From fe7049e5e3fbad7904b8a99eeb1cfdfa3047262e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 10 Nov 2025 14:21:16 +0000 Subject: [PATCH 1/3] Initial plan From dc052b83e2b51fb06ef18cddd20726a85e07e76e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 10 Nov 2025 14:29:59 +0000 Subject: [PATCH 2/3] Update golang.org/x/sync to v0.18.0 and add node, python, go domains to defaults Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- pkg/workflow/data/ecosystem_domains.json | 9 ++++++++- pkg/workflow/ecosystem_domains_test.go | 10 +++++++--- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 1d903230fde..03851a9d285 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( github.com/yosida95/uritemplate/v3 v3.0.2 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.9.0 // indirect - golang.org/x/sync v0.17.0 // indirect + golang.org/x/sync v0.18.0 // indirect golang.org/x/sys v0.38.0 // indirect golang.org/x/term v0.36.0 // indirect golang.org/x/text v0.30.0 // indirect diff --git a/go.sum b/go.sum index 7dd701b0b2e..8523b6d40cc 100644 --- a/go.sum +++ b/go.sum @@ -127,8 +127,8 @@ go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/pkg/workflow/data/ecosystem_domains.json b/pkg/workflow/data/ecosystem_domains.json index 0d1ce173c31..72ffbda47c9 100644 --- a/pkg/workflow/data/ecosystem_domains.json +++ b/pkg/workflow/data/ecosystem_domains.json @@ -33,7 +33,14 @@ "api.snapcraft.io", "packagecloud.io", "packages.cloud.google.com", - "packages.microsoft.com" + "packages.microsoft.com", + "golang.org", + "proxy.golang.org", + "sum.golang.org", + "npmjs.org", + "registry.npmjs.org", + "pypi.org", + "files.pythonhosted.org" ], "containers": [ "ghcr.io", diff --git a/pkg/workflow/ecosystem_domains_test.go b/pkg/workflow/ecosystem_domains_test.go index 0786ebc9c53..1dafaf645d5 100644 --- a/pkg/workflow/ecosystem_domains_test.go +++ b/pkg/workflow/ecosystem_domains_test.go @@ -18,6 +18,13 @@ func TestEcosystemDomainExpansion(t *testing.T) { "archive.ubuntu.com", // Ubuntu "packagecloud.io", // Common Package Mirrors "packages.microsoft.com", // Microsoft Sources + "golang.org", // Go ecosystem + "proxy.golang.org", // Go proxy + "sum.golang.org", // Go checksum database + "npmjs.org", // Node ecosystem + "registry.npmjs.org", // NPM registry + "pypi.org", // Python ecosystem + "files.pythonhosted.org", // Python files } for _, expectedDomain := range expectedDomains { @@ -38,9 +45,6 @@ func TestEcosystemDomainExpansion(t *testing.T) { "ghcr.io", // Container registries "nuget.org", // .NET "github.com", // GitHub (not in defaults anymore) - "golang.org", // Go - "npmjs.org", // Node - "pypi.org", // Python } for _, excludedDomain := range excludedDomains { From c102e4d97284ac4e78b0a740afe332563a57ef3c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 10 Nov 2025 14:32:35 +0000 Subject: [PATCH 3/3] Update domains.go documentation to reflect new defaults Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/domains.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/workflow/domains.go b/pkg/workflow/domains.go index 846a8f27566..e1ca9ae8b24 100644 --- a/pkg/workflow/domains.go +++ b/pkg/workflow/domains.go @@ -54,7 +54,7 @@ func getEcosystemDomains(category string) []string { // Returns empty slice if network permissions configured but no domains allowed (deny all) // Returns domain list if network permissions configured with allowed domains // Supports ecosystem identifiers: -// - "defaults": basic infrastructure (certs, JSON schema, Ubuntu, common package mirrors, Microsoft sources) +// - "defaults": basic infrastructure (certs, JSON schema, Ubuntu, common package mirrors, Microsoft sources, Go, Node, Python) // - "containers": container registries (Docker, GitHub Container Registry, etc.) // - "dotnet": .NET and NuGet ecosystem // - "dart": Dart/Flutter ecosystem