[fix] chatnoir: don't re-use/cache session keys

They're invalidated very quickly, so even caching them for
60 seconds results in a lot of unauthorized access errors.

.github/workflows/container.yml

@@ -78,7 +78,7 @@ jobs:
           python-version: "${{ env.PYTHON_VERSION }}"
 
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
         with:
           persist-credentials: "false"
           fetch-depth: "0"
@@ -141,7 +141,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
         with:
           persist-credentials: "false"
 
@@ -175,7 +175,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
         with:
           persist-credentials: "false"
 

.github/workflows/data-update.yml

@@ -46,7 +46,7 @@ jobs:
           python-version: "${{ env.PYTHON_VERSION }}"
 
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
         with:
           persist-credentials: "false"
 

.github/workflows/documentation.yml

@@ -37,7 +37,7 @@ jobs:
           python-version: "${{ env.PYTHON_VERSION }}"
 
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
         with:
           persist-credentials: "false"
           fetch-depth: "0"

.github/workflows/integration.yml

@@ -39,7 +39,7 @@ jobs:
           python-version: "${{ matrix.python-version }}"
 
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
         with:
           persist-credentials: "false"
 
@@ -67,7 +67,7 @@ jobs:
           python-version: "${{ env.PYTHON_VERSION }}"
 
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
         with:
           persist-credentials: "false"
 

.github/workflows/l10n.yml

@@ -40,7 +40,7 @@ jobs:
           python-version: "${{ env.PYTHON_VERSION }}"
 
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
         with:
           token: "${{ secrets.WEBLATE_GITHUB_TOKEN }}"
           fetch-depth: "0"
@@ -88,7 +88,7 @@ jobs:
           python-version: "${{ env.PYTHON_VERSION }}"
 
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
         with:
           token: "${{ secrets.WEBLATE_GITHUB_TOKEN }}"
           fetch-depth: "0"

.github/workflows/security.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10  # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0  # v7.0.0
         with:
           persist-credentials: "false"
 

client/simple/package-lock.json

@@ -16,7 +16,7 @@
       },
       "devDependencies": {
         "@biomejs/biome": "2.5.0",
-        "@types/node": "^25.9.3",
+        "@types/node": "^26.0.0",
         "browserslist": "^4.28.2",
         "browserslist-to-esbuild": "^2.1.1",
         "edge.js": "^6.5.1",
@@ -1570,13 +1570,13 @@
       }
     },
     "node_modules/@types/node": {
-      "version": "25.9.3",
+      "version": "26.0.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.9.3.tgz",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-26.0.0.tgz",
-      "integrity": "sha512-603BddQMv3pUcr4U2dhujk83N2tTDVr/34wII2B6bJy6g+8WD6yUb11jszNs0gdi4PesVWl7ABt8nYMVpnLUcg==",
+      "integrity": "sha512-vf2YFi1iY9lHGwNJMs01biZFbKJkrZR1T6/MlzjhJLPdntOHLhTrDSnSVcdtvjihi4VQNlrFRIxLsDBlQpAipA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "undici-types": ">=7.24.0 <7.24.7"
+        "undici-types": "~8.3.0"
       }
     },
     "node_modules/@types/pluralize": {
@@ -4515,9 +4515,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "7.24.6",
+      "version": "8.3.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.24.6.tgz",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-8.3.0.tgz",
-      "integrity": "sha512-WRNW+sJgj5OBN4/0JpHFqtqzhpbnV0GuB+OozA9gCL7a993SmU+1JBZCzLNxYsbMfIeDL+lTsphD5jN5N+n0zg==",
+      "integrity": "sha512-j375ScV60dom+YkPFIfTLcOiPxkN/buHz5GobjLhixFuANaNs3C9l4GmrWqejgXWJ7BbJcFYpTEUkS1Ge8bpZQ==",
       "dev": true,
       "license": "MIT"
     },

client/simple/package.json

@@ -30,7 +30,7 @@
   },
   "devDependencies": {
     "@biomejs/biome": "2.5.0",
-    "@types/node": "^25.9.3",
+    "@types/node": "^26.0.0",
     "browserslist": "^4.28.2",
     "browserslist-to-esbuild": "^2.1.1",
     "edge.js": "^6.5.1",

searx/engines/chatnoir.py

@@ -14,7 +14,6 @@ from searx.extended_types import SXNG_Response
 from searx.network import get, post
 from searx.result_types import EngineResults
 from searx.utils import html_to_text
-from searx.enginelib import EngineCache
 
 if t.TYPE_CHECKING:
     from searx.search.processors import OnlineParams
@@ -42,21 +41,7 @@ search_index = "cw22"
 <https://www.chatnoir.eu/docs/api-general>`_ for a full list."""
 
 
-CACHE: EngineCache
-"""Cache to store session info (i.e. api key, csrf token, session id)."""
-
-
-def setup(engine_settings: dict[str, t.Any]) -> bool:
-    global CACHE  # pylint: disable=global-statement
-    CACHE = EngineCache(engine_settings["name"])
-    return True
-
-
 def _obtain_api_key() -> tuple[str, str, str]:
-    cached_session = CACHE.get("session")
-    if cached_session:
-        return tuple(cached_session.split("|"))
-
     home_resp = get(base_url)
     if not home_resp.ok:
         raise SearxEngineAPIException("failed to obtain api key")
@@ -76,10 +61,6 @@ def _obtain_api_key() -> tuple[str, str, str]:
     session_id = token_resp.cookies["sessionid"]
     scraped_api_key = token_resp.json()["token"]["token"]
 
-    # session keys seem to become rate-limited very fast, so only remembering
-    # for 1 minute here
-    CACHE.set("session", f"{csrf_token}|{session_id}|{scraped_api_key}", expire=60)
-
     return csrf_token, session_id, scraped_api_key