Release v1.11.1 #823
Merged
Release v1.11.1 #823
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- CURSOR_SUMMARY --> > [!NOTE] > Introduce Azure Storage Blob Container discovery (with client, wrapper, and type definitions), plus minor SDK/SDK utils updates and new change-analysis tests for ID-based theory handling. > > - **Azure Source**: > - **New Adapter**: Implement `StorageBlobContainer` wrapper with `Get`/`Search`, links to `azure-storage-account` and `azure-storage-blob`, Terraform/IAM metadata, and integration into adapter registration per resource group. > - **Clients**: Add `BlobContainersClient` interface and concrete wrapper around `armstorage.BlobContainersClient`. > - **Item Types/Models**: Add `storage` API and item types: `azure-storage-account`, `azure-storage-blob-container`, `azure-storage-blob`. > - **Dependencies**: Require `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage` in `go.mod`. > - **SDP Library**: > - Enhance references/queries utilities (e.g., `Reference.IsSingle/Key`, `Query.GetUUIDParsed`) and improve attribute sanitization; minor handler import ordering. > - **Change Analysis (tests)**: > - Add tests validating theory ID preservation and deduplication behavior; expand v6 risk dedup tests and filtering helpers. > - **Misc**: > - Small style/nolint fixes across tests; minor server/k8s adapter tidy-ups; VSCode test env vars. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 7d590796fb5e52875a4c373d19177ee1e5dbd446. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 4b0f54f1b93ac36ea48789c059200c36652bc778
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/serpapi/serpapi-golang](https://redirect.github.com/serpapi/serpapi-golang) ([changelog](https://redirect.github.com/serpapi/serpapi-golang/compare/f1bfb86616c7..a523a2179b23)) | require | digest | `f1bfb86` -> `a523a21` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4pm on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> GitOrigin-RevId: 88f2a861e3e6b1ad3a3704e9e7ad9dd241577bb2
…3230) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [google.golang.org/genproto/googleapis/rpc](https://redirect.github.com/googleapis/go-genproto) ([changelog](https://redirect.github.com/googleapis/go-genproto/compare/95abcf5c77ba..ff82c1b0f217)) | require | digest | `95abcf5` -> `ff82c1b` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4pm on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> GitOrigin-RevId: 1bb28c42cf7dc6296043a7ac63129ead30211605
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine | final | minor | `3.22` -> `3.23` | | alpine | stage | minor | `3.22` -> `3.23` | | alpine | final | minor | `3.22.2` -> `3.23.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4pm on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZG9ja2VyIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 7b15312b70968a440e1e92cc59cf6f1c1b80696b
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [cloud.google.com/go/aiplatform](https://redirect.github.com/googleapis/google-cloud-go) | `v1.109.0` -> `v1.110.0` |  |  | | [cloud.google.com/go/compute](https://redirect.github.com/googleapis/google-cloud-go) | `v1.49.1` -> `v1.50.0` |  |  | | [cloud.google.com/go/networksecurity](https://redirect.github.com/googleapis/google-cloud-go) | `v0.10.7` -> `v0.11.0` |  |  | | [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://redirect.github.com/Azure/azure-sdk-for-go) | `v1.19.1` -> `v1.20.0` |  |  | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://redirect.github.com/Azure/azure-sdk-for-go) | `v1.10.1` -> `v1.13.1` |  |  | | [github.com/aws/aws-sdk-go-v2/service/lambda](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.85.0` -> `v1.86.0` |  |  | | [github.com/getsentry/sentry-go](https://redirect.github.com/getsentry/sentry-go) | `v0.38.0` -> `v0.40.0` |  |  | | [github.com/harness/harness-go-sdk](https://redirect.github.com/harness/harness-go-sdk) | `v0.6.3` -> `v0.6.5` |  |  | | [github.com/nats-io/nkeys](https://redirect.github.com/nats-io/nkeys) | `v0.4.11` -> `v0.4.12` |  |  | | [github.com/openai/openai-go/v3](https://redirect.github.com/openai/openai-go) | `v3.8.1` -> `v3.10.0` |  |  | | [github.com/posthog/posthog-go](https://redirect.github.com/posthog/posthog-go) | `v1.6.12` -> `v1.6.13` |  |  | | [github.com/projectdiscovery/subfinder/v2](https://redirect.github.com/projectdiscovery/subfinder) | `v2.10.0` -> `v2.10.1` |  |  | | [github.com/riverqueue/river](https://redirect.github.com/riverqueue/river) | `v0.27.0` -> `v0.28.0` |  |  | | [github.com/riverqueue/river/riverdriver/riverpgxv5](https://redirect.github.com/riverqueue/river) | `v0.27.0` -> `v0.28.0` |  |  | | [github.com/riverqueue/river/rivertype](https://redirect.github.com/riverqueue/river) | `v0.27.0` -> `v0.28.0` |  |  | | [github.com/spf13/cobra](https://redirect.github.com/spf13/cobra) | `v1.10.1` -> `v1.10.2` |  |  | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | `v0.256.0` -> `v0.257.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ##⚠️ Warning These modules are almost certainly going to break everything. They do every time they update. If you update even one repo's OTEL modules, go will then pull in new versions due to [MVS](https://research.swtch.com/vgo-mvs) which will cause your repo to break. All [otel pull requests](https://redirect.github.com/pulls?q=is%3Aopen+is%3Apr+user%3Aovermindtech+archived%3Afalse+label%3Aobservability+) need to be merged basically at the same time, and after all of the modules have been updated to be compatible with each other. ##⚠️ Warning These modules contain database migrations that need to be added manually to our atlas migrations. Check the contents of https://github.com/riverqueue/river/tree/master/rivermigrate/migration before merging this update. --- ### Release Notes <details> <summary>googleapis/google-cloud-go (cloud.google.com/go/networksecurity)</summary> ### [`v0.11.0`](https://redirect.github.com/googleapis/google-cloud-go/blob/HEAD/CHANGES.md#v0110) - Clients for spanner, pubsub and video are now in beta. - New client for DLP. - spanner: performance and testing improvements. - storage: requester-pays buckets are supported. - storage, profiler, bigtable, bigquery: bug fixes and other minor improvements. - pubsub: bug fixes and other minor improvements </details> <details> <summary>aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2/service/lambda)</summary> ### [`v1.86.0`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2025-04-10) #### General Highlights - **Dependency Update**: Updated to the latest SDK module versions #### Module Highlights - `github.com/aws/aws-sdk-go-v2/feature/dynamodb/expression`: [v1.7.78](feature/dynamodb/expression/CHANGELOG.md#v1778-2025-04-10) - **Bug Fix**: allow nested list indices in expressions - `github.com/aws/aws-sdk-go-v2/service/applicationautoscaling`: [v1.36.0](service/applicationautoscaling/CHANGELOG.md#v1360-2025-04-10) - **Feature**: Application Auto Scaling now supports horizontal scaling for Elasticache Memcached self-designed clusters using target tracking scaling policies and scheduled scaling. - `github.com/aws/aws-sdk-go-v2/service/elasticache`: [v1.46.0](service/elasticache/CHANGELOG.md#v1460-2025-04-10) - **Feature**: AWS ElastiCache SDK now supports using MemcachedUpgradeConfig parameter with ModifyCacheCluster API to enable updating Memcached cache node types. Please refer to updated AWS ElastiCache public documentation for detailed information on API usage and implementation. - `github.com/aws/aws-sdk-go-v2/service/m2`: [v1.21.0](service/m2/CHANGELOG.md#v1210-2025-04-10) - **Feature**: Introduce three new APIs: CreateDataSetExportTask, GetDataSetExportTask and ListDataSetExportHistory. Add support for batch restart for Blu Age applications. - `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.74.0](service/medialive/CHANGELOG.md#v1740-2025-04-10) - **Feature**: AWS Elemental MediaLive / Features : Add support for CMAF Ingest CaptionLanguageMappings, TimedMetadataId3 settings, and Link InputResolution. - `github.com/aws/aws-sdk-go-v2/service/qbusiness`: [v1.24.0](service/qbusiness/CHANGELOG.md#v1240-2025-04-10) - **Feature**: Adds functionality to enable/disable a new Q Business Hallucination Reduction feature. If enabled, Q Business will detect and attempt to remove Hallucinations from certain Chat requests. - `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.86.0](service/quicksight/CHANGELOG.md#v1860-2025-04-10) - **Feature**: Add support to analysis and sheet level highlighting in QuickSight. </details> <details> <summary>getsentry/sentry-go (github.com/getsentry/sentry-go)</summary> ### [`v0.40.0`](https://redirect.github.com/getsentry/sentry-go/releases/tag/v0.40.0): 0.40.0 [Compare Source](https://redirect.github.com/getsentry/sentry-go/compare/v0.39.0...v0.40.0) The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.40.0. ##### Bug Fixes - Disable `DisableTelemetryBuffer` flag and noop Telemetry Buffer, to prevent a panic at runtime ([#​1149](https://redirect.github.com/getsentry/sentry-go/pull/1149)). ### [`v0.39.0`](https://redirect.github.com/getsentry/sentry-go/releases/tag/v0.39.0): 0.39.0 [Compare Source](https://redirect.github.com/getsentry/sentry-go/compare/v0.38.0...v0.39.0) The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.39.0. ##### Features - Drop events from the telemetry buffer when rate-limited or transport is full, allowing the buffer queue to empty itself under load ([#​1138](https://redirect.github.com/getsentry/sentry-go/pull/1138)). ##### Bug Fixes - Fix scheduler's `hasWork()` method to check if buffers are ready to flush. The previous implementation was causing CPU spikes ([#​1143](https://redirect.github.com/getsentry/sentry-go/pull/1143)). </details> <details> <summary>harness/harness-go-sdk (github.com/harness/harness-go-sdk)</summary> ### [`v0.6.5`](https://redirect.github.com/harness/harness-go-sdk/compare/v0.6.4...v0.6.5) [Compare Source](https://redirect.github.com/harness/harness-go-sdk/compare/v0.6.4...v0.6.5) ### [`v0.6.4`](https://redirect.github.com/harness/harness-go-sdk/compare/v0.6.3...v0.6.4) [Compare Source](https://redirect.github.com/harness/harness-go-sdk/compare/v0.6.3...v0.6.4) </details> <details> <summary>nats-io/nkeys (github.com/nats-io/nkeys)</summary> ### [`v0.4.12`](https://redirect.github.com/nats-io/nkeys/releases/tag/v0.4.12) [Compare Source](https://redirect.github.com/nats-io/nkeys/compare/v0.4.11...v0.4.12) #### What's Changed - Add 'go mod tidy' to release workflow integrity checks by [@​aricart](https://redirect.github.com/aricart) in [#​75](https://redirect.github.com/nats-io/nkeys/pull/75) - fix(deps): update golang.org/x/crypto to v0.45.0 by [@​ktarplee](https://redirect.github.com/ktarplee) in [#​79](https://redirect.github.com/nats-io/nkeys/pull/79) #### New Contributors - [@​ktarplee](https://redirect.github.com/ktarplee) made their first contribution in [#​79](https://redirect.github.com/nats-io/nkeys/pull/79) **Full Changelog**: <nats-io/nkeys@v0.4.11...v0.4.12> </details> <details> <summary>openai/openai-go (github.com/openai/openai-go/v3)</summary> ### [`v3.10.0`](https://redirect.github.com/openai/openai-go/releases/tag/v3.10.0) [Compare Source](https://redirect.github.com/openai/openai-go/compare/v3.9.0...v3.10.0) #### 3.10.0 (2025-12-04) Full Changelog: [v3.9.0...v3.10.0](https://redirect.github.com/openai/openai-go/compare/v3.9.0...v3.10.0) ##### Features - **api:** gpt-5.1-codex-max and responses/compact ([1e1ca2a](https://redirect.github.com/openai/openai-go/commit/1e1ca2a6369c79a79bb54df3ee40b2d5604a21c5)) ### [`v3.9.0`](https://redirect.github.com/openai/openai-go/blob/HEAD/CHANGELOG.md#390-2025-12-01) [Compare Source](https://redirect.github.com/openai/openai-go/compare/v3.8.1...v3.9.0) Full Changelog: [v3.8.1...v3.9.0](https://redirect.github.com/openai/openai-go/compare/v3.8.1...v3.9.0) ##### Features - **api:** gpt 5.1 ([470f91f](https://redirect.github.com/openai/openai-go/commit/470f91faac304e518019be9f7b12e6270af63bbd)) ##### Bug Fixes - **api:** align types of input items / output items for typescript ([5b89d3b](https://redirect.github.com/openai/openai-go/commit/5b89d3ba03968ee9f5b49e7e065495c3c5c77710)) - **client:** correctly specify Accept header with */* instead of empty ([fbadb4e](https://redirect.github.com/openai/openai-go/commit/fbadb4e8b1a81c99a7b3936da483ee9542de2c23)) ##### Chores - bump gjson version ([305831f](https://redirect.github.com/openai/openai-go/commit/305831feb6c39d1f9f6e85c2e9f94f6c7f0dcd45)) - fix empty interfaces ([2aaa980](https://redirect.github.com/openai/openai-go/commit/2aaa980c2f0cac814065e4e5e294b151500c2e3f)) </details> <details> <summary>posthog/posthog-go (github.com/posthog/posthog-go)</summary> ### [`v1.6.13`](https://redirect.github.com/PostHog/posthog-go/releases/tag/v1.6.13) [Compare Source](https://redirect.github.com/posthog/posthog-go/compare/v1.6.12...v1.6.13) #### What's Changed - feat: Add SDK parity for date operators and inconclusive evaluation by [@​dustinbyrne](https://redirect.github.com/dustinbyrne) in [PostHog#131](https://redirect.github.com/PostHog/posthog-go/pull/131) #### New Contributors - [@​dustinbyrne](https://redirect.github.com/dustinbyrne) made their first contribution in [PostHog#131](https://redirect.github.com/PostHog/posthog-go/pull/131) **Full Changelog**: <PostHog/posthog-go@v1.6.12...v1.6.13> </details> <details> <summary>projectdiscovery/subfinder (github.com/projectdiscovery/subfinder/v2)</summary> ### [`v2.10.1`](https://redirect.github.com/projectdiscovery/subfinder/releases/tag/v2.10.1) [Compare Source](https://redirect.github.com/projectdiscovery/subfinder/compare/v2.10.0...v2.10.1) <!-- Release notes generated using configuration in .github/release.yml at main --> #### What's Changed - bump version by [@​dogancanbakir](https://redirect.github.com/dogancanbakir) in [#​1673](https://redirect.github.com/projectdiscovery/subfinder/pull/1673) **Full Changelog**: <projectdiscovery/subfinder@v2.9.0...v2.10.1> </details> <details> <summary>riverqueue/river (github.com/riverqueue/river)</summary> ### [`v0.28.0`](https://redirect.github.com/riverqueue/river/releases/tag/v0.28.0) [Compare Source](https://redirect.github.com/riverqueue/river/compare/v0.27.1...v0.28.0) ##### Added - Added `riverlog.LoggerSafely` which provides a non-panic variant of `riverlog.Logger` for use when code may or may not have a context logger available. [PR #​1093](https://redirect.github.com/riverqueue/river/pull/1093). ### [`v0.27.1`](https://redirect.github.com/riverqueue/river/releases/tag/v0.27.1) [Compare Source](https://redirect.github.com/riverqueue/river/compare/v0.27.0...v0.27.1) - Unique args: Handle embedded fields that are not structs. [PR #​1088](https://redirect.github.com/riverqueue/river/pull/1088). - Fix stack overflow when handling `river:"unique"` annotations on recursive types. [PR #​1090](https://redirect.github.com/riverqueue/river/pull/1090). </details> <details> <summary>spf13/cobra (github.com/spf13/cobra)</summary> ### [`v1.10.2`](https://redirect.github.com/spf13/cobra/releases/tag/v1.10.2) [Compare Source](https://redirect.github.com/spf13/cobra/compare/v1.10.1...v1.10.2) #### 🔧 Dependencies - chore: Migrate from `gopkg.in/yaml.v3` to `go.yaml.in/yaml/v3` by [@​dims](https://redirect.github.com/dims) in [#​2336](https://redirect.github.com/spf13/cobra/pull/2336) - the `gopkg.in/yaml.v3` package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of `spf13/cobra` #### 📈 CI/CD - Fix linter and allow CI to pass by [@​marckhouzam](https://redirect.github.com/marckhouzam) in [#​2327](https://redirect.github.com/spf13/cobra/pull/2327) - fix: actions/setup-go v6 by [@​jpmcb](https://redirect.github.com/jpmcb) in [#​2337](https://redirect.github.com/spf13/cobra/pull/2337) #### 🔥✍🏼 Docs - Add documentation for repeated flags functionality by [@​rvergis](https://redirect.github.com/rvergis) in [#​2316](https://redirect.github.com/spf13/cobra/pull/2316) #### 🍂 Refactors - refactor: replace several vars with consts by [@​htoyoda18](https://redirect.github.com/htoyoda18) in [#​2328](https://redirect.github.com/spf13/cobra/pull/2328) - refactor: change minUsagePadding from var to const by [@​ssam18](https://redirect.github.com/ssam18) in [#​2325](https://redirect.github.com/spf13/cobra/pull/2325) #### 🤗 New Contributors - [@​rvergis](https://redirect.github.com/rvergis) made their first contribution in [#​2316](https://redirect.github.com/spf13/cobra/pull/2316) - [@​htoyoda18](https://redirect.github.com/htoyoda18) made their first contribution in [#​2328](https://redirect.github.com/spf13/cobra/pull/2328) - [@​ssam18](https://redirect.github.com/ssam18) made their first contribution in [#​2325](https://redirect.github.com/spf13/cobra/pull/2325) - [@​dims](https://redirect.github.com/dims) made their first contribution in [#​2336](https://redirect.github.com/spf13/cobra/pull/2336) **Full Changelog**: <spf13/cobra@v1.10.1...v1.10.2> Thank you to our amazing contributors!!!!! 🐍 🚀 </details> <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> ### [`v0.257.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.257.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.256.0...v0.257.0) ##### Features - **all:** Auto-regenerate discovery clients ([#​3376](https://redirect.github.com/googleapis/google-api-go-client/issues/3376)) ([b0c07d2](https://redirect.github.com/googleapis/google-api-go-client/commit/b0c07d2f5cc4aa2cf974c2938508626f8430855e)) - **all:** Auto-regenerate discovery clients ([#​3380](https://redirect.github.com/googleapis/google-api-go-client/issues/3380)) ([47fcc39](https://redirect.github.com/googleapis/google-api-go-client/commit/47fcc39088f806c4202ca47159416ce99a0a0c72)) - **all:** Auto-regenerate discovery clients ([#​3381](https://redirect.github.com/googleapis/google-api-go-client/issues/3381)) ([cf5cf20](https://redirect.github.com/googleapis/google-api-go-client/commit/cf5cf20d07fac3acc66c1f9ade705bb99701519a)) - **all:** Auto-regenerate discovery clients ([#​3382](https://redirect.github.com/googleapis/google-api-go-client/issues/3382)) ([2931d4b](https://redirect.github.com/googleapis/google-api-go-client/commit/2931d4b217c6934f85bdc378ebbbbe4fa54db96d)) - **all:** Auto-regenerate discovery clients ([#​3383](https://redirect.github.com/googleapis/google-api-go-client/issues/3383)) ([446402e](https://redirect.github.com/googleapis/google-api-go-client/commit/446402e7d6aedbe169505c07aafcf45e96563a8e)) - **all:** Auto-regenerate discovery clients ([#​3384](https://redirect.github.com/googleapis/google-api-go-client/issues/3384)) ([d82a5d0](https://redirect.github.com/googleapis/google-api-go-client/commit/d82a5d02f83b3455f747cbb1fb14930703dad60e)) - **all:** Auto-regenerate discovery clients ([#​3386](https://redirect.github.com/googleapis/google-api-go-client/issues/3386)) ([6a0b46d](https://redirect.github.com/googleapis/google-api-go-client/commit/6a0b46d49312d528dab4dce8daee48866f38ba25)) - **all:** Auto-regenerate discovery clients ([#​3387](https://redirect.github.com/googleapis/google-api-go-client/issues/3387)) ([f3dc8f4](https://redirect.github.com/googleapis/google-api-go-client/commit/f3dc8f4bd57ade8c6ffb37cda8d55289228ebcd1)) - **all:** Auto-regenerate discovery clients ([#​3388](https://redirect.github.com/googleapis/google-api-go-client/issues/3388)) ([e3ca7fd](https://redirect.github.com/googleapis/google-api-go-client/commit/e3ca7fd5738afd1a8aa046431ef005c48e701358)) - **all:** Auto-regenerate discovery clients ([#​3389](https://redirect.github.com/googleapis/google-api-go-client/issues/3389)) ([b78dd96](https://redirect.github.com/googleapis/google-api-go-client/commit/b78dd96b2c603926daca6c30baae9c4843bf5664)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4pm on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIiwib2JzZXJ2YWJpbGl0eSJdfQ==--> GitOrigin-RevId: ff68e576d37a3b6c7783bca3c6f7e64b35e474cc
This branch has been branched from https://github.com/overmindtech/workspace/pull/3225 <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Switches changes list filtering from tags to labels end-to-end (DB/queries, proto/SDKs, server, frontend), adds active label UI and updates tests. > > - **Backend**: > - Update `api-server/models/changes.sql` and generated Go to filter by `labels` (JSONB array of label objects) instead of tag values; simplify params/types. > - `ListHomeChanges` uses `filters.labels`; remove tag marshalling; adjust pagination arg types. > - **API/Proto/SDKs**: > - Change `ChangeFiltersRequest`: remove `tags` (reserved) and add `labels` (repeated string); regenerate `sdp-go` and `sdp-js`. > - **Frontend**: > - Replace tag-based filters with label support in `changes` feature helpers and state (URL param `labels`). > - Add `ActiveLabelFilter` and show in `Changes` header; remove tag filter UI and tag-hover add control. > - `AutoLabel` now links to filtered changes; edit/delete dialogs sync active label filters. > - **Tests**: > - Add label data to fixtures and comprehensive label filter cases; remove tag filter tests; adjust existing tests accordingly. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 7c29d073561ec088d600285dd5aed5658c1d635c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: tphoney <thomas.honey@overmind.tech> GitOrigin-RevId: 8b6806e046a8982ba2977b14611e1db6704b8510
To build container locally you can use: `docker buildx bake -f build/images-bake.hcl azure` The Azure source uses Azure Workload Identity with OIDC federation to authenticate to Azure without needing client secrets. 1. Customer Setup (one-time, for now via setup_helper_script.sh - might change this later) The script creates: - An Azure AD App Registration for the Overmind source - A Federated Credential that trusts the EKS OIDC issuer - The federated credential's subject is bound to a specific Kubernetes ServiceAccount: system:serviceaccount:<namespace>:<customer>-azure-source-pod-sa - A Reader role assignment on the target Azure subscription 2. Srcman Pod Configuration - reconciles an Azure source: - Creates a ServiceAccount with Azure Workload Identity annotations: - Labels the pod with azure.workload.identity/use: "true" to trigger the webhook 3. When the Azure source pod starts the Azure Workload Identity webhook (running in the cluster) sees the annotations and injects: - AZURE_CLIENT_ID and AZURE_TENANT_ID env vars - AZURE_FEDERATED_TOKEN_FILE pointing to a mounted Kubernetes ServiceAccount token Key Trust Chain: EKS OIDC Issuer → Azure AD (federated credential) → Azure Source Pod No secrets are stored or transmitted — the pod proves its identity via the Kubernetes-issued JWT that Azure trusts through OIDC federation. --------- Co-authored-by: David Schmitt <david.schmitt@overmind.tech> GitOrigin-RevId: 48a03973496669a67f403d7283f36417885c0c76
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/google/go-github/v79](https://redirect.github.com/google/go-github) | `v79.0.0` -> `v80.0.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>google/go-github (github.com/google/go-github/v79)</summary> ### [`v80.0.0`](https://redirect.github.com/google/go-github/releases/tag/v80.0.0) [Compare Source](https://redirect.github.com/google/go-github/compare/v79.0.0...v80.0.0) This release contains the following breaking API changes: - feat!: Implement Enterprise SCIM - EnterpriseService.ListProvisionedSCIMUsers ([#​3839](https://redirect.github.com/google/go-github/issues/3839)) BREAKING CHANGE: `ListProvisionedSCIMGroupsEnterpriseOptions` optional fields are now pointers. ...and the following additional changes: - Bump go-github from v78 to v79 in /scrape ([#​3828](https://redirect.github.com/google/go-github/issues/3828)) - build(deps): Bump github.com/PuerkitoBio/goquery from 1.10.3 to 1.11.0 in /scrape ([#​3833](https://redirect.github.com/google/go-github/issues/3833)) - build(deps): Bump actions/checkout from 5.0.0 to 5.0.1 in the actions group ([#​3834](https://redirect.github.com/google/go-github/issues/3834)) - build(deps): Bump golang.org/x/crypto from 0.43.0 to 0.44.0 in /example ([#​3835](https://redirect.github.com/google/go-github/issues/3835)) - build(deps): Bump github.com/alecthomas/kong from 1.12.1 to 1.13.0 in /tools ([#​3837](https://redirect.github.com/google/go-github/issues/3837)) - feat: Add support for Enterprise GitHub App Installation APIs ([#​3830](https://redirect.github.com/google/go-github/issues/3830)) - Add ParentIssueURL field to Issue struct ([#​3841](https://redirect.github.com/google/go-github/issues/3841)) - build(deps): Bump golang.org/x/crypto from 0.44.0 to 0.45.0 in /example ([#​3842](https://redirect.github.com/google/go-github/issues/3842)) - build(deps): Bump the actions group with 2 updates ([#​3844](https://redirect.github.com/google/go-github/issues/3844)) - Add custom `structfield` linter to check struct field names and tags ([#​3843](https://redirect.github.com/google/go-github/issues/3843)) - feat: Add Credentials Revoke API ([#​3847](https://redirect.github.com/google/go-github/issues/3847)) - docs: Improve displaying GitHub API links on pkg.go.dev ([#​3845](https://redirect.github.com/google/go-github/issues/3845)) - feat: Add GitHub Enterprise App installation repository management APIs ([#​3831](https://redirect.github.com/google/go-github/issues/3831)) - feat: Implement Enterprise SCIM - Update Group & User attributes ([#​3848](https://redirect.github.com/google/go-github/issues/3848)) - chore: Update golangci-lint to v2.7.0 ([#​3853](https://redirect.github.com/google/go-github/issues/3853)) - feat: Add repository target to ruleset ([#​3850](https://redirect.github.com/google/go-github/issues/3850)) - Bump version of go-github to v80.0.0 ([#​3854](https://redirect.github.com/google/go-github/issues/3854)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4pm on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> GitOrigin-RevId: e98adf055ac6b200d80b60ca94b5ac0fec52136f
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/neo4j/neo4j-go-driver/v5](https://redirect.github.com/neo4j/neo4j-go-driver) | `v5.28.4` -> `v6.0.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>neo4j/neo4j-go-driver (github.com/neo4j/neo4j-go-driver/v5)</summary> ### [`v6.0.0`](https://redirect.github.com/neo4j/neo4j-go-driver/releases/tag/v6.0.0) [Compare Source](https://redirect.github.com/neo4j/neo4j-go-driver/compare/v5.28.4...v6.0.0) See <https://github.com/neo4j/neo4j-go-driver/wiki/6.x-changelog> for more information. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4pm on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> GitOrigin-RevId: 333af578fbb1c296806069bbf4961c7e84b38bf7
<!-- CURSOR_SUMMARY --> > [!NOTE] > Add comprehensive tests for Azure `storage-blob-container` manual wrapper covering get/search flows, validation, error paths, and metadata mappings. > > - **Azure manual source tests** (`sources/azure/manual/storage-blob-container_test.go`): > - **Get**: Validates item type, unique attribute/value, scope, and linked query to `StorageAccount`. > - **Query validation**: Ensures errors on insufficient get/search query parts. > - **Search**: Uses mocked pager to return multiple containers; skips entries with nil `name`. > - **Error handling**: Covers failed `Get` and pager errors during `Search` without panics. > - **Metadata**: Verifies `GetLookups`, `SearchLookups`, `PotentialLinks`, `TerraformMappings` (`azurerm_storage_container.name`), `IAMPermissions`, and `PredefinedRole`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit c89bd6fa80ac1c331c9a693d06d5d2de3e42042d. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: David Schmitt <david.schmitt@overmind.tech> GitOrigin-RevId: a0df9d8176fc82dc0d01f239d69218a06fa070d6
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/stripe/stripe-go/v83](https://redirect.github.com/stripe/stripe-go) | `v83.2.1` -> `v84.0.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>stripe/stripe-go (github.com/stripe/stripe-go/v83)</summary> ### [`v84.0.0`](https://redirect.github.com/stripe/stripe-go/releases/tag/v84.0.0) [Compare Source](https://redirect.github.com/stripe/stripe-go/compare/v83.2.1...v84.0.0) This release changes the pinned API version to `2025-11-17.clover`. - [#​2216](https://redirect.github.com/stripe/stripe-go/pull/2216) Update generated code -⚠️ Change the type of `V2CoreEventDestinationParams.Metadata` and `V2CoreEventDestinationUpdateParams.Metadata` to `map[string]*string` from `map[string]string`. This supports the ability to remove a key from a `Metadata` map by setting its value to `nil`. -⚠️ A corresponding change was made to the `V2CoreEventDestinationParams.AddMetadata` method to set its second argument to `*string` from `string`. - [#​2215](https://redirect.github.com/stripe/stripe-go/pull/2215) Update generated code -⚠️ Remove support for `GTE`, `Gt`, `LT`, and `Lte` on `V2CoreEventListParams` in favor of `Created`. - [#​2210](https://redirect.github.com/stripe/stripe-go/pull/2210) Update v2 array parameter serialization to use indexed format - `Retrieve` and `List` calls for `/v2` endpoints now use indexed format (e.g., `?include[0]=foo&include[1]=bar`) instead of repeated parameter format (e.g., `?include=foo&include=bar`) when communicating with the Stripe API. This may break any unit tests that expect the latter behavior when setting up a mock server. Instead, they should now expect the former. - [#​2206](https://redirect.github.com/stripe/stripe-go/pull/2206) Update generated code - Add support for new resources `TaxAssociation` and `TerminalOnboardingLink` - Add support for `Find` method on resource `TaxAssociation` - Add support for `New` method on resource `TerminalOnboardingLink` - Add support for `PaymentMethodConfiguration` on `BillingPortalConfigurationFeaturesPaymentMethodUpdate` - Add support for `TransactionID` on `ChargePaymentMethodDetailsIdeal`, `PaymentAttemptRecordPaymentMethodDetailsIdeal`, and `PaymentRecordPaymentMethodDetailsIdeal` - Add support for new value `finom` on enums `ConfirmationTokenPaymentMethodPreviewIdeal.Bank`, `PaymentAttemptRecordPaymentMethodDetailsIdeal.Bank`, and `PaymentRecordPaymentMethodDetailsIdeal.Bank` - Add support for new value `FNOMNL22` on enums `ConfirmationTokenPaymentMethodPreviewIdeal.BIC`, `PaymentAttemptRecordPaymentMethodDetailsIdeal.BIC`, and `PaymentRecordPaymentMethodDetailsIdeal.BIC` - Add support for new value `tokenized_account_number_deactivated` on enums `ConfirmationTokenPaymentMethodPreviewUsBankAccountStatusDetailsBlocked.Reason` and `PaymentMethodUsBankAccountStatusDetailsBlocked.Reason` - Add support for `Created` on `CustomerCustomerBalanceTransactionListParams` and `InvoicePaymentListParams` - Add support for new values `financial_connections.account.account_numbers_updated` and `financial_connections.account.upcoming_account_number_expiry` on enum `Event.Type` - Add support for `AccountNumbers` on `FinancialConnectionsAccount` - Add support for `FraudRisk` on `IssuingAuthorizationRiskAssessmentParams` - Add support for `LatestFraudWarning` on `IssuingCard` - Add support for `Hooks` on `PaymentIntentCaptureParams`, `PaymentIntentConfirmParams`, `PaymentIntentIncrementAuthorizationParams`, `PaymentIntentParams`, and `PaymentIntent` - Add support for `MbWay` and `TWINT` on `RefundDestinationDetails` - Add support for snapshot events `EventTypeFinancialConnectionsAccountAccountNumbersUpdated` and `EventTypeFinancialConnectionsAccountUpcomingAccountNumberExpiry` with resource `FinancialConnectionsAccount` See [the changelog for more details](https://redirect.github.com/stripe/stripe-go/blob/v84.0.0/CHANGELOG.md). </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4pm on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Upgrade Stripe and GitHub client libraries (stripe-go v84, go-github v80) and update imports/usages across server and tests; no functional logic changes. > > - **Dependencies**: > - Upgrade `github.com/stripe/stripe-go` from `v83` to `v84` and update imports/usages in `server` (e.g., `account.go`, `auth0support.go`, `managementservice.go`, `stripe.go`, `main.go`) and tests. > - Upgrade `github.com/google/go-github` from `v79` to `v80` and update imports/usages in GitHub app/service code and tests (`server/githubapp/*`, `server/githubservice*.go`). > - **Build/Module Files**: > - Update `go.mod` and `go.sum` to reflect new versions. > - **Misc**: > - Minor formatting/whitespace tweaks in `main.go` struct fields. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit d69cc9a07a958e6074548e7af2140c0e50eff431. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 366cea1008c198cb89796063d4ecc5eb3ec0119d
This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on monday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 88974f4032e7267bb0179ba5b785b0fef55ce550
GitOrigin-RevId: 14e9d3487aa2d3a51ca19eebca129ee1cf3086bc
This is a bunch of changes that streamlines and unifies the otel attributes we collect for change analysis. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Replaces log-heavy paths with structured OTEL spans/Sentry across change analysis, refines blast-radius (classic/LLM) flow with timeouts and graceful degradation, and centralizes arg/metric recording. > > - **Observability/Tracing**: > - Replace many logs with OTEL span attributes; add Sentry error capture and span status on failures. > - Add `RecordArgsAttributes()` to consistently attach `ovm.*` attributes; used throughout steps and recursive calls. > - Track queue wait/duration, step results, mapping stats, risk counts, and v6 investigation metrics. > - **Blast Radius**: > - Split modes: `classic` vs `llm`; choose LLM automatically for v6 without custom hypotheses. > - Enforce configurable max time with cap; on timeout, continue with collected data (graceful degradation) when snapshot exists. > - Default/fallbacks for zero params; use `BlastRadiusMaxConcurrency` directly; improved recursive parallelism and deduped queries. > - Store LLM reasoning/theories in snapshot description when enabled; set summary on change. > - **Error handling/retries**: > - New `recordAndRetryStepError()`; more retryable error paths for gateway/connectivity and DB updates. > - `checkLogAndReturnContextError()` writes span attributes for canceled/timeout contexts. > - Timeline step runner records errors to Sentry and spans before marking DB status. > - **APIs/Types**: > - Remove `TheoriesTool` from change-analysis args (kept only in admin job args for backward compatibility). > - Add `sdp.SnapshotMetadata.GetUUIDParsed()` for safer UUID tracing. > - **Admin/Jobs**: > - Blast-radius worker no longer forwards `TheoriesTool`; clarifies as deprecated; passes new args and captures results/metrics. > - **Tests**: > - Minor fix to fatal error variable; add/adjust tests around job scheduling and sanitization remain unchanged functionally. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit fdac95c117a0bd2c9c375e822bfccb534dbae831. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 1422ad7b483a40a03c75a85633dcd6e7b3e7713b
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute](https://redirect.github.com/Azure/azure-sdk-for-go) | `v1.0.0` -> `v7.2.0` |  |  | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork](https://redirect.github.com/Azure/azure-sdk-for-go) | `v1.1.0` -> `v7.2.0` |  |  | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources](https://redirect.github.com/Azure/azure-sdk-for-go) | `v1.2.0` -> `v3.0.0` |  |  | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage](https://redirect.github.com/Azure/azure-sdk-for-go) | `v1.8.1` -> `v3.0.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4pm on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: ee88f11e01e0a3b538781bffe193c20095749293
<!-- CURSOR_SUMMARY --> > [!NOTE] > Introduce Azure Storage Account adapter with Get/List support, linked queries to child resources, new item types, mocks, and unit/integration tests. > > - **Azure Storage adapter**: > - Implement `manual/storage-account` wrapper with `Get` and `List`, Terraform mapping, IAM permissions, and blast-propagating links to `storage-blob-container`, `storage-file-share`, `storage-table`, and `storage-queue` using the account name. > - Add `clients/StorageAccountsClient` + `StorageAccountsPager` interfaces and SDK-backed implementation (`GetProperties`, `NewListByResourceGroupPager`). > - **Shared types**: > - Add item types/resources: `StorageFileShare`, `StorageTable`, `StorageQueue`. > - **Testing**: > - Add unit tests for `Get`/`List`, error handling, and link assertions with GoMock-generated mocks. > - Add integration test that provisions a storage account, validates `Get`/`List`, verifies linked queries, and performs teardown. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 08eb2742607c00828ca3090d301afe078b3999c6. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 15d57e90082810b11d08ffea2e2b48203d89b1d1
<!-- CURSOR_SUMMARY --> > [!NOTE] > Temporarily disables manual labels support (keeping tags) across the Terraform workflow, submit-plan action, and CLI flags. > > - **CI/Workflows**: > - In `.github/workflows/terraform.yml`, comment out `labels` for both prod and dogfood `submit-plan` steps. > - **GitHub Action (`actions/submit-plan`)**: > - Comment out the `labels` input definition in `action.yml`. > - Skip passing `--labels` to the CLI by commenting out the labels arg handling. > - **CLI**: > - In `cli/cmd/flags.go`, comment out registration of the `labels` flag in `addChangeCreationFlags`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 333a8aca2f1716b46f7777b352b5bd6ba4bf8506. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: b512fe21a0a845e13b1bb8cf9b7859ea86408b30
…282) <!-- CURSOR_SUMMARY --> > [!NOTE] > Adds Azure Storage File Share discovery (get/search) with unit+integration tests, introduces a generic Pager[T] and refactors pagers across clients. > > - **Azure clients**: > - **Generic pager**: Introduce `Pager[T]` in `sources/azure/clients/pager.go` and refactor pagers to type aliases in `storage-accounts-client.go`, `virtual-machines-client.go`, `blob-containers-client.go`. > - **New FileShares client**: Add `sources/azure/clients/fileshares-client.go` with `Get` and `List` using generic pager. > - **Manual adapters**: > - **New Storage File Share wrapper**: `sources/azure/manual/storage-fileshare.go` implementing `Get` and `Search`, link to `storage-account`, Terraform/IAM metadata, and composite ID. > - **Wire adapters**: Update `sources/azure/manual/adapters.go` to initialize and register Storage Account, Blob Container, and new File Share adapters per resource group. > - **Blob container tweak**: Use `shared.CompositeLookupKey` for `id` in `storage-blob-container.go`. > - **Tests**: > - **Unit tests**: Add `sources/azure/manual/storage-fileshare_test.go` with pager mocks and error cases; add mock `FileSharesClient` in `sources/azure/shared/mocks/mock_file_shares_client.go`. > - **Integration test**: Add `sources/azure/integration-tests/storage-fileshare_test.go` covering setup, get, search, link verification, and teardown. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 90d50f1d5bbe13f5ae4f8ae14874cac4fe548741. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: fda1d004c3b770708b985f5ab81fa68dbf28c5bb
…… (#3284) ## Summary - Add blast radius propagation from Security Groups to EC2 instances via Network Interfaces - Enable `ec2-network-interface` adapter to search by security group ID using AWS's `group-id` filter - Fix issue where changing a Security Group would not show affected EC2 instances in blast radius ## Problem When analyzing the blast radius of a Security Group change, Overmind wasn't discovering the EC2 instances attached to that security group. This was because: 1. The `ec2-security-group` adapter only linked **outward** to VPCs and other security groups 2. The `ec2-instance` adapter linked **to** security groups with `In: true, Out: false` 3. Since blast radius starts from the changing resource (SG) and follows outward links, instances were never discovered This meant users would see no risks when modifying security groups, even when instances were actively using them. ## Solution Added a forward link from Security Groups → Network Interfaces → Instances: ``` SG change → ec2-network-interface (SEARCH by sg-id) → ec2-instance (existing link with Out: true) ``` Changes: - `ec2-security-group`: Added `LinkedItemQuery` to search for ENIs using this SG - `ec2-network-interface`: Added `InputMapperSearch` that filters by `group-id` when query starts with `sg-` ## Test plan - [x] Unit tests pass for `TestNetworkInterfaceInputMapperSearch` - [x] Unit tests pass for `TestSecurityGroupOutputMapper` with new ENI link - [ ] Manual test: Create SG with attached instances, run change analysis, verify instances appear in blast radius <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Enables blast radius from security groups to instances by linking SGs to ENIs and adding ENI search by security group ID (and ARN). > > - **Adapters** > - `ec2-network-interface`: > - Add `InputMapperSearch` supporting `sg-*` via `group-id` filter and parsing ARN `network-interface/eni-*`. > - Wire `InputMapperSearch` into adapter; update metadata `SearchDescription`. > - `ec2-security-group`: > - Add linked SEARCH to `ec2-network-interface` by SG ID with outward blast propagation. > - Update `PotentialLinks` to include `ec2-network-interface`. > - **Tests** > - Add `TestNetworkInterfaceInputMapperSearch` and extend `TestSecurityGroupOutputMapper` for new ENI link. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 436e0e83739023d73b97f54f16127d3febf09443. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: c1f547771af266b06d2d84390444dd171217873b
…… (#3283) ## Summary Adds a new `cloudwatch-metric` adapter that fetches CPU utilization metrics from AWS CloudWatch. This enables evidence-based risk analysis by providing actual resource utilization data alongside configuration. **Ticket:** [ENG-1987](https://linear.app/overmind/issue/ENG-1987/create-cloudwatch-metrics-adapter) ## What it does - Creates `cloudwatch-metric` adapter that queries CloudWatch `GetMetricStatistics` - Fetches 15-minute time window with 5-minute granularity (3 datapoints) - Returns: `Average`, `Minimum`, `Maximum`, `DataAvailable`, `DatapointCount` - Links from `ec2-instance` → `cloudwatch-metric` automatically during discovery ## Example output ```json { "Average": 69.98, "Minimum": 69.95, "Maximum": 70.00, "DataAvailable": true, "DatapointCount": 3, "Namespace": "AWS/EC2", "MetricName": "CPUUtilization", "Dimension_InstanceId": "i-0ab8548514d9e361b" } ``` ## Why this matters This enables the LLM to catch risks like: > "This EC2 instance is running at 70% CPU. Changing from c5.large to t3.large (burstable, 30% baseline) would cause immediate CPU throttling." Without metrics, we only see config changes - not whether they'll actually cause problems. ## Changes | File | Change | |------|--------| | `aws-source/adapters/cloudwatch-metric.go` | New adapter | | `aws-source/adapters/cloudwatch-metric_test.go` | Unit tests (12 tests) | | `aws-source/adapters/cloudwatch-metric_integration_test.go` | Integration test | | `aws-source/adapters/ec2-instance.go` | Add LinkedItemQuery | | `aws-source/proc/proc.go` | Register adapter | | IAM policy files (4) | Add `cloudwatch:GetMetricStatistics` permission | ## Test plan - [x] Unit tests pass (12 tests) - [x] Integration test with real AWS account - [ ] Deploy to staging and verify metrics appear in blast radius - [ ] Test with instance type change scenario --- <!-- CURSOR_SUMMARY --> > [!NOTE] > Introduces a CloudWatch EC2 instance metrics adapter, links it from `ec2-instance`, registers it in the source, and updates IAM/docs to include required CloudWatch permission. > > - **Adapters** > - **New** `cloudwatch-instance-metric` adapter: queries EC2 metrics via `GetMetricData` (15-min avg for CPU, network, status checks, credits, disk/volume ops); caching and formatting; unit + integration tests. > - **EC2**: add linked query from `ec2-instance` to `cloudwatch-instance-metric`; extend `ec2-instance` metadata `PotentialLinks`. > - **Proc/Registration** > - Register `NewCloudwatchInstanceMetricAdapter` in `aws-source/proc/proc.go`. > - **IAM/Docs/UI** > - Add `cloudwatch:GetMetricStatistics` permission to IAM policy snippets in `aws-source/README.md`, CloudFormation template, docs, and frontend IAM policy UI. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 642d73001b1be3382a1626cfe29c675c1b6f12c9. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Dylan Ratcliffe <dylan@overmind.tech> GitOrigin-RevId: daff2b85a9dcfe205f6f1bfcf73041f6dcbc479d
Remove the "(avg over 15 min)" suffix from CloudWatch instance metrics because it is redundant and annoying. --- Linear Issue: [PRD-791](https://linear.app/overmind/issue/PRD-791/remove-the-avg-over-15-min-from-the-end-of-cloudwatch-instance-metrics) <a href="https://cursor.com/background-agent?bcId=bc-b5382f1a-e173-440f-90b2-01ec58d6c1b3"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/open-in-cursor-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/open-in-cursor-light.svg"><img alt="Open in Cursor" src="https://cursor.com/open-in-cursor.svg"></picture></a> <a href="https://cursor.com/agents?id=bc-b5382f1a-e173-440f-90b2-01ec58d6c1b3"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/open-in-web-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/open-in-web-light.svg"><img alt="Open in Web" src="https://cursor.com/open-in-web.svg"></picture></a> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Removes the "(avg over 15 min)" suffix from CloudWatch EC2 instance metric formatted values and updates tests accordingly. > > - **AWS EC2 metrics formatting**: > - Update `formatMetricValue` in `aws-source/adapters/cloudwatch-instance-metric.go` to remove the "(avg over 15 min)" suffix from formatted values for `CPUUtilization`, `NetworkIn`/`NetworkOut`, `CPUCreditBalance`/`CPUCreditUsage`, `DiskReadOps`/`DiskWriteOps`, and the default case. > - **Tests**: > - Adjust expectations in `aws-source/adapters/cloudwatch-instance-metric_test.go` to match new formatted strings without the averaging suffix. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ad20478147d99c7c18d4ed7c50270dc2c499dc55. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Cursor Agent <cursoragent@cursor.com> GitOrigin-RevId: 9f6926f570cd6b6ed6138242ec845ba71d10a8d2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
![https://cursor.com/open-in-cursor-dark.svg"><source](https://cursor.com/open-in-cursor-dark.svg"><source){kind=link}
![https://cursor.com/open-in-cursor-light.svg"><img](https://cursor.com/open-in-cursor-light.svg"><img){kind=link}
![https://cursor.com/open-in-cursor.svg"></picture></a> <a](https://cursor.com/open-in-cursor.svg"></picture></a> <a){kind=link}
![https://cursor.com/open-in-web-dark.svg"><source](https://cursor.com/open-in-web-dark.svg"><source){kind=link}
![https://cursor.com/open-in-web-light.svg"><img](https://cursor.com/open-in-web-light.svg"><img){kind=link}
![https://cursor.com/open-in-web.svg"></picture></a](https://cursor.com/open-in-web.svg"></picture></a){kind=link}
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Copybara Sync - Release v1.11.1
This PR was automatically created by Copybara, syncing changes from the overmindtech/workspace monorepo.
Original author: Dylan (dylan@overmind.tech)
What happens when this PR is merged?
tag-on-mergeworkflow will automatically create thev1.11.1tag on mainReview Checklist