Vendor Update (#16121)

* update github.com/PuerkitoBio/goquery

* update github.com/alecthomas/chroma

* update github.com/blevesearch/bleve/v2

* update github.com/caddyserver/certmagic

* update github.com/go-enry/go-enry/v2

* update github.com/go-git/go-billy/v5

* update github.com/go-git/go-git/v5

* update github.com/go-redis/redis/v8

* update github.com/go-testfixtures/testfixtures/v3

* update github.com/jaytaylor/html2text

* update github.com/json-iterator/go

* update github.com/klauspost/compress

* update github.com/markbates/goth

* update github.com/mattn/go-isatty

* update github.com/mholt/archiver/v3

* update github.com/microcosm-cc/bluemonday

* update github.com/minio/minio-go/v7

* update github.com/prometheus/client_golang

* update github.com/unrolled/render

* update github.com/xanzy/go-gitlab

* update github.com/yuin/goldmark

* update github.com/yuin/goldmark-highlighting

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/aead.go

@@ -0,0 +1,65 @@
+// Copyright (C) 2019 ProtonTech AG
+
+package algorithm
+
+import (
+	"crypto/cipher"
+	"github.com/ProtonMail/go-crypto/eax"
+	"github.com/ProtonMail/go-crypto/ocb"
+)
+
+// AEADMode defines the Authenticated Encryption with Associated Data mode of
+// operation.
+type AEADMode uint8
+
+// Supported modes of operation (see RFC4880bis [EAX] and RFC7253)
+const (
+	AEADModeEAX = AEADMode(1)
+	AEADModeOCB = AEADMode(2)
+	AEADModeGCM = AEADMode(100)
+)
+
+// TagLength returns the length in bytes of authentication tags.
+func (mode AEADMode) TagLength() int {
+	switch mode {
+	case AEADModeEAX:
+		return 16
+	case AEADModeOCB:
+		return 16
+	case AEADModeGCM:
+		return 16
+	default:
+		return 0
+	}
+}
+
+// NonceLength returns the length in bytes of nonces.
+func (mode AEADMode) NonceLength() int {
+	switch mode {
+	case AEADModeEAX:
+		return 16
+	case AEADModeOCB:
+		return 15
+	case AEADModeGCM:
+		return 12
+	default:
+		return 0
+	}
+}
+
+// New returns a fresh instance of the given mode
+func (mode AEADMode) New(block cipher.Block) (alg cipher.AEAD) {
+	var err error
+	switch mode {
+	case AEADModeEAX:
+		alg, err = eax.NewEAX(block)
+	case AEADModeOCB:
+		alg, err = ocb.NewOCB(block)
+	case AEADModeGCM:
+		alg, err = cipher.NewGCM(block)
+	}
+	if err != nil {
+		panic(err.Error())
+	}
+	return alg
+}

vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go

@@ -0,0 +1,107 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package algorithm
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/des"
+
+	"golang.org/x/crypto/cast5"
+)
+
+// Cipher is an official symmetric key cipher algorithm. See RFC 4880,
+// section 9.2.
+type Cipher interface {
+	// Id returns the algorithm ID, as a byte, of the cipher.
+	Id() uint8
+	// KeySize returns the key size, in bytes, of the cipher.
+	KeySize() int
+	// BlockSize returns the block size, in bytes, of the cipher.
+	BlockSize() int
+	// New returns a fresh instance of the given cipher.
+	New(key []byte) cipher.Block
+}
+
+// The following constants mirror the OpenPGP standard (RFC 4880).
+const (
+	TripleDES = CipherFunction(2)
+	CAST5     = CipherFunction(3)
+	AES128    = CipherFunction(7)
+	AES192    = CipherFunction(8)
+	AES256    = CipherFunction(9)
+)
+
+// CipherById represents the different block ciphers specified for OpenPGP. See
+// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13
+var CipherById = map[uint8]Cipher{
+	TripleDES.Id(): TripleDES,
+	CAST5.Id():     CAST5,
+	AES128.Id():    AES128,
+	AES192.Id():    AES192,
+	AES256.Id():    AES256,
+}
+
+type CipherFunction uint8
+
+// ID returns the algorithm Id, as a byte, of cipher.
+func (sk CipherFunction) Id() uint8 {
+	return uint8(sk)
+}
+
+var keySizeByID = map[uint8]int{
+	TripleDES.Id(): 24,
+	CAST5.Id():     cast5.KeySize,
+	AES128.Id():    16,
+	AES192.Id():    24,
+	AES256.Id():    32,
+}
+
+// KeySize returns the key size, in bytes, of cipher.
+func (cipher CipherFunction) KeySize() int {
+	switch cipher {
+	case TripleDES:
+		return 24
+	case CAST5:
+		return cast5.KeySize
+	case AES128:
+		return 16
+	case AES192:
+		return 24
+	case AES256:
+		return 32
+	}
+	return 0
+}
+
+// BlockSize returns the block size, in bytes, of cipher.
+func (cipher CipherFunction) BlockSize() int {
+	switch cipher {
+	case TripleDES:
+		return des.BlockSize
+	case CAST5:
+		return 8
+	case AES128, AES192, AES256:
+		return 16
+	}
+	return 0
+}
+
+// New returns a fresh instance of the given cipher.
+func (cipher CipherFunction) New(key []byte) (block cipher.Block) {
+	var err error
+	switch cipher {
+	case TripleDES:
+		block, err = des.NewTripleDESCipher(key)
+	case CAST5:
+		block, err = cast5.NewCipher(key)
+	case AES128, AES192, AES256:
+		block, err = aes.NewCipher(key)
+	}
+	if err != nil {
+		panic(err.Error())
+	}
+	return
+}

vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/hash.go

@@ -0,0 +1,86 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package algorithm
+
+import (
+	"crypto"
+	"fmt"
+	"hash"
+)
+
+// Hash is an official hash function algorithm. See RFC 4880, section 9.4.
+type Hash interface {
+	// Id returns the algorithm ID, as a byte, of Hash.
+	Id() uint8
+	// Available reports whether the given hash function is linked into the binary.
+	Available() bool
+	// HashFunc simply returns the value of h so that Hash implements SignerOpts.
+	HashFunc() crypto.Hash
+	// New returns a new hash.Hash calculating the given hash function. New
+	// panics if the hash function is not linked into the binary.
+	New() hash.Hash
+	// Size returns the length, in bytes, of a digest resulting from the given
+	// hash function. It doesn't require that the hash function in question be
+	// linked into the program.
+	Size() int
+	// String is the name of the hash function corresponding to the given
+	// OpenPGP hash id.
+	String() string
+}
+
+// The following vars mirror the crypto/Hash supported hash functions.
+var (
+	MD5       Hash = cryptoHash{1, crypto.MD5}
+	SHA1      Hash = cryptoHash{2, crypto.SHA1}
+	RIPEMD160 Hash = cryptoHash{3, crypto.RIPEMD160}
+	SHA256    Hash = cryptoHash{8, crypto.SHA256}
+	SHA384    Hash = cryptoHash{9, crypto.SHA384}
+	SHA512    Hash = cryptoHash{10, crypto.SHA512}
+	SHA224    Hash = cryptoHash{11, crypto.SHA224}
+)
+
+// HashById represents the different hash functions specified for OpenPGP. See
+// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-14
+var (
+	HashById = map[uint8]Hash{
+		MD5.Id():       MD5,
+		SHA1.Id():      SHA1,
+		RIPEMD160.Id(): RIPEMD160,
+		SHA256.Id():    SHA256,
+		SHA384.Id():    SHA384,
+		SHA512.Id():    SHA512,
+		SHA224.Id():    SHA224,
+	}
+)
+
+// cryptoHash contains pairs relating OpenPGP's hash identifier with
+// Go's crypto.Hash type. See RFC 4880, section 9.4.
+type cryptoHash struct {
+	id uint8
+	crypto.Hash
+}
+
+// Id returns the algorithm ID, as a byte, of cryptoHash.
+func (h cryptoHash) Id() uint8 {
+	return h.id
+}
+
+var hashNames = map[uint8]string{
+	MD5.Id():       "MD5",
+	SHA1.Id():      "SHA1",
+	RIPEMD160.Id(): "RIPEMD160",
+	SHA256.Id():    "SHA256",
+	SHA384.Id():    "SHA384",
+	SHA512.Id():    "SHA512",
+	SHA224.Id():    "SHA224",
+}
+
+func (h cryptoHash) String() string {
+	s, ok := hashNames[h.id]
+	if !ok {
+		panic(fmt.Sprintf("Unsupported hash function %d", h.id))
+	}
+	return s
+}

vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curveInfo.go

@@ -0,0 +1,118 @@
+package ecc
+
+import (
+	"github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
+	"crypto/elliptic"
+	"bytes"
+	"github.com/ProtonMail/go-crypto/bitcurves"
+	"github.com/ProtonMail/go-crypto/brainpool"
+)
+
+type SignatureAlgorithm uint8
+
+const (
+	ECDSA SignatureAlgorithm = 1
+	EdDSA SignatureAlgorithm = 2
+)
+
+type CurveInfo struct {
+	Name string
+	Oid *encoding.OID
+	Curve elliptic.Curve
+	SigAlgorithm SignatureAlgorithm
+	CurveType CurveType
+}
+
+var curves = []CurveInfo{
+	{
+		Name: "NIST curve P-256",
+		Oid: encoding.NewOID([]byte{0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07}),
+		Curve: elliptic.P256(),
+		CurveType: NISTCurve,
+		SigAlgorithm: ECDSA,
+	},
+	{
+		Name: "NIST curve P-384",
+		Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x22}),
+		Curve: elliptic.P384(),
+		CurveType: NISTCurve,
+		SigAlgorithm: ECDSA,
+	},
+	{
+		Name: "NIST curve P-521",
+		Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x23}),
+		Curve: elliptic.P521(),
+		CurveType: NISTCurve,
+		SigAlgorithm: ECDSA,
+	},
+	{
+		Name: "SecP256k1",
+		Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x0A}),
+		Curve: bitcurves.S256(),
+		CurveType: BitCurve,
+		SigAlgorithm: ECDSA,
+	},
+	{
+		Name: "Curve25519",
+		Oid: encoding.NewOID([]byte{0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01}),
+		Curve: elliptic.P256(),// filler
+		CurveType: Curve25519,
+		SigAlgorithm: ECDSA,
+	},
+	{
+		Name: "Ed25519",
+		Oid: encoding.NewOID([]byte{0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01}),
+		Curve: elliptic.P256(), // filler
+		CurveType: NISTCurve,
+		SigAlgorithm: EdDSA,
+	},
+	{
+		Name: "Brainpool P256r1",
+		Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07}),
+		Curve: brainpool.P256r1(),
+		CurveType: BrainpoolCurve,
+		SigAlgorithm: ECDSA,
+	},
+	{
+		Name: "BrainpoolP384r1",
+		Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B}),
+		Curve: brainpool.P384r1(),
+		CurveType: BrainpoolCurve,
+		SigAlgorithm: ECDSA,
+	},
+	{
+		Name: "BrainpoolP512r1",
+		Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D}),
+		Curve: brainpool.P512r1(),
+		CurveType: BrainpoolCurve,
+		SigAlgorithm: ECDSA,
+	},
+}
+
+func FindByCurve(curve elliptic.Curve) *CurveInfo {
+	for _, curveInfo := range curves {
+		if curveInfo.Curve == curve {
+			return &curveInfo
+		}
+	}
+	return nil
+}
+
+func FindByOid(oid encoding.Field) *CurveInfo {
+	var rawBytes = oid.Bytes()
+	for _, curveInfo := range curves {
+		if bytes.Equal(curveInfo.Oid.Bytes(), rawBytes) {
+			return &curveInfo
+		}
+	}
+	return nil
+}
+
+func FindByName(name string) *CurveInfo {
+	for _, curveInfo := range curves {
+		if curveInfo.Name == name {
+			return &curveInfo
+		}
+	}
+	return nil
+}

vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curveType.go

@@ -0,0 +1,10 @@
+package ecc
+
+type CurveType uint8
+
+const (
+    NISTCurve CurveType = 1
+	Curve25519 CurveType = 2
+	BitCurve CurveType = 3
+	BrainpoolCurve CurveType = 4
+)

vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/encoding.go

@@ -0,0 +1,27 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package encoding implements openpgp packet field encodings as specified in
+// RFC 4880 and 6637.
+package encoding
+
+import "io"
+
+// Field is an encoded field of an openpgp packet.
+type Field interface {
+	// Bytes returns the decoded data.
+	Bytes() []byte
+
+	// BitLength is the size in bits of the decoded data.
+	BitLength() uint16
+
+	// EncodedBytes returns the encoded data.
+	EncodedBytes() []byte
+
+	// EncodedLength is the size in bytes of the encoded data.
+	EncodedLength() uint16
+
+	// ReadFrom reads the next Field from r.
+	ReadFrom(r io.Reader) (int64, error)
+}

vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/mpi.go

@@ -0,0 +1,91 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package encoding
+
+import (
+	"io"
+	"math/big"
+	"math/bits"
+)
+
+// An MPI is used to store the contents of a big integer, along with the bit
+// length that was specified in the original input. This allows the MPI to be
+// reserialized exactly.
+type MPI struct {
+	bytes     []byte
+	bitLength uint16
+}
+
+// NewMPI returns a MPI initialized with bytes.
+func NewMPI(bytes []byte) *MPI {
+	for len(bytes) != 0 && bytes[0] == 0 {
+		bytes = bytes[1:]
+	}
+	if len(bytes) == 0 {
+		bitLength := uint16(0)
+		return &MPI{bytes, bitLength}
+	}
+	bitLength := 8*uint16(len(bytes)-1) + uint16(bits.Len8(bytes[0]))
+	return &MPI{bytes, bitLength}
+}
+
+// Bytes returns the decoded data.
+func (m *MPI) Bytes() []byte {
+	return m.bytes
+}
+
+// BitLength is the size in bits of the decoded data.
+func (m *MPI) BitLength() uint16 {
+	return m.bitLength
+}
+
+// EncodedBytes returns the encoded data.
+func (m *MPI) EncodedBytes() []byte {
+	return append([]byte{byte(m.bitLength >> 8), byte(m.bitLength)}, m.bytes...)
+}
+
+// EncodedLength is the size in bytes of the encoded data.
+func (m *MPI) EncodedLength() uint16 {
+	return uint16(2 + len(m.bytes))
+}
+
+// ReadFrom reads into m the next MPI from r.
+func (m *MPI) ReadFrom(r io.Reader) (int64, error) {
+	var buf [2]byte
+	n, err := io.ReadFull(r, buf[0:])
+	if err != nil {
+		if err == io.EOF {
+			err = io.ErrUnexpectedEOF
+		}
+		return int64(n), err
+	}
+
+	m.bitLength = uint16(buf[0])<<8 | uint16(buf[1])
+	m.bytes = make([]byte, (int(m.bitLength)+7)/8)
+
+	nn, err := io.ReadFull(r, m.bytes)
+	if err == io.EOF {
+		err = io.ErrUnexpectedEOF
+	}
+
+	// remove leading zero bytes from malformed GnuPG encoded MPIs:
+	// https://bugs.gnupg.org/gnupg/issue1853
+	// for _, b := range m.bytes {
+	// 	if b != 0 {
+	// 		break
+	// 	}
+	// 	m.bytes = m.bytes[1:]
+	// 	m.bitLength -= 8
+	// }
+
+	return int64(n) + int64(nn), err
+}
+
+// SetBig initializes m with the bits from n.
+func (m *MPI) SetBig(n *big.Int) *MPI {
+	m.bytes = n.Bytes()
+	m.bitLength = uint16(n.BitLen())
+	return m
+}

vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/oid.go

@@ -0,0 +1,88 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package encoding
+
+import (
+	"io"
+
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+// OID is used to store a variable-length field with a one-octet size
+// prefix. See https://tools.ietf.org/html/rfc6637#section-9.
+type OID struct {
+	bytes []byte
+}
+
+const (
+	// maxOID is the maximum number of bytes in a OID.
+	maxOID = 254
+	// reservedOIDLength1 and reservedOIDLength2 are OID lengths that the RFC
+	// specifies are reserved.
+	reservedOIDLength1 = 0
+	reservedOIDLength2 = 0xff
+)
+
+// NewOID returns a OID initialized with bytes.
+func NewOID(bytes []byte) *OID {
+	switch len(bytes) {
+	case reservedOIDLength1, reservedOIDLength2:
+		panic("encoding: NewOID argument length is reserved")
+	default:
+		if len(bytes) > maxOID {
+			panic("encoding: NewOID argment too large")
+		}
+	}
+
+	return &OID{
+		bytes: bytes,
+	}
+}
+
+// Bytes returns the decoded data.
+func (o *OID) Bytes() []byte {
+	return o.bytes
+}
+
+// BitLength is the size in bits of the decoded data.
+func (o *OID) BitLength() uint16 {
+	return uint16(len(o.bytes) * 8)
+}
+
+// EncodedBytes returns the encoded data.
+func (o *OID) EncodedBytes() []byte {
+	return append([]byte{byte(len(o.bytes))}, o.bytes...)
+}
+
+// EncodedLength is the size in bytes of the encoded data.
+func (o *OID) EncodedLength() uint16 {
+	return uint16(1 + len(o.bytes))
+}
+
+// ReadFrom reads into b the next OID from r.
+func (o *OID) ReadFrom(r io.Reader) (int64, error) {
+	var buf [1]byte
+	n, err := io.ReadFull(r, buf[:])
+	if err != nil {
+		if err == io.EOF {
+			err = io.ErrUnexpectedEOF
+		}
+		return int64(n), err
+	}
+
+	switch buf[0] {
+	case reservedOIDLength1, reservedOIDLength2:
+		return int64(n), errors.UnsupportedError("reserved for future extensions")
+	}
+
+	o.bytes = make([]byte, buf[0])
+
+	nn, err := io.ReadFull(r, o.bytes)
+	if err == io.EOF {
+		err = io.ErrUnexpectedEOF
+	}
+
+	return int64(n) + int64(nn), err
+}