## Description
I would like to suggest a security practice recommended by the [OpenSSF Scorecard][scorecard-repo] which is to hash pin dependencies to prevent typosquatting and tag renaming attacks.
The change would only be applied to GitHub workflows.
This means hash pinning GitHub Workflow actions.
Along with hash-pinning dependencies, I also recommend adopting dependabot (or other dependency update tool) to help keep the dependencies up to date. Most tools can update hashes and associated semantic version comments.
Any questions or concerns just let me know.
Thanks!
## Additional Context
A tag renaming attack is a type of attack whereby an attacker:
- Hijack an action.
- Upload a malicious version.
- Replace existing tags with malicious versions.
A [typosquatting attack][typosquatting] is a type of attack whereby an attacker:
- Create a malicious package
- Publish it with a similar name of a known package (example: numpi instead of numpy)
For more informations about the dependency-update tools:
- [Dependabot][dependabot]
[scorecard-repo]: https://github.com/ossf/scorecard
[deps-confusion]: https://www.websecuritylens.org/how-dependency-confusion-attack-works-and-how-to-prevent-it/
[typosquatting]: https://snyk.io/blog/typosquatting-attacks/
[dependabot]: https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/
[renovatebot]:https://www.mend.io/renovate/
PiperOrigin-RevId: 561019142
These cross dependencies will be going away soon when we merge protobuf and upb
into a single Bazel repo, but I thought it would be good to update these just
in case we need to do a release before that merge happens.
PiperOrigin-RevId: 560756369
GetOptions on fields (which parse the _serialized_options) will be called for the first time of parse or serialize instead of Build time.
Note: GetOptions on messages are still called in Build time because of message_set_wire_format. If message options are needed in descriptor.proto, a parse error will be raised in GetOptions(). We can check the file to not invoke GetOptions() for descriptor.proto as long as message_set_wire_format not needed in descriptor.proto.
Other options except message options do not invoke GetOptions() in Build time
PiperOrigin-RevId: 560741182
This branch is only for `!using_sso()`. That means that:
- `old_tagged_ptr` has low bit is set to 1
- `old_tagged_ptr` points to allocated `Rep` structure
Both facts suggest that `old_tagged_ptr` cannot be equal to nullptr.
PiperOrigin-RevId: 560704777
Currently all our upb CI coverage is running from within the protobuf workspace
and referring to upb as the external repo `@upb`. This change makes the GCC
test run cd into upb and use its workspace instead, just to make sure that
builds in the upb workspace have some coverage.
PiperOrigin-RevId: 560197956
We plan to unify protobuf and upb into a single Bazel repo, but for now they
are separate repos as far as Bazel is concerned. This change will make upb's
workspace depend on the local copy of protobuf so that protobuf changes take
effect immediately for builds inside upb's workspace. This also mimicks the way
that the protobuf workspace depends on upb.
PiperOrigin-RevId: 560188433
This change significantly reduces the code size for large enums and improves
performance by reducing cache misses and branch mispredictions.
Change the table-driven parser to use these tables instead of going through the _IsValid functions. This avoids indirect function calls in the parser.
PiperOrigin-RevId: 560179698
Our automation clobbered a few more files, so let's move them
temporarily so that we can put them back in place in a way that "git
blame" continues to work.
This is the second attempt to fix our Git history. This should allow
"git blame" to work correctly in the upb/ directory even though our
automation unexpectedly blew away that directory.
Protobuf Team Bot
Protobuf Team Bot
Adam Cozzette
Eric Salo
Matt Kulukundis
Alyssa Haroldsen
Martijn Vels
Mike Kruskal
Sandy Zhang
Jie Luo
Hong Shin