build(deps): bump wasmtime-go to v3 (#5422)

Release notes for Wasmtime 3.0.0: https://github.com/bytecodealliance/wasmtime/blob/main/RELEASES.md#300 But we're also now getting a bunch of CVE fixes, which is the real reason for updating this dependency: CVE-2022-39392 - modules may perform out-of-bounds reads/writes when the pooling allocator was configured with memory_pages: 0. CVE-2022-39393 - data can be leaked between instances when using the pooling allocator. CVE-2022-39394 - An incorrect Rust signature for the C API wasmtime_trap_code function could lead to an out-of-bounds write of three zero bytes. We're not using their allocator, but the last one could have been a problem for us, too. I've never seen it happen in the wild, but it's definitely a code path that we're using. Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
open-policy-agent · Nov 30, 2022 · 6798ec7 · 6798ec7
1 parent 9354f89
commit 6798ec7
Show file tree

Hide file tree

Showing 73 changed files with 89 additions and 940 deletions.
diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/OneOfOne/xxhash v1.2.8
 	github.com/agnivade/levenshtein v1.1.1
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/bytecodealliance/wasmtime-go v1.0.0
+	github.com/bytecodealliance/wasmtime-go/v3 v3.0.2
 	github.com/containerd/containerd v1.6.10
 	github.com/dgraph-io/badger/v3 v3.2103.4
 	github.com/fortytw2/leaktest v1.3.0

diff --git a/go.sum b/go.sum
diff --git a/internal/wasm/sdk/internal/wasm/bindings.go b/internal/wasm/sdk/internal/wasm/bindings.go
@@ -16,7 +16,7 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/bytecodealliance/wasmtime-go"
+	wasmtime "github.com/bytecodealliance/wasmtime-go/v3"
 
 	"github.com/open-policy-agent/opa/ast"
 	"github.com/open-policy-agent/opa/metrics"

diff --git a/internal/wasm/sdk/internal/wasm/pool.go b/internal/wasm/sdk/internal/wasm/pool.go
@@ -9,7 +9,7 @@ import (
 	"context"
 	"sync"
 
-	"github.com/bytecodealliance/wasmtime-go"
+	wasmtime "github.com/bytecodealliance/wasmtime-go/v3"
 
 	"github.com/open-policy-agent/opa/internal/wasm/sdk/opa/errors"
 	"github.com/open-policy-agent/opa/internal/wasm/util"

diff --git a/internal/wasm/sdk/internal/wasm/vm.go b/internal/wasm/sdk/internal/wasm/vm.go
@@ -14,7 +14,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/bytecodealliance/wasmtime-go"
+	wasmtime "github.com/bytecodealliance/wasmtime-go/v3"
 
 	"github.com/open-policy-agent/opa/ast"
 	sdk_errors "github.com/open-policy-agent/opa/internal/wasm/sdk/opa/errors"

diff --git a/vendor/github.com/bytecodealliance/wasmtime-go/includebuild.go b/vendor/github.com/bytecodealliance/wasmtime-go/includebuild.go
diff --git a/.../bytecodealliance/wasmtime-go/BUILD.bazel → ...tecodealliance/wasmtime-go/v3/BUILD.bazel b/.../bytecodealliance/wasmtime-go/BUILD.bazel → ...tecodealliance/wasmtime-go/v3/BUILD.bazel
diff --git a/....com/bytecodealliance/wasmtime-go/LICENSE → ...m/bytecodealliance/wasmtime-go/v3/LICENSE b/....com/bytecodealliance/wasmtime-go/LICENSE → ...m/bytecodealliance/wasmtime-go/v3/LICENSE
diff --git a/...om/bytecodealliance/wasmtime-go/README.md → ...bytecodealliance/wasmtime-go/v3/README.md b/...om/bytecodealliance/wasmtime-go/README.md → ...bytecodealliance/wasmtime-go/v3/README.md
diff --git a/...om/bytecodealliance/wasmtime-go/WORKSPACE → ...bytecodealliance/wasmtime-go/v3/WORKSPACE b/...om/bytecodealliance/wasmtime-go/WORKSPACE → ...bytecodealliance/wasmtime-go/v3/WORKSPACE
diff --git a/...ance/wasmtime-go/build/include/doc-wasm.h → ...e/wasmtime-go/v3/build/include/doc-wasm.h b/...ance/wasmtime-go/build/include/doc-wasm.h → ...e/wasmtime-go/v3/build/include/doc-wasm.h
diff --git a/...liance/wasmtime-go/build/include/empty.go → ...nce/wasmtime-go/v3/build/include/empty.go b/...liance/wasmtime-go/build/include/empty.go → ...nce/wasmtime-go/v3/build/include/empty.go
diff --git a/...alliance/wasmtime-go/build/include/wasi.h → ...iance/wasmtime-go/v3/build/include/wasi.h b/...alliance/wasmtime-go/build/include/wasi.h → ...iance/wasmtime-go/v3/build/include/wasi.h
diff --git a/...alliance/wasmtime-go/build/include/wasm.h → ...iance/wasmtime-go/v3/build/include/wasm.h b/...alliance/wasmtime-go/build/include/wasm.h → ...iance/wasmtime-go/v3/build/include/wasm.h
diff --git a/...ance/wasmtime-go/build/include/wasmtime.h → ...e/wasmtime-go/v3/build/include/wasmtime.h b/...ance/wasmtime-go/build/include/wasmtime.h → ...e/wasmtime-go/v3/build/include/wasmtime.h
diff --git a/...smtime-go/build/include/wasmtime/config.h → ...ime-go/v3/build/include/wasmtime/config.h b/...smtime-go/build/include/wasmtime/config.h → ...ime-go/v3/build/include/wasmtime/config.h
diff --git a/...smtime-go/build/include/wasmtime/empty.go → ...ime-go/v3/build/include/wasmtime/empty.go b/...smtime-go/build/include/wasmtime/empty.go → ...ime-go/v3/build/include/wasmtime/empty.go
diff --git a/...smtime-go/build/include/wasmtime/engine.h → ...ime-go/v3/build/include/wasmtime/engine.h b/...smtime-go/build/include/wasmtime/engine.h → ...ime-go/v3/build/include/wasmtime/engine.h
diff --git a/...asmtime-go/build/include/wasmtime/error.h → ...time-go/v3/build/include/wasmtime/error.h b/...asmtime-go/build/include/wasmtime/error.h → ...time-go/v3/build/include/wasmtime/error.h
diff --git a/...smtime-go/build/include/wasmtime/extern.h → ...ime-go/v3/build/include/wasmtime/extern.h b/...smtime-go/build/include/wasmtime/extern.h → ...ime-go/v3/build/include/wasmtime/extern.h
diff --git a/...wasmtime-go/build/include/wasmtime/func.h → ...mtime-go/v3/build/include/wasmtime/func.h b/...wasmtime-go/build/include/wasmtime/func.h → ...mtime-go/v3/build/include/wasmtime/func.h