Upstream #382
Closed
Upstream #382
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add support for SPAO headers to slayers and the router data plane. This will be used to authenticate SCMP error messages. Currently, the DRKey provider is not implemented in the router. Furthermore, the SCMP error messages are not yet authenticated on the receiver side.
Use AS certificates in the control plane's QUIC TLS, for the benefit of authenticating DRKey Level1 requests. In contrast to other control plane requests, the DRKey Level 1 key requests require confidentiality and authentication. For these requests, we use TLS authenticated with the CP-PKI AS certificates. Previously, we would run two separate grpc "servers" on the same QUIC socket. One server without authentication, used for most control service requests, and one with grpc authentication for the DRKey requests. In either case, the underlying connection would use the TLS from QUIC with self-signed certificates without authentication (`InsecureSkipVerify: true`). For the grpc authentication, an additional TLS session would run on top, so we'd have two nested TLS sessions. This setup simply did not work properly. The two different grpc servers competed for accepted connections on the QUIC socket and chance determined whether a request would be processed by the appropriate server. Automatic request retry has hidden the problem to some extent in early testing. Fix this by always using AS certificates in the QUIC connection directly, and never using grpc's TLS. This approach has been previously considered impractical, but a grpc-go contributor pointed us in the right direction for a clean implementation now; adding a custom implementation of the `credentials.TransportCredentials` interface allows us to pass through the TLS state of the underlying QUIC connection to grpc. Note that: - we cannot verify the certificates for all requests; this would be a circular dependency e.g. for fetching certificate chains and trcs - the client certificate is now validated directly from the DRKey grpc server logic. At this point, the TLS session has already been established and any errors result in a grpc error, not a TLS handshake error. This is unavoidable, as we can only know the method invoked after accepting the TLS session to know whether the certificates should be validated (see point above).
Add section on the project governance with the TC Implementation, including a list of the current members.
The pkg/private/common, util and xtest packages have rather fuzzy scope,
and have accumulated a bit of cruft and unused or outdated
functionality. Clean this up a bit:
* pkg/private/common:
* remove unused constants
* remove outdated error handling helpers and replace remaining use
* remove NativeOrder and IsBigEndian: No longer needed.
Native byte order is not often needed, but will eventually show up
in standard library anyway (golang/go#57237).
* pkg/private/util:
* remove unused helper functionality
* remove Checksum: only used to compute reference value in slayers
test cases. Use a simpler, non-optimized implementation for this.
Closes #4262.
* move RunsInDocker to private/env
* move ASList to tools/integration
* pkg/private/xtest:
* remove unused helpers
* remove unused Callback and MockCallback
* replace FailOnErr with require.NoError
* replace AssertErrorsIs with assert.ErrorIs
There are still more things to clean up in `pkg/private`, in future PRs,
in particular:
* `common.ErrMsg` should be integrated in `serrors`
* `common.IFIDType` should be removed or renamed and moved somewhere
more appropriate
* Merge the remainder of `util` and `common`
* Clean up `LinkType` and `RevInfo` from `pkg/private/ctrl`
Previously only the keys were loaded from disk, the chains were fetched from the DB. This becomes a problem with certificate renewal (especially when overwriting the key/cert files) because the new key is loaded from the disk but no corresponding certificate is loaded into the DB Additionally, loading certs from disk for each individual TLS session establishment is not ideal, so we should have a cache. Removed the separate X509KeyPairLoader and replaced it with trust.SignerGen (extended to allow filtering certificates for key usage). For this SignerGen, a CachingSignerGen implementation already exists. The new TLSCertificateLoader wraps this SignerGen and converts the resulting Signer to a tls.Certificate. Loading the certificates is no longer part of trust.TLSCryptoManager. Thus, rename TLSCryptoManager to TLSCryptoVerifier.
Remove (most) golangci-lint exceptions for the errcheck linter.
This linter is generally very helpful and it seems better not to give
blanket exceptions for violations. It's rarely necessary to use nolint
to silence specific false positives, as it's usually enough to
explicitly ignore errors by assigning to a blank identifier, which seems
seems helpful for readers of the code.
Fix errcheck violations:
- Explicitly ignore or log errors where this seems appropriate
- In http.Handler code, ignore errors when writing the response body.
Use rw.Write where possible to make it as clear as possible that the
Write is the only remaining possibility for errors.
Some of the diagnostics pages would require more restructuring to
handle errors properly; in some cases, errors are ignored by using
fmt.Fprint (for which errcheck ignores errors), instead of Write.
- Assert or panic on errors in tests
- Remove some unused code snippets with violations (TestMain, log/testlog.SetupGlobals)
- Restructure control/beacon.ParsePolicyYaml so initDefaults does not
return an error (and btw, use correct input file in test)
- Handle SetDeadline errors in sock/reliable/reconnect
- Handle UnderlayPacket.DecodeFromBytes error in sock/reliable.Conn
During creating the signed protobuf body for an ASEntry in PathSegment.AddASentry, a reference to a member of the loop variable (`peer.HopField.MAC[:]`) was stored into newly created protobuf PeerEntries. As a result, all protobuf PeerEntries ended up with the same Mac buffer reference. Fixed by the usual `peer := peer`. Add tests for the case of multiple peers, both on the beacon extender and the path segment level.
When performing a service address resolution with svc.Resolver.LookupSVC, a new connection was opened but never closed. One possible reason for this bug was that the unclear responsibility for closing the connection; the svc.RoundTripper.RoundTrip function closes the connection if the context ends, but not otherwise. Fix this by always closing the conn in CloseConnOnDone. The cancel function of CloseConnOnDone now also blocks until the connection is closed (relevant mostly for testing) and returns any errors from closing. Also move the CloseConnOnDone to LookupSVC, so the responsibility for closing the connection is right next to where it's opened.
…(#4316) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.11.0 to 1.11.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.11.0...v1.11.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * fixup: make go_deps.bzl --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matthias Frei <matzf@scion.org>
…(#4317) Implement support for empty path values as inputs for the SPAO MAC computation. This is currently not applicable when using the SPAO with DRKey as the timestamp defined to be relative to the info field, which simply does not exist for empty paths. This will be addressed by the changes proposed in scionproto/scion#4300, enabling the use of SPAO also for AS internal communication.
The length of the SCION header is part of the metadata flowing into the computation of the MAC value for SPAO [0]. The corresponding common header field value is stored in multiples of 4-bytes [1]. This PR makes sure that indeed multiples of 4-bytes are used instead of the actual length in bytes of the SCION header. The problem did not appear in testing up till now, because all endpoints are based on the same implementation so far. [0] https://docs.scion.org/en/latest/protocols/authenticator-option.html#authenticated-data [1] https://docs.scion.org/en/latest/protocols/scion-header.html#common-header
Documentation builds (`make html`) were reporting various warnings. There were two sources of the errors: - Most pages from the autogenerated command line docs are not in any toctree, because they use their own internal linking. Fixed by adding :orphan: to these pages. - One image in the manual pages (gateway/prefix_pinning.rst) would always be reported as not found, but was working correctly. This was due to the structure of the manual pages, which are built from multiple partial rst files using the `.. include:` directive. The figures are found relative to the main rst file, not the partial. As the partials were _also_ being built individually, the error resulted. Fixed by excluding the partial rst files (manuals/*/*) from the sphinx build. Also includes the following improvements: - more specific short/long doc string for the `scion` tool - add requirements.in and pip-compile generated requirements.txt - doc/Makefile: add targets autobuild and command-gendocs for convenience, explicitly list the main sphinx-build targets to get make target auto-completion on shells - Disable the "Atuo generated by spf13/cobra ..." footer for the cobra gendocs, getting rid of post processing command in the bazel build. Use "proper" sphinx :ref: cross-references instead of html links. - Fix (or remove) some broken links reported by `make linkcheck`
In #4319, the python requirements file was generated for python3.8 but our build configuration file still referred to 3.7, resulting in broken builds. Also bump the ubuntu version to latest LTS, because, why not. Also move the .readthedocs.yaml file to the project root, where this should be located according to the documentation. The readthedocs build log (confusingly) mentioned that this file was not present. Either this was a spurious error message or the file was indeed ignored and it just happened to match the defaults.
This commit updates almost all of the direct dependencies to the latest version.
…ys (#4326) Fix simple logic error in DRKey service engine (assignment to variable was too late, after use).
Deprecate unused attributes `authoritative`, `voting` and `issuing` from the topology.json configuration. These are no longer considered by any service or tool and the functionality has been moved into the cs.toml (containing a `[ca]` section for "issuing" ASes) or into the TRC and the configuration of the corresponding tooling. Only the `core` attribute option remains. In the long run, this should either disappear entirely from the topology configuration or be changed to a boolean flag. In the internal `private/topology`, remove the unused `CA() bool` from the interface, and simplify the representation of the state from a list of attributes to a simpler `IsCore`. The goal here is mainly to avoid confusion caused by the unused attributes.
…#4332) Add demo/integration test for key derivation with different protocols identifiers, in particular for a "niche" protocol using the generic key derivation. Make fetching the SV optional for the server-side demo and use the non-privileged derivation mechanism otherwise.
Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.14 to 3.9.15. - [Release notes](https://github.com/patriksimek/vm2/releases) - [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md) - [Commits](patriksimek/vm2@3.9.14...3.9.15) vm2 is in indirect dependency of spectral-cli, which is (only!) the linter used for the openapi specs. --- updated-dependencies: - dependency-name: vm2 dependency-type: indirect Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.15 to 3.9.16. - [Release notes](https://github.com/patriksimek/vm2/releases) - [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md) - [Commits](patriksimek/vm2@3.9.15...3.9.16) vm2 is an indirect dependency of spectral-cli, which is (only!) the linter used for the openapi specs. --- updated-dependencies: - dependency-name: vm2 dependency-type: indirect Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The scion.sh sciond-addr command was returning an invalid address for IPv6 setups, resulting in "too many colons address" error when used as the `--sciond` parameter of tool invocations. Fixed by wrapping the IP in brackets before appending the port.
Add openapi_build_doc rule to build the API documentation as zero-dependency HTML file. This replaces separate genrules in the build files for the individual tools. These had all been using the `redoc-cli` command which is deprecated (in favor of redocly/cli) and had been creating broken HTML files since #4323. Fix the link in the dummy index.html page from the private/mgmtapi package, used when not bundling the generated documentation page, to point to openapi.json (not spec.json). Drop the yarn dependency on `redoc-cli` and update all dependencies.
Replace deprecated inet.af/netaddr with its standard library replacement package net/netip. Use go4.org/netipx for some the pieces that were not added to the standard library. This change does not affect the `snet` API, or any other public API.
There is a small number of of packet processing test cases that cover cases resulting in SCMPs. The packet processor signals SCMPs by returning an `scmpError`. Previously, the test cases just asserted that any error is returned from processing and so they would pass even if an internal error occurred. In this instance there was an internal error while serializing the SCMP message, as the internal IP of the dataplane, the source address of the SCMP message, was not initialized in the test setup. Add a dummy internal IP address to the test dataplane setup, and change the type of the dataplane's internal IP so that a missing initialization of the IP leads to a panic instead of a runtime error. Assert that an `scmpError` is returned for the relevant test cases, and check the SCMP type/code. The full SCMP message is still not checked.
The documentation has been a somewhat unsorted bag of documents. It was mostly focused on contributors to this project, but some sections did target users of the software, without a clear distinction.
This PR attempts to bring some more structure into this. There are now three separate sections:
- Technology:
Explanations and Specifications. Explain SCION on a conceptual level.
Should introduce concepts that a user or dev needs to make sense of the manuals etc.
Target audience: anyone (users, developers, outsiders)
- Reference manuals:
Target audience: users of this SCION implementation (operator of SCION infrastructure or hosts), users of any of the SCION APIs.
- Developer section:
Target audience: contributors to this SCION implementation
In particular, the developer section now "hides" the design documents away a bit and the intended workflow for these documents is clarified.
There is still a lot to do, in particular for overview and introductory material and the manuals. I've started to work on the manual for the control service, but I've decided to defer this for a separate PR so that we can finalize the organizational changes.
Note that the content of some design documents, in particular the one on path policies is now relegated to the less findable design document section. The relevant information will be included in the manuals again.
* Setup link * Contribution link
The Traffic Class field used to be abbreviated by QoS, an unnecessary alias. Traffic Class is also the name used for the equivalent field in the IPv6 header. Also, fix the documented NextHdr value for the SCMP protocol.
Fix a couple grammar errors with past/present tense and capitalizing the nouns.
Both decoding and serializing of the address type fields (DstAddrType and SrcAddrType) was truncating the most significant bit. This has not caused any issues so far as no address type with type greater than 1 is defined and used. This bug was introduced in #4160, by consistently using the wrong (!) value 0x7, instead of 0xF, to mask the lowest four bits. Fixed the same mistake in copies of the serialization logic.
Fix a couple issues with tense, nouns, and punctuation.
Fixes issue #4282. With this change, the implementation of `AddLinkType` matches that of the other setters and the comment that precedes it.
When starting a span from Context add the debug_id and tracing_id to the logger on the context (if it exists) instead of creating a new one. This preserves the logger that is attached to the parentCtx.
Allow scion-pki, see #4611
Rewrite the TRC ceremony documentation to include the scion-pki tool which is a lot more ergonomic than openssl based approach. The openssl based approach is still kept such that people do not need to trust the distributed scion-pki tool. Furthermore, the documentation and tests are updated to use openssl 3.0.14. And finally, the scion-pki tool is extended to support RFC3339 based timestamps when creating TRC payloads for both NotBefore and NotAfter fields. The legacy unix timestamp and duration based validity time are still supported.
… to crash (#4619) Hi, I've tried to setup the freestanding SCION network as per the [tutorial](https://docs.scion.org/en/latest/tutorials/deploy.html) and ran into a few issues: Using the default topology files from the website, the scion-router service always crashes because of an invalid source IP (see screenshot below):  @tobiasmoldan realized that this can be resolved by adding the source IP (or host name) to the local field in the topology: `"underlay": { "local": "scion01:50012", "remote": "scion02:50012" },` Secondly, I was wondering if all ASes need to be up and running for the network to be fully functional? I have set up and configured scion01 and scion02 as per the tutorial. All services (daemon, router, control, dispatcher) are active and there is a direct link between the two VMs. The machines are pingable (via normal ICMP), however, there is no reachability via SCMP. I assume that, even without scion03-05, they should have connectivity? I got scion addresses for scion01 and scion02 respectively, `42-ffaa:1:1,127.0.0.1` `42-ffaa:1:2,127.0.0.1` and I have generated the certificate material on scion01 and shared it with scion02. Is there anything I'm missing - e.g., does path exploration need to be triggered somehow or should it happen automatically? Thanks a lot for your help on this! Best regards, Thomas --------- Co-authored-by: jiceatscion <139873336+jiceatscion@users.noreply.github.com>
Until golang/go#69312 is resolved, force the old timer behavior by specifying an older go version in the go.mod file. Fixes #4606
Include the ISD-AS in the output of the distinguished name of the certificate. Previously, the output would show `UnknownOID=1.3.6.1.4.1.55324.1.2.1` instead of the ISD-AS. Furthemore, represent the extended key usage for sensitive voting, regular voting, and cppki root certificates as a human readable string.
The dummy TRC payload allows to create a TRC payload without much setup. This is useful for testing access to the necessary cryptographic material, especially in preparation of a TRC ceremony.
When creating a TRC update, support referencing the predecessor certificates. This simplifies the TRC ceremony, as the already included certificates do not need to be redistributed in case they do not change.
Found this in the wake of #4606 I believe that await-connectivity could mistake core segments for up segments (i.e. assuming that only up segments could be found). It still makes the optimistic assumption that down segments are registered immediately after up segments are obtained. We have to be content with that because in hidden paths test cases the down segments cannot all be found via a simple REST API query.
…n package (#4604) Also renamed IfIDType to ID. Given that ID represents generic interface IDs as used in segments distributed by the control service, it seems that it shouldn't be private either, even if it currently can be. So the new package isn't private. Fixes #4584
And an interactive TRC signing ceremony builder. It supports all three types of TRC ceremony: base, regular, and sensitive. The user can select between scion-pki and openssl. Furthermore, support for pkcs11 is available for openssl. In a future iteration, support for scion-pki kms will be added. The builder is intended to be used by a voting (or root CA) participant. The adminstrator role is not supported in this version. (Administrators should be very knowledgable about the TRC ceremony anyway.) The builder is based on aplinejs and tailwindcss. This allows us to included it in our RTD page with zero dependency and build steps.  [doc]
While in the process of merging FABRID into SCIONLab, we have found these very small nits to probably be beneficial to merge upstream (here): - Improve the comment on the package variable `HostAddr` in package `tools/integration`.
First draft of NAT address discovery design. Original discussion: #4517 --------- Co-authored-by: Tilmann Zäschke <tilmann.zaeschke@inf.ethz.ch> Co-authored-by: jiceatscion <139873336+jiceatscion@users.noreply.github.com>
… (#4623) After an offline discussion from SCION contributors, we reached the conclusion that `docs.scion.org` is the best-suited candidate to host technical information about SCION applications (ideally already in a certain maturity level) since they can be run on different environments, i.e., production network, SCIONLab or local dev environment. It may also help to centralize a little bit the information and making the documentation environment a bit less hairy for the users/developers. ~~In this PR, I ported the `Applications` section in the [SCIERA docs](https://sciera.readthedocs.io/en/latest/index.html) , adding the file `doc/applications/access.rst` as a preliminary documentation as how to connect the application host to the diverse SCION networks.~~ We can revisit, if some of documentation for the currently listed applications must be removed or updated. --- We use [RTD subprojects](https://docs.readthedocs.io/en/stable/subprojects.html) and the project is located in https://github.com/scionproto-contrib/scion-applications-docs. This PR adds reference to the `SCION Applications` subproject.
Enable the scion-pki tool to interact with various cloud KMS and HSMs through the step-kms-plugin. The step-kms-plugin must be installed and available in the PATH. For more information about step-kms-plugin, please refer to the documentation at https://github.com/smallstep/step-kms-plugin. To see example usage of step-kms-plugin, please refer to https://smallstep.com/docs/step-ca/cryptographic-protection
A profile shows that ID calculation is a big part of the CPU time of the daemon:  Therefore this change memoizes IDs where possible. Also re-use buffer for fingerprint calculation. Use slices package for sorting in the combinator.
Generate the additional code required for connectrpc with the buf tool. Currently, there is no bazel ruleset available for buf generation. However, we can leverage buf as a protoc plugin as shown in https://github.com/abitofhelp/connect-go-example. With the help of some convenience macro, source code is copied with our regular `write_all_source_files` Make target. This PR is broken out of the https://github.com/scionproto/scion/tree/connectrpc branch to make incremental review easier. Contributes to #4434
Additionally, add a not to be careful when using relative paths.
…g accordingly (#4634) Fixes #4633 --------- Co-authored-by: FR4NK-W <wirzf@inf.ethz.ch>
NO_CHANGELOG --------- Co-authored-by: jiceatscion <139873336+jiceatscion@users.noreply.github.com> Co-authored-by: Jean-Christophe Hugly <jice@scion.org>
Spotted while writing ietf drafts. This is the only occurrence of the word "fragment" in our docs, except for the gateway. That I know of, there is no such thing as a scion packet fragment.
Change the limit for interface IDs in topofiles from 12bit to 16bit.
Unfortunately, the new style rpm_rules (the ones that I find remotely usable) do not appear to support cross-architecture packaging yet. So, this is x86_64 only for now. Fixes #4425 --------- Co-authored-by: FR4NK-W <wirzf@inf.ethz.ch>
The current implementation does not use the "underlay" element. I propose to adapt the docment to reflect the current implementation
Bumps [starlette](https://github.com/encode/starlette) from 0.37.2 to 0.40.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/encode/starlette/releases">starlette's releases</a>.</em></p> <blockquote> <h2>Version 0.40.0</h2> <p>This release fixes a Denial of service (DoS) via <code>multipart/form-data</code> requests.</p> <p>You can view the full security advisory: <a href="https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw">GHSA-f96h-pmfr-66vw</a></p> <h2>Fixed</h2> <ul> <li>Add <code>max_part_size</code> to <code>MultiPartParser</code> to limit the size of parts in <code>multipart/form-data</code> requests <a href="https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733">fd038f3</a>.</li> </ul> <h2>Version 0.39.2</h2> <h2>Fixed</h2> <ul> <li>Allow use of <code>request.url_for</code> when only "app" scope is available <a href="https://github.com/encode/starlette/pull/2672">#2672</a>.</li> <li>Fix internal type hints to support <code>python-multipart==0.0.12</code> <a href="https://github.com/encode/starlette/pull/2708">#2708</a>.</li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/encode/starlette/compare/0.39.1...0.39.2">https://github.com/encode/starlette/compare/0.39.1...0.39.2</a></p> <h2>Version 0.39.1</h2> <h2>Fixed</h2> <ul> <li>Avoid regex re-compilation in <code>responses.py</code> and <code>schemas.py</code> <a href="https://github.com/encode/starlette/pull/2700">#2700</a>.</li> <li>Improve performance of <code>get_route_path</code> by removing regular expression usage <a href="https://github.com/encode/starlette/pull/2701">#2701</a>.</li> <li>Consider <code>FileResponse.chunk_size</code> when handling multiple ranges <a href="https://github.com/encode/starlette/pull/2703">#2703</a>.</li> <li>Use <code>token_hex</code> for generating multipart boundary strings <a href="https://github.com/encode/starlette/pull/2702">#2702</a>.</li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/encode/starlette/compare/0.39.0...0.39.1">https://github.com/encode/starlette/compare/0.39.0...0.39.1</a></p> <h2>Version 0.39.0</h2> <h2>Added</h2> <ul> <li>Add support for HTTP Range to <code>FileResponse</code> <a href="https://github.com/encode/starlette/pull/2697">#2697</a></li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/encode/starlette/compare/0.38.6...0.39.0">https://github.com/encode/starlette/compare/0.38.6...0.39.0</a></p> <h2>Version 0.38.6</h2> <h2>Fixed</h2> <ul> <li>Close unclosed <code>MemoryObjectReceiveStream</code> in <code>TestClient</code> <a href="https://github.com/encode/starlette/pull/2693">#2693</a>.</li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/encode/starlette/compare/0.38.5...0.38.6">https://github.com/encode/starlette/compare/0.38.5...0.38.6</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/encode/starlette/blob/master/docs/release-notes.md">starlette's changelog</a>.</em></p> <blockquote> <h2>0.40.0 (October 15, 2024)</h2> <p>This release fixes a Denial of service (DoS) via <code>multipart/form-data</code> requests.</p> <p>You can view the full security advisory: <a href="https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw">GHSA-f96h-pmfr-66vw</a></p> <h4>Fixed</h4> <ul> <li>Add <code>max_part_size</code> to <code>MultiPartParser</code> to limit the size of parts in <code>multipart/form-data</code> requests <a href="https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733">fd038f3</a>.</li> </ul> <h2>0.39.2 (September 29, 2024)</h2> <h4>Fixed</h4> <ul> <li>Allow use of <code>request.url_for</code> when only "app" scope is available <a href="https://github.com/encode/starlette/pull/2672">#2672</a>.</li> <li>Fix internal type hints to support <code>python-multipart==0.0.12</code> <a href="https://github.com/encode/starlette/pull/2708">#2708</a>.</li> </ul> <h2>0.39.1 (September 25, 2024)</h2> <h4>Fixed</h4> <ul> <li>Avoid regex re-compilation in <code>responses.py</code> and <code>schemas.py</code> <a href="https://github.com/encode/starlette/pull/2700">#2700</a>.</li> <li>Improve performance of <code>get_route_path</code> by removing regular expression usage <a href="https://github.com/encode/starlette/pull/2701">#2701</a>.</li> <li>Consider <code>FileResponse.chunk_size</code> when handling multiple ranges <a href="https://github.com/encode/starlette/pull/2703">#2703</a>.</li> <li>Use <code>token_hex</code> for generating multipart boundary strings <a href="https://github.com/encode/starlette/pull/2702">#2702</a>.</li> </ul> <h2>0.39.0 (September 23, 2024)</h2> <h4>Added</h4> <ul> <li>Add support for <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests">HTTP Range</a> to <code>FileResponse</code> <a href="https://github.com/encode/starlette/pull/2697">#2697</a>.</li> </ul> <h2>0.38.6 (September 22, 2024)</h2> <h4>Fixed</h4> <ul> <li>Close unclosed <code>MemoryObjectReceiveStream</code> in <code>TestClient</code> <a href="https://github.com/encode/starlette/pull/2693">#2693</a>.</li> </ul> <h2>0.38.5 (September 7, 2024)</h2> <h4>Fixed</h4> <ul> <li>Schedule <code>BackgroundTasks</code> from within <code>BaseHTTPMiddleware</code> <a href="https://github.com/encode/starlette/pull/2688">#2688</a>. This behavior was removed in 0.38.3, and is now restored.</li> </ul> <h2>0.38.4 (September 1, 2024)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/encode/starlette/commit/4ded4b7ac517bd301cee69f5c189b1cb48c069b6"><code>4ded4b7</code></a> Version 0.40.0 (<a href="https://github.com/encode/starlette/issues/2728">#2728</a>)</li> <li><a href="https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733"><code>fd038f3</code></a> Merge commit from fork</li> <li><a href="https://github.com/encode/starlette/commit/e11684013fe5ca084f5bd4e54830512a4dff9618"><code>e116840</code></a> Bump the python-packages group with 6 updates (<a href="https://github.com/encode/starlette/issues/2713">#2713</a>)</li> <li><a href="https://github.com/encode/starlette/commit/0b50b9c4abd992a39d6e32148cc6f577ac3b1c44"><code>0b50b9c</code></a> Version 0.39.2 (<a href="https://github.com/encode/starlette/issues/2710">#2710</a>)</li> <li><a href="https://github.com/encode/starlette/commit/fe46d99d92da17efe1827f96ad29d748aac870d2"><code>fe46d99</code></a> Support <code>request.url_for</code> when only "app" scope is avaialable (<a href="https://github.com/encode/starlette/issues/2672">#2672</a>)</li> <li><a href="https://github.com/encode/starlette/commit/1a6018e08a994c78f5c169b8535408259af0f249"><code>1a6018e</code></a> Support python-multipart 0.0.12 (<a href="https://github.com/encode/starlette/issues/2708">#2708</a>)</li> <li><a href="https://github.com/encode/starlette/commit/fa7b382a66cd99e3dc18f3baa44dae5ec68be76b"><code>fa7b382</code></a> Version 0.39.1 (<a href="https://github.com/encode/starlette/issues/2706">#2706</a>)</li> <li><a href="https://github.com/encode/starlette/commit/075efd0c5c9f5e49a4416f3b4a24e24efab135f8"><code>075efd0</code></a> generate boundary with token_hex (<a href="https://github.com/encode/starlette/issues/2702">#2702</a>)</li> <li><a href="https://github.com/encode/starlette/commit/b8139f9fe3b1acb34ddbe38dc6472a60b621540e"><code>b8139f9</code></a> Consider <code>FileResponse.chunk_size</code> when handling multiple ranges (<a href="https://github.com/encode/starlette/issues/2703">#2703</a>)</li> <li><a href="https://github.com/encode/starlette/commit/4fbf766b3eac4146b86175682cec88d266fd8470"><code>4fbf766</code></a> test: add tests in <code>test_requests</code> (<a href="https://github.com/encode/starlette/issues/2677">#2677</a>)</li> <li>Additional commits viewable in <a href="https://github.com/encode/starlette/compare/0.37.2...0.40.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/scionproto/scion/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is not supposed to be merged for now!
This PR is part of my (Aaron Bojarski) practical work project. Its goal is to evolve the VerifiedSCION repository to contain and verify recent refactors of the
scionproto/scionrepository. Furthermore we want to explore (automated) procedures to keep the repositories in sync.