Merge branch 'mandiant:main' into main

Author: jkcoxson

.changes/v0.4.2.md

@@ -0,0 +1,3 @@
+## v0.4.1 - 2025-10-12
+### Changed
+* Sort tracev3 files before parsing

.changes/v0.5.0.md

@@ -0,0 +1,6 @@
+## v0.5.0 - 2026-02-01
+### Changed
+* Updated dependencies
+* Updates for example binary
+### Fixed
+* Better handling of accessing UUID arrays

.github/workflows/audit.yml

@@ -6,8 +6,12 @@ on:
       - "**/Cargo.lock"
   schedule:
     - cron: "0 0 * * *"
+
+permissions: {}
+
 jobs:
   security_audit:
+    name: Cargo Audit
     strategy:
       fail-fast: false
       matrix:
@@ -18,12 +22,15 @@ jobs:
               cross: false,
             }
     runs-on: ${{ matrix.info.os }}
+    permissions: 
+      issues: write # Open issue if impacted by a new cargo audit result
+      contents: read
     steps:
-      - uses: actions/checkout@v4
-      - run: rustup update
-      - name: Generate Cargo.lock
-        run: cargo generate-lockfile
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5
+        with:
+          persist-credentials: false
       - name: Run audit action to view any security issues
-        uses: rustsec/audit-check@v2
+        uses: actions-rust-lang/audit@410bbe6de17ca06c0a60070cca18c88b485ca5a1 #v1.2.6
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.github/workflows/cross-release.yml

@@ -1,15 +1,15 @@
 name: Cross Release Example Binary
 
-permissions:
-  contents: write
-
 on:
   push:
     tags:
       - v[0-9]+.*
 
+permissions: {}
+
 jobs:
-  upload-release-cross:
+  build:
+    name: Release example binary via Cross
     strategy:
       matrix:
         info:
@@ -18,12 +18,17 @@ jobs:
           - os: "ubuntu-latest"
             target:  "x86_64-unknown-linux-musl"
     runs-on: ${{ matrix.info.os }}
+    permissions:
+      contents: write # Used to publish releases
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5
+        with:
+          persist-credentials: false
       - name: Setup Stable Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 #v2025.09.23
         with:
           components: clippy, rustfmt
+          toolchain: stable
       - name: Setup Cross
         run: cargo install cross --git https://github.com/cross-rs/cross
 
@@ -39,7 +44,7 @@ jobs:
         run: .github/scripts/package.sh
 
       - name: Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 #v2.3.3
         with:
           files: "unifiedlog_iterator*"
           name: "${{ vars.GITHUB_REF_NAME }} - Released!"

.github/workflows/deny.yml

@@ -1,8 +1,16 @@
 name: Cargo Deny Check
 on: [pull_request]
+
+permissions: {}
+
 jobs:
   cargo-deny:
+    name: Run cargo deny checks
     runs-on: ubuntu-22.04
+    permissions: 
+      contents: read
     steps:
-      - uses: actions/checkout@v4
-      - uses: EmbarkStudios/cargo-deny-action@v2
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5
+        with:
+          persist-credentials: false
+      - uses: EmbarkStudios/cargo-deny-action@76cd80eb775d7bbbd2d80292136d74d39e1b4918 #v2.0.14

.github/workflows/publish.yml

@@ -4,14 +4,23 @@ on:
       - v[0-9]+.*
 
 name: Publish
+permissions: {}
 
 jobs:
   crates_publish:
     name: Publish (crates.io)
     runs-on: ubuntu-latest
+    permissions: 
+      contents: read
     steps:
-      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5
+        with:
+          persist-credentials: false
+      - name: Setup Stable Rust toolchain
+        uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 #v2025.09.23
+        with:
+          components: clippy, rustfmt
+          toolchain: stable
 
       - name: Logon to Crates
         run: cargo login ${{ secrets.CRATES_IO_API_TOKEN }}

.github/workflows/pullrequest.yml

@@ -8,30 +8,35 @@ on:
 env:
   CARGO_TERM_COLOR: always
 
+permissions: {}
+
 jobs:
   build:
+    name: "Build and Run tests"
     strategy:
       fail-fast: false
       matrix:
         info:
-          - os: "macOS-13"
+          - os: "macos-latest"
             target: "x86_64-apple-darwin"
-          - os: "macOS-latest"
+          - os: "macos-latest"
             target: "aarch64-apple-darwin"
     runs-on: ${{ matrix.info.os }}
+    permissions: 
+      contents: read
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5
         with:
-          submodules: recursive
+          persist-credentials: false
       - name: Set up Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 #v2025.09.23
         with:
+          components: clippy, rustfmt
           toolchain: stable
-          components: rustfmt, clippy
           targets: ${{ matrix.info.target }}
 
       - name: Enable Rust cache
-        uses: Swatinem/rust-cache@v2.7.3
+        uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 #v2.8.1
         with:
           save-if: false
       - name: Fmt Check

.github/workflows/release.yml

@@ -1,15 +1,15 @@
 name: Release Example Binary
 
-permissions:
-  contents: write
-
 on:
   push:
     tags:
       - v[0-9]+.*
 
+permissions: {}
+
 jobs:
-  upload-release:
+  build:
+    name: Release example binary
     strategy:
       matrix:
         info:
@@ -22,16 +22,19 @@ jobs:
           - os: "ubuntu-latest"
             target: "x86_64-unknown-linux-gnu"
     runs-on: ${{ matrix.info.os }}
+    permissions: 
+      contents: write # Used to publish releases
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5
         with:
-          submodules: recursive
+          persist-credentials: false
 
       - name: Setup Stable Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 #v2025.09.23
         with:
-          targets: ${{ matrix.info.target }}
           components: clippy, rustfmt
+          toolchain: stable
+          targets: ${{ matrix.info.target }}
 
       - name: Build Example
         run: cd examples && cargo build --release --target ${{ matrix.info.target }}
@@ -44,7 +47,7 @@ jobs:
         run: .github/scripts/package.sh
 
       - name: Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 #v2.3.3
         with:
           files: "unifiedlog_iterator*"
           name: "${{ vars.GITHUB_REF_NAME }} - Released!"

CHANGELOG.md

@@ -6,6 +6,17 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html),
 and is generated by [Changie](https://github.com/miniscruff/changie).
 
 
+## v0.5.0 - 2026-02-01
+### Changed
+* Updated dependencies
+* Updates for example binary
+### Fixed
+* Better handling of accessing UUID arrays
+
+## v0.4.1 - 2025-10-12
+### Changed
+* Sort tracev3 files before parsing
+
 ## v0.4.0 - 2025-08-09
 ### Added
 * Support for 32 bit systems

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "macos-unifiedlogs"
-version = "0.4.0"
+version = "0.5.0"
 edition = "2024"
 license = "Apache-2.0"
 repository = "https://github.com/mandiant/macos-unifiedlogs"
@@ -11,21 +11,21 @@ keywords = ["forensics", "macOS", "unifiedlog"]
 
 [dependencies]
 nom = "8.0.0"
-serde_json = "1.0.145"
+serde_json = "1.0.149"
 serde = { version = "1.0.228", features = ["derive"] }
-log = "0.4.28"
-lz4_flex = "0.11.5"
+log = "0.4.29"
+lz4_flex = "0.12.0"
 byteorder = "1.5.0"
 plist = "1.8.0"
-regex = "1.11.3"
+regex = "1.12.2"
 base64 = "0.22.1"
-chrono = "0.4.42"
+chrono = "0.4.43"
 walkdir = "2.5.0"
-sunlight = "0.1.1"
+sunlight = "0.1.4"
 
 [dev-dependencies]
-chrono = "0.4.42"
-criterion = "0.7.0"
+chrono = "0.4.43"
+criterion = "0.8.1"
 anyhow = "1.0.100"
 test-case = "3.3"