diff --git a/.circleci/config.yml b/.circleci/config.yml index 32010d67..cf9a095d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,8 +1,8 @@ version: 2.1 orbs: - python: circleci/python@1.3.4 - docker: circleci/docker@2.5.0 + python: circleci/python@3.2.0 + docker: circleci/docker@2.8.2 commands: build-and-publish-image: @@ -65,13 +65,13 @@ jobs: - run: name: Check format with Black command: | - pip install "black==22.3.0" + pip install "black==25.1.0" python -m black --check . golang-build-and-test: docker: # specify the version - - image: cimg/go:1.23 + - image: cimg/go:1.24 auth: username: ${DOCKER_LOGIN} password: ${DOCKER_PASSWORD} @@ -106,7 +106,7 @@ jobs: rust-create-cascade-build-and-test: docker: - - image: cimg/rust:1.82.0 + - image: cimg/rust:1.89.0 environment: RUSTFLAGS: '-D warnings' working_directory: ~/crlite/rust-create-cascade diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..ab56e241 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,22 @@ +# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates + +version: 2 +updates: + - package-ecosystem: cargo + directories: + - rust-create-cascade + - rust-query-crlite + schedule: + interval: weekly + - package-ecosystem: docker + directory: containers + schedule: + interval: weekly + - package-ecosystem: gomod + directory: go + schedule: + interval: weekly + - package-ecosystem: pip + directory: / + schedule: + interval: weekly diff --git a/containers/Dockerfile b/containers/Dockerfile index a5d18b8f..b6ad19b3 100644 --- a/containers/Dockerfile +++ b/containers/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24.5-bookworm AS go-builder +FROM golang:1.24.6-bookworm AS go-builder RUN mkdir /build ADD go /build/ WORKDIR /build @@ -20,7 +20,7 @@ WORKDIR /build/rust-query-crlite RUN cargo build --release --target-dir /build -FROM python:3.12.2-slim-bookworm +FROM python:3.13.6-slim-bookworm RUN apt update \ && apt install -y ca-certificates \ && apt -y upgrade \ diff --git a/go/go.mod b/go/go.mod index ccccf88f..7dbef443 100644 --- a/go/go.mod +++ b/go/go.mod @@ -3,12 +3,12 @@ module github.com/mozilla/crlite/go require ( filippo.io/sunlight v0.5.2 filippo.io/torchwood v0.5.1-0.20250713221105-b067ac9d4cf6 - github.com/bluele/gcache v0.0.0-20190518031135-bc40bd653833 + github.com/bluele/gcache v0.0.2 github.com/go-redis/redis v6.15.9+incompatible - github.com/golang/glog v1.2.4 + github.com/golang/glog v1.2.5 github.com/google/certificate-transparency-go v1.3.2 github.com/google/renameio v1.0.1 - github.com/hashicorp/go-metrics v0.5.3 + github.com/hashicorp/go-metrics v0.5.4 github.com/jpillora/backoff v1.0.0 gopkg.in/ini.v1 v1.67.0 ) @@ -28,4 +28,4 @@ require ( go 1.24.4 -toolchain go1.24.5 +toolchain go1.24.6 diff --git a/go/go.sum b/go/go.sum index 8a06f34e..5c94a788 100644 --- a/go/go.sum +++ b/go/go.sum @@ -1,3 +1,4 @@ +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= filippo.io/sunlight v0.5.2 h1:n1aHo9ax1QvG91RrPcyFZ7F2pT7hTgywvpfytqlJiW0= filippo.io/sunlight v0.5.2/go.mod h1:1wUWZmC0tYtzP0PC2rsegshLsLYZ6sgFSe4Utj33Tyg= filippo.io/torchwood v0.5.1-0.20250713221105-b067ac9d4cf6 h1:feb1i6byodl8n5WEJJ1fafcP3eVBiiVloh3mYvnRmJY= @@ -7,11 +8,13 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= +github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bluele/gcache v0.0.0-20190518031135-bc40bd653833 h1:yCfXxYaelOyqnia8F/Yng47qhmfC9nKTRIbYRrRueq4= -github.com/bluele/gcache v0.0.0-20190518031135-bc40bd653833/go.mod h1:8c4/i2VlovMO2gBnHGQPN5EJw+H0lx1u/5p+cgsXtCk= +github.com/bluele/gcache v0.0.2 h1:WcbfdXICg7G/DGBh1PFfcirkWOQV+v077yF1pSy3DGw= +github.com/bluele/gcache v0.0.2/go.mod h1:m15KV+ECjptwSPxKhOhQoAFQVtUFjTVkc3H8o0t/fp0= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= @@ -25,15 +28,17 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg= github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/golang/glog v1.2.4 h1:CNNw5U8lSiiBk7druxtSHHTsRWcxKoac6kZKm2peBBc= -github.com/golang/glog v1.2.4/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.5 h1:DrW6hGnjIhtvhOIiAKT6Psh/Kd/ldepEa81DKeiRJ5I= +github.com/golang/glog v1.2.5/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -43,11 +48,14 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/google/certificate-transparency-go v1.3.2 h1:9ahSNZF2o7SYMaKaXhAumVEzXB2QaayzII9C8rv7v+A= github.com/google/certificate-transparency-go v1.3.2/go.mod h1:H5FpMUaGa5Ab2+KCYsxg6sELw3Flkl7pGZzWdBoYLXs= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -57,8 +65,8 @@ github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-metrics v0.5.3 h1:M5uADWMOGCTUNU1YuC4hfknOeHNaX54LDm4oYSucoNE= -github.com/hashicorp/go-metrics v0.5.3/go.mod h1:KEjodfebIOuBYSAe/bHTm+HChmKSxAOXPBieMLYozDE= +github.com/hashicorp/go-metrics v0.5.4 h1:8mmPiIJkTPPEbAiV97IxdAGNdRdaWwVap1BU6elejKY= +github.com/hashicorp/go-metrics v0.5.4/go.mod h1:CG5yz4NZ/AI/aQt9Ucm/vdBnbh7fvmv4lxZ350i+QQI= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= @@ -71,8 +79,12 @@ github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2E github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -83,6 +95,7 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= @@ -98,22 +111,30 @@ github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0Mw github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= +github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= @@ -133,21 +154,26 @@ golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8= golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -159,13 +185,19 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= @@ -176,12 +208,14 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= diff --git a/moz_kinto_publisher/main.py b/moz_kinto_publisher/main.py index 640432b5..32f7f1ed 100755 --- a/moz_kinto_publisher/main.py +++ b/moz_kinto_publisher/main.py @@ -751,9 +751,9 @@ def publish_crlite_record( # await FilterExpressions.eval(expression, context) # See https://remote-settings.readthedocs.io/en/latest/target-filters.html # for the expression syntax and the definition of env. - attributes[ - "filter_expression" - ] = f"env.version|versionCompare('{channel.supported_version}.!') >= 0 && '{channel.slug}' == 'security.pki.crlite_channel'|preferenceValue('none')" + attributes["filter_expression"] = ( + f"env.version|versionCompare('{channel.supported_version}.!') >= 0 && '{channel.slug}' == 'security.pki.crlite_channel'|preferenceValue('none')" + ) record = rw_client.create_record( collection=settings.KINTO_CRLITE_COLLECTION, diff --git a/rust-create-cascade/Cargo.toml b/rust-create-cascade/Cargo.toml index 92d09e28..71a1276c 100644 --- a/rust-create-cascade/Cargo.toml +++ b/rust-create-cascade/Cargo.toml @@ -3,16 +3,16 @@ name = "rust-create-cascade" version = "0.1.0" [dependencies] -base64 = "0.13" -bincode = "1.3" -clap = { version = "3.0", features = ["derive"] } +base64 = "0.22" +bincode = { version = "2.0", features = ["serde"] } +clap = { version = "4.5", features = ["derive"] } hex = "0.4" log = "0.4" -rand="0.7" +rand="0.9" rayon = "1.5" rust_cascade = { version = "1.5.0" , features = ["builder"] } statsd = "0.16.0" -stderrlog = "0.5" +stderrlog = "0.6" tempfile = "3.10.1" clubcard = { version = "0.3", features = ["builder"] } clubcard-crlite = { version = "0.3", features = ["builder"] } diff --git a/rust-create-cascade/src/cascade_helper.rs b/rust-create-cascade/src/cascade_helper.rs index 4b2e4d03..91655b83 100644 --- a/rust-create-cascade/src/cascade_helper.rs +++ b/rust-create-cascade/src/cascade_helper.rs @@ -14,8 +14,7 @@ use std::fs::File; use std::io::prelude::Write; use std::path::Path; -use rand::rngs::OsRng; -use rand::RngCore; +use rand::{rngs::OsRng, TryRngCore}; impl FilterBuilder for CascadeBuilder { type ExcludeSetType = ExcludeSet; @@ -114,7 +113,7 @@ pub fn create_cascade( let mut salt = vec![0u8; salt_len]; if salt_len > 0 { - OsRng.fill_bytes(&mut salt); + let _ = OsRng.try_fill_bytes(&mut salt); } let mut builder = CascadeBuilder::new(hash_alg, salt, revoked, not_revoked); diff --git a/rust-create-cascade/src/main.rs b/rust-create-cascade/src/main.rs index 5c7a239f..e5d7e6e9 100644 --- a/rust-create-cascade/src/main.rs +++ b/rust-create-cascade/src/main.rs @@ -44,6 +44,7 @@ extern crate statsd; extern crate stderrlog; extern crate tempfile; +use base64::{Engine as _, engine::general_purpose::URL_SAFE}; use clap::Parser; use log::*; use rayon::iter::{IntoParallelRefIterator, ParallelIterator}; @@ -260,7 +261,7 @@ impl Iterator for KnownSerialIterator { } fn decode_issuer(s: &str) -> [u8; 32] { - base64::decode_config(s, base64::URL_SAFE) + URL_SAFE.decode(s) .expect("found invalid issuer id: not url-safe base64.") .try_into() .expect("found invalid issuer id: not 32 bytes.") @@ -584,9 +585,9 @@ fn write_revset_and_delta( ) { let prev_revset: HashSet> = match std::fs::read(prev_revset_file) .as_deref() - .map(bincode::deserialize) + .map(|b| bincode::serde::decode_from_slice(b, bincode::config::legacy())) { - Ok(Ok(prev_revset)) => prev_revset, + Ok(Ok((prev_revset, _))) => prev_revset, _ => { warn!("Could not load previous revset. Stash file will be large."); Default::default() @@ -615,7 +616,7 @@ fn write_revset_and_delta( } } - let revset_bytes = bincode::serialize(&revset).unwrap(); + let revset_bytes = bincode::serde::encode_to_vec(&revset, bincode::config::legacy()).unwrap(); info!("Revset is {} bytes", revset_bytes.len()); std::fs::write(output_revset_file, &revset_bytes).expect("can't write revset file"); @@ -684,29 +685,29 @@ enum FilterType { #[derive(Parser)] struct Cli { - #[clap(long, parse(from_os_str), default_value = "./known/")] + #[arg(long, value_parser = clap::value_parser!(PathBuf), default_value = "./known/")] known: PathBuf, - #[clap(long, parse(from_os_str), default_value = "./revoked/")] + #[arg(long, value_parser = clap::value_parser!(PathBuf), default_value = "./revoked/")] revoked: PathBuf, - #[clap(long, parse(from_os_str), default_value = "./prev_revset.bin")] + #[arg(long, value_parser = clap::value_parser!(PathBuf), default_value = "./prev_revset.bin")] prev_revset: PathBuf, - #[clap(long, parse(from_os_str), default_value = "./ct-logs.json")] + #[arg(long, value_parser = clap::value_parser!(PathBuf), default_value = "./ct-logs.json")] ct_logs_json: PathBuf, - #[clap(long, parse(from_os_str), default_value = ".")] + #[arg(long, value_parser = clap::value_parser!(PathBuf), default_value = ".")] outdir: PathBuf, - #[clap(long, value_enum, default_value = "all")] + #[arg(long, value_enum, default_value = "all")] reason_set: ReasonSet, - #[clap(long, value_enum, default_value = "all")] + #[arg(long, value_enum, default_value = "all")] delta_reason_set: ReasonSet, - #[clap(long)] + #[arg(long)] statsd_host: Option, - #[clap(long)] + #[arg(long)] murmurhash3: bool, - #[clap(long, value_enum, default_value = "cascade")] + #[arg(long, value_enum, default_value = "cascade")] filter_type: FilterType, - #[clap(long)] + #[arg(long)] clobber: bool, - #[clap(short = 'v', parse(from_occurrences))] + #[arg(short = 'v', value_parser = clap::value_parser!(usize))] verbose: usize, } @@ -1006,9 +1007,9 @@ mod tests { decode_issuer, decode_serial, write_revset_and_delta, write_stash, CheckableFilter, Reason, ReasonSet, }; + use base64::{Engine as _, engine::general_purpose::URL_SAFE}; use clubcard_crlite::CRLiteClubcard; - use rand::rngs::OsRng; - use rand::RngCore; + use rand::{rngs::OsRng, TryRngCore}; use rust_cascade::{Cascade, HashAlgorithm}; use std::collections::HashSet; use std::convert::TryInto; @@ -1044,11 +1045,11 @@ mod tests { fn add_issuer(&self) -> String { let mut issuer_bytes = vec![0u8; 32]; - OsRng.fill_bytes(&mut issuer_bytes); + OsRng.try_fill_bytes(&mut issuer_bytes).expect("could not fill issuer_bytes"); - let issuer_str = base64::encode_config(issuer_bytes, base64::URL_SAFE); + let issuer_str = URL_SAFE.encode(issuer_bytes); std::fs::File::create(self.known_dir().join(&issuer_str)) - .expect("could not create issuer file"); + .expect(&format!("could not create issuer file {issuer_str}")); std::fs::File::create(self.revoked_dir().join(&issuer_str)) .expect("could not create issuer file"); issuer_str @@ -1056,7 +1057,7 @@ mod tests { fn add_serial(&self, issuer: &str) -> String { let mut serial_bytes = vec![0u8; 20]; - OsRng.fill_bytes(&mut serial_bytes); + let _ = OsRng.try_fill_bytes(&mut serial_bytes); let mut known_file = std::fs::OpenOptions::new() .append(true) @@ -1071,7 +1072,7 @@ mod tests { fn add_revoked_serial(&self, issuer: &str, reason: Reason) -> String { let mut serial_bytes = vec![0u8; 20]; - OsRng.fill_bytes(&mut serial_bytes); + let _ = OsRng.try_fill_bytes(&mut serial_bytes); let mut known_file = std::fs::OpenOptions::new() .append(true) @@ -1202,7 +1203,7 @@ mod tests { std::fs::rename(&revset_file, &prev_revset_file).expect("could not move revset file"); let first_revset_bytes = std::fs::read(&prev_revset_file).expect("could not read revset"); let first_revset: HashSet> = - bincode::deserialize(&first_revset_bytes).expect("could not parse revset"); + bincode::serde::decode_from_slice(&first_revset_bytes, bincode::config::legacy()).expect("could not parse revset").0; // Add a revoked serial after writing the first revset and stash let serial = env.add_revoked_serial(&issuer, Reason::Unspecified); @@ -1221,7 +1222,7 @@ mod tests { let second_revset_bytes = std::fs::read(&revset_file).expect("could not read revset"); let second_revset: HashSet> = - bincode::deserialize(&second_revset_bytes).expect("could not parse revset"); + bincode::serde::decode_from_slice(&second_revset_bytes, bincode::config::legacy()).expect("could not parse revset").0; let serial_bytes = decode_serial(&serial); let issuer_bytes = decode_issuer(&issuer); @@ -1255,7 +1256,7 @@ mod tests { let third_revset_bytes = std::fs::read(&revset_file).expect("could not read revset"); let third_revset: HashSet> = - bincode::deserialize(&third_revset_bytes).expect("could not parse revset"); + bincode::serde::decode_from_slice(&third_revset_bytes, bincode::config::legacy()).expect("could not parse revset").0; // The newly revoked serial should not be in the third revset as it has // an unspecified reason code diff --git a/rust-query-crlite/Cargo.toml b/rust-query-crlite/Cargo.toml index 03f28fcf..4816312a 100644 --- a/rust-query-crlite/Cargo.toml +++ b/rust-query-crlite/Cargo.toml @@ -4,22 +4,22 @@ version = "0.1.0" edition = "2021" [dependencies] -base64 = "0.21" -bincode = "1.3" +base64 = "0.22" +bincode = { version = "2.0", features = ["serde"] } byteorder = "1.2.7" clap = { version = "4.5", features = ["derive"] } clubcard = "0.3" clubcard-crlite = "0.3" -der-parser = "9.0" +der-parser = "10.0" hex = "0.4" log = "0.4" num-bigint = "0.4" -pem = "1.0" -reqwest = { version = "0.11", features = ["blocking", "json", "rustls-tls"] } +pem = "3.0" +reqwest = { version = "0.12", features = ["blocking", "json", "rustls-tls"] } rust_cascade = "1.4.0" rustls = { version = "0.21", features = ["dangerous_configuration"] } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" sha2 = "0.10.2" -stderrlog = "0.5" -x509-parser = { version = "0.16.0", features = ["verify"] } +stderrlog = "0.6" +x509-parser = { version = "0.17.0", features = ["verify"] } diff --git a/rust-query-crlite/src/main.rs b/rust-query-crlite/src/main.rs index 4a45e5bd..40acd139 100644 --- a/rust-query-crlite/src/main.rs +++ b/rust-query-crlite/src/main.rs @@ -381,13 +381,13 @@ impl Intermediates { let mut intermediates = Intermediates::new(); for der in list { - if let Ok((_, cert)) = X509Certificate::from_der(&der.contents) { + if let Ok((_, cert)) = X509Certificate::from_der(der.contents()) { let name = cert.tbs_certificate.subject.as_raw(); intermediates .0 .entry(name.to_vec()) .or_default() - .push(der.contents); + .push(DERCert::from(der.contents())); } else { return Err(CRLiteDBError::from("error reading CCADB report")); } @@ -396,17 +396,17 @@ impl Intermediates { } fn from_bincode(bytes: &[u8]) -> Result { - let inner = bincode::deserialize(bytes) + let (inner, _) = bincode::serde::decode_from_slice(bytes, bincode::config::legacy()) .map_err(|_| CRLiteDBError::from("could not deserialize bincoded intermediates"))?; Ok(Intermediates(inner)) } fn encode(&self) -> Result, CRLiteDBError> { - bincode::serialize(&self.0) + bincode::serde::encode_to_vec(&self.0, bincode::config::legacy()) .map_err(|_| CRLiteDBError::from("could not serialize intermediates")) } - fn lookup_issuer_spki(&self, cert: &X509Certificate) -> Option { + fn lookup_issuer_spki(&self, cert: &X509Certificate) -> Option> { let issuer_dn = cert.tbs_certificate.issuer.as_raw(); if let Some(der_issuer_certs) = self.0.get(issuer_dn) { let parsed_issuer_certs = der_issuer_certs @@ -545,13 +545,14 @@ fn query_https_addr( } fn query_cert_pem_or_der_bytes(db: &CRLiteDB, input: &[u8]) -> Result { - let der_cert = match pem::parse(input) { - Ok(pem_cert) => pem_cert.contents, - _ => input.to_vec(), - }; - X509Certificate::from_der(&der_cert) - .map(|(_, cert)| db.query(&cert)) - .map_err(|_| CRLiteDBError::from("could not parse certificate")) + X509Certificate::from_der( + &(match pem::parse(input) { + Ok(ref pem_cert) => pem_cert.contents(), + _ => input, + }), + ) + .map(|(_, cert)| db.query(&cert)) + .map_err(|_| CRLiteDBError::from("could not parse certificate")) } fn query_certs(db: &CRLiteDB, files: &[PathBuf]) -> Result { @@ -620,23 +621,23 @@ fn query_crtsh_id(db: &CRLiteDB, id: &str) -> Result { #[derive(Parser)] struct Cli { /// Download a new CRLite filter and associated metadata from Firefox Remote Settings. - #[clap(long, value_enum)] + #[arg(long, value_enum)] update: Option, /// CRLite filter channel - #[clap(long, value_enum, default_value = "default")] + #[arg(long, value_enum, default_value = "default")] channel: CRLiteFilterChannel, /// CRLite directory e.g. /security_state/. - #[clap(short, long, default_value = "./crlite_db/")] + #[arg(short, long, default_value = "./crlite_db/")] db: PathBuf, /// Silence all output. - #[clap(short = 'q')] + #[arg(short = 'q')] quiet: bool, /// Include debug output in logs. - #[clap(short = 'v', action = clap::ArgAction::Count)] + #[arg(short = 'v', action = clap::ArgAction::Count)] verbose: u8, #[clap(subcommand)]