Merge branch 'develop' into mac_from_snap

Author: nasbench

.github/dependabot.yml

@@ -3,4 +3,8 @@ updates:
 - package-ecosystem: "github-actions"
   directory: "/"
   schedule:
-    interval: "weekly"
+    interval: "weekly"
+- package-ecosystem: "pre-commit"
+  directory: "/"
+  schedule:
+    interval: "weekly"

.github/workflows/appinspect.yml

@@ -37,7 +37,7 @@ jobs:
           cp -r dist/*.tar.gz artifacts/
 
       - name: store_artifacts
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: content-latest
           path: |

.github/workflows/build-response-templates.yml

@@ -31,7 +31,7 @@ jobs:
           cp response_templates/merged_response_templates/* dist/api/response_templates/
 
       - name: store_artifacts
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: response-templates
           path: |

.github/workflows/build.yml

@@ -31,7 +31,7 @@ jobs:
           mv dist/DA-ESS-ContentUpdate-latest.tar.gz artifacts/
 
       - name: store_artifacts
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: content-latest
           path: |

.github/workflows/datasource-dependabot.yml

@@ -53,5 +53,5 @@ jobs:
           base: develop
           title: Automated Splunk TA Update ${{ github.run_number }}
           body: "This PR contains updates to Splunk TAs made by GitHub Actions workflow."
-          paths: |
-            security_content/data_sources/**
+          add-paths: |
+            security_content/data_sources/**

.github/workflows/unit-testing.yml

@@ -47,7 +47,7 @@ jobs:
         # Store test_results/summary.yml and dist/DA-ESS-ContentUpdate-latest.tar.gz to job artifact-test_summary_results.zip
         - name: store_artifacts
           if: always()
-          uses: actions/upload-artifact@v6
+          uses: actions/upload-artifact@v7
           with:
             name: test_summary_results
             path: |

.github/workflows/update_splunk_tas.yml

@@ -20,7 +20,7 @@ jobs:
         with:
           python-version: '3.10'  # or the version your script requires
 
-      - uses: aws-actions/configure-aws-credentials@v5
+      - uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.pre-commit-config.yaml

@@ -1,14 +1,9 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0 # Use the ref you want to point at
+    rev: v6.0.0 # Use the ref you want to point at
     hooks:
-      - id: check-executables-have-shebangs
-        exclude: "package/bin/da_ess_contentupdate/|package/bin/splunklib/|venv/"
       - id: check-json
       - id: check-symlinks
-      # - id: check-yaml
-      - id: pretty-format-json
-        args: [--autofix]
       - id: requirements-txt-fixer
       - id: detect-aws-credentials
         args: ['--allow-missing-credentials']
@@ -21,8 +16,8 @@ repos:
       - id: yamlfmt
         name: yamlfmt (detections only)
         description: Format YAML files in detections/ with yamlfmt
-        entry: python .pre-commit-hooks/yamlfmt-hook.py
-        language: system
+        entry: .pre-commit-hooks/yamlfmt-hook.py
+        language: python
         files: ^detections/.*\.(yml|yaml)$
         pass_filenames: true
         # Optional: Specify custom yamlfmt binary path if not in PATH

.pre-commit-hooks/yamlfmt-hook.py

@@ -1,10 +1,10 @@
 name: Baseline Of Cloud Infrastructure API Calls Per User
 id: 1da5d5ea-4382-447d-98a9-87c358c95fcb
-version: 2
-date: '2026-01-14'
+version: 3
+date: '2026-02-25'
 author: David Dorsey, Splunk
 type: Baseline
-status: production
+status: deprecated
 description: This search is used to build a Machine Learning Toolkit (MLTK) model
   for how many API calls are performed by each user. By default, the search uses the
   last 90 days of data to build the model and the model is rebuilt weekly. The model