Skip to content

🚚 release#519

Open
mfiedorowicz wants to merge 52 commits intoreleasefrom
develop
Open

🚚 release#519
mfiedorowicz wants to merge 52 commits intoreleasefrom
develop

Conversation

@mfiedorowicz
Copy link
Copy Markdown
Member

@mfiedorowicz mfiedorowicz commented Apr 17, 2026

No description provided.

mfiedorowicz and others added 30 commits January 19, 2026 10:41
@mfiedorowicz
fix: make index creation idempotent in entity hash lookup migration (#…
65f8aee 
…463)

Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
chore: update CODEOWNERS (#465)
83b7a57
@mfiedorowicz
feat(matching): add fuzzy string matching package (#464)
f84c30c
@mfiedorowicz
feat(protograph): add entity mapping code generator (#466)
1e9ab2d
@mfiedorowicz
feat(db): add graph tables migration for entity storage (#467)
488ee9f
@mfiedorowicz
feat(db): add SQLC queries and generated code for graph tables (#468)
ff60ddc
@mfiedorowicz
feat(entitymatcher): add confidence-based entity matching package (#470)
f7f7d0f 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
feat(reconciler): add GraphBuilder for recursive entity extraction (#471
343b589 
)
@mfiedorowicz
feat(reconciler): integrate graph DB with feature flag (#472)
41bd6e5
@mfiedorowicz
feat: list entities rpc (#473)
731ce14
@manrodrigues @mfiedorowicz
chore: Implement pytest in Diode (#469)
1f56d16 
Co-authored-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
feat(reconciler): add CreateEntity RPC for synchronous entity creation (
32e7242 
#474)
@manrodrigues
Chore: (OBS-1959) python linting (#475)
525476d
@mfiedorowicz
feat: add DeviceConfig (#476)
0ad24c0 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@paulstuart
add optional pprof listeners to servers
85a84d0
@paulstuart
include supporting file
eff7051
@paulstuart
use service configs to set auth endpoints
c750b7f
@paulstuart
restore removed return for early error
f0b5662
@paulstuart
feat: add optional pprof listeners to servers (#478)
caaa7ce 
Each service config has it's own pprof listener directive defaulting to localhost.
@mfiedorowicz
feat(graph): add metadata storage and lookup for entity matching (#480)
1fb551e
@paulstuart
remove defaults and allow distinct env names for each pprof env var
85ec6f2
@paulstuart
consistent naming for pprof var
a4fb468
@paulstuart
fix: remove defaults for pprof env var (#481)
78216d9
@paulstuart
fix erroneously updated doc
410af18
@paulstuart
fix: docs had wrong info for pprof env var (#482)
dce5917
@mfiedorowicz
refactor: graph package (#486)
f42de3b 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
chore: remove CreateEntity and ListEntities RPCs from reconciler proto (
b56fb63 
#488)
@mfiedorowicz
refactor: graph pkg - Service reshape + ListNodes (#491)
4b2bac5
@dependabot
chore(deps): bump go.opentelemetry.io/otel/sdk from 1.36.0 to 1.40.0 …
d254bcd 
…in /diode-server in the go_modules group across 1 directory (#494)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@mfiedorowicz
fix: prevent infinite recursion in updateRefsInData (#495)
c8287b9 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
mfiedorowicz and others added 6 commits April 1, 2026 15:38
@mfiedorowicz
feat: snapshot metadata history with deduplication and time-based ret…
b5c2d50 
…ention (#513)
@MicahParks
Add marc-barry to CODEOWNERS (#515)
3c49471
@dependabot
chore(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 …
f50fd06 
…in /diode-server in the go_modules group across 1 directory (#516)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@marc-barry @claude
fix: gracefully handle fork PR comment permissions (#514)
e220278 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@dependabot
chore(deps): bump pytest from 8.4.1 to 9.0.3 in /tests in the pip gro…
cc3e484 
…up across 1 directory (#517)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump github.com/jackc/pgx/v5 from 5.7.5 to 5.9.0 in /dio…
18226fa 
…de-server in the go_modules group across 1 directory (#518)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@mfiedorowicz mfiedorowicz self-assigned this Apr 17, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026

Vulnerability Scan: Passed — diode-ingester

Image: diode-ingester:scan

No vulnerabilities found.

Commit: 130e9ec

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026

Vulnerability Scan: Passed — diode-reconciler

Image: diode-reconciler:scan

No vulnerabilities found.

Commit: 130e9ec

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026

Vulnerability Scan: Passed — diode-auth

Image: diode-auth:scan

Source Library CVE Severity Installed Fixed Title
usr/bin/hydra github.com/docker/docker CVE-2026-34040 🟠 HIGH v28.3.3+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability
usr/bin/hydra github.com/docker/docker CVE-2026-33997 🟡 MEDIUM v28.3.3+incompatible 29.3.1 moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plu
usr/bin/hydra github.com/go-jose/go-jose/v3 CVE-2026-34986 🟠 HIGH v3.0.4 3.0.5 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of
usr/bin/hydra go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp CVE-2026-39882 🟡 MEDIUM v1.37.0 1.43.0 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...
usr/bin/hydra go.opentelemetry.io/otel/sdk CVE-2026-39883 🟠 HIGH v1.40.0 1.43.0 opentelemetry-go: BSD kenv command not using absolute path enables PATH hijackin
usr/bin/hydra stdlib CVE-2026-25679 🟠 HIGH v1.26.0 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url
usr/bin/hydra stdlib CVE-2026-27137 🟠 HIGH v1.26.0 1.26.1 crypto/x509: Incorrect enforcement of email constraints in crypto/x509
usr/bin/hydra stdlib CVE-2026-32280 🟠 HIGH v1.26.0 1.25.9, 1.26.2 During chain building, the amount of work that is done is not correctl ...
usr/bin/hydra stdlib CVE-2026-32282 🟠 HIGH v1.26.0 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
usr/bin/hydra stdlib CVE-2026-33810 🟠 HIGH v1.26.0 1.26.2 crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorr
usr/bin/hydra stdlib CVE-2026-27142 🟡 MEDIUM v1.26.0 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/te
usr/bin/hydra stdlib CVE-2026-32281 🟡 MEDIUM v1.26.0 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certifica
usr/bin/hydra stdlib CVE-2026-32288 🟡 MEDIUM v1.26.0 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously
usr/bin/hydra stdlib CVE-2026-32289 🟡 MEDIUM v1.26.0 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper co
usr/bin/hydra stdlib CVE-2026-27138 ⚪ LOW v1.26.0 1.26.1 crypto/x509: Panic in name constraint checking for malformed certificates in cry
usr/bin/hydra stdlib CVE-2026-27139 ⚪ LOW v1.26.0 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

Commit: 130e9ec

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026

Go test coverage

STATUS ELAPSED PACKAGE COVER PASS FAIL SKIP
🟢 PASS 1.51s github.com/netboxlabs/diode/diode-server/auth 44.7% 42 0 0
🟢 PASS 1.06s github.com/netboxlabs/diode/diode-server/auth/cli 0.0% 0 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/authutil 82.8% 5 0 0
🟢 PASS 0.15s github.com/netboxlabs/diode/diode-server/dbstore/postgres 0.0% 0 0 0
🟢 PASS 1.12s github.com/netboxlabs/diode/diode-server/entityhash 79.3% 20 0 0
🟢 PASS 1.11s github.com/netboxlabs/diode/diode-server/entitymatcher 82.8% 97 0 0
🟢 PASS 0.10s github.com/netboxlabs/diode/diode-server/errors 0.0% 0 0 0
🟢 PASS 1.18s github.com/netboxlabs/diode/diode-server/graph 52.0% 81 0 0
🟢 PASS 1.35s github.com/netboxlabs/diode/diode-server/ingester 79.1% 26 0 0
🟢 PASS 1.11s github.com/netboxlabs/diode/diode-server/matching 94.1% 66 0 0
🟢 PASS 1.07s github.com/netboxlabs/diode/diode-server/migrator 70.4% 4 0 0
🟢 PASS 6.30s github.com/netboxlabs/diode/diode-server/netboxdiodeplugin 83.0% 40 0 0
🟢 PASS 0.18s github.com/netboxlabs/diode/diode-server/pprof 0.0% 0 0 0
🟢 PASS 2.62s github.com/netboxlabs/diode/diode-server/reconciler 80.0% 87 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/reconciler/applier 85.7% 1 0 0
🟢 PASS 0.10s github.com/netboxlabs/diode/diode-server/reconciler/changeset 0.0% 0 0 0
🟢 PASS 1.09s github.com/netboxlabs/diode/diode-server/reconciler/differ 63.8% 6 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/server 85.7% 14 0 0
🟢 PASS 1.01s github.com/netboxlabs/diode/diode-server/strcase 100.0% 24 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/telemetry 28.0% 26 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/telemetry/otel 90.2% 25 0 0
🟢 PASS 0.09s github.com/netboxlabs/diode/diode-server/tls 0.0% 0 0 0
🟢 PASS 1.01s github.com/netboxlabs/diode/diode-server/version 100.0% 2 0 0

Total coverage: 57.8%

@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Apr 17, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jajeffries jajeffries jajeffries approved these changes

@leoparente leoparente Awaiting requested review from leoparente leoparente is a code owner

@ltucker ltucker Awaiting requested review from ltucker ltucker is a code owner

@MicahParks MicahParks Awaiting requested review from MicahParks MicahParks is a code owner

Assignees

@mfiedorowicz mfiedorowicz

Labels

build dependencies diode-chart diode-ingester diode-proto diode-reconciler diode-server documentation Improvements or additions to documentation github-actions go internal markdown python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@mfiedorowicz @github-advanced-security @jajeffries @manrodrigues @paulstuart @marc-barry @MicahParks