Update crates, web-vault and GHA (#4275)

- Update GitHub Actions - Updated crates - Updated web-vault to v2024.1.2
2025-05-17 10:15:12 +00:00 · 2024-01-26 20:19:53 +01:00
parent 1b801406d6
commit 1d00e34bbb
7 changed files with 112 additions and 112 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -106,7 +106,7 @@ jobs:
      # End Show environment

      # Enable Rust Caching
-      - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0
+      - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
        with:
          # Use a custom prefix-key to force a fresh start. This is sometimes needed with bigger changes.
          # Like changing the build host from Ubuntu 20.04 to 22.04 for example.
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@ -28,7 +28,7 @@ jobs:
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1

      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # v0.14.0
+        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1
        with:
          scan-type: repo
          ignore-unfixed: true
@ -37,6 +37,6 @@ jobs:
          severity: CRITICAL,HIGH

      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@bad341350a2f5616f9e048e51360cedc49181ce8 # v2.22.4
+        uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
        with:
          sarif_file: 'trivy-results.sarif'
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -86,10 +86,10 @@ rand = { version = "0.8.5", features = ["small_rng"] }
 ring = "0.17.7"

 # UUID generation
-uuid = { version = "1.6.1", features = ["v4"] }
+uuid = { version = "1.7.0", features = ["v4"] }

 # Date and time libraries
-chrono = { version = "0.4.31", features = ["clock", "serde"], default-features = false }
+chrono = { version = "0.4.33", features = ["clock", "serde"], default-features = false }
 chrono-tz = "0.8.5"
 time = "0.3.31"

@ -120,26 +120,26 @@ percent-encoding = "2.3.1" # URL encoding library used for URL's in the emails
 email_address = "0.2.4"

 # HTML Template library
-handlebars = { version = "5.0.0", features = ["dir_source"] }
+handlebars = { version = "5.1.1", features = ["dir_source"] }

 # HTTP client (Used for favicons, version check, DUO and HIBP API)
 reqwest = { version = "0.11.23", features = ["stream", "json", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] }

 # Favicon extraction libraries
 html5gum = "0.5.7"
-regex = { version = "1.10.2", features = ["std", "perf", "unicode-perl"], default-features = false }
+regex = { version = "1.10.3", features = ["std", "perf", "unicode-perl"], default-features = false }
 data-url = "0.3.1"
 bytes = "1.5.0"

 # Cache function results (Used for version check and favicon fetching)
-cached = { version = "0.47.0", features = ["async"] }
+cached = { version = "0.48.1", features = ["async"] }

 # Used for custom short lived cookie jar during favicon extraction
 cookie = "0.16.2"
 cookie_store = "0.19.1"

 # Used by U2F, JWT and PostgreSQL
-openssl = "0.10.62"
+openssl = "0.10.63"

 # CLI argument parsing
 pico-args = "0.5.0"
@ -154,10 +154,10 @@ semver = "1.0.21"
 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
 mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true }
-which = "5.0.0"
+which = "6.0.0"

 # Argon2 library with support for the PHC format
-argon2 = "0.5.2"
+argon2 = "0.5.3"

 # Reading a password from the cli for generating the Argon2id ADMIN_TOKEN
 rpassword = "7.3.1"
--- a/docker/DockerSettings.yaml
+++ b/docker/DockerSettings.yaml
@ -1,6 +1,6 @@
 ---
-vault_version: "v2023.12.0"
-vault_image_digest: "sha256:cb8e27c241e474d1c162e0fc1909ba0c33f20cf44464d96356e62fdf1afb7eca"
+vault_version: "v2024.1.2"
+vault_image_digest: "sha256:ac07a71cbcd199e3c9a0639c04234ba2f1ba16cfa2a45b08a7ae27eb82f8e13b"
 # Cross Compile Docker Helper Scripts v1.3.0
 # We use the linux/amd64 platform shell scripts since there is no difference between the different platform scripts
 xx_image_digest: "sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc"
--- a/docker/Dockerfile.alpine
+++ b/docker/Dockerfile.alpine
@ -18,15 +18,15 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.12.0
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.12.0
-#     [docker.io/vaultwarden/web-vault@sha256:cb8e27c241e474d1c162e0fc1909ba0c33f20cf44464d96356e62fdf1afb7eca]
+#     $ docker pull docker.io/vaultwarden/web-vault:v2024.1.2
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2024.1.2
+#     [docker.io/vaultwarden/web-vault@sha256:ac07a71cbcd199e3c9a0639c04234ba2f1ba16cfa2a45b08a7ae27eb82f8e13b]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:cb8e27c241e474d1c162e0fc1909ba0c33f20cf44464d96356e62fdf1afb7eca
-#     [docker.io/vaultwarden/web-vault:v2023.12.0]
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ac07a71cbcd199e3c9a0639c04234ba2f1ba16cfa2a45b08a7ae27eb82f8e13b
+#     [docker.io/vaultwarden/web-vault:v2024.1.2]
 #
-FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:cb8e27c241e474d1c162e0fc1909ba0c33f20cf44464d96356e62fdf1afb7eca as vault
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ac07a71cbcd199e3c9a0639c04234ba2f1ba16cfa2a45b08a7ae27eb82f8e13b as vault

 ########################## ALPINE BUILD IMAGES ##########################
 ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
--- a/docker/Dockerfile.debian
+++ b/docker/Dockerfile.debian
@ -18,15 +18,15 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.12.0
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.12.0
-#     [docker.io/vaultwarden/web-vault@sha256:cb8e27c241e474d1c162e0fc1909ba0c33f20cf44464d96356e62fdf1afb7eca]
+#     $ docker pull docker.io/vaultwarden/web-vault:v2024.1.2
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2024.1.2
+#     [docker.io/vaultwarden/web-vault@sha256:ac07a71cbcd199e3c9a0639c04234ba2f1ba16cfa2a45b08a7ae27eb82f8e13b]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:cb8e27c241e474d1c162e0fc1909ba0c33f20cf44464d96356e62fdf1afb7eca
-#     [docker.io/vaultwarden/web-vault:v2023.12.0]
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ac07a71cbcd199e3c9a0639c04234ba2f1ba16cfa2a45b08a7ae27eb82f8e13b
+#     [docker.io/vaultwarden/web-vault:v2024.1.2]
 #
-FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:cb8e27c241e474d1c162e0fc1909ba0c33f20cf44464d96356e62fdf1afb7eca as vault
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ac07a71cbcd199e3c9a0639c04234ba2f1ba16cfa2a45b08a7ae27eb82f8e13b as vault

 ########################## Cross Compile Docker Helper Scripts ##########################
 ## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts