deps: bump github.com/expr-lang/expr from 1.16.9 to 1.17.8#150
Closed
dependabot[bot] wants to merge 421 commits into
Closed
deps: bump github.com/expr-lang/expr from 1.16.9 to 1.17.8#150dependabot[bot] wants to merge 421 commits into
dependabot[bot] wants to merge 421 commits into
Conversation
checkonly支持upgrade与redirect
- RunOptions 新增 BeforePrepare/AfterPrepare 生命周期回调, 供 aiscan 控制初始化流程 - 新增 Help() 函数以编程方式获取命令行帮助文本 Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
- reqCount/failedCount 改为 atomic.Int64, done 改为 atomic.Bool - rand.Source 加 sync.Mutex 防止并发 panic - Invoke 失败时正确回退 wg 计数, 避免死锁 - 新增 waitWorkers() 排空残留消息, ctx.Done 正确设置退出标记 - Close() 增加 nil 检查防止 panic Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
- FingerEngine nil 检查防止未初始化时 panic (baseline.go, fingers.go) - 日志/颜色/指纹引擎/Extractor 注册增加状态检查, 防止 SDK 多次调用时重复设置 Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
… faster startup - go:generate now uses -embed flag to produce //go:embed binary data - templates.go reduced from 125KB base64 source to 0.9KB + 93KB .bin files - binary saves ~28KB (removes base64 decode overhead at runtime) - templates submodule updated with embed-aware generator Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Bug fixes: - Defer scopeLocker.Unlock in doScopeCrawl (deadlock on panic) - Defer statsMu.Unlock in recordStat (deadlock on panic) - Defer RUnlock in resource_provider.LoadConfig via inline func - Fix data race in invoke(): move bl field writes before doRedirect - Close response body on ReadAll error (connection leak) - Add defer raw.Close() for raw file parsing (fd leak) - Safe type assertion in load.go keyword parsing (panic on bad YAML) - Check ants pool creation errors in NewBrutePool/NewCheckPool New tests (15 test functions): - pool_test.go: scopeLocker panic recovery, cancel mid-processing, single-threaded map access, valid pool creation - runner_test.go: concurrent recordStat safety, nil stat handling - load_test.go: malformed YAML tolerance, valid YAML loading - e2e_test.go: normal brute scan, context cancellation, server errors, WAF behavior, multi-target check mode, mixed status codes CI hardening: - Add -race detector (Linux, -short mode) - Add -timeout 300s to prevent deadlock hangs Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Root cause: the atomic.Bool + polling monitor goroutine pattern had a race between wg.Wait() in the monitor and wg.Add(1) in the main loop. When the monitor observed done=true and started Wait, the main loop could still dispatch new work, causing Close().wg.Wait() to hang. Fix: replace with nil-channel + sync.Once pattern. When the word stream exhausts or limit is hit, worderCh is set to nil (disabling that select branch permanently), then a single goroutine waits for wg to reach zero. Since wg.Add(1) only occurs in the worderCh branch, nil-ing it before Wait guarantees no new Add after Wait starts — no race possible. Other fixes: - Task feeder goroutine now ctx-aware (prevents leak on cancel) - AddPool checks Invoke error (prevents poolwg counter mismatch) - Revert resource_provider IIFE (reading a struct field cannot panic) - Remove E2E -short skip (race is fixed, full coverage in CI) - Fix Go 1.24+ vet: non-constant format strings in Init() Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Root cause: doCheck() called reqPool.Invoke() from the Handler goroutine. When all reqPool workers blocked on sendProcess waiting for Handler to drain processCh, and Handler blocked on Invoke waiting for a free worker, a circular wait formed. Fix: doCheck now uses addAddition() to submit check requests via additionCh consumed by the Run loop, breaking the circular dependency. Before: 16 targets x 500 words = HANG (>130s) After: 16 targets x 500 words = 1.8s Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
…fter fingerprint detection Supports check mode (exploit verification via finger field) and brute mode (default credential testing via zombie/tags field). POC templates are only executed against targets whose fingerprints match, avoiding blind scanning. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
…ncel When ctx is cancelled (e.g. IsFailed threshold), the Run loop breaks and stops reading additionCh. But doCheck (now via addAddition) may have queued items with wg.Add(1) that no one consumes. Close().wg.Wait() hangs forever. Fix: spawn a drain goroutine in Close() before wg.Wait() that consumes and Done()s remaining additionCh items, then close the channel after Wait returns. Verified: 16 IPs x 2 ports x 1000 words completes with EXIT 0. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Fingers now defaults to RE2 regex engine with AC pre-filtering. No build tag changes needed — RE2 is the new default. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
The file was referenced by //go:embed but never committed, causing build failures when consumed as a remote Go module. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
go generate with the updated templates submodule (7d5675c) produces different embedded data and code. Key changes: - cmd/cmd.go: logs.Info/Important → logs.InfoLevel/ImportantLevel - pkg/templates.go: remove proton_rules.bin/neutron.bin embeds (no longer needed) - core/baseline: use ProtonExtract instead of Extractors.Extract - core/format: list proton extractor names - Update embedded binary data files Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
The replace pinned a pre-v1.0.3 pseudo-version up to the v1.0.3 release. proxyclient v1.1.0 is now published, so require it directly and remove the replace. Core schemes (SOCKS/SOCKS5/HTTP/HTTPS) cover spray's proxy use; the extra protocols (trojan/vmess/ssh/...) are split into separate modules in v1.1.0 but spray doesn't use them. go build ./... passes. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
gomod (grouped golang.org/x/* and chainreactors/*) plus github-actions where present. No ignore on chainreactors/* so inter-repo deps are auto-updated. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Bumps [github.com/expr-lang/expr](https://github.com/expr-lang/expr) from 1.16.9 to 1.17.8. - [Release notes](https://github.com/expr-lang/expr/releases) - [Commits](expr-lang/expr@v1.16.9...v1.17.8) --- updated-dependencies: - dependency-name: github.com/expr-lang/expr dependency-version: 1.17.8 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/expr-lang/expr-1.17.8
branch
from
c969b8a to
c8f5edd
Compare
Author
|
Dependabot can't resolve your Go dependency files. Because of this, Dependabot cannot update this pull request. |
1 similar comment
Author
|
Dependabot can't resolve your Go dependency files. Because of this, Dependabot cannot update this pull request. |
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/go_modules/github.com/expr-lang/expr-1.17.8
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps github.com/expr-lang/expr from 1.16.9 to 1.17.8.
Release notes
Sourced from github.com/expr-lang/expr's releases.
... (truncated)
Commits
21f4f05Fix impossible unsigned integer comparisons in Abs() function (#919)3461fbbperf(vm): optimize loop iteration with scope pool (#908)94ec86dfix(patcher): ctx into nested custom funcs and Env (#883)40bda0bDisable check for missing predicate during parseing552eb1bDisable check for missing predicate during parseing75a31bcfix(fuzz): skip json unsupported type errors (#928)391930fchore(ci): add Go 1.26 to test matrix (#929)f0176e7Update README.md: Added GlassFlow.dev in the list of companies using expr (#927)2aaa9aafix(checker): detect $env() calls at compile time (#923)0785f19fix(fuzz): skip reflect err for variadic calls (#921)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)