Merge branch 'master' into staging-server

Psiphon-Labs · Oct 8, 2024 · e64117c · e64117c
2 parents 1738bc5 + 51a550f
commit e64117c
Show file tree

Hide file tree

Showing 791 changed files with 127,363 additions and 5,659 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -15,8 +15,8 @@ jobs:
       fail-fast: false
       matrix:
         os: [ "ubuntu" ]
-        go: [ "1.22.4" ]
-        test-type: [ "detector", "coverage", "memory", "custom-build-tags" ]
+        go: [ "1.22.7" ]
+        test-type: [ "detector", "coverage", "memory", "custom-build-tags", "code-vetting" ]
 
     runs-on: ${{ matrix.os }}-latest
 
@@ -152,3 +152,39 @@ jobs:
           go build -a -v -tags "PSIPHON_DISABLE_QUIC"
           go build -a -v -tags "PSIPHON_DISABLE_GQUIC"
           go build -a -v -tags "PSIPHON_ENABLE_REFRACTION_NETWORKING"
+
+      - name: Check Go fmt
+        if: ${{ matrix.test-type == 'code-vetting' }}
+        run: |
+          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core
+          if [ "$(gofmt -s -l ./psiphon ./ClientLibrary ./ConsoleClient ./MobileLibrary/psi ./Server | wc -l)" -gt 0 ]; then
+            gofmt -s -l ./psiphon ./ClientLibrary ./ConsoleClient ./MobileLibrary/psi ./Server
+            exit 1
+          fi
+
+      - name: Check Go vet
+        if: ${{ matrix.test-type == 'code-vetting' }}
+        run: |
+          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core
+          go vet -tags "PSIPHON_ENABLE_INPROXY PSIPHON_ENABLE_REFRACTION_NETWORKING" ./psiphon/... ./ClientLibrary/... ./ConsoleClient/... ./MobileLibrary/psi ./Server/...
+
+      # License check ignore cases:
+      #
+      # - github.com/Psiphon-Labs,github.com/Psiphon-Inc: Psiphon code with
+      #   GPL 3 license; any dependencies within (subtree or copy) must be
+      #   manually vetted
+      #
+      # - golang.org/x,filippo.io/edwards25519,github.com/klauspost/compress:
+      #   fail with "contains non-Go code that can't be inspected for further
+      #   dependencies"; manually vetted
+      #
+      # - github.com/oschwald/maxminddb-golang,github.com/shoenig/go-m1cpu:
+      #   ISC and MPL-2.0 respectively; allowed for server only (there is an
+      #   extra pass, without this exclusion, over the main client packages)
+      #
+      - name: Check licenses
+        if: ${{ matrix.test-type == 'code-vetting' }}
+        run: |
+          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core
+          go run github.com/google/go-licenses@latest check --ignore=github.com/Psiphon-Labs,github.com/Psiphon-Inc,golang.org/x,filippo.io/edwards25519,github.com/klauspost/compress,github.com/oschwald/maxminddb-golang,github.com/shoenig/go-m1cpu --allowed_licenses=Apache-2.0,Apache-3,BSD-2-Clause,BSD-3-Clause,BSD-4-Clause,CC0-1.0,MIT ./...
+          go run github.com/google/go-licenses@latest check --ignore=github.com/Psiphon-Labs,github.com/Psiphon-Inc,golang.org/x,filippo.io/edwards25519,github.com/klauspost/compress --allowed_licenses=Apache-2.0,Apache-3,BSD-2-Clause,BSD-3-Clause,BSD-4-Clause,CC0-1.0,MIT ./psiphon ./psiphon/common/... ./ClientLibrary/... ./ConsoleClient/... ./MobileLibrary/psi
diff --git a/ClientLibrary/Dockerfile b/ClientLibrary/Dockerfile
@@ -21,7 +21,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \
 
 # Install Go.
 # NOTE: Go 1.10+ is required to build c-shared for windows (https://github.com/golang/go/commit/bb0bfd002ada7e3eb9198d4287b32c2fed6e8da6)
-ENV GOVERSION=go1.22.4 GOROOT=/usr/local/go GOPATH=/go PATH=$PATH:/usr/local/go/bin:/go/bin CGO_ENABLED=1
+ENV GOVERSION=go1.22.7 GOROOT=/usr/local/go GOPATH=/go PATH=$PATH:/usr/local/go/bin:/go/bin CGO_ENABLED=1
 
 RUN curl -L https://storage.googleapis.com/golang/$GOVERSION.linux-amd64.tar.gz -o /tmp/go.tar.gz \
    && tar -C /usr/local -xzf /tmp/go.tar.gz \

diff --git a/ClientLibrary/PsiphonTunnel.go b/ClientLibrary/PsiphonTunnel.go
@@ -90,8 +90,6 @@ var tunnel *clientlib.PsiphonTunnel
 // Memory managed by PsiphonTunnel which is allocated in Start and freed in Stop
 var managedStartResult *C.char
 
-//export PsiphonTunnelStart
-//
 // ******************************* WARNING ********************************
 // The underlying memory referenced by the return value of Start is managed
 // by PsiphonTunnel and attempting to free it explicitly will cause the
@@ -107,59 +105,66 @@ var managedStartResult *C.char
 // null-terminated buffer of C chars.
 // Start will return,
 // On success:
-//   {
-//     "Code": 0,
-//     "ConnectTimeMS": <milliseconds to establish tunnel>,
-//     "HTTPProxyPort": <http proxy port number>,
-//     "SOCKSProxyPort": <socks proxy port number>
-//   }
+//
+//	{
+//	  "Code": 0,
+//	  "ConnectTimeMS": <milliseconds to establish tunnel>,
+//	  "HTTPProxyPort": <http proxy port number>,
+//	  "SOCKSProxyPort": <socks proxy port number>
+//	}
 //
 // On timeout:
-//   {
-//     "Code": 1,
-//     "Error": <error message>
-//   }
+//
+//	{
+//	  "Code": 1,
+//	  "Error": <error message>
+//	}
 //
 // On other error:
-//   {
-//     "Code": 2,
-//     "Error": <error message>
-//   }
+//
+//	{
+//	  "Code": 2,
+//	  "Error": <error message>
+//	}
 //
 // Parameters.clientPlatform should be of the form OS_OSVersion_BundleIdentifier where
 // both the OSVersion and BundleIdentifier fields are optional. If clientPlatform is set
 // to an empty string the "ClientPlatform" field in the provided JSON config will be
 // used instead.
 //
 // Provided below are links to platform specific code which can be used to find some of the above fields:
-//   Android:
-//     - OSVersion: https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/Android/PsiphonTunnel/PsiphonTunnel.java#L573
-//     - BundleIdentifier: https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/Android/PsiphonTunnel/PsiphonTunnel.java#L575
-//   iOS:
-//     - OSVersion: https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/PsiphonTunnel.m#L612
-//     - BundleIdentifier: https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/PsiphonTunnel.m#L622
+//
+//	Android:
+//	  - OSVersion: https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/Android/PsiphonTunnel/PsiphonTunnel.java#L573
+//	  - BundleIdentifier: https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/Android/PsiphonTunnel/PsiphonTunnel.java#L575
+//	iOS:
+//	  - OSVersion: https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/PsiphonTunnel.m#L612
+//	  - BundleIdentifier: https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/PsiphonTunnel.m#L622
 //
 // Some examples of valid client platform strings are:
 //
-//   "Android_4.2.2_com.example.exampleApp"
-//   "iOS_11.4_com.example.exampleApp"
-//   "Windows"
+//	"Android_4.2.2_com.example.exampleApp"
+//	"iOS_11.4_com.example.exampleApp"
+//	"Windows"
 //
 // Parameters.networkID must be a non-empty string and follow the format specified by:
 // https://godoc.org/github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon#NetworkIDGetter.
 // Provided below are links to platform specific code which can be used to generate
 // valid network identifier strings:
-//   Android:
-//     - https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/Android/PsiphonTunnel/PsiphonTunnel.java#L371
-//   iOS:
-//     - https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/PsiphonTunnel.m#L1105
+//
+//	Android:
+//	  - https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/Android/PsiphonTunnel/PsiphonTunnel.java#L371
+//	iOS:
+//	  - https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/3d344194d21b250e0f18ededa4b4459a373b0690/MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/PsiphonTunnel.m#L1105
 //
 // Parameters.establishTunnelTimeoutSeconds specifies a time limit after which to stop
 // attempting to connect and return an error if an active tunnel has not been established.
 // A timeout of 0 will result in no timeout condition and the controller will attempt to
 // establish an active tunnel indefinitely (or until PsiphonTunnelStop is called).
 // Timeout values >= 0 override the optional `EstablishTunnelTimeoutSeconds` config field;
 // null causes the config value to be used.
+//
+//export PsiphonTunnelStart
 func PsiphonTunnelStart(cConfigJSON, cEmbeddedServerEntryList *C.char, cParams *C.struct_Parameters) *C.char {
 	// Stop any active tunnels
 	PsiphonTunnelStop()
@@ -243,13 +248,13 @@ func PsiphonTunnelStart(cConfigJSON, cEmbeddedServerEntryList *C.char, cParams *
 	return managedStartResult
 }
 
-//export PsiphonTunnelStop
-//
 // Stop stops the controller if it is running and waits for it to clean up and exit.
 //
 // Stop should always be called after a successful call to Start to ensure the
 // controller is not left running and memory is released.
 // It is safe to call this function when the tunnel is not running.
+//
+//export PsiphonTunnelStop
 func PsiphonTunnelStop() {
 	freeManagedStartResult()
 	if tunnel != nil {
@@ -277,10 +282,11 @@ func marshalStartResult(result startResult) *C.char {
 // provided error.
 //
 // The JSON will be in the form of:
-// {
-//   "Code": 2,
-//   "Error": <error message>
-// }
+//
+//	{
+//	  "Code": 2,
+//	  "Error": <error message>
+//	}
 func startErrorJSON(err error) *C.char {
 	var result startResult
 	result.Code = startResultCodeOtherError

diff --git a/ClientLibrary/build-darwin.sh b/ClientLibrary/build-darwin.sh
@@ -9,8 +9,8 @@ if [ -z ${2+x} ]; then BUILD_TAGS=""; else BUILD_TAGS="$2"; fi
 # Note:
 #   clangwrap.sh needs to be updated when the Go version changes.
 #   The last version was:
-#   https://github.com/golang/go/blob/go1.22.4/misc/ios/clangwrap.sh
-GO_VERSION_REQUIRED="1.22.4"
+#   https://github.com/golang/go/blob/go1.22.7/misc/ios/clangwrap.sh
+GO_VERSION_REQUIRED="1.22.7"
 
 BASE_DIR=$(cd "$(dirname "$0")" ; pwd -P)
 cd ${BASE_DIR}

diff --git a/ConsoleClient/Dockerfile b/ConsoleClient/Dockerfile
@@ -22,7 +22,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \
   && rm -rf /var/lib/apt/lists/*
 
 # Install Go.
-ENV GOVERSION=go1.22.4 GOROOT=/usr/local/go GOPATH=/go PATH=$PATH:/usr/local/go/bin:/go/bin CGO_ENABLED=1
+ENV GOVERSION=go1.22.7 GOROOT=/usr/local/go GOPATH=/go PATH=$PATH:/usr/local/go/bin:/go/bin CGO_ENABLED=1
 
 RUN curl -L https://storage.googleapis.com/golang/$GOVERSION.linux-amd64.tar.gz -o /tmp/go.tar.gz \
    && tar -C /usr/local -xzf /tmp/go.tar.gz \

diff --git a/ConsoleClient/signal.go b/ConsoleClient/signal.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 /*

diff --git a/MobileLibrary/Android/Dockerfile b/MobileLibrary/Android/Dockerfile
@@ -23,7 +23,7 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \
   && rm -rf /var/lib/apt/lists/*
 
 # Install Go.
-ENV GOVERSION=go1.22.4 GOROOT=/usr/local/go GOPATH=/go PATH=$PATH:/usr/local/go/bin:/go/bin CGO_ENABLED=1
+ENV GOVERSION=go1.22.7 GOROOT=/usr/local/go GOPATH=/go PATH=$PATH:/usr/local/go/bin:/go/bin CGO_ENABLED=1
 
 RUN curl -L https://storage.googleapis.com/golang/$GOVERSION.linux-amd64.tar.gz -o /tmp/go.tar.gz \
   && tar -C /usr/local -xzf /tmp/go.tar.gz \

diff --git a/MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/Network/Reachability/DefaultRouteMonitor.m b/MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/Network/Reachability/DefaultRouteMonitor.m
@@ -192,8 +192,10 @@ - (void)stop API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0)) {
         // Note: this monitor cannot be used after being cancelled. Its update handler will not
         // fire again and cannot be restarted with nw_path_monitor_start. A new monitor must be
         // created and started.
-        nw_path_monitor_cancel(self->monitor);
-        self->monitor = nil;
+        if (self->monitor != nil) {
+            nw_path_monitor_cancel(self->monitor);
+            self->monitor = nil;
+        }
     }
 }
 

diff --git a/MobileLibrary/iOS/build-psiphon-framework.sh b/MobileLibrary/iOS/build-psiphon-framework.sh
@@ -17,7 +17,7 @@ set -e -u -x
 if [ -z ${1+x} ]; then BUILD_TAGS=""; else BUILD_TAGS="$1"; fi
 
 # Modify this value as we use newer Go versions.
-GO_VERSION_REQUIRED="1.22.4"
+GO_VERSION_REQUIRED="1.22.7"
 
 # At this time, psiphon-tunnel-core doesn't support modules
 export GO111MODULE=off

diff --git a/Server/Dockerfile-binary-builder b/Server/Dockerfile-binary-builder
@@ -1,6 +1,6 @@
 FROM alpine:3.18.4
 
-ENV GOLANG_VERSION 1.22.4
+ENV GOLANG_VERSION 1.22.7
 ENV GOLANG_SRC_URL https://golang.org/dl/go$GOLANG_VERSION.src.tar.gz
 
 RUN set -ex \

diff --git a/go.mod b/go.mod
@@ -35,8 +35,9 @@ require (
 	github.com/Psiphon-Labs/bolt v0.0.0-20200624191537-23cedaef7ad7
 	github.com/Psiphon-Labs/consistent v0.0.0-20240322131436-20aaa4e05737
 	github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464
-	github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240424193802-52b2602ec60c
-	github.com/Psiphon-Labs/quic-go v0.0.0-20240424181006-45545f5e1536
+	github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240824224428-ca6969e315a9
+	github.com/Psiphon-Labs/quic-go v0.0.0-20240821052333-b6316b594e39
+	github.com/Psiphon-Labs/utls v1.1.1-0.20240821052800-443a34df921f
 	github.com/armon/go-proxyproto v0.0.0-20180202201750-5b7edb60ff5f
 	github.com/bifurcation/mint v0.0.0-20180306135233-198357931e61
 	github.com/bits-and-blooms/bloom/v3 v3.6.0
@@ -55,7 +56,7 @@ require (
 	github.com/google/gopacket v1.1.19
 	github.com/grafov/m3u8 v0.0.0-20171211212457-6ab8f28ed427
 	github.com/marusama/semaphore v0.0.0-20171214154724-565ffd8e868a
-	github.com/miekg/dns v1.1.44-0.20210804161652-ab67aa642300
+	github.com/miekg/dns v1.1.56
 	github.com/mitchellh/panicwrap v0.0.0-20170106182340-fce601fe5557
 	github.com/oschwald/maxminddb-golang v1.12.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
@@ -70,7 +71,6 @@ require (
 	github.com/pion/webrtc/v3 v3.2.40
 	github.com/refraction-networking/conjure v0.7.11-0.20240130155008-c8df96195ab2
 	github.com/refraction-networking/gotapdance v1.7.10
-	github.com/refraction-networking/utls v1.3.3
 	github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735
 	github.com/shirou/gopsutil/v4 v4.24.5
 	github.com/sirupsen/logrus v1.9.3
@@ -80,39 +80,43 @@ require (
 	github.com/wlynxg/anet v0.0.1
 	golang.org/x/crypto v0.22.0
 	golang.org/x/net v0.24.0
-	golang.org/x/sync v0.3.0
+	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.20.0
 	golang.org/x/term v0.19.0
 	golang.org/x/time v0.5.0
 	golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b
-	tailscale.com v1.40.0
+	tailscale.com v1.58.2
 )
 
 require (
 	filippo.io/bigmod v0.0.1 // indirect
 	filippo.io/keygen v0.0.0-20230306160926-5201437acf8e // indirect
 	github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect
-	github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 // indirect
-	github.com/andybalholm/brotli v1.0.5 // indirect
+	github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa // indirect
+	github.com/andybalholm/brotli v1.0.6 // indirect
 	github.com/bits-and-blooms/bitset v1.10.0 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/coreos/go-iptables v0.7.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dblohm7/wingoes v0.0.0-20230929194252-e994401fc077 // indirect
 	github.com/dchest/siphash v1.2.3 // indirect
 	github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect
 	github.com/gaukas/godicttls v0.0.4 // indirect
-	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c // indirect
 	github.com/google/pprof v0.0.0-20211214055906-6f57359322fd // indirect
 	github.com/google/uuid v1.3.1 // indirect
 	github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 // indirect
-	github.com/jsimonetti/rtnetlink v1.1.2-0.20220408201609-d380b505068b // indirect
+	github.com/jsimonetti/rtnetlink v1.3.5 // indirect
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
-	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/libp2p/go-reuseport v0.4.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
-	github.com/mdlayher/netlink v1.7.1 // indirect
-	github.com/mdlayher/socket v0.4.0 // indirect
+	github.com/mdlayher/netlink v1.7.2 // indirect
+	github.com/mdlayher/socket v0.5.0 // indirect
 	github.com/mroth/weightedrand v1.0.0 // indirect
 	github.com/onsi/ginkgo/v2 v2.12.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
@@ -129,19 +133,25 @@ require (
 	github.com/quic-go/qpack v0.4.0 // indirect
 	github.com/refraction-networking/ed25519 v0.1.2 // indirect
 	github.com/refraction-networking/obfs4 v0.1.2 // indirect
+	github.com/refraction-networking/utls v1.3.3 // indirect
 	github.com/sergeyfrolov/bsbuffer v0.0.0-20180903213811-94e85abb8507 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 // indirect
+	github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85 // indirect
 	github.com/tklauser/go-sysconf v0.3.12 // indirect
 	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/vishvananda/netlink v1.2.1-beta.2 // indirect
+	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.5.0 // indirect
 	go.uber.org/mock v0.4.0 // indirect
-	go4.org/mem v0.0.0-20210711025021-927187094b94 // indirect
-	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
+	go4.org/mem v0.0.0-20220726221520-4f986261bf13 // indirect
+	go4.org/netipx v0.0.0-20230824141953-6213f710f925 // indirect
+	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
+	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/tools v0.12.0 // indirect
+	golang.org/x/tools v0.15.0 // indirect
 	golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect