dependabot[bot]
d2205b11a7
build(deps): bump the github-actions group with 4 updates ( #1425 )
...
Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/setup-node](https://github.com/actions/setup-node ), [actions/setup-go](https://github.com/actions/setup-go ) and [actions/cache](https://github.com/actions/cache ).
Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e8c483db8...de0fac2e45https://github.com/actions/setup-node/releases )
- [Commits](395ad32622...6044e13b5dhttps://github.com/actions/setup-go/releases )
- [Commits](4dc6199c7b...7a3fe6cf4chttps://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](9255dc7a25...8b402f58fb
2026-01-28 13:50:19 -05:00
dependabot[bot]
2532478abd
build(deps): bump the github-actions group with 4 updates ( #1355 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
2025-12-24 01:02:48 -05:00
dependabot[bot]
5c97d693c1
build(deps): bump the github-actions group across 1 directory with 4 updates ( #1340 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
2025-12-15 02:34:45 +00:00
dependabot[bot]
071b836741
build(deps): bump the github-actions group with 3 updates ( #1317 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
2025-11-30 22:12:30 -05:00
Jason Cameron
bbdeee00f7
fix: pin Node.js and Go versions in CI configuration files ( #1318 )
...
fixes cache poisoning issues
2025-12-01 03:03:39 +00:00
dependabot[bot]
1a12171d74
build(deps): bump the github-actions group with 3 updates ( #1262 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
2025-11-09 18:08:06 -08:00
Xe Iaso
b5ead0a68c
fix(data): add ruleset to explicitly allow Docker / OCI clients ( #1253 )
...
* fix(data): add ruleset to explicitly allow Docker / OCI clients
Fixes #1252
This is technically a regression as these clients used to work in Anubis
v1.22.0, however it is allowable to make this opt-in as most websites do not
expect to be serving Docker / OCI registry client traffic.
Signed-off-by: Xe Iaso <me@xeiaso.net>
* Update metadata
check-spelling run (pull_request) for Xe/gh-1252/docker-registry-client-fix
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
* test(docker-registry): export the right envvars
Signed-off-by: Xe Iaso <me@xeiaso.net>
* ci: add simdjson dependency for homebrew node
Signed-off-by: Xe Iaso <me@xeiaso.net>
* ci: install go/node without homebrew
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test: use right github commit variable
Signed-off-by: Xe Iaso <me@xeiaso.net>
* ci: remove simdjson dependency
Signed-off-by: Xe Iaso <me@xeiaso.net>
* ci: install ko with an action
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: add OCI registry caveat docs
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
2025-11-08 00:17:25 +00:00
dependabot[bot]
3dab060bfa
build(deps): bump the github-actions group across 1 directory with 6 updates ( #1221 )
...
Bumps the github-actions group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [actions/cache](https://github.com/actions/cache ) | `4.2.4` | `4.3.0` |
| [docker/login-action](https://github.com/docker/login-action ) | `3.5.0` | `3.6.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.6.2` | `5.0.0` |
| [actions/setup-node](https://github.com/actions/setup-node ) | `5.0.0` | `6.0.0` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ) | `6.7.0` | `7.1.2` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.30.3` | `4.31.0` |
Updates `actions/cache` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0400d5f644...0057852bfahttps://github.com/docker/login-action/releases )
- [Commits](184bdaa072...5e57cd1181https://github.com/actions/upload-artifact/releases )
- [Commits](ea165f8d65...330a01c490https://github.com/actions/setup-node/releases )
- [Commits](a0853c2454...2028fbc5c2https://github.com/astral-sh/setup-uv/releases )
- [Commits](b75a909f75...85856786d1https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](192325c861...4e94bd11f7
2025-10-26 22:41:24 -04:00
dependabot[bot]
87c2f1e0e6
build(deps): bump the github-actions group across 1 directory with 8 updates ( #1071 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
2025-09-06 22:30:43 -04:00
dependabot[bot]
44ae5f2e2b
build(deps): bump the github-actions group with 2 updates ( #770 )
...
Bumps the github-actions group with 2 updates: [dominikh/staticcheck-action](https://github.com/dominikh/staticcheck-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `dominikh/staticcheck-action` from 1.3.1 to 1.4.0
- [Release notes](https://github.com/dominikh/staticcheck-action/releases )
- [Changelog](https://github.com/dominikh/staticcheck-action/blob/master/CHANGES.md )
- [Commits](fe1dd0c365...024238d289https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](39edc492db...181d5eefc2
2025-07-06 20:51:24 -04:00
Jason Cameron
1562f88c35
chore: Remove unused/dead code ( #703 )
...
* chore(xess): remove unused xess templates
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* chore(checker): remove unused staticHashChecker implementation
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat: add pinact and deadcode to go tools (pinact is used for the gha pinning)
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* chore: update Docker and kubectl actions to latest versions
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* chore: update Homebrew action from master to main in workflow files
See df537ec97f
2025-06-25 09:31:33 -04:00
dependabot[bot]
2e54e839f1
build(deps): bump the gomod group across 1 directory with 4 updates ( #457 )
...
* build(deps): bump the gomod group across 1 directory with 4 updates
Bumps the gomod group with 4 updates in the / directory: [github.com/a-h/templ](https://github.com/a-h/templ ), [github.com/playwright-community/playwright-go](https://github.com/playwright-community/playwright-go ), [golang.org/x/net](https://github.com/golang/net ) and [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery ).
Updates `github.com/a-h/templ` from 0.3.857 to 0.3.865
- [Release notes](https://github.com/a-h/templ/releases )
- [Changelog](https://github.com/a-h/templ/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/a-h/templ/compare/v0.3.857...v0.3.865 )
Updates `github.com/playwright-community/playwright-go` from 0.5101.0 to 0.5200.0
- [Release notes](https://github.com/playwright-community/playwright-go/releases )
- [Commits](https://github.com/playwright-community/playwright-go/compare/v0.5101.0...v0.5200.0 )
Updates `golang.org/x/net` from 0.39.0 to 0.40.0
- [Commits](https://github.com/golang/net/compare/v0.39.0...v0.40.0 )
Updates `k8s.io/apimachinery` from 0.32.3 to 0.33.0
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.32.3...v0.33.0 )
---
updated-dependencies:
- dependency-name: github.com/a-h/templ
dependency-version: 0.3.865
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: gomod
- dependency-name: github.com/playwright-community/playwright-go
dependency-version: 0.5200.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
- dependency-name: golang.org/x/net
dependency-version: 0.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
- dependency-name: k8s.io/apimachinery
dependency-version: 0.33.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: go mod tidy && npm run assets
Signed-off-by: Xe Iaso <me@xeiaso.net>
* ci: use playwright managed by npm
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-05-07 17:48:10 -04:00
Xe Iaso
3701b2bc3d
ci(go): fix govulncheck ( #464 )
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-07 13:42:28 +00:00
Xe Iaso
16412a8bf9
ci: add govulncheck ( #456 )
...
This is intended to catch low-hanging fruit.
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-06 14:07:55 +00:00
Xe Iaso
2d22491e8c
undo depot for now until I have the corp set up
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-20 09:07:54 -04:00
dependabot[bot]
2ebce26709
build(deps): bump the gomod group with 3 updates ( #265 )
...
* build(deps): bump the gomod group with 3 updates
Bumps the gomod group with 3 updates: [github.com/playwright-community/playwright-go](https://github.com/playwright-community/playwright-go ), [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) and [golang.org/x/net](https://github.com/golang/net ).
Updates `github.com/playwright-community/playwright-go` from 0.5001.0 to 0.5101.0
- [Release notes](https://github.com/playwright-community/playwright-go/releases )
- [Commits](https://github.com/playwright-community/playwright-go/compare/v0.5001.0...v0.5101.0 )
Updates `github.com/prometheus/client_golang` from 1.21.1 to 1.22.0
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.21.1...v1.22.0 )
Updates `golang.org/x/net` from 0.38.0 to 0.39.0
- [Commits](https://github.com/golang/net/compare/v0.38.0...v0.39.0 )
---
updated-dependencies:
- dependency-name: github.com/playwright-community/playwright-go
dependency-version: 0.5101.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
- dependency-name: github.com/prometheus/client_golang
dependency-version: 1.22.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
- dependency-name: golang.org/x/net
dependency-version: 0.39.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
...
Signed-off-by: dependabot[bot] <support@github.com>
* internal/test: bump playwright version
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-04-15 05:55:50 -04:00
Xe Iaso
62e20a213a
use depot builders ( #262 )
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-13 15:57:47 -04:00
Patrick Linnane
1614504922
workflows: hash pin Actions ( #203 )
...
Signed-off-by: Patrick Linnane <patrick@linnane.io>
2025-04-08 00:45:06 -04:00
Xe Iaso
f1f8fdf752
package.json: fix build command ( #230 )
...
Closes #225
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-06 04:29:52 +00:00
dependabot[bot]
515453c607
build(deps): bump actions/cache from 3 to 4 in the github-actions group ( #198 )
...
Bumps the github-actions group with 1 update: [actions/cache](https://github.com/actions/cache ).
Updates `actions/cache` from 3 to 4
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-02 00:15:49 -04:00
Patrick Linnane
fc237a1690
workflows: fix zizmor findings (part 1) ( #190 )
...
Signed-off-by: Patrick Linnane <patrick@linnane.io>
2025-04-01 22:33:44 +00:00
Xe Iaso
52ca5390c2
Add staticheck to CI ( #152 )
...
* Add staticheck to CI
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix staticcheck warnings
Signed-off-by: Xe Iaso <me@xeiaso.net>
* oh, right, playwright is broken
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-29 15:00:22 -04:00
Xe Iaso
937f1dd330
all: do not commit generated JS/CSS to source control ( #148 )
...
Closes #125
Closes #40
Among other things, this moves all of the asset generation to run within
the context of an npm script. Developer documentation stubs have been
added so that people can get started more easily.
The top-level Dockerfile (which is no longer used in production) has
been removed as its presence has been causing confusion. This changeset
will break it anyways.
These changes will make for less "repo churn" as the static assets are
built and rebuilt, at the cost of making the build step more complicated
for downstream packagers. If this becomes a burden, we can explore
making a "release tarball" that contains pre-massaged outputs.
2025-03-28 14:55:25 -04:00
Xe Iaso
7d4be0dcec
Apply bits of the cookie settings PR one by one ( #140 )
...
Enables uses to change the cookie domain and partitioned flags.
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-27 15:24:03 -04:00
Yulian Kuncheff
6156d3d729
Refactor and split out things into cmd and lib ( #77 )
...
* Refactor anubis to split business logic into a lib, and cmd to just be direct usage.
* Post-rebase fixes.
* Update changelog, remove unnecessary one.
* lib: refactor this
This is mostly based on my personal preferences for how Go code should
be laid out. I'm not sold on the package name "lib" (I'd call it anubis
but that would stutter), but people are probably gonna import it as
libanubis so it's likely fine.
Packages have been "flattened" to centralize implementation with area of
concern. This goes against the Java-esque style that many people like,
but I think this helps make things simple.
Most notably: the dnsbl client (which is a hack) is an internal package
until it's made more generic. Then it can be made external.
I also fixed the logic such that `go generate` works and rebased on
main.
* internal/test: run tests iff npx exists and DONT_USE_NETWORK is not set
Signed-off-by: Xe Iaso <me@xeiaso.net>
* internal/test: install deps
Signed-off-by: Xe Iaso <me@xeiaso.net>
* .github/workflows: verbose go tests?
Signed-off-by: Xe Iaso <me@xeiaso.net>
* internal/test: sleep 2
Signed-off-by: Xe Iaso <me@xeiaso.net>
* internal/test: nix this test so CI works
Signed-off-by: Xe Iaso <me@xeiaso.net>
* internal/test: warmup per browser?
Signed-off-by: Xe Iaso <me@xeiaso.net>
* internal/test: disable for now :(
Signed-off-by: Xe Iaso <me@xeiaso.net>
* lib/anubis: do not apply bot rules if address check fails
Closes #83
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-03-22 18:44:49 -04:00
Xe Iaso
836eaf829a
.github/workflows/go: make this slower for now
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-17 19:39:56 -04:00
Xe Iaso
9923878c5c
initial import from /x/ monorepo
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-17 19:33:07 -04:00
