Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upstream #383

Draft
wants to merge 225 commits into
base: master
Choose a base branch
from
Draft

Upstream #383

wants to merge 225 commits into from

Conversation

aaronbojarski
Copy link

This is not supposed to be merged for now!

This PR is part of my (Aaron Bojarski) practical work project. Its goal is to evolve the VerifiedSCION repository to contain and verify recent refactors of the scionproto/scion repository. Furthermore we want to explore (automated) procedures to keep the repositories in sync.

JordiSubira and others added 30 commits January 25, 2023 12:20
Add support for SPAO headers to slayers and the router data plane.
This will be used to authenticate SCMP error messages.

Currently, the DRKey provider is not implemented in the router.
Furthermore, the SCMP error messages are not yet authenticated on the receiver side.
Use AS certificates in the control plane's QUIC TLS, for the benefit of
authenticating DRKey Level1 requests.

In contrast to other control plane requests, the DRKey Level 1 key
requests require confidentiality and authentication. For these requests,
we use TLS authenticated with the CP-PKI AS certificates.
Previously, we would run two separate grpc "servers" on the same QUIC
socket. One server without authentication, used for most control service
requests, and one with grpc authentication for the DRKey requests.
In either case, the underlying connection would use the TLS from QUIC
with self-signed certificates without authentication (`InsecureSkipVerify: true`).
For the grpc authentication, an additional TLS session would run on top,
so we'd have two nested TLS sessions.
This setup simply did not work properly. The two different grpc servers
competed for accepted connections on the QUIC socket and chance
determined whether a request would be processed by the appropriate
server. Automatic request retry has hidden the problem to some extent in
early testing.

Fix this by always using AS certificates in the QUIC connection directly,
and never using grpc's TLS.
This approach has been previously considered impractical, but a grpc-go
contributor pointed us in the right direction for a clean implementation
now; adding a custom implementation of the `credentials.TransportCredentials`
interface allows us to pass through the TLS state of the underlying QUIC
connection to grpc.

Note that:
- we cannot verify the certificates for all requests; this would be a
  circular dependency e.g. for fetching certificate chains and trcs
- the client certificate is now validated directly from the DRKey grpc
  server logic. At this point, the TLS session has already been
  established and any errors result in a grpc error, not a TLS handshake
  error. This is unavoidable, as we can only know the method invoked
  after accepting the TLS session to know whether the certificates
  should be validated (see point above).
Add section on the project governance with the TC Implementation,
including a list of the current members.
The pkg/private/common, util and xtest packages have rather fuzzy scope,
and have accumulated a bit of cruft and unused or outdated
functionality. Clean this up a bit:

* pkg/private/common: 
    * remove unused constants
    * remove outdated error handling helpers and replace remaining use
    * remove NativeOrder and IsBigEndian: No longer needed.
      Native byte order is not often needed, but will eventually show up
      in standard library anyway (golang/go#57237).
* pkg/private/util:
    * remove unused helper functionality
    * remove Checksum: only used to compute reference value in slayers
      test cases. Use a simpler, non-optimized implementation for this.
      Closes #4262.
    * move RunsInDocker to private/env
    * move ASList to tools/integration
* pkg/private/xtest: 
    * remove unused helpers
    * remove unused Callback and MockCallback
    * replace FailOnErr with require.NoError
    * replace AssertErrorsIs with assert.ErrorIs


There are still more things to clean up in `pkg/private`, in future PRs,
in particular: 
* `common.ErrMsg` should be integrated in `serrors`
* `common.IFIDType` should be removed or renamed and moved somewhere
  more appropriate
* Merge the remainder of `util` and `common` 
* Clean up  `LinkType` and `RevInfo` from `pkg/private/ctrl`
Previously only the keys were loaded from disk, the chains were fetched
from the DB. This becomes a problem with certificate renewal (especially
when overwriting the key/cert files) because the new key is loaded from the disk
but no corresponding certificate is loaded into the DB
Additionally, loading certs from disk for each individual TLS session
establishment is not ideal, so we should have a cache.

Removed the separate X509KeyPairLoader and replaced it with
trust.SignerGen (extended to allow filtering certificates for key
usage). For this SignerGen, a CachingSignerGen implementation already
exists. The new TLSCertificateLoader wraps this SignerGen and converts the
resulting Signer to a tls.Certificate.
Loading the certificates is no longer part of trust.TLSCryptoManager.
Thus, rename TLSCryptoManager to TLSCryptoVerifier.
Remove (most) golangci-lint exceptions for the errcheck linter.
This linter is generally very helpful and it seems better not to give
blanket exceptions for violations. It's rarely necessary to use nolint
to silence specific false positives, as it's usually enough to
explicitly ignore errors by assigning to a blank identifier, which seems
seems helpful for readers of the code.

Fix errcheck violations:
- Explicitly ignore or log errors where this seems appropriate
  - In http.Handler code, ignore errors when writing the response body.
    Use rw.Write where possible to make it as clear as possible that the
    Write is the only remaining possibility for errors.
    Some of the diagnostics pages would require more restructuring to
    handle errors properly; in some cases, errors are ignored by using
    fmt.Fprint (for which errcheck ignores errors), instead of Write.
- Assert or panic on errors in tests
- Remove some unused code snippets with violations (TestMain, log/testlog.SetupGlobals)
- Restructure control/beacon.ParsePolicyYaml so initDefaults does not
  return an error (and btw, use correct input file in test)
- Handle SetDeadline errors in sock/reliable/reconnect
- Handle UnderlayPacket.DecodeFromBytes error in sock/reliable.Conn
During creating the signed protobuf body for an ASEntry in
PathSegment.AddASentry, a reference to a member of the loop variable
(`peer.HopField.MAC[:]`) was stored into newly created protobuf
PeerEntries. As a result, all protobuf PeerEntries ended up with the
same Mac buffer reference.
Fixed by the usual `peer := peer`.

Add tests for the case of multiple peers, both on the beacon extender
and the path segment level.
When performing a service address resolution with svc.Resolver.LookupSVC,
a new connection was opened but never closed.
One possible reason for this bug was that the unclear responsibility for
closing the connection; the svc.RoundTripper.RoundTrip function closes
the connection if the context ends, but not otherwise.

Fix this by always closing the conn in CloseConnOnDone.
The cancel function of CloseConnOnDone now also blocks until the
connection is closed (relevant mostly for testing) and returns any
errors from closing.
Also move the CloseConnOnDone to LookupSVC, so the responsibility for
closing the connection is right next to where it's opened.
…(#4316)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.11.0...v1.11.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* fixup: make go_deps.bzl

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Frei <[email protected]>
…(#4317)

Implement support for empty path values as inputs for the SPAO MAC
computation.
This is currently not applicable when using the SPAO with DRKey as the
timestamp defined to be relative to the info field, which simply does
not exist for empty paths. This will be addressed by the changes
proposed in scionproto/scion#4300, enabling the use of SPAO also for AS
internal communication.
The length of the SCION header is part of the metadata flowing into the
computation of the MAC value for SPAO [0]. The corresponding common
header field value is stored in multiples of 4-bytes [1].

This PR makes sure that indeed multiples of 4-bytes are used instead of
the actual length in bytes of the SCION header.

The problem did not appear in testing up till now, because all endpoints
are based on the same implementation so far.

[0] https://docs.scion.org/en/latest/protocols/authenticator-option.html#authenticated-data

[1] https://docs.scion.org/en/latest/protocols/scion-header.html#common-header
Documentation builds (`make html`) were reporting various warnings.
There were two sources of the errors:

- Most pages from the autogenerated command line docs are not in any toctree,
  because they use their own internal linking.
  Fixed by adding :orphan: to these pages.
- One image in the manual pages (gateway/prefix_pinning.rst)
  would always be reported as not found, but was working correctly.
  This was due to the structure of the manual pages, which are built
  from multiple partial rst files using the `.. include:` directive.
  The figures are found relative to the main rst file, not the partial.
  As the partials were _also_ being built individually, the error
  resulted.
  Fixed by excluding the partial rst files (manuals/*/*) from the sphinx
  build.

Also includes the following improvements:
- more specific short/long doc string for the `scion` tool
- add requirements.in and pip-compile generated requirements.txt
- doc/Makefile: add targets autobuild and command-gendocs for
  convenience, explicitly list the main sphinx-build targets to get make
  target auto-completion on shells
- Disable the "Atuo generated by spf13/cobra ..." footer for the cobra
  gendocs, getting rid of post processing command in the bazel build.
  Use "proper" sphinx :ref: cross-references instead of html links.
- Fix (or remove) some broken links reported by `make linkcheck`
In #4319, the python requirements file was generated for python3.8 but
our build configuration file still referred to 3.7, resulting in broken
builds. Also bump the ubuntu version to latest LTS, because, why not.

Also move the .readthedocs.yaml file to the project root, where this
should be located according to the documentation.
The readthedocs build log (confusingly) mentioned that this file was not
present. Either this was a spurious error message or the file was indeed
ignored and it just happened to match the defaults.
This commit updates almost all of the direct dependencies to the latest version.
…ys (#4326)

Fix simple logic error in DRKey service engine (assignment to variable was too late, after use).
Deprecate unused attributes `authoritative`, `voting` and `issuing` from
the topology.json configuration. These are no longer considered by any
service or tool and the functionality has been moved into the cs.toml
(containing a `[ca]` section for "issuing" ASes) or into the TRC and the
configuration of the corresponding tooling. Only the `core` attribute
option remains. In the long run, this should either disappear entirely
from the topology configuration or be changed to a boolean flag.

In the internal `private/topology`, remove the unused `CA() bool` from
the interface, and simplify the representation of the state from a list
of attributes to a simpler `IsCore`.

The goal here is mainly to avoid confusion caused by the unused
attributes.
…#4332)

Add demo/integration test for key derivation with different protocols
identifiers, in particular for a "niche" protocol using the generic key
derivation. 
Make fetching the SV optional for the server-side demo and use the
non-privileged derivation mechanism otherwise.
Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.14 to 3.9.15.
- [Release notes](https://github.com/patriksimek/vm2/releases)
- [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md)
- [Commits](patriksimek/vm2@3.9.14...3.9.15)

vm2 is in indirect dependency of spectral-cli, which is (only!) the linter used for the openapi specs.

---
updated-dependencies:
- dependency-name: vm2
  dependency-type: indirect

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.15 to 3.9.16.
- [Release notes](https://github.com/patriksimek/vm2/releases)
- [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md)
- [Commits](patriksimek/vm2@3.9.15...3.9.16)

vm2 is an indirect dependency of spectral-cli, which is (only!) the linter used for the openapi specs.

---
updated-dependencies:
- dependency-name: vm2
  dependency-type: indirect

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The scion.sh sciond-addr command was returning an invalid address for IPv6 setups, resulting in "too many colons address" error when used as the `--sciond` parameter of tool invocations. Fixed by wrapping the IP in brackets before appending the port.
Add openapi_build_doc rule to build the API documentation as
zero-dependency HTML file.
This replaces separate genrules in the build files for the individual
tools. These had all been using the `redoc-cli` command which is
deprecated (in favor of redocly/cli) and had been creating broken HTML
files since #4323.

Fix the link in the dummy index.html page from the private/mgmtapi
package, used when not bundling the generated documentation page, to
point to openapi.json (not spec.json).

Drop the yarn dependency on `redoc-cli` and update all dependencies.
Replace deprecated inet.af/netaddr with its standard library replacement
package net/netip. Use go4.org/netipx for some the pieces that were not
added to the standard library.

This change does not affect the `snet` API, or any other public API.
There is a small number of of packet processing test cases
that cover cases resulting in SCMPs.
The packet processor signals SCMPs by returning an `scmpError`.
Previously, the test cases just asserted that any error is returned from
processing and so they would pass even if an internal error occurred.
In this instance there was an internal error while serializing the SCMP
message, as the internal IP of the dataplane, the source address of the
SCMP message, was not initialized in the test setup.

Add a dummy internal IP address to the test dataplane setup, and change
the type of the dataplane's internal IP so that a missing initialization
of the IP leads to a panic instead of a runtime error.

Assert that an `scmpError` is returned for the relevant test cases,
and check the SCMP type/code.
The full SCMP message is still not checked.
The documentation has been a somewhat unsorted bag of documents. It was mostly focused on contributors to this project, but some sections did target users of the software, without a clear distinction.

This PR attempts to bring some more structure into this. There are now three separate sections:
   - Technology:
     Explanations and Specifications. Explain SCION on a conceptual level.
     Should introduce concepts that a user or dev needs to make sense of the manuals etc.
     Target audience: anyone (users, developers, outsiders)
   - Reference manuals:
     Target audience: users of this SCION implementation (operator of SCION infrastructure or hosts), users of any of the SCION APIs.
   - Developer section:
     Target audience: contributors to this SCION implementation
     
In particular, the developer section now "hides" the design documents away a bit and the intended workflow for these documents is clarified.

There is still a lot to do, in particular for overview and introductory material and the manuals. I've started to work on the manual for the control service, but I've decided to defer this for a separate PR so that we can finalize the organizational changes.
Note that the content of some design documents, in particular the one on path policies is now relegated to the less findable design document section. The relevant information will be included in the manuals again.
* Setup link
* Contribution link
The Traffic Class field used to be abbreviated by QoS, an unnecessary
alias. Traffic Class is also the name used for the equivalent field in
the IPv6 header.

Also, fix the documented NextHdr value for the SCMP protocol.
Fix a couple grammar errors with past/present tense and capitalizing the nouns.
Both decoding and serializing of the address type fields (DstAddrType
and SrcAddrType) was truncating the most significant bit.
This has not caused any issues so far as no address type with type
greater than 1 is defined and used.

This bug was introduced in #4160, by consistently using the wrong (!)
value 0x7, instead of 0xF, to mask the lowest four bits. Fixed the
same mistake in copies of the serialization logic.
Fix a couple issues with tense, nouns, and punctuation.
uniquefine and others added 29 commits September 13, 2024 13:12
When starting a span from Context add the debug_id and tracing_id to the
logger on the context (if it exists) instead of creating a new one.

This preserves the logger that is attached to the parentCtx.
Allow scion-pki, see #4611
Rewrite the TRC ceremony documentation to include the scion-pki tool
which is a lot more ergonomic than openssl based approach. The openssl
based approach is still kept such that people do not need to trust the
distributed scion-pki tool.

Furthermore, the documentation and tests are updated to use openssl
3.0.14.

And finally, the scion-pki tool is extended to support RFC3339 based
timestamps when creating TRC payloads for both NotBefore and NotAfter
fields. The legacy unix timestamp and duration based validity time are
still supported.
… to crash (#4619)

Hi,

I've tried to setup the freestanding SCION network as per the
[tutorial](https://docs.scion.org/en/latest/tutorials/deploy.html) and
ran into a few issues:

Using the default topology files from the website, the scion-router
service always crashes because of an invalid source IP (see screenshot
below):


![image](https://github.com/user-attachments/assets/cef3fa72-a945-438f-ac31-1bc535da2a44)

@tobiasmoldan realized that this can be resolved by adding the source IP
(or host name) to the local field in the topology:

`"underlay": {
            "local": "scion01:50012",
            "remote": "scion02:50012"
          },`

Secondly, I was wondering if all ASes need to be up and running for the
network to be fully functional? I have set up and configured scion01 and
scion02 as per the tutorial. All services (daemon, router, control,
dispatcher) are active and there is a direct link between the two VMs.
The machines are pingable (via normal ICMP), however, there is no
reachability via SCMP. I assume that, even without scion03-05, they
should have connectivity?

I got scion addresses for scion01 and scion02 respectively,

`42-ffaa:1:1,127.0.0.1`

`42-ffaa:1:2,127.0.0.1`

and I have generated the certificate material on scion01 and shared it
with scion02. Is there anything I'm missing - e.g., does path
exploration need to be triggered somehow or should it happen
automatically?

Thanks a lot for your help on this!

Best regards,

Thomas

---------

Co-authored-by: jiceatscion <[email protected]>
Until golang/go#69312 is resolved, force the
old timer behavior by specifying an older go version in the go.mod file.

Fixes #4606
Include the ISD-AS in the output of the distinguished name of the
certificate. Previously, the output would show
`UnknownOID=1.3.6.1.4.1.55324.1.2.1` instead of the ISD-AS.

Furthemore, represent the extended key usage for sensitive voting,
regular voting, and cppki root certificates as a human readable string.
The dummy TRC payload allows to create a TRC payload without much setup.
This is useful for testing access to the necessary cryptographic
material, especially in preparation of a TRC ceremony.
When creating a TRC update, support referencing the predecessor
certificates. This simplifies the TRC ceremony, as the already included
certificates do not need to be redistributed in case they do not change.
Found this in the wake of #4606
I believe that await-connectivity could mistake core segments for up
segments (i.e. assuming that only up segments could be found). It still
makes the optimistic assumption that down segments are registered
immediately after up segments are obtained. We have to be content with
that because in hidden paths test cases the down segments cannot all be
found via a simple REST API query.
…n package (#4604)

Also renamed IfIDType to ID. Given that ID represents generic interface IDs as used in segments
distributed by the control service, it seems that it shouldn't be
private either, even if it currently can be. So the new package isn't
private.

Fixes #4584
And an interactive TRC signing ceremony builder.
It supports all three types of TRC ceremony: base, regular, and
sensitive. The user can select between scion-pki and openssl.
Furthermore, support for pkcs11 is available for openssl. In a future
iteration, support for scion-pki kms will be added.

The builder is intended to be used by a voting (or root CA) participant.
The adminstrator role is not supported in this version. (Administrators
should be very knowledgable about the TRC ceremony anyway.)

The builder is based on aplinejs and tailwindcss. This allows us to
included it in our RTD page with zero dependency and build steps.


![image](https://github.com/user-attachments/assets/e02dc043-7233-4713-8267-fa67ce489b2d)


[doc]
While in the process of merging FABRID into SCIONLab, we have found
these very small nits to probably be beneficial to merge upstream
(here):
- Improve the comment on the package variable `HostAddr` in package
`tools/integration`.
First draft of NAT address discovery design. Original discussion: #4517

---------

Co-authored-by: Tilmann Zäschke <[email protected]>
Co-authored-by: jiceatscion <[email protected]>
… (#4623)

After an offline discussion from SCION contributors, we reached the
conclusion that `docs.scion.org` is the best-suited candidate to host
technical information about SCION applications (ideally already in a
certain maturity level) since they can be run on different environments,
i.e., production network, SCIONLab or local dev environment. It may also
help to centralize a little bit the information and making the
documentation environment a bit less hairy for the users/developers.

~~In this PR, I ported the `Applications` section in the [SCIERA
docs](https://sciera.readthedocs.io/en/latest/index.html) , adding the
file `doc/applications/access.rst` as a preliminary documentation as how
to connect the application host to the diverse SCION networks.~~

We can revisit, if some of documentation for the currently listed
applications must be removed or updated.

---

We use [RTD
subprojects](https://docs.readthedocs.io/en/stable/subprojects.html) and
the project is located in
https://github.com/scionproto-contrib/scion-applications-docs.

This PR adds reference to the `SCION Applications` subproject.
Enable the scion-pki tool to interact with various cloud KMS and HSMs
through the step-kms-plugin. The step-kms-plugin must be installed and
available in the PATH.

For more information about step-kms-plugin, please refer to the
documentation at https://github.com/smallstep/step-kms-plugin.

To see example usage of step-kms-plugin, please
refer to
https://smallstep.com/docs/step-ca/cryptographic-protection
A profile shows that ID calculation is a big part of the CPU time of the
daemon:

![image](https://github.com/user-attachments/assets/613eedfe-c969-41ef-aa78-bee1488f9afc)

Therefore this change memoizes IDs where possible.
Also re-use buffer for fingerprint calculation.
Use slices package for sorting in the combinator.
Generate the additional code required for connectrpc with the buf tool.
Currently, there is no bazel ruleset available for buf generation.
However, we can leverage buf as a protoc plugin as shown in
https://github.com/abitofhelp/connect-go-example.
With the help of some convenience macro, source code is copied with our
regular `write_all_source_files` Make target.

This PR is broken out of the
https://github.com/scionproto/scion/tree/connectrpc branch to make
incremental review easier.

Contributes to #4434
Additionally, add a not to be careful when using relative paths.
…g accordingly (#4634)

Fixes #4633

---------

Co-authored-by: FR4NK-W <[email protected]>
NO_CHANGELOG

---------

Co-authored-by: jiceatscion <[email protected]>
Co-authored-by: Jean-Christophe Hugly <[email protected]>
Spotted while writing ietf drafts. This is the only occurrence of the
word "fragment" in our docs, except for the gateway. That I know of,
there is no such thing as a scion packet fragment.
Change the limit for interface IDs in topofiles from 12bit to 16bit.
Unfortunately, the new style rpm_rules (the ones that I find remotely
usable) do not appear to support cross-architecture packaging yet. So,
this is x86_64 only for now.

Fixes #4425

---------

Co-authored-by: FR4NK-W <[email protected]>
The current implementation does not use the "underlay" element.
I propose to adapt the docment to reflect the current implementation
Bumps [starlette](https://github.com/encode/starlette) from 0.37.2 to
0.40.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/encode/starlette/releases">starlette's
releases</a>.</em></p>
<blockquote>
<h2>Version 0.40.0</h2>
<p>This release fixes a Denial of service (DoS) via
<code>multipart/form-data</code> requests.</p>
<p>You can view the full security advisory:
<a
href="https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw">GHSA-f96h-pmfr-66vw</a></p>
<h2>Fixed</h2>
<ul>
<li>Add <code>max_part_size</code> to <code>MultiPartParser</code> to
limit the size of parts in <code>multipart/form-data</code>
requests <a
href="https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733">fd038f3</a>.</li>
</ul>
<h2>Version 0.39.2</h2>
<h2>Fixed</h2>
<ul>
<li>Allow use of <code>request.url_for</code> when only &quot;app&quot;
scope is available <a
href="https://redirect.github.com/encode/starlette/pull/2672">#2672</a>.</li>
<li>Fix internal type hints to support
<code>python-multipart==0.0.12</code> <a
href="https://redirect.github.com/encode/starlette/pull/2708">#2708</a>.</li>
</ul>
<hr />
<p><strong>Full Changelog</strong>: <a
href="https://github.com/encode/starlette/compare/0.39.1...0.39.2">https://github.com/encode/starlette/compare/0.39.1...0.39.2</a></p>
<h2>Version 0.39.1</h2>
<h2>Fixed</h2>
<ul>
<li>Avoid regex re-compilation in <code>responses.py</code> and
<code>schemas.py</code> <a
href="https://redirect.github.com/encode/starlette/pull/2700">#2700</a>.</li>
<li>Improve performance of <code>get_route_path</code> by removing
regular expression usage <a
href="https://redirect.github.com/encode/starlette/pull/2701">#2701</a>.</li>
<li>Consider <code>FileResponse.chunk_size</code> when handling multiple
ranges <a
href="https://redirect.github.com/encode/starlette/pull/2703">#2703</a>.</li>
<li>Use <code>token_hex</code> for generating multipart boundary strings
<a
href="https://redirect.github.com/encode/starlette/pull/2702">#2702</a>.</li>
</ul>
<hr />
<p><strong>Full Changelog</strong>: <a
href="https://github.com/encode/starlette/compare/0.39.0...0.39.1">https://github.com/encode/starlette/compare/0.39.0...0.39.1</a></p>
<h2>Version 0.39.0</h2>
<h2>Added</h2>
<ul>
<li>Add support for HTTP Range to <code>FileResponse</code> <a
href="https://redirect.github.com/encode/starlette/pull/2697">#2697</a></li>
</ul>
<hr />
<p><strong>Full Changelog</strong>: <a
href="https://github.com/encode/starlette/compare/0.38.6...0.39.0">https://github.com/encode/starlette/compare/0.38.6...0.39.0</a></p>
<h2>Version 0.38.6</h2>
<h2>Fixed</h2>
<ul>
<li>Close unclosed <code>MemoryObjectReceiveStream</code> in
<code>TestClient</code> <a
href="https://redirect.github.com/encode/starlette/pull/2693">#2693</a>.</li>
</ul>
<hr />
<p><strong>Full Changelog</strong>: <a
href="https://github.com/encode/starlette/compare/0.38.5...0.38.6">https://github.com/encode/starlette/compare/0.38.5...0.38.6</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/encode/starlette/blob/master/docs/release-notes.md">starlette's
changelog</a>.</em></p>
<blockquote>
<h2>0.40.0 (October 15, 2024)</h2>
<p>This release fixes a Denial of service (DoS) via
<code>multipart/form-data</code> requests.</p>
<p>You can view the full security advisory:
<a
href="https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw">GHSA-f96h-pmfr-66vw</a></p>
<h4>Fixed</h4>
<ul>
<li>Add <code>max_part_size</code> to <code>MultiPartParser</code> to
limit the size of parts in <code>multipart/form-data</code>
requests <a
href="https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733">fd038f3</a>.</li>
</ul>
<h2>0.39.2 (September 29, 2024)</h2>
<h4>Fixed</h4>
<ul>
<li>Allow use of <code>request.url_for</code> when only &quot;app&quot;
scope is available <a
href="https://redirect.github.com/encode/starlette/pull/2672">#2672</a>.</li>
<li>Fix internal type hints to support
<code>python-multipart==0.0.12</code> <a
href="https://redirect.github.com/encode/starlette/pull/2708">#2708</a>.</li>
</ul>
<h2>0.39.1 (September 25, 2024)</h2>
<h4>Fixed</h4>
<ul>
<li>Avoid regex re-compilation in <code>responses.py</code> and
<code>schemas.py</code> <a
href="https://redirect.github.com/encode/starlette/pull/2700">#2700</a>.</li>
<li>Improve performance of <code>get_route_path</code> by removing
regular expression usage
<a
href="https://redirect.github.com/encode/starlette/pull/2701">#2701</a>.</li>
<li>Consider <code>FileResponse.chunk_size</code> when handling multiple
ranges <a
href="https://redirect.github.com/encode/starlette/pull/2703">#2703</a>.</li>
<li>Use <code>token_hex</code> for generating multipart boundary strings
<a
href="https://redirect.github.com/encode/starlette/pull/2702">#2702</a>.</li>
</ul>
<h2>0.39.0 (September 23, 2024)</h2>
<h4>Added</h4>
<ul>
<li>Add support for <a
href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests">HTTP
Range</a> to
<code>FileResponse</code> <a
href="https://redirect.github.com/encode/starlette/pull/2697">#2697</a>.</li>
</ul>
<h2>0.38.6 (September 22, 2024)</h2>
<h4>Fixed</h4>
<ul>
<li>Close unclosed <code>MemoryObjectReceiveStream</code> in
<code>TestClient</code> <a
href="https://redirect.github.com/encode/starlette/pull/2693">#2693</a>.</li>
</ul>
<h2>0.38.5 (September 7, 2024)</h2>
<h4>Fixed</h4>
<ul>
<li>Schedule <code>BackgroundTasks</code> from within
<code>BaseHTTPMiddleware</code> <a
href="https://redirect.github.com/encode/starlette/pull/2688">#2688</a>.
This behavior was removed in 0.38.3, and is now restored.</li>
</ul>
<h2>0.38.4 (September 1, 2024)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/encode/starlette/commit/4ded4b7ac517bd301cee69f5c189b1cb48c069b6"><code>4ded4b7</code></a>
Version 0.40.0 (<a
href="https://redirect.github.com/encode/starlette/issues/2728">#2728</a>)</li>
<li><a
href="https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733"><code>fd038f3</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/encode/starlette/commit/e11684013fe5ca084f5bd4e54830512a4dff9618"><code>e116840</code></a>
Bump the python-packages group with 6 updates (<a
href="https://redirect.github.com/encode/starlette/issues/2713">#2713</a>)</li>
<li><a
href="https://github.com/encode/starlette/commit/0b50b9c4abd992a39d6e32148cc6f577ac3b1c44"><code>0b50b9c</code></a>
Version 0.39.2 (<a
href="https://redirect.github.com/encode/starlette/issues/2710">#2710</a>)</li>
<li><a
href="https://github.com/encode/starlette/commit/fe46d99d92da17efe1827f96ad29d748aac870d2"><code>fe46d99</code></a>
Support <code>request.url_for</code> when only &quot;app&quot; scope is
avaialable (<a
href="https://redirect.github.com/encode/starlette/issues/2672">#2672</a>)</li>
<li><a
href="https://github.com/encode/starlette/commit/1a6018e08a994c78f5c169b8535408259af0f249"><code>1a6018e</code></a>
Support python-multipart 0.0.12 (<a
href="https://redirect.github.com/encode/starlette/issues/2708">#2708</a>)</li>
<li><a
href="https://github.com/encode/starlette/commit/fa7b382a66cd99e3dc18f3baa44dae5ec68be76b"><code>fa7b382</code></a>
Version 0.39.1 (<a
href="https://redirect.github.com/encode/starlette/issues/2706">#2706</a>)</li>
<li><a
href="https://github.com/encode/starlette/commit/075efd0c5c9f5e49a4416f3b4a24e24efab135f8"><code>075efd0</code></a>
generate boundary with token_hex (<a
href="https://redirect.github.com/encode/starlette/issues/2702">#2702</a>)</li>
<li><a
href="https://github.com/encode/starlette/commit/b8139f9fe3b1acb34ddbe38dc6472a60b621540e"><code>b8139f9</code></a>
Consider <code>FileResponse.chunk_size</code> when handling multiple
ranges (<a
href="https://redirect.github.com/encode/starlette/issues/2703">#2703</a>)</li>
<li><a
href="https://github.com/encode/starlette/commit/4fbf766b3eac4146b86175682cec88d266fd8470"><code>4fbf766</code></a>
test: add tests in <code>test_requests</code> (<a
href="https://redirect.github.com/encode/starlette/issues/2677">#2677</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/encode/starlette/compare/0.37.2...0.40.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=starlette&package-manager=pip&previous-version=0.37.2&new-version=0.40.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/scionproto/scion/network/alerts).

</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.