Conversation
… fixes (vectordotdev#24662) * Support scalars, nested objects, and arrays in structured data. Improve RFC compliance - Support scalars, nested objects and arrays in structured data - Fix UTF-8 safety: use character-based truncation (prevents panics) - Fix RFC 3164: ignore structured data instead of prepending - Add ASCII sanitization for RFC 3164 fields - Add RFC 5424 SD-ID/PARAM-NAME validation * add changelog file * address PR review comments fix SD-ID use char count instead of byte length use workspace dependency for toml changelog with detailed breakdown * explain array serialization in chngelog file * Update check-spelling metadata with 'emojis' * Fix markdown * Fix markdown lint errors
Bumps [memchr](https://github.com/BurntSushi/memchr) from 2.7.5 to 2.8.0. - [Commits](BurntSushi/memchr@2.7.5...2.8.0) --- updated-dependencies: - dependency-name: memchr dependency-version: 2.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ectordotdev#24783) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [derive_more](https://github.com/JelteF/derive_more) from 2.0.1 to 2.1.1. - [Release notes](https://github.com/JelteF/derive_more/releases) - [Changelog](https://github.com/JelteF/derive_more/blob/master/CHANGELOG.md) - [Commits](JelteF/derive_more@v2.0.1...v2.1.1) --- updated-dependencies: - dependency-name: derive_more dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [evmap](https://github.com/jonhoo/evmap) from 10.0.2 to 11.0.0. - [Commits](jonhoo/evmap@v10.0.2...v11.0.0) --- updated-dependencies: - dependency-name: evmap dependency-version: 11.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [smpl_jwt](https://github.com/durch/rust-jwt) from 0.8.0 to 0.9.0. - [Commits](https://github.com/durch/rust-jwt/commits) --- updated-dependencies: - dependency-name: smpl_jwt dependency-version: 0.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [bytesize](https://github.com/bytesize-rs/bytesize) from 2.1.0 to 2.3.1. - [Release notes](https://github.com/bytesize-rs/bytesize/releases) - [Changelog](https://github.com/bytesize-rs/bytesize/blob/master/CHANGELOG.md) - [Commits](bytesize-rs/bytesize@bytesize-v2.1.0...bytesize-v2.3.1) --- updated-dependencies: - dependency-name: bytesize dependency-version: 2.3.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pavlos Rontidis <pavlos.rontidis@gmail.com>
…#24785) * fix(ci): restrict GITHUB_TOKEN permissions in workflows Apply principle of least privilege to workflow permissions to address 6 Token-Permissions security alerts. Changes include adding explicit contents: read, downgrading packages: write to packages: read where only image pulls are needed, and moving elevated permissions from workflow to job level where appropriate. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * manual fix of .github/workflows/ci-integration-review.yml * manually fix statuses in .github/workflows/ci-integration-review.yml * remove redundant line from .github/workflows/cla.yml * manually fix .github/workflows/integration.yml * attempt to fix .github/workflows/integration.yml * attempt to fix ci-integration-review.yml --------- Co-authored-by: Claude <noreply@anthropic.com>
* chore(deps): expose vrl functions flag * chore: remove changelog * chore(tests): update test behavior to include all vrl functions
… keys (vectordotdev#24824) * wip dir secrets resolution fix * add integration test for nested directory paths * add changelog file * fix spelling * fix formatting --------- Co-authored-by: Pavlos Rontidis <pavlos.rontidis@gmail.com>
…ctordotdev#24826) * chore(dev): add codegen-units = 1 in Cargo.toml * chore(internal docs): Delete obsolete LLVM/clang 9 RUSTFLAGS step * Revert "chore(dev): add codegen-units = 1 in Cargo.toml" This reverts commit dfdcf25.
* chore(docs): add new component docs guide * revert unrelated Cargo.lock changes * fix TOC changes * add missing step to create md file * simplify * md style fixes * review feedback
* docs(dev): specify Hugo download link * Apply suggestion from @thomasqueirozb Co-authored-by: Thomas <thomas.schneider@datadoghq.com> * md linter fix --------- Co-authored-by: Thomas <thomas.schneider@datadoghq.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Style and formatting cleanup across all source files: consistent log message punctuation, hoisted imports to module level, rustfmt single-line struct variants, and removed redundant blank lines. Maintainer review feedback: - Emit keywords as hex string (0x...) to preserve unsigned bitmask - Propagate flush_bookmarks() set_batch error instead of swallowing - Remove 5 placeholder tests that inflated coverage - Strengthen truncation test with real assertions - Add missing fields to Vector namespace schema (level_value, provider_guid, version, qualifiers, string_inserts, event_data, user_data, task_name, opcode_name, keyword_names) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ent_log Performance: build_xpath_query() now auto-generates XPath from only_event_ids (e.g. *[System[EventID=4624 or EventID=4625]]) so the Windows API filters at the source. Added early pre-filter in the drain loop after parse_system_section to discard non-matching events before expensive metadata/message calls. Includes 4096-char length guard that falls back to wildcard for very large ID lists. Tests: XPath generation unit tests, multi-filter interaction tests, config validation boundary tests, integration test exercising XPath generation without explicit event_query, and fixes for four pre-existing test assertion errors. Docs: markdown page and changelog fragment. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…d run fmt The `vdev check events` linter requires InternalEvent types with "Error" in their name to log at error level. Promote WindowsEventLogParseError, WindowsEventLogQueryError, and WindowsEventLogBookmarkError from warn! to error! to satisfy this requirement. Also widen the max_event_age integration test timing margins (2s→5s sleep, 1s→3s threshold) to reduce flakiness on slow CI, remove the redundant integration test README, and apply rustfmt formatting fixes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore(dev): clearer instrunctions on when to run clippy * remove container dev section - not common * mention how to check MD files * move Rust style to its own doc * add word to allow list * linting fixes * add a note to docs/RUST_STYLE.md * move common patterns section but to agents.md
Bumps the patches group with 4 updates: [nix](https://github.com/nix-rust/nix), [libc](https://github.com/rust-lang/libc), [pin-project](https://github.com/taiki-e/pin-project) and [web-sys](https://github.com/wasm-bindgen/wasm-bindgen). Updates `nix` from 0.31.1 to 0.31.2 - [Changelog](https://github.com/nix-rust/nix/blob/master/CHANGELOG.md) - [Commits](nix-rust/nix@v0.31.1...v0.31.2) Updates `libc` from 0.2.180 to 0.2.182 - [Release notes](https://github.com/rust-lang/libc/releases) - [Changelog](https://github.com/rust-lang/libc/blob/0.2.182/CHANGELOG.md) - [Commits](rust-lang/libc@0.2.180...0.2.182) Updates `pin-project` from 1.1.10 to 1.1.11 - [Release notes](https://github.com/taiki-e/pin-project/releases) - [Changelog](https://github.com/taiki-e/pin-project/blob/main/CHANGELOG.md) - [Commits](taiki-e/pin-project@v1.1.10...v1.1.11) Updates `web-sys` from 0.3.90 to 0.3.91 - [Release notes](https://github.com/wasm-bindgen/wasm-bindgen/releases) - [Changelog](https://github.com/wasm-bindgen/wasm-bindgen/blob/main/CHANGELOG.md) - [Commits](https://github.com/wasm-bindgen/wasm-bindgen/commits) --- updated-dependencies: - dependency-name: nix dependency-version: 0.31.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: libc dependency-version: 0.2.182 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: pin-project dependency-version: 1.1.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: web-sys dependency-version: 0.3.91 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pavlos Rontidis <pavlos.rontidis@gmail.com>
…ions (vectordotdev#24835) * chore(ci): implement least privilege for GitHub Actions token permissions Addresses OpenSSF Scorecard security findings by implementing explicit minimal permissions for all GitHub Actions workflows. This prevents workflows from defaulting to excessive permissions and reduces security risk if a workflow is compromised. Changes: - Added explicit permissions to 8 workflows that had none defined - Moved write permissions from workflow-level to job-level in 15 workflows - Set restrictive default of `contents: read` at workflow-level - Scoped write permissions to only the jobs that need them - Added inline comments documenting each permission requirement Security impact: - OpenSSF Scorecard Token-Permissions score: 0.0 → 10.0 (perfect) - Follows GitHub's principle of least privilege - Reduces attack surface for potential workflow compromise Workflows modified: 20 total - Priority 1 (no permissions): changes.yml, test.yml, integration-test.yml, regression.yml, compilation-timings.yml, preview_site_trigger.yml, gardener_issue_comment.yml, gardener_open_pr.yml - Priority 2 (broad permissions): publish.yml, integration.yml, build-test-runner.yml, custom_builds.yml, nightly.yml, release.yml, ci-integration-review.yml, cleanup-ghcr-images.yml, cla.yml, vdev_publish.yml, build_preview_sites.yml, create_preview_sites.yml Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * fix(ci): remove duplicate permissions key in integration.yml build-test-runner job The build-test-runner job had two `permissions` mappings — the original (contents: read + packages: write) and a duplicate (packages: write only) added during the scorecard Token-Permissions hardening. YAML does not allow duplicate keys; GitHub's parser rejected the file, causing the Integration Test Suite required check to stay at "Waiting for status to be reported". Remove the duplicate block and move its inline comment to the existing block. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ci): remove actions:write from changes.yml job permissions Removes `actions: write` from the `int_tests` and `e2e_tests` job-level permissions blocks in changes.yml. GitHub validates job-level permission requests against the caller's grants at load time, so any workflow calling changes.yml with `actions: none` (i.e. `permissions: contents: read`) would fail to load — breaking deny.yml, test.yml, integration.yml, k8s_e2e.yml, and master_merge_queue.yml. The `actions: write` declaration was unnecessary; artifact uploads work without it (same behavior as master). Scorecard Token-Permissions still returns 10/10. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
…ectordotdev#24843) * Fix ansi escape codes being printed to stderr * Add cli int test * Fix incorrect junit error log * Add color --always to cli int test * Add changelog * Use indoc and yml
…ordotdev#24845) * chore(deps): Enable all vector-vrl-functions features by default * Apply suggestions from code review
* fix(opentelemetry source): fix source output * change
* [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> * Revert latest dependency pinning --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Thomas <thomasqueirozb@gmail.com>
* Fix global options links * Fix other links * Remove deprecated site.Author
vectordotdev#24866) * feat(api): add docs::warnings macro support and warn about no auth on api endpoint * Fix macro order * Fix conflict in generated file * Update src/config/api.rs Co-authored-by: Pavlos Rontidis <pavlos.rontidis@gmail.com> * Regenerate docs --------- Co-authored-by: Pavlos Rontidis <pavlos.rontidis@gmail.com>
* chore(releasing): prepare v0.54.0 release (vectordotdev#24876) * chore(releasing): Pinned VRL version to 0.31.0 * chore(releasing): Generated release CUE file * chore(releasing): Updated website/cue/reference/administration/interfaces/kubectl.cue vector version to 0.54.0 * chore(releasing): Updated distribution/install.sh vector version to 0.54.0 * chore(releasing): Add 0.54.0 to versions.cue * chore(releasing): Created release md file * spell checker fixes * regen licenses * highlights + breaking changes v1 * fix(vdev): make build vrl-docs work with released VRL version (vectordotdev#24877) * fix(vdev): make build vrl-docs work with released VRL version * Format * Import bail * Fix invalid \ inside cue string * Remove whitespace * fix(ci): use cross-strip tools when packaging RPMs for non-x86_64 targets (vectordotdev#24873) * fix(ci): use cross-strip tools when packaging RPMs for non-x86_64 targets * Install vdev using setup action in publish.yml * revert unrelated change * update date --------- Co-authored-by: Thomas <thomas.schneider@datadoghq.com> * cargo vdev build manifests * bump version * cargo update -p vector * vrl track main --------- Co-authored-by: Thomas <thomas.schneider@datadoghq.com>
vectordotdev#24894) Use api config group shortcode
… source names Each test now uses a unique provider name (e.g. VT_stress, VT_backlog) for eventcreate and XPath filtering, preventing cross-test pollution when tests run in parallel on multi-core CI runners. Also serializes test execution via --test-threads=1 in the Makefile target. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…isolation With per-test source names, phase 1 only receives 1 event (our test event), so the old `second_run.len() < first_count` assertion fails when first_count==1 and the second run correctly gets 1 new event. Replace the count-based assertion with content-based checks: verify phase1 event is NOT redelivered and phase2 event IS present. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… available (vectordotdev#24898) The shallow clone (depth=1) done by actions/checkout meant origin/master did not exist, causing the check_changelog_fragments.sh script to fail with "ambiguous argument 'origin/master'". Setting fetch-depth: 0 ensures the full history and all remote refs are available. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…ectordotdev#24822) * feat(opentelemetry source): Support per-signal OTLP decoding configuration (vectordotdev#24455) Allow independent configuration of OTLP decoding for logs, metrics, and traces. Maintains backward compatibility with boolean configuration. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * changelog * generate component docs * regen docs * fixes * linting * consolidate tests * add usage example * fix trace output * fix test too * make generate-component-docs * address review point * attempt to fix blocking workflow * attempt optimal fix * revert changelog workflow changes --------- Co-authored-by: Claude <noreply@anthropic.com>
* chore(deps): bump VRL and remove RUSTSEC-2021-0139 from deny.toml ignore * Add run_skipped to TestConfig * Use pastey instead of paste * Update deny.toml and re-add paste * Update licenses
…solation Per-test source names should be sufficient to prevent cross-test pollution. Removing serialization to prove tests pass in parallel. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
test_resubscribe_after_log_clear was running `wevtutil cl Application` which nukes the entire Application log, destroying events that other parallel tests depend on. This caused test_rejected_ack to get 0 events in phase 2 when running in parallel. Fix: create a temporary custom log channel (VectorTestResub) via PowerShell New-EventLog, subscribe to that, clear only that channel, and clean up via Drop guard. Application log is never touched. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Parser tests: populate enriched metadata fields (opcode_name, task_name, keyword_names) in test events since the parser copies these directly rather than resolving them - Fallback message test: clear string_inserts so the parser reaches the fallback code path instead of returning the first string insert - Bookmark test: change assertion to verify graceful fallback behavior since hand-crafted bookmark XML is not valid for the Windows API Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
test_parse_event_basicandtest_parse_security_audit_event: populate enriched metadata fields in test eventstest_render_message_false_uses_fallback: clearstring_insertsto reach fallback pathtest_checkpoint_restoration_uses_bookmark: assert graceful fallback instead of invalid bookmark behaviorTest plan
🤖 Generated with Claude Code