Update Fleet-maintained apps

[fleet-release]

Automated ingestion of latest Fleet-maintained app data.

Summary by CodeRabbit

Release Notes

• Chores
  • Updated 30+ maintained applications to their latest versions across macOS and Windows platforms, including Firefox, Postman, Android Studio, Cursor, Notion, Claude, and other popular development and productivity tools.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[github-actions]

Script Diff Results

ee/maintained-apps/outputs/1password/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/1password/windows.json

=== Install Script (no changes) ===
=== Uninstall // 9f49925c -> eeb3b3d3 ===

--- /tmp/old.7jOZQO	2026-06-17 00:34:26.920397952 +0000
+++ /tmp/new.WuClvr	2026-06-17 00:34:26.920397952 +0000
@@ -1,7 +1,7 @@
 # 1Password Uninstall Script
 # Closes running processes before uninstalling to prevent hangs
 
-$product_code = '{2385DFA4-343E-42DE-9E7A-D41189885BD7}'
+$product_code = '{D56E499A-302F-403E-A362-450BCE7AD94F}'
 $timeoutSeconds = 300  # 5 minute timeout
 
 # Close any running 1Password processes

ee/maintained-apps/outputs/alcove/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/android-studio/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/bambu-studio/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/claude/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/codex-app/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/cursor/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/firefox/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/firefox@esr/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/forklift/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/framer/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/gitkraken/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/granola/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/insomnia/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/kiro-cli/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/notion/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/postman/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/postman/windows.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/power-bi/windows.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/qlab/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/rive/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/sql-server-management-studio/windows.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/sqlpro-for-mssql/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/superwhisper/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/thunderbird/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/unity-hub/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/virtualbox/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/webcatalog/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/webex/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/windows-app/windows.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/yubico-authenticator/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

[coderabbitai]

Walkthrough

This PR performs a batch update of Fleet maintained-app output JSON manifests for macOS (darwin) and Windows platforms. Across approximately 30 apps, the changes follow a uniform pattern: incrementing the version field, updating the queries.patched SQL version_compare threshold to the new version, replacing installer_url with the new artifact download link, and updating the sha256 checksum. Two entries carry additional changes: the 1Password Windows manifest replaces the uninstall script reference and its embedded MSI product code, and the Alcove macOS manifest switches the installer URL to a direct DMG endpoint while setting sha256 to "no_check".

Possibly related PRs

• fleetdm/fleet#45954: Updates the same ee/maintained-apps/outputs/1password/windows.json manifest, including uninstall_script_ref and the MSI product code embedded in the uninstall PowerShell script.
• fleetdm/fleet#47662: Modifies the same ee/maintained-apps/outputs/codex-app/darwin.json file, bumping version and updating queries.patched threshold and installer metadata.
• fleetdm/fleet#47676: Updates Granola maintained-app metadata (Windows counterpart) by changing version, queries.patched thresholds, and associated installer_url/sha256, mirroring the macOS Granola change in this PR.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is extremely minimal and does not follow the required template structure. It lacks required sections like 'Related issue', testing information, checklist items, and specific details about what changed.	Expand the description to follow the template: add 'Related issue', specify testing performed, include applicable checklist items, and provide details about the automated ingestion process and scope of app updates.
Title check	❓ Inconclusive	The title 'Update Fleet-maintained apps' is vague and generic, using a broad action word without specifying which apps or what type of updates were made.	Make the title more specific by mentioning the number of apps updated or the specific change pattern (e.g., 'Update versions for 33 Fleet-maintained apps' or 'Bump Fleet-maintained app versions').

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fma-2606170029

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ee/maintained-apps/outputs/alcove/darwin.json`:
- Line 12: The sha256 field in the darwin.json file is set to "no_check" which
disables checksum verification for the installer download, compromising
supply-chain integrity. Replace the "no_check" value with the actual SHA256 hash
of the darwin installer to enable proper hash enforcement and restore
verification of the downloaded file's integrity.
- Line 9: The installer URL in line 9 has been changed to a DMG file format, but
the install script referenced by bdb62bd2 still contains an unzip command that
is incompatible with DMG files. Locate the install script referenced by bdb62bd2
and update the extraction step that currently runs unzip "$INSTALLER_PATH" to
use a DMG-compatible extraction method instead, such as the appropriate macOS
tool for mounting or extracting DMG archives.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 11657582-a2b3-44ad-8aa0-8378adc96c65

📥 Commits

Reviewing files that changed from the base of the PR and between ef0aed3 and 527f963.

📒 Files selected for processing (32)

• ee/maintained-apps/outputs/1password/darwin.json
• ee/maintained-apps/outputs/1password/windows.json
• ee/maintained-apps/outputs/alcove/darwin.json
• ee/maintained-apps/outputs/android-studio/darwin.json
• ee/maintained-apps/outputs/bambu-studio/darwin.json
• ee/maintained-apps/outputs/claude/darwin.json
• ee/maintained-apps/outputs/codex-app/darwin.json
• ee/maintained-apps/outputs/cursor/darwin.json
• ee/maintained-apps/outputs/firefox/darwin.json
• ee/maintained-apps/outputs/firefox@esr/darwin.json
• ee/maintained-apps/outputs/forklift/darwin.json
• ee/maintained-apps/outputs/framer/darwin.json
• ee/maintained-apps/outputs/gitkraken/darwin.json
• ee/maintained-apps/outputs/granola/darwin.json
• ee/maintained-apps/outputs/insomnia/darwin.json
• ee/maintained-apps/outputs/kiro-cli/darwin.json
• ee/maintained-apps/outputs/notion/darwin.json
• ee/maintained-apps/outputs/postman/darwin.json
• ee/maintained-apps/outputs/postman/windows.json
• ee/maintained-apps/outputs/power-bi/windows.json
• ee/maintained-apps/outputs/qlab/darwin.json
• ee/maintained-apps/outputs/rive/darwin.json
• ee/maintained-apps/outputs/sql-server-management-studio/windows.json
• ee/maintained-apps/outputs/sqlpro-for-mssql/darwin.json
• ee/maintained-apps/outputs/superwhisper/darwin.json
• ee/maintained-apps/outputs/thunderbird/darwin.json
• ee/maintained-apps/outputs/unity-hub/darwin.json
• ee/maintained-apps/outputs/virtualbox/darwin.json
• ee/maintained-apps/outputs/webcatalog/darwin.json
• ee/maintained-apps/outputs/webex/darwin.json
• ee/maintained-apps/outputs/windows-app/windows.json
• ee/maintained-apps/outputs/yubico-authenticator/darwin.json

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Installer format is incompatible with the referenced install script.

Line 9 switches to a .dmg, but the referenced install script (refs["bdb62bd2"]) still runs unzip "$INSTALLER_PATH", which will fail for DMG input and break installation.

Proposed fix (update extract step in bdb62bd2)

-# extract contents
-unzip "$INSTALLER_PATH" -d "$TMPDIR"
+# extract contents
+MOUNT_POINT=$(mktemp -d /tmp/dmg_mount_XXXXXX)
+yes | hdiutil attach -plist -nobrowse -readonly -mountpoint "$MOUNT_POINT" "$INSTALLER_PATH" || exit 1
+sudo cp -R "$MOUNT_POINT"/* "$TMPDIR"
+hdiutil detach "$MOUNT_POINT" || true

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ee/maintained-apps/outputs/alcove/darwin.json` at line 9, The installer URL
in line 9 has been changed to a DMG file format, but the install script
referenced by bdb62bd2 still contains an unzip command that is incompatible with
DMG files. Locate the install script referenced by bdb62bd2 and update the
extraction step that currently runs unzip "$INSTALLER_PATH" to use a
DMG-compatible extraction method instead, such as the appropriate macOS tool for
mounting or extracting DMG archives.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Checksum verification was disabled for this installer.

Line 12 changes sha256 to no_check, which disables hash enforcement for this download path and weakens supply-chain integrity guarantees.

Proposed fix

-      "sha256": "no_check",
+      "sha256": "<sha256-of-Alcove.dmg>",

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ee/maintained-apps/outputs/alcove/darwin.json` at line 12, The sha256 field
in the darwin.json file is set to "no_check" which disables checksum
verification for the installer download, compromising supply-chain integrity.
Replace the "no_check" value with the actual SHA256 hash of the darwin installer
to enable proper hash enforcement and restore verification of the downloaded
file's integrity.

[github-actions]

Closing in favor of #47733.