fix(container): update image ghcr.io/crowdsecurity/crowdsec to v1.7.7

[roybatty-bot]

This PR contains the following updates:

Package	Update	Change
ghcr.io/crowdsecurity/crowdsec	patch	v1.7.6 → v1.7.7

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

crowdsecurity/crowdsec (ghcr.io/crowdsecurity/crowdsec)

v1.7.7

Compare Source

CrowdSec 1.7.7 brings 2 major changes:

• On linux, RE2 is now used by default for evaluating regexp in parsers
• WAF rules can now contain a mix of AND/OR conditions without any limits, giving much greater flexibility when writing new rules

RE2 by default on linux

CrowdsSec has supported for a long time using RE2 as the regexp engine, and with this release we make it the default.

CrowdSec has always used the builtin Go regexp package, which is a Go reimplementation of the RE2 library, but with known performance limitations.

The switch to RE2 will bring significantly increased regexp performance (one of the most critical part of CrowdSec) at the cost of slightly longer regexp compilation and higher baseline memory usage.

[!IMPORTANT]
If you encounter any issues with the new regexp engine, you can fallback to the previous Go implementation by setting the feature flag re2_disable_grok_support (see the documentation).

Other changes

Other notable changes include:

• a new kind attribute for alerts used to identify its source (a scenario, a WAF rule, a manual decision creation, ...)
• a new cscli allowlist import command
• support for the HTTP_PROXY environment variable in the notification-http plugin
• A resource leak under high load was fixed

Full changelog

New Features

• add LookupFile and FileMap expr helpers (#​4372) @​buixor
• waf rules: allow arbitrary mix of AND and OR conditions (#​4358) @​blotus

Improvements

• enable RE2 support by default on linux (#​4386) @​blotus
• cscli allowlists: add import command (#​4378) @​blotus
• WAF: expose more transformations from coraza (#​4140) @​blotus
• Add new kind alert attribute (#​4351) @​blotus
• Use environment proxy settings for notification-http (#​4364) @​op3

Bug Fixes

• allowlists: apply items to existing decisions in batch (#​4095) @​blotus
• waf: fix tests for modsec rules generation (#​4385) @​blotus
• windows: add file notification plugin in MSI package (#​4367) @​blotus
• leakroutine: call cancel after leakroutine returns (#​4369) @​blotus
• notification-sentinel: lower-case x-ms-date header for correct HMAC (#​4288) @​ebirn
• tests: remove temporary sqlite/plugin files from /tmp/ (#​4332) @​mmetc
• pkg/apiserver: fix scenario count in debug log (#​4333) @​mmetc
• pkg/csplugin: prevent race condition, deadlock (#​4294) @​mmetc
• pkg/acquisitioncontext: minimal fix for data race in tests (#​4327) @​mmetc
• acquisition/file: minimal fix for data race in tests (#​4326) @​mmetc
• fix lint fsutil/freebsd: unnecessary conversion (#​4324) @​mmetc
• cscli: consistent status and usage message for unknown subcommands (#​4320) @​mmetc
• cscli detect: set log type for caddy unit to "syslog" (#​4321) @​mmetc
• CI: add published_at to version.crowdsec.net/latest (#​4291) @​blotus
• cmd/crowdsec: assign overflow after parsing (#​4226) @​mmetc
• waf: format as CRS match only if anomaly score is not 0 (#​4230) @​blotus

Changes

• build(deps): bump cryptography from 46.0.3 to 46.0.5 in /build/docker/test (#​4298) @​dependabot[bot]
• support for waf- alias in cscli (#​4347) @​buixor
• refact pkg/dumps: reduce complexity (#​4209) @​mmetc
• lint: refact pkg/dumps for nilaway (#​4208) @​mmetc
• refact pkg/parser: redundant indirection (#​4344) @​mmetc
• refact pkg/parser: extract+embed NodeConfig in Node struct (#​4343) @​mmetc
• move calls to trace.ReportPanic() on top of goroutines (#​4338) @​mmetc
• pkg/csplugin: simplify notification loop; noop with empty queue (#​4328) @​mmetc
• pkg/parsers: light refact, remove redundant code (#​4213) @​mmetc
• refact cmd/crowdsec: encapsulate cache into alertBuffer (#​4300) @​mmetc
• cmd/notification-*: don't provide the same context twice for request (#​4316) @​mmetc
• don't flush 127.0.0.1 (#​4315) @​sabban
• clipapi: replace tomb with errgroup (#​4207) @​mmetc
• refact cmd/crowdsec: remove redundant global variable (#​4299) @​mmetc
• refact: remove unused code in crowdsec-cli, apiserver, acquisition, database (#​4304) @​mmetc
• refact pkg/leakybucket: trim down redundant Leaky struct fields (#​4290) @​mmetc
• pkg/leakybucket: remove global bucketStore, unused parameters + tags (#​4286) @​mmetc
• pkg/leakybucket: remove Simulated field from Leaky, keep it in config (#​4285) @​mmetc
• pkg/leakybucket: extract BucketSpec from BucketFactory (#​4284) @​mmetc
• refact pkg/leakybucket: extract methods from LoadBucket() part 2 (#​4282) @​mmetc
• pkg/leakybucket: refact test loop, more explicit failures in testFile() (#​4281) @​mmetc
• refact pkg/leakybucket: extract methods from LoadBucket() (#​4279) @​mmetc
• pkg/leakybucket: replace Signal chan with explicit read/done chans (#​4277) @​mmetc
• pkg/leakybucket: replace waitgroups with single rwlock (#​4276) @​mmetc
• pkg/leakybucket: garbage collect: compare float with epsilon (#​4275) @​mmetc
• pkg/leakybucket: refactor tests (#​4272) @​mmetc
• pkg/leakybucket: replace sycn.Map with map + mutex (#​4271) @​mmetc
• pkg/leakybucket: replace global counter with call to bucket store (#​4273) @​mmetc
• pkg/leakybucket: review README.md (#​4274) @​mmetc
• pkg/leakybucket: encapsulate store map + add methods (#​4253) @​mmetc
• pkg/leakybucket: remove redundant bool var (#​4252) @​mmetc
• fix hub console side (#​4266) @​sabban
• version workflow fix (#​4262) @​sabban
• rename the prod branch to main (#​4261) @​sabban
• add version workflow (#​4210) @​sabban
• pkg/leakybucket: remove unused global (#​4251) @​mmetc
• pkg/leakybucket: pass bucket factories by pointer (#​4250) @​mmetc
• pkt/leakybucket: compileScopeFilter() -> ScopeType.CompileFilter() (#​4247) @​mmetc
• pkg/leakybucket: rename OverflowFilter -> OverflowProcessor (#​4248) @​mmetc
• pkg/leakybucket: rename Buckets -> BucketStore (#​4246) @​mmetc
• refact leaky bayesian: method to function, unlock w/defer (#​4242) @​mmetc
• pkg/leakybucket: early return (#​4244) @​mmetc
• pkg/leakybucket: variable shorthand (#​4245) @​mmetc
• pkg/leakybucket: move LeakRoutine to method, rename parameters (#​4243) @​mmetc
• pkg/leakybucket: review bucket validation and tests (#​4241) @​mmetc
• refact: remove unnecessary pointers to map, string, mutex (#​4212) @​mmetc
• pkg/leakybucket: function to method BucketFactory.LoadBucket() (#​4229) @​mmetc
• pkg/leakybucket: BucketType interface, method BucketFactory.Validate() (#​4228) @​mmetc

Chore / Deps

• build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 (#​4382) @​dependabot[bot]
• CI: use windows-2025 image (#​4379) @​blotus
• build(deps): bump github/codeql-action from 4.32.6 to 4.33.0 (#​4371) @​dependabot[bot]
• build(deps): bump astral-sh/setup-uv from 7.5.0 to 7.6.0 (#​4373) @​dependabot[bot]
• build(deps): bump google.golang.org/grpc from 1.74.2 to 1.79.3 (#​4376) @​dependabot[bot]
• build(deps): bump astral-sh/setup-uv from 7.3.1 to 7.5.0 (#​4366) @​dependabot[bot]
• build(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#​4319) @​dependabot[bot]
• build(deps): bump github/codeql-action from 4.32.5 to 4.32.6 (#​4360) @​dependabot[bot]
• build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#​4361) @​dependabot[bot]
• build(deps): bump release-drafter/release-drafter from 6.2.0 to 6.4.0 (#​4362) @​dependabot[bot]
• build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#​4356) @​dependabot[bot]
• build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#​4353) @​dependabot[bot]
• build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#​4352) @​dependabot[bot]
• build(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#​4354) @​dependabot[bot]
• deps: update actions and golangci-lint (#​4348) @​mmetc
• build(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (#​4345) @​dependabot[bot]
• build(deps): bump astral-sh/setup-uv from 7.3.0 to 7.3.1 (#​4346) @​dependabot[bot]
• build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 (#​4339) @​dependabot[bot]
• build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#​4342) @​dependabot[bot]
• replace trace.CatchPanic(...) with trace.ReportPanic() (#​4336) @​mmetc
• build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 (#​4322) @​dependabot[bot]
• deps: update gocron v1 -> v2 (#​4317) @​mmetc
• build(deps): bump docker/build-push-action from 6.19.0 to 6.19.2 (#​4306) @​dependabot[bot]
• build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 (#​4312) @​dependabot[bot]
• build(deps): bump github/codeql-action from 4.32.1 to 4.32.2 (#​4292) @​dependabot[bot]
• update golangci-lint 2.9 (#​4302) @​mmetc
• build(deps): bump astral-sh/setup-uv from 7.2.1 to 7.3.0 (#​4296) @​dependabot[bot]
• build(deps): bump docker/build-push-action from 6.18.0 to 6.19.0 (#​4303) @​dependabot[bot]
• build(deps): bump github/codeql-action from 4.32.0 to 4.32.1 (#​4278) @​dependabot[bot]
• build(deps): bump actions/setup-node from 4.4.0 to 6.2.0 (#​4264) @​dependabot[bot]
• CI: update python and dependencies (#​4249) @​mmetc
• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#​4263) @​dependabot[bot]
• build(deps): bump astral-sh/setup-uv from 7.2.0 to 7.2.1 (#​4265) @​dependabot[bot]
• build(deps): bump docker/login-action from 3.6.0 to 3.7.0 (#​4257) @​dependabot[bot]
• build(deps): bump github/codeql-action from 4.31.11 to 4.32.0 (#​4254) @​dependabot[bot]
• build(deps): bump github/codeql-action from 4.31.10 to 4.31.11 (#​4233) @​dependabot[bot]
• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#​4234) @​dependabot[bot]
• build(deps): bump release-drafter/release-drafter from 6.1.0 to 6.2.0 (#​4222) @​dependabot[bot]
• build(deps): bump actions/setup-python from 6.1.0 to 6.2.0 (#​4223) @​dependabot[bot]

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[roybatty-bot]

Path: cluster/apps/security/crowdsec/app/helm-release.yaml

@@ -10,8 +10,8 @@
 version: v1
 type: Opaque
 data:
- csLapiSecret: WSsveG1HdWYgd2NlISpAK3YoOmE4L3dVPGIxVl1gM05dOVAwXyx9dShpcj5KbzJvdG84USllVXFZXmFkJjE9SA==
- registrationToken: YzN2R2dSSklPajJQMm9Ea2ZmOUJXczZSWE8zNUpraDN6VVJoZHFHa3JyajZuRVFl
+ csLapiSecret: XmUsPyR7LyJtIDhyQWBpQC84cz58a0FSayRWKndCLi5HfmAuPTwwZTsrJCwkIDdlTUxCdFhOMTh2XiRfPTJbOg==
+ registrationToken: NzRzQ1lVTER1ejM5M0E4OGRrOU5nU1NQQVRzeDdkWjF6SDluc283SjZiNzdGQ1hQ
 ---
 # Source: crowdsec/templates/acquis-configmap.yaml
 apiVersion: v1
@@ -493,7 +493,7 @@
 spec:
 initContainers:
 - name: wait-for-lapi-and-register
- image: "ghcr.io/crowdsecurity/crowdsec:v1.7.6"
+ image: "ghcr.io/crowdsecurity/crowdsec:v1.7.7"
 imagePullPolicy: IfNotPresent
 command: ['sh', '-c', 'until nc "$LAPI_HOST" "$LAPI_PORT" -z; do echo waiting for lapi to start; sleep 5; done; ln -s /staging/etc/crowdsec /etc/crowdsec && cscli lapi register --machine "$USERNAME" -u "$LAPI_URL" --token "$REGISTRATION_TOKEN" && cp /etc/crowdsec/local_api_credentials.yaml /tmp_config/local_api_credentials.yaml']
 resources:
@@ -526,7 +526,7 @@
 value: "8080"
 containers:
 - name: crowdsec-agent
- image: "ghcr.io/crowdsecurity/crowdsec:v1.7.6"
+ image: "ghcr.io/crowdsecurity/crowdsec:v1.7.7"
 imagePullPolicy: IfNotPresent
 command: ['sh', '-c', 'cp /tmp_config/local_api_credentials.yaml /staging/etc/crowdsec/local_api_credentials.yaml && mv -n /staging/etc/crowdsec/* /etc/crowdsec_data/ && rm -rf /staging/etc/crowdsec && ln -s /etc/crowdsec_data /etc/crowdsec && ./docker_start.sh']
 env:
@@ -616,7 +616,7 @@
 template:
 metadata:
 annotations:
- checksum/lapi-secret: 144d9eaf3c65c3fbd570d815b5f9f3045fd04d4b90bf18382c17f85540935bae
+ checksum/lapi-secret: 4a541dfc08c27d68a066d8aed5e08ab48d39009287c7010a6a2bf64189cea838
 checksum/lapi-configmap: fb931458352e77a792e597dd3ee4409d4c62939d87c1b75448226a73aaafc4a6
 labels:
 k8s-app: crowdsec
@@ -625,7 +625,7 @@
 spec:
 containers:
 - name: crowdsec-lapi
- image: "ghcr.io/crowdsecurity/crowdsec:v1.7.6"
+ image: "ghcr.io/crowdsecurity/crowdsec:v1.7.7"
 imagePullPolicy: IfNotPresent
 env:
 - name: LOCAL_API_URL

[github-actions]

KICS version: v2.1.20

Category Results CRITICAL 0 HIGH 52 MEDIUM 91 LOW 146 INFO 21 TRACE 0 TOTAL 310	Metric Values Files scanned 190 Files parsed 190 Files failed to scan 0 Total executed queries 142 Queries failed to execute 0 Execution time 8

[roybatty-bot]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ REPOSITORY	git_diff	yes		no	no	0.25s
✅ REPOSITORY	secretlint	yes		no	no	1.32s
⚠️ YAML	prettier	1		1	2	0.44s
✅ YAML	yamllint	1		0	0	0.65s

Detailed Issues

⚠️ YAML / prettier - 1 error

Checking formatting...
[warn] cluster/apps/security/crowdsec/app/helm-release.yaml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository