build: updates wazero to 1.0.0-pre.1

[codefromthecrypt]

This updates wazero to 1.0.0-pre.1

A new pre-release will happen at least once each month until 1.0 in February 2023.

Note: Release notes will be posted in the next day or two.

Meanwhile, we've also opened a gophers slack #wazero channel for support, updates and conversation! Note: You may need an invite to join gophers.

[CLAassistant]

All committers have signed the CLA.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[codefromthecrypt]

Here are some notes about the prior integration test fail before I reverted TinyGo back to 0.24

cc @mathetake

It was was out-of-memory in nature, but reported by wasm not the host function:

module_test.go:64: 
[396](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:397)
        	Error Trace:	/home/runner/work/trivy/trivy/integration/module_test.go:64
[397](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:398)
        	Error:      	Received unexpected error:
[398](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:399)
        	            	image scan error:
[399](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:400)
        	            	    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
[400](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:401)
        	            	        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:370
[401](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:402)
        	            	  - scan error:
[402](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:403)
        	            	    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
[403](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:404)
        	            	        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:230
[404](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:405)
        	            	  - scan failed:
[405](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:406)
        	            	    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
[406](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:407)
        	            	        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:541
[407](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:408)
        	            	  - scan failed:
[408](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:409)
        	            	    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
[409](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:410)
        	            	        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:137
[410](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:411)
        	            	  - post scan error:
[411](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:412)
        	            	    github.com/aquasecurity/trivy/pkg/scanner/local.Scanner.Scan
[412](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:413)
        	            	        /home/runner/work/trivy/trivy/pkg/scanner/local/scan.go:168
[413](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:414)
        	            	  - spring4shell post scan error:
[414](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:415)
        	            	    github.com/aquasecurity/trivy/pkg/scanner/post.Scan
[415](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:416)
        	            	        /home/runner/work/trivy/trivy/pkg/scanner/post/post_scan.go:41
[416](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:417)
        	            	  - post scan marshal error:
[417](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:418)
        	            	    github.com/aquasecurity/trivy/pkg/module.(*wasmModule).PostScan
[418](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:419)
        	            	        /home/runner/work/trivy/trivy/pkg/module/module.go:454
[419](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:420)
        	            	  - malloc error:
[420](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:421)
        	            	    github.com/aquasecurity/trivy/pkg/module.marshal
[421](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:422)
        	            	        /home/runner/work/trivy/trivy/pkg/module/module.go:208
[422](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:423)
        	            	  - wasm error: out of bounds memory access
[423](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:424)
        	            	wasm stack trace:
[424](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:425)
        	            		.(runtime.gcBlock).state(i32) i32
[425](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:426)
        	            		.runtime.alloc(i32) i32
[426](https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true#step:5:427)
        	            		.malloc(i32) i32

https://github.com/aquasecurity/trivy/runs/8087811856?check_suite_focus=true

One thing a little confusing about it was that the module.go exports host memory, but that's not imported by the guest.
Ex.

	// Instantiate a Go-defined module named "env" that exports functions.
	_, err := r.NewModuleBuilder("env").
		ExportMemory("mem", 100).

but the guest defines its own memory:

$ wasm2wat ./examples/module/spring4shell/spring4shell.wasm|less
--snip--
  (memory (;0;) 3)
  (global $__stack_pointer (mut i32) (i32.const 65536))
  (export "memory" (memory 0))

If the error pops up again, maybe we need to look deeper, as for example the json size isn't reported in the error messages and no idea if that's larger than a page or not, or if it was should that matter.

[mathetake]

succeeded to reproduce this both on arm64 and amd64. will dig into this tomorrow.

[afdesk]

FYI
#2575 is a reason why tinygo was bumped to 0.24.0.

[codefromthecrypt]

@afdesk tinygo version was a red herring. We'll update this PR to wazero beta.2 when out soon. I originally thought 0.25 could have been behind the glitch, but it wasn't as it was our code.

[codefromthecrypt]

ok now 1.0.0-beta.2 🤞

[codefromthecrypt]

changed to the new "pre" version convention which ensures no-one accidentally upgrades into the broken first beta.

[knqyf263]

Thanks!