[CI Run] ambex: Remove usage of md5

CHANGELOG.md

@@ -107,7 +107,10 @@ it will be removed; but as it won't be user-visible this isn't considered a brea
   instead of the Mapping name, which could reduce the cache's effectiveness. This has been fixed so
   that the correct key is used. ([Incorrect Cache Key for Mapping])
 
+- Change: Ambex now uses xxhash64 instead of md5 for hashing. ([ambex: Remove usage of md5])
+
 [Incorrect Cache Key for Mapping]: https://github.com/emissary-ingress/emissary/issues/5714
+[ambex: Remove usage of md5]: https://github.com/emissary-ingress/emissary/pull/5794
 
 ## [3.9.0] November 13, 2023
 [3.9.0]: https://github.com/emissary-ingress/emissary/compare/v3.8.0...v3.9.0

DEPENDENCIES.md

@@ -180,34 +180,34 @@ following Free and Open Source software:
 The Emissary-ingress Python code makes use of the following Free and Open Source
 libraries:
 
-    Name                Version   License(s)
-    ----                -------   ----------
-    Cython              0.29.37   Apache License 2.0
-    Flask               3.0.3     3-clause BSD license
-    Jinja2              3.1.4     3-clause BSD license
-    MarkupSafe          2.1.5     3-clause BSD license
-    PyYAML              6.0.1     MIT license
-    Werkzeug            3.0.3     3-clause BSD license
-    blinker             1.8.2     MIT license
-    build               1.2.1     MIT license
-    certifi             2024.2.2  Mozilla Public License 2.0
-    charset-normalizer  3.3.2     MIT license
-    click               8.1.7     3-clause BSD license
-    durationpy          0.6       MIT license
-    expiringdict        1.2.2     Apache License 2.0
-    gunicorn            22.0.0    MIT license
-    idna                3.7       3-clause BSD license
-    itsdangerous        2.2.0     3-clause BSD license
-    jsonpatch           1.33      3-clause BSD license
-    jsonpointer         2.4       3-clause BSD license
-    orjson              3.10.3    Apache License 2.0, MIT license
-    packaging           23.1      2-clause BSD license, Apache License 2.0
-    pip-tools           7.3.0     3-clause BSD license
-    prometheus_client   0.20.0    Apache License 2.0
-    pyparsing           3.0.9     MIT license
-    pyproject_hooks     1.1.0     MIT license
-    python-json-logger  2.0.7     2-clause BSD license
-    requests            2.31.0    Apache License 2.0
-    semantic-version    2.10.0    2-clause BSD license
-    typing_extensions   4.11.0    Python Software Foundation license
-    urllib3             2.2.1     MIT license
+    Name                Version      License(s)
+    ----                -------      ----------
+    Cython              0.29.37      Apache License 2.0
+    Flask               3.0.3        3-clause BSD license
+    Jinja2              3.1.4        3-clause BSD license
+    MarkupSafe          2.1.5        3-clause BSD license
+    PyYAML              6.0.1        MIT license
+    Werkzeug            3.0.3        3-clause BSD license
+    blinker             1.8.2        MIT license
+    build               1.2.2.post1  MIT license
+    certifi             2024.2.2     Mozilla Public License 2.0
+    charset-normalizer  3.3.2        MIT license
+    click               8.1.7        3-clause BSD license
+    durationpy          0.6          MIT license
+    expiringdict        1.2.2        Apache License 2.0
+    gunicorn            22.0.0       MIT license
+    idna                3.7          3-clause BSD license
+    itsdangerous        2.2.0        3-clause BSD license
+    jsonpatch           1.33         3-clause BSD license
+    jsonpointer         2.4          3-clause BSD license
+    orjson              3.10.3       Apache License 2.0, MIT license
+    packaging           23.1         2-clause BSD license, Apache License 2.0
+    pip-tools           7.3.0        3-clause BSD license
+    prometheus_client   0.20.0       Apache License 2.0
+    pyparsing           3.0.9        MIT license
+    pyproject_hooks     1.2.0        MIT license
+    python-json-logger  2.0.7        2-clause BSD license
+    requests            2.31.0       Apache License 2.0
+    semantic-version    2.10.0       2-clause BSD license
+    typing_extensions   4.11.0       Python Software Foundation license
+    urllib3             2.2.1        MIT license

docs/releaseNotes.yml

@@ -68,6 +68,14 @@ items:
           - title: "Incorrect Cache Key for Mapping"
             link: https://github.com/emissary-ingress/emissary/issues/5714
 
+      - title: Changed Ambex suffix hashing algorithm
+        type: change
+        body: >-
+          Ambex now uses xxhash64 instead of md5 for hashing.
+        github:
+          - title: "ambex: Remove usage of md5"
+            link: https://github.com/emissary-ingress/emissary/pull/5794
+
   - version: 3.9.0
     prevVersion: 3.8.0
     date: '2023-11-13'

go.mod

@@ -83,6 +83,7 @@ require (
 	github.com/Masterminds/sprig v2.22.0+incompatible
 	github.com/cenkalti/backoff/v4 v4.2.1
 	github.com/census-instrumentation/opencensus-proto v0.4.1
+	github.com/cespare/xxhash/v2 v2.2.0
 	github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4
 	github.com/datawire/dlib v1.3.1
 	github.com/datawire/dtest v0.0.0-20210928162311-722b199c4c2f
@@ -146,7 +147,6 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect

pkg/ambex/transforms.go

@@ -3,12 +3,12 @@ package ambex
 import (
 	// standard library
 	"context"
-	"crypto/md5"
-	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"strconv"
 
 	// third-party libraries
+	"github.com/cespare/xxhash/v2"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/anypb"
 
@@ -146,9 +146,12 @@ func V3ListenerToRdsListener(lnr *v3listener.Listener) (*v3listener.Listener, []
 						// associated with a given listener.
 						filterChainMatch, _ := json.Marshal(fc.GetFilterChainMatch())
 
-						// Use MD5 because it's decently fast and cryptographic security isn't needed.
-						matchHash := md5.Sum(filterChainMatch)
-						matchKey := hex.EncodeToString(matchHash[:])
+						// Use xxhash64 because it's decently fast and cryptographic security isn't needed.
+						h := xxhash.New()
+						if _, err := h.Write(filterChainMatch); err != nil {
+							return nil, nil, fmt.Errorf("xxhash write error: %w", err)
+						}
+						matchKey := strconv.FormatUint(h.Sum64(), 16)
 
 						rc.Name = fmt.Sprintf("%s-routeconfig-%s-%d", l.Name, matchKey, matchKeyIndex[matchKey])
 

pkg/ambex/transforms_test.go

@@ -78,7 +78,7 @@ func TestV3ListenerToRdsListener(t *testing.T) {
 
 	for i, rc := range routes {
 		// Confirm that the route name was transformed to the hashed version
-		assert.Equal(t, fmt.Sprintf("emissary-ingress-listener-8080-routeconfig-8c82e45fa3f94ab4e879543e0a1a30ac-%d", i), rc.GetName())
+		assert.Equal(t, fmt.Sprintf("emissary-ingress-listener-8080-routeconfig-29865f40cbcf32dc-%d", i), rc.GetName())
 
 		// Make sure the virtual hosts are unmodified
 		virtualHosts := rc.GetVirtualHosts()

tools/src/py-mkopensource/main.go

@@ -34,7 +34,7 @@ func parseLicenses(name, version, license string) map[License]struct{} {
 		// that a human has to go make sure that the license didn't
 		// change when upgrading.
 		{"blinker", "1.8.2", ""}:                       {MIT},
-		{"build", "1.2.1", ""}:                         {MIT},
+		{"build", "1.2.2.post1", ""}:                   {MIT},
 		{"CacheControl", "0.12.6", "UNKNOWN"}:          {Apache2},
 		{"CacheControl", "0.12.10", "UNKNOWN"}:         {Apache2},
 		{"Click", "7.0", "BSD"}:                        {BSD3},
@@ -62,7 +62,7 @@ func parseLicenses(name, version, license string) map[License]struct{} {
 		{"pyasn1-modules", "0.3.0", "BSD"}:             {BSD2},
 		{"pycparser", "2.20", "BSD"}:                   {BSD3},
 		{"pyparsing", "3.0.9", ""}:                     {MIT},
-		{"pyproject_hooks", "1.1.0", ""}:               {MIT},
+		{"pyproject_hooks", "1.2.0", ""}:               {MIT},
 		{"python-dateutil", "2.8.1", "Dual License"}:   {BSD3, Apache2},
 		{"python-dateutil", "2.8.2", "Dual License"}:   {BSD3, Apache2},
 		{"python-json-logger", "2.0.7", "BSD"}:         {BSD2},