This removes the need for us to manually rebuild these amalgamation files. I
added the "manual" tag to the corresponding staleness tests so that we won't
get presubmit errors if the amalgamation files are out of date. I also had to
tweak the Ruby BUILD.bazel file to make sure it uses Bazel-generated
amalgamations instead of relying on the checked-in files.
I added deliberate errors to the Ruby and PHP amalgamation files to test that
everything is working. We should not see any CI errors, and the files should
quickly be auto-updated after the change lands on main.
PiperOrigin-RevId: 561187352
Removes 1 virtual function from each Message type.
We keep the codegen for GetCachedSize+SetCachedSize to allow for non-virtual dispatch for those calls, but they are not overriding a virtual function.
PiperOrigin-RevId: 561052979
This is a step forward for the full migration of Automatic Exec Groups (AEGs). This change will be effective once AEGs are enabled.
In this CL I've added a toolchain_type to `toolchain` attribute of ctx.actions.{run, run_shell} since the Execution platform is selected on a toolchain type level, not on a rule level like before AEGs.
PiperOrigin-RevId: 561043901
## Description
I would like to suggest a security practice recommended by the [OpenSSF Scorecard][scorecard-repo] which is to hash pin dependencies to prevent typosquatting and tag renaming attacks.
The change would only be applied to GitHub workflows.
This means hash pinning GitHub Workflow actions.
Along with hash-pinning dependencies, I also recommend adopting dependabot (or other dependency update tool) to help keep the dependencies up to date. Most tools can update hashes and associated semantic version comments.
Any questions or concerns just let me know.
Thanks!
## Additional Context
A tag renaming attack is a type of attack whereby an attacker:
- Hijack an action.
- Upload a malicious version.
- Replace existing tags with malicious versions.
A [typosquatting attack][typosquatting] is a type of attack whereby an attacker:
- Create a malicious package
- Publish it with a similar name of a known package (example: numpi instead of numpy)
For more informations about the dependency-update tools:
- [Dependabot][dependabot]
[scorecard-repo]: https://github.com/ossf/scorecard
[deps-confusion]: https://www.websecuritylens.org/how-dependency-confusion-attack-works-and-how-to-prevent-it/
[typosquatting]: https://snyk.io/blog/typosquatting-attacks/
[dependabot]: https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/
[renovatebot]:https://www.mend.io/renovate/
PiperOrigin-RevId: 561019142
These cross dependencies will be going away soon when we merge protobuf and upb
into a single Bazel repo, but I thought it would be good to update these just
in case we need to do a release before that merge happens.
PiperOrigin-RevId: 560756369
GetOptions on fields (which parse the _serialized_options) will be called for the first time of parse or serialize instead of Build time.
Note: GetOptions on messages are still called in Build time because of message_set_wire_format. If message options are needed in descriptor.proto, a parse error will be raised in GetOptions(). We can check the file to not invoke GetOptions() for descriptor.proto as long as message_set_wire_format not needed in descriptor.proto.
Other options except message options do not invoke GetOptions() in Build time
PiperOrigin-RevId: 560741182
This branch is only for `!using_sso()`. That means that:
- `old_tagged_ptr` has low bit is set to 1
- `old_tagged_ptr` points to allocated `Rep` structure
Both facts suggest that `old_tagged_ptr` cannot be equal to nullptr.
PiperOrigin-RevId: 560704777
Currently all our upb CI coverage is running from within the protobuf workspace
and referring to upb as the external repo `@upb`. This change makes the GCC
test run cd into upb and use its workspace instead, just to make sure that
builds in the upb workspace have some coverage.
PiperOrigin-RevId: 560197956
We plan to unify protobuf and upb into a single Bazel repo, but for now they
are separate repos as far as Bazel is concerned. This change will make upb's
workspace depend on the local copy of protobuf so that protobuf changes take
effect immediately for builds inside upb's workspace. This also mimicks the way
that the protobuf workspace depends on upb.
PiperOrigin-RevId: 560188433
This change significantly reduces the code size for large enums and improves
performance by reducing cache misses and branch mispredictions.
Change the table-driven parser to use these tables instead of going through the _IsValid functions. This avoids indirect function calls in the parser.
PiperOrigin-RevId: 560179698
Protobuf Team Bot
Protobuf Team Bot
Shixin Li
Adam Cozzette
Jie Luo
Hong Shin
Nevena Kotlaja
Eric Salo
Matt Kulukundis
Alyssa Haroldsen
Martijn Vels
Mike Kruskal
Sandy Zhang