Release v0.9.0

[antonok-edm]

Includes:

Procedural filtering

This is the major update everyone's been waiting for.

• :style(), :remove(), :remove-attr(), and :remove-class() storage has been unified into a single filter bin as a prerequisite, since these actions can also occur on procedural filters.
• these filters are now passed directly to in-page JS as objects serialized to JSON strings. JSON is a pragmatic choice here since there are relatively few of these filters and they will be handled directly by JS anyways.
• serde_json is no longer an optional dependency since adblock-rust must be able to serialize these filter types to JSON.
• this requires a breaking change; in-page JS code must be updated accordingly to handle the JSON-ified filters.
• check the ProceduralOrActionFilter type for further documentation.

Scriptlet dependencies

• fn/javascript mimetypes for resources can now be parsed and added to the engine.
• in order to benefit from the code-sharing of dependencies between scriptlet invokations, scriptlets are now fetched in batches rather than one-by-one.

API cleanup

Since this is a breaking release, there are a couple of other minor breaking API changes in the form of functionality made private and/or removed.

These were unlikely to be useful to others in the first place.

[github-actions]

[puLL-Merge] - brave/adblock-rust@388

Description

This PR makes significant changes to the adblock-rust library, updating it from version 0.8.12 to 0.9.0. The main changes include improvements in handling cosmetic filters, scriptlet resources, and procedural operators. The PR also includes various refactoring and code cleanup efforts.

Possible Issues

1. The changes to cosmetic filter handling may cause compatibility issues with existing implementations that rely on the previous behavior.
2. The new scriptlet resource handling system might have edge cases that haven't been fully tested yet.

Security Hotspots

1. The changes in scriptlet resource handling (src/resources/resource_storage.rs) introduce more complex dependency resolution. This could potentially be exploited if malicious resources are somehow injected into the system.

Changes

Changes

1. Cargo.toml and Cargo.lock:

   • Updated version to 0.9.0
   • Made serde_json a non-optional dependency

2. src/cosmetic_filter_cache.rs:

   • Introduced ProceduralOrActionFilter struct to represent complex filters
   • Replaced separate storage for different filter types with a unified procedural_actions field
   • Updated serialization format to include procedural actions

3. src/filters/cosmetic.rs:

   • Introduced CosmeticFilterOperator enum to represent different parts of a cosmetic filter
   • Updated CosmeticFilter struct to use Vec<CosmeticFilterOperator> instead of a single String for selectors
   • Improved handling of procedural filters and CSS validation

4. src/resources/resource_storage.rs:

   • Implemented recursive dependency resolution for scriptlet resources
   • Updated get_scriptlet_resource to handle dependencies and function-style resources
   • Added get_scriptlet_resources method to handle multiple scriptlet injections

5. src/engine.rs, src/lists.rs, src/data_format/v0.rs:

   • Updated to use the new cosmetic filter and scriptlet resource systems

6. Various test files:

   • Updated and expanded tests to cover new functionality and edge cases

These changes represent a significant update to the library's handling of cosmetic filters and scriptlet resources, with a focus on improving support for procedural operators and more complex filter scenarios.

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller