chore: update justfile and reuseableci

Signed-off-by: Josef Andersson <josef.andersson@digg.se>

Author: janderssonse

.github/workflows/openssf-scorecard.yml

@@ -21,6 +21,6 @@ jobs:
       contents: read
       security-events: write
       id-token: write
-    uses: diggsweden/reusable-ci/.github/workflows/security-openssf-scorecard.yml@02decc6526ebd8994da90b923974e59e1cc9c22e # v2.3.8
+    uses: diggsweden/reusable-ci/.github/workflows/security-openssf-scorecard.yml@e29145e720cef0b86ef147c72c2d001b5ac6c8b9 # v2.4.2
     with:
       publish-results: true

.github/workflows/pullrequest-workflow.yml

@@ -13,7 +13,7 @@ permissions:
 
 jobs:
   pr-checks:
-    uses: diggsweden/reusable-ci/.github/workflows/pullrequest-orchestrator.yml@02decc6526ebd8994da90b923974e59e1cc9c22e # v2.3.8
+    uses: diggsweden/reusable-ci/.github/workflows/pullrequest-orchestrator.yml@e29145e720cef0b86ef147c72c2d001b5ac6c8b9 # v2.4.2
     secrets: inherit # Pass org-level secrets (for private dependencies if any)
     permissions:
       contents: read # Clone repository and read source code

.github/workflows/release-workflow.yml

@@ -22,7 +22,7 @@ permissions:
 
 jobs:
   release:
-    uses: diggsweden/reusable-ci/.github/workflows/release-orchestrator.yml@02decc6526ebd8994da90b923974e59e1cc9c22e # v2.3.8
+    uses: diggsweden/reusable-ci/.github/workflows/release-orchestrator.yml@e29145e720cef0b86ef147c72c2d001b5ac6c8b9 # v2.4.2
     permissions:
       contents: write # Create GitHub releases and tags
       packages: write # Publish to GitHub Packages (backup)

.gitleaks.toml

@@ -12,8 +12,6 @@ useDefault = true
 [allowlist]
 description = "Ignore test files with example passwords and test vectors"
 paths = [
-  # Test file with example password "sdflkj098234sdf-" (not a real secret)
-  '''src/test/java/se/digg/crypto/opaque/crypto/impl/SimplifiedOpaqueCurveTest\.java''',
-  # Test vectors file with cryptographic test data (standard OPAQUE test vectors from RFC)
-  '''src/test/resources/opaque-test-vectors\.json'''
+  '''src/test/.*''',
+  '''.*test.*'''
 ]

.mise.toml

@@ -2,27 +2,28 @@
 #
 # SPDX-License-Identifier: CC0-1.0
 
-# Tool versions for mise (https://mise.jdx.dev/)
-# Install all tools: mise install
-# Activate in shell: eval "$(mise activate bash)"
-
 [settings]
 experimental = true
-paranoid = true      # Enable strict security checks and verification
+paranoid = true
 
-[tools]
+[env]
+HTTP_PROXY = "{{ get_env(name='HTTP_PROXY', default='') }}"
+HTTPS_PROXY = "{{ get_env(name='HTTPS_PROXY', default='') }}"
+NO_PROXY = "{{ get_env(name='NO_PROXY', default='') }}"
+http_proxy = "{{ get_env(name='http_proxy', default='') }}"
+https_proxy = "{{ get_env(name='https_proxy', default='') }}"
+no_proxy = "{{ get_env(name='no_proxy', default='') }}"
+PIP_INDEX_URL = "{{ get_env(name='PIP_INDEX_URL', default='') }}"
 
-# Task runner
+[tools]
+java = "temurin-21"
+maven = "3.9"
 "aqua:casey/just" = "1.43.0"
-
-# Linters
-"aqua:rhysd/actionlint" = "v1.7.8"           # GitHub Actions linter
-"aqua:koalaman/shellcheck" = "v0.10.0"       # Shell script linter  
-"aqua:mvdan/sh" = "v3.10.0"                  # Shell formatter (shfmt)
-"ubi:rvben/rumdl" = "v0.0.162"               # Markdown linter
-"aqua:google/yamlfmt" = "v0.19.0"            # YAML formatter
-"aqua:zricethezav/gitleaks" = "v8.28.0"      # Secret scanner
-"aqua:siderolabs/conform" = "v0.1.0-alpha.30" # Commit linter
-
-# License compliance (can also use pip install reuse)
-# For now using container for REUSE as it's already in justfile
+"aqua:rhysd/actionlint" = "v1.7.8"
+"aqua:siderolabs/conform" = "v0.1.0-alpha.30"
+"aqua:zricethezav/gitleaks" = "v8.29.1"
+"ubi:rvben/rumdl" = "v0.0.173"
+"aqua:koalaman/shellcheck" = "v0.11.0"
+"aqua:mvdan/sh" = "v3.12.0"
+"aqua:google/yamlfmt" = "v0.20.0"
+"pipx:reuse" = "6.2.0"

README.md

@@ -117,7 +117,7 @@ The following protocol changes are made to the OPRF function:
 
 Blind evaluate calculation is updated to:
 
-> blindEvalueate = Ppw *b* rs [* ks ]
+> blindEvalueate = Ppw *b* rs \[* ks \]
 
 Where `Ppw` is the password point derived from G.HashToGroup(password), `b`
 is the blind `rs` is the derived OPRF private key (as defined in OPAQUE)