From 10f09b039ad4a357cd670284b17eeb7f5a06df50 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Tue, 4 Feb 2025 15:02:40 -0800 Subject: [PATCH 1/3] Update FIPS branch --- .github/actions/check-submodules/dist/index.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/check-submodules/dist/index.js b/.github/actions/check-submodules/dist/index.js index 6f0b195c3..9c9245f00 100644 --- a/.github/actions/check-submodules/dist/index.js +++ b/.github/actions/check-submodules/dist/index.js @@ -27685,8 +27685,8 @@ const checkSubmodules = async function () { const isOnMain = await isAncestor(diff.thisCommit, 'origin/main', submodule.path); if (!isOnMain) { if (/^(aws-lc)$/.test(submodule.name)) { - // for aws-lc we also use fips-2022-11-02 branch for FIPS support. - const isOnFIPS = await isAncestor(diff.thisCommit, 'origin/fips-2022-11-02', submodule.path); + // for aws-lc we also use fips-2024-09-27 branch for FIPS support. + const isOnFIPS = await isAncestor(diff.thisCommit, 'origin/fips-2024-09-27', submodule.path); if (!isOnFIPS) { core.setFailed(`Submodule ${submodule.name} is using a branch`); return; @@ -27729,4 +27729,4 @@ main() module.exports = __webpack_exports__; /******/ })() -; \ No newline at end of file +; From 72ddca11d9cf9f2e34304377417f3410cfed83c5 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Wed, 5 Feb 2025 11:01:00 -0800 Subject: [PATCH 2/3] update dependencies --- .../actions/check-submodules/dist/index.js | 24 +++++++++++++++---- .github/actions/check-submodules/index.js | 2 +- .../check-submodules/package-lock.json | 12 +++++----- .github/actions/release-tag/package-lock.json | 12 +++++----- .github/actions/release-tag/packed/index.js | 18 +++++++++++++- 5 files changed, 50 insertions(+), 18 deletions(-) diff --git a/.github/actions/check-submodules/dist/index.js b/.github/actions/check-submodules/dist/index.js index 9c9245f00..650d76451 100644 --- a/.github/actions/check-submodules/dist/index.js +++ b/.github/actions/check-submodules/dist/index.js @@ -11535,6 +11535,14 @@ const { isUint8Array, isArrayBuffer } = __nccwpck_require__(8253) const { File: UndiciFile } = __nccwpck_require__(3041) const { parseMIMEType, serializeAMimeType } = __nccwpck_require__(4322) +let random +try { + const crypto = __nccwpck_require__(7598) + random = (max) => crypto.randomInt(0, max) +} catch { + random = (max) => Math.floor(Math.random(max)) +} + let ReadableStream = globalThis.ReadableStream /** @type {globalThis['File']} */ @@ -11620,7 +11628,7 @@ function extractBody (object, keepalive = false) { // Set source to a copy of the bytes held by object. source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength)) } else if (util.isFormDataLike(object)) { - const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}` + const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}` const prefix = `--${boundary}\r\nContent-Disposition: form-data` /*! formdata-polyfill. MIT License. Jimmy Wärting */ @@ -25739,6 +25747,14 @@ module.exports = require("net"); /***/ }), +/***/ 7598: +/***/ ((module) => { + +"use strict"; +module.exports = require("node:crypto"); + +/***/ }), + /***/ 8474: /***/ ((module) => { @@ -27685,8 +27701,8 @@ const checkSubmodules = async function () { const isOnMain = await isAncestor(diff.thisCommit, 'origin/main', submodule.path); if (!isOnMain) { if (/^(aws-lc)$/.test(submodule.name)) { - // for aws-lc we also use fips-2024-09-27 branch for FIPS support. - const isOnFIPS = await isAncestor(diff.thisCommit, 'origin/fips-2024-09-27', submodule.path); + // for aws-lc, we may use a branch for FIPS support. + const isOnFIPS = await isAncestor(diff.thisCommit, 'origin/fips-2022-11-02', submodule.path); if (!isOnFIPS) { core.setFailed(`Submodule ${submodule.name} is using a branch`); return; @@ -27729,4 +27745,4 @@ main() module.exports = __webpack_exports__; /******/ })() -; +; \ No newline at end of file diff --git a/.github/actions/check-submodules/index.js b/.github/actions/check-submodules/index.js index b8c10ac0e..5d620b40f 100644 --- a/.github/actions/check-submodules/index.js +++ b/.github/actions/check-submodules/index.js @@ -144,7 +144,7 @@ const checkSubmodules = async function () { const isOnMain = await isAncestor(diff.thisCommit, 'origin/main', submodule.path); if (!isOnMain) { if (/^(aws-lc)$/.test(submodule.name)) { - // for aws-lc we also use fips-2022-11-02 branch for FIPS support. + // for aws-lc, we may use a branch for FIPS support. const isOnFIPS = await isAncestor(diff.thisCommit, 'origin/fips-2022-11-02', submodule.path); if (!isOnFIPS) { core.setFailed(`Submodule ${submodule.name} is using a branch`); diff --git a/.github/actions/check-submodules/package-lock.json b/.github/actions/check-submodules/package-lock.json index 597ccdbbb..16721d14d 100644 --- a/.github/actions/check-submodules/package-lock.json +++ b/.github/actions/check-submodules/package-lock.json @@ -61,9 +61,9 @@ } }, "node_modules/@vercel/ncc": { - "version": "0.38.2", - "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.2.tgz", - "integrity": "sha512-3yel3jaxUg9pHBv4+KeC9qlbdZPug+UMtUOlhvpDYCMSgcNSrS2Hv1LoqMsOV7hf2lYscx+BESfJOIla1WsmMQ==", + "version": "0.38.3", + "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.3.tgz", + "integrity": "sha512-rnK6hJBS6mwc+Bkab+PGPs9OiS0i/3kdTO+CkI8V0/VrW3vmz7O2Pxjw/owOlmo6PKEIxRSeZKv/kuL9itnpYA==", "dev": true, "license": "MIT", "bin": { @@ -80,9 +80,9 @@ } }, "node_modules/undici": { - "version": "5.28.4", - "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz", - "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==", + "version": "5.28.5", + "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz", + "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==", "license": "MIT", "dependencies": { "@fastify/busboy": "^2.0.0" diff --git a/.github/actions/release-tag/package-lock.json b/.github/actions/release-tag/package-lock.json index 7f59e65de..f9d1d9ebf 100644 --- a/.github/actions/release-tag/package-lock.json +++ b/.github/actions/release-tag/package-lock.json @@ -60,9 +60,9 @@ } }, "node_modules/@vercel/ncc": { - "version": "0.38.2", - "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.2.tgz", - "integrity": "sha512-3yel3jaxUg9pHBv4+KeC9qlbdZPug+UMtUOlhvpDYCMSgcNSrS2Hv1LoqMsOV7hf2lYscx+BESfJOIla1WsmMQ==", + "version": "0.38.3", + "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.3.tgz", + "integrity": "sha512-rnK6hJBS6mwc+Bkab+PGPs9OiS0i/3kdTO+CkI8V0/VrW3vmz7O2Pxjw/owOlmo6PKEIxRSeZKv/kuL9itnpYA==", "dev": true, "license": "MIT", "bin": { @@ -79,9 +79,9 @@ } }, "node_modules/undici": { - "version": "5.28.4", - "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz", - "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==", + "version": "5.28.5", + "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz", + "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==", "license": "MIT", "dependencies": { "@fastify/busboy": "^2.0.0" diff --git a/.github/actions/release-tag/packed/index.js b/.github/actions/release-tag/packed/index.js index 90f533437..d8c2169ed 100644 --- a/.github/actions/release-tag/packed/index.js +++ b/.github/actions/release-tag/packed/index.js @@ -11535,6 +11535,14 @@ const { isUint8Array, isArrayBuffer } = __nccwpck_require__(8253) const { File: UndiciFile } = __nccwpck_require__(3041) const { parseMIMEType, serializeAMimeType } = __nccwpck_require__(4322) +let random +try { + const crypto = __nccwpck_require__(7598) + random = (max) => crypto.randomInt(0, max) +} catch { + random = (max) => Math.floor(Math.random(max)) +} + let ReadableStream = globalThis.ReadableStream /** @type {globalThis['File']} */ @@ -11620,7 +11628,7 @@ function extractBody (object, keepalive = false) { // Set source to a copy of the bytes held by object. source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength)) } else if (util.isFormDataLike(object)) { - const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}` + const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}` const prefix = `--${boundary}\r\nContent-Disposition: form-data` /*! formdata-polyfill. MIT License. Jimmy Wärting */ @@ -25739,6 +25747,14 @@ module.exports = require("net"); /***/ }), +/***/ 7598: +/***/ ((module) => { + +"use strict"; +module.exports = require("node:crypto"); + +/***/ }), + /***/ 8474: /***/ ((module) => { From abfbd84620f11e49d82860685c8f68c883c3392a Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Wed, 5 Feb 2025 11:02:51 -0800 Subject: [PATCH 3/3] woops, flip this back --- .github/actions/check-submodules/dist/index.js | 2 +- .github/actions/check-submodules/index.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/check-submodules/dist/index.js b/.github/actions/check-submodules/dist/index.js index 650d76451..fb64417e9 100644 --- a/.github/actions/check-submodules/dist/index.js +++ b/.github/actions/check-submodules/dist/index.js @@ -27702,7 +27702,7 @@ const checkSubmodules = async function () { if (!isOnMain) { if (/^(aws-lc)$/.test(submodule.name)) { // for aws-lc, we may use a branch for FIPS support. - const isOnFIPS = await isAncestor(diff.thisCommit, 'origin/fips-2022-11-02', submodule.path); + const isOnFIPS = await isAncestor(diff.thisCommit, 'origin/fips-2024-09-27', submodule.path); if (!isOnFIPS) { core.setFailed(`Submodule ${submodule.name} is using a branch`); return; diff --git a/.github/actions/check-submodules/index.js b/.github/actions/check-submodules/index.js index 5d620b40f..4c60debc8 100644 --- a/.github/actions/check-submodules/index.js +++ b/.github/actions/check-submodules/index.js @@ -145,7 +145,7 @@ const checkSubmodules = async function () { if (!isOnMain) { if (/^(aws-lc)$/.test(submodule.name)) { // for aws-lc, we may use a branch for FIPS support. - const isOnFIPS = await isAncestor(diff.thisCommit, 'origin/fips-2022-11-02', submodule.path); + const isOnFIPS = await isAncestor(diff.thisCommit, 'origin/fips-2024-09-27', submodule.path); if (!isOnFIPS) { core.setFailed(`Submodule ${submodule.name} is using a branch`); return;