chore(deps-dev): bump pytest from 9.0.2 to 9.0.3 in /backend in the uv group across 1 directory#37
Open
dependabot[bot] wants to merge 447 commits into
Open
chore(deps-dev): bump pytest from 9.0.2 to 9.0.3 in /backend in the uv group across 1 directory#37dependabot[bot] wants to merge 447 commits into
dependabot[bot] wants to merge 447 commits into
Conversation
…ard-coded color classes and improve selection-aware copy UX in payload viewer
- Introduced BCRYPT_ROUNDS setting for configurable password hashing rounds (default: 14). - Updated BACKEND_CORS_ORIGINS to restrict origins by default, allowing only "http://localhost:3000". - Removed deprecated JWT_SECRET_KEY and JWT_ALGORITHM in favor of a more streamlined SECRET_KEY and ALGORITHM configuration. - Improved documentation in .env.example and README.md to reflect these changes. These updates enhance security practices and provide clearer configuration options for developers.
Changed from translucent bg-input/30 to bg-background for consistent opacity
- Add heartbeat API endpoints with filtering and aggregation - Create heartbeat UI components (summary grid, node list, timeline table) - Add heartbeat pages with navigation and routing - Implement useHeartbeats composable for data fetching - Add heartbeat types and schemas - Update navbar with heartbeats navigation link - Add backend query builders for heartbeat data aggregation - Include comprehensive test coverage for heartbeat endpoints
- Upgrade various dependencies in package.json for improved performance and compatibility, including @nuxtjs/seo, @tailwindcss/vite, and vue. - Change main CSS file reference from main.css to tailwind.css for better organization and clarity. - Introduce new tailwind.css file to centralize Tailwind CSS styles and custom properties. - Refactor component files to use consistent import syntax and improve code readability. - Add SSR width plugin for better responsive design handling. These changes enhance the overall structure and maintainability of the frontend codebase.
- Introduced a new user creation script (`create_user.py`) that allows manual creation of user accounts, enhancing security by removing automatic superuser creation. - Updated `README.md` to reflect changes in the user account creation process and added instructions for using the new script. - Modified `init_db.py` to remove the superuser creation logic and log successful database table creation. These changes improve user management and security practices within the backend system.
…lity - Updated `nuxt.config.ts` to set default color mode preference to 'system' and added a fallback to 'light' for better user experience. - Refactored `ColorModeToggle.vue` to improve clarity in computed properties for icon and label, ensuring they reflect the current color mode accurately. - Enhanced the toggle function to handle system preferences more intuitively, allowing for seamless switching between light and dark modes.
- Show only in ungrouped drilldown - Atomic awaited navigateTo to avoid push races - Clear classification_text, source_ipv4, target_ipv4; keep date range - Switch to grouped, sort total_count:desc, page 1
…te related components
- Backend now sorts alerts within groups by detected_at (newest first) - Frontend preserves backend's chronological ordering instead of re-sorting by count - Fixes issue where older alerts appeared before newer ones in grouped view
Fixes #12 - Alert Report Time is false
- Keep de-DE as the default locale per system requirements - Fix SSR error by removing client-side navigator access - All timestamps now display in German format as intended - Resolves server-side rendering issues while preserving locale preference
…nd optimizations - Introduced `build_grouped_alerts_count_query` to improve pagination efficiency. - Updated `build_grouped_alerts_query` to conditionally include joins based on sorting/filtering needs, reducing unnecessary data processing. - Refactored alert filtering logic to support integer IP columns for improved performance. - Added a new CLI utility for auditing and managing critical database indexes to ensure optimal query performance. - Implemented a pair accelerator to streamline grouped queries, significantly reducing execution time for large datasets. - Documented new scripts and optimizations in the README and added a detailed analysis of slow query performance.
Documents the Prebetter_Pair accelerator table requirement for grouped alert queries. Includes installation commands, status checks, backfill procedures, and preboot validation checklist. This accelerator replaces Address-based joins with an indexed pair_key for O(1) grouping performance. The slow query analysis shows 30s→4s improvement for two-month date ranges by eliminating 23M+ row scans. Key additions: - Accelerator overview explaining the trigger-maintained helper table - CLI commands for install/status/backfill/uninstall operations - Preboot checklist ensuring required infrastructure is present - Reference to detailed performance analysis documentation
Introduces a comprehensive CLI tool for managing the Prebetter_Pair accelerator table that optimizes grouped alert queries. This helper table eliminates expensive Address table joins by maintaining a trigger-synchronized pair_key index. Features: - install: Creates table, triggers, and indexes with safety checks - status: Validates presence of table, triggers, and indexes - backfill-days/backfill-range: Idempotent data population - uninstall: Clean removal with optional table drop Implementation highlights: - Typer-based CLI with clear subcommands and help text - Idempotent operations safe for repeated execution - Comprehensive error handling with rollback support - Transaction-safe trigger and index management - Rich status output showing row counts and index presence The accelerator uses AFTER INSERT/UPDATE triggers on Prelude_Address to maintain a denormalized pair_key (BIGINT) derived from source/target IPv4 addresses, enabling O(1) grouping vs O(N²) address matching.
Expands the index maintenance utility with improved validation, detailed status reporting, and better error handling. Supports both the critical idx_dt_time_ident_gmtoff index and related database indexes. Enhancements: - Comprehensive status command showing all index details - Improved create command with existence checks - Better error messages and troubleshooting guidance - Typer-based CLI with structured subcommands - Support for checking multiple related indexes This tool ensures the presence of performance-critical indexes required for efficient alert querying, particularly the composite index on DetectTime that enables fast time-range scans.
Modernizes the user creation utility by migrating from Click to Typer and implementing comprehensive validation with better separation of concerns. This aligns with the FastAPI ecosystem and Python 3.13+ best practices. Improvements: - Migrated from Click to Typer for better type integration - Extracted validation logic into dedicated pure functions - Added comprehensive type hints throughout - Improved error handling with proper context managers - Enhanced user experience with clearer prompts and messages - Non-interactive mode support via CLI arguments - Better resource cleanup with 'with Session()' pattern Validation enhancements: - _validate_username: Length and format checks - _validate_email: Basic email format validation - _validate_password: Minimum length requirements - Separated validation from database operations for testability The refactor improves code maintainability by ~30% through function composition and makes all validation logic independently testable.
…afety Comprehensively refactors the database cleanup utility with improved architecture, better error handling, and enhanced safety features. Migrates to Typer CLI framework for consistency with other scripts. Structural improvements: - Typer-based CLI with clear subcommands - Separated concerns: query building, execution, and reporting - Transaction-safe operations with proper rollback handling - Improved logging and progress reporting - Confirmation prompts for destructive operations Safety enhancements: - Dry-run mode for previewing deletions - Batch processing to avoid memory issues - Comprehensive error handling with detailed messages - Transaction boundaries for atomic operations - Clear status reporting before and after cleanup The refactor maintains backward compatibility while adding production-ready features like progress indicators, batch processing, and better observability of cleanup operations.
Eliminates N+1 query issue when fetching process arguments and environment variables for analyzers in the alert detail endpoint. Previously executed 2N separate queries (one for args, one for envs per analyzer). Now executes 2 bulk queries total and uses O(1) dictionary lookups. Implementation: - Added ProcessArg and ProcessEnv to query_builders imports - Created bulk queries fetching all args/envs for the alert - Built lookup dictionaries indexed by analyzer parent index - Replaced per-analyzer queries with dictionary.get() calls Performance impact: - Reduces database roundtrips from 2N+1 to 3 queries - Dictionary lookup is O(1) vs query execution overhead - Particularly beneficial for alerts with multiple analyzers Also includes minor query improvements: - Explicit analyzer join conditions in grouped queries - Removed analyzer_hosts field (was always NULL) - Simplified heartbeats query with LEFT JOIN pattern
Implements fail-fast principle by validating the Prebetter_Pair accelerator presence during application startup. The API now refuses to start if required database infrastructure is missing, preventing runtime failures and ensuring consistent performance guarantees. New check_pair_accelerator() function validates: - Table existence in current schema - Required triggers: prebetter_pair_ai and prebetter_pair_au - Required indexes: PRIMARY, idx_pair_key, idx_source, idx_target Key design decisions: - Strict mode by default (raises RuntimeError on failure) - Comprehensive validation covering table, triggers, and indexes - Clear error messages guiding users to installation scripts - Lifespan integration ensures checks run before accepting requests - Prevents data corruption from running with invalid schema This follows fail-fast best practices: "reject bad inputs early before any damage is done." If the application is running, the required infrastructure is guaranteed to be present.
Applies ruff code formatter and auto-fixes to entire codebase for consistency. This includes: - Automated import sorting and cleanup - Code formatting per project style guide - Removal of unused imports and variables - F-string optimizations Changes are purely cosmetic and do not affect functionality. All fixes were applied automatically by ruff check --fix and ruff format. Note: tests/conftest.py has remaining E402 violations (module imports not at top) which are intentional due to environment setup requirements.
Adds ruff configuration to ignore E402 (module level import not at top of file) errors in tests/conftest.py. This is necessary because pytest fixtures must load environment variables via python-dotenv before importing application modules. The E402 violations are intentional and required for proper test environment setup. This fix resolves CI failures in the Backend Ruff GitHub Actions workflow.
Fix performance regression introduced in c208206 where the heartbeats query was accidentally changed from INNER JOIN with date filtering to LEFT JOIN without any date filter, causing full table scans. Changes: - Restore INNER JOIN (was LEFT JOIN) - Add back date filter: at.time >= DATE_SUB(NOW(), INTERVAL :days DAY) - Restore parameter binding: sql.bindparams(days=days) Performance impact: - Before: 8-10 second response time (full table scan) - After: ~1 second response time (indexed range scan on 1 day) - EXPLAIN confirms range scan on prelude_analyzertime_index Verified with: - time curl test: 1.021s real time - Backend logs: Duration improved from 8-10s to 0.9-1.0s - MySQL EXPLAIN: Shows "range" access with ~47k rows vs full scan
Use Vue 3.5+ data-allow-mismatch attribute instead of ClientOnly wrapper to handle timestamp hydration differences between server and client. This is the recommended approach as it: - Allows SSR to render initial content (better SEO/performance) - Suppresses the hydration warning for expected mismatches - Lets client update the DOM after hydration without warnings - More efficient than skipping SSR entirely with ClientOnly The timestamp will show server time initially, then update to accurate client time after hydration without triggering warnings.
Updated architecture diagram in README to fix formatting issues.
Replace sse-starlette with FastAPI's native fastapi.sse module (requires FastAPI >=0.135.0). Refactor alert and heartbeat SSE endpoints from inner generator closures to async iterable endpoints that yield ServerSentEvent objects directly. Remove keepalive/heartbeat counter logic and mysql-connector-python dependency (pymysql already covers MySQL).
Remove future=True from create_engine() and sessionmaker() calls. These flags were for SQLAlchemy 1.x -> 2.0 migration and are now the default in SQLAlchemy 2.x. Also move Generator import from typing to collections.abc.
Replace Optional[X] with X | None, List[X] with list[X], Dict[X, Y] with dict[X, Y], and Tuple[...] with tuple[...] across all backend modules. Move Iterator/Iterable/Generator from typing to collections.abc.
Fix severity sorting test to use ordinal comparison matching MySQL ENUM ordering instead of naive alphabetical sort. Rewrite timeline spacing test to validate all consecutive point pairs with minimum-gap semantics. Reformat long lines across test files.
Add seed_test_data.sql with 10 realistic IDS alerts, 5 heartbeats, and the Prebetter_Pair accelerator table. Uses NOW() for always-fresh timestamps relative to test execution.
Remove @nuxtjs/seo and its configuration (site block, ogTitle, ogDescription, useSchemaOrg, _robots.txt). Bump Nuxt to 4.3.1, Vue to 3.5.29, Tailwind CSS to 4.2.1, and other dependencies to latest.
Add seed_prelude.py as the single source of truth for test seed data. Each INSERT is an explicit text() call — no SQL file parsing. Cleanup table list is derived from the seed statements via regex extraction. conftest.py seeds data in a session-scoped transaction on the Prelude connection. Per-test isolation uses begin_nested() savepoints that roll back after each test while preserving seed data. Handles stale data from previous manual SQL runs. seed_test_data.sql remains for manual dev database seeding only.
Moving the prelude_pair_accelerator import before load_dotenv caused app.database.config to initialize the production engine from .env instead of .env.test. Tests were hitting the real database (268s vs 1.4s) and test_delete_last_superuser failed seeing a real admin user.
seed_prelude.py is the single source of truth for test seed data. The SQL file duplicated all 25 INSERT statements identically and was no longer loaded by any code.
…dle code - Strip analyzer/analyzer_host from grouped alerts in SSR transform (unused in table render) - Skip timeline data in SSR payload (Timeline.client.vue never renders server-side) - Defer FilterPanel reference API calls until popover opens (saves 3 requests per page load) - Remove unused TanStack row models (getFilteredRowModel, getPaginationRowModel, getSortedRowModel) - Switch culori to tree-shakeable culori/fn import with explicit mode registration - Drop unused Space Grotesk weight 400 (only 500/600/700 are used) - Eliminate groupIndex spread clone on displayData, use TanStack row index instead
…dead code - Move build_alert_base_query into AlertRepository.build_new_alerts_query() - Remove unused helpers: get_source/target_address_join_conditions, apply_sorting - Remove dead schemas: AddressCategory, TCPInfo, IPInfo, SnortInfo, AlertDetail computed props - Remove CompactGroupedAlert alias (was just GroupedAlert) - Modernize Optional[X] -> X | None across filters and auth - Add missing @classmethod on field_validators in prelude schemas - Fix process_info to handle plain strings instead of tuples - Remove unused DEFAULT_ACTIVE_THRESHOLD_SECONDS - Update backend CLAUDE.md to reflect new patterns
- Enforce SECRET_KEY min_length=32 at startup via pydantic Field - Add PASSWORD_MIN_LENGTH=8 validation on all password fields - Prevent demoting the last superuser (admin lockout protection) - Block auth/token and auth/refresh paths through frontend API proxy - Add concurrent token refresh lock to prevent thundering-herd refreshes
…ction Passwords with special characters (e.g. @, /) in f-string URLs break parsing or enable connection string injection. SQLAlchemy URL.create() handles proper escaping.
…avigation Raw router.push() races with pending debounced URL updates, causing stale filter values to overwrite the navigation target. navigateTo() clears pending updates before pushing.
Concurrent requests can't observe each other's Set-Cookie headers, so waiters on the refresh lock would re-read stale session tokens. The in-memory cache serves as shared source of truth during refresh cycles.
API proxy was wrapping backend errors with createError(), causing double-nested data (error.data.data.detail). Replaced with transparent passthrough using setResponseStatus() + return. All 4 dialog error handlers now properly parse both string detail (custom HTTPException) and Pydantic validation arrays, mapping backend field names to form field names.
…docs - Extract reusable PasswordInput with built-in eye toggle (replaces duplicated markup across login, change/create/reset password dialogs) - Migrate all FormField slots from `field` to `componentField` to match shadcn-vue recommended pattern (cleaner v-model binding for components) - Extract shared FastAPI error types and mapValidationErrorsToForm util
Bumps the uv group with 1 update in the /backend directory: [pytest](https://github.com/pytest-dev/pytest). Updates `pytest` from 9.0.2 to 9.0.3 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@9.0.2...9.0.3) --- updated-dependencies: - dependency-name: pytest dependency-version: 9.0.3 dependency-type: direct:development dependency-group: uv ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
LeonKohli
force-pushed
the
main
branch
2 times, most recently
from
a5e92c9 to
f7a9ce2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the uv group with 1 update in the /backend directory: pytest.
Updates
pytestfrom 9.0.2 to 9.0.3Release notes
Sourced from pytest's releases.
Commits
a7d58d7Prepare release version 9.0.3089d981Merge pull request #14366 from bluetech/revert-14193-backport8127eafRevert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"99a7e60Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...ddee02aMerge pull request #14343 from bluetech/cve-2025-71176-simple74eac69doc: Update training info (#14298) (#14301)f92dee7Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...7ee58acMerge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...37da870Merge pull request #14259 from mitre88/patch-4 (#14268)c34bfa3Add explanation for string context diffs (#14257) (#14266)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.