Test dylint

.dockerignore

@@ -5,7 +5,6 @@
 !.git
 !docker/healthcheck.sh
 !docker/start.sh
-!macros
 !migrations
 !src
 

.env.template

@@ -280,13 +280,12 @@
 ## The default for new users. If changed, it will be updated during login for existing users.
 # PASSWORD_ITERATIONS=600000
 
-## Controls whether users can set or show password hints. This setting applies globally to all users.
+## Controls whether users can set password hints. This setting applies globally to all users.
 # PASSWORD_HINTS_ALLOWED=true
 
 ## Controls whether a password hint should be shown directly in the web page if
-## SMTP service is not configured and password hints are allowed.
-## Not recommended for publicly-accessible instances because this provides
-## unauthenticated access to potentially sensitive data.
+## SMTP service is not configured. Not recommended for publicly-accessible instances
+## as this provides unauthenticated access to potentially sensitive data.
 # SHOW_PASSWORD_HINT=false
 
 #########################
@@ -350,9 +349,6 @@
 ## - "browser-fileless-import": Directly import credentials from other providers without a file.
 ## - "extension-refresh": Temporarily enable the new extension design until general availability (should be used with the beta Chrome extension)
 ## - "fido2-vault-credentials": Enable the use of FIDO2 security keys as second factor.
-## - "inline-menu-positioning-improvements": Enable the use of inline menu password generator and identity suggestions in the browser extension.
-## - "ssh-key-vault-item": Enable the creation and use of SSH key vault items. (Needs clients >=2024.12.0)
-## - "ssh-agent": Enable SSH agent support on Desktop. (Needs desktop >=2024.12.0)
 # EXPERIMENTAL_CLIENT_FEATURE_FLAGS=fido2-vault-credentials
 
 ## Require new device emails. When a user logs in an email is required to be sent.
@@ -411,14 +407,6 @@
 ## Multiple values must be separated with a whitespace.
 # ALLOWED_IFRAME_ANCESTORS=
 
-## Allowed connect-src (Know the risks!)
-## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src
-## Allows other domains to URLs which can be loaded using script interfaces like the Forwarded email alias feature
-## This adds the configured value to the 'Content-Security-Policy' headers 'connect-src' value.
-## Multiple values must be separated with a whitespace. And only HTTPS values are allowed.
-## Example: "https://my-addy-io.domain.tld https://my-simplelogin.domain.tld"
-# ALLOWED_CONNECT_SRC=""
-
 ## Number of seconds, on average, between login requests from the same IP address before rate limiting kicks in.
 # LOGIN_RATELIMIT_SECONDS=60
 ## Allow a burst of requests of up to this size, while maintaining the average indicated by `LOGIN_RATELIMIT_SECONDS`.

.github/workflows/build.yml

@@ -47,7 +47,7 @@ jobs:
     steps:
       # Checkout the repo
       - name: "Checkout"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
       # End Checkout the repo
 
 
@@ -75,7 +75,7 @@ jobs:
 
       # Only install the clippy and rustfmt components on the default rust-toolchain
       - name: "Install rust-toolchain version"
-        uses: dtolnay/rust-toolchain@a54c7afa936fefeb4456b2dd8068152669aa8203 # master @ Dec 14, 2024, 5:49 AM GMT+1
+        uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a # master @ Aug 8, 2024, 7:36 PM GMT+2
         if: ${{ matrix.channel == 'rust-toolchain' }}
         with:
           toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
@@ -85,7 +85,7 @@ jobs:
 
       # Install the any other channel to be used for which we do not execute clippy and rustfmt
       - name: "Install MSRV version"
-        uses: dtolnay/rust-toolchain@a54c7afa936fefeb4456b2dd8068152669aa8203 # master @ Dec 14, 2024, 5:49 AM GMT+1
+        uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a # master @ Aug 8, 2024, 7:36 PM GMT+2
         if: ${{ matrix.channel != 'rust-toolchain' }}
         with:
           toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
@@ -107,8 +107,7 @@ jobs:
       # End Show environment
 
       # Enable Rust Caching
-      - name: Rust Caching
-        uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
+      - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
         with:
           # Use a custom prefix-key to force a fresh start. This is sometimes needed with bigger changes.
           # Like changing the build host from Ubuntu 20.04 to 22.04 for example.
@@ -118,12 +117,6 @@ jobs:
 
       # Run cargo tests
       # First test all features together, afterwards test them separately.
-      - name: "test features: sqlite,mysql,postgresql,enable_mimalloc,query_logger"
-        id: test_sqlite_mysql_postgresql_mimalloc_logger
-        if: $${{ always() }}
-        run: |
-          cargo test --features sqlite,mysql,postgresql,enable_mimalloc,query_logger
-
       - name: "test features: sqlite,mysql,postgresql,enable_mimalloc"
         id: test_sqlite_mysql_postgresql_mimalloc
         if: $${{ always() }}
@@ -183,7 +176,6 @@ jobs:
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "|Job|Status|" >> $GITHUB_STEP_SUMMARY
           echo "|---|------|" >> $GITHUB_STEP_SUMMARY
-          echo "|test (sqlite,mysql,postgresql,enable_mimalloc,query_logger)|${{ steps.test_sqlite_mysql_postgresql_mimalloc_logger.outcome }}|" >> $GITHUB_STEP_SUMMARY
           echo "|test (sqlite,mysql,postgresql,enable_mimalloc)|${{ steps.test_sqlite_mysql_postgresql_mimalloc.outcome }}|" >> $GITHUB_STEP_SUMMARY
           echo "|test (sqlite,mysql,postgresql)|${{ steps.test_sqlite_mysql_postgresql.outcome }}|" >> $GITHUB_STEP_SUMMARY
           echo "|test (sqlite)|${{ steps.test_sqlite.outcome }}|" >> $GITHUB_STEP_SUMMARY

.github/workflows/hadolint.yml

@@ -13,12 +13,12 @@ jobs:
     steps:
       # Checkout the repo
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
       # End Checkout the repo
 
       # Start Docker Buildx
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
         # https://github.com/moby/buildkit/issues/3969
         # Also set max parallelism to 2, the default of 4 breaks GitHub Actions and causes OOMKills
         with:

.github/workflows/release.yml

@@ -27,16 +27,11 @@ jobs:
         if: ${{ github.ref_type == 'branch' }}
 
   docker-build:
-    permissions:
-      packages: write
-      contents: read
-      attestations: write
-      id-token: write
     runs-on: ubuntu-24.04
     timeout-minutes: 120
     needs: skip_check
     if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
-    # Start a local docker registry to extract the compiled binaries to upload as artifacts and attest them
+    # Start a local docker registry to extract the final Alpine static build binaries
     services:
       registry:
         image: registry:2
@@ -63,18 +58,18 @@ jobs:
     steps:
       # Checkout the repo
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
         with:
           fetch-depth: 0
 
       - name: Initialize QEMU binfmt support
-        uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
         with:
           platforms: "arm64,arm"
 
       # Start Docker Buildx
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
         # https://github.com/moby/buildkit/issues/3969
         # Also set max parallelism to 2, the default of 4 breaks GitHub Actions and causes OOMKills
         with:
@@ -164,13 +159,13 @@ jobs:
           #
 
       - name: Add localhost registry
+        if: ${{ matrix.base_image == 'alpine' }}
         shell: bash
         run: |
           echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}localhost:5000/vaultwarden/server" | tee -a "${GITHUB_ENV}"
 
       - name: Bake ${{ matrix.base_image }} containers
-        id: bake_vw
-        uses: docker/bake-action@5ca506d06f70338a4968df87fd8bfee5cbfb84c7 # v6.0.0
+        uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0
         env:
           BASE_TAGS: "${{ env.BASE_TAGS }}"
           SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}"
@@ -180,47 +175,16 @@ jobs:
         with:
           pull: true
           push: true
-          source: .
           files: docker/docker-bake.hcl
           targets: "${{ matrix.base_image }}-multi"
           set: |
             *.cache-from=${{ env.BAKE_CACHE_FROM }}
             *.cache-to=${{ env.BAKE_CACHE_TO }}
 
-      - name: Extract digest SHA
-        shell: bash
-        run: |
-          GET_DIGEST_SHA="$(jq -r '.["${{ matrix.base_image }}-multi"]."containerimage.digest"' <<< '${{ steps.bake_vw.outputs.metadata }}')"
-          echo "DIGEST_SHA=${GET_DIGEST_SHA}" | tee -a "${GITHUB_ENV}"
-
-      # Attest container images
-      - name: Attest - docker.io - ${{ matrix.base_image }}
-        if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' && steps.bake_vw.outputs.metadata != ''}}
-        uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
-        with:
-          subject-name: ${{ vars.DOCKERHUB_REPO }}
-          subject-digest: ${{ env.DIGEST_SHA }}
-          push-to-registry: true
-
-      - name: Attest - ghcr.io - ${{ matrix.base_image }}
-        if: ${{ env.HAVE_GHCR_LOGIN == 'true' && steps.bake_vw.outputs.metadata != ''}}
-        uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
-        with:
-          subject-name: ${{ vars.GHCR_REPO }}
-          subject-digest: ${{ env.DIGEST_SHA }}
-          push-to-registry: true
-
-      - name: Attest - quay.io - ${{ matrix.base_image }}
-        if: ${{ env.HAVE_QUAY_LOGIN == 'true' && steps.bake_vw.outputs.metadata != ''}}
-        uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
-        with:
-          subject-name: ${{ vars.QUAY_REPO }}
-          subject-digest: ${{ env.DIGEST_SHA }}
-          push-to-registry: true
-
 
       # Extract the Alpine binaries from the containers
       - name: Extract binaries
+        if: ${{ matrix.base_image == 'alpine' }}
         shell: bash
         run: |
           # Check which main tag we are going to build determined by github.ref_type
@@ -230,65 +194,59 @@ jobs:
             EXTRACT_TAG="testing"
           fi
 
-          # Check which base_image was used and append -alpine if needed
-          if [[ "${{ matrix.base_image }}" == "alpine" ]]; then
-            EXTRACT_TAG="${EXTRACT_TAG}-alpine"
-          fi
-
           # After each extraction the image is removed.
           # This is needed because using different platforms doesn't trigger a new pull/download
 
           # Extract amd64 binary
-          docker create --name amd64 --platform=linux/amd64 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}"
-          docker cp amd64:/vaultwarden vaultwarden-amd64-${{ matrix.base_image }}
+          docker create --name amd64 --platform=linux/amd64 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker cp amd64:/vaultwarden vaultwarden-amd64
           docker rm --force amd64
-          docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}"
+          docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
 
           # Extract arm64 binary
-          docker create --name arm64 --platform=linux/arm64 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}"
-          docker cp arm64:/vaultwarden vaultwarden-arm64-${{ matrix.base_image }}
+          docker create --name arm64 --platform=linux/arm64 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker cp arm64:/vaultwarden vaultwarden-arm64
           docker rm --force arm64
-          docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}"
+          docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
 
           # Extract armv7 binary
-          docker create --name armv7 --platform=linux/arm/v7 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}"
-          docker cp armv7:/vaultwarden vaultwarden-armv7-${{ matrix.base_image }}
+          docker create --name armv7 --platform=linux/arm/v7 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker cp armv7:/vaultwarden vaultwarden-armv7
           docker rm --force armv7
-          docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}"
+          docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
 
           # Extract armv6 binary
-          docker create --name armv6 --platform=linux/arm/v6 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}"
-          docker cp armv6:/vaultwarden vaultwarden-armv6-${{ matrix.base_image }}
+          docker create --name armv6 --platform=linux/arm/v6 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker cp armv6:/vaultwarden vaultwarden-armv6
           docker rm --force armv6
-          docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}"
+          docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
 
-      # Upload artifacts to Github Actions and Attest the binaries
-      - name: "Upload amd64 artifact ${{ matrix.base_image }}"
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b #v4.5.0
+      # Upload artifacts to Github Actions
+      - name: "Upload amd64 artifact"
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        if: ${{ matrix.base_image == 'alpine' }}
         with:
-          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-amd64-${{ matrix.base_image }}
-          path: vaultwarden-amd64-${{ matrix.base_image }}
+          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-amd64
+          path: vaultwarden-amd64
 
-      - name: "Upload arm64 artifact ${{ matrix.base_image }}"
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b #v4.5.0
+      - name: "Upload arm64 artifact"
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        if: ${{ matrix.base_image == 'alpine' }}
         with:
-          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-arm64-${{ matrix.base_image }}
-          path: vaultwarden-arm64-${{ matrix.base_image }}
+          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-arm64
+          path: vaultwarden-arm64
 
-      - name: "Upload armv7 artifact ${{ matrix.base_image }}"
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b #v4.5.0
+      - name: "Upload armv7 artifact"
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        if: ${{ matrix.base_image == 'alpine' }}
         with:
-          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv7-${{ matrix.base_image }}
-          path: vaultwarden-armv7-${{ matrix.base_image }}
+          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv7
+          path: vaultwarden-armv7
 
-      - name: "Upload armv6 artifact ${{ matrix.base_image }}"
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b #v4.5.0
+      - name: "Upload armv6 artifact"
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        if: ${{ matrix.base_image == 'alpine' }}
         with:
-          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv6-${{ matrix.base_image }}
-          path: vaultwarden-armv6-${{ matrix.base_image }}
-
-      - name: "Attest artifacts ${{ matrix.base_image }}"
-        uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
-        with:
-          subject-path: vaultwarden-*
+          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv6
+          path: vaultwarden-armv6
       # End Upload artifacts to Github Actions

.github/workflows/trivy.yml

@@ -28,13 +28,10 @@ jobs:
       actions: read
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
-        env:
-          TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2
-          TRIVY_JAVA_DB_REPOSITORY: docker.io/aquasec/trivy-java-db:1,public.ecr.aws/aquasecurity/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1
+        uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0
         with:
           scan-type: repo
           ignore-unfixed: true
@@ -43,6 +40,6 @@ jobs:
           severity: CRITICAL,HIGH
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@86b04fb0e47484f7282357688f21d5d0e32175fe # v3.27.5
+        uses: github/codeql-action/upload-sarif@2bbafcdd7fbf96243689e764c2f15d9735164f33 # v3.26.6
         with:
           sarif_file: 'trivy-results.sarif'

Cargo.toml

@@ -1,11 +1,9 @@
-workspace = { members = ["macros"] }
-
 [package]
 name = "vaultwarden"
 version = "1.0.0"
 authors = ["Daniel García <dani-garcia@users.noreply.github.com>"]
 edition = "2021"
-rust-version = "1.83.0"
+rust-version = "1.80.0"
 resolver = "2"
 
 repository = "https://github.com/dani-garcia/vaultwarden"
@@ -38,15 +36,13 @@ unstable = []
 
 [target."cfg(unix)".dependencies]
 # Logging
-syslog = "7.0.0"
+syslog = "6.1.1"
 
 [dependencies]
-macros = { path = "./macros" }
-
 # Logging
 log = "0.4.22"
-fern = { version = "0.7.1", features = ["syslog-7", "reopen-1"] }
-tracing = { version = "0.1.41", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
+fern = { version = "0.7.0", features = ["syslog-6", "reopen-1"] }
+tracing = { version = "0.1.40", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
 
 # A `dotenv` implementation for Rust
 dotenvy = { version = "0.15.7", default-features = false }
@@ -57,7 +53,7 @@ once_cell = "1.20.2"
 # Numerical libraries
 num-traits = "0.2.19"
 num-derive = "0.4.2"
-bigdecimal = "0.4.7"
+bigdecimal = "0.4.5"
 
 # Web framework
 rocket = { version = "0.5.1", features = ["tls", "json"], default-features = false }
@@ -71,19 +67,16 @@ dashmap = "6.1.0"
 
 # Async futures
 futures = "0.3.31"
-tokio = { version = "1.42.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal", "net"] }
+tokio = { version = "1.41.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal", "net"] }
 
 # A generic serialization/deserialization framework
-serde = { version = "1.0.217", features = ["derive"] }
-serde_json = "1.0.135"
+serde = { version = "1.0.213", features = ["derive"] }
+serde_json = "1.0.132"
 
 # A safe, extensible ORM and Query builder
-diesel = { version = "2.2.6", features = ["chrono", "r2d2", "numeric"] }
+diesel = { version = "2.2.4", features = ["chrono", "r2d2", "numeric"] }
 diesel_migrations = "2.2.0"
-diesel_logger = { version = "0.4.0", optional = true }
-
-derive_more = { version = "1.0.0", features = ["from", "into", "as_ref", "deref", "display"] }
-diesel-derive-newtype = "2.1.2"
+diesel_logger = { version = "0.3.0", optional = true }
 
 # Bundled/Static SQLite
 libsqlite3-sys = { version = "0.30.1", features = ["bundled"], optional = true }
@@ -96,9 +89,9 @@ ring = "0.17.8"
 uuid = { version = "1.11.0", features = ["v4"] }
 
 # Date and time libraries
-chrono = { version = "0.4.39", features = ["clock", "serde"], default-features = false }
+chrono = { version = "0.4.38", features = ["clock", "serde"], default-features = false }
 chrono-tz = "0.10.0"
-time = "0.3.37"
+time = "0.3.36"
 
 # Job scheduler
 job_scheduler_ng = "2.0.5"
@@ -113,38 +106,38 @@ jsonwebtoken = "9.3.0"
 totp-lite = "2.0.1"
 
 # Yubico Library
-yubico = { version = "0.12.0", features = ["online-tokio"], default-features = false }
+yubico = { version = "0.11.0", features = ["online-tokio"], default-features = false }
 
 # WebAuthn libraries
 webauthn-rs = "0.3.2"
 
 # Handling of URL's for WebAuthn and favicons
-url = "2.5.4"
+url = "2.5.2"
 
 # Email libraries
-lettre = { version = "0.11.11", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
+lettre = { version = "0.11.10", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
 percent-encoding = "2.3.1" # URL encoding library used for URL's in the emails
 email_address = "0.2.9"
 
 # HTML Template library
-handlebars = { version = "6.3.0", features = ["dir_source"] }
+handlebars = { version = "6.1.0", features = ["dir_source"] }
 
 # HTTP client (Used for favicons, version check, DUO and HIBP API)
-reqwest = { version = "0.12.12", features = ["native-tls-alpn", "stream", "json", "gzip", "brotli", "socks", "cookies"] }
-hickory-resolver = "0.24.2"
+reqwest = { version = "0.12.8", features = ["native-tls-alpn", "stream", "json", "gzip", "brotli", "socks", "cookies"] }
+hickory-resolver = "0.24.1"
 
 # Favicon extraction libraries
-html5gum = "0.7.0"
-regex = { version = "1.11.1", features = ["std", "perf", "unicode-perl"], default-features = false }
+html5gum = "0.5.7"
+regex = { version = "1.11.0", features = ["std", "perf", "unicode-perl"], default-features = false }
 data-url = "0.3.1"
-bytes = "1.9.0"
+bytes = "1.8.0"
 
 # Cache function results (Used for version check and favicon fetching)
-cached = { version = "0.54.0", features = ["async"] }
+cached = { version = "0.53.1", features = ["async"] }
 
 # Used for custom short lived cookie jar during favicon extraction
 cookie = "0.18.1"
-cookie_store = "0.21.1"
+cookie_store = "0.21.0"
 
 # Used by U2F, JWT and PostgreSQL
 openssl = "0.10.68"
@@ -154,15 +147,15 @@ pico-args = "0.5.0"
 
 # Macro ident concatenation
 paste = "1.0.15"
-governor = "0.8.0"
+governor = "0.7.0"
 
 # Check client versions for specific features.
-semver = "1.0.24"
+semver = "1.0.23"
 
 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
 mimalloc = { version = "0.1.43", features = ["secure"], default-features = false, optional = true }
-which = "7.0.1"
+which = "6.0.3"
 
 # Argon2 library with support for the PHC format
 argon2 = "0.5.3"
@@ -170,13 +163,6 @@ argon2 = "0.5.3"
 # Reading a password from the cli for generating the Argon2id ADMIN_TOKEN
 rpassword = "7.3.1"
 
-# Loading a dynamic CSS Stylesheet
-grass_compiler = { version = "0.13.4", default-features = false }
-
-[patch.crates-io]
-# Patch yubico to remove duplicate crates of older versions
-yubico = { git = "https://github.com/BlackDex/yubico-rs", rev = "00df14811f58155c0f02e3ab10f1570ed3e115c6" }
-
 # Strip debuginfo from the release builds
 # The symbols are the provide better panic traces
 # Also enable fat LTO and use 1 codegen unit for optimizations
@@ -227,8 +213,7 @@ noop_method_call = "deny"
 refining_impl_trait = { level = "deny", priority = -1 }
 rust_2018_idioms = { level = "deny", priority = -1 }
 rust_2021_compatibility = { level = "deny", priority = -1 }
-rust_2024_compatibility = { level = "deny", priority = -1 }
-edition_2024_expr_fragment_specifier = "allow" # Once changed to Rust 2024 this should be removed and macro's should be validated again
+# rust_2024_compatibility = { level = "deny", priority = -1 } # Enable once we are at MSRV 1.81.0
 single_use_lifetimes = "deny"
 trivial_casts = "deny"
 trivial_numeric_casts = "deny"
@@ -237,10 +222,9 @@ unused_import_braces = "deny"
 unused_lifetimes = "deny"
 unused_qualifications = "deny"
 variant_size_differences = "deny"
-# Allow the following lints since these cause issues with Rust v1.84.0 or newer
-# Building Vaultwarden with Rust v1.85.0 and edition 2024 also works without issues
-if_let_rescope = "allow"
-tail_expr_drop_order = "allow"
+# The lints below are part of the rust_2024_compatibility group
+static-mut-refs = "deny"
+unsafe-op-in-unsafe-fn = "deny"
 
 # https://rust-lang.github.io/rust-clippy/stable/index.html
 [lints.clippy]

SECURITY.md

@@ -21,7 +21,7 @@ notify us. We welcome working with you to resolve the issue promptly. Thanks in
 The following bug classes are out-of scope:
 
 - Bugs that are already reported on Vaultwarden's issue tracker (https://github.com/dani-garcia/vaultwarden/issues)
-- Bugs that are not part of Vaultwarden, like on the web-vault or mobile and desktop clients. These issues need to be reported in the respective project issue tracker at https://github.com/bitwarden to which we are not associated
+- Bugs that are not part of Vaultwarden, like on the the web-vault or mobile and desktop clients. These issues need to be reported in the respective project issue tracker at https://github.com/bitwarden to which we are not associated
 - Issues in an upstream software dependency (ex: Rust, or External Libraries) which are already reported to the upstream maintainer
 - Attacks requiring physical access to a user's device
 - Issues related to software or protocols not under Vaultwarden's control

docker/DockerSettings.yaml

@@ -1,13 +1,13 @@
 ---
-vault_version: "v2025.1.1"
-vault_image_digest: "sha256:cb6b2095a4afc1d9d243a33f6d09211f40e3d82c7ae829fd025df5ff175a4918"
-# Cross Compile Docker Helper Scripts v1.6.1
+vault_version: "v2024.6.2c"
+vault_image_digest: "sha256:409ab328ca931439cb916b388a4bb784bd44220717aaf74cf71620c23e34fc2b"
+# Cross Compile Docker Helper Scripts v1.5.0
 # We use the linux/amd64 platform shell scripts since there is no difference between the different platform scripts
 # https://github.com/tonistiigi/xx | https://hub.docker.com/r/tonistiigi/xx/tags
-xx_image_digest: "sha256:9c207bead753dda9430bdd15425c6518fc7a03d866103c516a2c6889188f5894"
-rust_version: 1.84.0 # Rust version to be used
+xx_image_digest: "sha256:1978e7a58a1777cb0ef0dde76bad60b7914b21da57cfa88047875e4f364297aa"
+rust_version: 1.82.0 # Rust version to be used
 debian_version: bookworm # Debian release name to be used
-alpine_version: "3.21" # Alpine version to be used
+alpine_version: "3.20" # Alpine version to be used
 # For which platforms/architectures will we try to build images
 platforms: ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
 # Determine the build images per OS/Arch

docker/Dockerfile.alpine

@@ -19,23 +19,23 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2025.1.1
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2025.1.1
-#     [docker.io/vaultwarden/web-vault@sha256:cb6b2095a4afc1d9d243a33f6d09211f40e3d82c7ae829fd025df5ff175a4918]
+#     $ docker pull docker.io/vaultwarden/web-vault:v2024.6.2c
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2024.6.2c
+#     [docker.io/vaultwarden/web-vault@sha256:409ab328ca931439cb916b388a4bb784bd44220717aaf74cf71620c23e34fc2b]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:cb6b2095a4afc1d9d243a33f6d09211f40e3d82c7ae829fd025df5ff175a4918
-#     [docker.io/vaultwarden/web-vault:v2025.1.1]
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:409ab328ca931439cb916b388a4bb784bd44220717aaf74cf71620c23e34fc2b
+#     [docker.io/vaultwarden/web-vault:v2024.6.2c]
 #
-FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:cb6b2095a4afc1d9d243a33f6d09211f40e3d82c7ae829fd025df5ff175a4918 AS vault
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:409ab328ca931439cb916b388a4bb784bd44220717aaf74cf71620c23e34fc2b AS vault
 
 ########################## ALPINE BUILD IMAGES ##########################
 ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
 ## And for Alpine we define all build images here, they will only be loaded when actually used
-FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.84.0 AS build_amd64
-FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.84.0 AS build_arm64
-FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.84.0 AS build_armv7
-FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.84.0 AS build_armv6
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.82.0 AS build_amd64
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.82.0 AS build_arm64
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.82.0 AS build_armv7
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.82.0 AS build_armv6
 
 ########################## BUILD IMAGE ##########################
 # hadolint ignore=DL3006
@@ -76,7 +76,6 @@ RUN source /env-cargo && \
 
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./rust-toolchain.toml ./build.rs ./
-COPY ./macros ./macros
 
 ARG CARGO_PROFILE=release
 
@@ -127,7 +126,7 @@ RUN source /env-cargo && \
 # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
 #
 # We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
-FROM --platform=$TARGETPLATFORM docker.io/library/alpine:3.21
+FROM --platform=$TARGETPLATFORM docker.io/library/alpine:3.20
 
 ENV ROCKET_PROFILE="release" \
     ROCKET_ADDRESS=0.0.0.0 \

docker/Dockerfile.debian

@@ -19,24 +19,24 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2025.1.1
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2025.1.1
-#     [docker.io/vaultwarden/web-vault@sha256:cb6b2095a4afc1d9d243a33f6d09211f40e3d82c7ae829fd025df5ff175a4918]
+#     $ docker pull docker.io/vaultwarden/web-vault:v2024.6.2c
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2024.6.2c
+#     [docker.io/vaultwarden/web-vault@sha256:409ab328ca931439cb916b388a4bb784bd44220717aaf74cf71620c23e34fc2b]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:cb6b2095a4afc1d9d243a33f6d09211f40e3d82c7ae829fd025df5ff175a4918
-#     [docker.io/vaultwarden/web-vault:v2025.1.1]
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:409ab328ca931439cb916b388a4bb784bd44220717aaf74cf71620c23e34fc2b
+#     [docker.io/vaultwarden/web-vault:v2024.6.2c]
 #
-FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:cb6b2095a4afc1d9d243a33f6d09211f40e3d82c7ae829fd025df5ff175a4918 AS vault
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:409ab328ca931439cb916b388a4bb784bd44220717aaf74cf71620c23e34fc2b AS vault
 
 ########################## Cross Compile Docker Helper Scripts ##########################
 ## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts
 ## And these bash scripts do not have any significant difference if at all
-FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:9c207bead753dda9430bdd15425c6518fc7a03d866103c516a2c6889188f5894 AS xx
+FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:1978e7a58a1777cb0ef0dde76bad60b7914b21da57cfa88047875e4f364297aa AS xx
 
 ########################## BUILD IMAGE ##########################
 # hadolint ignore=DL3006
-FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.84.0-slim-bookworm AS build
+FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.82.0-slim-bookworm AS build
 COPY --from=xx / /
 ARG TARGETARCH
 ARG TARGETVARIANT
@@ -116,7 +116,6 @@ RUN source /env-cargo && \
 
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./rust-toolchain.toml ./build.rs ./
-COPY ./macros ./macros
 
 ARG CARGO_PROFILE=release
 

docker/Dockerfile.j2

@@ -143,7 +143,6 @@ RUN source /env-cargo && \
 
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./rust-toolchain.toml ./build.rs ./
-COPY ./macros ./macros
 
 ARG CARGO_PROFILE=release
 

docker/README.md

@@ -46,7 +46,7 @@ There also is an option to use an other docker container to provide support for
 ```bash
 # To install and activate
 docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
-# To uninstall
+# To unistall
 docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
 ```
 

docker/docker-bake.hcl

@@ -17,7 +17,7 @@ variable "SOURCE_REPOSITORY_URL" {
   default = null
 }
 
-// The commit hash of the current commit this build was triggered on
+// The commit hash of of the current commit this build was triggered on
 variable "SOURCE_COMMIT" {
   default = null
 }

dylint.toml

@@ -0,0 +1,2 @@
+[workspace.metadata.dylint]
+libraries = [{ path = "dylints/*" }]

dylints/README.md

@@ -0,0 +1,7 @@
+# How to run Lints
+
+```sh
+cargo install cargo-dylint dylint-link
+
+RUSTFLAGS="-Aunreachable_patterns" cargo dylint --all -- --features sqlite
+```

dylints/non_authenticated_routes/.cargo/config.toml

@@ -0,0 +1,2 @@
+[target.'cfg(all())']
+linker = "dylint-link"

dylints/non_authenticated_routes/.gitignore

@@ -0,0 +1 @@
+/target

dylints/non_authenticated_routes/Cargo.toml

@@ -0,0 +1,20 @@
+[package]
+name = "non_authenticated_routes"
+version = "0.1.0"
+authors = ["authors go here"]
+description = "description goes here"
+edition = "2021"
+publish = false
+
+[lib]
+crate-type = ["cdylib"]
+
+[dependencies]
+clippy_utils = { git = "https://github.com/rust-lang/rust-clippy", rev = "4f0e46b74dbc8441daf084b6f141a7fe414672a2" }
+dylint_linting = "3.2.1"
+
+[dev-dependencies]
+dylint_testing = "3.2.1"
+
+[package.metadata.rust-analyzer]
+rustc_private = true

dylints/non_authenticated_routes/rust-toolchain

@@ -0,0 +1,3 @@
+[toolchain]
+channel = "nightly-2024-11-09"
+components = ["llvm-tools-preview", "rustc-dev"]

dylints/non_authenticated_routes/src/lib.rs

@@ -0,0 +1,167 @@
+#![feature(rustc_private)]
+#![feature(let_chains)]
+
+extern crate rustc_arena;
+extern crate rustc_ast;
+extern crate rustc_ast_pretty;
+extern crate rustc_attr;
+extern crate rustc_data_structures;
+extern crate rustc_errors;
+extern crate rustc_hir;
+extern crate rustc_hir_pretty;
+extern crate rustc_index;
+extern crate rustc_infer;
+extern crate rustc_lexer;
+extern crate rustc_middle;
+extern crate rustc_mir_dataflow;
+extern crate rustc_parse;
+extern crate rustc_span;
+extern crate rustc_target;
+extern crate rustc_trait_selection;
+
+use clippy_utils::diagnostics::span_lint;
+use rustc_hir::{def_id::DefId, Item, ItemKind, QPath, TyKind};
+use rustc_lint::{LateContext, LateLintPass};
+use rustc_span::{symbol::Ident, Span, Symbol};
+
+dylint_linting::impl_late_lint! {
+    /// ### What it does
+    ///
+    /// ### Why is this bad?
+    ///
+    /// ### Known problems
+    /// Remove if none.
+    ///
+    /// ### Example
+    /// ```rust
+    /// // example code where a warning is issued
+    /// ```
+    /// Use instead:
+    /// ```rust
+    /// // example code that does not raise a warning
+    /// ```
+    pub NON_AUTHENTICATED_ROUTES,
+    Warn,
+    "description goes here",
+    NonAuthenticatedRoutes::default()
+}
+
+#[derive(Default)]
+pub struct NonAuthenticatedRoutes {
+    last_function_item: Option<(Ident, Span, bool)>,
+}
+
+// Collect all the attribute macros that are applied to the given span
+fn attr_def_ids(mut span: rustc_span::Span) -> Vec<(DefId, Symbol, Option<DefId>)> {
+    use rustc_span::hygiene::{walk_chain, ExpnKind, MacroKind};
+    use rustc_span::{ExpnData, SyntaxContext};
+
+    let mut def_ids = Vec::new();
+    while span.ctxt() != SyntaxContext::root() {
+        if let ExpnData {
+            kind: ExpnKind::Macro(MacroKind::Attr, macro_symbol),
+            macro_def_id: Some(def_id),
+            parent_module,
+            ..
+        } = span.ctxt().outer_expn_data()
+        {
+            def_ids.push((def_id, macro_symbol, parent_module));
+        }
+        span = walk_chain(span, SyntaxContext::root());
+    }
+    def_ids
+}
+
+const ROCKET_MACRO_EXCEPTIONS: [(&str, &str); 1] = [("rocket::catch", "catch")];
+
+const VALID_AUTH_HEADERS: [&str; 6] = [
+    "auth::Headers",
+    "auth::OrgHeaders",
+    "auth::AdminHeaders",
+    "auth::ManagerHeaders",
+    "auth::ManagerHeadersLoose",
+    "auth::OwnerHeaders",
+];
+
+impl<'tcx> LateLintPass<'tcx> for NonAuthenticatedRoutes {
+    fn check_item(&mut self, cx: &LateContext<'tcx>, item: &'tcx Item) {
+        if let ItemKind::Fn(sig, ..) = item.kind {
+            let mut has_auth_headers = false;
+
+            for input in sig.decl.inputs {
+                let TyKind::Path(QPath::Resolved(_, path)) = input.kind else {
+                    continue;
+                };
+
+                for seg in path.segments {
+                    if let Some(def_id) = seg.res.opt_def_id() {
+                        let def = cx.tcx.def_path_str(def_id);
+                        if VALID_AUTH_HEADERS.contains(&def.as_str()) {
+                            has_auth_headers = true;
+                        }
+                    }
+                }
+            }
+
+            self.last_function_item = Some((item.ident, sig.span, has_auth_headers));
+            return;
+        }
+
+        let ItemKind::Struct(_data, _generics) = item.kind else {
+            return;
+        };
+
+        let def_ids = attr_def_ids(item.span);
+
+        let mut is_rocket_route = false;
+
+        for (def_id, sym, parent) in &def_ids {
+            let def_id = cx.tcx.def_path_str(*def_id);
+            let sym = sym.as_str();
+            let parent = parent.map(|parent| cx.tcx.def_path_str(parent));
+
+            if ROCKET_MACRO_EXCEPTIONS.contains(&(&def_id, sym)) {
+                is_rocket_route = false;
+                break;
+            }
+
+            if def_id.starts_with("rocket::") || parent.as_deref() == Some("rocket_codegen") {
+                is_rocket_route = true;
+                break;
+            }
+        }
+
+        if !is_rocket_route {
+            return;
+        }
+
+        let Some((func_ident, func_span, has_auth_headers)) = self.last_function_item.take() else {
+            span_lint(cx, NON_AUTHENTICATED_ROUTES, item.span, "No function found before the expanded route");
+            return;
+        };
+
+        if func_ident != item.ident {
+            span_lint(
+                cx,
+                NON_AUTHENTICATED_ROUTES,
+                item.span,
+                "The function before the expanded route does not match the route",
+            );
+            return;
+        }
+
+        if !has_auth_headers {
+            span_lint(
+                cx,
+                NON_AUTHENTICATED_ROUTES,
+                func_span,
+                "This Rocket route does not have any authentication headers",
+            );
+        }
+    }
+}
+
+#[test]
+fn ui() {
+    dylint_testing::ui_test(env!("CARGO_PKG_NAME"), "ui");
+}

dylints/non_authenticated_routes/ui/main.rs

@@ -0,0 +1 @@
+fn main() {}

macros/Cargo.toml

@@ -1,13 +0,0 @@
-[package]
-name = "macros"
-version = "0.1.0"
-edition = "2021"
-
-[lib]
-name = "macros"
-path = "src/lib.rs"
-proc-macro = true
-
-[dependencies]
-quote = "1.0.38"
-syn = "2.0.94"

macros/src/lib.rs

@@ -1,58 +0,0 @@
-extern crate proc_macro;
-
-use proc_macro::TokenStream;
-use quote::quote;
-
-#[proc_macro_derive(UuidFromParam)]
-pub fn derive_uuid_from_param(input: TokenStream) -> TokenStream {
-    let ast = syn::parse(input).unwrap();
-
-    impl_derive_uuid_macro(&ast)
-}
-
-fn impl_derive_uuid_macro(ast: &syn::DeriveInput) -> TokenStream {
-    let name = &ast.ident;
-    let gen = quote! {
-        #[automatically_derived]
-        impl<'r> rocket::request::FromParam<'r> for #name {
-            type Error = ();
-
-            #[inline(always)]
-            fn from_param(param: &'r str) -> Result<Self, Self::Error> {
-                if uuid::Uuid::parse_str(param).is_ok() {
-                    Ok(Self(param.to_string()))
-                } else {
-                    Err(())
-                }
-            }
-        }
-    };
-    gen.into()
-}
-
-#[proc_macro_derive(IdFromParam)]
-pub fn derive_id_from_param(input: TokenStream) -> TokenStream {
-    let ast = syn::parse(input).unwrap();
-
-    impl_derive_safestring_macro(&ast)
-}
-
-fn impl_derive_safestring_macro(ast: &syn::DeriveInput) -> TokenStream {
-    let name = &ast.ident;
-    let gen = quote! {
-        #[automatically_derived]
-        impl<'r> rocket::request::FromParam<'r> for #name {
-            type Error = ();
-
-            #[inline(always)]
-            fn from_param(param: &'r str) -> Result<Self, Self::Error> {
-                if param.chars().all(|c| matches!(c, 'a'..='z' | 'A'..='Z' |'0'..='9' | '-')) {
-                    Ok(Self(param.to_string()))
-                } else {
-                    Err(())
-                }
-            }
-        }
-    };
-    gen.into()
-}

migrations/mysql/2025-01-09-172300_add_manage/up.sql

@@ -1,5 +0,0 @@
-ALTER TABLE users_collections
-ADD COLUMN manage BOOLEAN NOT NULL DEFAULT FALSE;
-
-ALTER TABLE collections_groups
-ADD COLUMN manage BOOLEAN NOT NULL DEFAULT FALSE;

migrations/postgresql/2025-01-09-172300_add_manage/up.sql

@@ -1,5 +0,0 @@
-ALTER TABLE users_collections
-ADD COLUMN manage BOOLEAN NOT NULL DEFAULT FALSE;
-
-ALTER TABLE collections_groups
-ADD COLUMN manage BOOLEAN NOT NULL DEFAULT FALSE;