e34032d08f
chore: bump version to 0.2.25
...
Changes:
- fix(rate-limit): NORA_RATE_LIMIT_ENABLED flag + SmartIpKeyExtractor
- deps: clap 4.5.60, uuid 1.21.0, tempfile 3.26.0, bcrypt 0.18.0, indicatif 0.18.4
- ci: checkout v6, upload-artifact v7, gh-release v2, trivy v0.34.2, build-push v6
2026-03-03 09:16:20 +00:00
03a3bf9197
Merge pull request #15 from getnora-io/dependabot/github_actions/docker/build-push-action-6
...
chore(deps): bump docker/build-push-action from 5 to 6
2026-03-03 12:14:56 +03:00
6c5f0dda30
Merge pull request #14 from getnora-io/dependabot/github_actions/aquasecurity/trivy-action-0.34.2
...
chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.34.2
2026-03-03 12:14:42 +03:00
fb058302c8
Merge pull request #13 from getnora-io/dependabot/github_actions/softprops/action-gh-release-2
...
chore(deps): bump softprops/action-gh-release from 1 to 2
2026-03-03 12:14:29 +03:00
79565aec47
Merge pull request #12 from getnora-io/dependabot/github_actions/actions/upload-artifact-7
...
chore(deps): bump actions/upload-artifact from 4 to 7
2026-03-03 12:14:16 +03:00
58a484d805
Merge pull request #11 from getnora-io/dependabot/github_actions/actions/checkout-6
...
chore(deps): bump actions/checkout from 4 to 6
2026-03-03 12:14:04 +03:00
45c3e276dc
Merge pull request #8 from getnora-io/dependabot/cargo/indicatif-0.18.4
...
chore(deps): bump indicatif from 0.17.11 to 0.18.4
2026-03-03 12:13:33 +03:00
dependabot[bot]
f4e53b85dd
chore(deps): bump indicatif from 0.17.11 to 0.18.4
...
Bumps [indicatif](https://github.com/console-rs/indicatif ) from 0.17.11 to 0.18.4.
- [Release notes](https://github.com/console-rs/indicatif/releases )
- [Commits](https://github.com/console-rs/indicatif/compare/0.17.11...0.18.4 )
---
updated-dependencies:
- dependency-name: indicatif
dependency-version: 0.18.4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 09:13:21 +00:00
05d89d5153
Merge pull request #18 from getnora-io/dependabot/cargo/bcrypt-0.18.0
...
chore(deps): bump bcrypt from 0.17.1 to 0.18.0
2026-03-03 12:13:20 +03:00
b149f7ebd4
Merge pull request #19 from getnora-io/dependabot/cargo/tempfile-3.26.0
...
chore(deps): bump tempfile from 3.24.0 to 3.26.0
2026-03-03 12:12:32 +03:00
5254e2a54a
Merge pull request #17 from getnora-io/dependabot/cargo/uuid-1.21.0
...
chore(deps): bump uuid from 1.20.0 to 1.21.0
2026-03-03 12:12:19 +03:00
8783d1dc4b
Merge pull request #16 from getnora-io/dependabot/cargo/clap-4.5.60
...
chore(deps): bump clap from 4.5.56 to 4.5.60
2026-03-03 12:12:04 +03:00
dependabot[bot]
4c05df2359
chore(deps): bump clap from 4.5.56 to 4.5.60
...
Bumps [clap](https://github.com/clap-rs/clap ) from 4.5.56 to 4.5.60.
- [Release notes](https://github.com/clap-rs/clap/releases )
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.56...clap_complete-v4.5.60 )
---
updated-dependencies:
- dependency-name: clap
dependency-version: 4.5.60
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 08:53:05 +00:00
7f8e3cfe68
fix(rate-limit): add NORA_RATE_LIMIT_ENABLED flag and SmartIpKeyExtractor
...
- Add enabled field to RateLimitConfig (default: true, env: NORA_RATE_LIMIT_ENABLED)
- Skip rate limiter layers entirely when disabled
- Replace PeerIpKeyExtractor with SmartIpKeyExtractor for upload/general routes
to correctly identify clients behind reverse proxies and Docker bridge networks
- Keep PeerIpKeyExtractor for auth routes (stricter brute-force protection)
Root cause: PeerIpKeyExtractor saw all Docker bridge traffic as single IP (172.17.0.1),
exhausting GCRA bucket for all clients simultaneously. With burst=1M, recovery time
reached 84000+ seconds.
2026-03-03 08:51:33 +00:00
dependabot[bot]
13f33e8919
chore(deps): bump tempfile from 3.24.0 to 3.26.0
...
Bumps [tempfile](https://github.com/Stebalien/tempfile ) from 3.24.0 to 3.26.0.
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.24.0...v3.26.0 )
---
updated-dependencies:
- dependency-name: tempfile
dependency-version: 3.26.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 04:26:40 +00:00
dependabot[bot]
7454ff2e03
chore(deps): bump bcrypt from 0.17.1 to 0.18.0
...
Bumps [bcrypt](https://github.com/Keats/rust-bcrypt ) from 0.17.1 to 0.18.0.
- [Commits](https://github.com/Keats/rust-bcrypt/compare/v0.17.1...v0.18.0 )
---
updated-dependencies:
- dependency-name: bcrypt
dependency-version: 0.18.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 04:26:29 +00:00
dependabot[bot]
5ffb5a9be3
chore(deps): bump uuid from 1.20.0 to 1.21.0
...
Bumps [uuid](https://github.com/uuid-rs/uuid ) from 1.20.0 to 1.21.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases )
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.20.0...v1.21.0 )
---
updated-dependencies:
- dependency-name: uuid
dependency-version: 1.21.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 04:26:15 +00:00
dependabot[bot]
c8793a4b60
chore(deps): bump docker/build-push-action from 5 to 6
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 04:25:58 +00:00
dependabot[bot]
fd4a7b0b0f
chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.34.2
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.30.0 to 0.34.2.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.30.0...0.34.2 )
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-version: 0.34.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 04:25:55 +00:00
dependabot[bot]
7af1e7462c
chore(deps): bump softprops/action-gh-release from 1 to 2
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-version: '2'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 04:25:51 +00:00
dependabot[bot]
de1a188fa7
chore(deps): bump actions/upload-artifact from 4 to 7
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v7 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 04:25:48 +00:00
dependabot[bot]
36d0749bb3
chore(deps): bump actions/checkout from 4 to 6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-03 04:25:43 +00:00
fb0f80ac5a
ci: move scan/release to self-hosted, use NORA for cache and images
...
- Add NORA (localhost:5000) as internal registry for image push and cache
- Replace type=gha cache with type=registry pointing to NORA
- Move scan and release jobs from ubuntu-latest to self-hosted runner
- Upload binary as artifact in build, download in release (no docker pull)
- Generate SBOM from NORA image instead of ghcr.io
- Add driver-opts: network=host to buildx for localhost registry access
2026-02-25 00:19:37 +00:00
161d7f706a
chore: bump version to 0.2.24
2026-02-24 17:09:55 +00:00
e4e38e3aab
docs: add Astra Linux SE restore to CHANGELOG [Unreleased]
2026-02-24 17:02:14 +00:00
b153bc0c5b
ci: restore Astra Linux SE build, scan, and release image
2026-02-24 17:01:14 +00:00
d76383c701
docs: update CHANGELOG for v0.2.19–v0.2.23 and Unreleased (EN/RU)
2026-02-24 16:44:49 +00:00
d161c2f645
feat: add install.sh script
2026-02-24 15:00:19 +00:00
c7f9d5c036
ci: fix binary path in image (/usr/local/bin/nora)
2026-02-24 14:03:16 +00:00
b41bfd9a88
ci: pin build job to nora runner label to avoid wrong runner
2026-02-24 13:18:11 +00:00
3e3070a401
docs: use logo.jpg in README
2026-02-24 12:47:07 +00:00
3868b16ea4
docs: replace text title with SVG logo, O styled in blue-600
2026-02-24 12:29:07 +00:00
3a6d3eeb9a
feat: add binary + sha256 to GitHub Release artifacts
2026-02-24 12:14:29 +00:00
dd29707395
ci: ignore RUSTSEC-2025-0119 (number_prefix unmaintained, transitive via indicatif)
2026-02-24 12:06:34 +00:00
e7a6a652af
ci: allow CDLA-Permissive-2.0 license (webpki-roots)
2026-02-24 11:54:19 +00:00
4ad802ce2f
fix: bump prometheus 0.13->0.14 and bytes 1.11.0->1.11.1 (CVE-2025-53605, CVE-2026-25541)
2026-02-24 11:36:07 +00:00
dependabot[bot]
04c806b659
chore(deps): bump chrono from 0.4.43 to 0.4.44 ( #10 )
...
Bumps [chrono](https://github.com/chronotope/chrono ) from 0.4.43 to 0.4.44.
- [Release notes](https://github.com/chronotope/chrono/releases )
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md )
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.43...v0.4.44 )
---
updated-dependencies:
- dependency-name: chrono
dependency-version: 0.4.44
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:23:06 +01:00
dependabot[bot]
50a5395a87
chore(deps): bump quick-xml from 0.31.0 to 0.39.2 ( #9 )
...
Bumps [quick-xml](https://github.com/tafia/quick-xml ) from 0.31.0 to 0.39.2.
- [Release notes](https://github.com/tafia/quick-xml/releases )
- [Changelog](https://github.com/tafia/quick-xml/blob/master/Changelog.md )
- [Commits](https://github.com/tafia/quick-xml/compare/v0.31.0...v0.39.2 )
---
updated-dependencies:
- dependency-name: quick-xml
dependency-version: 0.39.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:22:58 +01:00
dependabot[bot]
bcd172f23f
chore(deps): bump toml from 0.8.23 to 1.0.3+spec-1.1.0 ( #7 )
...
Bumps [toml](https://github.com/toml-rs/toml ) from 0.8.23 to 1.0.3+spec-1.1.0.
- [Commits](https://github.com/toml-rs/toml/compare/toml-v0.8.23...toml-v1.0.3 )
---
updated-dependencies:
- dependency-name: toml
dependency-version: 1.0.3+spec-1.1.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:22:52 +01:00
dependabot[bot]
a5a7c4f8be
chore(deps): bump flate2 from 1.1.8 to 1.1.9 ( #6 )
...
Bumps [flate2](https://github.com/rust-lang/flate2-rs ) from 1.1.8 to 1.1.9.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases )
- [Commits](https://github.com/rust-lang/flate2-rs/compare/1.1.8...1.1.9 )
---
updated-dependencies:
- dependency-name: flate2
dependency-version: 1.1.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:22:46 +01:00
dependabot[bot]
2c7c497c30
chore(deps): bump softprops/action-gh-release from 1 to 2 ( #5 )
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-version: '2'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:20:23 +01:00
dependabot[bot]
6b6f88ab9c
chore(deps): bump actions/checkout from 4 to 6 ( #4 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:20:19 +01:00
dependabot[bot]
1255e3227b
chore(deps): bump docker/build-push-action from 5 to 6 ( #3 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:20:16 +01:00
dependabot[bot]
aabd0b76fb
chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.34.1 ( #2 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.30.0 to 0.34.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.30.0...0.34.1 )
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-version: 0.34.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:20:12 +01:00
ac14405af3
ci: restore scan gate on release, block on HIGH/CRITICAL CVE
2026-02-24 10:53:28 +00:00
5f385dce45
ci: add dependabot, pin trivy-action@0.30.0, release no longer waits on scan
2026-02-24 10:48:06 +00:00
761e08f168
ci: upgrade codeql-action v3 -> v4
2026-02-24 10:41:37 +00:00
eb4f82df07
ci: fix deny.toml deprecated keys (copyleft, unlicensed removed in cargo-deny)
2026-02-24 10:26:58 +00:00
9784ad1813
chore: bump version to 0.2.22
2026-02-24 09:20:52 +00:00
fc1288820d
ci: remove astra build for now
2026-02-24 00:39:16 +00:00
