From 988906bb79229a6700d246cd188035fbb03e1386 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 14 Dec 2025 21:29:42 -0500 Subject: [PATCH 01/24] build(deps): bump the npm group with 2 updates (#1339) Co-authored-by: Jason Cameron --- package-lock.json | 224 +++++++++++++++++++++++----------------------- package.json | 4 +- 2 files changed, 114 insertions(+), 114 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6f6fac33..45754da7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,12 +10,12 @@ "license": "ISC", "dependencies": { "@aws-crypto/sha256-js": "^5.2.0", - "preact": "^10.27.2" + "preact": "^10.28.0" }, "devDependencies": { "cssnano": "^7.1.2", "cssnano-preset-advanced": "^7.0.10", - "esbuild": "^0.27.0", + "esbuild": "^0.27.1", "playwright": "^1.52.0", "postcss-cli": "^11.0.1", "postcss-import": "^16.1.1", @@ -62,9 +62,9 @@ } }, "node_modules/@esbuild/aix-ppc64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.0.tgz", - "integrity": "sha512-KuZrd2hRjz01y5JK9mEBSD3Vj3mbCvemhT466rSuJYeE/hjuBrHfjjcjMdTm/sz7au+++sdbJZJmuBwQLuw68A==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.1.tgz", + "integrity": "sha512-HHB50pdsBX6k47S4u5g/CaLjqS3qwaOVE5ILsq64jyzgMhLuCuZ8rGzM9yhsAjfjkbgUPMzZEPa7DAp7yz6vuA==", "cpu": [ "ppc64" ], @@ -79,9 +79,9 @@ } }, "node_modules/@esbuild/android-arm": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.0.tgz", - "integrity": "sha512-j67aezrPNYWJEOHUNLPj9maeJte7uSMM6gMoxfPC9hOg8N02JuQi/T7ewumf4tNvJadFkvLZMlAq73b9uwdMyQ==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.1.tgz", + "integrity": "sha512-kFqa6/UcaTbGm/NncN9kzVOODjhZW8e+FRdSeypWe6j33gzclHtwlANs26JrupOntlcWmB0u8+8HZo8s7thHvg==", "cpu": [ "arm" ], @@ -96,9 +96,9 @@ } }, "node_modules/@esbuild/android-arm64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.0.tgz", - "integrity": "sha512-CC3vt4+1xZrs97/PKDkl0yN7w8edvU2vZvAFGD16n9F0Cvniy5qvzRXjfO1l94efczkkQE6g1x0i73Qf5uthOQ==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.1.tgz", + "integrity": "sha512-45fuKmAJpxnQWixOGCrS+ro4Uvb4Re9+UTieUY2f8AEc+t7d4AaZ6eUJ3Hva7dtrxAAWHtlEFsXFMAgNnGU9uQ==", "cpu": [ "arm64" ], @@ -113,9 +113,9 @@ } }, "node_modules/@esbuild/android-x64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.0.tgz", - "integrity": "sha512-wurMkF1nmQajBO1+0CJmcN17U4BP6GqNSROP8t0X/Jiw2ltYGLHpEksp9MpoBqkrFR3kv2/te6Sha26k3+yZ9Q==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.1.tgz", + "integrity": "sha512-LBEpOz0BsgMEeHgenf5aqmn/lLNTFXVfoWMUox8CtWWYK9X4jmQzWjoGoNb8lmAYml/tQ/Ysvm8q7szu7BoxRQ==", "cpu": [ "x64" ], @@ -130,9 +130,9 @@ } }, "node_modules/@esbuild/darwin-arm64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.0.tgz", - "integrity": "sha512-uJOQKYCcHhg07DL7i8MzjvS2LaP7W7Pn/7uA0B5S1EnqAirJtbyw4yC5jQ5qcFjHK9l6o/MX9QisBg12kNkdHg==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.1.tgz", + "integrity": "sha512-veg7fL8eMSCVKL7IW4pxb54QERtedFDfY/ASrumK/SbFsXnRazxY4YykN/THYqFnFwJ0aVjiUrVG2PwcdAEqQQ==", "cpu": [ "arm64" ], @@ -147,9 +147,9 @@ } }, "node_modules/@esbuild/darwin-x64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.0.tgz", - "integrity": "sha512-8mG6arH3yB/4ZXiEnXof5MK72dE6zM9cDvUcPtxhUZsDjESl9JipZYW60C3JGreKCEP+p8P/72r69m4AZGJd5g==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.1.tgz", + "integrity": "sha512-+3ELd+nTzhfWb07Vol7EZ+5PTbJ/u74nC6iv4/lwIU99Ip5uuY6QoIf0Hn4m2HoV0qcnRivN3KSqc+FyCHjoVQ==", "cpu": [ "x64" ], @@ -164,9 +164,9 @@ } }, "node_modules/@esbuild/freebsd-arm64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.0.tgz", - "integrity": "sha512-9FHtyO988CwNMMOE3YIeci+UV+x5Zy8fI2qHNpsEtSF83YPBmE8UWmfYAQg6Ux7Gsmd4FejZqnEUZCMGaNQHQw==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.1.tgz", + "integrity": "sha512-/8Rfgns4XD9XOSXlzUDepG8PX+AVWHliYlUkFI3K3GB6tqbdjYqdhcb4BKRd7C0BhZSoaCxhv8kTcBrcZWP+xg==", "cpu": [ "arm64" ], @@ -181,9 +181,9 @@ } }, "node_modules/@esbuild/freebsd-x64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.0.tgz", - "integrity": "sha512-zCMeMXI4HS/tXvJz8vWGexpZj2YVtRAihHLk1imZj4efx1BQzN76YFeKqlDr3bUWI26wHwLWPd3rwh6pe4EV7g==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.1.tgz", + "integrity": "sha512-GITpD8dK9C+r+5yRT/UKVT36h/DQLOHdwGVwwoHidlnA168oD3uxA878XloXebK4Ul3gDBBIvEdL7go9gCUFzQ==", "cpu": [ "x64" ], @@ -198,9 +198,9 @@ } }, "node_modules/@esbuild/linux-arm": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.0.tgz", - "integrity": "sha512-t76XLQDpxgmq2cNXKTVEB7O7YMb42atj2Re2Haf45HkaUpjM2J0UuJZDuaGbPbamzZ7bawyGFUkodL+zcE+jvQ==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.1.tgz", + "integrity": "sha512-ieMID0JRZY/ZeCrsFQ3Y3NlHNCqIhTprJfDgSB3/lv5jJZ8FX3hqPyXWhe+gvS5ARMBJ242PM+VNz/ctNj//eA==", "cpu": [ "arm" ], @@ -215,9 +215,9 @@ } }, "node_modules/@esbuild/linux-arm64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.0.tgz", - "integrity": "sha512-AS18v0V+vZiLJyi/4LphvBE+OIX682Pu7ZYNsdUHyUKSoRwdnOsMf6FDekwoAFKej14WAkOef3zAORJgAtXnlQ==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.1.tgz", + "integrity": "sha512-W9//kCrh/6in9rWIBdKaMtuTTzNj6jSeG/haWBADqLLa9P8O5YSRDzgD5y9QBok4AYlzS6ARHifAb75V6G670Q==", "cpu": [ "arm64" ], @@ -232,9 +232,9 @@ } }, "node_modules/@esbuild/linux-ia32": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.0.tgz", - "integrity": "sha512-Mz1jxqm/kfgKkc/KLHC5qIujMvnnarD9ra1cEcrs7qshTUSksPihGrWHVG5+osAIQ68577Zpww7SGapmzSt4Nw==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.1.tgz", + "integrity": "sha512-VIUV4z8GD8rtSVMfAj1aXFahsi/+tcoXXNYmXgzISL+KB381vbSTNdeZHHHIYqFyXcoEhu9n5cT+05tRv13rlw==", "cpu": [ "ia32" ], @@ -249,9 +249,9 @@ } }, "node_modules/@esbuild/linux-loong64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.0.tgz", - "integrity": "sha512-QbEREjdJeIreIAbdG2hLU1yXm1uu+LTdzoq1KCo4G4pFOLlvIspBm36QrQOar9LFduavoWX2msNFAAAY9j4BDg==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.1.tgz", + "integrity": "sha512-l4rfiiJRN7sTNI//ff65zJ9z8U+k6zcCg0LALU5iEWzY+a1mVZ8iWC1k5EsNKThZ7XCQ6YWtsZ8EWYm7r1UEsg==", "cpu": [ "loong64" ], @@ -266,9 +266,9 @@ } }, "node_modules/@esbuild/linux-mips64el": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.0.tgz", - "integrity": "sha512-sJz3zRNe4tO2wxvDpH/HYJilb6+2YJxo/ZNbVdtFiKDufzWq4JmKAiHy9iGoLjAV7r/W32VgaHGkk35cUXlNOg==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.1.tgz", + "integrity": "sha512-U0bEuAOLvO/DWFdygTHWY8C067FXz+UbzKgxYhXC0fDieFa0kDIra1FAhsAARRJbvEyso8aAqvPdNxzWuStBnA==", "cpu": [ "mips64el" ], @@ -283,9 +283,9 @@ } }, "node_modules/@esbuild/linux-ppc64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.0.tgz", - "integrity": "sha512-z9N10FBD0DCS2dmSABDBb5TLAyF1/ydVb+N4pi88T45efQ/w4ohr/F/QYCkxDPnkhkp6AIpIcQKQ8F0ANoA2JA==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.1.tgz", + "integrity": "sha512-NzdQ/Xwu6vPSf/GkdmRNsOfIeSGnh7muundsWItmBsVpMoNPVpM61qNzAVY3pZ1glzzAxLR40UyYM23eaDDbYQ==", "cpu": [ "ppc64" ], @@ -300,9 +300,9 @@ } }, "node_modules/@esbuild/linux-riscv64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.0.tgz", - "integrity": "sha512-pQdyAIZ0BWIC5GyvVFn5awDiO14TkT/19FTmFcPdDec94KJ1uZcmFs21Fo8auMXzD4Tt+diXu1LW1gHus9fhFQ==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.1.tgz", + "integrity": "sha512-7zlw8p3IApcsN7mFw0O1Z1PyEk6PlKMu18roImfl3iQHTnr/yAfYv6s4hXPidbDoI2Q0pW+5xeoM4eTCC0UdrQ==", "cpu": [ "riscv64" ], @@ -317,9 +317,9 @@ } }, "node_modules/@esbuild/linux-s390x": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.0.tgz", - "integrity": "sha512-hPlRWR4eIDDEci953RI1BLZitgi5uqcsjKMxwYfmi4LcwyWo2IcRP+lThVnKjNtk90pLS8nKdroXYOqW+QQH+w==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.1.tgz", + "integrity": "sha512-cGj5wli+G+nkVQdZo3+7FDKC25Uh4ZVwOAK6A06Hsvgr8WqBBuOy/1s+PUEd/6Je+vjfm6stX0kmib5b/O2Ykw==", "cpu": [ "s390x" ], @@ -334,9 +334,9 @@ } }, "node_modules/@esbuild/linux-x64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.0.tgz", - "integrity": "sha512-1hBWx4OUJE2cab++aVZ7pObD6s+DK4mPGpemtnAORBvb5l/g5xFGk0vc0PjSkrDs0XaXj9yyob3d14XqvnQ4gw==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.1.tgz", + "integrity": "sha512-z3H/HYI9MM0HTv3hQZ81f+AKb+yEoCRlUby1F80vbQ5XdzEMyY/9iNlAmhqiBKw4MJXwfgsh7ERGEOhrM1niMA==", "cpu": [ "x64" ], @@ -351,9 +351,9 @@ } }, "node_modules/@esbuild/netbsd-arm64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.0.tgz", - "integrity": "sha512-6m0sfQfxfQfy1qRuecMkJlf1cIzTOgyaeXaiVaaki8/v+WB+U4hc6ik15ZW6TAllRlg/WuQXxWj1jx6C+dfy3w==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.1.tgz", + "integrity": "sha512-wzC24DxAvk8Em01YmVXyjl96Mr+ecTPyOuADAvjGg+fyBpGmxmcr2E5ttf7Im8D0sXZihpxzO1isus8MdjMCXQ==", "cpu": [ "arm64" ], @@ -368,9 +368,9 @@ } }, "node_modules/@esbuild/netbsd-x64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.0.tgz", - "integrity": "sha512-xbbOdfn06FtcJ9d0ShxxvSn2iUsGd/lgPIO2V3VZIPDbEaIj1/3nBBe1AwuEZKXVXkMmpr6LUAgMkLD/4D2PPA==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.1.tgz", + "integrity": "sha512-1YQ8ybGi2yIXswu6eNzJsrYIGFpnlzEWRl6iR5gMgmsrR0FcNoV1m9k9sc3PuP5rUBLshOZylc9nqSgymI+TYg==", "cpu": [ "x64" ], @@ -385,9 +385,9 @@ } }, "node_modules/@esbuild/openbsd-arm64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.0.tgz", - "integrity": "sha512-fWgqR8uNbCQ/GGv0yhzttj6sU/9Z5/Sv/VGU3F5OuXK6J6SlriONKrQ7tNlwBrJZXRYk5jUhuWvF7GYzGguBZQ==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.1.tgz", + "integrity": "sha512-5Z+DzLCrq5wmU7RDaMDe2DVXMRm2tTDvX2KU14JJVBN2CT/qov7XVix85QoJqHltpvAOZUAc3ndU56HSMWrv8g==", "cpu": [ "arm64" ], @@ -402,9 +402,9 @@ } }, "node_modules/@esbuild/openbsd-x64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.0.tgz", - "integrity": "sha512-aCwlRdSNMNxkGGqQajMUza6uXzR/U0dIl1QmLjPtRbLOx3Gy3otfFu/VjATy4yQzo9yFDGTxYDo1FfAD9oRD2A==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.1.tgz", + "integrity": "sha512-Q73ENzIdPF5jap4wqLtsfh8YbYSZ8Q0wnxplOlZUOyZy7B4ZKW8DXGWgTCZmF8VWD7Tciwv5F4NsRf6vYlZtqg==", "cpu": [ "x64" ], @@ -419,9 +419,9 @@ } }, "node_modules/@esbuild/openharmony-arm64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.0.tgz", - "integrity": "sha512-nyvsBccxNAsNYz2jVFYwEGuRRomqZ149A39SHWk4hV0jWxKM0hjBPm3AmdxcbHiFLbBSwG6SbpIcUbXjgyECfA==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.1.tgz", + "integrity": "sha512-ajbHrGM/XiK+sXM0JzEbJAen+0E+JMQZ2l4RR4VFwvV9JEERx+oxtgkpoKv1SevhjavK2z2ReHk32pjzktWbGg==", "cpu": [ "arm64" ], @@ -436,9 +436,9 @@ } }, "node_modules/@esbuild/sunos-x64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.0.tgz", - "integrity": "sha512-Q1KY1iJafM+UX6CFEL+F4HRTgygmEW568YMqDA5UV97AuZSm21b7SXIrRJDwXWPzr8MGr75fUZPV67FdtMHlHA==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.1.tgz", + "integrity": "sha512-IPUW+y4VIjuDVn+OMzHc5FV4GubIwPnsz6ubkvN8cuhEqH81NovB53IUlrlBkPMEPxvNnf79MGBoz8rZ2iW8HA==", "cpu": [ "x64" ], @@ -453,9 +453,9 @@ } }, "node_modules/@esbuild/win32-arm64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.0.tgz", - "integrity": "sha512-W1eyGNi6d+8kOmZIwi/EDjrL9nxQIQ0MiGqe/AWc6+IaHloxHSGoeRgDRKHFISThLmsewZ5nHFvGFWdBYlgKPg==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.1.tgz", + "integrity": "sha512-RIVRWiljWA6CdVu8zkWcRmGP7iRRIIwvhDKem8UMBjPql2TXM5PkDVvvrzMtj1V+WFPB4K7zkIGM7VzRtFkjdg==", "cpu": [ "arm64" ], @@ -470,9 +470,9 @@ } }, "node_modules/@esbuild/win32-ia32": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.0.tgz", - "integrity": "sha512-30z1aKL9h22kQhilnYkORFYt+3wp7yZsHWus+wSKAJR8JtdfI76LJ4SBdMsCopTR3z/ORqVu5L1vtnHZWVj4cQ==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.1.tgz", + "integrity": "sha512-2BR5M8CPbptC1AK5JbJT1fWrHLvejwZidKx3UMSF0ecHMa+smhi16drIrCEggkgviBwLYd5nwrFLSl5Kho96RQ==", "cpu": [ "ia32" ], @@ -487,9 +487,9 @@ } }, "node_modules/@esbuild/win32-x64": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.0.tgz", - "integrity": "sha512-aIitBcjQeyOhMTImhLZmtxfdOcuNRpwlPNmlFKPcHQYPhEssw75Cl1TSXJXpMkzaua9FUetx/4OQKq7eJul5Cg==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.1.tgz", + "integrity": "sha512-d5X6RMYv6taIymSk8JBP+nxv8DQAMY6A51GPgusqLdK9wBz5wWIXy1KjTck6HnjE9hqJzJRdk+1p/t5soSbCtw==", "cpu": [ "x64" ], @@ -1156,9 +1156,9 @@ } }, "node_modules/esbuild": { - "version": "0.27.0", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.0.tgz", - "integrity": "sha512-jd0f4NHbD6cALCyGElNpGAOtWxSq46l9X/sWB0Nzd5er4Kz2YTm+Vl0qKFT9KUJvD8+fiO8AvoHhFvEatfVixA==", + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.1.tgz", + "integrity": "sha512-yY35KZckJJuVVPXpvjgxiCuVEJT67F6zDeVTv4rizyPrfGBUpZQsvmxnN+C371c2esD/hNMjj4tpBhuueLN7aA==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -1169,32 +1169,32 @@ "node": ">=18" }, "optionalDependencies": { - "@esbuild/aix-ppc64": "0.27.0", - "@esbuild/android-arm": "0.27.0", - "@esbuild/android-arm64": "0.27.0", - "@esbuild/android-x64": "0.27.0", - "@esbuild/darwin-arm64": "0.27.0", - "@esbuild/darwin-x64": "0.27.0", - "@esbuild/freebsd-arm64": "0.27.0", - "@esbuild/freebsd-x64": "0.27.0", - "@esbuild/linux-arm": "0.27.0", - "@esbuild/linux-arm64": "0.27.0", - "@esbuild/linux-ia32": "0.27.0", - "@esbuild/linux-loong64": "0.27.0", - "@esbuild/linux-mips64el": "0.27.0", - "@esbuild/linux-ppc64": "0.27.0", - "@esbuild/linux-riscv64": "0.27.0", - "@esbuild/linux-s390x": "0.27.0", - "@esbuild/linux-x64": "0.27.0", - "@esbuild/netbsd-arm64": "0.27.0", - "@esbuild/netbsd-x64": "0.27.0", - "@esbuild/openbsd-arm64": "0.27.0", - "@esbuild/openbsd-x64": "0.27.0", - "@esbuild/openharmony-arm64": "0.27.0", - "@esbuild/sunos-x64": "0.27.0", - "@esbuild/win32-arm64": "0.27.0", - "@esbuild/win32-ia32": "0.27.0", - "@esbuild/win32-x64": "0.27.0" + "@esbuild/aix-ppc64": "0.27.1", + "@esbuild/android-arm": "0.27.1", + "@esbuild/android-arm64": "0.27.1", + "@esbuild/android-x64": "0.27.1", + "@esbuild/darwin-arm64": "0.27.1", + "@esbuild/darwin-x64": "0.27.1", + "@esbuild/freebsd-arm64": "0.27.1", + "@esbuild/freebsd-x64": "0.27.1", + "@esbuild/linux-arm": "0.27.1", + "@esbuild/linux-arm64": "0.27.1", + "@esbuild/linux-ia32": "0.27.1", + "@esbuild/linux-loong64": "0.27.1", + "@esbuild/linux-mips64el": "0.27.1", + "@esbuild/linux-ppc64": "0.27.1", + "@esbuild/linux-riscv64": "0.27.1", + "@esbuild/linux-s390x": "0.27.1", + "@esbuild/linux-x64": "0.27.1", + "@esbuild/netbsd-arm64": "0.27.1", + "@esbuild/netbsd-x64": "0.27.1", + "@esbuild/openbsd-arm64": "0.27.1", + "@esbuild/openbsd-x64": "0.27.1", + "@esbuild/openharmony-arm64": "0.27.1", + "@esbuild/sunos-x64": "0.27.1", + "@esbuild/win32-arm64": "0.27.1", + "@esbuild/win32-ia32": "0.27.1", + "@esbuild/win32-x64": "0.27.1" } }, "node_modules/escalade": { @@ -2339,9 +2339,9 @@ } }, "node_modules/preact": { - "version": "10.27.2", - "resolved": "https://registry.npmjs.org/preact/-/preact-10.27.2.tgz", - "integrity": "sha512-5SYSgFKSyhCbk6SrXyMpqjb5+MQBgfvEKE/OC+PujcY34sOpqtr+0AZQtPYx5IA6VxynQ7rUPCtKzyovpj9Bpg==", + "version": "10.28.0", + "resolved": "https://registry.npmjs.org/preact/-/preact-10.28.0.tgz", + "integrity": "sha512-rytDAoiXr3+t6OIP3WGlDd0ouCUG1iCWzkcY3++Nreuoi17y6T5i/zRhe6uYfoVcxq6YU+sBtJouuRDsq8vvqA==", "license": "MIT", "funding": { "type": "opencollective", diff --git a/package.json b/package.json index 3ff8b5fb..e85027eb 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "devDependencies": { "cssnano": "^7.1.2", "cssnano-preset-advanced": "^7.0.10", - "esbuild": "^0.27.0", + "esbuild": "^0.27.1", "playwright": "^1.52.0", "postcss-cli": "^11.0.1", "postcss-import": "^16.1.1", @@ -29,6 +29,6 @@ }, "dependencies": { "@aws-crypto/sha256-js": "^5.2.0", - "preact": "^10.27.2" + "preact": "^10.28.0" } } \ No newline at end of file From 5c97d693c1bdc3eb7592937c8b96f2ed0b83fbba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 02:34:45 +0000 Subject: [PATCH 02/24] build(deps): bump the github-actions group across 1 directory with 4 updates (#1340) Co-authored-by: Jason Cameron --- .github/workflows/asset-verification.yml | 4 ++-- .github/workflows/docker-pr.yml | 6 +++--- .github/workflows/docker.yml | 6 +++--- .github/workflows/docs-deploy.yml | 8 ++++---- .github/workflows/docs-test.yml | 4 ++-- .github/workflows/go-mod-tidy-check.yml | 2 +- .github/workflows/go.yml | 4 ++-- .github/workflows/package-builds-stable.yml | 4 ++-- .github/workflows/package-builds-unstable.yml | 4 ++-- .github/workflows/smoke-tests.yml | 4 ++-- .github/workflows/ssh-ci-runner-cron.yml | 2 +- .github/workflows/ssh-ci.yml | 2 +- .github/workflows/zizmor.yml | 2 +- 13 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.github/workflows/asset-verification.yml b/.github/workflows/asset-verification.yml index f7fe27ca..86938f39 100644 --- a/.github/workflows/asset-verification.yml +++ b/.github/workflows/asset-verification.yml @@ -13,7 +13,7 @@ jobs: asset_verification: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -22,7 +22,7 @@ jobs: sudo apt-get update sudo apt-get install -y build-essential - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: '24.11.0' - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml index 78faa8bc..0281ba07 100644 --- a/.github/workflows/docker-pr.yml +++ b/.github/workflows/docker-pr.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-tags: true fetch-depth: 0 @@ -26,7 +26,7 @@ jobs: sudo apt-get update sudo apt-get install -y build-essential - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: '24.11.0' - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 @@ -37,7 +37,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ghcr.io/${{ github.repository }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bb3035b4..3d5abfe0 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-tags: true fetch-depth: 0 @@ -36,7 +36,7 @@ jobs: run: | echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: '24.11.0' - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 @@ -54,7 +54,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.IMAGE }} diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index 66d511e2..30b5d3f4 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -33,7 +33,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ghcr.io/techarohq/anubis/docs tags: | @@ -53,14 +53,14 @@ jobs: push: true - name: Apply k8s manifests to limsa lominsa - uses: actions-hub/kubectl@1d2c1e96fe0ae23b0c95ee8240ae151b1e638c23 # v1.34.2 + uses: actions-hub/kubectl@2639090a038d46a3b9b98b220ae0837676ded8b7 # v1.34.3 env: KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} with: args: apply -k docs/manifest - name: Apply k8s manifests to limsa lominsa - uses: actions-hub/kubectl@1d2c1e96fe0ae23b0c95ee8240ae151b1e638c23 # v1.34.2 + uses: actions-hub/kubectl@2639090a038d46a3b9b98b220ae0837676ded8b7 # v1.34.3 env: KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} with: diff --git a/.github/workflows/docs-test.yml b/.github/workflows/docs-test.yml index d1b627b9..543f25b8 100644 --- a/.github/workflows/docs-test.yml +++ b/.github/workflows/docs-test.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -22,7 +22,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ghcr.io/techarohq/anubis/docs tags: | diff --git a/.github/workflows/go-mod-tidy-check.yml b/.github/workflows/go-mod-tidy-check.yml index cdd3572b..0d8a96d0 100644 --- a/.github/workflows/go-mod-tidy-check.yml +++ b/.github/workflows/go-mod-tidy-check.yml @@ -13,7 +13,7 @@ jobs: go_mod_tidy_check: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 491407d3..ec94a4dd 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -15,7 +15,7 @@ jobs: #runs-on: alrest-techarohq runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -24,7 +24,7 @@ jobs: sudo apt-get update sudo apt-get install -y build-essential - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: '24.11.0' - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 diff --git a/.github/workflows/package-builds-stable.yml b/.github/workflows/package-builds-stable.yml index 608b0bd2..0bbe3246 100644 --- a/.github/workflows/package-builds-stable.yml +++ b/.github/workflows/package-builds-stable.yml @@ -14,7 +14,7 @@ jobs: #runs-on: alrest-techarohq runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false fetch-tags: true @@ -25,7 +25,7 @@ jobs: sudo apt-get update sudo apt-get install -y build-essential - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: '24.11.0' - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 diff --git a/.github/workflows/package-builds-unstable.yml b/.github/workflows/package-builds-unstable.yml index e2bed937..567bbf10 100644 --- a/.github/workflows/package-builds-unstable.yml +++ b/.github/workflows/package-builds-unstable.yml @@ -15,7 +15,7 @@ jobs: #runs-on: alrest-techarohq runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false fetch-tags: true @@ -26,7 +26,7 @@ jobs: sudo apt-get update sudo apt-get install -y build-essential - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: '24.11.0' - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index c799f33e..b9b0ddab 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -29,11 +29,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: '24.11.0' - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 diff --git a/.github/workflows/ssh-ci-runner-cron.yml b/.github/workflows/ssh-ci-runner-cron.yml index 45d7dc97..47584b59 100644 --- a/.github/workflows/ssh-ci-runner-cron.yml +++ b/.github/workflows/ssh-ci-runner-cron.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-tags: true fetch-depth: 0 diff --git a/.github/workflows/ssh-ci.yml b/.github/workflows/ssh-ci.yml index 3f6ccdb8..62b9a139 100644 --- a/.github/workflows/ssh-ci.yml +++ b/.github/workflows/ssh-ci.yml @@ -22,7 +22,7 @@ jobs: - aarch64-16k steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-tags: true fetch-depth: 0 diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index d07a04b9..d2dfb481 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -16,7 +16,7 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false From cb9114535205ec72f2667ef0c3c765d6d28f0d1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 02:43:18 +0000 Subject: [PATCH 03/24] build(deps): bump the gomod group across 1 directory with 6 updates (#1341) Co-authored-by: Jason Cameron --- go.mod | 76 +++++++++++++------------- go.sum | 152 ++++++++++++++++++++++++++-------------------------- test/go.mod | 60 ++++++++++----------- test/go.sum | 136 +++++++++++++++++++++++----------------------- 4 files changed, 212 insertions(+), 212 deletions(-) diff --git a/go.mod b/go.mod index 8f827a9b..28f60c69 100644 --- a/go.mod +++ b/go.mod @@ -5,9 +5,9 @@ go 1.24.2 require ( github.com/TecharoHQ/thoth-proto v0.5.0 github.com/a-h/templ v0.3.960 - github.com/aws/aws-sdk-go-v2 v1.40.0 - github.com/aws/aws-sdk-go-v2/config v1.32.1 - github.com/aws/aws-sdk-go-v2/service/s3 v1.92.0 + github.com/aws/aws-sdk-go-v2 v1.41.0 + github.com/aws/aws-sdk-go-v2/config v1.32.5 + github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2 github.com/cespare/xxhash/v2 v2.3.0 github.com/facebookgo/flagenv v0.0.0-20160425205200-fcd59fca7456 github.com/fahedouch/go-logrotate v0.3.0 @@ -22,22 +22,22 @@ require ( github.com/nicksnyder/go-i18n/v2 v2.6.0 github.com/playwright-community/playwright-go v0.5200.1 github.com/prometheus/client_golang v1.23.2 - github.com/redis/go-redis/v9 v9.17.0 + github.com/redis/go-redis/v9 v9.17.2 github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a - github.com/shirou/gopsutil/v4 v4.25.10 + github.com/shirou/gopsutil/v4 v4.25.11 github.com/testcontainers/testcontainers-go v0.40.0 go.etcd.io/bbolt v1.4.3 - golang.org/x/net v0.47.0 - golang.org/x/text v0.31.0 + golang.org/x/net v0.48.0 + golang.org/x/text v0.32.0 google.golang.org/grpc v1.77.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/apimachinery v0.34.2 + k8s.io/apimachinery v0.34.3 sigs.k8s.io/yaml v1.6.0 ) require ( al.essio.dev/pkg/shellescape v1.6.0 // indirect - buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1 // indirect + buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1 // indirect cel.dev/expr v0.25.1 // indirect dario.cat/mergo v1.0.2 // indirect github.com/AlekSi/pointer v1.2.0 // indirect @@ -53,22 +53,22 @@ require ( github.com/a-h/parse v0.0.0-20250122154542-74294addb73e // indirect github.com/andybalholm/brotli v1.2.0 // indirect github.com/antlr4-go/antlr/v4 v4.13.1 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.19.1 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.19.5 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14 // indirect - github.com/aws/aws-sdk-go-v2/service/signin v1.0.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.30.4 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.41.1 // indirect - github.com/aws/smithy-go v1.23.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 // indirect + github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 // indirect + github.com/aws/smithy-go v1.24.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect github.com/cavaliergopher/cpio v1.0.1 // indirect @@ -150,7 +150,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/common v0.67.2 // indirect + github.com/prometheus/common v0.67.4 // indirect github.com/prometheus/procfs v0.19.2 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.4.0 // indirect @@ -164,8 +164,8 @@ require ( github.com/suzuki-shunsuke/logrus-error v0.1.4 // indirect github.com/suzuki-shunsuke/pinact v1.6.0 // indirect github.com/suzuki-shunsuke/urfave-cli-help-all v0.0.4 // indirect - github.com/tklauser/go-sysconf v0.3.15 // indirect - github.com/tklauser/numcpus v0.10.0 // indirect + github.com/tklauser/go-sysconf v0.3.16 // indirect + github.com/tklauser/numcpus v0.11.0 // indirect github.com/ulikunitz/xz v0.5.14 // indirect github.com/urfave/cli/v2 v2.27.7 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect @@ -181,20 +181,20 @@ require ( go.opentelemetry.io/proto/otlp v1.7.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.44.0 // indirect - golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6 // indirect + golang.org/x/crypto v0.46.0 // indirect + golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 // indirect golang.org/x/exp/typeparams v0.0.0-20250718183923-645b1fa84792 // indirect - golang.org/x/mod v0.30.0 // indirect + golang.org/x/mod v0.31.0 // indirect golang.org/x/oauth2 v0.32.0 // indirect - golang.org/x/sync v0.18.0 // indirect - golang.org/x/sys v0.38.0 // indirect - golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 // indirect - golang.org/x/term v0.37.0 // indirect - golang.org/x/tools v0.39.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc // indirect + golang.org/x/term v0.38.0 // indirect + golang.org/x/tools v0.40.0 // indirect golang.org/x/vuln v1.1.4 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba // indirect - google.golang.org/protobuf v1.36.10 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect honnef.co/go/tools v0.6.1 // indirect mvdan.cc/sh/v3 v3.12.0 // indirect diff --git a/go.sum b/go.sum index 3be53663..ea8e6f91 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ al.essio.dev/pkg/shellescape v1.6.0 h1:NxFcEqzFSEVCGN2yq7Huv/9hyCEGVa/TncnOOBBeXHA= al.essio.dev/pkg/shellescape v1.6.0/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890= -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1 h1:31on4W/yPcV4nZHL4+UCiCvLPsMqe/vJcNg8Rci0scc= -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1/go.mod h1:fUl8CEN/6ZAMk6bP8ahBJPUJw7rbp+j4x+wCcYi2IG4= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1 h1:j9yeqTWEFrtimt8Nng2MIeRrpoCvQzM9/g25XTvqUGg= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1/go.mod h1:tvtbpgaVXZX4g6Pn+AnzFycuRK3MOz5HJfEGeEllXYM= cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4= cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= @@ -51,44 +51,44 @@ github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYW github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aws/aws-sdk-go-v2 v1.40.0 h1:/WMUA0kjhZExjOQN2z3oLALDREea1A7TobfuiBrKlwc= -github.com/aws/aws-sdk-go-v2 v1.40.0/go.mod h1:c9pm7VwuW0UPxAEYGyTmyurVcNrbF6Rt/wixFqDhcjE= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 h1:DHctwEM8P8iTXFxC/QK0MRjwEpWQeM9yzidCRjldUz0= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3/go.mod h1:xdCzcZEtnSTKVDOmUZs4l/j3pSV6rpo1WXl5ugNsL8Y= -github.com/aws/aws-sdk-go-v2/config v1.32.1 h1:iODUDLgk3q8/flEC7ymhmxjfoAnBDwEEYEVyKZ9mzjU= -github.com/aws/aws-sdk-go-v2/config v1.32.1/go.mod h1:xoAgo17AGrPpJBSLg81W+ikM0cpOZG8ad04T2r+d5P0= -github.com/aws/aws-sdk-go-v2/credentials v1.19.1 h1:JeW+EwmtTE0yXFK8SmklrFh/cGTTXsQJumgMZNlbxfM= -github.com/aws/aws-sdk-go-v2/credentials v1.19.1/go.mod h1:BOoXiStwTF+fT2XufhO0Efssbi1CNIO/ZXpZu87N0pw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 h1:WZVR5DbDgxzA0BJeudId89Kmgy6DIU4ORpxwsVHz0qA= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14/go.mod h1:Dadl9QO0kHgbrH1GRqGiZdYtW5w+IXXaBNCHTIaheM4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 h1:PZHqQACxYb8mYgms4RZbhZG0a7dPW06xOjmaH0EJC/I= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14/go.mod h1:VymhrMJUWs69D8u0/lZ7jSB6WgaG/NqHi3gX0aYf6U0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 h1:bOS19y6zlJwagBfHxs0ESzr1XCOU2KXJCWcq3E2vfjY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14/go.mod h1:1ipeGBMAxZ0xcTm6y6paC2C/J6f6OO7LBODV9afuAyM= +github.com/aws/aws-sdk-go-v2 v1.41.0 h1:tNvqh1s+v0vFYdA1xq0aOJH+Y5cRyZ5upu6roPgPKd4= +github.com/aws/aws-sdk-go-v2 v1.41.0/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 h1:489krEF9xIGkOaaX3CE/Be2uWjiXrkCH6gUX+bZA/BU= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4/go.mod h1:IOAPF6oT9KCsceNTvvYMNHy0+kMF8akOjeDvPENWxp4= +github.com/aws/aws-sdk-go-v2/config v1.32.5 h1:pz3duhAfUgnxbtVhIK39PGF/AHYyrzGEyRD9Og0QrE8= +github.com/aws/aws-sdk-go-v2/config v1.32.5/go.mod h1:xmDjzSUs/d0BB7ClzYPAZMmgQdrodNjPPhd6bGASwoE= +github.com/aws/aws-sdk-go-v2/credentials v1.19.5 h1:xMo63RlqP3ZZydpJDMBsH9uJ10hgHYfQFIk1cHDXrR4= +github.com/aws/aws-sdk-go-v2/credentials v1.19.5/go.mod h1:hhbH6oRcou+LpXfA/0vPElh/e0M3aFeOblE1sssAAEk= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 h1:80+uETIWS1BqjnN9uJ0dBUaETh+P1XwFy5vwHwK5r9k= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16/go.mod h1:wOOsYuxYuB/7FlnVtzeBYRcjSRtQpAW0hCP7tIULMwo= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 h1:rgGwPzb82iBYSvHMHXc8h9mRoOUBZIGFgKb9qniaZZc= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16/go.mod h1:L/UxsGeKpGoIj6DxfhOWHWQ/kGKcd4I1VncE4++IyKA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 h1:1jtGzuV7c82xnqOVfx2F0xmJcOw5374L7N6juGW6x6U= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16/go.mod h1:M2E5OQf+XLe+SZGmmpaI2yy+J326aFf6/+54PoxSANc= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 h1:ITi7qiDSv/mSGDSWNpZ4k4Ve0DQR6Ug2SJQ8zEHoDXg= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14/go.mod h1:k1xtME53H1b6YpZt74YmwlONMWf4ecM+lut1WQLAF/U= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 h1:x2Ibm/Af8Fi+BH+Hsn9TXGdT+hKbDd5XOTZxTMxDk7o= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3/go.mod h1:IW1jwyrQgMdhisceG8fQLmQIydcT/jWY21rFhzgaKwo= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 h1:Hjkh7kE6D81PgrHlE/m9gx+4TyyeLHuY8xJs7yXN5C4= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5/go.mod h1:nPRXgyCfAurhyaTMoBMwRBYBhaHI4lNPAnJmjM0Tslc= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 h1:FIouAnCE46kyYqyhs0XEBDFFSREtdnr8HQuLPQPLCrY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14/go.mod h1:UTwDc5COa5+guonQU8qBikJo1ZJ4ln2r1MkF7Dqag1E= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14 h1:FzQE21lNtUor0Fb7QNgnEyiRCBlolLTX/Z1j65S7teM= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14/go.mod h1:s1ydyWG9pm3ZwmmYN21HKyG9WzAZhYVW85wMHs5FV6w= -github.com/aws/aws-sdk-go-v2/service/s3 v1.92.0 h1:8FshVvnV2sr9kOSAbOnc/vwVmmAwMjOedKH6JW2ddPM= -github.com/aws/aws-sdk-go-v2/service/s3 v1.92.0/go.mod h1:wYNqY3L02Z3IgRYxOBPH9I1zD9Cjh9hI5QOy/eOjQvw= -github.com/aws/aws-sdk-go-v2/service/signin v1.0.1 h1:BDgIUYGEo5TkayOWv/oBLPphWwNm/A91AebUjAu5L5g= -github.com/aws/aws-sdk-go-v2/service/signin v1.0.1/go.mod h1:iS6EPmNeqCsGo+xQmXv0jIMjyYtQfnwg36zl2FwEouk= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.4 h1:U//SlnkE1wOQiIImxzdY5PXat4Wq+8rlfVEw4Y7J8as= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.4/go.mod h1:av+ArJpoYf3pgyrj6tcehSFW+y9/QvAY8kMooR9bZCw= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.9 h1:LU8S9W/mPDAU9q0FjCLi0TrCheLMGwzbRpvUMwYspcA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.9/go.mod h1:/j67Z5XBVDx8nZVp9EuFM9/BS5dvBznbqILGuu73hug= -github.com/aws/aws-sdk-go-v2/service/sts v1.41.1 h1:GdGmKtG+/Krag7VfyOXV17xjTCz0i9NT+JnqLTOI5nA= -github.com/aws/aws-sdk-go-v2/service/sts v1.41.1/go.mod h1:6TxbXoDSgBQ225Qd8Q+MbxUxUh6TtNKwbRt/EPS9xso= -github.com/aws/smithy-go v1.23.2 h1:Crv0eatJUQhaManss33hS5r40CG3ZFH+21XSkqMrIUM= -github.com/aws/smithy-go v1.23.2/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16 h1:CjMzUs78RDDv4ROu3JnJn/Ig1r6ZD7/T2DXLLRpejic= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16/go.mod h1:uVW4OLBqbJXSHJYA9svT9BluSvvwbzLQ2Crf6UPzR3c= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 h1:DIBqIrJ7hv+e4CmIk2z3pyKT+3B6qVMgRsawHiR3qso= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7/go.mod h1:vLm00xmBke75UmpNvOcZQ/Q30ZFjbczeLFqGx5urmGo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 h1:oHjJHeUy0ImIV0bsrX0X91GkV5nJAyv1l1CC9lnO0TI= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16/go.mod h1:iRSNGgOYmiYwSCXxXaKb9HfOEj40+oTKn8pTxMlYkRM= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 h1:NSbvS17MlI2lurYgXnCOLvCFX38sBW4eiVER7+kkgsU= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16/go.mod h1:SwT8Tmqd4sA6G1qaGdzWCJN99bUmPGHfRwwq3G5Qb+A= +github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2 h1:U3ygWUhCpiSPYSHOrRhb3gOl9T5Y3kB8k5Vjs//57bE= +github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2/go.mod h1:79S2BdqCJpScXZA2y+cpZuocWsjGjJINyXnOsf5DTz8= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 h1:HpI7aMmJ+mm1wkSHIA2t5EaFFv5EFYXePW30p1EIrbQ= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.4/go.mod h1:C5RdGMYGlfM0gYq/tifqgn4EbyX99V15P2V3R+VHbQU= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 h1:eYnlt6QxnFINKzwxP5/Ucs1vkG7VT3Iezmvfgc2waUw= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.7/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 h1:AHDr0DaHIAo8c9t1emrzAlVDFp+iMMKnPdYy6XO4MCE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12/go.mod h1:GQ73XawFFiWxyWXMHWfhiomvP3tXtdNar/fi8z18sx0= +github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 h1:SciGFVNZ4mHdm7gpD1dgZYnCuVdX1s+lFTg4+4DOy70= +github.com/aws/aws-sdk-go-v2/service/sts v1.41.5/go.mod h1:iW40X4QBmUxdP+fZNOpfmkdMZqsovezbAeO+Ubiv2pk= +github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk= +github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb h1:m935MPodAbYS46DG4pJSv7WO+VECIWUQ7OJYSoTrMh4= @@ -341,12 +341,12 @@ github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.67.2 h1:PcBAckGFTIHt2+L3I33uNRTlKTplNzFctXcWhPyAEN8= -github.com/prometheus/common v0.67.2/go.mod h1:63W3KZb1JOKgcjlIr64WW/LvFGAqKPj0atm+knVGEko= +github.com/prometheus/common v0.67.4 h1:yR3NqWO1/UyO1w2PhUvXlGQs/PtFmoveVO0KZ4+Lvsc= +github.com/prometheus/common v0.67.4/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI= github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= -github.com/redis/go-redis/v9 v9.17.0 h1:K6E+ZlYN95KSMmZeEQPbU/c++wfmEvfFB17yEAq/VhM= -github.com/redis/go-redis/v9 v9.17.0/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370= +github.com/redis/go-redis/v9 v9.17.2 h1:P2EGsA4qVIM3Pp+aPocCJ7DguDHhqrXNhVcEp4ViluI= +github.com/redis/go-redis/v9 v9.17.2/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= @@ -357,8 +357,8 @@ github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a h1:iLcLb5Fwwz7g/DLK89F+ github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a/go.mod h1:wozgYq9WEBQBaIJe4YZ0qTSFAMxmcwBhQH0fO0R34Z0= github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= -github.com/shirou/gopsutil/v4 v4.25.10 h1:at8lk/5T1OgtuCp+AwrDofFRjnvosn0nkN2OLQ6g8tA= -github.com/shirou/gopsutil/v4 v4.25.10/go.mod h1:+kSwyC8DRUD9XXEHCAFjK+0nuArFJM0lva+StQAcskM= +github.com/shirou/gopsutil/v4 v4.25.11 h1:X53gB7muL9Gnwwo2evPSE+SfOrltMoR6V3xJAXZILTY= +github.com/shirou/gopsutil/v4 v4.25.11/go.mod h1:EivAfP5x2EhLp2ovdpKSozecVXn1TmuG7SMzs/Wh4PU= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= @@ -397,10 +397,10 @@ github.com/suzuki-shunsuke/urfave-cli-help-all v0.0.4 h1:YGHgrVjGTYHY98II6zijXUH github.com/suzuki-shunsuke/urfave-cli-help-all v0.0.4/go.mod h1:sSi6xaUaHfaqu32ECLeyE7NTMv+ZM5dW0JikhllaalY= github.com/testcontainers/testcontainers-go v0.40.0 h1:pSdJYLOVgLE8YdUY2FHQ1Fxu+aMnb6JfVz1mxk7OeMU= github.com/testcontainers/testcontainers-go v0.40.0/go.mod h1:FSXV5KQtX2HAMlm7U3APNyLkkap35zNLxukw9oBi/MY= -github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4= -github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4= -github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso= -github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ= +github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA= +github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI= +github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw= +github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ= github.com/ulikunitz/xz v0.5.14 h1:uv/0Bq533iFdnMHZdRBTOlaNMdb1+ZxXIlHDZHIHcvg= github.com/ulikunitz/xz v0.5.14/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU= @@ -450,31 +450,31 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU= -golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc= -golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6 h1:zfMcR1Cs4KNuomFFgGefv5N0czO2XZpUbxGUy8i8ug0= -golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6/go.mod h1:46edojNIoXTNOhySWIWdix628clX9ODXwPsQuG6hsK0= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= +golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 h1:MDfG8Cvcqlt9XXrmEiD4epKn7VJHZO84hejP9Jmp0MM= +golang.org/x/exp v0.0.0-20251209150349-8475f28825e9/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU= golang.org/x/exp/typeparams v0.0.0-20250718183923-645b1fa84792 h1:54/e+WfmhvjR2Zuz8Q7dzLGxIBM+s5WZpvo1QfVDGB8= golang.org/x/exp/typeparams v0.0.0-20250718183923-645b1fa84792/go.mod h1:LKZHyeOpPuZcMgxeHjJp4p5yvxrCX1xDvH10zYHhjjQ= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= -golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= +golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= +golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= -golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= -golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -493,17 +493,17 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= -golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 h1:E2/AqCUMZGgd73TQkxUMcMla25GB9i/5HOdLr+uH7Vo= -golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc h1:bH6xUXay0AIFMElXG2rQ4uiE+7ncwtiOdPfYK1NK2XA= +golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= -golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= +golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= +golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -511,16 +511,16 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= -golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= -golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= +golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= +golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= @@ -531,14 +531,14 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba h1:B14OtaXuMaCQsl2deSvNkyPKIzq3BjfxQp8d00QyWx4= -google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba/go.mod h1:G5IanEx8/PgI9w6CFcYQf7jMtHQhZruvfM1i3qOqk5U= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba h1:UKgtfRM7Yh93Sya0Fo8ZzhDP4qBckrrxEr2oF5UIVb8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2 h1:7LRqPCEdE4TP4/9psdaB7F2nhZFfBiGJomA5sojLWdU= +google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 h1:2I6GHUeJ/4shcDpoUlLs/2WPnhg7yJwvXtqcMJt9liA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= -google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= -google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -555,8 +555,8 @@ gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= honnef.co/go/tools v0.6.1 h1:R094WgE8K4JirYjBaOpz/AvTyUu/3wbmAoskKN/pxTI= honnef.co/go/tools v0.6.1/go.mod h1:3puzxxljPCe8RGJX7BIy1plGbxEOZni5mR2aXe3/uk4= -k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4= -k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= +k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= +k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= mvdan.cc/sh/v3 v3.12.0 h1:ejKUR7ONP5bb+UGHGEG/k9V5+pRVIyD+LsZz7o8KHrI= mvdan.cc/sh/v3 v3.12.0/go.mod h1:Se6Cj17eYSn+sNooLZiEUnNNmNxg0imoYlTu4CyaGyg= pault.ag/go/debian v0.18.0 h1:nr0iiyOU5QlG1VPnhZLNhnCcHx58kukvBJp+dvaM6CQ= diff --git a/test/go.mod b/test/go.mod index cda268ed..8e6c7f3d 100644 --- a/test/go.mod +++ b/test/go.mod @@ -12,31 +12,31 @@ require ( ) require ( - buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1 // indirect + buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1 // indirect cel.dev/expr v0.25.1 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/TecharoHQ/thoth-proto v0.5.0 // indirect github.com/a-h/templ v0.3.960 // indirect github.com/antlr4-go/antlr/v4 v4.13.1 // indirect - github.com/aws/aws-sdk-go-v2 v1.40.0 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 // indirect - github.com/aws/aws-sdk-go-v2/config v1.32.1 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.19.1 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 // indirect + github.com/aws/aws-sdk-go-v2 v1.41.0 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect + github.com/aws/aws-sdk-go-v2/config v1.32.5 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.19.5 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.92.0 // indirect - github.com/aws/aws-sdk-go-v2/service/signin v1.0.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.30.4 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.41.1 // indirect - github.com/aws/smithy-go v1.23.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2 // indirect + github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 // indirect + github.com/aws/smithy-go v1.24.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/containerd/errdefs v1.0.0 // indirect @@ -72,11 +72,11 @@ require ( github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect github.com/prometheus/client_golang v1.23.2 // indirect github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/common v0.67.2 // indirect + github.com/prometheus/common v0.67.4 // indirect github.com/prometheus/procfs v0.19.2 // indirect - github.com/redis/go-redis/v9 v9.17.0 // indirect + github.com/redis/go-redis/v9 v9.17.2 // indirect github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a // indirect - github.com/shirou/gopsutil/v4 v4.25.10 // indirect + github.com/shirou/gopsutil/v4 v4.25.11 // indirect github.com/stoewer/go-strcase v1.3.1 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect go.etcd.io/bbolt v1.4.3 // indirect @@ -87,16 +87,16 @@ require ( go.opentelemetry.io/otel/metric v1.38.0 // indirect go.opentelemetry.io/otel/trace v1.38.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect - golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6 // indirect - golang.org/x/net v0.47.0 // indirect - golang.org/x/sys v0.38.0 // indirect - golang.org/x/text v0.31.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba // indirect + golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 // indirect google.golang.org/grpc v1.77.0 // indirect - google.golang.org/protobuf v1.36.10 // indirect + google.golang.org/protobuf v1.36.11 // indirect gotest.tools/v3 v3.5.2 // indirect - k8s.io/apimachinery v0.34.2 // indirect + k8s.io/apimachinery v0.34.3 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/test/go.sum b/test/go.sum index 76801529..8cca9c24 100644 --- a/test/go.sum +++ b/test/go.sum @@ -1,5 +1,5 @@ -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1 h1:31on4W/yPcV4nZHL4+UCiCvLPsMqe/vJcNg8Rci0scc= -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1/go.mod h1:fUl8CEN/6ZAMk6bP8ahBJPUJw7rbp+j4x+wCcYi2IG4= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1 h1:j9yeqTWEFrtimt8Nng2MIeRrpoCvQzM9/g25XTvqUGg= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1/go.mod h1:tvtbpgaVXZX4g6Pn+AnzFycuRK3MOz5HJfEGeEllXYM= cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4= cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= @@ -16,44 +16,44 @@ github.com/a-h/templ v0.3.960 h1:trshEpGa8clF5cdI39iY4ZrZG8Z/QixyzEyUnA7feTM= github.com/a-h/templ v0.3.960/go.mod h1:oCZcnKRf5jjsGpf2yELzQfodLphd2mwecwG4Crk5HBo= github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= -github.com/aws/aws-sdk-go-v2 v1.40.0 h1:/WMUA0kjhZExjOQN2z3oLALDREea1A7TobfuiBrKlwc= -github.com/aws/aws-sdk-go-v2 v1.40.0/go.mod h1:c9pm7VwuW0UPxAEYGyTmyurVcNrbF6Rt/wixFqDhcjE= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 h1:DHctwEM8P8iTXFxC/QK0MRjwEpWQeM9yzidCRjldUz0= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3/go.mod h1:xdCzcZEtnSTKVDOmUZs4l/j3pSV6rpo1WXl5ugNsL8Y= -github.com/aws/aws-sdk-go-v2/config v1.32.1 h1:iODUDLgk3q8/flEC7ymhmxjfoAnBDwEEYEVyKZ9mzjU= -github.com/aws/aws-sdk-go-v2/config v1.32.1/go.mod h1:xoAgo17AGrPpJBSLg81W+ikM0cpOZG8ad04T2r+d5P0= -github.com/aws/aws-sdk-go-v2/credentials v1.19.1 h1:JeW+EwmtTE0yXFK8SmklrFh/cGTTXsQJumgMZNlbxfM= -github.com/aws/aws-sdk-go-v2/credentials v1.19.1/go.mod h1:BOoXiStwTF+fT2XufhO0Efssbi1CNIO/ZXpZu87N0pw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 h1:WZVR5DbDgxzA0BJeudId89Kmgy6DIU4ORpxwsVHz0qA= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14/go.mod h1:Dadl9QO0kHgbrH1GRqGiZdYtW5w+IXXaBNCHTIaheM4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 h1:PZHqQACxYb8mYgms4RZbhZG0a7dPW06xOjmaH0EJC/I= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14/go.mod h1:VymhrMJUWs69D8u0/lZ7jSB6WgaG/NqHi3gX0aYf6U0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 h1:bOS19y6zlJwagBfHxs0ESzr1XCOU2KXJCWcq3E2vfjY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14/go.mod h1:1ipeGBMAxZ0xcTm6y6paC2C/J6f6OO7LBODV9afuAyM= +github.com/aws/aws-sdk-go-v2 v1.41.0 h1:tNvqh1s+v0vFYdA1xq0aOJH+Y5cRyZ5upu6roPgPKd4= +github.com/aws/aws-sdk-go-v2 v1.41.0/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 h1:489krEF9xIGkOaaX3CE/Be2uWjiXrkCH6gUX+bZA/BU= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4/go.mod h1:IOAPF6oT9KCsceNTvvYMNHy0+kMF8akOjeDvPENWxp4= +github.com/aws/aws-sdk-go-v2/config v1.32.5 h1:pz3duhAfUgnxbtVhIK39PGF/AHYyrzGEyRD9Og0QrE8= +github.com/aws/aws-sdk-go-v2/config v1.32.5/go.mod h1:xmDjzSUs/d0BB7ClzYPAZMmgQdrodNjPPhd6bGASwoE= +github.com/aws/aws-sdk-go-v2/credentials v1.19.5 h1:xMo63RlqP3ZZydpJDMBsH9uJ10hgHYfQFIk1cHDXrR4= +github.com/aws/aws-sdk-go-v2/credentials v1.19.5/go.mod h1:hhbH6oRcou+LpXfA/0vPElh/e0M3aFeOblE1sssAAEk= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 h1:80+uETIWS1BqjnN9uJ0dBUaETh+P1XwFy5vwHwK5r9k= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16/go.mod h1:wOOsYuxYuB/7FlnVtzeBYRcjSRtQpAW0hCP7tIULMwo= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 h1:rgGwPzb82iBYSvHMHXc8h9mRoOUBZIGFgKb9qniaZZc= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16/go.mod h1:L/UxsGeKpGoIj6DxfhOWHWQ/kGKcd4I1VncE4++IyKA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 h1:1jtGzuV7c82xnqOVfx2F0xmJcOw5374L7N6juGW6x6U= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16/go.mod h1:M2E5OQf+XLe+SZGmmpaI2yy+J326aFf6/+54PoxSANc= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 h1:ITi7qiDSv/mSGDSWNpZ4k4Ve0DQR6Ug2SJQ8zEHoDXg= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14/go.mod h1:k1xtME53H1b6YpZt74YmwlONMWf4ecM+lut1WQLAF/U= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 h1:x2Ibm/Af8Fi+BH+Hsn9TXGdT+hKbDd5XOTZxTMxDk7o= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3/go.mod h1:IW1jwyrQgMdhisceG8fQLmQIydcT/jWY21rFhzgaKwo= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 h1:Hjkh7kE6D81PgrHlE/m9gx+4TyyeLHuY8xJs7yXN5C4= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5/go.mod h1:nPRXgyCfAurhyaTMoBMwRBYBhaHI4lNPAnJmjM0Tslc= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 h1:FIouAnCE46kyYqyhs0XEBDFFSREtdnr8HQuLPQPLCrY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14/go.mod h1:UTwDc5COa5+guonQU8qBikJo1ZJ4ln2r1MkF7Dqag1E= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14 h1:FzQE21lNtUor0Fb7QNgnEyiRCBlolLTX/Z1j65S7teM= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14/go.mod h1:s1ydyWG9pm3ZwmmYN21HKyG9WzAZhYVW85wMHs5FV6w= -github.com/aws/aws-sdk-go-v2/service/s3 v1.92.0 h1:8FshVvnV2sr9kOSAbOnc/vwVmmAwMjOedKH6JW2ddPM= -github.com/aws/aws-sdk-go-v2/service/s3 v1.92.0/go.mod h1:wYNqY3L02Z3IgRYxOBPH9I1zD9Cjh9hI5QOy/eOjQvw= -github.com/aws/aws-sdk-go-v2/service/signin v1.0.1 h1:BDgIUYGEo5TkayOWv/oBLPphWwNm/A91AebUjAu5L5g= -github.com/aws/aws-sdk-go-v2/service/signin v1.0.1/go.mod h1:iS6EPmNeqCsGo+xQmXv0jIMjyYtQfnwg36zl2FwEouk= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.4 h1:U//SlnkE1wOQiIImxzdY5PXat4Wq+8rlfVEw4Y7J8as= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.4/go.mod h1:av+ArJpoYf3pgyrj6tcehSFW+y9/QvAY8kMooR9bZCw= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.9 h1:LU8S9W/mPDAU9q0FjCLi0TrCheLMGwzbRpvUMwYspcA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.9/go.mod h1:/j67Z5XBVDx8nZVp9EuFM9/BS5dvBznbqILGuu73hug= -github.com/aws/aws-sdk-go-v2/service/sts v1.41.1 h1:GdGmKtG+/Krag7VfyOXV17xjTCz0i9NT+JnqLTOI5nA= -github.com/aws/aws-sdk-go-v2/service/sts v1.41.1/go.mod h1:6TxbXoDSgBQ225Qd8Q+MbxUxUh6TtNKwbRt/EPS9xso= -github.com/aws/smithy-go v1.23.2 h1:Crv0eatJUQhaManss33hS5r40CG3ZFH+21XSkqMrIUM= -github.com/aws/smithy-go v1.23.2/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16 h1:CjMzUs78RDDv4ROu3JnJn/Ig1r6ZD7/T2DXLLRpejic= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16/go.mod h1:uVW4OLBqbJXSHJYA9svT9BluSvvwbzLQ2Crf6UPzR3c= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 h1:DIBqIrJ7hv+e4CmIk2z3pyKT+3B6qVMgRsawHiR3qso= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7/go.mod h1:vLm00xmBke75UmpNvOcZQ/Q30ZFjbczeLFqGx5urmGo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 h1:oHjJHeUy0ImIV0bsrX0X91GkV5nJAyv1l1CC9lnO0TI= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16/go.mod h1:iRSNGgOYmiYwSCXxXaKb9HfOEj40+oTKn8pTxMlYkRM= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 h1:NSbvS17MlI2lurYgXnCOLvCFX38sBW4eiVER7+kkgsU= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16/go.mod h1:SwT8Tmqd4sA6G1qaGdzWCJN99bUmPGHfRwwq3G5Qb+A= +github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2 h1:U3ygWUhCpiSPYSHOrRhb3gOl9T5Y3kB8k5Vjs//57bE= +github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2/go.mod h1:79S2BdqCJpScXZA2y+cpZuocWsjGjJINyXnOsf5DTz8= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 h1:HpI7aMmJ+mm1wkSHIA2t5EaFFv5EFYXePW30p1EIrbQ= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.4/go.mod h1:C5RdGMYGlfM0gYq/tifqgn4EbyX99V15P2V3R+VHbQU= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 h1:eYnlt6QxnFINKzwxP5/Ucs1vkG7VT3Iezmvfgc2waUw= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.7/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 h1:AHDr0DaHIAo8c9t1emrzAlVDFp+iMMKnPdYy6XO4MCE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12/go.mod h1:GQ73XawFFiWxyWXMHWfhiomvP3tXtdNar/fi8z18sx0= +github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 h1:SciGFVNZ4mHdm7gpD1dgZYnCuVdX1s+lFTg4+4DOy70= +github.com/aws/aws-sdk-go-v2/service/sts v1.41.5/go.mod h1:iW40X4QBmUxdP+fZNOpfmkdMZqsovezbAeO+Ubiv2pk= +github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk= +github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs= @@ -187,18 +187,18 @@ github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.67.2 h1:PcBAckGFTIHt2+L3I33uNRTlKTplNzFctXcWhPyAEN8= -github.com/prometheus/common v0.67.2/go.mod h1:63W3KZb1JOKgcjlIr64WW/LvFGAqKPj0atm+knVGEko= +github.com/prometheus/common v0.67.4 h1:yR3NqWO1/UyO1w2PhUvXlGQs/PtFmoveVO0KZ4+Lvsc= +github.com/prometheus/common v0.67.4/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI= github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= -github.com/redis/go-redis/v9 v9.17.0 h1:K6E+ZlYN95KSMmZeEQPbU/c++wfmEvfFB17yEAq/VhM= -github.com/redis/go-redis/v9 v9.17.0/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370= +github.com/redis/go-redis/v9 v9.17.2 h1:P2EGsA4qVIM3Pp+aPocCJ7DguDHhqrXNhVcEp4ViluI= +github.com/redis/go-redis/v9 v9.17.2/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a h1:iLcLb5Fwwz7g/DLK89F+uQBDeAhHhwdzB5fSlVdhGcM= github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a/go.mod h1:wozgYq9WEBQBaIJe4YZ0qTSFAMxmcwBhQH0fO0R34Z0= -github.com/shirou/gopsutil/v4 v4.25.10 h1:at8lk/5T1OgtuCp+AwrDofFRjnvosn0nkN2OLQ6g8tA= -github.com/shirou/gopsutil/v4 v4.25.10/go.mod h1:+kSwyC8DRUD9XXEHCAFjK+0nuArFJM0lva+StQAcskM= +github.com/shirou/gopsutil/v4 v4.25.11 h1:X53gB7muL9Gnwwo2evPSE+SfOrltMoR6V3xJAXZILTY= +github.com/shirou/gopsutil/v4 v4.25.11/go.mod h1:EivAfP5x2EhLp2ovdpKSozecVXn1TmuG7SMzs/Wh4PU= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs= @@ -213,10 +213,10 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/testcontainers/testcontainers-go v0.40.0 h1:pSdJYLOVgLE8YdUY2FHQ1Fxu+aMnb6JfVz1mxk7OeMU= github.com/testcontainers/testcontainers-go v0.40.0/go.mod h1:FSXV5KQtX2HAMlm7U3APNyLkkap35zNLxukw9oBi/MY= -github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4= -github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4= -github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso= -github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ= +github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA= +github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI= +github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw= +github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ= github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo= @@ -247,34 +247,34 @@ go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU= -golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc= -golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6 h1:zfMcR1Cs4KNuomFFgGefv5N0czO2XZpUbxGUy8i8ug0= -golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6/go.mod h1:46edojNIoXTNOhySWIWdix628clX9ODXwPsQuG6hsK0= -golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= -golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= -golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= -golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= +golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 h1:MDfG8Cvcqlt9XXrmEiD4epKn7VJHZO84hejP9Jmp0MM= +golang.org/x/exp v0.0.0-20251209150349-8475f28825e9/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= -golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= -golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba h1:B14OtaXuMaCQsl2deSvNkyPKIzq3BjfxQp8d00QyWx4= -google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba/go.mod h1:G5IanEx8/PgI9w6CFcYQf7jMtHQhZruvfM1i3qOqk5U= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba h1:UKgtfRM7Yh93Sya0Fo8ZzhDP4qBckrrxEr2oF5UIVb8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2 h1:7LRqPCEdE4TP4/9psdaB7F2nhZFfBiGJomA5sojLWdU= +google.golang.org/genproto/googleapis/api v0.0.0-20251213004720-97cd9d5aeac2/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 h1:2I6GHUeJ/4shcDpoUlLs/2WPnhg7yJwvXtqcMJt9liA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= -google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= -google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -285,8 +285,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= -k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4= -k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= +k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= +k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= From 122e4bc072fc1492bcc7dbb7b6622ff042fe458a Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Tue, 16 Dec 2025 04:14:29 -0500 Subject: [PATCH 04/24] feat: first implementation of honeypot logic (#1342) * feat: first implementation of honeypot logic This is a bit of an experiment, stick with me. The core idea here is that badly written crawlers are that: badly written. They look for anything that contains `` tags and will blindly use those values to recurse. This takes advantage of that by hiding a link in a ` ``` Browsers will ignore it because they have no handler for the "ignore" script type. This current draft is very unoptimized (it takes like 7 seconds to generate a page on my tower), however switching spintax libraries will make this much faster. The hope is to make this pluggable with WebAssembly such that we force administrators to choose a storage method. First we crawl before we walk. The AI involvement in this commit is limited to the spintax in affirmations.txt, spintext.txt, and titles.txt. This generates a bunch of "pseudoprofound bullshit" like the following: > This Restoration to Balance & Alignment > > There's a moment when creators are being called to realize that the work > can't be reduced to results, but about energy. We don't innovate products > by pushing harder, we do it by holding the vision. Because momentum can't > be forced, it unfolds over time when culture are moving in the same > direction. We're being invited into a paradigm shift in how we think > about innovation. [...] This is intended to "look" like normal article text. As this is a first draft, this sucks and will be improved upon. Assisted-by: GLM 4.6, ChatGPT, GPT-OSS 120b Signed-off-by: Xe Iaso * fix(honeypot/naive): optimize hilariously Signed-off-by: Xe Iaso * feat(honeypot/naive): attempt to automatically filter out based on crawling Signed-off-by: Xe Iaso * fix(lib): use mazeGen instead of bsGen Signed-off-by: Xe Iaso * docs: add honeypot docs Signed-off-by: Xe Iaso * chore(test): go mod tidy Signed-off-by: Xe Iaso * chore: fix spelling metadata Signed-off-by: Xe Iaso * chore: spelling Signed-off-by: Xe Iaso --------- Signed-off-by: Xe Iaso --- .github/actions/spelling/allow.txt | 6 + .github/actions/spelling/expect.txt | 11 +- docs/docs/CHANGELOG.md | 6 + docs/docs/admin/honeypot/_category_.json | 8 + docs/docs/admin/honeypot/overview.mdx | 40 ++++ go.mod | 1 + go.sum | 2 + internal/clampip.go | 33 +++ internal/clampip_test.go | 274 +++++++++++++++++++++++ internal/headers.go | 13 +- internal/honeypot/honeypot.go | 23 ++ internal/honeypot/naive/100bytes.css | 7 + internal/honeypot/naive/affirmations.txt | 1 + internal/honeypot/naive/naive.go | 206 +++++++++++++++++ internal/honeypot/naive/page.templ | 36 +++ internal/honeypot/naive/page_templ.go | 160 +++++++++++++ internal/honeypot/naive/spintext.txt | 1 + internal/honeypot/naive/titles.txt | 1 + lib/config.go | 28 +++ lib/policy/checker/checker.go | 8 + test/go.mod | 1 + test/go.sum | 2 + web/index.go | 11 + web/index.templ | 2 + web/index_templ.go | 171 +++++++------- 25 files changed, 968 insertions(+), 84 deletions(-) create mode 100644 docs/docs/admin/honeypot/_category_.json create mode 100644 docs/docs/admin/honeypot/overview.mdx create mode 100644 internal/clampip.go create mode 100644 internal/clampip_test.go create mode 100644 internal/honeypot/honeypot.go create mode 100644 internal/honeypot/naive/100bytes.css create mode 100644 internal/honeypot/naive/affirmations.txt create mode 100644 internal/honeypot/naive/naive.go create mode 100644 internal/honeypot/naive/page.templ create mode 100644 internal/honeypot/naive/page_templ.go create mode 100644 internal/honeypot/naive/spintext.txt create mode 100644 internal/honeypot/naive/titles.txt diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index ded78103..5e3002bf 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -12,3 +12,9 @@ maintnotifications azurediamond cooldown verifyfcrdns +Spintax +spintax +clampip +pseudoprofound +reimagining +iocaine diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index e6c21402..f2e4540b 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -1,4 +1,3 @@ - acs Actorified actorifiedstore @@ -398,3 +397,13 @@ Zenos zizmor zombocom zos +GLM +iocaine +nikandfor +pagegen +pseudoprofound +reimagining +Rhul +shoneypot +spammer +Y'shtola diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index a6c4b01e..9ad46f2e 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -28,6 +28,12 @@ Anubis is back and better than ever! Lots of minor fixes with some big ones inte - Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283)) - Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures. +### Dataset poisoning + +Anubis has the ability to engage in [dataset poisoning attacks](https://www.anthropic.com/research/small-samples-poison) using the [dataset poisoning subsystem](./admin/honeypot/overview.mdx). This allows every Anubis instance to be a honeypot to attract and flag abusive scrapers so that no administrator action is required to ban them. + +There is much more information about this feature in [the dataset poisoning subsystem documentation](./admin/honeypot/overview.mdx). Administrators that are interested in learning how this feature works should consult that documentation. + ### Deprecate `report_as` in challenge configuration Previously Anubis let you lie to users about the difficulty of a challenge to interfere with operators of malicious scrapers as a psychological attack: diff --git a/docs/docs/admin/honeypot/_category_.json b/docs/docs/admin/honeypot/_category_.json new file mode 100644 index 00000000..bc0581e9 --- /dev/null +++ b/docs/docs/admin/honeypot/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Honeypot", + "position": 40, + "link": { + "type": "generated-index", + "description": "Honeypot features in Anubis, allowing Anubis to passively detect malicious crawlers." + } +} \ No newline at end of file diff --git a/docs/docs/admin/honeypot/overview.mdx b/docs/docs/admin/honeypot/overview.mdx new file mode 100644 index 00000000..4ff18d60 --- /dev/null +++ b/docs/docs/admin/honeypot/overview.mdx @@ -0,0 +1,40 @@ +--- +title: Dataset poisoning +--- + +Anubis offers the ability to participate in [dataset poisoning](https://www.anthropic.com/research/small-samples-poison) attacks similar to what [iocaine](https://iocaine.madhouse-project.org/) and other similar tools offer. Currently this is in a preview state where a lot of details are hard-coded in order to test the viability of this approach. + +In essence, when Anubis challenge and error pages are rendered they include a small bit of HTML code that browsers will ignore but scrapers will interpret as a link to ingest. This will then create a small forest of recursive nothing pages that are designed according to the following principles: + +- These pages are _cheap_ to render, rendering in at most ten milliseconds on decently specced hardware. +- These pages are _vacuous_, meaning that they essentially are devoid of content such that a human would find it odd and click away, but a scraper would not be able to know that and would continue through the forest. +- These pages are _fairly large_ so that scrapers don't think that the pages are error pages or are otherwise devoid of content. +- These pages are _fully self-contained_ so that they load fast without incurring additional load from resource fetches. + +In this limited preview state, Anubis generates pages using [spintax](https://outboundly.ai/blogs/what-is-spintax-and-how-to-use-it/). Spintax is a syntax that is used to create different variants of utterances for use in marketing messages and email spam that evades word filtering. In its current form, Anubis' dataset poisoning has AI generated spintax that generates vapid LinkedIn posts with some western occultism thrown in for good measure. This results in utterances like the following: + +> There's a moment when visionaries are being called to realize that the work can't be reduced to optimization, but about resonance. We don't transform products by grinding endlessly, we do it by holding the vision. Because meaning can't be forced, it unfolds over time when culture are in integrity. This moment represents a fundamental reimagining in how we think about work. This isn't a framework, it's a lived truth that requires courage. When we get honest, we activate nonlinear growth that don't show up in dashboards, but redefine success anyway. + +This should be fairly transparent to humans that this is pseudoprofound anti-content and is a signal to click away. + +## Plans + +Future versions of this feature will allow for more customization. In the near future this will be configurable via the following mechanisms: + +- WebAssembly logic for customizing how the poisoning data is generated (with examples including the existing spintax method). +- Weight thresholds and logic for how they are interpreted by Anubis. +- Other configuration settings as facts and circumstances dictate. + +## Implementation notes + +In its current implementation, the Anubis dataset poisoning feature has the following flaws that may hinder production deployments: + +- All Anubis instances use the same method for generating dataset poisoning information. This may be easy for malicious actors to detect and ignore. +- Anubis dataset poisoning routes are under the `/.within.website/x/cmd/anubis` URL hierarchy. This may be easy for malicious actors to detect and ignore. + +Right now Anubis assigns 30 weight points if the following criteria are met: + +- A client's User-Agent has been observed in the dataset poisoning maze at least 25 times. +- The network-clamped IP address (/24 for IPv4 and /48 for IPv6) has been observed in the dataset poisoning maze at least 25 times. + +Additionally, when any given client by both User-Agent and network-clamped IP address has been observed, Anubis will emit log lines warning about it so that administrative action can be taken up to and including [filing abuse reports with the network owner](/blog/2025/file-abuse-reports). diff --git a/go.mod b/go.mod index 28f60c69..ac48abd9 100644 --- a/go.mod +++ b/go.mod @@ -20,6 +20,7 @@ require ( github.com/joho/godotenv v1.5.1 github.com/lum8rjack/go-ja4h v0.0.0-20250828030157-fa5266d50650 github.com/nicksnyder/go-i18n/v2 v2.6.0 + github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3 github.com/playwright-community/playwright-go v0.5200.1 github.com/prometheus/client_golang v1.23.2 github.com/redis/go-redis/v9 v9.17.2 diff --git a/go.sum b/go.sum index ea8e6f91..e8a4615b 100644 --- a/go.sum +++ b/go.sum @@ -320,6 +320,8 @@ github.com/natefinch/atomic v1.0.1 h1:ZPYKxkqQOx3KZ+RsbnP/YsgvxWQPGxjC0oBt2AhwV0 github.com/natefinch/atomic v1.0.1/go.mod h1:N/D/ELrljoqDyT3rZrsUmtsuzvHkeB/wWjHV22AZRbM= github.com/nicksnyder/go-i18n/v2 v2.6.0 h1:C/m2NNWNiTB6SK4Ao8df5EWm3JETSTIGNXBpMJTxzxQ= github.com/nicksnyder/go-i18n/v2 v2.6.0/go.mod h1:88sRqr0C6OPyJn0/KRNaEz1uWorjxIKP7rUUcvycecE= +github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3 h1:foZ9X1bz2KmW7b8Yx5V0LAQKhTazdllv5rnGUe6iGTY= +github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3/go.mod h1:wwDYKfVF3WHdY0rugsAZoIpyQjDA3bn9wEzo/QXPx1Y= github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= diff --git a/internal/clampip.go b/internal/clampip.go new file mode 100644 index 00000000..e8220ab5 --- /dev/null +++ b/internal/clampip.go @@ -0,0 +1,33 @@ +package internal + +import "net/netip" + +func ClampIP(addr netip.Addr) (netip.Prefix, bool) { + switch { + case addr.Is4(): + result, err := addr.Prefix(24) + if err != nil { + return netip.Prefix{}, false + } + return result, true + + case addr.Is4In6(): + // Extract the IPv4 address from IPv4-mapped IPv6 and clamp it + ipv4 := addr.Unmap() + result, err := ipv4.Prefix(24) + if err != nil { + return netip.Prefix{}, false + } + return result, true + + case addr.Is6(): + result, err := addr.Prefix(48) + if err != nil { + return netip.Prefix{}, false + } + return result, true + + default: + return netip.Prefix{}, false + } +} diff --git a/internal/clampip_test.go b/internal/clampip_test.go new file mode 100644 index 00000000..ffdb53a4 --- /dev/null +++ b/internal/clampip_test.go @@ -0,0 +1,274 @@ +package internal + +import ( + "net/netip" + "testing" +) + +func TestClampIP(t *testing.T) { + tests := []struct { + name string + input string + expected string + }{ + // IPv4 addresses + { + name: "IPv4 normal address", + input: "192.168.1.100", + expected: "192.168.1.0/24", + }, + { + name: "IPv4 boundary - network address", + input: "192.168.1.0", + expected: "192.168.1.0/24", + }, + { + name: "IPv4 boundary - broadcast address", + input: "192.168.1.255", + expected: "192.168.1.0/24", + }, + { + name: "IPv4 class A address", + input: "10.0.0.1", + expected: "10.0.0.0/24", + }, + { + name: "IPv4 loopback", + input: "127.0.0.1", + expected: "127.0.0.0/24", + }, + { + name: "IPv4 link-local", + input: "169.254.0.1", + expected: "169.254.0.0/24", + }, + { + name: "IPv4 public address", + input: "203.0.113.1", + expected: "203.0.113.0/24", + }, + + // IPv6 addresses + { + name: "IPv6 normal address", + input: "2001:db8::1", + expected: "2001:db8::/48", + }, + { + name: "IPv6 with full expansion", + input: "2001:0db8:0000:0000:0000:0000:0000:0001", + expected: "2001:db8::/48", + }, + { + name: "IPv6 loopback", + input: "::1", + expected: "::/48", + }, + { + name: "IPv6 unspecified address", + input: "::", + expected: "::/48", + }, + { + name: "IPv6 link-local", + input: "fe80::1", + expected: "fe80::/48", + }, + { + name: "IPv6 unique local", + input: "fc00::1", + expected: "fc00::/48", + }, + { + name: "IPv6 documentation prefix", + input: "2001:db8:abcd:ef01::1234", + expected: "2001:db8:abcd::/48", + }, + { + name: "IPv6 global unicast", + input: "2606:4700:4700::1111", + expected: "2606:4700:4700::/48", + }, + { + name: "IPv6 multicast", + input: "ff02::1", + expected: "ff02::/48", + }, + + // IPv4-mapped IPv6 addresses + { + name: "IPv4-mapped IPv6 address", + input: "::ffff:192.168.1.100", + expected: "192.168.1.0/24", + }, + { + name: "IPv4-mapped IPv6 with different format", + input: "::ffff:10.0.0.1", + expected: "10.0.0.0/24", + }, + { + name: "IPv4-mapped IPv6 loopback", + input: "::ffff:127.0.0.1", + expected: "127.0.0.0/24", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + addr := netip.MustParseAddr(tt.input) + + result, ok := ClampIP(addr) + if !ok { + t.Fatalf("ClampIP(%s) returned false, want true", tt.input) + } + + if result.String() != tt.expected { + t.Errorf("ClampIP(%s) = %s, want %s", tt.input, result.String(), tt.expected) + } + }) + } +} + +func TestClampIPSuccess(t *testing.T) { + // Test that valid inputs return success + tests := []struct { + name string + input string + }{ + { + name: "IPv4 address", + input: "192.168.1.100", + }, + { + name: "IPv6 address", + input: "2001:db8::1", + }, + { + name: "IPv4-mapped IPv6", + input: "::ffff:192.168.1.100", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + addr := netip.MustParseAddr(tt.input) + + result, ok := ClampIP(addr) + if !ok { + t.Fatalf("ClampIP(%s) returned false, want true", tt.input) + } + + // For valid inputs, we should get the clamped prefix + if addr.Is4() || addr.Is4In6() { + if result.Bits() != 24 { + t.Errorf("Expected 24 bits for IPv4, got %d", result.Bits()) + } + } else if addr.Is6() { + if result.Bits() != 48 { + t.Errorf("Expected 48 bits for IPv6, got %d", result.Bits()) + } + } + }) + } +} + +func TestClampIPZeroValue(t *testing.T) { + // Test that when ClampIP fails, it returns zero value + // Note: It's hard to make addr.Prefix() fail with valid inputs, + // so this test demonstrates the expected behavior + addr := netip.MustParseAddr("192.168.1.100") + + // Manually create a zero value for comparison + zeroPrefix := netip.Prefix{} + + // Call ClampIP - it should succeed with valid input + result, ok := ClampIP(addr) + + // Verify the function succeeded + if !ok { + t.Error("ClampIP should succeed with valid input") + } + + // Verify that the result is not a zero value + if result == zeroPrefix { + t.Error("Result should not be zero value for successful operation") + } +} + +func TestClampIPSpecialCases(t *testing.T) { + tests := []struct { + name string + input string + expectedPrefix int + expectedNetwork string + }{ + { + name: "Minimum IPv4", + input: "0.0.0.0", + expectedPrefix: 24, + expectedNetwork: "0.0.0.0", + }, + { + name: "Maximum IPv4", + input: "255.255.255.255", + expectedPrefix: 24, + expectedNetwork: "255.255.255.0", + }, + { + name: "Minimum IPv6", + input: "::", + expectedPrefix: 48, + expectedNetwork: "::", + }, + { + name: "Maximum IPv6 prefix part", + input: "ffff:ffff:ffff::", + expectedPrefix: 48, + expectedNetwork: "ffff:ffff:ffff::", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + addr := netip.MustParseAddr(tt.input) + + result, ok := ClampIP(addr) + if !ok { + t.Fatalf("ClampIP(%s) returned false, want true", tt.input) + } + + if result.Bits() != tt.expectedPrefix { + t.Errorf("ClampIP(%s) bits = %d, want %d", tt.input, result.Bits(), tt.expectedPrefix) + } + + if result.Addr().String() != tt.expectedNetwork { + t.Errorf("ClampIP(%s) network = %s, want %s", tt.input, result.Addr().String(), tt.expectedNetwork) + } + }) + } +} + +// Benchmark to ensure the function is performant +func BenchmarkClampIP(b *testing.B) { + ipv4 := netip.MustParseAddr("192.168.1.100") + ipv6 := netip.MustParseAddr("2001:db8::1") + ipv4mapped := netip.MustParseAddr("::ffff:192.168.1.100") + + b.Run("IPv4", func(b *testing.B) { + for i := 0; i < b.N; i++ { + ClampIP(ipv4) + } + }) + + b.Run("IPv6", func(b *testing.B) { + for i := 0; i < b.N; i++ { + ClampIP(ipv6) + } + }) + + b.Run("IPv4-mapped", func(b *testing.B) { + for i := 0; i < b.N; i++ { + ClampIP(ipv4mapped) + } + }) +} \ No newline at end of file diff --git a/internal/headers.go b/internal/headers.go index 60e5371d..045f636a 100644 --- a/internal/headers.go +++ b/internal/headers.go @@ -1,6 +1,7 @@ package internal import ( + "context" "errors" "fmt" "log/slog" @@ -13,6 +14,13 @@ import ( "github.com/sebest/xff" ) +type realIPKey struct{} + +func RealIP(r *http.Request) (netip.Addr, bool) { + result, ok := r.Context().Value(realIPKey{}).(netip.Addr) + return result, ok +} + // TODO: move into config type XFFComputePreferences struct { StripPrivate bool @@ -77,6 +85,9 @@ func RemoteXRealIP(useRemoteAddress bool, bindNetwork string, next http.Handler) panic(err) // this should never happen } r.Header.Set("X-Real-Ip", host) + if addr, err := netip.ParseAddr(host); err == nil { + r = r.WithContext(context.WithValue(r.Context(), realIPKey{}, addr)) + } next.ServeHTTP(w, r) }) } @@ -129,8 +140,6 @@ func XForwardedForUpdate(stripPrivate bool, next http.Handler) http.Handler { } else { r.Header.Set("X-Forwarded-For", xffHeaderString) } - - slog.Debug("updating X-Forwarded-For", "original", origXFFHeader, "new", xffHeaderString) }) } diff --git a/internal/honeypot/honeypot.go b/internal/honeypot/honeypot.go new file mode 100644 index 00000000..f03b2db4 --- /dev/null +++ b/internal/honeypot/honeypot.go @@ -0,0 +1,23 @@ +package honeypot + +import ( + "time" + + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promauto" +) + +var Timings = promauto.NewHistogramVec(prometheus.HistogramOpts{ + Namespace: "anubis", + Subsystem: "honeypot", + Name: "pagegen_timings", + Help: "The amount of time honeypot page generation takes per method", + Buckets: prometheus.ExponentialBuckets(0.5, 2, 32), +}, []string{"method"}) + +type Info struct { + CreatedAt time.Time `json:"createdAt"` + UserAgent string `json:"userAgent"` + IPAddress string `json:"ipAddress"` + HitCount int `json:"hitCount"` +} diff --git a/internal/honeypot/naive/100bytes.css b/internal/honeypot/naive/100bytes.css new file mode 100644 index 00000000..7de70f3f --- /dev/null +++ b/internal/honeypot/naive/100bytes.css @@ -0,0 +1,7 @@ +html { + max-width: 70ch; + padding: 3em 1em; + margin: auto; + line-height: 1.75; + font-size: 1.25em; +} diff --git a/internal/honeypot/naive/affirmations.txt b/internal/honeypot/naive/affirmations.txt new file mode 100644 index 00000000..2b568fb9 --- /dev/null +++ b/internal/honeypot/naive/affirmations.txt @@ -0,0 +1 @@ +{Yeah|Yep|Yup|Yes|Absolutely|Definitely|Sure|Sounds|That's|I'm|I am|Totally|Completely|Right|Correct|Exactly|Perfectly|Certainly|Of course|Naturally|Indeed|Awesome|Sweet|Cool|Neat|Great|Excellent|Fantastic|Wonderful|Amazing|Love it|Nice|Right on|You bet|For sure|No doubt|Without a doubt|Undoubtedly|Positively|Surely|Truly|Really|Genuinely|Honestly|Frankly|Literally|Precisely|Spot on|On point|Ideally|Optimally|Superbly|Brilliantly|Marvelously|Splendidly|Magnificently|Phenomenally|Extraordinarily|Remarkably|Exceptionally|Outstandingly|Impressively|Stunningly|Breathtakingly|Astonishingly|Surprisingly|Pleasantly|Delightfully|Charmingly|Appealingly|Attractively|Invitingly|Encouragingly|Motivatingly|Inspiringly|Upliftingly|Positive|Optimistic|Supportive|Approving|Favorable|Enthusiastic|Eager|Willing|Ready|Prepared|Set|Go|Let's|Alright|Okay|Sure thing|No problem|You got it|Consider it done|Will do|Roger that|Copy that|Got it|Understood|Acknowledged|Noted|Confirmed|Agreed|Approved|Accepted|Endorsed|Backed|Championed} {sounds|looks|seems|feels|is|appears|comes across|strikes me|hits me|registers|resonates|clicks|makes sense|fits|works|functions|operates|performs|delivers|succeeds|achieves|accomplishes|excels|shines|stands out|impresses|satisfies|meets expectations|exceeds expectations|delights|pleases|gratifies|fulfills|completes|finishes|concludes|wraps up|finalizes|settles|resolves|solves|fixes|addresses|handles|manages|tackles|conquers|overcomes|defeats|beats|wins|triumphs|prevails|dominates|leads|guides|directs|steers|navigates|paves the way|opens doors|creates opportunities|makes possible|enables|allows|permits|facilitates|drives|pushes|propels|launches|initiates|starts|begins|commences|kicks off|gets going|moves forward|progresses|advances|develops|evolves|grows|expands|improves|enhances|upgrades|optimizes|refines|perfects|polishes} {good|great|perfect|excellent|wonderful|fantastic|amazing|awesome|fine|okay|alright|nice|cool|spot on|reasonable|about right|superb|brilliant|marvelous|splendid|magnificent|phenomenal|extraordinary|remarkable|exceptional|outstanding|impressive|stunning|breathtaking|astonishing|surprising|pleasant|delightful|charming|appealing|attractive|inviting|positive|optimistic|supportive|approving|favorable|enthusiastic|eager|willing|ready|prepared|set|solid|strong|robust|powerful|effective|efficient|productive|successful|fruitful|beneficial|valuable|useful|helpful|advantageous|profitable|rewarding|satisfying|gratifying|fulfilling|complete|whole|total|entire|full|thorough|comprehensive|exhaustive|detailed|precise|accurate|correct|right|true|valid|sound|logical|rational|practical|realistic|feasible|possible|doable|achievable|attainable|obtainable|reachable|accessible|available|present|arranged|organized|structured|planned|scheduled|timed|well positioned|strategically located|ideally situated|well suited|well matched|compatible|harmonious|balanced|proportional|symmetrical|aesthetic|beautiful|gorgeous|lovely|pretty|handsome|striking|dramatic|bold|confident|assertive|decisive|clear|obvious|apparent|evident|manifest|plain|simple|easy|straightforward|uncomplicated|complex|intricate|nuanced|subtle|refined|elegant|sophisticated|advanced|progressive|innovative|creative|original|unique|special|distinctive|memorable|unforgettable|significant|important|major|key|critical|essential|vital|crucial|fundamental|basic|primary|principal|main|chief|leading|top|best|finest|ultimate|supreme|paramount|foremost|world class|professional|expert|master|skilled|talented|gifted|intelligent|smart|clever|wise|knowledgeable|informed|educated|learned|scholarly|theoretical|practical|applied|hands on|experienced|seasoned|veteran|mature|visionary|prophetic|intuitive|perceptive|insightful|sage|profound|deep|meaningful|substantial|considerable|influential|resilient|tough|durable|lasting|permanent|enduring|timeless|classic|traditional|conventional|standard|regular|normal|typical|usual|common|ordinary|average|fair|decent|respectable|acceptable|satisfactory|adequate|sufficient|enough|plentiful|abundant|ample|generous|rich|wealthy|prosperous|thriving|flourishing|blooming|superior|higher|elevated|modern|contemporary|current|fresh|novel|rare|uncommon|legendary|famous|well known|celebrated|accredited|honored|awarded|decorated|distinguished|illustrious|prestigious|reputable|admired|revered|beloved|cherished|treasured|prized|precious|close|intimate|personal|private|individual|priceless|worthwhile} {to me|for me|with me|I agree|I like it|let's do it|count me in|I'm on board|I'm in|I'm up for it|I'm down for that|I'm all for it|I'm good with that|I'm happy with that|I'm cool with that|let's go with that|let's make it happen|that works|that'll work|sounds like a plan|that's a good idea|that's a great choice|I think so too|my thoughts exactly|you read my mind|couldn't agree more|absolutely right|you nailed it|let's go|game on|challenge accepted|say no more|you had me at hello|I'm sold|sign me up|be there|definitely|for sure|sounds good|looks good|seems good|feels good|is good|let's do this|time to rock|let's roll|here we go|off we go|moving forward|full steam ahead|all systems go|green light|clear for takeoff|ready when you are|on your mark|get set|let's begin|commence operation|initiate protocol|execute plan|implement strategy|deploy solution|activate system|engage process|start procedure|begin sequence|launch project|kick off event|open doors|make way|clear path|pave way|create opportunity|make possible|enable success|facilitate growth|support development|encourage progress|inspire change|motivate action|drive results|push boundaries|break barriers|overcome challenges|solve problems|fix issues|address concerns|handle situations|manage difficulties|tackle obstacles|conquer fears|defeat doubts|win battles|triumph over adversity|prevail against odds|rise above|excel beyond|achieve greatness|reach heights|attain goals|accomplish dreams|realize potential|fulfill destiny|complete journey|finish race|cross finish line|arrive at destination|reach summit|climb mountain|sail seas|fly skies|explore worlds|discover truths|find answers|solve mysteries|uncover secrets|reveal wonders|share insights|spread joy|create happiness|build relationships|strengthen bonds|foster community|grow together|learn constantly|improve daily|evolve continuously|adapt quickly|change rapidly|transform completely|renew fully|refresh completely|restart anew|begin again|start fresh|clean slate|new chapter|fresh start|bright future|promising tomorrow|better days|good times|great moments|wonderful experiences|fantastic adventures|amazing journeys|awesome memories|precious moments|valuable lessons|helpful advice|useful tips|practical solutions|effective strategies|successful methods|proven approaches|tested techniques|reliable systems|dependable support|consistent performance|steady progress|continuous improvement|ongoing development|perpetual growth|endless possibilities|unlimited potential|infinite opportunities|boundless horizons|vast expanses|wide ranges|broad spectrums|diverse options|multiple choices|various paths|different routes|alternative ways|other methods|additional approaches|extra techniques|supplementary tools|auxiliary resources|backup plans|contingency options|emergency measures|safety nets|security blankets|comfort zones|safe spaces|peaceful havens|tranquil sanctuaries|serene environments|calm atmospheres|relaxed vibes|easy feelings|comfortable sensations|pleasant experiences|enjoyable moments|delightful times|charming encounters|appealing situations|attractive prospects|inviting opportunities|encouraging signs|motivating factors|inspiring elements|uplifting aspects|positive features|optimistic views|encouraging outlooks|supportive attitudes|approving perspectives|favorable opinions|enthusiastic responses|eager reactions|willing participants|ready volunteers|prepared individuals|set teams|organized groups|structured units|planned initiatives|scheduled events|timed activities|well positioned assets|strategically located resources|ideally situated elements|perfectly suited components|well matched partners|compatible collaborations|harmonious relationships|balanced arrangements|proportional distributions|symmetrical designs|aesthetic presentations|beautiful displays|gorgeous exhibitions|lovely shows|pretty sights|attractive views|striking scenes|dramatic performances|bold statements|confident expressions|decisive actions|clear communications|obvious demonstrations|apparent revelations|evident truths|manifest realities|plain facts|simple solutions|easy implementations|straightforward processes|uncomplicated procedures|complex systems|intricate networks|detailed analyses|nuanced discussions|subtle distinctions|refined approaches|elegant solutions|sophisticated methods|advanced technologies|progressive ideas|innovative concepts|creative designs|original works|unique creations|special projects|distinctive features|memorable experiences|unforgettable moments|legendary achievements|famous accomplishments|well recognized contributions|acknowledged impacts|celebrated successes|acclaimed performances|honored achievements|awarded excellence|decorated heroes|distinguished leaders|illustrious careers|prestigious positions|reputable organizations|respected institutions|admired figures|revered icons|beloved personalities|cherished treasures|valued possessions|prized collections|precious artifacts|dear friends|close companions|intimate partners|personal connections|individual expressions|unique perspectives|special talents|one of a kind gifts|irreplaceable values|invaluable insights|priceless wisdom|worthwhile endeavors|valuable investments|useful tools|beneficial resources|helpful services|advantageous positions|profitable ventures|rewarding careers|satisfying lives|gratifying experiences|fulfilling purposes|complete beings|whole persons|total entities|entire systems|full cycles|perfect circles|ideal forms|ultimate goals|best practices|finest qualities|supreme achievements|excellent results|outstanding performances|superior outcomes|exceptional contributions|remarkable discoveries|extraordinary breakthroughs|special recognitions|unique innovations|distinctive designs|memorable impacts|impressive feats|dramatic transformations|powerful changes|strong foundations|effective actions|efficient operations|successful missions|productive endeavors|fruitful partnerships|beneficial collaborations|valuable connections|helpful networks|worthwhile projects|rewarding adventures|satisfying journeys|gratifying accomplishments|fulfilling destinies}{|!|, let's go!|, amazing!|, fantastic!|, wonderful!|, perfect!|, brilliant!|, excellent!|, outstanding!|, superb!|, great!|, nice!|, cool!|, sweet!|, awesome!|, love it!|, beautiful!|, gorgeous!|, stunning!|, breathtaking!|, phenomenal!|, extraordinary!|, remarkable!|, exceptional!|, impressive!|, striking!|, dramatic!|, powerful!|, magnificent!|, splendid!|, marvelous!|, terrific!|, superb!|, divine!|, heavenly!|, celestial!|, transcendent!|, sublime!|, perfect!|, flawless!|, impeccable!|, ideal!|, ultimate!|, supreme!|, paramount!|, unbeatable!|, unstoppable!|, incredible!|, unbelievable!|, astounding!|, mind-blowing!|, jaw-dropping!|, spectacular!|, epic!|, legendary!|, iconic!|, classic!|, timeless!|, eternal!|, infinite!|, boundless!|, limitless!|, endless!|, forever!|, always!|, never-ending!|, perpetual!|, constant!|, steady!|, solid!|, rock-solid!|, unshakeable!|, unbreakable!|, invincible!|, indestructible!|, immortal!|, everlasting!|, undying!|, living!|, vibrant!|, dynamic!|, energetic!|, lively!|, spirited!|, enthusiastic!|, passionate!|, fervent!|, zealous!|, dedicated!|, committed!|, devoted!|, loyal!|, faithful!|, true!|, real!|, authentic!|, genuine!|, legit!|, certified!|, proven!|, tested!|, verified!|, confirmed!|, validated!|, approved!|, endorsed!|, supported!|, backed!|, guaranteed!|, assured!|, certain!|, sure!|, positive!|, confident!|, secure!|, safe!|, protected!|, covered!|, sheltered!|, guarded!|, watched over!|, cared for!|, nurtured!|, cherished!|, treasured!|, valued!|, respected!|, admired!|, appreciated!|, recognized!|, acknowledged!|, celebrated!|, honored!|, praised!|, applauded!|, cheered!|, supported!|, embraced!|, welcomed!|, accepted!|, included!|, belonging!|, connected!|, united!|, joined!|, together!|, as one!|, in harmony!|, in sync!|, aligned!|, balanced!|, centered!|, grounded!|, rooted!|, established!|, settled!|, calm!|, peaceful!|, serene!|, tranquil!|, quiet!|, still!|, at ease!|, comfortable!|, relaxed!|, content!|, happy!|, joyful!|, delighted!|, thrilled!|, excited!|, elated!|, ecstatic!|, overjoyed!|, euphoric!|, blissful!|, radiant!|, glowing!|, shining!|, sparkling!|, dazzling!|, brilliant!|, bright!|, luminous!|, illuminated!|, enlightened!|, inspired!|, uplifted!|, elevated!|, empowered!|, strengthened!|, fortified!|, revitalized!|, renewed!|, refreshed!|, recharged!|, energized!|, activated!|, awakened!|, alive!|, thriving!|, flourishing!|, blooming!|, growing!|, expanding!|, developing!|, evolving!|, transforming!|, becoming!|, emerging!|, rising!|, ascending!|, climbing!|, reaching!|, achieving!|, succeeding!|, winning!|, triumphing!|, conquering!|, overcoming!|, mastering!|, perfecting!|, completing!|, fulfilling!|, realizing!|, manifesting!|, creating!|, building!|, making!|, doing!|, being!|, living!|, breathing!|, existing!|, present!|, here!|, now!|, always!|, forever!|, eternally!} \ No newline at end of file diff --git a/internal/honeypot/naive/naive.go b/internal/honeypot/naive/naive.go new file mode 100644 index 00000000..81fdd2bd --- /dev/null +++ b/internal/honeypot/naive/naive.go @@ -0,0 +1,206 @@ +package naive + +import ( + "context" + _ "embed" + "fmt" + "log/slog" + "math/rand/v2" + "net/http" + "time" + + "github.com/TecharoHQ/anubis/internal" + "github.com/TecharoHQ/anubis/internal/honeypot" + "github.com/TecharoHQ/anubis/lib/policy/checker" + "github.com/TecharoHQ/anubis/lib/store" + "github.com/a-h/templ" + "github.com/google/uuid" + "github.com/nikandfor/spintax" +) + +//go:generate go tool github.com/a-h/templ/cmd/templ generate + +// XXX(Xe): All of this was generated by ChatGPT, GLM 4.6, and GPT-OSS 120b. This is pseudoprofound bullshit in spintax[1] format so that the bullshit generator can emit plausibly human-authored text while being very computationally cheap. +// +// It feels somewhat poetic to use spammer technology in Anubis. +// +// [1]: https://outboundly.ai/blogs/what-is-spintax-and-how-to-use-it/ +// +//go:embed spintext.txt +var spintext string + +//go:embed titles.txt +var titles string + +//go:embed affirmations.txt +var affirmations string + +func New(st store.Interface, lg *slog.Logger) (*Impl, error) { + affirmation, err := spintax.Parse(affirmations) + if err != nil { + return nil, fmt.Errorf("can't parse affirmations: %w", err) + } + + body, err := spintax.Parse(spintext) + if err != nil { + return nil, fmt.Errorf("can't parse bodies: %w", err) + } + + title, err := spintax.Parse(titles) + if err != nil { + return nil, fmt.Errorf("can't parse titles: %w", err) + } + + lg.Debug("initialized basic bullshit generator", "affirmations", affirmation.Count(), "bodies", body.Count(), "titles", title.Count()) + + return &Impl{ + st: st, + infos: store.JSON[honeypot.Info]{Underlying: st, Prefix: "honeypot:info"}, + uaWeight: store.JSON[int]{Underlying: st, Prefix: "honeypot:user-agent"}, + networkWeight: store.JSON[int]{Underlying: st, Prefix: "honeypot:network"}, + affirmation: affirmation, + body: body, + title: title, + lg: lg.With("component", "honeypot/naive"), + }, nil +} + +type Impl struct { + st store.Interface + infos store.JSON[honeypot.Info] + uaWeight store.JSON[int] + networkWeight store.JSON[int] + lg *slog.Logger + + affirmation, body, title spintax.Spintax +} + +func (i *Impl) incrementUA(ctx context.Context, userAgent string) int { + result, _ := i.uaWeight.Get(ctx, internal.SHA256sum(userAgent)) + result++ + i.uaWeight.Set(ctx, internal.SHA256sum(userAgent), result, time.Hour) + return result +} + +func (i *Impl) incrementNetwork(ctx context.Context, network string) int { + result, _ := i.networkWeight.Get(ctx, internal.SHA256sum(network)) + result++ + i.networkWeight.Set(ctx, internal.SHA256sum(network), result, time.Hour) + return result +} + +func (i *Impl) CheckUA() checker.Impl { + return checker.Func(func(r *http.Request) (bool, error) { + result, _ := i.uaWeight.Get(r.Context(), internal.SHA256sum(r.UserAgent())) + if result >= 25 { + return true, nil + } + + return false, nil + }) +} + +func (i *Impl) CheckNetwork() checker.Impl { + return checker.Func(func(r *http.Request) (bool, error) { + result, _ := i.uaWeight.Get(r.Context(), internal.SHA256sum(r.UserAgent())) + if result >= 25 { + return true, nil + } + + return false, nil + }) +} + +func (i *Impl) Hash() string { + return internal.SHA256sum("naive honeypot") +} + +func (i *Impl) makeAffirmations() []string { + count := rand.IntN(5) + 1 + + var result []string + for j := 0; j < count; j++ { + result = append(result, i.affirmation.Spin()) + } + + return result +} + +func (i *Impl) makeSpins() []string { + count := rand.IntN(5) + 1 + + var result []string + for j := 0; j < count; j++ { + result = append(result, i.body.Spin()) + } + + return result +} + +func (i *Impl) makeTitle() string { + return i.title.Spin() +} + +func (i *Impl) ServeHTTP(w http.ResponseWriter, r *http.Request) { + t0 := time.Now() + lg := internal.GetRequestLogger(i.lg, r) + + id := r.PathValue("id") + if id == "" { + id = uuid.NewString() + } + + realIP, _ := internal.RealIP(r) + if !realIP.IsValid() { + lg.Error("the real IP is somehow invalid, bad middleware stack?") + http.Error(w, "The cake is a lie", http.StatusTeapot) + return + } + + network, ok := internal.ClampIP(realIP) + if !ok { + lg.Error("clampIP failed", "output", network, "ok", ok) + http.Error(w, "The cake is a lie", http.StatusTeapot) + return + } + + networkCount := i.incrementNetwork(r.Context(), network.String()) + uaCount := i.incrementUA(r.Context(), r.UserAgent()) + + stage := r.PathValue("stage") + + if stage == "init" { + lg.Debug("found new entrance point", "id", id, "stage", stage, "userAgent", r.UserAgent(), "clampedIP", network) + } else { + switch { + case networkCount%256 == 0, uaCount%256 == 0: + lg.Warn("found possible crawler", "id", id, "network", network) + } + } + + spins := i.makeSpins() + affirmations := i.makeAffirmations() + title := i.makeTitle() + + var links []link + for _, affirmation := range affirmations { + links = append(links, link{ + href: uuid.NewString(), + body: affirmation, + }) + } + + templ.Handler( + base(title, i.maze(spins, links)), + templ.WithStreaming(), + templ.WithStatus(http.StatusOK), + ).ServeHTTP(w, r) + + t1 := time.Since(t0) + honeypot.Timings.WithLabelValues("naive").Observe(float64(t1.Milliseconds())) +} + +type link struct { + href string + body string +} diff --git a/internal/honeypot/naive/page.templ b/internal/honeypot/naive/page.templ new file mode 100644 index 00000000..eb3ccec4 --- /dev/null +++ b/internal/honeypot/naive/page.templ @@ -0,0 +1,36 @@ +package naive + +import "fmt" + +templ base(title string, body templ.Component) { + + + + + { title } + + +

{ title }

+ @body + + +} + +templ (i Impl) maze(body []string, links []link) { + for _, paragraph := range body { +

{ paragraph }

+ } + +} diff --git a/internal/honeypot/naive/page_templ.go b/internal/honeypot/naive/page_templ.go new file mode 100644 index 00000000..0554b1f5 --- /dev/null +++ b/internal/honeypot/naive/page_templ.go @@ -0,0 +1,160 @@ +// Code generated by templ - DO NOT EDIT. + +// templ: version: v0.3.960 +package naive + +//lint:file-ignore SA4006 This context is only used if a nested component is present. + +import "github.com/a-h/templ" +import templruntime "github.com/a-h/templ/runtime" + +import "fmt" + +func base(title string, body templ.Component) templ.Component { + return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) { + templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context + if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil { + return templ_7745c5c3_CtxErr + } + templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W) + if !templ_7745c5c3_IsBuffer { + defer func() { + templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer) + if templ_7745c5c3_Err == nil { + templ_7745c5c3_Err = templ_7745c5c3_BufErr + } + }() + } + ctx = templ.InitializeContext(ctx) + templ_7745c5c3_Var1 := templ.GetChildren(ctx) + if templ_7745c5c3_Var1 == nil { + templ_7745c5c3_Var1 = templ.NopComponent + } + ctx = templ.ClearChildren(ctx) + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 1, "") + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + var templ_7745c5c3_Var2 string + templ_7745c5c3_Var2, templ_7745c5c3_Err = templ.JoinStringErrs(title) + if templ_7745c5c3_Err != nil { + return templ.Error{Err: templ_7745c5c3_Err, FileName: `page.templ`, Line: 18, Col: 17} + } + _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var2)) + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 2, "

") + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + var templ_7745c5c3_Var3 string + templ_7745c5c3_Var3, templ_7745c5c3_Err = templ.JoinStringErrs(title) + if templ_7745c5c3_Err != nil { + return templ.Error{Err: templ_7745c5c3_Err, FileName: `page.templ`, Line: 21, Col: 14} + } + _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var3)) + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 3, "

") + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + templ_7745c5c3_Err = body.Render(ctx, templ_7745c5c3_Buffer) + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 4, "") + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + return nil + }) +} + +func (i Impl) maze(body []string, links []link) templ.Component { + return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) { + templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context + if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil { + return templ_7745c5c3_CtxErr + } + templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W) + if !templ_7745c5c3_IsBuffer { + defer func() { + templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer) + if templ_7745c5c3_Err == nil { + templ_7745c5c3_Err = templ_7745c5c3_BufErr + } + }() + } + ctx = templ.InitializeContext(ctx) + templ_7745c5c3_Var4 := templ.GetChildren(ctx) + if templ_7745c5c3_Var4 == nil { + templ_7745c5c3_Var4 = templ.NopComponent + } + ctx = templ.ClearChildren(ctx) + for _, paragraph := range body { + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 5, "

") + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + var templ_7745c5c3_Var5 string + templ_7745c5c3_Var5, templ_7745c5c3_Err = templ.JoinStringErrs(paragraph) + if templ_7745c5c3_Err != nil { + return templ.Error{Err: templ_7745c5c3_Err, FileName: `page.templ`, Line: 29, Col: 16} + } + _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var5)) + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 6, "

") + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + } + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 7, "") + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + return nil + }) +} + +var _ = templruntime.GeneratedTemplate diff --git a/internal/honeypot/naive/spintext.txt b/internal/honeypot/naive/spintext.txt new file mode 100644 index 00000000..0b06e58b --- /dev/null +++ b/internal/honeypot/naive/spintext.txt @@ -0,0 +1 @@ +{There's a moment|At some point|In this season|Right now|If we're being honest} when {leaders|builders|creators|change-makers|visionaries} {realize|begin to realize|are being called to realize} that {the work|the mission|the journey|the evolution} {isn't just about|was never just about|can't be reduced to} {execution|scaling|optimization|velocity|results}, but about {presence|intention|alignment|resonance|energy}. {We don't scale|We don't innovate|We don't transform} {systems|products|teams|communities|ideas} by {pushing harder|moving faster|doing more|grinding endlessly}, we do it by {creating space|holding the vision|listening deeply|leading with empathy|operating from clarity}. Because {impact|growth|momentum|trust|meaning} {isn't manufactured|can't be forced|doesn't come from hustle}, it {emerges organically|compounds quietly|unfolds over time|flows naturally} when {values|purpose|strategy|people|culture} are {in integrity|deeply aligned|moving in the same direction|rooted in truth}. {We're witnessing|We're living through|We're being invited into|This moment represents} a {paradigm shift|recalibration|collective awakening|fundamental reimagining} in how {we think about|we relate to|we show up for} {work|leadership|innovation|value creation}. This {isn't a trend|isn't a tactic|isn't a framework}, it's a {felt experience|lived truth|deeper knowing|shared frequency} that {requires|demands|asks of us} {courage|presence|intentionality|emotional fluency}. When we {slow down|get honest|create space|center ourselves}, we {unlock|activate|surface|make room for} {new possibilities|emergent outcomes|nonlinear growth|unseen leverage} that {can't be measured|don't show up in dashboards|defy traditional KPIs}, but {change everything|move the needle where it matters|redefine success anyway}. As {AI accelerates|systems become autonomous|the pace of change compounds}, the real {differentiator|competitive advantage|edge} won't be {speed|scale|automation}, but {discernment|human-centered design|ethical intentionality|values-led decision making}. The future {belongs to|is shaped by|will reward} those who can {hold complexity|navigate ambiguity|lead with nuance} while {staying grounded|remaining adaptable|operating from purpose}. In reflecting on {recent events|the last few weeks|this experience}, it's clear that {we moved fast|we optimized prematurely|we prioritized execution} without fully {honoring the process|listening deeply|bringing everyone along}. Going forward, we're committed to {doing the work|rebuilding trust|showing up differently} by {leading with transparency|centering our values|taking a more holistic approach}. This is {not the end|just the beginning|part of the journey}. {In the sacred space|Within the circle|As the moon waxes|During the rite} {when|as} {initiates|adepts|seekers|practitioners|neophytes} {awaken|begin to awaken|are called to awaken|ascend|initiate} to {the mysteries|the ancient wisdom|the hidden truths|the arcane arts|the sacred teachings}, they {discover|uncover|reveal|realize|attain} that {magick|the craft|ritual work|spiritual practice|the great work} {isn't just about|was never just about|can't be reduced to|transcends} {spells|incantations|ceremonies|tools|rituals}, but {about|through|via} {intention|will|consciousness|spiritual alignment|true will|divine purpose}. {We don't invoke|We don't channel|We don't transform|We cannot manifest} {energy|consciousness|reality|spiritual forces|divine power|cosmic energy} through {rote memorization|empty gestures|meaningless rituals|hollow words|dead forms}, but {achieve|attain|accomplish|realize} it {through|via|by means of} {focused intention|spiritual discipline|inner work|divine connection|sacred silence|meditative focus}. {True power|Real magick|Authentic wisdom|Sacred knowledge|Divine gnosis} {cannot be forced|cannot be bought|cannot be faked|cannot be manufactured|resists coercion}, it {unfolds naturally|emerges through practice|awakens within|manifests organically|blossoms in due season} when {mind|body|spirit|will|soul|heart} are {in harmony|deeply aligned|moving as one|connected to source|in resonance|unified}. {We are witnessing|We are experiencing|This is the dawn of|The age of} a {great awakening|spiritual revolution|paradigm shift|new aeon|cosmic alignment|quantum leap} in how {humanity perceives|we understand|we connect with|consciousness relates to} {the divine|universal consciousness|higher realms|spiritual realities|source energy|the absolute}, {transcending|going beyond|surpassing} {philosophy|religion|metaphysics|dogma|doctrine} into {lived experience|direct gnosis|personal revelation|sacred knowing|intimate understanding|embodied wisdom} that {requires|demands|invites|necessitates} {devotion|discipline|spiritual courage|inner purification|unwavering commitment|radical honesty}. When we {enter trance|quiet the mind|open ourselves|still the thoughts|cross the threshold|journey within}, we {access|connect with|attune to|commune with|perceive} {higher dimensions|spiritual realms|the akashic records|divine wisdom|the celestial planes|the inner worlds} that {transcend ordinary perception|defy rational explanation|exist beyond the veil|surpass linear understanding|operate beyond time}, yet {transform our understanding|reshape our reality|expand our consciousness|illuminate our path|reconfigure our perception|realign our being}. As {the veil thins|consciousness evolves|spiritual acceleration increases|the new age dawns|humanity ascends}, the real {power|gift|ability|mastery|sovereignty} isn't {in the tools|in the books|in the rituals|in the techniques|in the methods}, but in {the intention behind them|the purity of heart|the clarity of purpose|the depth of devotion|the sincerity of soul|the authenticity of spirit}. The future {reveals|unfolds|manifests|emerges|dawns} for those who can {navigate the unseen|walk between worlds|hold paradox|embrace mystery|dance with ambiguity|soar above duality} while {remaining grounded|staying centered|keeping their feet on earth|maintaining balance|honoring form|respecting structure}. {Through meditation|In ritual|By studying the grimoires|During communion|Via sacred practice|Through inner work}, it {becomes clear|is revealed|is understood|dawns upon us|manifests as truth} that {true wisdom|spiritual power|magical ability|authentic knowledge|real attainment} {comes not from|arises not from|originates not in} {external sources|mere study|intellectual knowledge|outer teachings|second-hand wisdom} but {from|through|via} {inner awakening|direct experience|spiritual practice|personal gnosis|embodied realization|soulful communion}. The path forward {requires dedication|demands sacrifice|calls for commitment|necessitates devotion|asks for discipline|invokes perseverance} through {daily practice|spiritual discipline|consistent devotion|ritual purity|sacred routine|holy observance}, {leading to|culminating in|resulting in} {ultimate liberation|final union|complete awakening|full realization|perfect illumination}. {The work continues|The path unfolds|The journey never ends|The spiral ascends|The evolution persists|The transformation deepens}. \ No newline at end of file diff --git a/internal/honeypot/naive/titles.txt b/internal/honeypot/naive/titles.txt new file mode 100644 index 00000000..ff1b88b5 --- /dev/null +++ b/internal/honeypot/naive/titles.txt @@ -0,0 +1 @@ +{{The|A|This} {Future|Next|New|Coming|Emerging} {Paradigm|Reality|Era|Age|World} {of|for|in} {AI|Artificial Intelligence|Machine Learning|Automation|Technology|Innovation} | {Building|Creating|Designing|Developing|Crafting} {Sustainable|Scalable|Robust|Resilient|Future-Proof} {Systems|Platforms|Solutions|Architectures|Frameworks} | {The|Our|Your} {Journey|Path|Road|Quest|Voyage} {to|toward|towards} {Digital|Technological|Business|Organizational} {Transformation|Evolution|Revolution|Mastery} | {Unlocking|Harnessing|Activating|Unleashing|Channeling} {Human|Collective|Team|Organizational} {Potential|Capacity|Capability|Power|Genius} | {Beyond|Past|Moving Beyond|Transcending} {Limits|Boundaries|Constraints|Barriers|Horizons}: {New|Fresh|Innovative|Revolutionary} {Perspectives|Approaches|Solutions|Strategies} | {The|This|Our} {Age|Era|Time|Period} {of|for|in} {Conscious|Aware|Mindful|Intentional} {Leadership|Business|Strategy|Innovation} | {Sacred|Ancient|Esoteric|Mystical} {Wisdom|Knowledge|Teachings|Mysteries} {for|in|to} {Modern|Contemporary|Today's} {Life|Business|Leadership|Success} | {Quantum|Cosmic|Universal|Divine} {Shift|Evolution|Transformation|Awakening} {in|of|for} {Consciousness|Awareness|Perception|Reality} | {The|A|This} {Great|Profound|Fundamental|Deep} {Reset|Recalibration|Realignment|Restructuring} {of|for|in} {Everything|All Things|Reality|Systems} | {Embracing|Integrating|Honoring|Welcoming} {Chaos|Uncertainty|Complexity|Ambiguity|Paradox} {as|for} {Growth|Evolution|Transformation|Innovation} | {The|This|Our} {Alchemy|Magic|Art|Science} {of|for|in} {Transformation|Change|Evolution|Metamorphosis} {and|&} {Creation|Manifestation|Innovation} | {Resilient|Adaptive|Flexible|Agile|Dynamic} {Mindsets|Mental Models|Paradigms|Frameworks} {for|in|to} {Uncertain|Complex|Volatile|Rapidly-Changing} {Times|Environments|Worlds} | {The|Our|Your} {Collective|Shared|Unified|Common} {Vision|Dream|Future|Destiny}: {Co-creating|Building|Designing|Manifesting} {Tomorrow|The Future|What's Next} | {Sovereign|Authentic|True|Real} {Self|Identity|Being|Expression} {in|during|through} {Times|Ages|Eras} {of|for|in} {Change|Transition|Transformation|Awakening} | {The|This|Our} {Return|Homecoming|Journey Back|Restoration} {to|towards|for} {Wholeness|Unity|Integration|Balance} {and|&} {Harmony|Peace|Alignment|Flow} | {Infinite|Limitless|Boundless|Unlimited} {Potential|Possibility|Capacity|Power} {Within|Inside|of} {You|Us|Every Being|Consciousness} | {Riding|Navigating|Mastering|Surfing} {Waves|Currents|Tides|Flows} {of|for|in} {Change|Evolution|Transformation|Progress} | {The|This|Our} {Sacred|Holy|Divine} {Dance|Play|Game|Journey} {of|for|in} {Creation|Manifestation|Evolution|Existence} | {Awakening|Remembering|Rediscovering|Uncovering} {Ancient|Primordial|Original|True} {Wisdom|Knowledge|Truth|Teachings} {for|in|to} {Modern Life|Today|Now} | {The|This|Our} {Bridge|Portal|Gateway|Threshold} {Between|Betwixt|Connecting} {Worlds|Realities|Dimensions|Eras} {and|&} {Possibilities|Potentials|Futures} | {Cosmic|Universal|Galactic|Celestial} {Alignment|Convergence|Synchronization|Harmony} {for|in|to|during|through} {Planetary|Global|Universal|Collective} {Awakening|Evolution|Transformation} | {The|This|Our} {Emergence|Arising|Birthing|Becoming} {into|as|through|for} {New|Next|Higher|Evolved} {States|Levels|Dimensions|Realms} {of|for|in} {Consciousness|Awareness|Being|Existence} | {The|This|Our} {Quantum|Paradigm|Reality|Fundamental} {Shift|Change|Leap|Transition}: {Reimagining|Rethinking|Reinventing|Transforming} {Everything|All Things|Reality|Possibility} | {Harmonizing|Balancing|Integrating|Unifying} {Masculine|Feminine|Yin|Yang|Dual} {and|&} {Feminine|Masculine|Yang|Yin|Non-Dual}: {The|This|Our} {Sacred|Divine|Holy|Mystical} {Union|Marriage|Integration|Wholeness} | {The|This|Our} {Path|Way|Journey|Quest} {of|for|in} {Heart|Love|Compassion|Service}: {Living|Being|Existing|Creating} {from|through|with} {Soul|Spirit|Essence|Core} | {Revolutionary|Paradigm-Shifting|Game-Changing|Transformative|Evolutionary} {Ideas|Concepts|Frameworks|Models} {for|in|to|during|through} {Tomorrow's|The Future|Next-Generation|Emerging} {World|Reality|Era|Age} | {The|This|Our} {Great|Profound|Fundamental|Momentous} {Work|Task|Mission|Purpose}: {Becoming|Evolving|Transforming|Ascending} {into|as|through|for} {Who|What|How} {We|You|One|Consciousness} {Truly|Really|Authentically|Essentially} {Are|Is|Can Be|Could Be} | {The|This|Our} {Alchemy|Magic|Art|Science} {of|for|in} {Turning|Transforming|Converting|Transmuting} {Lead|Challenges|Limitations|Darkness|Shadow} {into|to|as} {Gold|Wisdom|Strength|Light|Gifts} | {The|This|Our} {Return|Journey|Quest|Path} {to|toward|for|in} {Source|Origin|Beginning|Essence}: {Remembering|Rediscovering|Reclaiming|Awakening to} {Who|What|Why|How} {We|You|All|Consciousness} {Truly|Really|Essentially|Fundamentally} {Are|Is|Exists|Can Be} | {The|This|Our} {Sacred|Holy|Divine|Blessed} {Contract|Agreement|Promise|Covenant}: {Living|Fulfilling|Embodying|Realizing} {Your|Our|The|Universal} {Purpose|Mission|Destiny|Calling|Dharma} | {The|This|Our} {Age|Era|Time|Period} {of|for|in} {Miracles|Wonder|Magic|Mystery|Enchantment}: {Embracing|Welcoming|Celebrating|Honoring} {The|This|Our|All|Every} {Impossible|Unbelievable|Extraordinary|Supernatural} {Becoming|Becomes|Becoming Real|Manifesting} | {The|This|Our} {Revolution|Evolution|Transformation|Awakening} {of|for|in} {Consciousness|Awareness|Perception|Reality}: {Creating|Designing|Building|Manifesting} {New|Fresh|Innovative|Paradigm-Shifting} {Worlds|Realities|Futures|Possibilities} | {The|This|Our} {Journey|Path|Quest|Adventure} {Home|Back|Return|Homecoming} {to|toward|for|in} {Unity|Oneness|Wholeness|Integration|Love} {and|&} {Belonging|Connection|Relationship|Communion}} \ No newline at end of file diff --git a/lib/config.go b/lib/config.go index 2d8ac18b..cb98e8a0 100644 --- a/lib/config.go +++ b/lib/config.go @@ -16,6 +16,7 @@ import ( "github.com/TecharoHQ/anubis" "github.com/TecharoHQ/anubis/data" "github.com/TecharoHQ/anubis/internal" + "github.com/TecharoHQ/anubis/internal/honeypot/naive" "github.com/TecharoHQ/anubis/internal/ogtags" "github.com/TecharoHQ/anubis/lib/challenge" "github.com/TecharoHQ/anubis/lib/config" @@ -175,6 +176,33 @@ func New(opts Options) (*Server, error) { registerWithPrefix(anubis.APIPrefix+"check", http.HandlerFunc(result.maybeReverseProxyHttpStatusOnly), "") registerWithPrefix("/", http.HandlerFunc(result.maybeReverseProxyOrPage), "") + mazeGen, err := naive.New(result.store, result.logger) + if err == nil { + registerWithPrefix(anubis.APIPrefix+"honeypot/{id}/{stage}", mazeGen, http.MethodGet) + + opts.Policy.Bots = append( + opts.Policy.Bots, + policy.Bot{ + Rules: mazeGen.CheckNetwork(), + Action: config.RuleWeigh, + Weight: &config.Weight{ + Adjust: 30, + }, + Name: "honeypot/network", + }, + policy.Bot{ + Rules: mazeGen.CheckUA(), + Action: config.RuleWeigh, + Weight: &config.Weight{ + Adjust: 30, + }, + Name: "honeypot/user-agent", + }, + ) + } else { + result.logger.Error("can't init honeypot subsystem", "err", err) + } + //goland:noinspection GoBoolExpressions if anubis.Version == "devel" { // make-challenge is only used in tests. Only enable while version is devel diff --git a/lib/policy/checker/checker.go b/lib/policy/checker/checker.go index 31551cd9..8163b96a 100644 --- a/lib/policy/checker/checker.go +++ b/lib/policy/checker/checker.go @@ -14,6 +14,14 @@ type Impl interface { Hash() string } +type Func func(*http.Request) (bool, error) + +func (f Func) Check(r *http.Request) (bool, error) { + return f(r) +} + +func (f Func) Hash() string { return internal.FastHash(fmt.Sprintf("%#v", f)) } + type List []Impl // Check runs each checker in the list against the request. diff --git a/test/go.mod b/test/go.mod index 8e6c7f3d..c7f4db16 100644 --- a/test/go.mod +++ b/test/go.mod @@ -66,6 +66,7 @@ require ( github.com/moby/sys/atomicwriter v0.1.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/nicksnyder/go-i18n/v2 v2.6.0 // indirect + github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/test/go.sum b/test/go.sum index 8cca9c24..bbaf2b80 100644 --- a/test/go.sum +++ b/test/go.sum @@ -172,6 +172,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/nicksnyder/go-i18n/v2 v2.6.0 h1:C/m2NNWNiTB6SK4Ao8df5EWm3JETSTIGNXBpMJTxzxQ= github.com/nicksnyder/go-i18n/v2 v2.6.0/go.mod h1:88sRqr0C6OPyJn0/KRNaEz1uWorjxIKP7rUUcvycecE= +github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3 h1:foZ9X1bz2KmW7b8Yx5V0LAQKhTazdllv5rnGUe6iGTY= +github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3/go.mod h1:wwDYKfVF3WHdY0rugsAZoIpyQjDA3bn9wEzo/QXPx1Y= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= diff --git a/web/index.go b/web/index.go index 6ff90527..6220d2ec 100644 --- a/web/index.go +++ b/web/index.go @@ -1,6 +1,10 @@ package web import ( + "context" + "fmt" + "io" + "github.com/a-h/templ" "github.com/TecharoHQ/anubis/lib/challenge" @@ -29,3 +33,10 @@ func ErrorPage(msg, mail, code string, localizer *localization.SimpleLocalizer) func Bench(localizer *localization.SimpleLocalizer) templ.Component { return bench(localizer) } + +func honeypotLink(href string) templ.Component { + return templ.ComponentFunc(func(ctx context.Context, w io.Writer) error { + fmt.Fprintf(w, ``, href) + return nil + }) +} diff --git a/web/index.templ b/web/index.templ index a6752fab..181262ae 100644 --- a/web/index.templ +++ b/web/index.templ @@ -6,6 +6,7 @@ import ( "github.com/TecharoHQ/anubis/lib/config" "github.com/TecharoHQ/anubis/lib/localization" "github.com/TecharoHQ/anubis/xess" + "github.com/google/uuid" ) templ base(title string, body templ.Component, impressum *config.Impressum, challenge any, ogTags map[string]string, localizer *localization.SimpleLocalizer) { @@ -63,6 +64,7 @@ templ base(title string, body templ.Component, impressum *config.Impressum, chal @templ.JSONScript("anubis_public_url", anubis.PublicUrl) + @honeypotLink(fmt.Sprintf("%shoneypot/%s/init", anubis.APIPrefix, uuid.NewString()))

{ title }

@body diff --git a/web/index_templ.go b/web/index_templ.go index 71a70064..94d3702c 100644 --- a/web/index_templ.go +++ b/web/index_templ.go @@ -14,6 +14,7 @@ import ( "github.com/TecharoHQ/anubis/lib/config" "github.com/TecharoHQ/anubis/lib/localization" "github.com/TecharoHQ/anubis/xess" + "github.com/google/uuid" ) func base(title string, body templ.Component, impressum *config.Impressum, challenge any, ogTags map[string]string, localizer *localization.SimpleLocalizer) templ.Component { @@ -44,7 +45,7 @@ func base(title string, body templ.Component, impressum *config.Impressum, chall var templ_7745c5c3_Var2 string templ_7745c5c3_Var2, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.GetLang()) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 13, Col: 33} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 14, Col: 33} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var2)) if templ_7745c5c3_Err != nil { @@ -57,7 +58,7 @@ func base(title string, body templ.Component, impressum *config.Impressum, chall var templ_7745c5c3_Var3 string templ_7745c5c3_Var3, templ_7745c5c3_Err = templ.JoinStringErrs(title) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 15, Col: 17} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 16, Col: 17} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var3)) if templ_7745c5c3_Err != nil { @@ -70,7 +71,7 @@ func base(title string, body templ.Component, impressum *config.Impressum, chall var templ_7745c5c3_Var4 templ.SafeURL templ_7745c5c3_Var4, templ_7745c5c3_Err = templ.JoinURLErrs(anubis.BasePrefix + xess.URL) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 16, Col: 61} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 17, Col: 61} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var4)) if templ_7745c5c3_Err != nil { @@ -88,7 +89,7 @@ func base(title string, body templ.Component, impressum *config.Impressum, chall var templ_7745c5c3_Var5 string templ_7745c5c3_Var5, templ_7745c5c3_Err = templ.JoinStringErrs(key) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 20, Col: 24} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 21, Col: 24} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var5)) if templ_7745c5c3_Err != nil { @@ -101,7 +102,7 @@ func base(title string, body templ.Component, impressum *config.Impressum, chall var templ_7745c5c3_Var6 string templ_7745c5c3_Var6, templ_7745c5c3_Err = templ.JoinStringErrs(value) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 20, Col: 42} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 21, Col: 42} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var6)) if templ_7745c5c3_Err != nil { @@ -132,20 +133,28 @@ func base(title string, body templ.Component, impressum *config.Impressum, chall if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 9, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 9, "") + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + templ_7745c5c3_Err = honeypotLink(fmt.Sprintf("%shoneypot/%s/init", anubis.APIPrefix, uuid.NewString())).Render(ctx, templ_7745c5c3_Buffer) + if templ_7745c5c3_Err != nil { + return templ_7745c5c3_Err + } + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 10, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var7 string templ_7745c5c3_Var7, templ_7745c5c3_Err = templ.JoinStringErrs(title) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 67, Col: 47} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 69, Col: 47} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var7)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 10, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 11, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } @@ -153,77 +162,77 @@ func base(title string, body templ.Component, impressum *config.Impressum, chall if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 11, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 12, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var8 string templ_7745c5c3_Var8, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("protected_by")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 72, Col: 36} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 74, Col: 36} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var8)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 12, " Anubis ") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 13, " Anubis ") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var9 string templ_7745c5c3_Var9, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("protected_from")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 72, Col: 127} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 74, Col: 127} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var9)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 13, " Techaro. ") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 14, " Techaro. ") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var10 string templ_7745c5c3_Var10, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("made_with")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 74, Col: 40} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 76, Col: 40} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var10)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 14, ".

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 15, ".

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var11 string templ_7745c5c3_Var11, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("mascot_design")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 76, Col: 39} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 78, Col: 39} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var11)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 15, " ") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 16, " ") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var12 string templ_7745c5c3_Var12, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("celphase")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 76, Col: 123} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 78, Col: 123} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var12)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 16, ".

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 17, ".

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } if impressum != nil { - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 17, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 18, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } @@ -231,51 +240,51 @@ func base(title string, body templ.Component, impressum *config.Impressum, chall if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 18, "-- Imprint

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 20, "\">Imprint

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 20, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 21, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var14 string templ_7745c5c3_Var14, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("version_info")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 83, Col: 38} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 85, Col: 38} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var14)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 21, " ") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 22, " ") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var15 string templ_7745c5c3_Var15, templ_7745c5c3_Err = templ.JoinStringErrs(anubis.Version) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 83, Col: 63} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 85, Col: 63} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var15)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 22, ".

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 23, ".

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } @@ -304,132 +313,132 @@ func errorPage(message, mail, code string, localizer *localization.SimpleLocaliz templ_7745c5c3_Var16 = templ.NopComponent } ctx = templ.ClearChildren(ctx) - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 23, "
\"Sad\"Sad

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 25, "\">

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var18 string templ_7745c5c3_Var18, templ_7745c5c3_Err = templ.JoinStringErrs(message) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 94, Col: 14} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 96, Col: 14} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var18)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 25, ".

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 26, ".

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } if code != "" { - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 26, "
")
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 27, "
")
 			if templ_7745c5c3_Err != nil {
 				return templ_7745c5c3_Err
 			}
 			var templ_7745c5c3_Var19 string
 			templ_7745c5c3_Var19, templ_7745c5c3_Err = templ.JoinStringErrs(code)
 			if templ_7745c5c3_Err != nil {
-				return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 96, Col: 20}
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 98, Col: 20}
 			}
 			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var19))
 			if templ_7745c5c3_Err != nil {
 				return templ_7745c5c3_Err
 			}
-			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 27, "
 ")
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 28, "
 ") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } } if mail != "" { - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 28, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 29, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var20 string templ_7745c5c3_Var20, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("go_home")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 100, Col: 40} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 102, Col: 40} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var20)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 29, " ") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 30, " ") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var21 string templ_7745c5c3_Var21, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("contact_webmaster")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 100, Col: 81} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 102, Col: 81} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var21)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 30, " ") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 32, "\">") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var23 string templ_7745c5c3_Var23, templ_7745c5c3_Err = templ.JoinStringErrs(mail) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 102, Col: 11} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 104, Col: 11} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var23)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 32, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 33, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } } else { - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 33, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 34, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var24 string templ_7745c5c3_Var24, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("go_home")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 106, Col: 42} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 108, Col: 42} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var24)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 34, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 35, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 35, "
") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 36, "") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } @@ -458,7 +467,7 @@ func StaticHappy(localizer *localization.SimpleLocalizer) templ.Component { templ_7745c5c3_Var25 = templ.NopComponent } ctx = templ.ClearChildren(ctx) - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 36, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 38, "\">

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var27 string templ_7745c5c3_Var27, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("static_check_endpoint")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 119, Col: 43} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 121, Col: 43} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var27)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 38, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 39, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } @@ -514,176 +523,176 @@ func bench(localizer *localization.SimpleLocalizer) templ.Component { templ_7745c5c3_Var28 = templ.NopComponent } ctx = templ.ClearChildren(ctx) - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 39, "
") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 40, "
") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var29 string templ_7745c5c3_Var29, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("time")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 130, Col: 51} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 132, Col: 51} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var29)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 40, "") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 41, "") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var30 string templ_7745c5c3_Var30, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("iters")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 131, Col: 50} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 133, Col: 50} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var30)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 41, "
") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 42, "
") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var31 string templ_7745c5c3_Var31, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("time_a")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 134, Col: 53} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 136, Col: 53} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var31)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 42, "") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 43, "") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var32 string templ_7745c5c3_Var32, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("iters_a")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 135, Col: 52} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 137, Col: 52} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var32)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 43, "") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 44, "") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var33 string templ_7745c5c3_Var33, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("time_b")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 136, Col: 53} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 138, Col: 53} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var33)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 44, "") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 45, "") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var34 string templ_7745c5c3_Var34, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("iters_b")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 137, Col: 52} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 139, Col: 52} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var34)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 45, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 47, "\">

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var36 string templ_7745c5c3_Var36, templ_7745c5c3_Err = templ.JoinStringErrs(localizer.T("loading")) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 147, Col: 66} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 149, Col: 66} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var36)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 47, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 53, " ") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } From 40afc13d7f6968c6cf7a70989137ac59adcc953f Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Tue, 16 Dec 2025 04:32:45 -0500 Subject: [PATCH 05/24] fix(honeypot/naive): implement better IP parsing logic Signed-off-by: Xe Iaso --- internal/headers.go | 3 +++ internal/honeypot/naive/naive.go | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/internal/headers.go b/internal/headers.go index 045f636a..5293cfbd 100644 --- a/internal/headers.go +++ b/internal/headers.go @@ -100,6 +100,9 @@ func XForwardedForToXRealIP(next http.Handler) http.Handler { ip := xff.Parse(xffHeader) slog.Debug("setting X-Real-Ip from X-Forwarded-For", "to", ip, "x-forwarded-for", xffHeader) r.Header.Set("X-Real-Ip", ip) + if addr, err := netip.ParseAddr(ip); err == nil { + r = r.WithContext(context.WithValue(r.Context(), realIPKey{}, addr)) + } } next.ServeHTTP(w, r) diff --git a/internal/honeypot/naive/naive.go b/internal/honeypot/naive/naive.go index 81fdd2bd..c6cf2424 100644 --- a/internal/honeypot/naive/naive.go +++ b/internal/honeypot/naive/naive.go @@ -6,7 +6,9 @@ import ( "fmt" "log/slog" "math/rand/v2" + "net" "net/http" + "net/netip" "time" "github.com/TecharoHQ/anubis/internal" @@ -152,9 +154,8 @@ func (i *Impl) ServeHTTP(w http.ResponseWriter, r *http.Request) { realIP, _ := internal.RealIP(r) if !realIP.IsValid() { - lg.Error("the real IP is somehow invalid, bad middleware stack?") - http.Error(w, "The cake is a lie", http.StatusTeapot) - return + host, _, _ := net.SplitHostPort(r.RemoteAddr) + realIP = netip.MustParseAddr(host) } network, ok := internal.ClampIP(realIP) From ba8a1b7caf833014bcd604fa61221ec7708bb7e3 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Tue, 16 Dec 2025 04:44:59 -0500 Subject: [PATCH 06/24] fix(honeypot/naive): right, we want the client IP, not the load balancer IP Signed-off-by: Xe Iaso --- internal/honeypot/naive/naive.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/internal/honeypot/naive/naive.go b/internal/honeypot/naive/naive.go index c6cf2424..f62f4ef8 100644 --- a/internal/honeypot/naive/naive.go +++ b/internal/honeypot/naive/naive.go @@ -6,7 +6,6 @@ import ( "fmt" "log/slog" "math/rand/v2" - "net" "net/http" "net/netip" "time" @@ -154,8 +153,7 @@ func (i *Impl) ServeHTTP(w http.ResponseWriter, r *http.Request) { realIP, _ := internal.RealIP(r) if !realIP.IsValid() { - host, _, _ := net.SplitHostPort(r.RemoteAddr) - realIP = netip.MustParseAddr(host) + realIP = netip.MustParseAddr(r.Header.Get("X-Real-Ip")) } network, ok := internal.ClampIP(realIP) From 535ed74b17c809ef9e96f3027a5a4d4b10292158 Mon Sep 17 00:00:00 2001 From: Michael <87752300+michi-onl@users.noreply.github.com> Date: Fri, 19 Dec 2025 01:29:49 +0100 Subject: [PATCH 07/24] i18n(de): improve consistency and wording (#1348) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Use consistent informal address (fix simplified_explanation) - Translate "protected_from" ("From" → "Von") - Standardize "Webseite" → "Website" - Use more natural phrasing: - "Berechnung wird durchgeführt" → "Berechnung läuft" - "Zur Hauptseite" → "Zur Startseite" - Replace awkward "sozialen Vertrag" phrasing - "Fingerabdruckerkennung" → "Browser-Fingerprinting" (more common) - Improve sentence structure and punctuation Signed-off-by: Michael <87752300+michi-onl@users.noreply.github.com> --- lib/localization/locales/de.json | 66 ++++++++++++++++---------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/lib/localization/locales/de.json b/lib/localization/locales/de.json index cf47ae35..c539c354 100644 --- a/lib/localization/locales/de.json +++ b/lib/localization/locales/de.json @@ -2,20 +2,21 @@ "loading": "Ladevorgang...", "why_am_i_seeing": "Warum sehe ich diese Seite?", "protected_by": "Geschützt durch", - "protected_from": "From", - "made_with": "Mit ❤️ gemacht in 🇨🇦", + "protected_from": "Von", + "made_with": "Mit ❤️ entwickelt in 🇨🇦", "mascot_design": "Maskottchen erstellt von", - "ai_companies_explanation": "Diese Seite wird angezeigt, da der Betreiber der Webseite Anubis eingerichtet hat, um sie vor aggressiven KI-Website-Scrapern zu schützen. Diese können Ausfälle der Webseite verursachen, wodurch die Webseite für niemanden erreichbar ist.", - "anubis_compromise": "Anubis stellt einen Kompromiss dar. Es verwendet eine Proof-of-Work-Methode nach Hashcash, die ursprünglich zur Bekämpfung von E-Mail-Spam entwickelt wurde. Die Idee dahinter ist, dass ein legitimer Besucher die Webseite mit einer vernachlässigbaren Verzögerung erreichen kann. Massenhaftes Scraping wird dadurch jedoch aufwändig und teuer.", - "hack_purpose": "Letztendlich ist dies eine Platzhalterlösung, damit mehr Zeit für die Fingerabdruckerkennung und Identifizierung von Headless-Browsern (z. B. anhand ihrer Schriftwiedergabe) aufgewendet werden kann, sodass die Proof-of-Work-Seite nicht Benutzern präsentiert werden muss, die viel wahrscheinlicher legitim sind.", - "jshelter_note": "Anubis benötigt moderne JavaScript-Features, welche von Plugins wie JShelter deaktiviert werden. Bitte deaktiviere JShelter oder ähnliche Plugins für diese Domain.", - "version_info": "Diese Webseite läuft mit der Anubis-Version", + "ai_companies_explanation": "Diese Seite wird angezeigt, da der Betreiber der Website Anubis eingerichtet hat, um sie vor aggressiven Webcrawlern von KI-Unternehmen zu schützen. Diese können Ausfälle verursachen, wodurch die Website für niemanden erreichbar ist.", + "anubis_compromise": "Anubis stellt einen Kompromiss dar. Es verwendet eine Proof-of-Work-Methode nach dem Hashcash-Prinzip, das ursprünglich zur Bekämpfung von E-Mail-Spam entwickelt wurde. Die Idee dahinter: Für einen einzelnen Besucher ist die Verzögerung vernachlässigbar, aber massenhaftes Scraping wird dadurch aufwändig und teuer.", + "hack_purpose": "Letztendlich ist dies eine Übergangslösung, um mehr Zeit für Browser-Fingerprinting und die Identifizierung von Headless-Browsern (z. B. anhand ihrer Schriftwiedergabe) zu gewinnen. So muss die Proof-of-Work-Seite nicht Nutzern angezeigt werden, die sehr wahrscheinlich legitim sind.", + "simplified_explanation": "Dies ist eine Maßnahme gegen Bots und bösartige Anfragen, ähnlich einem CAPTCHA. Anstatt jedoch selbst arbeiten zu müssen, erhält dein Browser eine Rechenaufgabe, um sicherzustellen, dass es sich um einen gültigen Client handelt. Dieses Konzept nennt sich Proof of Work. Die Aufgabe wird in wenigen Sekunden berechnet und du erhältst Zugriff auf die Website. Danke für deine Geduld.", + "jshelter_note": "Anubis benötigt moderne JavaScript-Features, die von Plugins wie JShelter deaktiviert werden. Bitte deaktiviere JShelter oder ähnliche Plugins für diese Domain.", + "version_info": "Diese Website läuft mit Anubis-Version", "try_again": "Erneut versuchen", - "go_home": "Zur Hauptseite", - "contact_webmaster": "oder wenn Du glaubst, dass es sich hierbei um einen Fehler handelt, kontaktiere bitte den Administrator der Webseite unter", - "connection_security": "Bitte warte einen Moment, während wir sicherstellen, dass eine sichere Verbindung verwendet wird.", - "javascript_required": "Du musst JavaScript aktivieren, um diese Prüfung durchführen zu können. Dies ist notwendig, da KI-Unternehmen den sozialen Vertrag bezüglich des Hostings von Webseiten gebrochen haben. Eine Lösung ohne JavaScript ist in Entwicklung.", - "benchmark_requires_js": "Für die Nutzung des Benchmark-Tools muss JavaScript aktiviert werden.", + "go_home": "Zur Startseite", + "contact_webmaster": "Falls du glaubst, dass es sich um einen Fehler handelt, kontaktiere bitte den Administrator unter", + "connection_security": "Bitte warte einen Moment, während wir die Sicherheit deiner Verbindung prüfen.", + "javascript_required": "Du musst JavaScript aktivieren, um diese Prüfung durchführen zu können. Dies ist notwendig, da KI-Unternehmen die bisherigen Regeln für das Hosting von Websites nicht mehr respektieren. Eine Lösung ohne JavaScript ist in Entwicklung.", + "benchmark_requires_js": "Für die Nutzung des Benchmark-Tools muss JavaScript aktiviert sein.", "difficulty": "Schwierigkeit:", "algorithm": "Algorithmus:", "compare": "Vergleich:", @@ -25,42 +26,41 @@ "iters_a": "Iterationen A", "time_b": "Zeit B", "iters_b": "Iterationen B", - "static_check_endpoint": "Dies ist nur ein Endpunkt, der von einem Reverse-Proxy geprüft werden kann.", - "authorization_required": "Zugriffserlaubnis benötigt", - "cookies_disabled": "Cookies sind in deinem Browser deaktiviert. Anubis benötigt Cookies, um sicherzustellen, dass es sich hierbei um einen legitimen Zugriff handelt. Bitte aktiviere Cookies für diese Domain.", - "access_denied": "Zugriff verweigert: Fehlercode", + "static_check_endpoint": "Dies ist ein Endpunkt zur Prüfung durch einen Reverse-Proxy.", + "authorization_required": "Autorisierung erforderlich", + "cookies_disabled": "Cookies sind in deinem Browser deaktiviert. Anubis benötigt Cookies, um sicherzustellen, dass es sich um einen legitimen Zugriff handelt. Bitte aktiviere Cookies für diese Domain.", + "access_denied": "Zugriff verweigert – Fehlercode", "dronebl_entry": "Eintrag in DroneBL", "see_dronebl_lookup": "anzeigen", - "internal_server_error": "Interner Server-Fehler: Der Administrator hat Anubis fehlerhaft konfiguriert. Bitte kontaktiere den Administrator und bitte ihn, die Logs zu prüfen.", + "internal_server_error": "Interner Serverfehler: Der Administrator hat Anubis fehlerhaft konfiguriert. Bitte kontaktiere den Administrator und bitte ihn, die Logs zu prüfen.", "invalid_redirect": "Ungültige Weiterleitung", - "redirect_not_parseable": "URL der Weiterleitung kann nicht verarbeitet werden", - "redirect_domain_not_allowed": "Domain der Weiterleitung nicht erlaubt", + "redirect_not_parseable": "Weiterleitungs-URL kann nicht verarbeitet werden", + "redirect_domain_not_allowed": "Weiterleitungs-Domain nicht erlaubt", + "missing_required_forwarded_headers": "Erforderliche X-Forwarded-*-Header fehlen", "failed_to_sign_jwt": "JWT konnte nicht signiert werden", "invalid_invocation": "Ungültiger Aufruf von MakeChallenge", - "client_error_browser": "Client-Fehler: Bitte stelle sicher, dass dein Browser aktuell ist und versuche es später erneut.", + "client_error_browser": "Client-Fehler: Bitte stelle sicher, dass dein Browser aktuell ist, und versuche es später erneut.", "oh_noes": "Oh nein!", "benchmarking_anubis": "Benchmark wird durchgeführt!", "you_are_not_a_bot": "Du bist kein Bot!", "making_sure_not_bot": "Dein Browser wird geprüft!", "celphase": "CELPHASE", - "js_web_crypto_error": "Dein Browser hat kein funktionierendes web.crypto Element. Wird eine sichere Verbindung verwendet?", + "js_web_crypto_error": "Dein Browser verfügt nicht über ein funktionierendes web.crypto-Element. Wird eine sichere Verbindung verwendet?", "js_web_workers_error": "Dein Browser unterstützt keine Web-Worker (Anubis verwendet diese, damit der Browser nicht einfriert). Ist ein Plugin wie JShelter installiert?", - "js_cookies_error": "Dein Browser speichert keine Cookies. Anubis verwendet Cookies, um nach bestandener Prüfung ein signiertes Token abzulegen. Bitte aktiviere Cookies für diese Domain. Die Cookie-Namen von Anubis könnten sich jederzeit ändern. Cookie-Namen und die gespeicherten Werte sind kein Teil der öffentlichen API.", + "js_cookies_error": "Dein Browser speichert keine Cookies. Anubis verwendet Cookies, um nach bestandener Prüfung ein signiertes Token abzulegen. Bitte aktiviere Cookies für diese Domain. Die Cookie-Namen von Anubis können sich jederzeit ändern. Cookie-Namen und gespeicherte Werte sind nicht Teil der öffentlichen API.", "js_context_not_secure": "Diese Verbindung ist nicht sicher!", - "js_context_not_secure_msg": "Bitte versuche, dich via HTTPS zu verbinden oder weise den Administrator darauf hin, HTTPS einzurichten. Mehr Informationen unter: MDN.", - "js_calculating": "Berechnung wird durchgeführt...", + "js_context_not_secure_msg": "Bitte versuche, dich über HTTPS zu verbinden, oder weise den Administrator darauf hin, HTTPS einzurichten. Mehr Informationen: MDN.", + "js_calculating": "Berechnung läuft...", "js_missing_feature": "Fehlendes Feature", "js_challenge_error": "Prüfung fehlgeschlagen!", - "js_challenge_error_msg": "Der Prüf-Algorithmus konnte nicht geladen werden. Bitte lade diese Seite erneut.", - "js_calculating_difficulty": "Berechnung wird durchgeführt...
Schwierigkeit:", + "js_challenge_error_msg": "Der Prüf-Algorithmus konnte nicht geladen werden. Bitte lade die Seite neu.", + "js_calculating_difficulty": "Berechnung läuft...
Schwierigkeit:", "js_speed": "Geschwindigkeit:", - "js_verification_longer": "Die Prüfung benötigt länger als erwartet. Bitte bleibe auf der Seite und lade diese nicht neu.", + "js_verification_longer": "Die Prüfung dauert länger als erwartet. Bitte warte und lade die Seite nicht neu.", "js_success": "Erfolgreich!", "js_done_took": "Fertig! Dauer:", "js_iterations": "Iterationen", - "js_finished_reading": "Fertig gelesen, weiter zur Seite →", - "js_calculation_error": "Berechnung fehlgeschlagen!", - "js_calculation_error_msg": "Fehler bei der Berechnung der Prüfung:", - "missing_required_forwarded_headers": "Fehlende erforderliche X-Forwarded-* Header", - "simplified_explanation": "Dies ist eine Maßnahme gegen Bots und bösartige Anfragen, ähnlich einem CAPTCHA. Anstatt jedoch selbst arbeiten zu müssen, erhält Ihr Browser eine Berechnungsaufgabe, die er lösen muss, um sicherzustellen, dass es sich um einen gültigen Client handelt. Dieses Konzept wird als Proof of Work bezeichnet. Die Aufgabe wird in wenigen Sekunden berechnet und Sie erhalten Zugriff auf die Website. Vielen Dank für Ihr Verständnis und Ihre Geduld." -} \ No newline at end of file + "js_finished_reading": "Fertig gelesen – weiter zur Seite →", + "js_calculation_error": "Berechnungsfehler!", + "js_calculation_error_msg": "Fehler bei der Berechnung der Prüfung:" +} From 9d9be61c2400d53b30bfbbf4a13b51c1558bc420 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Fri, 19 Dec 2025 15:42:24 -0500 Subject: [PATCH 08/24] fix(default-config): must-accept-rule on browsers only (#1350) TIL docker clients don't include the Accept header all the time. I would have thought they did that. Oops. Closes: #1346 Signed-off-by: Xe Iaso --- data/botPolicies.yaml | 5 ++++- data/meta/default-config.yaml | 5 ++++- docs/docs/CHANGELOG.md | 1 + 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/data/botPolicies.yaml b/data/botPolicies.yaml index 1288f635..3b8c1eee 100644 --- a/data/botPolicies.yaml +++ b/data/botPolicies.yaml @@ -134,7 +134,10 @@ bots: adjust: -5 - name: should-have-accept - expression: '!("Accept" in headers)' + expression: + all: + - userAgent.contains("Mozilla") + - '!("Accept" in headers)' action: WEIGH weight: adjust: 5 diff --git a/data/meta/default-config.yaml b/data/meta/default-config.yaml index 9658e389..712ed0cf 100644 --- a/data/meta/default-config.yaml +++ b/data/meta/default-config.yaml @@ -118,7 +118,10 @@ adjust: -5 - name: should-have-accept - expression: '!("Accept" in headers)' + expression: + all: + - userAgent.contains("Mozilla") + - '!("Accept" in headers)' action: WEIGH weight: adjust: 5 diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 9ad46f2e..f2e7f39d 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -27,6 +27,7 @@ Anubis is back and better than ever! Lots of minor fixes with some big ones inte - Add support to simple Valkey/Redis cluster mode - Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283)) - Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures. +- Refine the check that ensures the presence of the Accept header to avoid breaking docker clients. ### Dataset poisoning From a37068a423e11e3b8f5d92ad2d27adc6cb3bd67e Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Tue, 23 Dec 2025 21:13:54 -0500 Subject: [PATCH 09/24] fix(default-config): remove browser detection logic (#1360) Looks like these rules don't work anymore. Closes: #1353 Signed-off-by: Xe Iaso --- data/botPolicies.yaml | 47 ----------------------------------- data/meta/default-config.yaml | 47 ----------------------------------- docs/docs/CHANGELOG.md | 1 + 3 files changed, 1 insertion(+), 94 deletions(-) diff --git a/data/botPolicies.yaml b/data/botPolicies.yaml index 3b8c1eee..ad7fb1aa 100644 --- a/data/botPolicies.yaml +++ b/data/botPolicies.yaml @@ -95,53 +95,6 @@ bots: # weight: # adjust: -10 - # Assert behaviour that only genuine browsers display. This ensures that Chrome - # or Firefox versions - - name: realistic-browser-catchall - expression: - all: - - '"User-Agent" in headers' - - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )' - - '"Accept" in headers' - - '"Sec-Fetch-Dest" in headers' - - '"Sec-Fetch-Mode" in headers' - - '"Sec-Fetch-Site" in headers' - - '"Accept-Encoding" in headers' - - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )' - - '"Accept-Language" in headers' - action: WEIGH - weight: - adjust: -10 - - # The Upgrade-Insecure-Requests header is typically sent by browsers, but not always - - name: upgrade-insecure-requests - expression: '"Upgrade-Insecure-Requests" in headers' - action: WEIGH - weight: - adjust: -2 - - # Chrome should behave like Chrome - - name: chrome-is-proper - expression: - all: - - userAgent.contains("Chrome") - - '"Sec-Ch-Ua" in headers' - - 'headers["Sec-Ch-Ua"].contains("Chromium")' - - '"Sec-Ch-Ua-Mobile" in headers' - - '"Sec-Ch-Ua-Platform" in headers' - action: WEIGH - weight: - adjust: -5 - - - name: should-have-accept - expression: - all: - - userAgent.contains("Mozilla") - - '!("Accept" in headers)' - action: WEIGH - weight: - adjust: 5 - # Generic catchall rule - name: generic-browser user_agent_regex: >- diff --git a/data/meta/default-config.yaml b/data/meta/default-config.yaml index 712ed0cf..73e8a0d2 100644 --- a/data/meta/default-config.yaml +++ b/data/meta/default-config.yaml @@ -79,53 +79,6 @@ # weight: # adjust: -10 -# Assert behaviour that only genuine browsers display. This ensures that Chrome -# or Firefox versions -- name: realistic-browser-catchall - expression: - all: - - '"User-Agent" in headers' - - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )' - - '"Accept" in headers' - - '"Sec-Fetch-Dest" in headers' - - '"Sec-Fetch-Mode" in headers' - - '"Sec-Fetch-Site" in headers' - - '"Accept-Encoding" in headers' - - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )' - - '"Accept-Language" in headers' - action: WEIGH - weight: - adjust: -10 - -# The Upgrade-Insecure-Requests header is typically sent by browsers, but not always -- name: upgrade-insecure-requests - expression: '"Upgrade-Insecure-Requests" in headers' - action: WEIGH - weight: - adjust: -2 - -# Chrome should behave like Chrome -- name: chrome-is-proper - expression: - all: - - userAgent.contains("Chrome") - - '"Sec-Ch-Ua" in headers' - - 'headers["Sec-Ch-Ua"].contains("Chromium")' - - '"Sec-Ch-Ua-Mobile" in headers' - - '"Sec-Ch-Ua-Platform" in headers' - action: WEIGH - weight: - adjust: -5 - -- name: should-have-accept - expression: - all: - - userAgent.contains("Mozilla") - - '!("Accept" in headers)' - action: WEIGH - weight: - adjust: 5 - # Generic catchall rule - name: generic-browser user_agent_regex: >- diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index f2e7f39d..73a8d1eb 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -28,6 +28,7 @@ Anubis is back and better than ever! Lots of minor fixes with some big ones inte - Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283)) - Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures. - Refine the check that ensures the presence of the Accept header to avoid breaking docker clients. +- Removed rules intended to reward actual browsers due to abuse in the wild. ### Dataset poisoning From 6d9c0abe74888e3d409466ef0058137a8ed9b008 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Tue, 23 Dec 2025 21:17:59 -0500 Subject: [PATCH 10/24] chore: tag v1.24.0 Signed-off-by: Xe Iaso --- VERSION | 2 +- docs/docs/CHANGELOG.md | 2 +- package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/VERSION b/VERSION index a2b5571d..53cc1a6f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.24.0-pre1 +1.24.0 diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 73a8d1eb..6950ab82 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -13,7 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 -## v1.24.0 [pre1]: Y'shtola Rhul +## v1.24.0: Y'shtola Rhul Anubis is back and better than ever! Lots of minor fixes with some big ones interspersed. diff --git a/package.json b/package.json index e85027eb..f9a890d2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@techaro/anubis", - "version": "1.24.0-pre1", + "version": "1.24.0", "description": "", "main": "index.js", "scripts": { From 2532478abd122dacf0fc15f946fbc58962f2d689 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Dec 2025 01:02:48 -0500 Subject: [PATCH 11/24] build(deps): bump the github-actions group with 4 updates (#1355) Co-authored-by: Jason Cameron --- .github/workflows/docs-deploy.yml | 4 ++-- .github/workflows/go.yml | 2 +- .github/workflows/package-builds-unstable.yml | 2 +- .github/workflows/smoke-tests.yml | 2 +- .github/workflows/zizmor.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index 30b5d3f4..ef8186d4 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -53,14 +53,14 @@ jobs: push: true - name: Apply k8s manifests to limsa lominsa - uses: actions-hub/kubectl@2639090a038d46a3b9b98b220ae0837676ded8b7 # v1.34.3 + uses: actions-hub/kubectl@f6d776bd78f4523e36d6c74d34f9941c242b2213 # v1.35.0 env: KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} with: args: apply -k docs/manifest - name: Apply k8s manifests to limsa lominsa - uses: actions-hub/kubectl@2639090a038d46a3b9b98b220ae0837676ded8b7 # v1.34.3 + uses: actions-hub/kubectl@f6d776bd78f4523e36d6c74d34f9941c242b2213 # v1.35.0 env: KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} with: diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index ec94a4dd..577051e2 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -32,7 +32,7 @@ jobs: go-version: '1.25.4' - name: Cache playwright binaries - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 id: playwright-cache with: path: | diff --git a/.github/workflows/package-builds-unstable.yml b/.github/workflows/package-builds-unstable.yml index 567bbf10..4ddb9f3c 100644 --- a/.github/workflows/package-builds-unstable.yml +++ b/.github/workflows/package-builds-unstable.yml @@ -41,7 +41,7 @@ jobs: run: | go tool yeet - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: packages path: var/* diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index b9b0ddab..ab78c38f 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -56,7 +56,7 @@ jobs: run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV - name: Upload artifact - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f if: always() with: name: ${{ env.ARTIFACT_NAME }} diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index d2dfb481..a5a2ac87 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -21,7 +21,7 @@ jobs: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 - name: Run zizmor 🌈 run: uvx zizmor --format sarif . > results.sarif From e084e5011e00b6c0d6b6396f9507f910c6773b0b Mon Sep 17 00:00:00 2001 From: The Ninth <65013732+btomaev@users.noreply.github.com> Date: Thu, 25 Dec 2025 23:14:04 +0300 Subject: [PATCH 12/24] feat(localization): add Polish language translation (#1363) (cherry picked from commit 1f9c2272e64d372c5a76ab187abfc0723588c535) Co-authored-by: bplajzer --- docs/docs/CHANGELOG.md | 2 + lib/localization/locales/manifest.json | 1 + lib/localization/locales/pl.json | 66 ++++++++++++++++++++++++++ lib/localization/localization_test.go | 1 + 4 files changed, 70 insertions(+) create mode 100644 lib/localization/locales/pl.json diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 6950ab82..0c4271c7 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +- Add Polish locale ([#1292](https://github.com/TecharoHQ/anubis/pull/1309)) + ## v1.24.0: Y'shtola Rhul diff --git a/lib/localization/locales/manifest.json b/lib/localization/locales/manifest.json index 388a35e1..de4f182e 100644 --- a/lib/localization/locales/manifest.json +++ b/lib/localization/locales/manifest.json @@ -15,6 +15,7 @@ "nb", "nl", "nn", + "pl", "pt-BR", "ru", "tr", diff --git a/lib/localization/locales/pl.json b/lib/localization/locales/pl.json new file mode 100644 index 00000000..47e84c31 --- /dev/null +++ b/lib/localization/locales/pl.json @@ -0,0 +1,66 @@ +{ + "loading": "Ładowanie...", + "why_am_i_seeing": "Dlaczego to widzę?", + "protected_by": "Chronione przez", + "protected_from": "Przed", + "made_with": "Stworzone z ❤️ w 🇨🇦", + "mascot_design": "Projekt maskotki:", + "ai_companies_explanation": "Widzisz to, ponieważ administrator tej strony skonfigurował Anubisa, aby chronić serwer przed masowym skanowaniem treści przez firmy tworzące AI. Powoduje to obciążenie i przestoje, przez co zasoby strony stają się niedostępne dla wszystkich.", + "anubis_compromise": "Anubis jest kompromisem. Używa mechanizmu Proof-of-Work w stylu Hashcash — proponowanego systemu ograniczania spamu e-mail. Pomysł polega na tym, że dla indywidualnych użytkowników dodatkowe obciążenie jest niezauważalne, ale w skali masowego skanowania koszt szybko rośnie.", + "hack_purpose": "Docelowo jest to rozwiązanie tymczasowe, aby zyskać czas na ulepszenie metod identyfikacji przeglądarek bez interfejsu graficznego (np. poprzez analizę renderowania czcionek), by w przyszłości nie musieć wyświetlać strony z zadaniem Proof-of-Work użytkownikom, którzy najprawdopodobniej są prawidłowi.", + "simplified_explanation": "To zabezpieczenie przed botami i złośliwymi żądaniami, podobne do CAPTCHA. Jednak zamiast wykonywać zadanie samodzielnie, przeglądarka otrzymuje obliczenie do wykonania, aby potwierdzić, że jest prawidłowym klientem. Ten mechanizm to Proof of Work. Zadanie trwa kilka sekund i uzyskujesz dostęp do strony. Dziękujemy za cierpliwość.", + "jshelter_note": "Uwaga: Anubis wymaga nowoczesnych funkcji JavaScript, które wtyczki typu JShelter mogą blokować. Wyłącz JShelter lub podobne dodatki dla tej domeny.", + "version_info": "Ta strona działa na Anubis w wersji", + "try_again": "Spróbuj ponownie", + "go_home": "Wróć na stronę główną", + "contact_webmaster": "lub jeśli uważasz, że nie powinieneś być blokowany, skontaktuj się z administratorem pod adresem", + "connection_security": "Poczekaj chwilę, sprawdzamy bezpieczeństwo Twojego połączenia.", + "javascript_required": "Niestety, aby przejść tę próbę, musisz włączyć obsługę JavaScript. Jest to konieczne, ponieważ firmy zajmujące się sztuczną inteligencją zmieniły umowę społeczną dotyczącą funkcjonowania hostingu stron internetowych. Rozwiązanie bez obsługi JavaScript jest w trakcie opracowywania.", + "benchmark_requires_js": "Uruchomienie narzędzia testowego wymaga włączonego JavaScript.", + "difficulty": "Trudność:", + "algorithm": "Algorytm:", + "compare": "Porównaj:", + "time": "Czas", + "iters": "Iteracje", + "time_a": "Czas A", + "iters_a": "Iteracje A", + "time_b": "Czas B", + "iters_b": "Iteracje B", + "static_check_endpoint": "To jedynie punkt kontrolny do użytku przez Twój reverse proxy.", + "authorization_required": "Wymagane uwierzytelnienie", + "cookies_disabled": "Twoja przeglądarka blokuje ciasteczka. Anubis wymaga ich, aby potwierdzić, że jesteś prawidłowym klientem. Włącz ciasteczka dla tej domeny.", + "access_denied": "Brak dostępu: kod błędu", + "dronebl_entry": "DroneBL zgłosił wpis", + "see_dronebl_lookup": "zobacz", + "internal_server_error": "Błąd wewnętrzny serwera: administrator błędnie skonfigurował Anubis. Skontaktuj się z administratorem i poproś o sprawdzenie logów", + "invalid_redirect": "Nieprawidłowe przekierowanie", + "redirect_not_parseable": "Nie można odczytać adresu przekierowania", + "redirect_domain_not_allowed": "Domena przekierowania niedozwolona", + "missing_required_forwarded_headers": "Brak wymaganych nagłówków X-Forwarded-*", + "failed_to_sign_jwt": "Nie udało się podpisać JWT", + "invalid_invocation": "Nieprawidłowe wywołanie MakeChallenge", + "client_error_browser": "Błąd klienta: upewnij się, że Twoja przeglądarka jest aktualna i spróbuj ponownie później.", + "oh_noes": "O nie!", + "benchmarking_anubis": "Testowanie wydajności Anubis!", + "you_are_not_a_bot": "Nie jesteś botem!", + "making_sure_not_bot": "Sprawdzamy, czy nie jesteś botem!", + "celphase": "CELPHASE", + "js_web_crypto_error": "Twoja przeglądarka nie obsługuje web.crypto. Czy korzystasz z bezpiecznego połączenia?", + "js_web_workers_error": "Twoja przeglądarka nie obsługuje web workers (Anubis ich używa, by nie zawieszać przeglądarki). Czy masz zainstalowaną wtyczkę typu JShelter?", + "js_cookies_error": "Twoja przeglądarka nie zapisuje ciasteczek. Anubis używa ich do przechowywania podpisanego tokenu potwierdzającego przejście zabezpieczenia. Włącz zapis ciasteczek dla tej domeny. Nazwy ciasteczek mogą zmieniać się bez zapowiedzi. Nazwy oraz zawartość ciasteczek nie są cześcią publicznego API.", + "js_context_not_secure": "Kontekst nie jest bezpieczny!", + "js_context_not_secure_msg": "Spróbuj połączyć się przez HTTPS lub poinformuj administratora, by skonfigurował HTTPS. Więcej informacji na MDN.", + "js_calculating": "Obliczanie...", + "js_missing_feature": "Brakująca funkcja", + "js_challenge_error": "Błąd wyzwania!", + "js_challenge_error_msg": "Nie udało się ustalić algorytmu sprawdzającego. Możesz spróbować odświeżyć stronę.", + "js_calculating_difficulty": "Obliczanie...
Trudność:", + "js_speed": "Prędkość:", + "js_verification_longer": "Weryfikacja trwa dłużej niż zwykle. Proszę nie odświeżać strony.", + "js_success": "Sukces!", + "js_done_took": "Gotowe! Zajęło to", + "js_iterations": "iteracji", + "js_finished_reading": "Skończyłem czytać, kontynuuj →", + "js_calculation_error": "Błąd obliczeń!", + "js_calculation_error_msg": "Nie udało się obliczyć zadania:" +} \ No newline at end of file diff --git a/lib/localization/localization_test.go b/lib/localization/localization_test.go index d371f48a..47442f18 100644 --- a/lib/localization/localization_test.go +++ b/lib/localization/localization_test.go @@ -24,6 +24,7 @@ func TestLocalizationService(t *testing.T) { "nb": "Laster inn...", "nl": "Laden...", "nn": "Lastar inn...", + "pl": "Ładowanie...", "pt-BR": "Carregando...", "tr": "Yükleniyor...", "ru": "Загрузка...", From 9b210d795edcb71a56f0800ed9da5e5800cca299 Mon Sep 17 00:00:00 2001 From: p0008874 <75534590+p0008874@users.noreply.github.com> Date: Fri, 26 Dec 2025 09:05:26 +0800 Subject: [PATCH 13/24] docs(known-instances): Alphabetical order + Add Valve Corporation (#1352) Co-authored-by: Jason Cameron --- docs/docs/user/known-instances.md | 162 +++++++++++++++--------------- 1 file changed, 79 insertions(+), 83 deletions(-) diff --git a/docs/docs/user/known-instances.md b/docs/docs/user/known-instances.md index ddbc52ba..9b24282c 100644 --- a/docs/docs/user/known-instances.md +++ b/docs/docs/user/known-instances.md @@ -4,67 +4,83 @@ title: List of known websites using Anubis This page contains a non-exhaustive list with all websites using Anubis. --
- The Linux Foundation - - https://git.kernel.org/ - - https://lore.kernel.org/ -
-- https://gitlab.gnome.org/ -- https://scioly.org/ +- https://azurlane.koumakan.jp/ - https://bugs.winehq.org/ +- https://bugzilla.proxmox.com +- https://canine.tools/ +- https://clew.se/ +- https://code.hackerspace.pl/ +- https://codeberg.org/ +- https://dev.haiku-os.org +- https://dev.sanctum.geek.nz/ +- https://ebird.org/ +- https://extensions.typo3.org/ +- https://fabulous.systems/ +- https://git.aya.so/ +- https://git.devuan.org/ +- https://git.enlightenment.org/ +- https://gitea.com/ +- https://gitlab.freedesktop.org/ +- https://gitlab.gnome.org/ +- https://gitlab.postmarketos.org/ +- https://hosted.weblate.org/ +- https://hydra.nixos.org/ +- https://lab.civicrm.org/ +- https://marginalia-search.com/ +- https://mozillazine.org/ +- https://openwrt.org/ +- https://pluralpedia.org/ +- https://reddit.nerdvpn.de/ +- https://repositorio.ufrn.br/home/ +- https://rpmfusion.org/ +- https://scioly.org/ +- https://source.puri.sm/ +- https://squirreljme.cc/ +- https://superlove.sayitditto.net/ - https://svnweb.freebsd.org/ - https://trac.ffmpeg.org/ -- https://xeiaso.net/ -- https://source.puri.sm/ -- https://git.enlightenment.org/ -- https://superlove.sayitditto.net/ -- https://linktaco.com/ -- https://jaredallard.dev/ -- https://dev.sanctum.geek.nz/ -- https://canine.tools/ -- https://git.lupancham.net/ -- https://dev.haiku-os.org -- http://code.hackerspace.pl/ -- https://wiki.archlinux.org/ -- https://git.devuan.org/ -- https://hydra.nixos.org/ -- https://codeberg.org/ -- https://www.cfaarchive.org/ -- https://gitlab.freedesktop.org/ -- https://bugzilla.proxmox.com -- https://hofstede.io/ -- https://www.indiemag.fr/ -- https://reddit.nerdvpn.de/ -- https://hosted.weblate.org/ -- https://gitea.com/ -- https://openwrt.org/ -- https://minihoot.site -- https://catgirl.click/ -- https://wiki.dolphin-emu.org/ -- https://squirreljme.cc/ -- https://gitlab.postmarketos.org/ -- https://wiki.koha-community.org/ -- https://extensions.typo3.org/ -- https://ebird.org/ -- https://fabulous.systems/ -- https://coinhoards.org/ -- https://pluralpedia.org/ -- https://git.aya.so/ -- https://marginalia-search.com/ -- https://repositorio.ufrn.br/home/ -- https://mozillazine.org/ -- https://clew.se/ - https://tumfatig.net/ -- https://rpmfusion.org/ +- https://wiki.archlinux.org/ +- https://wiki.dolphin-emu.org/ - https://wiki.freepascal.org/ -- https://azurlane.koumakan.jp/ -- https://lab.civicrm.org/ -- https://git.door43.org/ +- https://wiki.koha-community.org/ +- https://www.cfaarchive.org/ +- https://www.indiemag.fr/ +- https://xeiaso.net/ +-
+ archlinux32.org + - https://www.archlinux32.org/packages/ + - https://bbs.archlinux32.org/ + - https://bugs.archlinux32.org/ +
+-
+ Duke University + - https://repository.duke.edu/ + - https://archives.lib.duke.edu/ + - https://find.library.duke.edu/ + - https://nicholas.duke.edu/ +
+-
+ Forschungszentrum Jülich + - https://juser.fz-juelich.de/ +
-
FreeCAD - https://forum.freecad.org/ - https://wiki.freecad.org/
+-
+ HackLab.TO + - https://hacklab.to/ + - https://knowledge.hacklab.to/ +
+-
+ hebis (Alliance of Hessian Libraries) + - https://ubmr.hds.hebis.de/ + - https://tufind.hds.hebis.de/ + - https://karla.hds.hebis.de/ + - and many more (see https://www.hebis.de/dienste/hebis-discovery-system/) +
-
ReactOS - https://reactos.org/forum @@ -77,6 +93,11 @@ This page contains a non-exhaustive list with all websites using Anubis. - https://forums.scummvm.org/ - https://wiki.scummvm.org/
+-
+ Slackware + - https://git.slackware.nl/ + - https://git.liveslak.org/ +
-
Sourceware - https://sourceware.org/cgit @@ -86,41 +107,16 @@ This page contains a non-exhaustive list with all websites using Anubis. - https://gcc.gnu.org/bugzilla/ - https://gcc.gnu.org/cgit
+-
+ The Linux Foundation + - https://git.kernel.org/ + - https://lore.kernel.org/ +
-
The United Nations - https://policytoolbox.iiep.unesco.org/
-
- hebis (Alliance of Hessian Libraries) - - https://ubmr.hds.hebis.de/ - - https://tufind.hds.hebis.de/ - - https://karla.hds.hebis.de/ - - and many more (see https://www.hebis.de/dienste/hebis-discovery-system/) -
--
- Duke University - - https://repository.duke.edu/ - - https://archives.lib.duke.edu/ - - https://find.library.duke.edu/ - - https://nicholas.duke.edu/ -
--
- Forschungszentrum Jülich - - https://juser.fz-juelich.de/ -
--
- archlinux32.org - - https://www.archlinux32.org/packages/ - - https://bbs.archlinux32.org/ - - https://bugs.archlinux32.org/ -
--
- HackLab.TO - - https://hacklab.to/ - - https://knowledge.hacklab.to/ -
--
- Slackware - - https://git.slackware.nl/ - - https://git.liveslak.org/ + Valve Corporation + - https://developer.valvesoftware.com/wiki/Main_Page
From d748dc9da82281bdaf163fae1891f770666a9f0a Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Sun, 28 Dec 2025 18:18:25 -0500 Subject: [PATCH 14/24] test: basic nginx smoke test (#1365) * docs: split nginx configuration files to their own directory Signed-off-by: Xe Iaso * test: add nginx config smoke test based on the config in the docs Signed-off-by: Xe Iaso --------- Signed-off-by: Xe Iaso --- .github/workflows/smoke-tests.yml | 5 +- docs/docs/admin/environments/nginx.mdx | 117 ++---------------- .../admin/environments/nginx/conf-anubis.inc | 8 ++ .../nginx/server-anubistest-techaro-lol.conf | 50 ++++++++ .../nginx/server-mimi-techaro-lol.conf | 29 +++++ .../environments/nginx/upstream-anubis.conf | 16 +++ docs/package-lock.json | 100 +++++++++++++++ docs/package.json | 1 + test/nginx/conf/nginx/conf-anubis.inc | 8 ++ .../nginx/conf.d/server-mimi-techaro-lol.conf | 29 +++++ .../conf/nginx/conf.d/upstream-anubis.conf | 17 +++ test/nginx/conf/nginx/mime.types | 99 +++++++++++++++ test/nginx/conf/nginx/nginx.conf | 32 +++++ test/nginx/test.sh | 24 ++++ 14 files changed, 426 insertions(+), 109 deletions(-) create mode 100644 docs/docs/admin/environments/nginx/conf-anubis.inc create mode 100644 docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf create mode 100644 docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf create mode 100644 docs/docs/admin/environments/nginx/upstream-anubis.conf create mode 100644 test/nginx/conf/nginx/conf-anubis.inc create mode 100644 test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf create mode 100644 test/nginx/conf/nginx/conf.d/upstream-anubis.conf create mode 100644 test/nginx/conf/nginx/mime.types create mode 100644 test/nginx/conf/nginx/nginx.conf create mode 100755 test/nginx/test.sh diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index ab78c38f..4257bc23 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -23,6 +23,7 @@ jobs: - healthcheck - i18n - log-file + - nginx - palemoon/amd64 #- palemoon/i386 - robots_txt @@ -35,10 +36,10 @@ jobs: - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: - node-version: '24.11.0' + node-version: "24.11.0" - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: - go-version: '1.25.4' + go-version: "1.25.4" - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 diff --git a/docs/docs/admin/environments/nginx.mdx b/docs/docs/admin/environments/nginx.mdx index 74a07d22..df31bd50 100644 --- a/docs/docs/admin/environments/nginx.mdx +++ b/docs/docs/admin/environments/nginx.mdx @@ -1,5 +1,7 @@ # Nginx +import CodeBlock from "@theme/CodeBlock"; + Anubis is intended to be a filter proxy. The way to integrate this with nginx is to break your configuration up into two parts: TLS termination and then HTTP routing. Consider this diagram: ```mermaid @@ -36,110 +38,26 @@ These examples assume that you are using a setup where your nginx configuration Assuming that we are protecting `anubistest.techaro.lol`, here's what the server configuration file would look like: -```nginx -# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf +import anubisTest from "!!raw-loader!./nginx/server-anubistest-techaro-lol.conf"; -# HTTP - Redirect all HTTP traffic to HTTPS -server { - listen 80; - listen [::]:80; - - server_name anubistest.techaro.lol; - - location / { - return 301 https://$host$request_uri; - } -} - -# TLS termination server, this will listen over TLS (https) and then -# proxy all traffic to the target via Anubis. -server { - # Listen on TCP port 443 with TLS (https) and HTTP/2 - listen 443 ssl; - listen [::]:443 ssl; - http2 on; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Http-Version $server_protocol; - proxy_pass http://anubis; - } - - server_name anubistest.techaro.lol; - - ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt; - ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key; -} - -# Backend server, this is where your webapp should actually live. -server { - listen unix:/run/nginx/nginx.sock; - - server_name anubistest.techaro.lol; - root "/srv/http/anubistest.techaro.lol"; - index index.html; - - # Get the visiting IP from the TLS termination server - set_real_ip_from unix:; - real_ip_header X-Real-IP; - - # Your normal configuration can go here - # location .php { fastcgi...} etc. -} -``` +{anubisTest} :::tip You can copy the `location /` block into a separate file named something like `conf-anubis.inc` and then include it inline to other `server` blocks: -```nginx -# /etc/nginx/conf.d/conf-anubis.inc +import anubisInclude from "!!raw-loader!./nginx/conf-anubis.inc"; -# Forward to anubis -location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://anubis; -} -``` +{anubisInclude} Then in a server block:
Full nginx config -```nginx -# /etc/nginx/conf.d/server-mimi-techaro-lol.conf +import mimiTecharoLol from "!!raw-loader!./nginx/server-mimi-techaro-lol.conf"; -server { - # Listen on 443 with SSL - listen 443 ssl; - listen [::]:443 ssl; - http2 on; - - # Slipstream via Anubis - include "conf-anubis.inc"; - - server_name mimi.techaro.lol; - - ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt; - ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key; -} - -server { - listen unix:/run/nginx/nginx.sock; - - server_name mimi.techaro.lol; - - port_in_redirect off; - root "/srv/http/mimi.techaro.lol"; - index index.html; - - # Your normal configuration can go here - # location .php { fastcgi...} etc. -} -``` +{mimiTecharoLol}
@@ -147,24 +65,9 @@ server { Create an upstream for Anubis. -```nginx -# /etc/nginx/conf.d/upstream-anubis.conf +import anubisUpstream from "!!raw-loader!./nginx/upstream-anubis.conf"; -upstream anubis { - # Make sure this matches the values you set for `BIND` and `BIND_NETWORK`. - # If this does not match, your services will not be protected by Anubis. - - # Try anubis first over a UNIX socket - server unix:/run/anubis/nginx.sock; - #server 127.0.0.1:8923; - - # Optional: fall back to serving the websites directly. This allows your - # websites to be resilient against Anubis failing, at the risk of exposing - # them to the raw internet without protection. This is a tradeoff and can - # be worth it in some edge cases. - #server unix:/run/nginx.sock backup; -} -``` +{anubisUpstream} This can be repeated for multiple sites. Anubis does not care about the HTTP `Host` header and will happily cope with multiple websites via the same instance. diff --git a/docs/docs/admin/environments/nginx/conf-anubis.inc b/docs/docs/admin/environments/nginx/conf-anubis.inc new file mode 100644 index 00000000..6e5083ae --- /dev/null +++ b/docs/docs/admin/environments/nginx/conf-anubis.inc @@ -0,0 +1,8 @@ +# /etc/nginx/conf-anubis.inc + +# Forward to anubis +location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://anubis; +} \ No newline at end of file diff --git a/docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf b/docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf new file mode 100644 index 00000000..cc5eab2c --- /dev/null +++ b/docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf @@ -0,0 +1,50 @@ +# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf + +# HTTP - Redirect all HTTP traffic to HTTPS +server { + listen 80; + listen [::]:80; + + server_name anubistest.techaro.lol; + + location / { + return 301 https://$host$request_uri; + } +} + +# TLS termination server, this will listen over TLS (https) and then +# proxy all traffic to the target via Anubis. +server { + # Listen on TCP port 443 with TLS (https) and HTTP/2 + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Http-Version $server_protocol; + proxy_pass http://anubis; + } + + server_name anubistest.techaro.lol; + + ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt; + ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key; +} + +# Backend server, this is where your webapp should actually live. +server { + listen unix:/run/nginx/nginx.sock; + + server_name anubistest.techaro.lol; + root "/srv/http/anubistest.techaro.lol"; + index index.html; + + # Get the visiting IP from the TLS termination server + set_real_ip_from unix:; + real_ip_header X-Real-IP; + + # Your normal configuration can go here + # location .php { fastcgi...} etc. +} \ No newline at end of file diff --git a/docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf b/docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf new file mode 100644 index 00000000..905a0e26 --- /dev/null +++ b/docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf @@ -0,0 +1,29 @@ +# /etc/nginx/conf.d/server-mimi-techaro-lol.conf + +server { + # Listen on 443 with SSL + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + + # Slipstream via Anubis + include "conf-anubis.inc"; + + server_name mimi.techaro.lol; + + ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt; + ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key; +} + +server { + listen unix:/run/nginx/nginx.sock; + + server_name mimi.techaro.lol; + + port_in_redirect off; + root "/srv/http/mimi.techaro.lol"; + index index.html; + + # Your normal configuration can go here + # location .php { fastcgi...} etc. +} \ No newline at end of file diff --git a/docs/docs/admin/environments/nginx/upstream-anubis.conf b/docs/docs/admin/environments/nginx/upstream-anubis.conf new file mode 100644 index 00000000..6860ae55 --- /dev/null +++ b/docs/docs/admin/environments/nginx/upstream-anubis.conf @@ -0,0 +1,16 @@ +# /etc/nginx/conf.d/upstream-anubis.conf + +upstream anubis { + # Make sure this matches the values you set for `BIND` and `BIND_NETWORK`. + # If this does not match, your services will not be protected by Anubis. + + # Try anubis first over a UNIX socket + server unix:/run/anubis/nginx.sock; + #server 127.0.0.1:8923; + + # Optional: fall back to serving the websites directly. This allows your + # websites to be resilient against Anubis failing, at the risk of exposing + # them to the raw internet without protection. This is a tradeoff and can + # be worth it in some edge cases. + #server unix:/run/nginx.sock backup; +} \ No newline at end of file diff --git a/docs/package-lock.json b/docs/package-lock.json index dbac4465..90f34e27 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -14,6 +14,7 @@ "@mdx-js/react": "^3.0.0", "clsx": "^2.0.0", "prism-react-renderer": "^2.3.0", + "raw-loader": "^4.0.2", "react": "^19.0.0", "react-dom": "^19.0.0" }, @@ -161,6 +162,7 @@ "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.29.0.tgz", "integrity": "sha512-cZ0Iq3OzFUPpgszzDr1G1aJV5UMIZ4VygJ2Az252q4Rdf5cQMhYEIKArWY/oUjMhQmosM8ygOovNq7gvA9CdCg==", "license": "MIT", + "peer": true, "dependencies": { "@algolia/client-common": "5.29.0", "@algolia/requester-browser-xhr": "5.29.0", @@ -308,6 +310,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz", "integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==", "license": "MIT", + "peer": true, "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", @@ -2145,6 +2148,7 @@ } ], "license": "MIT", + "peer": true, "engines": { "node": ">=18" }, @@ -2167,6 +2171,7 @@ } ], "license": "MIT", + "peer": true, "engines": { "node": ">=18" } @@ -2247,6 +2252,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -2610,6 +2616,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -3523,6 +3530,7 @@ "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.8.1.tgz", "integrity": "sha512-oByRkSZzeGNQByCMaX+kif5Nl2vmtj2IHQI2fWjCfCootsdKZDPFLonhIp5s3IGJO7PLUfe0POyw0Xh/RrGXJA==", "license": "MIT", + "peer": true, "dependencies": { "@docusaurus/core": "3.8.1", "@docusaurus/logger": "3.8.1", @@ -4246,6 +4254,7 @@ "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-3.1.0.tgz", "integrity": "sha512-QjHtSaoameoalGnKDT3FoIl4+9RwyTmo9ZJGBdLOks/YOiWHoRDI3PUwEzOE7kEmGcV3AFcp9K6dYu9rEuKLAQ==", "license": "MIT", + "peer": true, "dependencies": { "@types/mdx": "^2.0.0" }, @@ -4558,6 +4567,7 @@ "resolved": "https://registry.npmjs.org/@svgr/core/-/core-8.1.0.tgz", "integrity": "sha512-8QqtOQT5ACVlmsvKOJNEaWmRPmcojMOzCz4Hs2BGG/toAp/K38LcsMRyLp349glq5AzJbCEeimEoxaX6v/fLrA==", "license": "MIT", + "peer": true, "dependencies": { "@babel/core": "^7.21.3", "@svgr/babel-preset": "8.1.0", @@ -5200,6 +5210,7 @@ "resolved": "https://registry.npmjs.org/@types/react/-/react-19.0.12.tgz", "integrity": "sha512-V6Ar115dBDrjbtXSrS+/Oruobc+qVbbUxDFC1RSbRqLt5SYvxxyIDrSC85RWml54g+jfNeEMZhEj7wW07ONQhA==", "license": "MIT", + "peer": true, "dependencies": { "csstype": "^3.0.2" } @@ -5539,6 +5550,7 @@ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz", "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "license": "MIT", + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -5594,6 +5606,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", "license": "MIT", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", @@ -5639,6 +5652,7 @@ "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.29.0.tgz", "integrity": "sha512-E2l6AlTWGznM2e7vEE6T6hzObvEyXukxMOlBmVlMyixZyK1umuO/CiVc6sDBbzVH0oEviCE5IfVY1oZBmccYPQ==", "license": "MIT", + "peer": true, "dependencies": { "@algolia/client-abtesting": "5.29.0", "@algolia/client-analytics": "5.29.0", @@ -6092,6 +6106,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001737", "electron-to-chromium": "^1.5.211", @@ -6375,6 +6390,7 @@ "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.0.3.tgz", "integrity": "sha512-ci2iJH6LeIkvP9eJW6gpueU8cnZhv85ELY8w8WiFtNjMHA5ad6pQLaJo9mEly/9qUyCpvqX8/POVUTf18/HFdw==", "license": "Apache-2.0", + "peer": true, "dependencies": { "@chevrotain/cst-dts-gen": "11.0.3", "@chevrotain/gast": "11.0.3", @@ -7079,6 +7095,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -7398,6 +7415,7 @@ "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.32.0.tgz", "integrity": "sha512-5JHBC9n75kz5851jeklCPmZWcg3hUe6sjqJvyk3+hVqFaKcHwHgxsjeN1yLmggoUc6STbtm9/NQyabQehfjvWQ==", "license": "MIT", + "peer": true, "engines": { "node": ">=0.10" } @@ -7819,6 +7837,7 @@ "resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz", "integrity": "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==", "license": "ISC", + "peer": true, "engines": { "node": ">=12" } @@ -8977,6 +8996,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -13596,6 +13616,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -14170,6 +14191,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", @@ -15073,6 +15095,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -15845,6 +15868,76 @@ "node": ">= 0.8" } }, + "node_modules/raw-loader": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/raw-loader/-/raw-loader-4.0.2.tgz", + "integrity": "sha512-ZnScIV3ag9A4wPX/ZayxL/jZH+euYb6FcUinPcgiQW0+UBtEv0O6Q3lGd3cqJ+GHH+rksEv3Pj99oxJ3u3VIKA==", + "license": "MIT", + "dependencies": { + "loader-utils": "^2.0.0", + "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" + } + }, + "node_modules/raw-loader/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "peer": true, + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/raw-loader/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/raw-loader/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/raw-loader/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, "node_modules/rc": { "version": "1.2.8", "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", @@ -15874,6 +15967,7 @@ "resolved": "https://registry.npmjs.org/react/-/react-19.0.0.tgz", "integrity": "sha512-V8AVnmPIICiWpGfm6GLzCR/W5FXLchHop40W4nXBmdlEceh16rCN8O8LNWm5bh5XUX91fh7KpA+W0TgMKmgTpQ==", "license": "MIT", + "peer": true, "engines": { "node": ">=0.10.0" } @@ -15883,6 +15977,7 @@ "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.0.0.tgz", "integrity": "sha512-4GV5sHFG0e/0AD4X+ySy6UJd3jVl1iNsNHdpad0qhABJ11twS3TTBnseqsKurKcsNqCEFeGL3uLpVChpIO3QfQ==", "license": "MIT", + "peer": true, "dependencies": { "scheduler": "^0.25.0" }, @@ -15938,6 +16033,7 @@ "resolved": "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-6.0.0.tgz", "integrity": "sha512-YMMxTUQV/QFSnbgrP3tjDzLHRg7vsbMn8e9HAa8o/1iXoiomo48b7sk/kkmWEuWNDPJVlKSJRB6Y2fHqdJk+SQ==", "license": "MIT", + "peer": true, "dependencies": { "@types/react": "*" }, @@ -15966,6 +16062,7 @@ "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz", "integrity": "sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA==", "license": "MIT", + "peer": true, "dependencies": { "@babel/runtime": "^7.12.13", "history": "^4.9.0", @@ -17804,6 +17901,7 @@ "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==", "devOptional": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -18151,6 +18249,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -18398,6 +18497,7 @@ "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.98.0.tgz", "integrity": "sha512-UFynvx+gM44Gv9qFgj0acCQK2VE1CtdfwFdimkapco3hlPCJ/zeq73n2yVKimVbtm+TnApIugGhLJnkU6gjYXA==", "license": "MIT", + "peer": true, "dependencies": { "@types/eslint-scope": "^3.7.7", "@types/estree": "^1.0.6", diff --git a/docs/package.json b/docs/package.json index cde6077e..5c5a0478 100644 --- a/docs/package.json +++ b/docs/package.json @@ -21,6 +21,7 @@ "@mdx-js/react": "^3.0.0", "clsx": "^2.0.0", "prism-react-renderer": "^2.3.0", + "raw-loader": "^4.0.2", "react": "^19.0.0", "react-dom": "^19.0.0" }, diff --git a/test/nginx/conf/nginx/conf-anubis.inc b/test/nginx/conf/nginx/conf-anubis.inc new file mode 100644 index 00000000..6e5083ae --- /dev/null +++ b/test/nginx/conf/nginx/conf-anubis.inc @@ -0,0 +1,8 @@ +# /etc/nginx/conf-anubis.inc + +# Forward to anubis +location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://anubis; +} \ No newline at end of file diff --git a/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf b/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf new file mode 100644 index 00000000..e0e69e6c --- /dev/null +++ b/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf @@ -0,0 +1,29 @@ +# /etc/nginx/conf.d/server-mimi-techaro-lol.conf + +server { + # Listen on 443 with SSL + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + + # Slipstream via Anubis + include "conf-anubis.inc"; + + server_name mimi.techaro.lol; + + ssl_certificate /techaro/pki/mimi.techaro.lol/cert.pem; + ssl_certificate_key /techaro/pki/mimi.techaro.lol/key.pem; +} + +server { + listen unix:/tmp/nginx.sock; + + server_name mimi.techaro.lol; + + port_in_redirect off; + root "/srv/http/mimi.techaro.lol"; + index index.html; + + # Your normal configuration can go here + # location .php { fastcgi...} etc. +} \ No newline at end of file diff --git a/test/nginx/conf/nginx/conf.d/upstream-anubis.conf b/test/nginx/conf/nginx/conf.d/upstream-anubis.conf new file mode 100644 index 00000000..7aca929f --- /dev/null +++ b/test/nginx/conf/nginx/conf.d/upstream-anubis.conf @@ -0,0 +1,17 @@ +# /etc/nginx/conf.d/upstream-anubis.conf + +upstream anubis { + zone anubis_zone 64k; + # Make sure this matches the values you set for `BIND` and `BIND_NETWORK`. + # If this does not match, your services will not be protected by Anubis. + + # Try anubis first over a UNIX socket + #server unix:/run/anubis/nginx.sock; + server anubis:3000 resolve; + + # Optional: fall back to serving the websites directly. This allows your + # websites to be resilient against Anubis failing, at the risk of exposing + # them to the raw internet without protection. This is a tradeoff and can + # be worth it in some edge cases. + #server unix:/run/nginx.sock backup; +} \ No newline at end of file diff --git a/test/nginx/conf/nginx/mime.types b/test/nginx/conf/nginx/mime.types new file mode 100644 index 00000000..1c00d701 --- /dev/null +++ b/test/nginx/conf/nginx/mime.types @@ -0,0 +1,99 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/test/nginx/conf/nginx/nginx.conf b/test/nginx/conf/nginx/nginx.conf new file mode 100644 index 00000000..90be80e7 --- /dev/null +++ b/test/nginx/conf/nginx/nginx.conf @@ -0,0 +1,32 @@ +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + resolver 169.254.42.1 valid=300s ipv6=on; + resolver_timeout 10s; + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/test/nginx/test.sh b/test/nginx/test.sh new file mode 100755 index 00000000..4062cfe7 --- /dev/null +++ b/test/nginx/test.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +export VERSION=$GITHUB_COMMIT-test +export KO_DOCKER_REPO=ko.local + +source ../lib/lib.sh + +set -euo pipefail + +build_anubis_ko +mint_cert mimi.techaro.lol + +docker run --rm -it \ + -v ./conf/nginx:/etc/nginx:ro \ + -v ../pki:/techaro/pki:ro \ + nginx \ + nginx -t + +docker compose up -d + +docker compose down -t 1 || : +docker compose rm -f || : + +exit 0 From bcf525dbcfbda5d45a1dd8ebe035f613c3cf9ec3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 28 Dec 2025 22:04:16 -0500 Subject: [PATCH 15/24] build(deps): bump the github-actions group with 3 updates (#1369) Co-authored-by: Jason Cameron --- .github/workflows/docker.yml | 2 +- .github/workflows/docs-deploy.yml | 2 +- .github/workflows/docs-test.yml | 2 +- .github/workflows/ssh-ci-runner-cron.yml | 2 +- .github/workflows/zizmor.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 3d5abfe0..653afeb6 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -68,7 +68,7 @@ jobs: SLOG_LEVEL: debug - name: Generate artifact attestation - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 with: subject-name: ${{ env.IMAGE }} subject-digest: ${{ steps.build.outputs.digest }} diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index ef8186d4..687e3240 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -22,7 +22,7 @@ jobs: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Log into registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 diff --git a/.github/workflows/docs-test.yml b/.github/workflows/docs-test.yml index 543f25b8..15795824 100644 --- a/.github/workflows/docs-test.yml +++ b/.github/workflows/docs-test.yml @@ -18,7 +18,7 @@ jobs: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Docker meta id: meta diff --git a/.github/workflows/ssh-ci-runner-cron.yml b/.github/workflows/ssh-ci-runner-cron.yml index 47584b59..f12ea301 100644 --- a/.github/workflows/ssh-ci-runner-cron.yml +++ b/.github/workflows/ssh-ci-runner-cron.yml @@ -30,7 +30,7 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Build and push run: | cd ./test/ssh-ci diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index a5a2ac87..a3f3750c 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -29,7 +29,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: results.sarif category: zizmor From f5728e96a1a908f45faca4ce5840600c5a1f5df8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 28 Dec 2025 22:07:44 -0500 Subject: [PATCH 16/24] build(deps-dev): bump esbuild from 0.27.1 to 0.27.2 in the npm group (#1368) Co-authored-by: Jason Cameron --- package-lock.json | 220 +++++++++++++++++++++++----------------------- package.json | 2 +- 2 files changed, 111 insertions(+), 111 deletions(-) diff --git a/package-lock.json b/package-lock.json index 45754da7..2068a4ca 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@techaro/anubis", - "version": "1.24.0-pre1", + "version": "1.24.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@techaro/anubis", - "version": "1.24.0-pre1", + "version": "1.24.0", "license": "ISC", "dependencies": { "@aws-crypto/sha256-js": "^5.2.0", @@ -15,7 +15,7 @@ "devDependencies": { "cssnano": "^7.1.2", "cssnano-preset-advanced": "^7.0.10", - "esbuild": "^0.27.1", + "esbuild": "^0.27.2", "playwright": "^1.52.0", "postcss-cli": "^11.0.1", "postcss-import": "^16.1.1", @@ -62,9 +62,9 @@ } }, "node_modules/@esbuild/aix-ppc64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.1.tgz", - "integrity": "sha512-HHB50pdsBX6k47S4u5g/CaLjqS3qwaOVE5ILsq64jyzgMhLuCuZ8rGzM9yhsAjfjkbgUPMzZEPa7DAp7yz6vuA==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.2.tgz", + "integrity": "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw==", "cpu": [ "ppc64" ], @@ -79,9 +79,9 @@ } }, "node_modules/@esbuild/android-arm": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.1.tgz", - "integrity": "sha512-kFqa6/UcaTbGm/NncN9kzVOODjhZW8e+FRdSeypWe6j33gzclHtwlANs26JrupOntlcWmB0u8+8HZo8s7thHvg==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.2.tgz", + "integrity": "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA==", "cpu": [ "arm" ], @@ -96,9 +96,9 @@ } }, "node_modules/@esbuild/android-arm64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.1.tgz", - "integrity": "sha512-45fuKmAJpxnQWixOGCrS+ro4Uvb4Re9+UTieUY2f8AEc+t7d4AaZ6eUJ3Hva7dtrxAAWHtlEFsXFMAgNnGU9uQ==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.2.tgz", + "integrity": "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA==", "cpu": [ "arm64" ], @@ -113,9 +113,9 @@ } }, "node_modules/@esbuild/android-x64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.1.tgz", - "integrity": "sha512-LBEpOz0BsgMEeHgenf5aqmn/lLNTFXVfoWMUox8CtWWYK9X4jmQzWjoGoNb8lmAYml/tQ/Ysvm8q7szu7BoxRQ==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.2.tgz", + "integrity": "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A==", "cpu": [ "x64" ], @@ -130,9 +130,9 @@ } }, "node_modules/@esbuild/darwin-arm64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.1.tgz", - "integrity": "sha512-veg7fL8eMSCVKL7IW4pxb54QERtedFDfY/ASrumK/SbFsXnRazxY4YykN/THYqFnFwJ0aVjiUrVG2PwcdAEqQQ==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.2.tgz", + "integrity": "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg==", "cpu": [ "arm64" ], @@ -147,9 +147,9 @@ } }, "node_modules/@esbuild/darwin-x64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.1.tgz", - "integrity": "sha512-+3ELd+nTzhfWb07Vol7EZ+5PTbJ/u74nC6iv4/lwIU99Ip5uuY6QoIf0Hn4m2HoV0qcnRivN3KSqc+FyCHjoVQ==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.2.tgz", + "integrity": "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA==", "cpu": [ "x64" ], @@ -164,9 +164,9 @@ } }, "node_modules/@esbuild/freebsd-arm64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.1.tgz", - "integrity": "sha512-/8Rfgns4XD9XOSXlzUDepG8PX+AVWHliYlUkFI3K3GB6tqbdjYqdhcb4BKRd7C0BhZSoaCxhv8kTcBrcZWP+xg==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.2.tgz", + "integrity": "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g==", "cpu": [ "arm64" ], @@ -181,9 +181,9 @@ } }, "node_modules/@esbuild/freebsd-x64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.1.tgz", - "integrity": "sha512-GITpD8dK9C+r+5yRT/UKVT36h/DQLOHdwGVwwoHidlnA168oD3uxA878XloXebK4Ul3gDBBIvEdL7go9gCUFzQ==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.2.tgz", + "integrity": "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA==", "cpu": [ "x64" ], @@ -198,9 +198,9 @@ } }, "node_modules/@esbuild/linux-arm": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.1.tgz", - "integrity": "sha512-ieMID0JRZY/ZeCrsFQ3Y3NlHNCqIhTprJfDgSB3/lv5jJZ8FX3hqPyXWhe+gvS5ARMBJ242PM+VNz/ctNj//eA==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.2.tgz", + "integrity": "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw==", "cpu": [ "arm" ], @@ -215,9 +215,9 @@ } }, "node_modules/@esbuild/linux-arm64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.1.tgz", - "integrity": "sha512-W9//kCrh/6in9rWIBdKaMtuTTzNj6jSeG/haWBADqLLa9P8O5YSRDzgD5y9QBok4AYlzS6ARHifAb75V6G670Q==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.2.tgz", + "integrity": "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw==", "cpu": [ "arm64" ], @@ -232,9 +232,9 @@ } }, "node_modules/@esbuild/linux-ia32": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.1.tgz", - "integrity": "sha512-VIUV4z8GD8rtSVMfAj1aXFahsi/+tcoXXNYmXgzISL+KB381vbSTNdeZHHHIYqFyXcoEhu9n5cT+05tRv13rlw==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.2.tgz", + "integrity": "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w==", "cpu": [ "ia32" ], @@ -249,9 +249,9 @@ } }, "node_modules/@esbuild/linux-loong64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.1.tgz", - "integrity": "sha512-l4rfiiJRN7sTNI//ff65zJ9z8U+k6zcCg0LALU5iEWzY+a1mVZ8iWC1k5EsNKThZ7XCQ6YWtsZ8EWYm7r1UEsg==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.2.tgz", + "integrity": "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg==", "cpu": [ "loong64" ], @@ -266,9 +266,9 @@ } }, "node_modules/@esbuild/linux-mips64el": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.1.tgz", - "integrity": "sha512-U0bEuAOLvO/DWFdygTHWY8C067FXz+UbzKgxYhXC0fDieFa0kDIra1FAhsAARRJbvEyso8aAqvPdNxzWuStBnA==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.2.tgz", + "integrity": "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw==", "cpu": [ "mips64el" ], @@ -283,9 +283,9 @@ } }, "node_modules/@esbuild/linux-ppc64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.1.tgz", - "integrity": "sha512-NzdQ/Xwu6vPSf/GkdmRNsOfIeSGnh7muundsWItmBsVpMoNPVpM61qNzAVY3pZ1glzzAxLR40UyYM23eaDDbYQ==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.2.tgz", + "integrity": "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ==", "cpu": [ "ppc64" ], @@ -300,9 +300,9 @@ } }, "node_modules/@esbuild/linux-riscv64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.1.tgz", - "integrity": "sha512-7zlw8p3IApcsN7mFw0O1Z1PyEk6PlKMu18roImfl3iQHTnr/yAfYv6s4hXPidbDoI2Q0pW+5xeoM4eTCC0UdrQ==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.2.tgz", + "integrity": "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA==", "cpu": [ "riscv64" ], @@ -317,9 +317,9 @@ } }, "node_modules/@esbuild/linux-s390x": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.1.tgz", - "integrity": "sha512-cGj5wli+G+nkVQdZo3+7FDKC25Uh4ZVwOAK6A06Hsvgr8WqBBuOy/1s+PUEd/6Je+vjfm6stX0kmib5b/O2Ykw==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.2.tgz", + "integrity": "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w==", "cpu": [ "s390x" ], @@ -334,9 +334,9 @@ } }, "node_modules/@esbuild/linux-x64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.1.tgz", - "integrity": "sha512-z3H/HYI9MM0HTv3hQZ81f+AKb+yEoCRlUby1F80vbQ5XdzEMyY/9iNlAmhqiBKw4MJXwfgsh7ERGEOhrM1niMA==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.2.tgz", + "integrity": "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA==", "cpu": [ "x64" ], @@ -351,9 +351,9 @@ } }, "node_modules/@esbuild/netbsd-arm64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.1.tgz", - "integrity": "sha512-wzC24DxAvk8Em01YmVXyjl96Mr+ecTPyOuADAvjGg+fyBpGmxmcr2E5ttf7Im8D0sXZihpxzO1isus8MdjMCXQ==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.2.tgz", + "integrity": "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw==", "cpu": [ "arm64" ], @@ -368,9 +368,9 @@ } }, "node_modules/@esbuild/netbsd-x64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.1.tgz", - "integrity": "sha512-1YQ8ybGi2yIXswu6eNzJsrYIGFpnlzEWRl6iR5gMgmsrR0FcNoV1m9k9sc3PuP5rUBLshOZylc9nqSgymI+TYg==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.2.tgz", + "integrity": "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA==", "cpu": [ "x64" ], @@ -385,9 +385,9 @@ } }, "node_modules/@esbuild/openbsd-arm64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.1.tgz", - "integrity": "sha512-5Z+DzLCrq5wmU7RDaMDe2DVXMRm2tTDvX2KU14JJVBN2CT/qov7XVix85QoJqHltpvAOZUAc3ndU56HSMWrv8g==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.2.tgz", + "integrity": "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA==", "cpu": [ "arm64" ], @@ -402,9 +402,9 @@ } }, "node_modules/@esbuild/openbsd-x64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.1.tgz", - "integrity": "sha512-Q73ENzIdPF5jap4wqLtsfh8YbYSZ8Q0wnxplOlZUOyZy7B4ZKW8DXGWgTCZmF8VWD7Tciwv5F4NsRf6vYlZtqg==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.2.tgz", + "integrity": "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg==", "cpu": [ "x64" ], @@ -419,9 +419,9 @@ } }, "node_modules/@esbuild/openharmony-arm64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.1.tgz", - "integrity": "sha512-ajbHrGM/XiK+sXM0JzEbJAen+0E+JMQZ2l4RR4VFwvV9JEERx+oxtgkpoKv1SevhjavK2z2ReHk32pjzktWbGg==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.2.tgz", + "integrity": "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag==", "cpu": [ "arm64" ], @@ -436,9 +436,9 @@ } }, "node_modules/@esbuild/sunos-x64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.1.tgz", - "integrity": "sha512-IPUW+y4VIjuDVn+OMzHc5FV4GubIwPnsz6ubkvN8cuhEqH81NovB53IUlrlBkPMEPxvNnf79MGBoz8rZ2iW8HA==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.2.tgz", + "integrity": "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg==", "cpu": [ "x64" ], @@ -453,9 +453,9 @@ } }, "node_modules/@esbuild/win32-arm64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.1.tgz", - "integrity": "sha512-RIVRWiljWA6CdVu8zkWcRmGP7iRRIIwvhDKem8UMBjPql2TXM5PkDVvvrzMtj1V+WFPB4K7zkIGM7VzRtFkjdg==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.2.tgz", + "integrity": "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg==", "cpu": [ "arm64" ], @@ -470,9 +470,9 @@ } }, "node_modules/@esbuild/win32-ia32": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.1.tgz", - "integrity": "sha512-2BR5M8CPbptC1AK5JbJT1fWrHLvejwZidKx3UMSF0ecHMa+smhi16drIrCEggkgviBwLYd5nwrFLSl5Kho96RQ==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.2.tgz", + "integrity": "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ==", "cpu": [ "ia32" ], @@ -487,9 +487,9 @@ } }, "node_modules/@esbuild/win32-x64": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.1.tgz", - "integrity": "sha512-d5X6RMYv6taIymSk8JBP+nxv8DQAMY6A51GPgusqLdK9wBz5wWIXy1KjTck6HnjE9hqJzJRdk+1p/t5soSbCtw==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.2.tgz", + "integrity": "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ==", "cpu": [ "x64" ], @@ -1156,9 +1156,9 @@ } }, "node_modules/esbuild": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.1.tgz", - "integrity": "sha512-yY35KZckJJuVVPXpvjgxiCuVEJT67F6zDeVTv4rizyPrfGBUpZQsvmxnN+C371c2esD/hNMjj4tpBhuueLN7aA==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.2.tgz", + "integrity": "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -1169,32 +1169,32 @@ "node": ">=18" }, "optionalDependencies": { - "@esbuild/aix-ppc64": "0.27.1", - "@esbuild/android-arm": "0.27.1", - "@esbuild/android-arm64": "0.27.1", - "@esbuild/android-x64": "0.27.1", - "@esbuild/darwin-arm64": "0.27.1", - "@esbuild/darwin-x64": "0.27.1", - "@esbuild/freebsd-arm64": "0.27.1", - "@esbuild/freebsd-x64": "0.27.1", - "@esbuild/linux-arm": "0.27.1", - "@esbuild/linux-arm64": "0.27.1", - "@esbuild/linux-ia32": "0.27.1", - "@esbuild/linux-loong64": "0.27.1", - "@esbuild/linux-mips64el": "0.27.1", - "@esbuild/linux-ppc64": "0.27.1", - "@esbuild/linux-riscv64": "0.27.1", - "@esbuild/linux-s390x": "0.27.1", - "@esbuild/linux-x64": "0.27.1", - "@esbuild/netbsd-arm64": "0.27.1", - "@esbuild/netbsd-x64": "0.27.1", - "@esbuild/openbsd-arm64": "0.27.1", - "@esbuild/openbsd-x64": "0.27.1", - "@esbuild/openharmony-arm64": "0.27.1", - "@esbuild/sunos-x64": "0.27.1", - "@esbuild/win32-arm64": "0.27.1", - "@esbuild/win32-ia32": "0.27.1", - "@esbuild/win32-x64": "0.27.1" + "@esbuild/aix-ppc64": "0.27.2", + "@esbuild/android-arm": "0.27.2", + "@esbuild/android-arm64": "0.27.2", + "@esbuild/android-x64": "0.27.2", + "@esbuild/darwin-arm64": "0.27.2", + "@esbuild/darwin-x64": "0.27.2", + "@esbuild/freebsd-arm64": "0.27.2", + "@esbuild/freebsd-x64": "0.27.2", + "@esbuild/linux-arm": "0.27.2", + "@esbuild/linux-arm64": "0.27.2", + "@esbuild/linux-ia32": "0.27.2", + "@esbuild/linux-loong64": "0.27.2", + "@esbuild/linux-mips64el": "0.27.2", + "@esbuild/linux-ppc64": "0.27.2", + "@esbuild/linux-riscv64": "0.27.2", + "@esbuild/linux-s390x": "0.27.2", + "@esbuild/linux-x64": "0.27.2", + "@esbuild/netbsd-arm64": "0.27.2", + "@esbuild/netbsd-x64": "0.27.2", + "@esbuild/openbsd-arm64": "0.27.2", + "@esbuild/openbsd-x64": "0.27.2", + "@esbuild/openharmony-arm64": "0.27.2", + "@esbuild/sunos-x64": "0.27.2", + "@esbuild/win32-arm64": "0.27.2", + "@esbuild/win32-ia32": "0.27.2", + "@esbuild/win32-x64": "0.27.2" } }, "node_modules/escalade": { diff --git a/package.json b/package.json index f9a890d2..21dafb44 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "devDependencies": { "cssnano": "^7.1.2", "cssnano-preset-advanced": "^7.0.10", - "esbuild": "^0.27.1", + "esbuild": "^0.27.2", "playwright": "^1.52.0", "postcss-cli": "^11.0.1", "postcss-import": "^16.1.1", From 880020095ce0c5c3100d50b31607d8246f8fbe4d Mon Sep 17 00:00:00 2001 From: Jason Cameron Date: Sun, 28 Dec 2025 22:14:50 -0500 Subject: [PATCH 17/24] fix(test): remove interactive flag from nginx smoke test docker run command (#1371) --- test/nginx/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/nginx/test.sh b/test/nginx/test.sh index 4062cfe7..071479f7 100755 --- a/test/nginx/test.sh +++ b/test/nginx/test.sh @@ -10,7 +10,7 @@ set -euo pipefail build_anubis_ko mint_cert mimi.techaro.lol -docker run --rm -it \ +docker run --rm \ -v ./conf/nginx:/etc/nginx:ro \ -v ../pki:/techaro/pki:ro \ nginx \ From 1d8e98c5ecf1940277df17cc54f53199b425958f Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Sun, 28 Dec 2025 23:59:48 -0500 Subject: [PATCH 18/24] test(nginx): fix tests to work in GHA (#1372) * test(nginx): fix tests to work in GHA Closes: #1371 Signed-off-by: Xe Iaso * fix(test): does this work lol Signed-off-by: Xe Iaso * fix(test): does this other thing work lol Signed-off-by: Xe Iaso * fix(test): pki folder location Signed-off-by: Xe Iaso --------- Signed-off-by: Xe Iaso Signed-off-by: Jason Cameron Co-authored-by: Jason Cameron --- test/docker-registry/docker-compose.yaml | 2 +- test/lib/lib.sh | 75 ++++++++++++------------ test/nginx/test.sh | 15 ++--- test/palemoon/amd64/docker-compose.yml | 4 +- test/palemoon/i386/docker-compose.yml | 4 +- 5 files changed, 48 insertions(+), 52 deletions(-) diff --git a/test/docker-registry/docker-compose.yaml b/test/docker-registry/docker-compose.yaml index a1095bcb..963fcea8 100644 --- a/test/docker-registry/docker-compose.yaml +++ b/test/docker-registry/docker-compose.yaml @@ -14,7 +14,7 @@ services: ports: - 3004:3004 volumes: - - ../pki/registry.local.cetacean.club:/etc/techaro/pki/registry.local.cetacean.club + - ./pki/registry.local.cetacean.club:/etc/techaro/pki/registry.local.cetacean.club anubis: image: ko.local/anubis diff --git a/test/lib/lib.sh b/test/lib/lib.sh index 132848ac..0317598f 100644 --- a/test/lib/lib.sh +++ b/test/lib/lib.sh @@ -1,53 +1,56 @@ REPO_ROOT=$(git rev-parse --show-toplevel) (cd $REPO_ROOT && go install ./utils/cmd/...) +mkdir -p pki +echo '*' >>./pki/.gitignore + function cleanup() { - set +e + set +e - pkill -P $$ + pkill -P $$ - if [ -f "docker-compose.yaml" ]; then - docker compose down -t 1 || : - docker compose rm -f || : - fi + if [ -f "docker-compose.yaml" ]; then + docker compose down -t 1 || : + docker compose rm -f || : + fi } trap cleanup EXIT SIGINT function build_anubis_ko() { - ( - cd $REPO_ROOT && npm ci && npm run assets - ) - ( - cd $REPO_ROOT && - VERSION=devel ko build \ - --platform=all \ - --base-import-paths \ - --tags="latest" \ - --image-user=1000 \ - --image-annotation="" \ - --image-label="" \ - ./cmd/anubis \ - --local - ) + ( + cd $REPO_ROOT && npm ci && npm run assets + ) + ( + cd $REPO_ROOT && + VERSION=devel ko build \ + --platform=all \ + --base-import-paths \ + --tags="latest" \ + --image-user=1000 \ + --image-annotation="" \ + --image-label="" \ + ./cmd/anubis \ + --local + ) } function mint_cert() { - if [ "$#" -ne 1 ]; then - echo "Usage: mint_cert " - fi + if [ "$#" -ne 1 ]; then + echo "Usage: mint_cert " + fi - domainName="$1" + domainName="$1" - # If the transient local TLS certificate doesn't exist, mint a new one - if [ ! -f "${REPO_ROOT}/test/pki/${domainName}/cert.pem" ]; then - # Subshell to contain the directory change - ( - cd ${REPO_ROOT}/test/pki && - mkdir -p "${domainName}" && - go tool minica -domains "${domainName}" && - cd "${domainName}" && - chmod 666 * - ) - fi + # If the transient local TLS certificate doesn't exist, mint a new one + if [ ! -f "./pki/${domainName}/cert.pem" ]; then + # Subshell to contain the directory change + ( + cd ./pki && + mkdir -p "${domainName}" && + go tool minica -domains "${domainName}" && + cd "${domainName}" && + chmod 666 * + ) + fi } diff --git a/test/nginx/test.sh b/test/nginx/test.sh index 071479f7..c9d9475b 100755 --- a/test/nginx/test.sh +++ b/test/nginx/test.sh @@ -1,24 +1,17 @@ #!/usr/bin/env bash -export VERSION=$GITHUB_COMMIT-test -export KO_DOCKER_REPO=ko.local - source ../lib/lib.sh +export KO_DOCKER_REPO=ko.local + set -euo pipefail -build_anubis_ko mint_cert mimi.techaro.lol docker run --rm \ - -v ./conf/nginx:/etc/nginx:ro \ - -v ../pki:/techaro/pki:ro \ + -v $PWD/conf/nginx:/etc/nginx:ro \ + -v $PWD/pki:/techaro/pki:ro \ nginx \ nginx -t -docker compose up -d - -docker compose down -t 1 || : -docker compose rm -f || : - exit 0 diff --git a/test/palemoon/amd64/docker-compose.yml b/test/palemoon/amd64/docker-compose.yml index 9403df3b..59566e34 100644 --- a/test/palemoon/amd64/docker-compose.yml +++ b/test/palemoon/amd64/docker-compose.yml @@ -26,7 +26,7 @@ services: KEY_FNAME: key.pem PROXY_TO: http://anubis:3000 volumes: - - ../../pki/relayd:/techaro/pki:ro + - ./pki/relayd:/techaro/pki:ro # novnc: # image: geek1011/easy-novnc @@ -42,7 +42,7 @@ services: environment: DISPLAY: display:0 volumes: - - ../../pki:/usr/local/share/ca-certificates/minica:ro + - ./pki:/usr/local/share/ca-certificates/minica:ro - ../scripts:/hack/scripts:ro depends_on: - anubis diff --git a/test/palemoon/i386/docker-compose.yml b/test/palemoon/i386/docker-compose.yml index cda915da..98ec72af 100644 --- a/test/palemoon/i386/docker-compose.yml +++ b/test/palemoon/i386/docker-compose.yml @@ -24,7 +24,7 @@ services: KEY_FNAME: key.pem PROXY_TO: http://anubis:3000 volumes: - - ../../pki/relayd:/techaro/pki:ro + - ./pki/relayd:/techaro/pki:ro # novnc: # image: geek1011/easy-novnc @@ -40,5 +40,5 @@ services: environment: DISPLAY: display:0 volumes: - - ../../pki:/usr/local/share/ca-certificates/minica:ro + - ./pki:/usr/local/share/ca-certificates/minica:ro - ../scripts:/hack/scripts:ro From 359613f35ada5837012112ce77ff0cd5ece2f293 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Mon, 29 Dec 2025 12:10:17 -0500 Subject: [PATCH 19/24] feat: iplist2rule utility command (#1373) * feat: iplist2rule utility command Assisted-By: GLM 4.7 via Claude Code Signed-off-by: Xe Iaso * docs: update CHANGELOG Signed-off-by: Xe Iaso * chore: fix spelling Signed-off-by: Xe Iaso * chore: fix spelling again Signed-off-by: Xe Iaso * feat(iplist2rule): add comment describing how rule was generated Signed-off-by: Xe Iaso * docs: add iplist2rule docs Signed-off-by: Xe Iaso * chore: fix spelling Signed-off-by: Xe Iaso --------- Signed-off-by: Xe Iaso --- .github/actions/spelling/allow.txt | 5 ++ docs/docs/CHANGELOG.md | 1 + docs/docs/admin/iplist2rule.mdx | 50 ++++++++++++++ docs/docs/admin/robots2policy.mdx | 11 +-- utils/cmd/iplist2rule/blocklist.go | 57 ++++++++++++++++ utils/cmd/iplist2rule/main.go | 103 +++++++++++++++++++++++++++++ 6 files changed, 223 insertions(+), 4 deletions(-) create mode 100644 docs/docs/admin/iplist2rule.mdx create mode 100644 utils/cmd/iplist2rule/blocklist.go create mode 100644 utils/cmd/iplist2rule/main.go diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 5e3002bf..9d7a56c9 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -18,3 +18,8 @@ clampip pseudoprofound reimagining iocaine +admins +fout +iplist +NArg +blocklists diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 0c4271c7..2fba492a 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +- Add iplist2rule tool that lets admins turn an IP address blocklist into an Anubis ruleset. - Add Polish locale ([#1292](https://github.com/TecharoHQ/anubis/pull/1309)) diff --git a/docs/docs/admin/iplist2rule.mdx b/docs/docs/admin/iplist2rule.mdx new file mode 100644 index 00000000..4ff1d3df --- /dev/null +++ b/docs/docs/admin/iplist2rule.mdx @@ -0,0 +1,50 @@ +--- +title: iplist2rule CLI tool +--- + +The `iplist2rule` tool converts IP blocklists into Anubis challenge policies. It reads common IP block list formats and generates the appropriate Anubis policy file for IP address filtering. + +## Installation + +Install directly with Go + +```bash +go install github.com/TecharoHQ/anubis/utils/cmd/iplist2rule@latest +``` + +## Usage + +Basic conversion from URL: + +```bash +iplist2rule https://raw.githubusercontent.com/7c/torfilter/refs/heads/main/lists/txt/torfilter-1m-flat.txt filter-tor.yaml +``` + +Explicitly allow every IP address on a list: + +```bash +iplist2rule --action ALLOW https://raw.githubusercontent.com/7c/torfilter/refs/heads/main/lists/txt/torfilter-1m-flat.txt filter-tor.yaml +``` + +Add weight to requests matching IP addresses on a list: + +```bash +iplist2rule --action WEIGH --weight 20 https://raw.githubusercontent.com/7c/torfilter/refs/heads/main/lists/txt/torfilter-1m-flat.txt filter-tor.yaml +``` + +## Options + +| Flag | Description | Default | +| :------------ | :----------------------------------------------------------------------------------------------- | :-------------------------------- | +| `--action` | The Anubis action to take for the IP address in question, must be in ALL CAPS. | `DENY` (forbids traffic) | +| `--rule-name` | The name for the generated Anubis rule, should be in kebab-case. | (not set, inferred from filename) | +| `--weight` | When `--action=WEIGH`, how many weight points should be added or removed from matching requests? | 0 (not set) | + +## Using the Generated Policy + +Save the output and import it in your main policy file: + +```yaml +bots: + - import: "./filter-tor.yaml" +``` diff --git a/docs/docs/admin/robots2policy.mdx b/docs/docs/admin/robots2policy.mdx index 30f0eab0..fdbab6ff 100644 --- a/docs/docs/admin/robots2policy.mdx +++ b/docs/docs/admin/robots2policy.mdx @@ -12,6 +12,7 @@ Install directly with Go: ```bash go install github.com/TecharoHQ/anubis/cmd/robots2policy@latest ``` + ## Usage Basic conversion from URL: @@ -35,8 +36,8 @@ robots2policy -input robots.txt -action DENY -format json ## Options | Flag | Description | Default | -|-----------------------|--------------------------------------------------------------------|---------------------| -| `-input` | robots.txt file path or URL (use `-` for stdin) | *required* | +| --------------------- | ------------------------------------------------------------------ | ------------------- | +| `-input` | robots.txt file path or URL (use `-` for stdin) | _required_ | | `-output` | Output file (use `-` for stdout) | stdout | | `-format` | Output format: `yaml` or `json` | `yaml` | | `-action` | Action for disallowed paths: `ALLOW`, `DENY`, `CHALLENGE`, `WEIGH` | `CHALLENGE` | @@ -47,6 +48,7 @@ robots2policy -input robots.txt -action DENY -format json ## Example Input robots.txt: + ```txt User-agent: * Disallow: /admin/ @@ -57,6 +59,7 @@ Disallow: / ``` Generated policy: + ```yaml - name: robots-txt-policy-disallow-1 action: CHALLENGE @@ -77,8 +80,8 @@ Generated policy: Save the output and import it in your main policy file: ```yaml -import: - - path: "./robots-policy.yaml" +bots: + - import: "./robots-policy.yaml" ``` The tool handles wildcard patterns, user-agent specific rules, and blacklisted bots automatically. diff --git a/utils/cmd/iplist2rule/blocklist.go b/utils/cmd/iplist2rule/blocklist.go new file mode 100644 index 00000000..72bb47d8 --- /dev/null +++ b/utils/cmd/iplist2rule/blocklist.go @@ -0,0 +1,57 @@ +package main + +import ( + "bufio" + "fmt" + "io" + "net/http" + "net/netip" + "strings" +) + +// FetchBlocklist reads the blocklist over HTTP and returns every non-commented +// line parsed as an IP address in CIDR notation. IPv4 addresses are returned as +// /32, IPv6 addresses as /128. +// +// This function was generated with GLM 4.7. +func FetchBlocklist(url string) ([]string, error) { + resp, err := http.Get(url) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("HTTP request failed with status: %s", resp.Status) + } + + var lines []string + scanner := bufio.NewScanner(resp.Body) + for scanner.Scan() { + line := scanner.Text() + // Skip empty lines and comments (lines starting with #) + if line == "" || strings.HasPrefix(line, "#") { + continue + } + + addr, err := netip.ParseAddr(line) + if err != nil { + // Skip lines that aren't valid IP addresses + continue + } + + var cidr string + if addr.Is4() { + cidr = fmt.Sprintf("%s/32", addr.String()) + } else { + cidr = fmt.Sprintf("%s/128", addr.String()) + } + lines = append(lines, cidr) + } + + if err := scanner.Err(); err != nil && err != io.EOF { + return nil, err + } + + return lines, nil +} diff --git a/utils/cmd/iplist2rule/main.go b/utils/cmd/iplist2rule/main.go new file mode 100644 index 00000000..db49d1a0 --- /dev/null +++ b/utils/cmd/iplist2rule/main.go @@ -0,0 +1,103 @@ +package main + +import ( + "flag" + "fmt" + "log" + "os" + "path/filepath" + "strings" + "time" + + "github.com/TecharoHQ/anubis/lib/config" + "github.com/facebookgo/flagenv" + "sigs.k8s.io/yaml" +) + +type Rule struct { + Name string `yaml:"name" json:"name"` + Action config.Rule `yaml:"action" json:"action"` + RemoteAddr []string `json:"remote_addresses,omitempty" yaml:"remote_addresses,omitempty"` + Weight *config.Weight `json:"weight,omitempty" yaml:"weight,omitempty"` +} + +func init() { + flag.Usage = func() { + fmt.Printf(`Usage of %[1]s: + + %[1]s [flags] + +Grabs the contents of the blocklist, converts it to an Anubis ruleset, and writes it to filename. + +Flags: +`, filepath.Base(os.Args[0])) + + flag.PrintDefaults() + } +} + +var ( + action = flag.String("action", "DENY", "Anubis action to take (ALLOW / DENY / WEIGH)") + manualRuleName = flag.String("rule-name", "", "If set, prefer this name over inferring from filename") + weight = flag.Int("weight", 0, "If set to any number, add/subtract this many weight points when --action=WEIGH") +) + +func main() { + flagenv.Parse() + flag.Parse() + + if flag.NArg() != 2 { + flag.Usage() + os.Exit(2) + } + + blocklistURL := flag.Arg(0) + foutName := flag.Arg(1) + ruleName := strings.TrimSuffix(foutName, filepath.Ext(foutName)) + + if *manualRuleName != "" { + ruleName = *manualRuleName + } + + ruleAction := config.Rule(*action) + if err := ruleAction.Valid(); err != nil { + log.Fatalf("--action=%q is invalid: %v", *action, err) + } + + result := &Rule{ + Name: ruleName, + Action: ruleAction, + } + + if *weight != 0 { + if ruleAction != config.RuleWeigh { + log.Fatalf("used --weight=%d but --action=%s", *weight, *action) + } + + result.Weight = &config.Weight{ + Adjust: *weight, + } + } + + ips, err := FetchBlocklist(blocklistURL) + if err != nil { + log.Fatalf("can't fetch blocklist %s: %v", blocklistURL, err) + } + + result.RemoteAddr = ips + + fout, err := os.Create(foutName) + if err != nil { + log.Fatalf("can't create output file %q: %v", foutName, err) + } + defer fout.Close() + + fmt.Fprintf(fout, "# Generated by %s on %s from %s\n\n", filepath.Base(os.Args[0]), time.Now().Format(time.RFC3339), blocklistURL) + + data, err := yaml.Marshal([]*Rule{result}) + if err != nil { + log.Fatalf("can't marshal yaml") + } + + fout.Write(data) +} From 80a8e0a8aebd75e29de3ed38ecf7873b1bfff904 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Tue, 30 Dec 2025 10:56:58 -0500 Subject: [PATCH 20/24] chore: add Databento as diamond tier sponsor Signed-off-by: Xe Iaso --- README.md | 3 +++ docs/docs/index.mdx | 3 +++ docs/static/img/sponsors/databento-logo.webp | Bin 0 -> 4354 bytes 3 files changed, 6 insertions(+) create mode 100644 docs/static/img/sponsors/databento-logo.webp diff --git a/README.md b/README.md index d6fce169..7120876d 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,9 @@ Anubis is brought to you by sponsors and donors like: Raptor Computing Systems + + Databento + ### Gold Tier diff --git a/docs/docs/index.mdx b/docs/docs/index.mdx index ba1de7bf..99b12adb 100644 --- a/docs/docs/index.mdx +++ b/docs/docs/index.mdx @@ -29,6 +29,9 @@ Anubis is brought to you by sponsors and donors like: height="64" /> + + Databento + ### Gold Tier diff --git a/docs/static/img/sponsors/databento-logo.webp b/docs/static/img/sponsors/databento-logo.webp new file mode 100644 index 0000000000000000000000000000000000000000..d5252d1b922114cff84784dc8fb739e766848060 GIT binary patch literal 4354 zcmV+d5&iB`Nk&Hc5C8yIMM6+kP&gp&5C8zsNC2GyDuMxk06sAoi$kIzp%f{Md>{h^ zrtTL$zWDm@XZM=&Khu9?eV4f}y5C6m%i0H6QIG38^nY)^I6uVy$o5P6d;UkbFX>tE>i^}f-6uJkqepWGfs9RcEF>d)kVw0a}{o55ZHUxt4p z{{Q)d`H{#D06!@Hss2;$Q_~+%EPy|a|6Tui#*07?=6}_H;eUSh&HuOk51pUSzr%m& z{~hod{JZ*>{GacAqyKTej=yk8*Jsn%8-9S4)eK*@o}R$l^aQ4;V*RxA_6D;jRRgDQ zSC4*Y%sQ860xEiOpCK_Xu<^pX7!uhE9KUTekD5!-3f2!{t`UM@a6h~RxuKj5DJXf ztVS0!2)qQ6e!EaRE(6dnsochp@Vc@h);GNC(Y@+A(VNWV^Hf&~r=>*ee~y5@7nlt* z9u`i}Ir}L?<5_}7BDIfjZ_pC4Bx-;E|NsC0|NGb*et?wK3}3dMp1|Alr~m-|{jmT3 zSC{g&L-J4bOIn8BS-T6f^~9n1F=b4A8&%ORC0 zDS_v*&%kFGjdMr9a6RW+VE$phg7cNAGaya=d-%#OU6ziR8o6uRrElu0(NpZn?%tuu z`9Hb!7}$m5MOjTG_;-i=i|jooGIgq*e{RO=y8|pjkUz(ue=1wI1k~&#LMO0~B?Mf5 z&6NhN9S|=$VBZbpYEG)b1sSdgMd8lM98JcUEUJ^0km6nATd`j+)82)sajf;wIWmXT z6pF&23R#DSjBZMJ$VIq$@ZSh8DNg>rnZ^%;fvzkN_mR&|EDVadB?)Rh7m2%q7oC6_ z;o9|ao4Vc^7bgvy%1I6+*kmk4t)5U&3m-H$7cv|r;#~FoodfooWWHyq-EtzI&w&57 z{l#S|ydjiKfMhWA^w~NwOxrxcci4*@0?<&2L*vN`8gR$XR5Kj!WDgI1dQ)`>GzHeEHh-XVd^T|MDQ#Y6m9?2chS_PF^0XbyIF&UO zP2oD-9pMX8fb4U$|3W4`hF5!%+ONg~nP!2Fpct;h&wF zf4-F_@cJ^R^W!EUt`J9wmgNp8@`_x}D*Hrkh*t7su6B>vjl_eJdUqBBN?TvJ8z=lU zz%$F+2zJnC)41?MQ>2~xAen*|#QvPiz(8()8HTG0xYZn*^|?~rPpYG%#eqNZY2n*D zo?yN)D2wEl4eEoa>1_@&F9La^%nHM)YrpbWN!N1EA<&DZtZF777-NoOL|1R3~RD z-f9o?+)j_Fc7FUx{%O2DAA4&cGt_MRc#yWu`cYw~#`l5ueKN1xUlO%bKlEXP9Bg2~ zg!o5aSR^l9yAbm@C+j!}sp~PMBO~|i+$@Zv#>93#AA*d|+ry(4<S>{=&5XU5`v zz1f)F*$6y{lMLbW2VxfNO-pXogTuYM0p7q~Y(|QS2Tg#!#!hCB$rryD#e9L|bI!)s zu*;cxlwjikuG}T{y#0@Z7Qa9gnw>KqyRfA)MBMSp~iA^}8lvVb>zfgrQ& z1#c)y-`1&rJ#bG?0a*48?l}{82J*XmZ(#cH94&y7z8IOvjHCx~)!yAmG8lQcLHn|! z0xY2Sh4h!aZa4Ofq%QEvTZk%R{D5u`L43yzaCo!;3|f1Z(j{%e*uEX?lGY*VoIbkp zhl+^QI;eaM>=bL}0l$Cp+0Ru6JAG!V%&e-DfenBFh6C}9MTjlq&*j+KXDg5d$Q*07 zrIaZ@?5k^Q$<>0lDbE|e5!f{-Hrl}aEhA)y3V6We4|sPfrpxmG5nmvXQw%$&&_0k> zQ8eJ6&BHvamTI~aFwxVA0y7d}TG-NRZJ$L}N(WJr@xrE}dnYegEKLOx-Lh19*eN!d z5N9LVyPmohL&xe??M6_J7E4e zeyMmgw0bMrwZIDEeIxn9n0fuWAfO_$`vHZt?-{s7-;~z*K6d#{wr!NsNXvR2LqtC) zJ@nNJ1Nk@nnL+xuTvb7z1EK8CL<|Uwob}|(ugR&BaQcp?6RG?!oY~EEBSK?i(g%Q! zV9PBk|M^=uKdWL7EX)}Y;2}QKR*jBlEkwAi~!DSl~!5yp$n-39I+KaoOoQfQU~m-0QV7{;9eOjSi z2uVAr8c9Dh{O+GRv$9CwU<|GUOXiLY`!u$iMfFUbPZE}b=iz=;PY~Pj+xCd1yg#jr z(!UnKeh>O{q`!@lZWuhKw_quj;S(1}-eEA+ESDy~TipiKuR6kOAaAn3vvKm=T(5&W?JV9&yKz-uT`r`iUN3D>H{olP4=N=jxSFpc?a__&bk{t=R`JdPH1)+7dN zm9r?B3Jfk2XWMeLfe;~BOux?ku+qEik1Q8JwfAZqmLOFkm8B}c0ArurFeaDS6oMP+ z;n?{ez8{f$w+xrDDa(a@6e;_OVg($A(VueF@jUUf&%DJ!o-`L@-RrA>M#6xN`Go`8 zI+*)0F&Bn_HJG962RbMQ*$ZT1;baD)6wlM?fq|%~RTHYR&@CCki2$cUeWs#zpbbR^ z3q>fpuH&}3sqNKZs}3U>2u_(53fI?TMBh#7C2X=6eeuGp|Hw- z@gw5(n(~+rJ6&$%i671#N0JD}&h6kkbhTv98Do3)M1xs;<0sq?RSK84C@{I#2*0H2 zioPMEKJH41v#Q>V)cK6V$9bsAS}uG9v-m(HGUM5u@>&?r!G#cJn-3+*~<$XdMrmT>dPIDr%8 z8{i@#2kx4c1@gcb>y3OVJwf2~e|o`S-s;Dp)6)3 zW(iY$ca6^>k^bHPjglKJ)oqje@oky>EFNnuFegXeJ=_9C7p(1MrBIq?_;mOMK^Y7s zh)e*;a|J!XaprsmxWNquBjwIvn~9Gr0L$>TGfEOcfLaVPLSSeg5;ujir*J0YK}CX4 zlg4^DGm9z9Eblg<%CR(b{v3I>rQ=KHp9&jD|L$b0pCsOuZ!g1Czb1CoXR`of0(@JK zyo>3{pvaj^ToCz0&d|r-bESF)M1@*o3_B9=?6e(V&q~`5a0jBE)wYzR@$a2-F5n;c z{@71D};Jud4x;pNol{+c>KoM^|#3Ji|9v(zGr{n6cb+I#<x;7b3cZj73%dMD88k-UudF~L08B~zs^IreOxbFtVXxE zHxP&>AkEA#`Kfx)v}P1NUUluHbnP>_suZyN_-=S7&BHqYh^l&FZ7}e6*7By3HzW%@f000000000006W2u{Qv*} literal 0 HcmV?d00001 From 26d258fb948f0d1e0f4944ec913d767967b49f45 Mon Sep 17 00:00:00 2001 From: Jason Cameron Date: Thu, 1 Jan 2026 18:02:15 -0500 Subject: [PATCH 21/24] Update check-spelling metadata (#1379) --- .github/actions/spelling/excludes.txt | 12 +- .github/actions/spelling/expect.txt | 815 +++++++++++++------------- 2 files changed, 414 insertions(+), 413 deletions(-) diff --git a/.github/actions/spelling/excludes.txt b/.github/actions/spelling/excludes.txt index af8c5740..4488f860 100644 --- a/.github/actions/spelling/excludes.txt +++ b/.github/actions/spelling/excludes.txt @@ -87,10 +87,14 @@ ^docs/docs/user/known-instances.md$ ^docs/manifest/.*$ ^docs/static/\.nojekyll$ -^lib/policy/config/testdata/bad/unparseable\.json$ ^internal/glob/glob_test.go$ +^internal/honeypot/naive/affirmations\.txt$ +^internal/honeypot/naive/spintext\.txt$ +^internal/honeypot/naive/titles\.txt$ +^lib/config/testdata/bad/unparseable\.json$ +^lib/localization/.*_test.go$ +^lib/localization/locales/.*\.json$ +^lib/policy/config/testdata/bad/unparseable\.json$ +^test/.*$ ignore$ robots.txt -^lib/localization/locales/.*\.json$ -^lib/localization/.*_test.go$ -^test/.*$ diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index f2e4540b..4557c791 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -1,409 +1,406 @@ -acs -Actorified -actorifiedstore -actorify -Aibrew -alibaba -alrest -amazonbot -anthro -anubis -anubistest -apnic -APNICRANDNETAU -Applebot -archlinux -arpa -asnc -asnchecker -asns -aspirational -atuin -azuretools -badregexes -bbolt -bdba -berr -bezier -bingbot -Bitcoin -bitrate -Bluesky -blueskybot -boi -Bokm -botnet -botstopper -BPort -Brightbot -broked -buildah -byteslice -Bytespider -cachebuster -cachediptoasn -Caddyfile -caninetools -Cardyb -celchecker -celphase -cerr -certresolver -cespare -CGNAT -cgr -chainguard -chall -challengemozilla -challengetest -checkpath -checkresult -chibi -cidranger -ckie -cloudflare -Codespaces -confd -connnection -containerbuild -containerregistry -coreutils -Cotoyogi -Cromite -crt -Cscript -daemonizing -dayjob -DDOS -Debian -debrpm -decaymap -devcontainers -Diffbot -discordapp -discordbot -distros -dnf -dnsbl -dnserr -DNSTTL -domainhere -dracula -dronebl -droneblresponse -dropin -dsilence -duckduckbot -eerror -ellenjoe -emacs -enbyware -etld -everyones -evilbot -evilsite -expressionorlist -externalagent -externalfetcher -extldflags -facebookgo -Factset -fahedouch -fastcgi -FCr -fcrdns -fediverse -ffprobe -financials -finfos -Firecrawl -flagenv -Fordola -forgejo -forwardauth -fsys -fullchain -gaissmai -Galvus -geoip -geoipchecker -gha -GHSA -Ghz -gipc -gitea -godotenv -goland -gomod -goodbot -googlebot -gopsutil -govulncheck -goyaml -GPG -GPT -gptbot -Graphene -grpcprom -grw -gzw -Hashcash -hashrate -headermap -healthcheck -healthz -hec -helpdesk -Hetzner -hmc -homelab -hostable -htmlc -htmx -httpdebug -huawei -hypertext -iaskspider -iaso -iat -ifm -Imagesift -imgproxy -impressum -inbox -ingressed -inp -internets -IPTo -iptoasn -isp -iss -isset -ivh -Jenomis -JGit -jhjj -joho -journalctl -jshelter -JWTs -kagi -kagibot -Keyfunc -keypair -KHTML -kinda -KUBECONFIG -lcj -ldflags -letsencrypt -Lexentale -lfc -lgbt -licend -licstart -lightpanda -limsa -Linting -listor -LLU -loadbalancer -lol -lominsa -maintainership -malware -mcr -memes -metarefresh -metrix -mimi -Minfilia -mistralai -mnt -Mojeek -mojeekbot -mozilla -myclient -mymaster -mypass -myuser -nbf -nepeat -netsurf -nginx -nicksnyder -nobots -NONINFRINGEMENT -nosleep -nullglob -oci -OCOB -ogtag -oklch -omgili -omgilibot -openai -opendns -opengraph -openrc -oswald -pag -palemoon -Pangu -parseable -passthrough -Patreon -pgrep -phrik -pidfile -pids -pipefail -pki -podkova -podman -Postgre -poststart -prebaked -privkey -promauto -promhttp -proofofwork -publicsuffix -purejs -pwcmd -pwuser -qualys -qwant -qwantbot -rac -rawler -rcvar -redhat -redir -redirectscheme -refactors -remoteip -reputational -risc -ruleset -runlevels -RUnlock -runtimedir -runtimedirectory -Ryzen -sas -sasl -screenshots -searchbot -searx -sebest -secretplans -Semrush -Seo -setsebool -shellcheck -shirou -shopt -Sidetrade -simprint -sitemap -sls -sni -snipster -Spambot -sparkline -spyderbot -srv -stackoverflow -startprecmd -stoppostcmd -storetest -subgrid -subr -subrequest -SVCNAME -tagline -tarballs -tarrif -taviso -tbn -tbr -techaro -techarohq -telegrambot -templ -templruntime -testarea -Thancred -thoth -thothmock -Tik -Timpibot -TLog -traefik -trunc -uberspace -Unbreak -unbreakdocker -unifiedjs -unmarshal -unparseable -uvx -UXP -valkey -Varis -Velen -vendored -verify -vhosts -vkbot -VKE -vnd -VPS -Vultr -weblate -webmaster -webpage -websecure -websites -Webzio -whois -wildbase -withthothmock -wolfbeast -wordpress -workaround -workdir -wpbot -XCircle -xeiaso -xeserv -xesite -xess -xff -XForwarded -XNG -XOB -XOriginal -XReal -yae -YAMLTo -Yda -yeet -yeetfile -yourdomain -yyz -Zenos -zizmor -zombocom -zos -GLM -iocaine -nikandfor -pagegen -pseudoprofound -reimagining -Rhul -shoneypot -spammer -Y'shtola +acs +Actorified +actorifiedstore +actorify +Aibrew +alibaba +alrest +amazonbot +anthro +anubis +anubistest +apnic +APNICRANDNETAU +Applebot +archlinux +arpa +asnc +asnchecker +asns +aspirational +atuin +azuretools +badregexes +bbolt +bdba +berr +bezier +bingbot +Bitcoin +bitrate +Bluesky +blueskybot +boi +Bokm +botnet +botstopper +BPort +Brightbot +broked +buildah +byteslice +Bytespider +cachebuster +cachediptoasn +Caddyfile +caninetools +Cardyb +celchecker +celphase +cerr +certresolver +cespare +CGNAT +cgr +chainguard +chall +challengemozilla +challengetest +checkpath +checkresult +chibi +cidranger +ckie +cloudflare +Codespaces +confd +connnection +containerbuild +containerregistry +coreutils +Cotoyogi +Cromite +crt +Cscript +daemonizing +databento +dayjob +DDOS +Debian +debrpm +decaymap +devcontainers +Diffbot +discordapp +discordbot +distros +dnf +dnsbl +dnserr +DNSTTL +domainhere +dracula +dronebl +droneblresponse +dropin +dsilence +duckduckbot +eerror +ellenjoe +emacs +enbyware +etld +everyones +evilbot +evilsite +expressionorlist +externalagent +externalfetcher +extldflags +facebookgo +Factset +fahedouch +fastcgi +FCr +fcrdns +fediverse +ffprobe +financials +finfos +Firecrawl +flagenv +Fordola +forgejo +forwardauth +fsys +fullchain +gaissmai +Galvus +geoip +geoipchecker +gha +GHSA +Ghz +gipc +gitea +GLM +godotenv +goland +gomod +goodbot +googlebot +gopsutil +govulncheck +goyaml +GPG +GPT +gptbot +Graphene +grpcprom +grw +gzw +Hashcash +hashrate +headermap +healthcheck +healthz +hec +helpdesk +Hetzner +hmc +homelab +hostable +htmlc +htmx +httpdebug +huawei +hypertext +iaskspider +iaso +iat +ifm +Imagesift +imgproxy +impressum +inbox +ingressed +inp +internets +IPTo +iptoasn +isp +iss +isset +ivh +Jenomis +JGit +jhjj +joho +journalctl +jshelter +JWTs +kagi +kagibot +Keyfunc +keypair +KHTML +kinda +KUBECONFIG +lcj +ldflags +letsencrypt +Lexentale +lfc +lgbt +licend +licstart +lightpanda +limsa +Linting +listor +LLU +loadbalancer +lol +lominsa +maintainership +malware +mcr +memes +metarefresh +metrix +mimi +Minfilia +mistralai +mnt +Mojeek +mojeekbot +mozilla +myclient +mymaster +mypass +myuser +nbf +nepeat +netsurf +nginx +nicksnyder +nikandfor +nobots +NONINFRINGEMENT +nosleep +nullglob +oci +OCOB +ogtag +oklch +omgili +omgilibot +openai +opendns +opengraph +openrc +oswald +pag +pagegen +palemoon +Pangu +parseable +passthrough +Patreon +pgrep +phrik +pidfile +pids +pipefail +pki +podkova +podman +Postgre +poststart +prebaked +privkey +promauto +promhttp +proofofwork +publicsuffix +purejs +pwcmd +pwuser +qualys +qwant +qwantbot +rac +rawler +rcvar +redhat +redir +redirectscheme +refactors +remoteip +reputational +Rhul +risc +ruleset +runlevels +RUnlock +runtimedir +runtimedirectory +Ryzen +sas +sasl +screenshots +searchbot +searx +sebest +secretplans +Semrush +Seo +setsebool +shellcheck +shirou +shoneypot +shopt +Sidetrade +simprint +sitemap +sls +sni +snipster +Spambot +spammer +sparkline +spyderbot +srv +stackoverflow +startprecmd +stoppostcmd +storetest +subgrid +subr +subrequest +SVCNAME +tagline +tarballs +tarrif +taviso +tbn +tbr +techaro +techarohq +telegrambot +templ +templruntime +testarea +Thancred +thoth +thothmock +Tik +Timpibot +TLog +traefik +trunc +uberspace +Unbreak +unbreakdocker +unifiedjs +unmarshal +unparseable +uvx +UXP +valkey +Varis +Velen +vendored +vhosts +vkbot +VKE +vnd +VPS +Vultr +weblate +webmaster +webpage +websecure +websites +Webzio +whois +wildbase +withthothmock +wolfbeast +wordpress +workaround +workdir +wpbot +XCircle +xeiaso +xeserv +xesite +xess +xff +XForwarded +XNG +XOB +XOriginal +XReal +Y'shtola +yae +YAMLTo +Yda +yeet +yeetfile +yourdomain +yyz +Zenos +zizmor +zombocom +zos From cee7871ef8b64f45c1293c03be13a0bfa9f56a90 Mon Sep 17 00:00:00 2001 From: lif <1835304752@qq.com> Date: Fri, 2 Jan 2026 12:21:31 +0800 Subject: [PATCH 22/24] fix: update SSL Labs IP addresses (#1377) Signed-off-by: majiayu000 <1835304752@qq.com> Co-authored-by: Jason Cameron --- data/apps/qualys-ssl-labs.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/apps/qualys-ssl-labs.yml b/data/apps/qualys-ssl-labs.yml index 2092051f..3a9ed386 100644 --- a/data/apps/qualys-ssl-labs.yml +++ b/data/apps/qualys-ssl-labs.yml @@ -3,5 +3,6 @@ - name: qualys-ssl-labs action: ALLOW remote_addresses: - - 64.41.200.0/24 - - 2600:C02:1020:4202::/64 \ No newline at end of file + - 69.67.183.0/24 + - 2600:C02:1020:4202::/64 + - 2602:fdaa:c6:2::/64 \ No newline at end of file From 71147b4857b103ec94eaa3ff69148fa77f765778 Mon Sep 17 00:00:00 2001 From: lif <1835304752@qq.com> Date: Fri, 2 Jan 2026 21:01:43 +0800 Subject: [PATCH 23/24] fix: respect Accept-Language quality factors in language detection (#1380) The Accept-Language header parsing was not correctly handling quality factors. When a browser sends "en-GB,de-DE;q=0.5", the expected behavior is to prefer English (q=1.0 by default) over German (q=0.5). The fix uses golang.org/x/text/language.ParseAcceptLanguage to properly parse and sort language preferences by quality factor. It also adds base language fallbacks (e.g., "en" for "en-GB") to ensure regional variants match their parent languages when no exact match exists. Fixes #1022 Signed-off-by: majiayu000 <1835304752@qq.com> --- lib/localization/localization.go | 23 +++++++++++++++- lib/localization/localization_test.go | 38 +++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/lib/localization/localization.go b/lib/localization/localization.go index 6b8d2a6f..02189bf8 100644 --- a/lib/localization/localization.go +++ b/lib/localization/localization.go @@ -81,7 +81,28 @@ func (ls *LocalizationService) GetLocalizerFromRequest(r *http.Request) *i18n.Lo return i18n.NewLocalizer(bundle, "en") } acceptLanguage := r.Header.Get("Accept-Language") - return i18n.NewLocalizer(ls.bundle, acceptLanguage, "en") + + // Parse Accept-Language header to properly handle quality factors + // The language.ParseAcceptLanguage function returns tags sorted by quality + tags, _, err := language.ParseAcceptLanguage(acceptLanguage) + if err != nil || len(tags) == 0 { + return i18n.NewLocalizer(ls.bundle, "en") + } + + // Convert parsed tags to strings for the localizer + // We include both the full tag and base language to ensure proper matching + langs := make([]string, 0, len(tags)*2+1) + for _, tag := range tags { + langs = append(langs, tag.String()) + // Also add base language (e.g., "en" for "en-GB") to help matching + base, _ := tag.Base() + if base.String() != tag.String() { + langs = append(langs, base.String()) + } + } + langs = append(langs, "en") // Always include English as fallback + + return i18n.NewLocalizer(ls.bundle, langs...) } // SimpleLocalizer wraps i18n.Localizer with a more convenient API diff --git a/lib/localization/localization_test.go b/lib/localization/localization_test.go index 47442f18..006e76d6 100644 --- a/lib/localization/localization_test.go +++ b/lib/localization/localization_test.go @@ -3,6 +3,7 @@ package localization import ( "encoding/json" "fmt" + "net/http/httptest" "sort" "testing" @@ -138,3 +139,40 @@ func TestComprehensiveTranslations(t *testing.T) { }) } } + +func TestAcceptLanguageQualityFactors(t *testing.T) { + service := NewLocalizationService() + + testCases := []struct { + name string + acceptLanguage string + expectedLang string + }{ + {"simple_en", "en", "en"}, + {"simple_de", "de", "de"}, + {"en_GB_with_lower_priority_de", "en-GB,de-DE;q=0.5", "en"}, + {"en_GB_only", "en-GB", "en"}, + {"de_with_lower_priority_en", "de,en;q=0.5", "de"}, + {"de_DE_with_lower_priority_en", "de-DE,en;q=0.5", "de"}, + {"fr_with_lower_priority_de", "fr,de;q=0.5", "fr"}, + {"zh_CN_regional", "zh-CN", "zh-CN"}, + {"zh_TW_regional", "zh-TW", "zh-TW"}, + {"pt_BR_regional", "pt-BR", "pt-BR"}, + {"complex_header", "fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.5", "fr"}, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + req := httptest.NewRequest("GET", "/", nil) + req.Header.Set("Accept-Language", tc.acceptLanguage) + + localizer := service.GetLocalizerFromRequest(req) + sl := &SimpleLocalizer{Localizer: localizer} + + gotLang := sl.GetLang() + if gotLang != tc.expectedLang { + t.Errorf("Accept-Language %q: expected %s, got %s", tc.acceptLanguage, tc.expectedLang, gotLang) + } + }) + } +} From ebad69a4e1676ca088a012205642076fbfd8515f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Jan 2026 19:06:05 -0500 Subject: [PATCH 24/24] build(deps): bump the gomod group across 1 directory with 3 updates (#1370) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jason Cameron --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ test/go.mod | 12 ++++++------ test/go.sum | 20 ++++++++++---------- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/go.mod b/go.mod index ac48abd9..edbbddba 100644 --- a/go.mod +++ b/go.mod @@ -1,13 +1,13 @@ module github.com/TecharoHQ/anubis -go 1.24.2 +go 1.25.0 require ( github.com/TecharoHQ/thoth-proto v0.5.0 github.com/a-h/templ v0.3.960 github.com/aws/aws-sdk-go-v2 v1.41.0 - github.com/aws/aws-sdk-go-v2/config v1.32.5 - github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2 + github.com/aws/aws-sdk-go-v2/config v1.32.6 + github.com/aws/aws-sdk-go-v2/service/s3 v1.94.0 github.com/cespare/xxhash/v2 v2.3.0 github.com/facebookgo/flagenv v0.0.0-20160425205200-fcd59fca7456 github.com/fahedouch/go-logrotate v0.3.0 @@ -32,7 +32,7 @@ require ( golang.org/x/text v0.32.0 google.golang.org/grpc v1.77.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/apimachinery v0.34.3 + k8s.io/apimachinery v0.35.0 sigs.k8s.io/yaml v1.6.0 ) @@ -55,7 +55,7 @@ require ( github.com/andybalholm/brotli v1.2.0 // indirect github.com/antlr4-go/antlr/v4 v4.13.1 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.19.5 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.19.6 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 // indirect @@ -66,7 +66,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 // indirect github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 // indirect github.com/aws/smithy-go v1.24.0 // indirect diff --git a/go.sum b/go.sum index e8a4615b..526d5ad5 100644 --- a/go.sum +++ b/go.sum @@ -55,10 +55,10 @@ github.com/aws/aws-sdk-go-v2 v1.41.0 h1:tNvqh1s+v0vFYdA1xq0aOJH+Y5cRyZ5upu6roPgP github.com/aws/aws-sdk-go-v2 v1.41.0/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 h1:489krEF9xIGkOaaX3CE/Be2uWjiXrkCH6gUX+bZA/BU= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4/go.mod h1:IOAPF6oT9KCsceNTvvYMNHy0+kMF8akOjeDvPENWxp4= -github.com/aws/aws-sdk-go-v2/config v1.32.5 h1:pz3duhAfUgnxbtVhIK39PGF/AHYyrzGEyRD9Og0QrE8= -github.com/aws/aws-sdk-go-v2/config v1.32.5/go.mod h1:xmDjzSUs/d0BB7ClzYPAZMmgQdrodNjPPhd6bGASwoE= -github.com/aws/aws-sdk-go-v2/credentials v1.19.5 h1:xMo63RlqP3ZZydpJDMBsH9uJ10hgHYfQFIk1cHDXrR4= -github.com/aws/aws-sdk-go-v2/credentials v1.19.5/go.mod h1:hhbH6oRcou+LpXfA/0vPElh/e0M3aFeOblE1sssAAEk= +github.com/aws/aws-sdk-go-v2/config v1.32.6 h1:hFLBGUKjmLAekvi1evLi5hVvFQtSo3GYwi+Bx4lpJf8= +github.com/aws/aws-sdk-go-v2/config v1.32.6/go.mod h1:lcUL/gcd8WyjCrMnxez5OXkO3/rwcNmvfno62tnXNcI= +github.com/aws/aws-sdk-go-v2/credentials v1.19.6 h1:F9vWao2TwjV2MyiyVS+duza0NIRtAslgLUM0vTA1ZaE= +github.com/aws/aws-sdk-go-v2/credentials v1.19.6/go.mod h1:SgHzKjEVsdQr6Opor0ihgWtkWdfRAIwxYzSJ8O85VHY= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 h1:80+uETIWS1BqjnN9uJ0dBUaETh+P1XwFy5vwHwK5r9k= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16/go.mod h1:wOOsYuxYuB/7FlnVtzeBYRcjSRtQpAW0hCP7tIULMwo= github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 h1:rgGwPzb82iBYSvHMHXc8h9mRoOUBZIGFgKb9qniaZZc= @@ -77,12 +77,12 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 h1:oHjJHeUy github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16/go.mod h1:iRSNGgOYmiYwSCXxXaKb9HfOEj40+oTKn8pTxMlYkRM= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 h1:NSbvS17MlI2lurYgXnCOLvCFX38sBW4eiVER7+kkgsU= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16/go.mod h1:SwT8Tmqd4sA6G1qaGdzWCJN99bUmPGHfRwwq3G5Qb+A= -github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2 h1:U3ygWUhCpiSPYSHOrRhb3gOl9T5Y3kB8k5Vjs//57bE= -github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2/go.mod h1:79S2BdqCJpScXZA2y+cpZuocWsjGjJINyXnOsf5DTz8= +github.com/aws/aws-sdk-go-v2/service/s3 v1.94.0 h1:SWTxh/EcUCDVqi/0s26V6pVUq0BBG7kx0tDTmF/hCgA= +github.com/aws/aws-sdk-go-v2/service/s3 v1.94.0/go.mod h1:79S2BdqCJpScXZA2y+cpZuocWsjGjJINyXnOsf5DTz8= github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 h1:HpI7aMmJ+mm1wkSHIA2t5EaFFv5EFYXePW30p1EIrbQ= github.com/aws/aws-sdk-go-v2/service/signin v1.0.4/go.mod h1:C5RdGMYGlfM0gYq/tifqgn4EbyX99V15P2V3R+VHbQU= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 h1:eYnlt6QxnFINKzwxP5/Ucs1vkG7VT3Iezmvfgc2waUw= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.7/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 h1:aM/Q24rIlS3bRAhTyFurowU8A0SMyGDtEOY/l/s/1Uw= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.8/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 h1:AHDr0DaHIAo8c9t1emrzAlVDFp+iMMKnPdYy6XO4MCE= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12/go.mod h1:GQ73XawFFiWxyWXMHWfhiomvP3tXtdNar/fi8z18sx0= github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 h1:SciGFVNZ4mHdm7gpD1dgZYnCuVdX1s+lFTg4+4DOy70= @@ -322,8 +322,8 @@ github.com/nicksnyder/go-i18n/v2 v2.6.0 h1:C/m2NNWNiTB6SK4Ao8df5EWm3JETSTIGNXBpM github.com/nicksnyder/go-i18n/v2 v2.6.0/go.mod h1:88sRqr0C6OPyJn0/KRNaEz1uWorjxIKP7rUUcvycecE= github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3 h1:foZ9X1bz2KmW7b8Yx5V0LAQKhTazdllv5rnGUe6iGTY= github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3/go.mod h1:wwDYKfVF3WHdY0rugsAZoIpyQjDA3bn9wEzo/QXPx1Y= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= +github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -557,8 +557,8 @@ gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= honnef.co/go/tools v0.6.1 h1:R094WgE8K4JirYjBaOpz/AvTyUu/3wbmAoskKN/pxTI= honnef.co/go/tools v0.6.1/go.mod h1:3puzxxljPCe8RGJX7BIy1plGbxEOZni5mR2aXe3/uk4= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= +k8s.io/apimachinery v0.35.0 h1:Z2L3IHvPVv/MJ7xRxHEtk6GoJElaAqDCCU0S6ncYok8= +k8s.io/apimachinery v0.35.0/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= mvdan.cc/sh/v3 v3.12.0 h1:ejKUR7ONP5bb+UGHGEG/k9V5+pRVIyD+LsZz7o8KHrI= mvdan.cc/sh/v3 v3.12.0/go.mod h1:Se6Cj17eYSn+sNooLZiEUnNNmNxg0imoYlTu4CyaGyg= pault.ag/go/debian v0.18.0 h1:nr0iiyOU5QlG1VPnhZLNhnCcHx58kukvBJp+dvaM6CQ= diff --git a/test/go.mod b/test/go.mod index c7f4db16..cf4bb692 100644 --- a/test/go.mod +++ b/test/go.mod @@ -1,6 +1,6 @@ module github.com/TecharoHQ/anubis/test -go 1.24.5 +go 1.25.0 replace github.com/TecharoHQ/anubis => .. @@ -20,8 +20,8 @@ require ( github.com/antlr4-go/antlr/v4 v4.13.1 // indirect github.com/aws/aws-sdk-go-v2 v1.41.0 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect - github.com/aws/aws-sdk-go-v2/config v1.32.5 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.19.5 // indirect + github.com/aws/aws-sdk-go-v2/config v1.32.6 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.19.6 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 // indirect @@ -31,9 +31,9 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.94.0 // indirect github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 // indirect github.com/aws/smithy-go v1.24.0 // indirect @@ -97,7 +97,7 @@ require ( google.golang.org/grpc v1.77.0 // indirect google.golang.org/protobuf v1.36.11 // indirect gotest.tools/v3 v3.5.2 // indirect - k8s.io/apimachinery v0.34.3 // indirect + k8s.io/apimachinery v0.35.0 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/test/go.sum b/test/go.sum index bbaf2b80..a930a4cb 100644 --- a/test/go.sum +++ b/test/go.sum @@ -20,10 +20,10 @@ github.com/aws/aws-sdk-go-v2 v1.41.0 h1:tNvqh1s+v0vFYdA1xq0aOJH+Y5cRyZ5upu6roPgP github.com/aws/aws-sdk-go-v2 v1.41.0/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 h1:489krEF9xIGkOaaX3CE/Be2uWjiXrkCH6gUX+bZA/BU= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4/go.mod h1:IOAPF6oT9KCsceNTvvYMNHy0+kMF8akOjeDvPENWxp4= -github.com/aws/aws-sdk-go-v2/config v1.32.5 h1:pz3duhAfUgnxbtVhIK39PGF/AHYyrzGEyRD9Og0QrE8= -github.com/aws/aws-sdk-go-v2/config v1.32.5/go.mod h1:xmDjzSUs/d0BB7ClzYPAZMmgQdrodNjPPhd6bGASwoE= -github.com/aws/aws-sdk-go-v2/credentials v1.19.5 h1:xMo63RlqP3ZZydpJDMBsH9uJ10hgHYfQFIk1cHDXrR4= -github.com/aws/aws-sdk-go-v2/credentials v1.19.5/go.mod h1:hhbH6oRcou+LpXfA/0vPElh/e0M3aFeOblE1sssAAEk= +github.com/aws/aws-sdk-go-v2/config v1.32.6 h1:hFLBGUKjmLAekvi1evLi5hVvFQtSo3GYwi+Bx4lpJf8= +github.com/aws/aws-sdk-go-v2/config v1.32.6/go.mod h1:lcUL/gcd8WyjCrMnxez5OXkO3/rwcNmvfno62tnXNcI= +github.com/aws/aws-sdk-go-v2/credentials v1.19.6 h1:F9vWao2TwjV2MyiyVS+duza0NIRtAslgLUM0vTA1ZaE= +github.com/aws/aws-sdk-go-v2/credentials v1.19.6/go.mod h1:SgHzKjEVsdQr6Opor0ihgWtkWdfRAIwxYzSJ8O85VHY= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 h1:80+uETIWS1BqjnN9uJ0dBUaETh+P1XwFy5vwHwK5r9k= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16/go.mod h1:wOOsYuxYuB/7FlnVtzeBYRcjSRtQpAW0hCP7tIULMwo= github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 h1:rgGwPzb82iBYSvHMHXc8h9mRoOUBZIGFgKb9qniaZZc= @@ -42,12 +42,12 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 h1:oHjJHeUy github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16/go.mod h1:iRSNGgOYmiYwSCXxXaKb9HfOEj40+oTKn8pTxMlYkRM= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 h1:NSbvS17MlI2lurYgXnCOLvCFX38sBW4eiVER7+kkgsU= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16/go.mod h1:SwT8Tmqd4sA6G1qaGdzWCJN99bUmPGHfRwwq3G5Qb+A= -github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2 h1:U3ygWUhCpiSPYSHOrRhb3gOl9T5Y3kB8k5Vjs//57bE= -github.com/aws/aws-sdk-go-v2/service/s3 v1.93.2/go.mod h1:79S2BdqCJpScXZA2y+cpZuocWsjGjJINyXnOsf5DTz8= +github.com/aws/aws-sdk-go-v2/service/s3 v1.94.0 h1:SWTxh/EcUCDVqi/0s26V6pVUq0BBG7kx0tDTmF/hCgA= +github.com/aws/aws-sdk-go-v2/service/s3 v1.94.0/go.mod h1:79S2BdqCJpScXZA2y+cpZuocWsjGjJINyXnOsf5DTz8= github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 h1:HpI7aMmJ+mm1wkSHIA2t5EaFFv5EFYXePW30p1EIrbQ= github.com/aws/aws-sdk-go-v2/service/signin v1.0.4/go.mod h1:C5RdGMYGlfM0gYq/tifqgn4EbyX99V15P2V3R+VHbQU= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 h1:eYnlt6QxnFINKzwxP5/Ucs1vkG7VT3Iezmvfgc2waUw= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.7/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 h1:aM/Q24rIlS3bRAhTyFurowU8A0SMyGDtEOY/l/s/1Uw= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.8/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 h1:AHDr0DaHIAo8c9t1emrzAlVDFp+iMMKnPdYy6XO4MCE= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12/go.mod h1:GQ73XawFFiWxyWXMHWfhiomvP3tXtdNar/fi8z18sx0= github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 h1:SciGFVNZ4mHdm7gpD1dgZYnCuVdX1s+lFTg4+4DOy70= @@ -287,8 +287,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= +k8s.io/apimachinery v0.35.0 h1:Z2L3IHvPVv/MJ7xRxHEtk6GoJElaAqDCCU0S6ncYok8= +k8s.io/apimachinery v0.35.0/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=