Skip to content

Release v1.17.3 #840

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tphoney merged 15 commits into from
Mar 30, 2026
Merged

Release v1.17.3 #840

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
5445b64
Enhance Azure integration tests with automatic remediation for ghost …
DavidS-ovm Mar 23, 2026
79f33f1
feat(azure): add NetworkLoadBalancerBackendAddressPool adapter (#4393)
DavidS-ovm Mar 23, 2026
515f14b
feat: add Azure NetworkLoadBalancerProbe adapter (#4402)
Lionel-Wilson Mar 24, 2026
adb4fdd
feat: Add Azure adapter for DBforPostgreSQLFlexibleServerConfiguratio…
Lionel-Wilson Mar 24, 2026
f283cbc
feat(azure): add SQLDatabaseSchema adapter (#4415)
Lionel-Wilson Mar 24, 2026
5eddeee
feat(azure): Add DBforPostgreSQLFlexibleServerReplica adapter (#4416)
Lionel-Wilson Mar 24, 2026
78522fb
[ENG-3353] Add GitHub App Check Runs for risk analysis results (#4417)
getinnocuous Mar 25, 2026
84a94a2
GitHub Webhook Lifecycle Events (deleted / suspend / unsuspend) (#4432)
DavidS-ovm Mar 26, 2026
c599d54
chore: move oql-prototype into tools/ and integrate with monorepo (#4…
DavidS-ovm Mar 26, 2026
59aa85c
[ENG-3365] refactor: extract CLI auth logic to shared go/cliauth pack…
carabasdaniel Mar 26, 2026
086ac11
fix(deps): update go (#4433)
renovate[bot] Mar 27, 2026
7452d95
[ENG-3365] feat: area51 export-archive with host trust validation (#4…
carabasdaniel Mar 27, 2026
ab6588c
chore(deps): update terraform (#4456)
renovate[bot] Mar 27, 2026
4b477f5
[ENG-3461] fix: bump buger/jsonparser to v1.1.2 (CVE-2026-32285) (#4478)
DavidS-ovm Mar 30, 2026
83cfe72
Run go mod tidy
actions-user Mar 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
58 changes: 29 additions & 29 deletions .terraform.lock.hcl
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 0 additions & 16 deletions aws-source/module/.cursor/BUGBOT.md
View file
Open in desktop

This file was deleted.

63 changes: 0 additions & 63 deletions cmd/pterm.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ package cmd

import (
"context"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"net/http"
Expand Down Expand Up @@ -286,64 +284,3 @@ func heartbeatOptions(oi sdp.OvermindInstance, token *oauth2.Token) *discovery.H
}
}

func HasScopesFlexible(token *oauth2.Token, requiredScopes []string) (bool, string, error) {
if token == nil {
return false, "", errors.New("HasScopesFlexible: token is nil")
}

claims, err := extractClaims(token.AccessToken)
if err != nil {
return false, "", fmt.Errorf("error extracting claims from token: %w", err)
}

for _, scope := range requiredScopes {
if !claims.HasScope(scope) {
// If they don't have the *exact* scope, check to see if they have
// write access to the same service
sections := strings.Split(scope, ":")
var hasWriteInstead bool

if len(sections) == 2 {
service, action := sections[0], sections[1]

if action == "read" {
hasWriteInstead = claims.HasScope(fmt.Sprintf("%v:write", service))
}
}

if !hasWriteInstead {
return false, scope, nil
}
}
}

return true, "", nil
}

// extracts custom claims from a JWT token. Note that this does not verify the
// signature of the token, it just extracts the claims from the payload
func extractClaims(token string) (*auth.CustomClaims, error) {
// We aren't interested in checking the signature of the token since
// the server will do that. All we need to do is make sure it
// contains the right scopes. Therefore we just parse the payload
// directly
sections := strings.Split(token, ".")
if len(sections) != 3 {
return nil, errors.New("token is not a JWT")
}

// Decode the payload
decodedPayload, err := base64.RawURLEncoding.DecodeString(sections[1])
if err != nil {
return nil, fmt.Errorf("error decoding token payload: %w", err)
}

// Parse the payload
claims := new(auth.CustomClaims)
err = json.Unmarshal(decodedPayload, claims)
if err != nil {
return nil, fmt.Errorf("error parsing token payload: %w", err)
}

return claims, nil
}
Loading