…vectordotdev#24778)

Bumps [memchr](https://github.com/BurntSushi/memchr) from 2.7.5 to 2.8.0.
- [Commits](BurntSushi/memchr@2.7.5...2.8.0)

---
updated-dependencies:
- dependency-name: memchr
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ectordotdev#24783)

Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [derive_more](https://github.com/JelteF/derive_more) from 2.0.1 to 2.1.1.
- [Release notes](https://github.com/JelteF/derive_more/releases)
- [Changelog](https://github.com/JelteF/derive_more/blob/master/CHANGELOG.md)
- [Commits](JelteF/derive_more@v2.0.1...v2.1.1)

---
updated-dependencies:
- dependency-name: derive_more
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [evmap](https://github.com/jonhoo/evmap) from 10.0.2 to 11.0.0.
- [Commits](jonhoo/evmap@v10.0.2...v11.0.0)

---
updated-dependencies:
- dependency-name: evmap
  dependency-version: 11.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [smpl_jwt](https://github.com/durch/rust-jwt) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/durch/rust-jwt/commits)

---
updated-dependencies:
- dependency-name: smpl_jwt
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [bytesize](https://github.com/bytesize-rs/bytesize) from 2.1.0 to 2.3.1.
- [Release notes](https://github.com/bytesize-rs/bytesize/releases)
- [Changelog](https://github.com/bytesize-rs/bytesize/blob/master/CHANGELOG.md)
- [Commits](bytesize-rs/bytesize@bytesize-v2.1.0...bytesize-v2.3.1)

---
updated-dependencies:
- dependency-name: bytesize
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pavlos Rontidis <pavlos.rontidis@gmail.com>

…#24785)

* fix(ci): restrict GITHUB_TOKEN permissions in workflows

Apply principle of least privilege to workflow permissions to address 6 Token-Permissions security alerts. Changes include adding explicit contents: read, downgrading packages: write to packages: read where only image pulls are needed, and moving elevated permissions from workflow to job level where appropriate.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* manual fix of .github/workflows/ci-integration-review.yml

* manually fix statuses in .github/workflows/ci-integration-review.yml

* remove redundant line from .github/workflows/cla.yml

* manually fix .github/workflows/integration.yml

* attempt to fix .github/workflows/integration.yml

* attempt to fix ci-integration-review.yml

---------

Co-authored-by: Claude <noreply@anthropic.com>

* chore(deps): expose vrl functions flag

* chore: remove changelog

* chore(tests): update test behavior to include all vrl functions

… keys (vectordotdev#24824)

* wip dir secrets resolution fix

* add integration test for nested directory paths

* add changelog file

* fix spelling

* fix formatting

---------

Co-authored-by: Pavlos Rontidis <pavlos.rontidis@gmail.com>

…ctordotdev#24826)

* chore(dev): add codegen-units = 1 in Cargo.toml

* chore(internal docs): Delete obsolete LLVM/clang 9 RUSTFLAGS step

* Revert "chore(dev): add codegen-units = 1 in Cargo.toml"

This reverts commit dfdcf25.

* chore(docs): add new component docs guide

* revert unrelated Cargo.lock changes

* fix TOC changes

* add missing step to create md file

* simplify

* md style fixes

* review feedback

* docs(dev): specify Hugo download link

* Apply suggestion from @thomasqueirozb

Co-authored-by: Thomas <thomas.schneider@datadoghq.com>

* md linter fix

---------

Co-authored-by: Thomas <thomas.schneider@datadoghq.com>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Style and formatting cleanup across all source files: consistent log
message punctuation, hoisted imports to module level, rustfmt
single-line struct variants, and removed redundant blank lines.

Maintainer review feedback:
- Emit keywords as hex string (0x...) to preserve unsigned bitmask
- Propagate flush_bookmarks() set_batch error instead of swallowing
- Remove 5 placeholder tests that inflated coverage
- Strengthen truncation test with real assertions
- Add missing fields to Vector namespace schema (level_value,
  provider_guid, version, qualifiers, string_inserts, event_data,
  user_data, task_name, opcode_name, keyword_names)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…ent_log

Performance: build_xpath_query() now auto-generates XPath from only_event_ids
(e.g. *[System[EventID=4624 or EventID=4625]]) so the Windows API filters at
the source. Added early pre-filter in the drain loop after parse_system_section
to discard non-matching events before expensive metadata/message calls. Includes
4096-char length guard that falls back to wildcard for very large ID lists.

Tests: XPath generation unit tests, multi-filter interaction tests, config
validation boundary tests, integration test exercising XPath generation without
explicit event_query, and fixes for four pre-existing test assertion errors.

Docs: markdown page and changelog fragment.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…d run fmt

The `vdev check events` linter requires InternalEvent types with "Error"
in their name to log at error level. Promote WindowsEventLogParseError,
WindowsEventLogQueryError, and WindowsEventLogBookmarkError from warn!
to error! to satisfy this requirement.

Also widen the max_event_age integration test timing margins (2s→5s sleep,
1s→3s threshold) to reduce flakiness on slow CI, remove the redundant
integration test README, and apply rustfmt formatting fixes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore(dev): clearer instrunctions on when to run clippy

* remove container dev section - not common

* mention how to check MD files

* move Rust style to its own doc

* add word to allow list

* linting fixes

* add a note to docs/RUST_STYLE.md

* move common patterns section but to agents.md

Bumps the patches group with 4 updates: [nix](https://github.com/nix-rust/nix), [libc](https://github.com/rust-lang/libc), [pin-project](https://github.com/taiki-e/pin-project) and [web-sys](https://github.com/wasm-bindgen/wasm-bindgen).


Updates `nix` from 0.31.1 to 0.31.2
- [Changelog](https://github.com/nix-rust/nix/blob/master/CHANGELOG.md)
- [Commits](nix-rust/nix@v0.31.1...v0.31.2)

Updates `libc` from 0.2.180 to 0.2.182
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.182/CHANGELOG.md)
- [Commits](rust-lang/libc@0.2.180...0.2.182)

Updates `pin-project` from 1.1.10 to 1.1.11
- [Release notes](https://github.com/taiki-e/pin-project/releases)
- [Changelog](https://github.com/taiki-e/pin-project/blob/main/CHANGELOG.md)
- [Commits](taiki-e/pin-project@v1.1.10...v1.1.11)

Updates `web-sys` from 0.3.90 to 0.3.91
- [Release notes](https://github.com/wasm-bindgen/wasm-bindgen/releases)
- [Changelog](https://github.com/wasm-bindgen/wasm-bindgen/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wasm-bindgen/wasm-bindgen/commits)

---
updated-dependencies:
- dependency-name: nix
  dependency-version: 0.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: libc
  dependency-version: 0.2.182
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: pin-project
  dependency-version: 1.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: web-sys
  dependency-version: 0.3.91
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pavlos Rontidis <pavlos.rontidis@gmail.com>

…ions (vectordotdev#24835)

* chore(ci): implement least privilege for GitHub Actions token permissions

Addresses OpenSSF Scorecard security findings by implementing explicit
minimal permissions for all GitHub Actions workflows. This prevents
workflows from defaulting to excessive permissions and reduces security
risk if a workflow is compromised.

Changes:
- Added explicit permissions to 8 workflows that had none defined
- Moved write permissions from workflow-level to job-level in 15 workflows
- Set restrictive default of `contents: read` at workflow-level
- Scoped write permissions to only the jobs that need them
- Added inline comments documenting each permission requirement

Security impact:
- OpenSSF Scorecard Token-Permissions score: 0.0 → 10.0 (perfect)
- Follows GitHub's principle of least privilege
- Reduces attack surface for potential workflow compromise

Workflows modified: 20 total
- Priority 1 (no permissions): changes.yml, test.yml, integration-test.yml,
  regression.yml, compilation-timings.yml, preview_site_trigger.yml,
  gardener_issue_comment.yml, gardener_open_pr.yml
- Priority 2 (broad permissions): publish.yml, integration.yml,
  build-test-runner.yml, custom_builds.yml, nightly.yml, release.yml,
  ci-integration-review.yml, cleanup-ghcr-images.yml, cla.yml,
  vdev_publish.yml, build_preview_sites.yml, create_preview_sites.yml

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix(ci): remove duplicate permissions key in integration.yml build-test-runner job

The build-test-runner job had two `permissions` mappings — the original
(contents: read + packages: write) and a duplicate (packages: write only)
added during the scorecard Token-Permissions hardening. YAML does not allow
duplicate keys; GitHub's parser rejected the file, causing the Integration
Test Suite required check to stay at "Waiting for status to be reported".

Remove the duplicate block and move its inline comment to the existing block.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(ci): remove actions:write from changes.yml job permissions

Removes `actions: write` from the `int_tests` and `e2e_tests` job-level
permissions blocks in changes.yml. GitHub validates job-level permission
requests against the caller's grants at load time, so any workflow calling
changes.yml with `actions: none` (i.e. `permissions: contents: read`) would
fail to load — breaking deny.yml, test.yml, integration.yml, k8s_e2e.yml,
and master_merge_queue.yml.

The `actions: write` declaration was unnecessary; artifact uploads work
without it (same behavior as master). Scorecard Token-Permissions still
returns 10/10.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

)

* chore(deps): Bump VRL and add check_type_only: false

* Fix missing base64 feature

* Fix missing feature in vector-vrl-functions

* Bump vrl and use stdlib/stdlib-base

* Fix VRL tests

* Add ! to floor

…ectordotdev#24843)

* Fix ansi escape codes being printed to stderr

* Add cli int test

* Fix incorrect junit error log

* Add color --always to cli int test

* Add changelog

* Use indoc and yml

…ordotdev#24845)

* chore(deps): Enable all vector-vrl-functions features by default

* Apply suggestions from code review

…ectordotdev#24846)

* fix(opentelemetry source): fix source output

* change

* Fix global options links

* Fix other links

* Remove deprecated site.Author

vectordotdev#24866)

* feat(api): add docs::warnings macro support and warn about no auth on api endpoint

* Fix macro order

* Fix conflict in generated file

* Update src/config/api.rs

Co-authored-by: Pavlos Rontidis <pavlos.rontidis@gmail.com>

* Regenerate docs

---------

Co-authored-by: Pavlos Rontidis <pavlos.rontidis@gmail.com>

* chore(releasing): prepare v0.54.0 release (vectordotdev#24876)

* chore(releasing): Pinned VRL version to 0.31.0

* chore(releasing): Generated release CUE file

* chore(releasing): Updated website/cue/reference/administration/interfaces/kubectl.cue vector version to 0.54.0

* chore(releasing): Updated distribution/install.sh vector version to 0.54.0

* chore(releasing): Add 0.54.0 to versions.cue

* chore(releasing): Created release md file

* spell checker fixes

* regen licenses

* highlights + breaking changes v1

* fix(vdev): make build vrl-docs work with released VRL version (vectordotdev#24877)

* fix(vdev): make build vrl-docs work with released VRL version

* Format

* Import bail

* Fix invalid \ inside cue string

* Remove whitespace

* fix(ci): use cross-strip tools when packaging RPMs for non-x86_64 targets (vectordotdev#24873)

* fix(ci): use cross-strip tools when packaging RPMs for non-x86_64 targets

* Install vdev using setup action in publish.yml

* revert unrelated change

* update date

---------

Co-authored-by: Thomas <thomas.schneider@datadoghq.com>

* cargo vdev build manifests

* bump version

* cargo update -p vector

* vrl track main

---------

Co-authored-by: Thomas <thomas.schneider@datadoghq.com>

…24893)

…ffer (vectordotdev#24878)

vectordotdev#24894)

Use api config group shortcode

… source names

Each test now uses a unique provider name (e.g. VT_stress, VT_backlog)
for eventcreate and XPath filtering, preventing cross-test pollution
when tests run in parallel on multi-core CI runners. Also serializes
test execution via --test-threads=1 in the Makefile target.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…isolation

With per-test source names, phase 1 only receives 1 event (our test
event), so the old `second_run.len() < first_count` assertion fails
when first_count==1 and the second run correctly gets 1 new event.

Replace the count-based assertion with content-based checks: verify
phase1 event is NOT redelivered and phase2 event IS present.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

… available (vectordotdev#24898)

The shallow clone (depth=1) done by actions/checkout meant origin/master
did not exist, causing the check_changelog_fragments.sh script to fail
with "ambiguous argument 'origin/master'". Setting fetch-depth: 0 ensures
the full history and all remote refs are available.

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

…ectordotdev#24822)

* feat(opentelemetry source): Support per-signal OTLP decoding configuration (vectordotdev#24455)

Allow independent configuration of OTLP decoding for logs, metrics, and traces.
Maintains backward compatibility with boolean configuration.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* changelog

* generate component docs

* regen docs

* fixes

* linting

* consolidate tests

* add usage example

* fix trace output

* fix test too

* make generate-component-docs

* address review point

* attempt to fix blocking workflow

* attempt optimal fix

* revert changelog workflow changes

---------

Co-authored-by: Claude <noreply@anthropic.com>

* chore(deps): bump VRL and remove RUSTSEC-2021-0139 from deny.toml ignore

* Add run_skipped to TestConfig

* Use pastey instead of paste

* Update deny.toml and re-add paste

* Update licenses

…solation

Per-test source names should be sufficient to prevent cross-test
pollution. Removing serialization to prove tests pass in parallel.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test_resubscribe_after_log_clear was running `wevtutil cl Application`
which nukes the entire Application log, destroying events that other
parallel tests depend on. This caused test_rejected_ack to get 0 events
in phase 2 when running in parallel.

Fix: create a temporary custom log channel (VectorTestResub) via
PowerShell New-EventLog, subscribe to that, clear only that channel,
and clean up via Drop guard. Application log is never touched.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>