Bump github.com/crowdsecurity/crowdsec from 1.7.4 to 1.7.7

[dependabot]

Bumps github.com/crowdsecurity/crowdsec from 1.7.4 to 1.7.7.

Release notes

Sourced from github.com/crowdsecurity/crowdsec's releases.

v1.7.7

CrowdSec 1.7.7 brings 2 major changes:

• On linux, RE2 is now used by default for evaluating regexp in parsers
• WAF rules can now contain a mix of AND/OR conditions without any limits, giving much greater flexibility when writing new rules

RE2 by default on linux

CrowdsSec has supported for a long time using RE2 as the regexp engine, and with this release we make it the default.

CrowdSec has always used the builtin Go regexp package, which is a Go reimplementation of the RE2 library, but with known performance limitations.

The switch to RE2 will bring significantly increased regexp performance (one of the most critical part of CrowdSec) at the cost of slightly longer regexp compilation and higher baseline memory usage.

[!IMPORTANT] If you encounter any issues with the new regexp engine, you can fallback to the previous Go implementation by setting the feature flag re2_disable_grok_support (see the documentation).

Other changes

Other notable changes include:

• a new kind attribute for alerts used to identify its source (a scenario, a WAF rule, a manual decision creation, ...)
• a new cscli allowlist import command
• support for the HTTP_PROXY environment variable in the notification-http plugin
• A resource leak under high load was fixed

Full changelog

New Features

• add LookupFile and FileMap expr helpers (#4372) @​buixor
• waf rules: allow arbitrary mix of AND and OR conditions (#4358) @​blotus

Improvements

• enable RE2 support by default on linux (#4386) @​blotus
• cscli allowlists: add import command (#4378) @​blotus
• WAF: expose more transformations from coraza (#4140) @​blotus
• Add new kind alert attribute (#4351) @​blotus
• Use environment proxy settings for notification-http (#4364) @​op3

Bug Fixes

• allowlists: apply items to existing decisions in batch (#4095) @​blotus
• waf: fix tests for modsec rules generation (#4385) @​blotus
• windows: add file notification plugin in MSI package (#4367) @​blotus
• leakroutine: call cancel after leakroutine returns (#4369) @​blotus
• notification-sentinel: lower-case x-ms-date header for correct HMAC (#4288) @​ebirn
• tests: remove temporary sqlite/plugin files from /tmp/ (#4332) @​mmetc
• pkg/apiserver: fix scenario count in debug log (#4333) @​mmetc

... (truncated)

Commits

• 027974f merge for 1.7.7 release
• 981e616 allowlists: apply items to existing decisions in batch (#4095)
• 43aa4a0 build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 (#4382)
• 68fc844 enable RE2 support by default on linux (#4386)
• ac5e6f9 cscli allowlists: add import command (#4378)
• 30ca8b2 waf: fix tests for modsec rules generation (#4385)
• 50c8aa4 WAF: expose more transform options (#4140)
• 5a11847 add LookupFile and FileMap expr helpers (#4372)
• a8a75f2 CI: use windows-2025 image (#4379)
• 5eda722 Add new kind alert attribute (#4351)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)