diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml index 890986d77d..1d09736d9c 100644 --- a/.github/actions/setup/action.yaml +++ b/.github/actions/setup/action.yaml @@ -36,7 +36,7 @@ runs: node-version-file: ${{ inputs.node-version == '' && '.node-version' || '' }} - name: Cache Bun dependencies - uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: # Bun's global install cache (shared across workspace packages), keyed by bun.lock. path: ~/.bun/install/cache diff --git a/apps/workspace-agent/package.json b/apps/workspace-agent/package.json index 1140fa022c..0f33d0aa0a 100644 --- a/apps/workspace-agent/package.json +++ b/apps/workspace-agent/package.json @@ -13,7 +13,7 @@ "test": "bunx vitest run --passWithNoTests src" }, "dependencies": { - "@hono/node-server": "1.19.14", + "@hono/node-server": "2.0.6", "hono": "4.12.27" }, "devDependencies": { diff --git a/bun.lock b/bun.lock index 45927c721f..4669c43007 100644 --- a/bun.lock +++ b/bun.lock @@ -53,7 +53,7 @@ "name": "@fro-bot/workspace-agent", "version": "0.0.0-development", "dependencies": { - "@hono/node-server": "1.19.14", + "@hono/node-server": "2.0.6", "hono": "4.12.27", }, "devDependencies": { @@ -65,7 +65,7 @@ "version": "0.0.0-development", "dependencies": { "@fro-bot/runtime": "workspace:*", - "@hono/node-server": "1.19.14", + "@hono/node-server": "2.0.6", "@octokit/core": "7.0.6", "discord.js": "14.26.4", "effect": "3.21.4", @@ -106,7 +106,7 @@ "picomatch": ">=4.0.4", "tar": ">=7.5.11", "undici": ">=7.24.0", - "vite": "8.0.16", + "vite": "8.1.0", "yaml": ">=2.8.3", }, "packages": { @@ -286,7 +286,7 @@ "@fro.bot/harness": ["@fro.bot/harness@workspace:packages/harness"], - "@hono/node-server": ["@hono/node-server@1.19.14", "", { "peerDependencies": { "hono": "^4" } }, "sha512-GwtvgtXxnWsucXvbQXkRgqksiH2Qed37H9xHZocE5sA3N8O8O8/8FA3uclQXxXVzc9XBZuEOMK7+r02FmSpHtw=="], + "@hono/node-server": ["@hono/node-server@2.0.6", "", { "peerDependencies": { "hono": "^4" } }, "sha512-7DeRlKG57JDBNZ5Qj2jwVdgwQy4b0tLubRLl3zCf91/rCf9i7p1V5FtW/yWibm1uUHE493ts9ZXH/7g/LQWl+g=="], "@humanfs/core": ["@humanfs/core@0.19.2", "", { "dependencies": { "@humanfs/types": "^0.15.0" } }, "sha512-UhXNm+CFMWcbChXywFwkmhqjs3PRCmcSa/hfBgLIb7oQ5HNb1wS0icWsGtSAUNgefHeI+eBrA8I1fxmbHsGdvA=="], @@ -1614,7 +1614,7 @@ "validate-npm-package-license": ["validate-npm-package-license@3.0.4", "", { "dependencies": { "spdx-correct": "^3.0.0", "spdx-expression-parse": "^3.0.0" } }, "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew=="], - "vite": ["vite@8.0.16", "", { "dependencies": { "lightningcss": "^1.32.0", "picomatch": "^4.0.4", "postcss": "^8.5.15", "rolldown": "1.0.3", "tinyglobby": "^0.2.17" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "@vitejs/devtools": "^0.1.18", "esbuild": "^0.27.0 || ^0.28.0", "jiti": ">=1.21.0", "less": "^4.0.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "@vitejs/devtools", "esbuild", "jiti", "less", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-h9bXPmJichP5fLmVQo3PyaGSDE2n3aPuomeAlVRm0JLmt4rY6zmPKd59HYI4LNW8oTK7tlTsuC7l/m7awx9Jcw=="], + "vite": ["vite@8.1.0", "", { "dependencies": { "lightningcss": "^1.32.0", "picomatch": "^4.0.4", "postcss": "^8.5.15", "rolldown": "~1.1.2", "tinyglobby": "^0.2.17" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "@vitejs/devtools": "^0.3.0", "esbuild": "^0.27.0 || ^0.28.0", "jiti": ">=1.21.0", "less": "^4.0.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "@vitejs/devtools", "esbuild", "jiti", "less", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-BuJcQK/56NQTWDGn4ABea3q4SSBdNPWwNZKTkkUpcMPnLoquSYH8llRtSUIgoL1KSCpHt5eghLShn50mH36y7Q=="], "vitest": ["vitest@4.1.9", "", { "dependencies": { "@vitest/expect": "4.1.9", "@vitest/mocker": "4.1.9", "@vitest/pretty-format": "4.1.9", "@vitest/runner": "4.1.9", "@vitest/snapshot": "4.1.9", "@vitest/spy": "4.1.9", "@vitest/utils": "4.1.9", "es-module-lexer": "^2.0.0", "expect-type": "^1.3.0", "magic-string": "^0.30.21", "obug": "^2.1.1", "pathe": "^2.0.3", "picomatch": "^4.0.3", "std-env": "^4.0.0-rc.1", "tinybench": "^2.9.0", "tinyexec": "^1.0.2", "tinyglobby": "^0.2.15", "tinyrainbow": "^3.1.0", "vite": "^6.0.0 || ^7.0.0 || ^8.0.0", "why-is-node-running": "^2.3.0" }, "peerDependencies": { "@edge-runtime/vm": "*", "@opentelemetry/api": "^1.9.0", "@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0", "@vitest/browser-playwright": "4.1.9", "@vitest/browser-preview": "4.1.9", "@vitest/browser-webdriverio": "4.1.9", "@vitest/coverage-istanbul": "4.1.9", "@vitest/coverage-v8": "4.1.9", "@vitest/ui": "4.1.9", "happy-dom": "*", "jsdom": "*" }, "optionalPeers": ["@edge-runtime/vm", "@opentelemetry/api", "@types/node", "@vitest/browser-playwright", "@vitest/browser-preview", "@vitest/browser-webdriverio", "@vitest/coverage-istanbul", "@vitest/coverage-v8", "@vitest/ui", "happy-dom", "jsdom"], "bin": { "vitest": "./vitest.mjs" } }, "sha512-nE3/LEyc0z87uHYLZebqCUOaJr2hdtuPp7BQ4BosVFnfltxgAvMG08NyrSGlPpOUWvR27c5flSmYFTNr78L9GQ=="], @@ -2142,8 +2142,6 @@ "validate-npm-package-license/spdx-expression-parse": ["spdx-expression-parse@3.0.1", "", { "dependencies": { "spdx-exceptions": "^2.1.0", "spdx-license-ids": "^3.0.0" } }, "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q=="], - "vite/rolldown": ["rolldown@1.0.3", "", { "dependencies": { "@oxc-project/types": "=0.133.0", "@rolldown/pluginutils": "^1.0.0" }, "optionalDependencies": { "@rolldown/binding-android-arm64": "1.0.3", "@rolldown/binding-darwin-arm64": "1.0.3", "@rolldown/binding-darwin-x64": "1.0.3", "@rolldown/binding-freebsd-x64": "1.0.3", "@rolldown/binding-linux-arm-gnueabihf": "1.0.3", "@rolldown/binding-linux-arm64-gnu": "1.0.3", "@rolldown/binding-linux-arm64-musl": "1.0.3", "@rolldown/binding-linux-ppc64-gnu": "1.0.3", "@rolldown/binding-linux-s390x-gnu": "1.0.3", "@rolldown/binding-linux-x64-gnu": "1.0.3", "@rolldown/binding-linux-x64-musl": "1.0.3", "@rolldown/binding-openharmony-arm64": "1.0.3", "@rolldown/binding-wasm32-wasi": "1.0.3", "@rolldown/binding-win32-arm64-msvc": "1.0.3", "@rolldown/binding-win32-x64-msvc": "1.0.3" }, "bin": { "rolldown": "./bin/cli.mjs" } }, "sha512-i00lAJ2ks1BYr7rjNjKC7BcqAS7nVfiT3QX1SI5aY+AFHblCmaUf9OE9dbdzDvW6dJxbi2ZCZiy9v3CcwOiX3g=="], - "wrap-ansi/string-width": ["string-width@8.2.1", "", { "dependencies": { "get-east-asian-width": "^1.5.0", "strip-ansi": "^7.1.2" } }, "sha512-IIaP0g3iy9Cyy18w3M9YcaDudujEAVHKt3a3QJg1+sr/oX96TbaGUubG0hJyCjCBThFH+tFpcIyoUHUn1ogaLA=="], "wrap-ansi-cjs/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="], @@ -2278,38 +2276,6 @@ "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.59.3", "", {}, "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg=="], - "vite/rolldown/@oxc-project/types": ["@oxc-project/types@0.133.0", "", {}, "sha512-KzkdCd6Uxqnf6l3HOw1xfatAlUURA0g14cvBYFyJ5SaNOQbOUvBr9PKArcPcrNIeRsBdgcUzOGrhKveVpvOIGA=="], - - "vite/rolldown/@rolldown/binding-android-arm64": ["@rolldown/binding-android-arm64@1.0.3", "", { "os": "android", "cpu": "arm64" }, "sha512-454rs7jHngixp/NMxd5srYD57OnzSlZ/eFTETjORQHLwJG1lRtmNOJcBerZlfu4GjKqeq8aCCIQrMdHyhI51Hw=="], - - "vite/rolldown/@rolldown/binding-darwin-arm64": ["@rolldown/binding-darwin-arm64@1.0.3", "", { "os": "darwin", "cpu": "arm64" }, "sha512-PcAhP+ynjURNyy8SKGl5DQP94aGuB/7JrXJb/t7P+hanXvQVMWzUvRRhBAcg/lNRadBhoUPqSoP4xw5tR/KBEA=="], - - "vite/rolldown/@rolldown/binding-darwin-x64": ["@rolldown/binding-darwin-x64@1.0.3", "", { "os": "darwin", "cpu": "x64" }, "sha512-9YpfeUvSE2RS7wysJ81uOZkXJz7f7Q55H2Gvp3VEw/EsahqDtrphrZ0EwDLK5vvKOzaCrBsjF8JmnMLcUt78Gg=="], - - "vite/rolldown/@rolldown/binding-freebsd-x64": ["@rolldown/binding-freebsd-x64@1.0.3", "", { "os": "freebsd", "cpu": "x64" }, "sha512-yB1IlAsSNHncV6SCTL27/MVGR5htvQsoGxIv5KMGXALp+Ll1wYsn+x98M9MW7qa+NdSbvrrY7ANI4wLJ0n1e6g=="], - - "vite/rolldown/@rolldown/binding-linux-arm-gnueabihf": ["@rolldown/binding-linux-arm-gnueabihf@1.0.3", "", { "os": "linux", "cpu": "arm" }, "sha512-Yi30IVAAfLUCy2MseFjbB1jAMDl1VMCAas5StnYp8da9+CKvMd2H2cbEjWcw5NPaPqzvYkVIaF1nNUG+b7u/sw=="], - - "vite/rolldown/@rolldown/binding-linux-arm64-gnu": ["@rolldown/binding-linux-arm64-gnu@1.0.3", "", { "os": "linux", "cpu": "arm64" }, "sha512-jsO7R8To+AdlYgUmN5sHSCZbfhtMBkO0WUx8iORQnPcMMdgr7qM2DQmMwgabs3GhNztdmoKkMKQFHD6DTMCIQw=="], - - "vite/rolldown/@rolldown/binding-linux-arm64-musl": ["@rolldown/binding-linux-arm64-musl@1.0.3", "", { "os": "linux", "cpu": "arm64" }, "sha512-VWkUHwWriDciit80wleYwKILoR/KMvxh/IdwS/paX+ZgpuRpCrKLUdadJbc0NpBEiyhpYawsJ73j9aCvOH+f7Q=="], - - "vite/rolldown/@rolldown/binding-linux-ppc64-gnu": ["@rolldown/binding-linux-ppc64-gnu@1.0.3", "", { "os": "linux", "cpu": "ppc64" }, "sha512-5f1laC0SlIR0yDbFCd8acUhvJIag6N3zC5P7oUPN6wX0aOma+uKJ0wBDH5aq7I1PVI2ttTlhJwzwRIBnLiSGEg=="], - - "vite/rolldown/@rolldown/binding-linux-s390x-gnu": ["@rolldown/binding-linux-s390x-gnu@1.0.3", "", { "os": "linux", "cpu": "s390x" }, "sha512-Iq4ko0r4XsgbrF/LunNgHtAGLRRVE2kXonAXQ/MV0mC6jQpMOhW1SvtZja2EhC/kd05++bP78dsqBeIQyYJ6Yg=="], - - "vite/rolldown/@rolldown/binding-linux-x64-gnu": ["@rolldown/binding-linux-x64-gnu@1.0.3", "", { "os": "linux", "cpu": "x64" }, "sha512-B8m6tD5+/N5FeNQFbKlLA/2yVq9ycQP1SeedyEYYKWBNR3ZQbkvIUcNnDNM03lO1l5F2roiiFJGgvoLLyZXtSg=="], - - "vite/rolldown/@rolldown/binding-linux-x64-musl": ["@rolldown/binding-linux-x64-musl@1.0.3", "", { "os": "linux", "cpu": "x64" }, "sha512-pSdpdUJHkuCxun9LE7jvgUB9qsRgaiyNNCX7m/AvHTcq67AiT/Yhoxvw5zPfhrM8k/BfP8ce/hMOpthKDpEUow=="], - - "vite/rolldown/@rolldown/binding-openharmony-arm64": ["@rolldown/binding-openharmony-arm64@1.0.3", "", { "os": "none", "cpu": "arm64" }, "sha512-OXXS3RKJgX2uLwM+gYyuH5omcH8fL1LJs96pZGgtetVCahON57+d4SJHzTgZiOjxgGkSnpXpOsWuPDGAKAigEg=="], - - "vite/rolldown/@rolldown/binding-wasm32-wasi": ["@rolldown/binding-wasm32-wasi@1.0.3", "", { "dependencies": { "@emnapi/core": "1.10.0", "@emnapi/runtime": "1.10.0", "@napi-rs/wasm-runtime": "^1.1.4" }, "cpu": "none" }, "sha512-JTtb8BWFynicNSoPrehsCzBtOKjZ6jhMiPFEmOiuXg1Fl8dn2KHQob+GuPSGR0dryQa1PQJbzjF3dqO/whhjLg=="], - - "vite/rolldown/@rolldown/binding-win32-arm64-msvc": ["@rolldown/binding-win32-arm64-msvc@1.0.3", "", { "os": "win32", "cpu": "arm64" }, "sha512-gEdFFEN70A/jxb2svrWsN3aDL7OUtmvlOy+6fa2jxG8K0wQ1ZbdeLGnidov6Yu5/733dI5ySfzFlQ/cb0bSz1g=="], - - "vite/rolldown/@rolldown/binding-win32-x64-msvc": ["@rolldown/binding-win32-x64-msvc@1.0.3", "", { "os": "win32", "cpu": "x64" }, "sha512-eXB7CHuaQdqmJcc3koCNtNPmT/bj2gc999kUFgBxG8Ac0NdgXc4rkCHhqrgrhN3zddvvvrgzj1e90SuSfmyIXA=="], - "wrap-ansi-cjs/ansi-styles/color-convert": ["color-convert@2.0.1", "", { "dependencies": { "color-name": "~1.1.4" } }, "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ=="], "wrap-ansi-cjs/string-width/emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="], @@ -2376,10 +2342,6 @@ "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.59.3", "", { "dependencies": { "@typescript-eslint/types": "8.59.3", "eslint-visitor-keys": "^5.0.0" } }, "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg=="], - "vite/rolldown/@rolldown/binding-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.10.0", "", { "dependencies": { "@emnapi/wasi-threads": "1.2.1", "tslib": "^2.4.0" } }, "sha512-yq6OkJ4p82CAfPl0u9mQebQHKPJkY7WrIuk205cTYnYe+k2Z8YBh11FrbRG/H6ihirqcacOgl2BIO8oyMQLeXw=="], - - "vite/rolldown/@rolldown/binding-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.10.0", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA=="], - "wrap-ansi-cjs/ansi-styles/color-convert/color-name": ["color-name@1.1.4", "", {}, "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="], "@semantic-release/release-notes-generator/read-package-up/read-pkg/normalize-package-data/hosted-git-info": ["hosted-git-info@7.0.2", "", { "dependencies": { "lru-cache": "^10.0.1" } }, "sha512-puUZAUKT5m8Zzvs72XWy3HtvVbTWljRE66cP60bxJzAqf2DgICo7lYTY2IHUmLnNpjYvw5bvmoHvPc0QO2a62w=="], @@ -2398,8 +2360,6 @@ "pkg-conf/find-up/locate-path/p-locate/p-limit": ["p-limit@1.3.0", "", { "dependencies": { "p-try": "^1.0.0" } }, "sha512-vvcXsLAJ9Dr5rQOPk7toZQZJApBl2K4J6dANSsEuh6QI41JYcsS/qhTGa9ErIUUgK3WNQoJYvylxvjqmiqEA9Q=="], - "vite/rolldown/@rolldown/binding-wasm32-wasi/@emnapi/core/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.2.1", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-uTII7OYF+/Mes/MrcIOYp5yOtSMLBWSIoLPpcgwipoiKbli6k322tcoFsxoIIxPDqW01SQGAgko4EzZi2BNv2w=="], - "@semantic-release/release-notes-generator/read-package-up/read-pkg/normalize-package-data/hosted-git-info/lru-cache": ["lru-cache@10.4.3", "", {}, "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ=="], "cli-highlight/yargs/cliui/wrap-ansi/ansi-styles/color-convert": ["color-convert@2.0.1", "", { "dependencies": { "color-name": "~1.1.4" } }, "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ=="], diff --git a/deploy/compose.yaml b/deploy/compose.yaml index a2cfdcfd27..83caba63ed 100644 --- a/deploy/compose.yaml +++ b/deploy/compose.yaml @@ -290,7 +290,7 @@ services: start_period: 45s mitmproxy: - image: mitmproxy/mitmproxy:11.1.3@sha256:e0deb0df7edf9f909053f274a067cd1cacb90f5c17d74459e1693179c0b98d8f + image: mitmproxy/mitmproxy:12.2.3@sha256:00b77b5d8804c8ad18cb6caefbf9d5849e895e8986c5ce011f4ae30f4385962f command: > mitmdump -s /scripts/allowlist.py diff --git a/deploy/egress-smoke.sh b/deploy/egress-smoke.sh index 515dd2b44b..d51ee08897 100644 --- a/deploy/egress-smoke.sh +++ b/deploy/egress-smoke.sh @@ -37,6 +37,20 @@ SMOKE_DIR="$(mktemp -d)" PASS=0 FAIL=0 +# --------------------------------------------------------------------------- +# Derive the mitmproxy image from deploy/compose.yaml so the smoke always +# exercises the same image pin that the production stack uses. This keeps +# egress-smoke.sh in lockstep with compose.yaml automatically — a Renovate +# bump to compose.yaml is immediately picked up here without a separate edit. +# --------------------------------------------------------------------------- +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +MITMPROXY_IMAGE="$(grep '^[[:space:]]*image: mitmproxy/mitmproxy:' "${SCRIPT_DIR}/compose.yaml" | head -1 | sed 's/.*image: //' | tr -d '[:space:]')" +if [[ -z "${MITMPROXY_IMAGE}" ]]; then + echo "ERROR: could not extract mitmproxy image from ${SCRIPT_DIR}/compose.yaml" >&2 + exit 1 +fi +echo "--- mitmproxy image (from compose.yaml): ${MITMPROXY_IMAGE} ---" + cleanup() { echo "--- cleaning up compose project ${COMPOSE_PROJECT} ---" docker compose -p "${COMPOSE_PROJECT}" -f "${SMOKE_DIR}/compose.yaml" down -v --remove-orphans 2>/dev/null || true @@ -71,7 +85,7 @@ name: ${COMPOSE_PROJECT} services: mitmproxy: - image: mitmproxy/mitmproxy:11.1.3@sha256:e0deb0df7edf9f909053f274a067cd1cacb90f5c17d74459e1693179c0b98d8f + image: ${MITMPROXY_IMAGE} command: > mitmdump -s /scripts/allowlist.py diff --git a/deploy/validate-stack.test.sh b/deploy/validate-stack.test.sh index 2b1a30900e..e11b6eb256 100644 --- a/deploy/validate-stack.test.sh +++ b/deploy/validate-stack.test.sh @@ -4656,6 +4656,67 @@ echo "" echo " OP-12 output (stderr+stdout combined):" echo "${OP12_OUTPUT}" | sed 's/^/ /' +# --------------------------------------------------------------------------- +# LOCKSTEP-1 — Negative/Positive: egress-smoke.sh must not hardcode the +# mitmproxy image; it must derive it from deploy/compose.yaml. +# +# Regression guard for PR #1021 (mitmproxy 11.1.3 → v12 Renovate bump): +# egress-smoke.sh previously hardcoded the mitmproxy image/pin, so a +# Renovate bump to compose.yaml would leave the smoke running the OLD image +# and never exercise the new version before approval. +# +# This test proves the lockstep invariant statically (no Docker required): +# +# (a) NEGATIVE: egress-smoke.sh must NOT contain a hardcoded +# "mitmproxy/mitmproxy:" image literal in its heredoc. If it does, +# the smoke can silently drift from compose.yaml. +# +# (b) POSITIVE: the mitmproxy image extracted from deploy/compose.yaml +# must appear in egress-smoke.sh as a variable reference +# (${MITMPROXY_IMAGE}), proving the script reads the canonical source. +# +# (c) POSITIVE: the image extracted from deploy/compose.yaml must be +# non-empty (sanity check that the extraction itself works). +# +# Run from repo root: +# bash deploy/validate-stack.test.sh +# --------------------------------------------------------------------------- +echo "" +echo "--- LOCKSTEP-1: egress-smoke.sh must derive mitmproxy image from compose.yaml ---" + +EGRESS_SMOKE_FILE="deploy/egress-smoke.sh" +COMPOSE_FILE_LOCKSTEP="deploy/compose.yaml" + +# (a) egress-smoke.sh must NOT contain a hardcoded mitmproxy/mitmproxy: image literal +# as a YAML value (i.e., a line starting with optional whitespace then "image: mitmproxy/mitmproxy:"). +# We match only lines where "image:" is a YAML key (leading spaces allowed), not grep arguments +# or comments that happen to contain the string. +if grep -qE '^[[:space:]]+image: mitmproxy/mitmproxy:' "${EGRESS_SMOKE_FILE}"; then + fail "LOCKSTEP-1(a): ${EGRESS_SMOKE_FILE} contains a hardcoded YAML 'image: mitmproxy/mitmproxy:' value — it must derive the image from ${COMPOSE_FILE_LOCKSTEP} via \${MITMPROXY_IMAGE}" +else + pass "LOCKSTEP-1(a): ${EGRESS_SMOKE_FILE} does not hardcode a YAML 'image: mitmproxy/mitmproxy:' value — image is derived dynamically" +fi + +# (b) egress-smoke.sh must reference ${MITMPROXY_IMAGE} in the heredoc. +if grep -q 'image: \${MITMPROXY_IMAGE}' "${EGRESS_SMOKE_FILE}"; then + pass "LOCKSTEP-1(b): ${EGRESS_SMOKE_FILE} uses \${MITMPROXY_IMAGE} variable in the smoke compose heredoc" +else + fail "LOCKSTEP-1(b): ${EGRESS_SMOKE_FILE} does not reference \${MITMPROXY_IMAGE} in the smoke compose heredoc — lockstep wiring is missing" +fi + +# (c) The mitmproxy image in compose.yaml must be non-empty (extraction sanity check). +COMPOSE_MITM_IMAGE="$(grep 'image: mitmproxy/mitmproxy:' "${COMPOSE_FILE_LOCKSTEP}" | head -1 | sed 's/.*image: //' | tr -d '[:space:]')" +if [[ -n "${COMPOSE_MITM_IMAGE}" ]]; then + pass "LOCKSTEP-1(c): mitmproxy image extracted from ${COMPOSE_FILE_LOCKSTEP}: ${COMPOSE_MITM_IMAGE}" +else + fail "LOCKSTEP-1(c): could not extract mitmproxy image from ${COMPOSE_FILE_LOCKSTEP} — check the image: line format" +fi + +echo "" +echo " LOCKSTEP-1 context:" +echo " compose.yaml image : ${COMPOSE_MITM_IMAGE:-}" +echo " egress-smoke.sh : $(grep 'image:.*mitmproxy' "${EGRESS_SMOKE_FILE}" | head -1 | sed 's/^[[:space:]]*//' || echo '')" + # --------------------------------------------------------------------------- # Summary # --------------------------------------------------------------------------- diff --git a/dist/THIRD_PARTY_NOTICES.txt b/dist/THIRD_PARTY_NOTICES.txt index 4575bd71fa..5a5b7eea97 100644 --- a/dist/THIRD_PARTY_NOTICES.txt +++ b/dist/THIRD_PARTY_NOTICES.txt @@ -6522,7 +6522,7 @@ Apache-2.0 limitations under the License. -@hono/node-server@1.19.14 +@hono/node-server@2.0.6 MIT MIT License diff --git a/package.json b/package.json index f8fade704a..8af8534944 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ "picomatch": ">=4.0.4", "tar": ">=7.5.11", "undici": ">=7.24.0", - "vite": "8.0.16", + "vite": "8.1.0", "yaml": ">=2.8.3" }, "dependencies": { diff --git a/packages/gateway/package.json b/packages/gateway/package.json index 76e00ed802..7ac08d02f5 100644 --- a/packages/gateway/package.json +++ b/packages/gateway/package.json @@ -13,7 +13,7 @@ }, "dependencies": { "@fro-bot/runtime": "workspace:*", - "@hono/node-server": "1.19.14", + "@hono/node-server": "2.0.6", "@octokit/core": "7.0.6", "discord.js": "14.26.4", "effect": "3.21.4",