUA on: rejected (#4337 1) (0.00s)
2055:  �[32m✓�[0m Validate git ops group EUA no EUA enabled anywhere is accepted (0.00s)
2056:  �[32m✓�[0m Validate git ops group EUA team enables EU A, global file adds complete id P: accepted (0.00s)
2057:  �[32m✓�[0m Validate git ops group EUA team enables EU A, global file adds id p missing entity id: rejected (0.00s)
2058:  �[32m✓�[0m Validate git ops group EUA team enables EU A, global file omits id P, stored has id P: rejected (overwrite clears) (0.00s)
2059:  �[32m✓�[0m Validate git ops group EUA team enables EU A, stored has id P, no global file: accepted (0.00s)
2060:  �[32m✓�[0m Validate git ops group EUA team enables EU A, stored has no id P, no global file: rejected (0.00s)
2061:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/gitops:
2062:  �[32m✓�[0m Git ops VPP (4.97s)
2063:  �[32m✓�[0m Git ops VPP all fleets is supported (0.65s)
2064:  �[32m✓�[0m Git ops VPP all teams is supported (0.56s)
2065:  �[32m✓�[0m Git ops VPP new key all valid (0.61s)
2066:  �[32m✓�[0m Git ops VPP new key multiple elements (0.75s)
2067:  �[32m✓�[0m Git ops VPP no team is supported (0.66s)
2068:  �[32m✓�[0m Git ops VPP non existent location fails (0.60s)
2069:  �[32m✓�[0m Git ops VPP not provided teams defaults to no team (0.59s)
2070:  �[32m✓�[0m Git ops VPP using an undefined team errors (0.55s)
2071:  �[32m✓�[0m Git ops existing team VPP apps with missing team (0.52s)
...

2164:  �[32m✓�[0m Git ops team software installers team software installer with display name.yml (1.42s)
2165:  �[32m✓�[0m Integrations enterprise gitops (318.13s)
2166:  �[32m✓�[0m Integrations enterprise gitops test CA integrations (4.01s)
2167:  �[32m✓�[0m Integrations enterprise gitops test FMA labels include all (6.03s)
2168:  �[32m✓�[0m Integrations enterprise gitops test IPA software installers (10.52s)
2169:  �[32m✓�[0m Integrations enterprise gitops test JSON configuration profile escaping (1.28s)
2170:  �[32m✓�[0m Integrations enterprise gitops test add manual labels (1.54s)
2171:  �[32m✓�[0m Integrations enterprise gitops test configuration profile escaping (1.38s)
2172:  �[32m✓�[0m Integrations enterprise gitops test delete CA with certificate templates (5.92s)
2173:  �[32m✓�[0m Integrations enterprise gitops test delete mac OS setup (5.06s)
2174:  �[32m✓�[0m Integrations enterprise gitops test deleting no team YAML (2.65s)
2175:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience (123.78s)
2176:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience all VPP with setup experience (1.29s)
2177:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience no team VPP (1.14s)
2178:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience no team installers (60.52s)
2179:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience packages fail (60.66s)
2180:  �[32m✓�[0m Integrations enterprise gitops test dry run mac OS setup script with manual agent install conflict (0.41s)
...

2210:  �[32m✓�[0m Integrations enterprise gitops test omitted top level keys global (2.45s)
2211:  �[32m✓�[0m Integrations enterprise gitops test remove custom settings from default YAML (2.57s)
2212:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps (3.79s)
2213:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps all teams (2.39s)
2214:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps no team (1.24s)
2215:  �[32m✓�[0m Integrations enterprise gitops test unset configuration profile labels (4.92s)
2216:  �[32m✓�[0m Integrations enterprise gitops test unset software installer labels (12.38s)
2217:  �[32m✓�[0m Integrations enterprise starter library (4.93s)
2218:  �[32m✓�[0m Integrations enterprise starter library test apply starter library premium (3.52s)
2219:  �[32m✓�[0m Integrations gitops (2.26s)
2220:  �[32m✓�[0m Integrations gitops test fleet gitops (0.48s)
2221:  �[32m✓�[0m Integrations gitops test fleet gitops DDM fleet vars requires premium (0.11s)
2222:  �[32m✓�[0m Integrations gitops test fleet gitops with fleet secrets (0.23s)
2223:  �[32m✓�[0m Integrations starter library (1.56s)
2224:  �[32m✓�[0m Integrations starter library test apply starter library free (0.18s)
2225:  === �[31mFailed�[0m
2226:  === �[31mFAIL�[0m: cmd/fleetctl/integrationtest/vuln TestIntegrationsVulnerabilityDataStream (98.13s)
2227:  nettest.go:33: network test start: TestIntegrationsVulnerabilityDataStream
2228:  vulnerability_data_stream_test.go:44: 
2229:  Error Trace:	/home/runner/work/fleet/fleet/cmd/fleetctl/integrationtest/vuln/vulnerability_data_stream_test.go:44
2230:  Error:      	Received unexpected error:
2231:  Error downloading OSV artifacts: failed to download OSV for Ubuntu versions: [2504]
2232:  Test:       	TestIntegrationsVulnerabilityDataStream
2233:  nettest.go:36: network test done: TestIntegrationsVulnerabilityDataStream
2234:  DONE 915 tests, 1 failure in 649.501s
2235:  make[1]: *** [Makefile:291: .run-go-tests] Error 1
2236:  make[1]: Leaving directory '/home/runner/work/fleet/fleet'
2237:  make: *** [Makefile:406: test-go] Error 2
2238:  ##[error]Process completed with exit code 2.
2239:  Node 20 is being deprecated. This workflow is running with Node 24 by default. If you need to temporarily use Node 20, you can set the ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true environment variable. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
2240:  ##[group]Run actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
2241:  with:
2242:  name: fleetctl-mysql8.0.44-coverage
2243:  path: ./coverage.txt
2244:  if-no-files-found: error
2245:  compression-level: 6
...

2248:  RACE_ENABLED: false
2249:  GO_TEST_TIMEOUT: 20m
2250:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2251:  RUN_TESTS_ARG: 
2252:  CI_TEST_PKG: fleetctl
2253:  NEED_DOCKER: 1
2254:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2255:  GOTOOLCHAIN: local
2256:  ##[endgroup]
2257:  (node:45830) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
2258:  (Use `node --trace-deprecation ...` to show where the warning was created)
2259:  With the provided path, there will be 1 file uploaded
2260:  Artifact name is valid!
2261:  Root directory input is valid!
2262:  Beginning upload of artifact content to blob storage
2263:  (node:45830) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
2264:  Uploaded bytes 2282938
2265:  Finished uploading artifact content to blob storage!
2266:  SHA256 hash of uploaded artifact zip is 3ad4021c5ca465bc79778d55a8cbc658ea10d2581b2971470b56c515ac03f427
2267:  Finalizing artifact upload
2268:  Artifact fleetctl-mysql8.0.44-coverage.zip successfully finalized. Artifact ID 7754326520
2269:  Artifact fleetctl-mysql8.0.44-coverage has been successfully uploaded! Final size is 2282938 bytes. Artifact ID is 7754326520
2270:  Artifact download URL: https://github.com/fleetdm/fleet/actions/runs/27836337103/artifacts/7754326520
2271:  ##[group]Run c1grep() { grep "$@" || test $? = 1; }
2272:  �[36;1mc1grep() { grep "$@" || test $? = 1; }�[0m
2273:  �[36;1mc1grep -oP 'FAIL: .*$' /tmp/gotest.log > /tmp/summary.txt�[0m
2274:  �[36;1mc1grep 'test timed out after' /tmp/gotest.log >> /tmp/summary.txt�[0m
2275:  �[36;1mc1grep 'fatal error:' /tmp/gotest.log >> /tmp/summary.txt�[0m
2276:  �[36;1mc1grep -A 10 'panic: runtime error: ' /tmp/gotest.log >> /tmp/summary.txt�[0m
2277:  �[36;1mc1grep ' FAIL\t' /tmp/gotest.log >> /tmp/summary.txt�[0m
2278:  �[36;1mGO_FAIL_SUMMARY=$(head -n 5 /tmp/summary.txt | sed ':a;N;$!ba;s/\n/\\n/g')�[0m
2279:  �[36;1mecho "GO_FAIL_SUMMARY=$GO_FAIL_SUMMARY"�[0m
2280:  �[36;1mif [[ -z "$GO_FAIL_SUMMARY" ]]; then�[0m
2281:  �[36;1m  GO_FAIL_SUMMARY="unknown, please check the build URL"�[0m
2282:  �[36;1mfi�[0m
2283:  �[36;1mGO_FAIL_SUMMARY=$GO_FAIL_SUMMARY envsubst < .github/workflows/config/slack_payload_template.json > ./payload.json�[0m
2284:  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2285:  env:
2286:  RACE_ENABLED: false
2287:  GO_TEST_TIMEOUT: 20m
2288:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2289:  RUN_TESTS_ARG: 
2290:  CI_TEST_PKG: fleetctl
2291:  NEED_DOCKER: 1
2292:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2293:  GOTOOLCHAIN: local
2294:  ##[endgroup]
2295:  GO_FAIL_SUMMARY=
2296:  Node 20 is being deprecated. This workflow is running with Node 24 by default. If you need to temporarily use Node 20, you can set the ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true environment variable. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
2297:  ##[group]Run actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
2298:  with:
2299:  name: fleetctl-mysql8.0.44-test-log
2300:  path: /tmp/gotest.log
2301:  if-no-files-found: error
2302:  compression-level: 6
...

2305:  RACE_ENABLED: false
2306:  GO_TEST_TIMEOUT: 20m
2307:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2308:  RUN_TESTS_ARG: 
2309:  CI_TEST_PKG: fleetctl
2310:  NEED_DOCKER: 1
2311:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2312:  GOTOOLCHAIN: local
2313:  ##[endgroup]
2314:  (node:45852) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
2315:  (Use `node --trace-deprecation ...` to show where the warning was created)
2316:  With the provided path, there will be 1 file uploaded
2317:  Artifact name is valid!
2318:  Root directory input is valid!
2319:  Beginning upload of artifact content to blob storage
2320:  (node:45852) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
2321:  Uploaded bytes 10682
...

2337:  RACE_ENABLED: false
2338:  GO_TEST_TIMEOUT: 20m
2339:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2340:  RUN_TESTS_ARG: 
2341:  CI_TEST_PKG: fleetctl
2342:  NEED_DOCKER: 1
2343:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2344:  GOTOOLCHAIN: local
2345:  ##[endgroup]
2346:  (node:45864) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
2347:  (Use `node --trace-deprecation ...` to show where the warning was created)
2348:  With the provided path, there will be 1 file uploaded
2349:  Artifact name is valid!
2350:  Root directory input is valid!
2351:  Beginning upload of artifact content to blob storage
2352:  (node:45864) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
2353:  Uploaded bytes 138
...

2369:  RACE_ENABLED: false
2370:  GO_TEST_TIMEOUT: 20m
2371:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2372:  RUN_TESTS_ARG: 
2373:  CI_TEST_PKG: fleetctl
2374:  NEED_DOCKER: 1
2375:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2376:  GOTOOLCHAIN: local
2377:  ##[endgroup]
2378:  (node:45900) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
2379:  (Use `node --trace-deprecation ...` to show where the warning was created)
2380:  With the provided path, there will be 1 file uploaded
2381:  Artifact name is valid!
2382:  Root directory input is valid!
2383:  Beginning upload of artifact content to blob storage
2384:  (node:45900) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
2385:  Uploaded bytes 104103
...

2418:  RACE_ENABLED: false
2419:  GO_TEST_TIMEOUT: 20m
2420:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2421:  RUN_TESTS_ARG: 
2422:  CI_TEST_PKG: fleetctl
2423:  NEED_DOCKER: 1
2424:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2425:  GOTOOLCHAIN: local
2426:  ##[endgroup]
2427:  (node:45913) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
2428:  (Use `node --trace-deprecation ...` to show where the warning was created)
2429:  With the provided path, there will be 1 file uploaded
2430:  Artifact name is valid!
2431:  Root directory input is valid!
2432:  Beginning upload of artifact content to blob storage
2433:  (node:45913) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
2434:  Uploaded bytes 133

@sgress454 sgress454 merged commit 0301aea into main Jun 19, 2026
45 of 47 checks passed
@sgress454 sgress454 deleted the sgress454/44746-cve-filtering-frontend branch June 19, 2026 19:17
AndreyKizimenko added a commit that referenced this pull request Jun 26, 2026
)

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Visual polish for the unreleased Vulnerability
Exposure chart filter (part of #47674 / #44746)

Left-aligns the "Advanced options" reveal toggle in the chart filter
modal's Software tab so it matches the design. Previously the toggle
stretched to the full width of the column-flex container and its content
was centered; this adds `align-self: flex-start` so it hugs the left
edge.

## Before / After
- **Before:** "Advanced options" toggle centered in the panel.
<img width="400" alt="image"
src="https://github.com/user-attachments/assets/b4cbe5fc-832e-415b-af31-bfd3ca14085d"
/>

- **After:** Left-aligned, matching the Figma design.
<img width="400" alt="CleanShot 2026-06-26 at 12 20 50@2x"
src="https://github.com/user-attachments/assets/6204bc50-eb1a-4abc-bee6-45f6bb161bb2"
/>

# Checklist for submitter

- [x] QA'd all new/changed functionality manually

<!-- Frontend-only CSS alignment fix on an unreleased feature —
DB/config/orbit/changes-file sections below are N/A and removed per
template instructions. -->


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Style**
* Adjusted the alignment of the “Advanced options” toggle in the
software filters panel for a cleaner layout.
* **Bug Fixes**
* Improved the positioning of the toggle button so it aligns
consistently within the filter section.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants