MyFavMirrors/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-01-29 07:26:02 -05:00
Code Issues Packages Projects Releases Wiki Activity
vaultwarden/Cargo.lock

4674 lines
112 KiB
Plaintext
Raw Normal View History

Update deps and fix email check
2019-02-12 15:01:02 +01:00
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = 4
Update dependencies and web vault
2021-02-24 20:25:22 +01:00
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
[[package]]
name = "addr2line"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.24.2"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
dependencies = [
"gimli",
]
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
[[package]]
name = "adler2"
version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "ahash"
Update crates
2024-03-17 14:25:49 +01:00
version = "0.8.11"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates
2024-03-17 14:25:49 +01:00
checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
"cfg-if",
"once_cell",
"version_check",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"zerocopy",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "aho-corasick"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
version = "1.1.3"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"memchr",
First working version
2018-02-10 01:00:55 +01:00
]
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
[[package]]
name = "alloc-no-stdlib"
Update libraries and Rust version - Updated to Rust v1.64.0 - Updated all libararies - Updated multer-rs to be based upon the latest version - Updated Dockerfiles to match the Rust version
2022-09-22 21:30:34 +02:00
version = "2.0.4"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update libraries and Rust version - Updated to Rust v1.64.0 - Updated all libararies - Updated multer-rs to be based upon the latest version - Updated Dockerfiles to match the Rust version
2022-09-22 21:30:34 +02:00
checksum = "cc7bb162ec39d46ab1ca8c77bf72e890535becd1751bb45f64c597edb4c8c6b3"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
[[package]]
name = "alloc-stdlib"
Update libraries and Rust version - Updated to Rust v1.64.0 - Updated all libararies - Updated multer-rs to be based upon the latest version - Updated Dockerfiles to match the Rust version
2022-09-22 21:30:34 +02:00
version = "0.2.2"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update libraries and Rust version - Updated to Rust v1.64.0 - Updated all libararies - Updated multer-rs to be based upon the latest version - Updated Dockerfiles to match the Rust version
2022-09-22 21:30:34 +02:00
checksum = "94fb8275041c72129eb51b7d0322c29b8387a0386127718b096429201a5d6ece"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
dependencies = [
"alloc-no-stdlib",
]
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "allocator-api2"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.2.21"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
Update Rust and Crates
2023-06-03 17:04:45 -04:00
[[package]]
name = "android-tzdata"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
Update web vault to 2022.8.1 and cargo dependencies
2022-09-04 23:18:27 +02:00
[[package]]
name = "android_system_properties"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
dependencies = [
"libc",
]
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
[[package]]
name = "argon2"
Update crates, web-vault and GHA (#4275) - Update GitHub Actions - Updated crates - Updated web-vault to v2024.1.2
2024-01-26 20:19:53 +01:00
version = "0.5.3"
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4275) - Update GitHub Actions - Updated crates - Updated web-vault to v2024.1.2
2024-01-26 20:19:53 +01:00
checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072"
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
dependencies = [
"base64ct",
"blake2",
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
"cpufeatures",
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
"password-hash",
]
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "async-channel"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
version = "1.9.0"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
checksum = "81953c529336010edd6d8e358f886d9581267795c61b19475b71314bffa46d35"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
dependencies = [
"concurrent-queue",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"event-listener 2.5.3",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"futures-core",
]
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
[[package]]
name = "async-channel"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "2.3.1"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "89b47800b0be77592da0afd425cc03468052844aff33b84e33cc696f64e77b6a"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
dependencies = [
"concurrent-queue",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"event-listener-strategy",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"futures-core",
"pin-project-lite",
]
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
[[package]]
name = "async-compression"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.4.18"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "df895a515f70646414f4b45c0b79082783b80552b373a68283012928df56f522"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
dependencies = [
"brotli",
"flate2",
"futures-core",
"memchr",
"pin-project-lite",
"tokio",
]
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "async-executor"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
version = "1.13.1"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
checksum = "30ca9a001c1e8ba5149f91a74362376cc6bc5b919d92d988668657bd570bdcec"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
dependencies = [
"async-task",
"concurrent-queue",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"fastrand",
"futures-lite",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"slab",
]
[[package]]
name = "async-global-executor"
Update crates (#4173) Update all crates instead of only the zerocopy from dependabot. Closes #4170
2023-12-18 21:45:54 +01:00
version = "2.4.1"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4173) Update all crates instead of only the zerocopy from dependabot. Closes #4170
2023-12-18 21:45:54 +01:00
checksum = "05b1b633a2115cd122d73b955eadd9916c18c8f510ec9cd1686404c60ad1c29c"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
dependencies = [
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
"async-channel 2.3.1",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"async-executor",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"async-io",
"async-lock",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"blocking",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"futures-lite",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"once_cell",
]
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
[[package]]
name = "async-io"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "2.4.0"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "43a2b323ccce0a1d90b449fd71f2a06ca7faa7c54c2751f06c9bd851fc061059"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
dependencies = [
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"async-lock",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"cfg-if",
"concurrent-queue",
"futures-io",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"futures-lite",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"parking",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"polling",
"rustix",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"slab",
"tracing",
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
"windows-sys 0.59.0",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
]
[[package]]
name = "async-lock"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
version = "3.4.0"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
checksum = "ff6e472cdea888a4bd64f342f09b3f50e1886d32afe8df3d663c01140b811b18"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
dependencies = [
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
"event-listener 5.4.0",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"event-listener-strategy",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"pin-project-lite",
]
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "async-process"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
version = "2.3.0"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
checksum = "63255f1dc2381611000436537bbedfe83183faa303a5a0edaf191edef06526bb"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
dependencies = [
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"async-channel 2.3.1",
"async-io",
"async-lock",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"async-signal",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"async-task",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"blocking",
"cfg-if",
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
"event-listener 5.4.0",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"futures-lite",
"rustix",
"tracing",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
]
[[package]]
name = "async-signal"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
version = "0.2.10"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
checksum = "637e00349800c0bdf8bfc21ebbc0b6524abea702b0da4168ac00d070d0c0b9f3"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"async-io",
"async-lock",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"atomic-waker",
"cfg-if",
"futures-core",
"futures-io",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"rustix",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"signal-hook-registry",
"slab",
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
"windows-sys 0.59.0",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
]
[[package]]
name = "async-std"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
version = "1.13.0"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
checksum = "c634475f29802fde2b8f0b505b1bd00dfe4df7d4a000f0b36f7671197d5c3615"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
dependencies = [
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"async-channel 1.9.0",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"async-global-executor",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"async-io",
"async-lock",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"async-process",
"crossbeam-utils",
"futures-channel",
"futures-core",
"futures-io",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"futures-lite",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"gloo-timers",
"kv-log-macro",
"log",
"memchr",
"once_cell",
"pin-project-lite",
"pin-utils",
"slab",
"wasm-bindgen-futures",
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "async-stream"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.6"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "0b5a71a6f37880a80d1d7f19efd781e4b5de42c88f0722cc13bcb6cc2cfe8476"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"async-stream-impl",
"futures-core",
Update web vault to v2023.2.0 and dependencies
2023-02-21 22:48:20 +01:00
"pin-project-lite",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
]
[[package]]
name = "async-stream-impl"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.6"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
]
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "async-task"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "4.7.1"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "8b75356056920673b02621b35afd0f7dda9306d03c79a30f5c56c44cf256e3de"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
[[package]]
name = "async-trait"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "0.1.85"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "3f934833b4b7233644e5848f235df3f57ed8c80f1528a26c3dfa13d2147fa056"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
]
[[package]]
name = "atomic"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
version = "0.5.3"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
checksum = "c59bdb34bc650a32731b31bd8f0829cc15d24a708ee31559e0bb34f2bc320cba"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "atomic"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d818003e740b63afc82337e3160717f4f63078720a810b7b903e70a5d1d2994"
dependencies = [
"bytemuck",
]
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "atomic-waker"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
version = "1.1.2"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
Update dependencies
2020-01-10 16:22:37 +01:00
[[package]]
name = "autocfg"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "1.4.0"
Update dependencies
2020-01-10 16:22:37 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
Update dependencies
2020-01-10 16:22:37 +01:00
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
[[package]]
name = "backtrace"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
version = "0.3.74"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
dependencies = [
"addr2line",
"cfg-if",
"libc",
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
"miniz_oxide",
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
"object",
"rustc-demangle",
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
"windows-targets 0.52.6",
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
]
Updated dependencies
2020-10-15 23:44:35 +02:00
[[package]]
name = "base64"
Update dependencies
2022-10-26 21:42:12 +02:00
version = "0.13.1"
Updated dependencies
2020-10-15 23:44:35 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update dependencies
2022-10-26 21:42:12 +02:00
checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
Updated dependencies
2020-10-15 23:44:35 +02:00
Update Rust to v1.66.1 to patch CVE This PR sets Rust to v1.66.1 to fix a CVE. https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html Also updated some packages while at it.
2023-01-12 09:45:52 +01:00
[[package]]
name = "base64"
Update crates and fix icon issue (#4237) - Fix icon download issue by removing the deflate feature - Updated all the crates - Updated Handlebars code Fixes #4224
2024-01-12 20:44:37 +01:00
version = "0.21.7"
Update Rust to v1.66.1 to patch CVE This PR sets Rust to v1.66.1 to fix a CVE. https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html Also updated some packages while at it.
2023-01-12 09:45:52 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix icon issue (#4237) - Fix icon download issue by removing the deflate feature - Updated all the crates - Updated Handlebars code Fixes #4224
2024-01-12 20:44:37 +01:00
checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
Update Rust to v1.66.1 to patch CVE This PR sets Rust to v1.66.1 to fix a CVE. https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html Also updated some packages while at it.
2023-01-12 09:45:52 +01:00
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
[[package]]
name = "base64"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "0.22.1"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
[[package]]
name = "base64ct"
version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
Improve file limit handling (#4242) * Improve file limit handling * Oops * Update PostgreSQL migration * Review comments --------- Co-authored-by: BlackDex <black.dex@gmail.com>
2024-01-27 02:43:26 +01:00
[[package]]
name = "bigdecimal"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "0.4.7"
Improve file limit handling (#4242) * Improve file limit handling * Oops * Update PostgreSQL migration * Review comments --------- Co-authored-by: BlackDex <black.dex@gmail.com>
2024-01-27 02:43:26 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "7f31f3af01c5c65a07985c804d3366560e6fa7883d640a122819b14ec327482c"
Improve file limit handling (#4242) * Improve file limit handling * Oops * Update PostgreSQL migration * Review comments --------- Co-authored-by: BlackDex <black.dex@gmail.com>
2024-01-27 02:43:26 +01:00
dependencies = [
"autocfg",
"libm",
"num-bigint",
"num-integer",
"num-traits",
]
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
[[package]]
name = "binascii"
version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "383d29d513d8764dcdc42ea295d979eb99c3c9f00607b3692cf68a431f7dca72"
Some small fixes and updates - Updated workflows to use new checkout version This probably fixes the curl download for hadolint also. - Updated crates including Rocket to the latest rc3 :party: - Applied 2 nightly clippy lints to prevent future clippy issues.
2023-03-24 22:07:50 +01:00
[[package]]
name = "bitflags"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "2.8.0"
Some small fixes and updates - Updated workflows to use new checkout version This probably fixes the curl download for hadolint also. - Updated crates including Rocket to the latest rc3 :party: - Applied 2 nightly clippy lints to prevent future clippy issues.
2023-03-24 22:07:50 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36"
Some small fixes and updates - Updated workflows to use new checkout version This probably fixes the curl download for hadolint also. - Updated crates including Rocket to the latest rc3 :party: - Applied 2 nightly clippy lints to prevent future clippy issues.
2023-03-24 22:07:50 +01:00
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
[[package]]
name = "blake2"
version = "0.10.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
dependencies = [
"digest",
]
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
[[package]]
name = "block-buffer"
Update Rust, MSRV and Crates - Updated all the crates - Updated Rust and MSRV
2023-03-15 20:41:12 +01:00
version = "0.10.4"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, MSRV and Crates - Updated all the crates - Updated Rust and MSRV
2023-03-15 20:41:12 +01:00
checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
dependencies = [
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
"generic-array",
First working version
2018-02-10 01:00:55 +01:00
]
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "blocking"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
version = "1.6.1"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
checksum = "703f41c54fc768e63e091340b424302bb1c29ef4aa0c7f10fe849dfb114d29ea"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
dependencies = [
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
"async-channel 2.3.1",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"async-task",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"futures-io",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"futures-lite",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"piper",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
]
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
[[package]]
name = "brotli"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "7.0.0"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "cc97b8f16f944bba54f0433f07e30be199b6dc2bd25937444bbad560bcea29bd"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
dependencies = [
"alloc-no-stdlib",
"alloc-stdlib",
"brotli-decompressor",
]
[[package]]
name = "brotli-decompressor"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "4.0.2"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "74fa05ad7d803d413eb8380983b092cbbaf9a85f151b871360e7b00cd7060b37"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
dependencies = [
"alloc-no-stdlib",
"alloc-stdlib",
]
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "bumpalo"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
version = "3.16.0"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "bytemuck"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "1.21.0"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "ef657dfab802224e671f5818e9a4935f9b1957ed18e58292690cc39e7a4092a3"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "byteorder"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
version = "1.5.0"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
First working version
2018-02-10 01:00:55 +01:00
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
[[package]]
name = "bytes"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "1.9.0"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
[[package]]
name = "cached"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "0.54.0"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "9718806c4a2fe9e8a56fd736f97b340dd10ed1be8ed733ed50449f351dc33cae"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
dependencies = [
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"ahash",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"async-trait",
"cached_proc_macro",
"cached_proc_macro_types",
"futures",
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
"hashbrown 0.14.5",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"once_cell",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"thiserror 1.0.69",
Update login API code - Updated jsonwebtoken to latest version - Trim `username` received from the login form ( Fixes #2348 ) - Make uuid and user_uuid a combined primary key for the devices table ( Fixes #2295 ) - Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html )
2022-03-03 21:00:10 +01:00
"tokio",
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
"web-time",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
]
[[package]]
name = "cached_proc_macro"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
version = "0.23.0"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
checksum = "2f42a145ed2d10dce2191e1dcf30cfccfea9026660e143662ba5eec4017d5daa"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
dependencies = [
"darling",
Update dependencies and MSRV - Updated dependencies. This includes a janked openssl crate version we currently use. - Updated MSRV to v1.61.0 because hashbrown/cached has this version restriction.
2023-01-09 16:49:26 +01:00
"proc-macro2",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
]
[[package]]
name = "cached_proc_macro_types"
Update crates, web-vault and GHA (#4275) - Update GitHub Actions - Updated crates - Updated web-vault to v2024.1.2
2024-01-26 20:19:53 +01:00
version = "0.1.1"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4275) - Update GitHub Actions - Updated crates - Updated web-vault to v2024.1.2
2024-01-26 20:19:53 +01:00
checksum = "ade8366b8bd5ba243f0a58f036cc0ca8a2f069cff1a2351ef1cac6b083e16fc0"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "cc"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "1.2.10"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "13208fcbb66eaeffe09b99fffbe1af420f00a7b35aa99ad683dfc1aa76145229"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
dependencies = [
"shlex",
]
First working version
2018-02-10 01:00:55 +01:00
Updated dependencies
2020-10-15 23:44:35 +02:00
[[package]]
name = "cfg-if"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "chrono"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "0.4.39"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update Rust and Crates
2023-06-03 17:04:45 -04:00
"android-tzdata",
Update web vault to 2022.8.1 and cargo dependencies
2022-09-04 23:18:27 +02:00
"iana-time-zone",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"num-traits",
Update dependencies and enable serde integration for chrono
2021-03-13 22:02:11 +01:00
"serde",
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
"windows-targets 0.52.6",
First working version
2018-02-10 01:00:55 +01:00
]
Use local time in email notifications for new device logins In this implementation, the `TZ` environment variable must be set in order for the formatted output to use a more user-friendly time zone abbreviation (e.g., `UTC`). Otherwise, the output uses the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
[[package]]
name = "chrono-tz"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.10.1"
Use local time in email notifications for new device logins In this implementation, the `TZ` environment variable must be set in order for the formatted output to use a more user-friendly time zone abbreviation (e.g., `UTC`). Otherwise, the output uses the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "9c6ac4f2c0bf0f44e9161aec9675e1050aa4a530663c4a9e37e108fa948bca9f"
Use local time in email notifications for new device logins In this implementation, the `TZ` environment variable must be set in order for the formatted output to use a more user-friendly time zone abbreviation (e.g., `UTC`). Otherwise, the output uses the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
dependencies = [
"chrono",
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
"chrono-tz-build",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"phf",
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
]
[[package]]
name = "chrono-tz-build"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
version = "0.4.0"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
checksum = "e94fea34d77a245229e7746bd2beb786cd2a896f306ff491fb8cecb3074b10a7"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
dependencies = [
Use local time in email notifications for new device logins In this implementation, the `TZ` environment variable must be set in order for the formatted output to use a more user-friendly time zone abbreviation (e.g., `UTC`). Otherwise, the output uses the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
"parse-zoneinfo",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"phf_codegen",
Use local time in email notifications for new device logins In this implementation, the `TZ` environment variable must be set in order for the formatted output to use a more user-friendly time zone abbreviation (e.g., `UTC`). Otherwise, the output uses the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
]
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "chumsky"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
version = "0.9.3"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
checksum = "8eebd66744a15ded14960ab4ccdbfb51ad3b81f51f3f04a80adac98c985396c9"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
"hashbrown 0.14.5",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"stacker",
]
Add dynamic CSS support (#4940) * Add dynamic CSS support Together with https://github.com/dani-garcia/bw_web_builds/pull/180 this PR will add support for dynamic CSS changes. For example, we could hide the register link if signups are not allowed. In the future show or hide the SSO button depending on if it is enabled or not. There also is a special `user.vaultwarden.scss` file so that users can add custom CSS without the need to modify the default (static) changes. This will prevent future changes from not being applied and still have the custom user changes to be added. Also added a special redirect when someone goes directly to `/index.html` as that might cause issues with loading other scripts and files. Signed-off-by: BlackDex <black.dex@gmail.com> * Add versions and fallback to built-in - Add both Vaultwarden and web-vault versions to the css_options. - Fallback to the inner templates if rendering or compiling the scss fails. This ensures the basics are always working even if someone breaks the templates. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix fallback code to actually work The fallback now works by using an alternative `reg!` macro. This adds an extra template register which prefixes the template with `fallback_`. Signed-off-by: BlackDex <black.dex@gmail.com> * Updated the wiki link in the user template --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-11 20:14:04 +01:00
[[package]]
name = "codemap"
version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9e769b5c8c8283982a987c6e948e540254f1058d5a74b8794914d4ef5fc2a24"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "concurrent-queue"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
version = "2.5.0"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
dependencies = [
"crossbeam-utils",
]
Some small fixes and updates - Updated workflows to use new checkout version This probably fixes the curl download for hadolint also. - Updated crates including Rocket to the latest rc3 :party: - Applied 2 nightly clippy lints to prevent future clippy issues.
2023-03-24 22:07:50 +01:00
[[package]]
name = "cookie"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
version = "0.18.1"
Some small fixes and updates - Updated workflows to use new checkout version This probably fixes the curl download for hadolint also. - Updated crates including Rocket to the latest rc3 :party: - Applied 2 nightly clippy lints to prevent future clippy issues.
2023-03-24 22:07:50 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747"
Some small fixes and updates - Updated workflows to use new checkout version This probably fixes the curl download for hadolint also. - Updated crates including Rocket to the latest rc3 :party: - Applied 2 nightly clippy lints to prevent future clippy issues.
2023-03-24 22:07:50 +01:00
dependencies = [
"percent-encoding",
Update to diesel2
2022-05-20 23:39:47 +02:00
"time",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"version_check",
Updated icon fetching and crates. - Updated some crates - Updated icon fetching code: + Use a cookie jar and set Max-Age to 2 minutes for all cookies + Locate the base href tag to fix some locations + Changed User-Agent (Helps on some sites to get HTML instead of JS) + Reduced HTML code limit from 512KB to 384KB + Allow some large icons higer-up in the sort + Allow GIF images + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
]
Update crates
2024-03-17 14:25:49 +01:00
[[package]]
name = "cookie_store"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "0.21.1"
Update crates
2024-03-17 14:25:49 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "2eac901828f88a5241ee0600950ab981148a18f2f756900ffba1b125ca6a3ef9"
Update crates
2024-03-17 14:25:49 +01:00
dependencies = [
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"cookie",
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
"document-features",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"idna",
Update crates
2024-03-17 14:25:49 +01:00
"log",
"publicsuffix",
"serde",
"serde_derive",
"serde_json",
"time",
"url",
]
Updated dependencies
2018-09-19 21:43:03 +02:00
[[package]]
name = "core-foundation"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
version = "0.9.4"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
Updated dependencies
2018-09-19 21:43:03 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"core-foundation-sys",
"libc",
Updated dependencies
2018-09-19 21:43:03 +02:00
]
[[package]]
name = "core-foundation-sys"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
version = "0.8.7"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
Updated dependencies
2018-09-19 21:43:03 +02:00
Update dependencies
2021-02-06 16:49:28 +01:00
[[package]]
Updated branding, email and crates - Updated branding for admin and emails - Updated crates and some deprications - Removed newline-converter because this is built-in into lettre - Updated email templates to use a shared header and footer template - Also trigger SMTP SSL When TLS is selected without SSL Resolves #1641
2021-05-08 17:46:31 +02:00
name = "cpufeatures"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.2.16"
Update dependencies
2021-02-06 16:49:28 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "16b80225097f2e5ae4e7179dd2266824648f3e2f49d9134d584b76389d31c4c3"
Updated branding, email and crates - Updated branding for admin and emails - Updated crates and some deprications - Removed newline-converter because this is built-in into lettre - Updated email templates to use a shared header and footer template - Also trigger SMTP SSL When TLS is selected without SSL Resolves #1641
2021-05-08 17:46:31 +02:00
dependencies = [
"libc",
]
Update dependencies
2021-02-06 16:49:28 +01:00
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
[[package]]
name = "crc32fast"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
version = "1.4.2"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
]
Add a generic job scheduler Also rewrite deletion of old sends using the job scheduler.
2021-04-02 20:16:49 -07:00
[[package]]
name = "cron"
Update crates
2024-03-17 14:25:49 +01:00
version = "0.12.1"
Add a generic job scheduler Also rewrite deletion of old sends using the job scheduler.
2021-04-02 20:16:49 -07:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates
2024-03-17 14:25:49 +01:00
checksum = "6f8c3e73077b4b4a6ab1ea5047c37c57aee77657bc8ecd6f29b0af082d0b0c07"
Add a generic job scheduler Also rewrite deletion of old sends using the job scheduler.
2021-04-02 20:16:49 -07:00
dependencies = [
"chrono",
Improve sync speed and updated dep. versions Improved sync speed by resolving the N+1 query issues. Solves #1402 and Solves #1453 With this change there is just one query done to retreive all the important data, and matching is done in-code/memory. With a very large database the sync time went down about 3 times. Also updated misc crates and Github Actions versions.
2022-05-04 21:13:05 +02:00
"nom",
Add a generic job scheduler Also rewrite deletion of old sends using the job scheduler.
2021-04-02 20:16:49 -07:00
"once_cell",
]
Dependency updates
2022-01-30 22:24:42 +01:00
[[package]]
name = "crossbeam-utils"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "0.8.21"
Dependency updates
2022-01-30 22:24:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
Dependency updates
2022-01-30 22:24:42 +01:00
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
[[package]]
name = "crypto-common"
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
version = "0.1.6"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
dependencies = [
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
"generic-array",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"typenum",
]
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
[[package]]
name = "darling"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
version = "0.20.10"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
checksum = "6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
dependencies = [
"darling_core",
"darling_macro",
]
[[package]]
name = "darling_core"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
version = "0.20.10"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
checksum = "95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
dependencies = [
"fnv",
"ident_case",
"proc-macro2",
"quote",
"strsim",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
]
[[package]]
name = "darling_macro"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
version = "0.20.10"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
dependencies = [
"darling_core",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
]
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
[[package]]
name = "dashmap"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
version = "6.1.0"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
dependencies = [
"cfg-if",
"crossbeam-utils",
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
"hashbrown 0.14.5",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"lock_api",
"once_cell",
"parking_lot_core",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "data-encoding"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "2.7.0"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "0e60eed09d8c01d3cee5b7d30acb059b76614c918fa0f992e0dd6eeb10daad6f"
First working version
2018-02-10 01:00:55 +01:00
Add an option to fetch and parse href="data:image" Some sites are using base64 encoded inline images for favicons. This will try to match those with some sane checks and return that. These icons will have lower prio then the icons with a normal URL.
2019-11-22 13:16:12 +01:00
[[package]]
name = "data-url"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
version = "0.3.1"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
checksum = "5c297a1c74b71ae29df00c3e22dd9534821d60eb9af5a0192823fa2acea70c2a"
Add an option to fetch and parse href="data:image" Some sites are using base64 encoded inline images for favicons. This will try to match those with some sane checks and return that. These icons will have lower prio then the icons with a normal URL.
2019-11-22 13:16:12 +01:00
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
[[package]]
name = "deranged"
Update crates and fix icon issue (#4237) - Fix icon download issue by removing the deflate feature - Updated all the crates - Updated Handlebars code Fixes #4224
2024-01-12 20:44:37 +01:00
version = "0.3.11"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix icon issue (#4237) - Fix icon download issue by removing the deflate feature - Updated all the crates - Updated Handlebars code Fixes #4224
2024-01-12 20:44:37 +01:00
checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
"powerfmt",
]
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
[[package]]
name = "derive_builder"
version = "0.20.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "507dfb09ea8b7fa618fcf76e953f4f5e192547945816d5358edffe39f6f94947"
dependencies = [
"derive_builder_macro",
]
[[package]]
name = "derive_builder_core"
version = "0.20.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2d5bcf7b024d6835cfb3d473887cd966994907effbe9227e8c8219824d06c4e8"
dependencies = [
"darling",
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "derive_builder_macro"
version = "0.20.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c"
dependencies = [
"derive_builder_core",
"syn",
]
rename membership and adopt newtype pattern (#5320) * rename membership rename UserOrganization to Membership to clarify the relation and prevent confusion whether something refers to a member(ship) or user * use newtype pattern * implement custom derive macro IdFromParam * add UuidFromParam macro for UUIDs * add macros to Docker build Co-authored-by: dfunkt <dfunkt@users.noreply.github.com> --------- Co-authored-by: dfunkt <dfunkt@users.noreply.github.com>
2025-01-09 18:37:23 +01:00
[[package]]
name = "derive_more"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4a9b99b9cbbe49445b21764dc0625032a89b145a2642e67603e1c936f5458d05"
dependencies = [
"derive_more-impl",
]
[[package]]
name = "derive_more-impl"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cb7330aeadfbe296029522e6c40f315320aba36fc43a5b3632f3795348f3bd22"
dependencies = [
"proc-macro2",
"quote",
"syn",
"unicode-xid",
]
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
[[package]]
name = "devise"
Update web-vault, crates and gha (#4909) - Updated the web-vault to fix an issue with personal export. Thanks to @stefan0xC for patching this. Fixes #4875 - Updated crates to there latest version - Updated the GitHub Actions - Updated the xx image to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-01 15:53:03 +02:00
version = "0.4.2"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update web-vault, crates and gha (#4909) - Updated the web-vault to fix an issue with personal export. Thanks to @stefan0xC for patching this. Fixes #4875 - Updated crates to there latest version - Updated the GitHub Actions - Updated the xx image to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-01 15:53:03 +02:00
checksum = "f1d90b0c4c777a2cad215e3c7be59ac7c15adf45cf76317009b7d096d46f651d"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"devise_codegen",
"devise_core",
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
]
[[package]]
name = "devise_codegen"
Update web-vault, crates and gha (#4909) - Updated the web-vault to fix an issue with personal export. Thanks to @stefan0xC for patching this. Fixes #4875 - Updated crates to there latest version - Updated the GitHub Actions - Updated the xx image to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-01 15:53:03 +02:00
version = "0.4.2"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update web-vault, crates and gha (#4909) - Updated the web-vault to fix an issue with personal export. Thanks to @stefan0xC for patching this. Fixes #4875 - Updated crates to there latest version - Updated the GitHub Actions - Updated the xx image to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-01 15:53:03 +02:00
checksum = "71b28680d8be17a570a2334922518be6adc3f58ecc880cbb404eaeb8624fd867"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"devise_core",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"quote",
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
]
[[package]]
name = "devise_core"
Update web-vault, crates and gha (#4909) - Updated the web-vault to fix an issue with personal export. Thanks to @stefan0xC for patching this. Fixes #4875 - Updated crates to there latest version - Updated the GitHub Actions - Updated the xx image to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-01 15:53:03 +02:00
version = "0.4.2"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update web-vault, crates and gha (#4909) - Updated the web-vault to fix an issue with personal export. Thanks to @stefan0xC for patching this. Fixes #4875 - Updated crates to there latest version - Updated the GitHub Actions - Updated the xx image to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-01 15:53:03 +02:00
checksum = "b035a542cf7abf01f2e3c4d5a7acbaebfefe120ae4efc7bde3df98186e4b8af7"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
dependencies = [
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"bitflags",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"proc-macro2-diagnostics",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "diesel"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "2.2.6"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "ccf1bedf64cdb9643204a36dd15b19a6ce8e7aa7f7b105868e9f1fad5ffa7d12"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Improve file limit handling (#4242) * Improve file limit handling * Oops * Update PostgreSQL migration * Review comments --------- Co-authored-by: BlackDex <black.dex@gmail.com>
2024-01-27 02:43:26 +01:00
"bigdecimal",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"bitflags",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"byteorder",
"chrono",
"diesel_derives",
Update to diesel2
2022-05-20 23:39:47 +02:00
"itoa",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"libsqlite3-sys",
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
"mysqlclient-sys",
Improve file limit handling (#4242) * Improve file limit handling * Oops * Update PostgreSQL migration * Review comments --------- Co-authored-by: BlackDex <black.dex@gmail.com>
2024-01-27 02:43:26 +01:00
"num-bigint",
"num-integer",
"num-traits",
Update to diesel2
2022-05-20 23:39:47 +02:00
"percent-encoding",
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
"pq-sys",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"r2d2",
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
"time",
Update to diesel2
2022-05-20 23:39:47 +02:00
"url",
First working version
2018-02-10 01:00:55 +01:00
]
rename membership and adopt newtype pattern (#5320) * rename membership rename UserOrganization to Membership to clarify the relation and prevent confusion whether something refers to a member(ship) or user * use newtype pattern * implement custom derive macro IdFromParam * add UuidFromParam macro for UUIDs * add macros to Docker build Co-authored-by: dfunkt <dfunkt@users.noreply.github.com> --------- Co-authored-by: dfunkt <dfunkt@users.noreply.github.com>
2025-01-09 18:37:23 +01:00
[[package]]
name = "diesel-derive-newtype"
version = "2.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d5adf688c584fe33726ce0e2898f608a2a92578ac94a4a92fcecf73214fe0716"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "diesel_derives"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
version = "2.2.3"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
checksum = "e7f2c3de51e2ba6bf2a648285696137aaf0f5f487bcbea93972fe8a364e131a4"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
"diesel_table_macro_syntax",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"dsl_auto_type",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
First working version
2018-02-10 01:00:55 +01:00
]
Add dev-only query logging support This PR adds query logging support as an optional feature. It is only allowed during development/debug builds, and will abort when used during a `--release` build. For this feature to be fully activated you also need to se an environment variable `QUERY_LOGGER=1` to activate the debug log-level for this crate, else there will be no output. The reason for this PR is that sometimes it is useful to be able to see the generated queries, like when debugging an issue, or trying to optimize a query. Currently i always added this code when needed, but having this a part of the code could benifit other developers too who maybe need this.
2022-12-03 18:25:59 +01:00
[[package]]
name = "diesel_logger"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.4.0"
Add dev-only query logging support This PR adds query logging support as an optional feature. It is only allowed during development/debug builds, and will abort when used during a `--release` build. For this feature to be fully activated you also need to se an environment variable `QUERY_LOGGER=1` to activate the debug log-level for this crate, else there will be no output. The reason for this PR is that sometimes it is useful to be able to see the generated queries, like when debugging an issue, or trying to optimize a query. Currently i always added this code when needed, but having this a part of the code could benifit other developers too who maybe need this.
2022-12-03 18:25:59 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "8074833fffb675cf22a6ee669124f65f02971e48dd520bb80c7473ff70aeaf95"
Add dev-only query logging support This PR adds query logging support as an optional feature. It is only allowed during development/debug builds, and will abort when used during a `--release` build. For this feature to be fully activated you also need to se an environment variable `QUERY_LOGGER=1` to activate the debug log-level for this crate, else there will be no output. The reason for this PR is that sometimes it is useful to be able to see the generated queries, like when debugging an issue, or trying to optimize a query. Currently i always added this code when needed, but having this a part of the code could benifit other developers too who maybe need this.
2022-12-03 18:25:59 +01:00
dependencies = [
"diesel",
"log",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "diesel_migrations"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
version = "2.2.0"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
checksum = "8a73ce704bad4231f001bff3314d91dce4aba0770cee8b233991859abc15c1f6"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update to diesel2
2022-05-20 23:39:47 +02:00
"diesel",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"migrations_internals",
"migrations_macros",
First working version
2018-02-10 01:00:55 +01:00
]
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
[[package]]
name = "diesel_table_macro_syntax"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
version = "0.2.0"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
checksum = "209c735641a413bc68c4923a9d6ad4bcb3ca306b794edaa7eb0b3228a99ffb25"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
dependencies = [
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
]
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
[[package]]
name = "digest"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
version = "0.10.7"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
dependencies = [
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
"block-buffer",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"crypto-common",
"subtle",
]
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
name = "displaydoc"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
[[package]]
name = "document-features"
version = "0.2.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cb6969eaabd2421f8a2775cfd2471a2b634372b4a25d41e3bd647b79912850a0"
dependencies = [
"litrs",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
name = "dotenvy"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
version = "0.15.7"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
First working version
2018-02-10 01:00:55 +01:00
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
[[package]]
name = "dsl_auto_type"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
version = "0.1.2"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
checksum = "c5d9abe6314103864cc2d8901b7ae224e0ab1a103a0a416661b4097b0779b607"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
dependencies = [
"darling",
"either",
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
"heck",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"proc-macro2",
"quote",
"syn",
]
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
[[package]]
name = "either"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "1.13.0"
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0"
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
Update web vault to 2.28.0 and dependencies
2022-04-23 18:18:15 +02:00
[[package]]
name = "email-encoding"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.3.1"
Update web vault to 2.28.0 and dependencies
2022-04-23 18:18:15 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "ea3d894bbbab314476b265f9b2d46bf24b123a36dd0e96b06a1b49545b9d9dcc"
Update web vault to 2.28.0 and dependencies
2022-04-23 18:18:15 +02:00
dependencies = [
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
"base64 0.22.1",
Bump lettre to 0.10.0-rc.7
2022-06-04 14:47:26 +02:00
"memchr",
Update web vault to 2.28.0 and dependencies
2022-04-23 18:18:15 +02:00
]
Bump lettre to 0.10.0-rc.7
2022-06-04 14:47:26 +02:00
[[package]]
name = "email_address"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
version = "0.2.9"
Bump lettre to 0.10.0-rc.7
2022-06-04 14:47:26 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
checksum = "e079f19b08ca6239f47f8ba8509c11cf3ea30095831f7fed61441475edd8c449"
validate billing_email on save
2022-10-25 22:21:22 +02:00
dependencies = [
"serde",
]
Bump lettre to 0.10.0-rc.7
2022-06-04 14:47:26 +02:00
Reduced Docker final image and updated dependencies
2018-02-18 19:14:25 +01:00
[[package]]
name = "encoding_rs"
Update crates and fix Mail issue (#5125) - Updated all the crates Including in this update is an update from lettre, which solves an issue with some specific SMTP mail providers.
2024-10-24 19:13:20 +02:00
version = "0.8.35"
Reduced Docker final image and updated dependencies
2018-02-18 19:14:25 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix Mail issue (#5125) - Updated all the crates Including in this update is an update from lettre, which solves an issue with some specific SMTP mail providers.
2024-10-24 19:13:20 +02:00
checksum = "75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3"
Reduced Docker final image and updated dependencies
2018-02-18 19:14:25 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Reduced Docker final image and updated dependencies
2018-02-18 19:14:25 +01:00
]
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
[[package]]
name = "enum-as-inner"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
version = "0.6.1"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
checksum = "a1e6a265c649f3f5979b601d26f1d05ada116434c87741c9493cb56218f76cbc"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
dependencies = [
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
"heck",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
]
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
[[package]]
name = "env_home"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c7f84e12ccf0a7ddc17a6c41c93326024c42920d7ee630d04950e6926645c0fe"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
[[package]]
name = "equivalent"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
version = "1.0.1"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
[[package]]
name = "errno"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.3.10"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
dependencies = [
"libc",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"windows-sys 0.59.0",
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
2018-12-06 20:35:25 +01:00
]
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "event-listener"
version = "2.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
[[package]]
name = "event-listener"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "5.4.0"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "3492acde4c3fc54c845eaab3eed8bd00c7a7d881f78bfc801e43a93dec1331ae"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
dependencies = [
"concurrent-queue",
"parking",
"pin-project-lite",
]
Update Rust, crates and web-vault (#4328) - Updated Rust to v1.76.0 - Updated crates - Updated web-vault to v2024.1.2b - Fixed some Clippy lints - Moved lint check configuration Cargo.toml - Fixed issue with Reset Password Enrollment when logged-in via device
2024-02-08 22:16:29 +01:00
[[package]]
name = "event-listener-strategy"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.5.3"
Update Rust, crates and web-vault (#4328) - Updated Rust to v1.76.0 - Updated crates - Updated web-vault to v2024.1.2b - Fixed some Clippy lints - Moved lint check configuration Cargo.toml - Fixed issue with Reset Password Enrollment when logged-in via device
2024-02-08 22:16:29 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "3c3e4e0dd3673c1139bf041f3008816d9cf2946bbfac2945c09e523b8d7b05b2"
Update Rust, crates and web-vault (#4328) - Updated Rust to v1.76.0 - Updated crates - Updated web-vault to v2024.1.2b - Fixed some Clippy lints - Moved lint check configuration Cargo.toml - Fixed issue with Reset Password Enrollment when logged-in via device
2024-02-08 22:16:29 +01:00
dependencies = [
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
"event-listener 5.4.0",
Update Rust, crates and web-vault (#4328) - Updated Rust to v1.76.0 - Updated crates - Updated web-vault to v2024.1.2b - Fixed some Clippy lints - Moved lint check configuration Cargo.toml - Fixed issue with Reset Password Enrollment when logged-in via device
2024-02-08 22:16:29 +01:00
"pin-project-lite",
]
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
[[package]]
name = "fastrand"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "2.3.0"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
2018-12-06 20:35:25 +01:00
[[package]]
name = "fern"
Use updated fern instead of patch (#5298) Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-15 23:13:29 +01:00
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4316185f709b23713e41e3195f90edef7fb00c3ed4adc79769cf09cc762a3b29"
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
2018-12-06 20:35:25 +01:00
dependencies = [
Reopen log file on SIGHUP
2023-09-22 17:03:41 +02:00
"libc",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
Reopen log file on SIGHUP
2023-09-22 17:03:41 +02:00
"reopen",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"syslog",
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
2018-12-06 20:35:25 +01:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "figment"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "0.10.19"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "8cb01cd46b0cf372153850f4c6c272d9cbea2da513e07538405148f95bd789f3"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"atomic 0.6.0",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"pear",
"serde",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"toml",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"uncased",
"version_check",
]
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
[[package]]
name = "flate2"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "1.0.35"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "c936bfdafb507ebbf50b8074c54fa31c5be9a1e7e5f467dd659697041407d07c"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
dependencies = [
"crc32fast",
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
"miniz_oxide",
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
]
Updated dependencies
2018-09-19 21:43:03 +02:00
[[package]]
name = "fnv"
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
version = "1.0.7"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
Updated dependencies
2018-09-19 21:43:03 +02:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "foreign-types"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"foreign-types-shared",
First working version
2018-02-10 01:00:55 +01:00
]
[[package]]
name = "foreign-types-shared"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
First working version
2018-02-10 01:00:55 +01:00
Update dependencies
2020-11-07 23:01:04 +01:00
[[package]]
name = "form_urlencoded"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
version = "1.2.1"
Update dependencies
2020-11-07 23:01:04 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456"
Update dependencies
2020-11-07 23:01:04 +01:00
dependencies = [
Update to diesel2
2022-05-20 23:39:47 +02:00
"percent-encoding",
Update dependencies
2020-11-07 23:01:04 +01:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "futures"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.31"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876"
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
dependencies = [
"futures-channel",
"futures-core",
"futures-executor",
"futures-io",
"futures-sink",
"futures-task",
"futures-util",
]
First working version
2018-02-10 01:00:55 +01:00
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "futures-channel"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.31"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
"futures-core",
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
"futures-sink",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
]
[[package]]
name = "futures-core"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.31"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
name = "futures-executor"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.31"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
"futures-core",
"futures-task",
"futures-util",
First working version
2018-02-10 01:00:55 +01:00
]
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "futures-io"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.31"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
[[package]]
name = "futures-lite"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "2.6.0"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "f5edaec856126859abb19ed65f39e90fea3a9574b9707f13539acf4abf7eb532"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
dependencies = [
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"fastrand",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"futures-core",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"futures-io",
"parking",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"pin-project-lite",
]
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
[[package]]
name = "futures-macro"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.31"
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
]
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "futures-sink"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.31"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "futures-task"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.31"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
[[package]]
name = "futures-timer"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
version = "3.0.3"
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
checksum = "f288b0a4f20f9a56b5d1da57e2227c661b7b16168e2f72365f57b63326e29b24"
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "futures-util"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.3.31"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
"futures-channel",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"futures-core",
"futures-io",
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
"futures-macro",
"futures-sink",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"futures-task",
"memchr",
Update dependencies
2021-02-06 16:49:28 +01:00
"pin-project-lite",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"pin-utils",
"slab",
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "generator"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
version = "0.7.5"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
checksum = "5cc16584ff22b460a382b7feec54b23d2908d858152e5739a120b949293bd74e"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"cc",
"libc",
"log",
"rustversion",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"windows 0.48.0",
First working version
2018-02-10 01:00:55 +01:00
]
Update dependencies
2021-02-06 16:49:28 +01:00
[[package]]
name = "generic-array"
Revert setcap, update rust and crates - Revert #3170 as discussed in #3387 In hindsight it's better to not have this feature - Update Dockerfile.j2 for easy version changes. Just change it in one place instead of multiple - Updated to Rust to latest patched version - Updated crates to latest available - Pinned mimalloc to an older version, as it breaks on musl builds
2023-03-31 13:43:33 +02:00
version = "0.14.7"
Update dependencies
2021-02-06 16:49:28 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Revert setcap, update rust and crates - Revert #3170 as discussed in #3387 In hindsight it's better to not have this feature - Update Dockerfile.j2 for easy version changes. Just change it in one place instead of multiple - Updated to Rust to latest patched version - Updated crates to latest available - Pinned mimalloc to an older version, as it breaks on musl builds
2023-03-31 13:43:33 +02:00
checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
Update dependencies
2021-02-06 16:49:28 +01:00
dependencies = [
"typenum",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"version_check",
Update dependencies
2021-02-06 16:49:28 +01:00
]
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
[[package]]
name = "getrandom"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "0.2.15"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"js-sys",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"libc",
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
"wasi",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"wasm-bindgen",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
]
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
[[package]]
name = "gimli"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.31.1"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
Updated dependencies
2018-09-19 21:43:03 +02:00
[[package]]
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
name = "glob"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "0.3.2"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2"
Updated dependencies
2018-09-19 21:43:03 +02:00
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "gloo-timers"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
version = "0.3.0"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
checksum = "bbb143cf96099802033e0d4f4963b19fd2e0b728bcf076cd9cf7f6634f092994"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
dependencies = [
"futures-channel",
"futures-core",
"js-sys",
"wasm-bindgen",
]
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
[[package]]
name = "governor"
Use updated fern instead of patch (#5298) Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-15 23:13:29 +01:00
version = "0.8.0"
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Use updated fern instead of patch (#5298) Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-15 23:13:29 +01:00
checksum = "842dc78579ce01e6a1576ad896edc92fca002dd60c9c3746b7fc2bec6fb429d0"
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
dependencies = [
Update libraries and Rust version - Updated to Rust v1.64.0 - Updated all libararies - Updated multer-rs to be based upon the latest version - Updated Dockerfiles to match the Rust version
2022-09-22 21:30:34 +02:00
"cfg-if",
Update crates and fix Mail issue (#5125) - Updated all the crates Including in this update is an update from lettre, which solves an issue with some specific SMTP mail providers.
2024-10-24 19:13:20 +02:00
"dashmap",
"futures-sink",
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
"futures-timer",
Update crates and fix Mail issue (#5125) - Updated all the crates Including in this update is an update from lettre, which solves an issue with some specific SMTP mail providers.
2024-10-24 19:13:20 +02:00
"futures-util",
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
"no-std-compat",
"nonzero_ext",
Update dep's and small improvements on favicons - Updated dependencies (html5gum for favicon downloading) * Also openssl, time, jsonwebtoken and r2d2 - Small optimizations on downloading favicons. It now only emits tokens/tags which needs to be parsed, all others are being skipped. This prevents unneeded items within the for-loop being parsed.
2022-06-21 18:47:01 +02:00
"parking_lot",
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
"portable-atomic",
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
"quanta",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"rand",
"smallvec",
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
"spinning_top",
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
]
Add dynamic CSS support (#4940) * Add dynamic CSS support Together with https://github.com/dani-garcia/bw_web_builds/pull/180 this PR will add support for dynamic CSS changes. For example, we could hide the register link if signups are not allowed. In the future show or hide the SSO button depending on if it is enabled or not. There also is a special `user.vaultwarden.scss` file so that users can add custom CSS without the need to modify the default (static) changes. This will prevent future changes from not being applied and still have the custom user changes to be added. Also added a special redirect when someone goes directly to `/index.html` as that might cause issues with loading other scripts and files. Signed-off-by: BlackDex <black.dex@gmail.com> * Add versions and fallback to built-in - Add both Vaultwarden and web-vault versions to the css_options. - Fallback to the inner templates if rendering or compiling the scss fails. This ensures the basics are always working even if someone breaks the templates. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix fallback code to actually work The fallback now works by using an alternative `reg!` macro. This adds an extra template register which prefixes the template with `fallback_`. Signed-off-by: BlackDex <black.dex@gmail.com> * Updated the wiki link in the user template --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-11 20:14:04 +01:00
[[package]]
name = "grass_compiler"
version = "0.13.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2d9e3df7f0222ce5184154973d247c591d9aadc28ce7a73c6cd31100c9facff6"
dependencies = [
"codemap",
"indexmap",
"lasso",
"once_cell",
"phf",
]
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
[[package]]
name = "h2"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.4.7"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "ccae279728d634d083c00f6099cb58f01cc99c145b84b8be2f6c74618d79922e"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
dependencies = [
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
"atomic-waker",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"bytes",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"fnv",
"futures-core",
"futures-sink",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"http 1.2.0",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"indexmap",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"slab",
Update dependencies
2021-02-06 16:49:28 +01:00
"tokio",
Update deps and fix file-uploads - Update deps. One of them is multer-rs which fixes #2516 - Changed MSRV to `1.59.0`, since that is the correct MSRV currently. It could be lower, but that would mean removing the `strip` option.
2022-07-15 16:03:57 +02:00
"tokio-util",
Updated dependencies
2020-07-14 16:08:11 +02:00
"tracing",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
]
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
[[package]]
name = "half"
Update crates
2024-03-17 14:25:49 +01:00
version = "1.8.3"
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates
2024-03-17 14:25:49 +01:00
checksum = "1b43ede17f21864e81be2fa654110bf1e793774238d86ef8555c37e6519c0403"
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
Initial stab at templates
2019-01-13 01:39:29 +01:00
[[package]]
name = "handlebars"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "6.3.0"
Initial stab at templates
2019-01-13 01:39:29 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "3d6b224b95c1e668ac0270325ad563b2eef1469fbbb8959bc7c692c844b813d9"
Initial stab at templates
2019-01-13 01:39:29 +01:00
dependencies = [
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
"derive_builder",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
"num-order",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"pest",
"pest_derive",
"serde",
"serde_json",
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
"thiserror 2.0.11",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"walkdir",
Initial stab at templates
2019-01-13 01:39:29 +01:00
]
Update login API code - Updated jsonwebtoken to latest version - Trim `username` received from the login form ( Fixes #2348 ) - Make uuid and user_uuid a combined primary key for the devices table ( Fixes #2295 ) - Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html )
2022-03-03 21:00:10 +01:00
[[package]]
name = "hashbrown"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "0.14.5"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"ahash",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"allocator-api2",
]
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
[[package]]
name = "hashbrown"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.15.2"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
[[package]]
name = "heck"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
[[package]]
name = "hermit-abi"
Update crates
2024-03-17 14:25:49 +01:00
version = "0.3.9"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates
2024-03-17 14:25:49 +01:00
checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
[[package]]
name = "hermit-abi"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
[[package]]
name = "hickory-proto"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "0.24.2"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "447afdcdb8afb9d0a852af6dc65d9b285ce720ed7a59e42a8bf2e931c67bc1b5"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
dependencies = [
"async-trait",
"cfg-if",
"data-encoding",
"enum-as-inner",
"futures-channel",
"futures-io",
"futures-util",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"idna",
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
"ipnet",
"once_cell",
"rand",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"thiserror 1.0.69",
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
"tinyvec",
"tokio",
"tracing",
"url",
]
[[package]]
name = "hickory-resolver"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "0.24.2"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "0a2e2aba9c389ce5267d31cf1e4dace82390ae276b0b364ea55630b1fa1b44b4"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
dependencies = [
"cfg-if",
"futures-util",
"hickory-proto",
"ipconfig",
"lru-cache",
"once_cell",
"parking_lot",
"rand",
"resolv-conf",
"smallvec",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"thiserror 1.0.69",
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
"tokio",
"tracing",
]
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
[[package]]
name = "hmac"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
dependencies = [
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
"digest",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
]
Add option to set name during HELO in email settings
2020-07-05 01:59:15 +02:00
[[package]]
name = "hostname"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3c731c3e10504cc8ed35cfe2f1db4c9274c3d35fa486e3b31df46f068ef3e867"
dependencies = [
"libc",
"match_cfg",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"winapi",
Add option to set name during HELO in email settings
2020-07-05 01:59:15 +02:00
]
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
[[package]]
name = "hostname"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f9c7c7c8ac16c798734b8a24560c1362120597c40d5e1459f09498f8f6c8f2ba"
dependencies = [
"cfg-if",
"libc",
"windows 0.52.0",
]
Added better favicon downloader.
2019-01-27 15:39:19 +01:00
[[package]]
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
name = "html5gum"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.7.0"
Added better favicon downloader.
2019-01-27 15:39:19 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "b3918b5f36d61861b757261da986b51be562c7a87ac4e531d4158e67e08bff72"
Added better favicon downloader.
2019-01-27 15:39:19 +01:00
dependencies = [
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"jetscii",
Added better favicon downloader.
2019-01-27 15:39:19 +01:00
]
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "http"
Update crates
2024-03-17 14:25:49 +01:00
version = "0.2.12"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates
2024-03-17 14:25:49 +01:00
checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"bytes",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"fnv",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"itoa",
Updated dependencies
2018-09-19 21:43:03 +02:00
]
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
[[package]]
name = "http"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "1.2.0"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
dependencies = [
"bytes",
"fnv",
"itoa",
]
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
[[package]]
name = "http-body"
Fix the version string (#4153) For some reason still not known, the `.git` directory was not copied into the container. I think buildkit (buildx) did this by default before, and stopped this with newer versions. This PR fixes this by also touching `build.rs` besides `src/main.rs`. This PR also updates Rust to v1.74.1 and some crates, including the latest version of Alpine 3.19. Fixes #4150
2023-12-09 23:04:33 +01:00
version = "0.4.6"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix the version string (#4153) For some reason still not known, the `.git` directory was not copied into the container. I think buildkit (buildx) did this by default before, and stopped this with newer versions. This PR fixes this by also touching `build.rs` besides `src/main.rs`. This PR also updates Rust to v1.74.1 and some crates, including the latest version of Alpine 3.19. Fixes #4150
2023-12-09 23:04:33 +01:00
checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"bytes",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"http 0.2.12",
"pin-project-lite",
]
[[package]]
name = "http-body"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
version = "1.0.1"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
dependencies = [
"bytes",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"http 1.2.0",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
]
[[package]]
name = "http-body-util"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
version = "0.1.2"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
dependencies = [
"bytes",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"futures-util",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"http 1.2.0",
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
"http-body 1.0.1",
Update dependencies
2021-03-22 20:00:57 +01:00
"pin-project-lite",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "httparse"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "1.9.5"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "7d71d3574edd2771538b901e6549113b4006ece66150fb69c0fb6d9a2adae946"
First working version
2018-02-10 01:00:55 +01:00
Update web vault to 2.16.0 and dependencies
2020-09-10 23:15:29 +02:00
[[package]]
name = "httpdate"
build (deps): Bump Rust version and sync lockfile
2023-08-13 18:52:23 +02:00
version = "1.0.3"
Update web vault to 2.16.0 and dependencies
2020-09-10 23:15:29 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
build (deps): Bump Rust version and sync lockfile
2023-08-13 18:52:23 +02:00
checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
Update web vault to 2.16.0 and dependencies
2020-09-10 23:15:29 +02:00
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "hyper"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "0.14.32"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"bytes",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"futures-channel",
"futures-core",
"futures-util",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"http 0.2.12",
"http-body 0.4.6",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"httparse",
"httpdate",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"itoa",
Update dependencies Notably, update `diesel` to 1.4.7 and `libsqlite3-sys` to 0.22.2 to pick up the fix for CVE-2021-20227 added in SQLite 3.34.1.
2021-06-09 01:44:29 -07:00
"pin-project-lite",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"socket2",
Update dependencies
2021-02-06 16:49:28 +01:00
"tokio",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"tower-service",
Updated dependencies
2020-07-14 16:08:11 +02:00
"tracing",
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
"want",
First working version
2018-02-10 01:00:55 +01:00
]
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
[[package]]
name = "hyper"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "1.5.2"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "256fb8d4bd6413123cc9d91832d78325c48ff41677595be797d90f42969beae0"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
dependencies = [
"bytes",
"futures-channel",
"futures-util",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"h2",
"http 1.2.0",
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
"http-body 1.0.1",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"httparse",
"itoa",
"pin-project-lite",
"smallvec",
"tokio",
"want",
]
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
[[package]]
name = "hyper-rustls"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "0.27.5"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "2d191583f3da1305256f22463b9bb0471acad48a4e534a5218b9963e9c1f59b2"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
dependencies = [
"futures-util",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"http 1.2.0",
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
"hyper 1.5.2",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"hyper-util",
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
"rustls 0.23.21",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"rustls-pki-types",
"tokio",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"tokio-rustls 0.26.1",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"tower-service",
]
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
[[package]]
name = "hyper-tls"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0"
dependencies = [
"bytes",
"http-body-util",
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
"hyper 1.5.2",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"hyper-util",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"native-tls",
Update dependencies
2021-02-06 16:49:28 +01:00
"tokio",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"tokio-native-tls",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"tower-service",
]
[[package]]
name = "hyper-util"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "0.1.10"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "df2dcfbe0677734ab2f3ffa7fa7bfd4706bfdc1ef393f2ee30184aed67e631b4"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
dependencies = [
"bytes",
"futures-channel",
"futures-util",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"http 1.2.0",
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
"http-body 1.0.1",
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
"hyper 1.5.2",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"pin-project-lite",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"socket2",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"tokio",
"tower-service",
"tracing",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
]
Update web vault to 2022.8.1 and cargo dependencies
2022-09-04 23:18:27 +02:00
[[package]]
name = "iana-time-zone"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
version = "0.1.61"
Update web vault to 2022.8.1 and cargo dependencies
2022-09-04 23:18:27 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220"
Update web vault to 2022.8.1 and cargo dependencies
2022-09-04 23:18:27 +02:00
dependencies = [
"android_system_properties",
"core-foundation-sys",
Update dependencies
2022-10-09 17:40:45 +02:00
"iana-time-zone-haiku",
Update web vault to 2022.8.1 and cargo dependencies
2022-09-04 23:18:27 +02:00
"js-sys",
"wasm-bindgen",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"windows-core",
Update web vault to 2022.8.1 and cargo dependencies
2022-09-04 23:18:27 +02:00
]
Update dependencies
2022-10-09 17:40:45 +02:00
[[package]]
name = "iana-time-zone-haiku"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
version = "0.1.2"
Update dependencies
2022-10-09 17:40:45 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
Update dependencies
2022-10-09 17:40:45 +02:00
dependencies = [
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
"cc",
Update dependencies
2022-10-09 17:40:45 +02:00
]
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
name = "icu_collections"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526"
dependencies = [
"displaydoc",
"yoke",
"zerofrom",
"zerovec",
]
[[package]]
name = "icu_locid"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637"
dependencies = [
"displaydoc",
"litemap",
"tinystr",
"writeable",
"zerovec",
]
[[package]]
name = "icu_locid_transform"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e"
dependencies = [
"displaydoc",
"icu_locid",
"icu_locid_transform_data",
"icu_provider",
"tinystr",
"zerovec",
]
[[package]]
name = "icu_locid_transform_data"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e"
[[package]]
name = "icu_normalizer"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f"
dependencies = [
"displaydoc",
"icu_collections",
"icu_normalizer_data",
"icu_properties",
"icu_provider",
"smallvec",
"utf16_iter",
"utf8_iter",
"write16",
"zerovec",
]
[[package]]
name = "icu_normalizer_data"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516"
[[package]]
name = "icu_properties"
version = "1.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5"
dependencies = [
"displaydoc",
"icu_collections",
"icu_locid_transform",
"icu_properties_data",
"icu_provider",
"tinystr",
"zerovec",
]
[[package]]
name = "icu_properties_data"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569"
[[package]]
name = "icu_provider"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9"
dependencies = [
"displaydoc",
"icu_locid",
"icu_provider_macros",
"stable_deref_trait",
"tinystr",
"writeable",
"yoke",
"zerofrom",
"zerovec",
]
[[package]]
name = "icu_provider_macros"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
[[package]]
name = "ident_case"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
Updated dependencies
2018-09-19 21:43:03 +02:00
[[package]]
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
name = "idna"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "1.0.3"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e"
Update dependencies and docker base images
2019-10-24 20:37:17 +02:00
dependencies = [
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
"idna_adapter",
"smallvec",
"utf8_iter",
Update dependencies and docker base images
2019-10-24 20:37:17 +02:00
]
Updated dependencies
2018-09-19 21:43:03 +02:00
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
name = "idna_adapter"
version = "1.2.0"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
dependencies = [
"icu_normalizer",
"icu_properties",
]
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
[[package]]
name = "indexmap"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "2.7.1"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "8c9c992b02b5b4c94ea26e32fe5bccb7aa7d9f390ab5c1221ff895bc7ea8b652"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
dependencies = [
"equivalent",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"hashbrown 0.15.2",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"serde",
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "inlinable_string"
version = "0.1.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8fae54786f62fb2918dcfae3d568594e50eb9b5c25bf04371af6fe7516452fb"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
[[package]]
name = "ipconfig"
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
version = "0.3.2"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
dependencies = [
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"socket2",
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
"widestring",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"windows-sys 0.48.0",
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
"winreg",
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
]
Update dependencies
2020-08-12 18:46:28 +02:00
[[package]]
name = "ipnet"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "2.11.0"
Update dependencies
2020-08-12 18:46:28 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130"
Update dependencies
2020-08-12 18:46:28 +02:00
Some small fixes and updates - Updated workflows to use new checkout version This probably fixes the curl download for hadolint also. - Updated crates including Rocket to the latest rc3 :party: - Applied 2 nightly clippy lints to prevent future clippy issues.
2023-03-24 22:07:50 +01:00
[[package]]
name = "is-terminal"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.4.15"
Some small fixes and updates - Updated workflows to use new checkout version This probably fixes the curl download for hadolint also. - Updated crates including Rocket to the latest rc3 :party: - Applied 2 nightly clippy lints to prevent future clippy issues.
2023-03-24 22:07:50 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "e19b23d53f35ce9f56aebc7d1bb4e6ac1e9c0db7ac85c8d1760c04379edced37"
Some small fixes and updates - Updated workflows to use new checkout version This probably fixes the curl download for hadolint also. - Updated crates including Rocket to the latest rc3 :party: - Applied 2 nightly clippy lints to prevent future clippy issues.
2023-03-24 22:07:50 +01:00
dependencies = [
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
"hermit-abi 0.4.0",
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
"libc",
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
"windows-sys 0.59.0",
Some small fixes and updates - Updated workflows to use new checkout version This probably fixes the curl download for hadolint also. - Updated crates including Rocket to the latest rc3 :party: - Applied 2 nightly clippy lints to prevent future clippy issues.
2023-03-24 22:07:50 +01:00
]
Support all DB's for Alpine and Debian - Using my own rust-musl build containers we now support all database types for both Debian and Alpine. - Added new Alpine containers for armv6 and arm64/aarch64 - The Debian builds can also be done wihout dpkg magic stuff, probably some fixes in Rust regarding linking (Or maybe OpenSSL or Diesel), in any case, it works now without hacking dpkg and apt. - Updated toolchain and crates
2021-12-26 12:40:12 +01:00
[[package]]
name = "itoa"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "1.0.14"
Support all DB's for Alpine and Debian - Using my own rust-musl build containers we now support all database types for both Debian and Alpine. - Added new Alpine containers for armv6 and arm64/aarch64 - The Debian builds can also be done wihout dpkg magic stuff, probably some fixes in Rust regarding linking (Or maybe OpenSSL or Diesel), in any case, it works now without hacking dpkg and apt. - Updated toolchain and crates
2021-12-26 12:40:12 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"
Support all DB's for Alpine and Debian - Using my own rust-musl build containers we now support all database types for both Debian and Alpine. - Added new Alpine containers for armv6 and arm64/aarch64 - The Debian builds can also be done wihout dpkg magic stuff, probably some fixes in Rust regarding linking (Or maybe OpenSSL or Diesel), in any case, it works now without hacking dpkg and apt. - Updated toolchain and crates
2021-12-26 12:40:12 +01:00
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
[[package]]
name = "jetscii"
Update deps and fix file-uploads - Update deps. One of them is multer-rs which fixes #2516 - Changed MSRV to `1.59.0`, since that is the correct MSRV currently. It could be lower, but that would mean removing the `strip` option.
2022-07-15 16:03:57 +02:00
version = "0.5.3"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update deps and fix file-uploads - Update deps. One of them is multer-rs which fixes #2516 - Changed MSRV to `1.59.0`, since that is the correct MSRV currently. It could be lower, but that would mean removing the `strip` option.
2022-07-15 16:03:57 +02:00
checksum = "47f142fe24a9c9944451e8349de0a56af5f3e7226dc46f3ed4d4ecc0b85af75e"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
Add a generic job scheduler Also rewrite deletion of old sends using the job scheduler.
2021-04-02 20:16:49 -07:00
[[package]]
Move to job_scheduler_ng
2022-05-20 21:10:52 +02:00
name = "job_scheduler_ng"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
version = "2.0.5"
Move to job_scheduler_ng
2022-05-20 21:10:52 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
checksum = "87c252207f323e2996d087759ebdcff8f608cd3eaa9896909a0c2dd3050a3c6a"
Add a generic job scheduler Also rewrite deletion of old sends using the job scheduler.
2021-04-02 20:16:49 -07:00
dependencies = [
"chrono",
"cron",
"uuid",
]
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "js-sys"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.3.77"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"once_cell",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"wasm-bindgen",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "jsonwebtoken"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
version = "9.3.0"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
checksum = "b9ae10193d25051e74945f1ea2d0b42e03cc3b890f7e4cc5faa44997d808193f"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update crates and fix icon issue (#4237) - Fix icon download issue by removing the deflate feature - Updated all the crates - Updated Handlebars code Fixes #4224
2024-01-12 20:44:37 +01:00
"base64 0.21.7",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"js-sys",
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
"pem",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"ring",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"serde",
"serde_json",
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
"simple_asn1",
First working version
2018-02-10 01:00:55 +01:00
]
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "kv-log-macro"
version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0de8b303297635ad57c9f5059fd9cee7a47f8e8daa09df0fcd07dd39fb22977f"
dependencies = [
"log",
]
Add dynamic CSS support (#4940) * Add dynamic CSS support Together with https://github.com/dani-garcia/bw_web_builds/pull/180 this PR will add support for dynamic CSS changes. For example, we could hide the register link if signups are not allowed. In the future show or hide the SSO button depending on if it is enabled or not. There also is a special `user.vaultwarden.scss` file so that users can add custom CSS without the need to modify the default (static) changes. This will prevent future changes from not being applied and still have the custom user changes to be added. Also added a special redirect when someone goes directly to `/index.html` as that might cause issues with loading other scripts and files. Signed-off-by: BlackDex <black.dex@gmail.com> * Add versions and fallback to built-in - Add both Vaultwarden and web-vault versions to the css_options. - Fallback to the inner templates if rendering or compiling the scss fails. This ensures the basics are always working even if someone breaks the templates. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix fallback code to actually work The fallback now works by using an alternative `reg!` macro. This adds an extra template register which prefixes the template with `fallback_`. Signed-off-by: BlackDex <black.dex@gmail.com> * Updated the wiki link in the user template --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-11 20:14:04 +01:00
[[package]]
name = "lasso"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e14eda50a3494b3bf7b9ce51c52434a761e383d7238ce1dd5dcec2fbc13e9fb"
dependencies = [
"hashbrown 0.14.5",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "lazy_static"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "1.5.0"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
First working version
2018-02-10 01:00:55 +01:00
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
[[package]]
Updated dependencies and fixed errors
2018-09-13 16:04:00 +02:00
name = "lettre"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "0.11.11"
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "ab4c9a167ff73df98a5ecc07e8bf5ce90b583665da3d1762eb1f775ad4d0d6f5"
Updated dependencies and fixed errors
2018-09-13 16:04:00 +02:00
dependencies = [
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"async-std",
Upgrade dependencies and swap lettre to async transport
2022-07-06 23:57:37 +02:00
"async-trait",
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
"base64 0.22.1",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"chumsky",
Update web vault to 2.28.0 and dependencies
2022-04-23 18:18:15 +02:00
"email-encoding",
Bump lettre to 0.10.0-rc.7
2022-06-04 14:47:26 +02:00
"email_address",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"fastrand",
Upgrade dependencies and swap lettre to async transport
2022-07-06 23:57:37 +02:00
"futures-io",
"futures-util",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"hostname 0.4.0",
Updated branding, email and crates - Updated branding for admin and emails - Updated crates and some deprications - Removed newline-converter because this is built-in into lettre - Updated email templates to use a shared header and footer template - Also trigger SMTP SSL When TLS is selected without SSL Resolves #1641
2021-05-08 17:46:31 +02:00
"httpdate",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"idna",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"mime",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"native-tls",
Improve sync speed and updated dep. versions Improved sync speed by resolving the N+1 query issues. Solves #1402 and Solves #1453 With this change there is just one query done to retreive all the important data, and matching is done in-code/memory. With a very large database the sync time went down about 3 times. Also updated misc crates and Github Actions versions.
2022-05-04 21:13:05 +02:00
"nom",
Update crates to fix new builds (#4308) Because handlebars yanked a version which was there for a few days, we need to downgrade this crate. In this process update all the others. Fixes #4307
2024-02-02 18:30:54 +01:00
"percent-encoding",
Update lettre to latest master
2020-05-03 17:41:53 +02:00
"quoted_printable",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"serde",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"socket2",
Upgrade dependencies and swap lettre to async transport
2022-07-06 23:57:37 +02:00
"tokio",
"tokio-native-tls",
Updated email processing. - Added an option to enable smtp debugging via SMTP_DEBUG. This will trigger a trace of the smtp commands sent/received to/from the mail server. Useful when troubleshooting. - Added two options to ignore invalid certificates which either do not match at all, or only doesn't match the hostname. - Updated lettre to the latest alpha.4 version.
2020-11-18 12:07:08 +01:00
"tracing",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"url",
Updated dependencies and fixed errors
2018-09-13 16:04:00 +02:00
]
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "libc"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "0.2.169"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
Improve file limit handling (#4242) * Improve file limit handling * Oops * Update PostgreSQL migration * Review comments --------- Co-authored-by: BlackDex <black.dex@gmail.com>
2024-01-27 02:43:26 +01:00
[[package]]
name = "libm"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "0.2.11"
Improve file limit handling (#4242) * Improve file limit handling * Oops * Update PostgreSQL migration * Review comments --------- Co-authored-by: BlackDex <black.dex@gmail.com>
2024-01-27 02:43:26 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa"
Improve file limit handling (#4242) * Improve file limit handling * Oops * Update PostgreSQL migration * Review comments --------- Co-authored-by: BlackDex <black.dex@gmail.com>
2024-01-27 02:43:26 +01:00
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
[[package]]
name = "libmimalloc-sys"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.1.39"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "23aa6811d3bd4deb8a84dde645f943476d13b248d818edcf8ce0b2f37f036b44"
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
dependencies = [
"cc",
Update dependencies for Rust and Admin interface. - Updated Rust deps and one small change regarding chrono - Updated bootstrap 5 css - Updated datatables - Replaced identicon.js with jdenticon. identicon.js is unmaintained ( https://github.com/stewartlord/identicon.js/issues/52 ) The icon's are very different, but nice. It also doesn't need custom code to find and update the icons our selfs.
2022-12-01 17:18:29 +01:00
"libc",
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
]
First working version
2018-02-10 01:00:55 +01:00
Update dependencies and remove travis unused feature
2019-06-02 00:28:20 +02:00
[[package]]
name = "libsqlite3-sys"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
version = "0.30.1"
Update dependencies and remove travis unused feature
2019-06-02 00:28:20 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
checksum = "2e99fb7a497b1e3339bc746195567ed8d3e24945ecd636e3619d20b9de9e9149"
Update dependencies and remove travis unused feature
2019-06-02 00:28:20 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"cc",
"pkg-config",
"vcpkg",
Update dependencies and remove travis unused feature
2019-06-02 00:28:20 +02:00
]
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
[[package]]
name = "linked-hash-map"
Upgrade dependencies and swap lettre to async transport
2022-07-06 23:57:37 +02:00
version = "0.5.6"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Upgrade dependencies and swap lettre to async transport
2022-07-06 23:57:37 +02:00
checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
Upd Crates, Rust, MSRV, GHA and remove Backtrace - Changed MSRV to v1.65. Discussed this with @dani-garcia, and we will support **N-2**. This is/will be the same as for the `time` crate we use. Also updated the wiki regarding this https://github.com/dani-garcia/vaultwarden/wiki/Building-binary - Removed backtrace crate in favor of `std::backtrace` stable since v1.65 - Updated Rust to v1.67.1 - Updated all the crates - Updated the GHA action versions - Adjusted the GHA MSRV build to extract the MSRV from `Cargo.toml`
2023-03-04 19:18:38 +01:00
[[package]]
name = "linux-raw-sys"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "0.4.15"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
[[package]]
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
name = "litemap"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.7.4"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
[[package]]
name = "litrs"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b4ce301924b7887e9d637144fdade93f9dfff9b60981d4ac161db09720d39aa5"
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
[[package]]
name = "lock_api"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
version = "0.4.12"
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17"
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
dependencies = [
Update web vault to 2.28.0 and dependencies
2022-04-23 18:18:15 +02:00
"autocfg",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"scopeguard",
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "log"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.4.25"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "04cbf5b083de1c7e0222a7a51dbfdba1cbe1c6ab0b15e29fff3f6c077fd9cd9f"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"value-bag",
First working version
2018-02-10 01:00:55 +01:00
]
[[package]]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
name = "loom"
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
version = "0.5.6"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
checksum = "ff50ecb28bb86013e935fb6683ab1f6d3a20016f123c76fd4c27470076ac30f5"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"generator",
"scoped-tls",
"serde",
"serde_json",
"tracing",
"tracing-subscriber",
First working version
2018-02-10 01:00:55 +01:00
]
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
[[package]]
name = "lru-cache"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "31e24f1ad8321ca0e8a1e0ac13f23cb668e6f5466c2c57319f6a5cf1cc8e3b1c"
dependencies = [
"linked-hash-map",
]
rename membership and adopt newtype pattern (#5320) * rename membership rename UserOrganization to Membership to clarify the relation and prevent confusion whether something refers to a member(ship) or user * use newtype pattern * implement custom derive macro IdFromParam * add UuidFromParam macro for UUIDs * add macros to Docker build Co-authored-by: dfunkt <dfunkt@users.noreply.github.com> --------- Co-authored-by: dfunkt <dfunkt@users.noreply.github.com>
2025-01-09 18:37:23 +01:00
[[package]]
name = "macros"
version = "0.1.0"
dependencies = [
"quote",
"syn",
]
Add option to set name during HELO in email settings
2020-07-05 01:59:15 +02:00
[[package]]
name = "match_cfg"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "matchers"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558"
dependencies = [
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
"regex-automata 0.1.10",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "memchr"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
version = "2.7.4"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "migrations_internals"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
version = "2.2.0"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
checksum = "fd01039851e82f8799046eabbb354056283fb265c8ec0996af940f4e85a380ff"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update to diesel2
2022-05-20 23:39:47 +02:00
"serde",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"toml",
First working version
2018-02-10 01:00:55 +01:00
]
[[package]]
name = "migrations_macros"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
version = "2.2.0"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
checksum = "ffb161cc72176cb37aa47f1fc520d3ef02263d67d661f44f05d05a079e1237fd"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"migrations_internals",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
First working version
2018-02-10 01:00:55 +01:00
]
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
[[package]]
name = "mimalloc"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.1.43"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68914350ae34959d83f732418d51e2427a794055d0b9529f48259ac07af65633"
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
dependencies = [
"libmimalloc-sys",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "mime"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
version = "0.3.17"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
First working version
2018-02-10 01:00:55 +01:00
Macro recursion decrease and other optimizations - Decreased `recursion_limit` from 512 to 87 Mainly done by optimizing the config macro's. This fixes an issue with the rust-analyzer which doesn't go beyond 128 - Removed Regex for masking sensitive values and replaced it with a map() This is much faster then using a Regex. - Refactored the get_support_json macro's - All items above also lowered the binary size and possibly compile-time - Removed `_conn: DbConn` from several functions, these caused unnecessary database connections for functions who didn't used that at all - Decreased json response for `/plans` - Updated libraries and where needed some code changes This also fixes some rare issues with SMTP https://github.com/lettre/lettre/issues/678 - Using Rust 2021 instead of 2018 - Updated rust nightly
2021-11-05 19:18:54 +01:00
[[package]]
name = "minimal-lexical"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
[[package]]
name = "miniz_oxide"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.8.3"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "b8402cab7aefae129c6977bb0ff1b8fd9a04eb5b51efc50a70bea51cda0c7924"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
dependencies = [
"adler2",
]
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
[[package]]
name = "mio"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "1.0.3"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
dependencies = [
"libc",
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
"wasi",
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
"windows-sys 0.52.0",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
name = "multer"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
version = "3.1.0"
Remove patched multer-rs
2022-12-09 12:06:00 -05:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
checksum = "83e87776546dc87511aa5ee218730c92b666d7264ab6ed41f9d215af9cd5224b"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"bytes",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"encoding_rs",
"futures-util",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"http 1.2.0",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"httparse",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"memchr",
"mime",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"spin",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"tokio",
Update deps and fix file-uploads - Update deps. One of them is multer-rs which fixes #2516 - Changed MSRV to `1.59.0`, since that is the correct MSRV currently. It could be lower, but that would mean removing the `strip` option.
2022-07-15 16:03:57 +02:00
"tokio-util",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"version_check",
First working version
2018-02-10 01:00:55 +01:00
]
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
[[package]]
name = "mysqlclient-sys"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.4.2"
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "6bbb9b017b98c4cde5802998113e182eecc1ebce8d47e9ea1697b9a623d53870"
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
dependencies = [
"pkg-config",
"vcpkg",
]
Updated dependencies
2018-09-19 21:43:03 +02:00
[[package]]
name = "native-tls"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
version = "0.2.12"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466"
Updated dependencies
2018-09-19 21:43:03 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"libc",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"openssl",
"openssl-probe",
"openssl-sys",
"schannel",
"security-framework",
"security-framework-sys",
"tempfile",
Updated dependencies
2018-09-19 21:43:03 +02:00
]
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
[[package]]
name = "no-std-compat"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b93853da6d84c2e3c7d730d6473e8817692dd89be387eb01b94d7f108ecb5b8c"
Updated dependencies and fixed errors
2018-09-13 16:04:00 +02:00
[[package]]
name = "nom"
Updated web vault to 2023.1.1 and rust dependencies
2023-01-24 20:39:09 +01:00
version = "7.1.3"
Updated dependencies and fixed errors
2018-09-13 16:04:00 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updated web vault to 2023.1.1 and rust dependencies
2023-01-24 20:39:09 +01:00
checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
Updated dependencies and fixed errors
2018-09-13 16:04:00 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"memchr",
Macro recursion decrease and other optimizations - Decreased `recursion_limit` from 512 to 87 Mainly done by optimizing the config macro's. This fixes an issue with the rust-analyzer which doesn't go beyond 128 - Removed Regex for masking sensitive values and replaced it with a map() This is much faster then using a Regex. - Refactored the get_support_json macro's - All items above also lowered the binary size and possibly compile-time - Removed `_conn: DbConn` from several functions, these caused unnecessary database connections for functions who didn't used that at all - Decreased json response for `/plans` - Updated libraries and where needed some code changes This also fixes some rare issues with SMTP https://github.com/lettre/lettre/issues/678 - Using Rust 2021 instead of 2018 - Updated rust nightly
2021-11-05 19:18:54 +01:00
"minimal-lexical",
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
]
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
[[package]]
name = "nonzero_ext"
Dependency updates
2022-01-30 22:24:42 +01:00
version = "0.3.0"
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Dependency updates
2022-01-30 22:24:42 +01:00
checksum = "38bf9645c8b145698bb0b18a4637dcacbc421ea49bef2317e4fd8065a387cf21"
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
Update dependencies
2022-10-09 17:40:45 +02:00
[[package]]
name = "nu-ansi-term"
version = "0.46.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
dependencies = [
"overload",
"winapi",
]
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
[[package]]
name = "num-bigint"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.4.6"
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9"
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
dependencies = [
"num-integer",
"num-traits",
]
Update crates to fix new builds (#4308) Because handlebars yanked a version which was there for a few days, we need to downgrade this crate. In this process update all the others. Fixes #4307
2024-02-02 18:30:54 +01:00
[[package]]
name = "num-conv"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
[[package]]
name = "num-derive"
Update Rust, crates and web-vault (#4328) - Updated Rust to v1.76.0 - Updated crates - Updated web-vault to v2024.1.2b - Fixed some Clippy lints - Moved lint check configuration Cargo.toml - Fixed issue with Reset Password Enrollment when logged-in via device
2024-02-08 22:16:29 +01:00
version = "0.4.2"
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4328) - Updated Rust to v1.76.0 - Updated crates - Updated web-vault to v2024.1.2b - Fixed some Clippy lints - Moved lint check configuration Cargo.toml - Fixed issue with Reset Password Enrollment when logged-in via device
2024-02-08 22:16:29 +01:00
checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202"
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "num-integer"
Update Rust, crates and web-vault (#4328) - Updated Rust to v1.76.0 - Updated crates - Updated web-vault to v2024.1.2b - Fixed some Clippy lints - Moved lint check configuration Cargo.toml - Fixed issue with Reset Password Enrollment when logged-in via device
2024-02-08 22:16:29 +01:00
version = "0.1.46"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4328) - Updated Rust to v1.76.0 - Updated crates - Updated web-vault to v2024.1.2b - Fixed some Clippy lints - Moved lint check configuration Cargo.toml - Fixed issue with Reset Password Enrollment when logged-in via device
2024-02-08 22:16:29 +01:00
checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"num-traits",
First working version
2018-02-10 01:00:55 +01:00
]
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
[[package]]
name = "num-modular"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "17bb261bf36fa7d83f4c294f834e91256769097b3cb505d44831e0a179ac647f"
[[package]]
name = "num-order"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "537b596b97c40fcf8056d153049eb22f481c17ebce72a513ec9286e4986d1bb6"
dependencies = [
"num-modular",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "num-traits"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "0.2.19"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
Update dependencies and remove travis unused feature
2019-06-02 00:28:20 +02:00
dependencies = [
Remove soup and use a newer html5ever directly
2021-02-07 22:28:02 +01:00
"autocfg",
Update dependencies and remove travis unused feature
2019-06-02 00:28:20 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "num_cpus"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
version = "1.16.0"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"hermit-abi 0.3.9",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"libc",
First working version
2018-02-10 01:00:55 +01:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "num_threads"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
version = "0.1.7"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
checksum = "5c7398b9c8b70908f6371f47ed36737907c87c52af34c268fed0bf0ceb92ead9"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"libc",
]
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
[[package]]
name = "object"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "0.36.7"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
dependencies = [
"memchr",
]
Migrate lazy_static to once_cell, less macro magic and slightly faster
2020-03-09 22:04:03 +01:00
[[package]]
name = "once_cell"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "1.20.2"
Migrate lazy_static to once_cell, less macro magic and slightly faster
2020-03-09 22:04:03 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
Migrate lazy_static to once_cell, less macro magic and slightly faster
2020-03-09 22:04:03 +01:00
Updated dependencies
2018-09-19 21:43:03 +02:00
[[package]]
name = "openssl"
Update Rust to 1.82.0 (#5099) - raise MSRV to 1.80.0 - also update the crates
2024-10-18 21:34:31 +03:00
version = "0.10.68"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust to 1.82.0 (#5099) - raise MSRV to 1.80.0 - also update the crates
2024-10-18 21:34:31 +03:00
checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5"
Updated dependencies
2018-09-19 21:43:03 +02:00
dependencies = [
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"bitflags",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"foreign-types",
"libc",
Update dependencies
2021-03-22 20:00:57 +01:00
"once_cell",
Improve sync speed and updated dep. versions Improved sync speed by resolving the N+1 query issues. Solves #1402 and Solves #1453 With this change there is just one query done to retreive all the important data, and matching is done in-code/memory. With a very large database the sync time went down about 3 times. Also updated misc crates and Github Actions versions.
2022-05-04 21:13:05 +02:00
"openssl-macros",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"openssl-sys",
First working version
2018-02-10 01:00:55 +01:00
]
Improve sync speed and updated dep. versions Improved sync speed by resolving the N+1 query issues. Solves #1402 and Solves #1453 With this change there is just one query done to retreive all the important data, and matching is done in-code/memory. With a very large database the sync time went down about 3 times. Also updated misc crates and Github Actions versions.
2022-05-04 21:13:05 +02:00
[[package]]
name = "openssl-macros"
Revert setcap, update rust and crates - Revert #3170 as discussed in #3387 In hindsight it's better to not have this feature - Update Dockerfile.j2 for easy version changes. Just change it in one place instead of multiple - Updated to Rust to latest patched version - Updated crates to latest available - Pinned mimalloc to an older version, as it breaks on musl builds
2023-03-31 13:43:33 +02:00
version = "0.1.1"
Improve sync speed and updated dep. versions Improved sync speed by resolving the N+1 query issues. Solves #1402 and Solves #1453 With this change there is just one query done to retreive all the important data, and matching is done in-code/memory. With a very large database the sync time went down about 3 times. Also updated misc crates and Github Actions versions.
2022-05-04 21:13:05 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Revert setcap, update rust and crates - Revert #3170 as discussed in #3387 In hindsight it's better to not have this feature - Update Dockerfile.j2 for easy version changes. Just change it in one place instead of multiple - Updated to Rust to latest patched version - Updated crates to latest available - Pinned mimalloc to an older version, as it breaks on musl builds
2023-03-31 13:43:33 +02:00
checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
Improve sync speed and updated dep. versions Improved sync speed by resolving the N+1 query issues. Solves #1402 and Solves #1453 With this change there is just one query done to retreive all the important data, and matching is done in-code/memory. With a very large database the sync time went down about 3 times. Also updated misc crates and Github Actions versions.
2022-05-04 21:13:05 +02:00
dependencies = [
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Improve sync speed and updated dep. versions Improved sync speed by resolving the N+1 query issues. Solves #1402 and Solves #1453 With this change there is just one query done to retreive all the important data, and matching is done in-code/memory. With a very large database the sync time went down about 3 times. Also updated misc crates and Github Actions versions.
2022-05-04 21:13:05 +02:00
]
Updated dependencies
2018-09-19 21:43:03 +02:00
[[package]]
name = "openssl-probe"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.1.6"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e"
Updated dependencies
2018-09-19 21:43:03 +02:00
Add `vendored_openssl` feature. This feature enables the `vendored` feature from the `openssl` crate and build a statically linked version of openssl.
2020-09-25 23:23:13 +02:00
[[package]]
name = "openssl-src"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "300.4.1+3.4.0"
Add `vendored_openssl` feature. This feature enables the `vendored` feature from the `openssl` crate and build a statically linked version of openssl.
2020-09-25 23:23:13 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "faa4eac4138c62414b5622d1b31c5c304f34b406b013c079c2bbc652fdd6678c"
Add `vendored_openssl` feature. This feature enables the `vendored` feature from the `openssl` crate and build a statically linked version of openssl.
2020-09-25 23:23:13 +02:00
dependencies = [
"cc",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "openssl-sys"
Update Rust to 1.82.0 (#5099) - raise MSRV to 1.80.0 - also update the crates
2024-10-18 21:34:31 +03:00
version = "0.9.104"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust to 1.82.0 (#5099) - raise MSRV to 1.80.0 - also update the crates
2024-10-18 21:34:31 +03:00
checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"cc",
"libc",
Add `vendored_openssl` feature. This feature enables the `vendored` feature from the `openssl` crate and build a statically linked version of openssl.
2020-09-25 23:23:13 +02:00
"openssl-src",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"pkg-config",
"vcpkg",
First working version
2018-02-10 01:00:55 +01:00
]
Update dependencies
2022-10-09 17:40:45 +02:00
[[package]]
name = "overload"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "parking"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
version = "2.2.1"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
checksum = "f38d5652c16fde515bb1ecef450ab0f6a219d619a7274976324d5e377f7dceba"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
[[package]]
name = "parking_lot"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
version = "0.12.3"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
dependencies = [
"lock_api",
Update dep's and small improvements on favicons - Updated dependencies (html5gum for favicon downloading) * Also openssl, time, jsonwebtoken and r2d2 - Small optimizations on downloading favicons. It now only emits tokens/tags which needs to be parsed, all others are being skipped. This prevents unneeded items within the for-loop being parsed.
2022-06-21 18:47:01 +02:00
"parking_lot_core",
Updated deps and fixed some lints
2019-11-28 21:59:05 +01:00
]
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
[[package]]
name = "parking_lot_core"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
version = "0.9.10"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"libc",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"redox_syscall",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"smallvec",
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
"windows-targets 0.52.6",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
]
Use local time in email notifications for new device logins In this implementation, the `TZ` environment variable must be set in order for the formatted output to use a more user-friendly time zone abbreviation (e.g., `UTC`). Otherwise, the output uses the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
[[package]]
name = "parse-zoneinfo"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "0.3.1"
Use local time in email notifications for new device logins In this implementation, the `TZ` environment variable must be set in order for the formatted output to use a more user-friendly time zone abbreviation (e.g., `UTC`). Otherwise, the output uses the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "1f2a05b18d44e2957b88f96ba460715e295bc1d7510468a2f3d3b44535d26c24"
Use local time in email notifications for new device logins In this implementation, the `TZ` environment variable must be set in order for the formatted output to use a more user-friendly time zone abbreviation (e.g., `UTC`). Otherwise, the output uses the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
dependencies = [
"regex",
]
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
[[package]]
name = "password-hash"
Upd Crates, Rust, MSRV, GHA and remove Backtrace - Changed MSRV to v1.65. Discussed this with @dani-garcia, and we will support **N-2**. This is/will be the same as for the `time` crate we use. Also updated the wiki regarding this https://github.com/dani-garcia/vaultwarden/wiki/Building-binary - Removed backtrace crate in favor of `std::backtrace` stable since v1.65 - Updated Rust to v1.67.1 - Updated all the crates - Updated the GHA action versions - Adjusted the GHA MSRV build to extract the MSRV from `Cargo.toml`
2023-03-04 19:18:38 +01:00
version = "0.5.0"
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Upd Crates, Rust, MSRV, GHA and remove Backtrace - Changed MSRV to v1.65. Discussed this with @dani-garcia, and we will support **N-2**. This is/will be the same as for the `time` crate we use. Also updated the wiki regarding this https://github.com/dani-garcia/vaultwarden/wiki/Building-binary - Removed backtrace crate in favor of `std::backtrace` stable since v1.65 - Updated Rust to v1.67.1 - Updated all the crates - Updated the GHA action versions - Adjusted the GHA MSRV build to extract the MSRV from `Cargo.toml`
2023-03-04 19:18:38 +01:00
checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166"
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
dependencies = [
"base64ct",
"rand_core",
"subtle",
]
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
[[package]]
name = "paste"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "1.0.15"
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "pear"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
version = "0.2.9"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
checksum = "bdeeaa00ce488657faba8ebf44ab9361f9365a97bd39ffb8a60663f57ff4b467"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"inlinable_string",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"pear_codegen",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"yansi",
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "pear_codegen"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
version = "0.2.9"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
checksum = "4bab5b985dc082b345f812b7df84e1bef27e7207b39e448439ba8bd69c93f147"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"proc-macro2-diagnostics",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
First working version
2018-02-10 01:00:55 +01:00
]
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
[[package]]
name = "pem"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
version = "3.0.4"
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
checksum = "8e459365e590736a54c3fa561947c84837534b8e9af6fc5bf781307e82658fae"
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
dependencies = [
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
"base64 0.22.1",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"serde",
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
]
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
[[package]]
name = "percent-encoding"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
version = "2.3.1"
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
Initial stab at templates
2019-01-13 01:39:29 +01:00
[[package]]
name = "pest"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "2.7.15"
Initial stab at templates
2019-01-13 01:39:29 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "8b7cafe60d6cf8e62e1b9b2ea516a089c008945bb5a275416789e7db0bc199dc"
Initial stab at templates
2019-01-13 01:39:29 +01:00
dependencies = [
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
"memchr",
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
"thiserror 2.0.11",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"ucd-trie",
Initial stab at templates
2019-01-13 01:39:29 +01:00
]
[[package]]
name = "pest_derive"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "2.7.15"
Initial stab at templates
2019-01-13 01:39:29 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "816518421cfc6887a0d62bf441b6ffb4536fcc926395a69e1a85852d4363f57e"
Initial stab at templates
2019-01-13 01:39:29 +01:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"pest",
"pest_generator",
Initial stab at templates
2019-01-13 01:39:29 +01:00
]
[[package]]
name = "pest_generator"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "2.7.15"
Initial stab at templates
2019-01-13 01:39:29 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "7d1396fd3a870fc7838768d171b4616d5c91f6cc25e377b673d714567d99377b"
Initial stab at templates
2019-01-13 01:39:29 +01:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"pest",
"pest_meta",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Initial stab at templates
2019-01-13 01:39:29 +01:00
]
[[package]]
name = "pest_meta"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "2.7.15"
Initial stab at templates
2019-01-13 01:39:29 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "e1e58089ea25d717bfd31fb534e4f3afcc2cc569c70de3e239778991ea3b7dea"
Initial stab at templates
2019-01-13 01:39:29 +01:00
dependencies = [
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
"once_cell",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"pest",
Update Rust to v1.66.1 to patch CVE This PR sets Rust to v1.66.1 to fix a CVE. https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html Also updated some packages while at it.
2023-01-12 09:45:52 +01:00
"sha2",
Initial stab at templates
2019-01-13 01:39:29 +01:00
]
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
[[package]]
name = "phf"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "0.11.3"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "1fd6780a80ae0c52cc120a26a1a42c1ae51b247a253e4e06113d23d2c2edd078"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
dependencies = [
Add dynamic CSS support (#4940) * Add dynamic CSS support Together with https://github.com/dani-garcia/bw_web_builds/pull/180 this PR will add support for dynamic CSS changes. For example, we could hide the register link if signups are not allowed. In the future show or hide the SSO button depending on if it is enabled or not. There also is a special `user.vaultwarden.scss` file so that users can add custom CSS without the need to modify the default (static) changes. This will prevent future changes from not being applied and still have the custom user changes to be added. Also added a special redirect when someone goes directly to `/index.html` as that might cause issues with loading other scripts and files. Signed-off-by: BlackDex <black.dex@gmail.com> * Add versions and fallback to built-in - Add both Vaultwarden and web-vault versions to the css_options. - Fallback to the inner templates if rendering or compiling the scss fails. This ensures the basics are always working even if someone breaks the templates. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix fallback code to actually work The fallback now works by using an alternative `reg!` macro. This adds an extra template register which prefixes the template with `fallback_`. Signed-off-by: BlackDex <black.dex@gmail.com> * Updated the wiki link in the user template --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-11 20:14:04 +01:00
"phf_macros",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"phf_shared",
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
]
[[package]]
name = "phf_codegen"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "0.11.3"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "aef8048c789fa5e851558d709946d6d79a8ff88c0440c587967f8e94bfb1216a"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
dependencies = [
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"phf_generator",
"phf_shared",
First working version
2018-02-10 01:00:55 +01:00
]
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
[[package]]
name = "phf_generator"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "0.11.3"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "3c80231409c20246a13fddb31776fb942c38553c51e871f8cbd687a4cfb5843d"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
dependencies = [
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"phf_shared",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"rand",
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
]
Add dynamic CSS support (#4940) * Add dynamic CSS support Together with https://github.com/dani-garcia/bw_web_builds/pull/180 this PR will add support for dynamic CSS changes. For example, we could hide the register link if signups are not allowed. In the future show or hide the SSO button depending on if it is enabled or not. There also is a special `user.vaultwarden.scss` file so that users can add custom CSS without the need to modify the default (static) changes. This will prevent future changes from not being applied and still have the custom user changes to be added. Also added a special redirect when someone goes directly to `/index.html` as that might cause issues with loading other scripts and files. Signed-off-by: BlackDex <black.dex@gmail.com> * Add versions and fallback to built-in - Add both Vaultwarden and web-vault versions to the css_options. - Fallback to the inner templates if rendering or compiling the scss fails. This ensures the basics are always working even if someone breaks the templates. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix fallback code to actually work The fallback now works by using an alternative `reg!` macro. This adds an extra template register which prefixes the template with `fallback_`. Signed-off-by: BlackDex <black.dex@gmail.com> * Updated the wiki link in the user template --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-11 20:14:04 +01:00
[[package]]
name = "phf_macros"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "0.11.3"
Add dynamic CSS support (#4940) * Add dynamic CSS support Together with https://github.com/dani-garcia/bw_web_builds/pull/180 this PR will add support for dynamic CSS changes. For example, we could hide the register link if signups are not allowed. In the future show or hide the SSO button depending on if it is enabled or not. There also is a special `user.vaultwarden.scss` file so that users can add custom CSS without the need to modify the default (static) changes. This will prevent future changes from not being applied and still have the custom user changes to be added. Also added a special redirect when someone goes directly to `/index.html` as that might cause issues with loading other scripts and files. Signed-off-by: BlackDex <black.dex@gmail.com> * Add versions and fallback to built-in - Add both Vaultwarden and web-vault versions to the css_options. - Fallback to the inner templates if rendering or compiling the scss fails. This ensures the basics are always working even if someone breaks the templates. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix fallback code to actually work The fallback now works by using an alternative `reg!` macro. This adds an extra template register which prefixes the template with `fallback_`. Signed-off-by: BlackDex <black.dex@gmail.com> * Updated the wiki link in the user template --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-11 20:14:04 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "f84ac04429c13a7ff43785d75ad27569f2951ce0ffd30a3321230db2fc727216"
Add dynamic CSS support (#4940) * Add dynamic CSS support Together with https://github.com/dani-garcia/bw_web_builds/pull/180 this PR will add support for dynamic CSS changes. For example, we could hide the register link if signups are not allowed. In the future show or hide the SSO button depending on if it is enabled or not. There also is a special `user.vaultwarden.scss` file so that users can add custom CSS without the need to modify the default (static) changes. This will prevent future changes from not being applied and still have the custom user changes to be added. Also added a special redirect when someone goes directly to `/index.html` as that might cause issues with loading other scripts and files. Signed-off-by: BlackDex <black.dex@gmail.com> * Add versions and fallback to built-in - Add both Vaultwarden and web-vault versions to the css_options. - Fallback to the inner templates if rendering or compiling the scss fails. This ensures the basics are always working even if someone breaks the templates. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix fallback code to actually work The fallback now works by using an alternative `reg!` macro. This adds an extra template register which prefixes the template with `fallback_`. Signed-off-by: BlackDex <black.dex@gmail.com> * Updated the wiki link in the user template --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-11 20:14:04 +01:00
dependencies = [
"phf_generator",
"phf_shared",
"proc-macro2",
"quote",
"syn",
]
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
[[package]]
name = "phf_shared"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "0.11.3"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "67eabc2ef2a60eb7faa00097bd1ffdb5bd28e62bf39990626a582201b7a754e5"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
dependencies = [
"siphasher",
]
Swap structopt for a simpler alternative
2021-02-07 20:10:40 +01:00
[[package]]
name = "pico-args"
Update pico-args
2022-06-04 19:16:36 +02:00
version = "0.5.0"
Update dependencies
2020-11-07 23:01:04 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update pico-args
2022-06-04 19:16:36 +02:00
checksum = "5be167a7af36ee22fe3115051bc51f6e6c7054c9348e28deb4f49bd6f705a315"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
Updated dependencies and Dockerfiles - Updated crates - Updated rust-toolchain - Updated Dockerfile to use latest rust 1.48 version - Updated AMD64 Alpine to use same version as rust-toolchain and support PostgreSQL. - Updated Rocket to the commit right before they updated hyper. Until that update there were some crates updated and some small fixes. After that build fails and we probably need to make some changes (which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
[[package]]
name = "pin-project-lite"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "0.2.16"
Updated dependencies and Dockerfiles - Updated crates - Updated rust-toolchain - Updated Dockerfile to use latest rust 1.48 version - Updated AMD64 Alpine to use same version as rust-toolchain and support PostgreSQL. - Updated Rocket to the commit right before they updated hyper. Until that update there were some crates updated and some small fixes. After that build fails and we probably need to make some changes (which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b"
Updated dependencies and Dockerfiles - Updated crates - Updated rust-toolchain - Updated Dockerfile to use latest rust 1.48 version - Updated AMD64 Alpine to use same version as rust-toolchain and support PostgreSQL. - Updated Rocket to the commit right before they updated hyper. Until that update there were some crates updated and some small fixes. After that build fails and we probably need to make some changes (which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "pin-utils"
Remove unused dependency and simple feature, update dependencies and fix some clippy lints
2020-05-03 17:24:51 +02:00
version = "0.1.0"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Remove unused dependency and simple feature, update dependencies and fix some clippy lints
2020-05-03 17:24:51 +02:00
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "piper"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
version = "0.2.4"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
checksum = "96c8c490f422ef9a4efd2cb5b42b76c8613d7e7dfc1caf667b8a3350a5acc066"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
"atomic-waker",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"fastrand",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"futures-io",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "pkg-config"
Add extra linting (#4977) * Add extra linting Added extra linting for some code styles. Also added the Rust Edition 2024 lints. Closes #4974 Signed-off-by: BlackDex <black.dex@gmail.com> * Adjusted according to comments Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-23 20:25:32 +02:00
version = "0.3.31"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Add extra linting (#4977) * Add extra linting Added extra linting for some code styles. Also added the Rust Edition 2024 lints. Closes #4974 Signed-off-by: BlackDex <black.dex@gmail.com> * Adjusted according to comments Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-23 20:25:32 +02:00
checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2"
First working version
2018-02-10 01:00:55 +01:00
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
[[package]]
name = "polling"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "3.7.4"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "a604568c3202727d1507653cb121dbd627a58684eb09a820fd746bee38b4442f"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
dependencies = [
"cfg-if",
"concurrent-queue",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"hermit-abi 0.4.0",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"pin-project-lite",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"rustix",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"tracing",
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
"windows-sys 0.59.0",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
]
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
[[package]]
name = "portable-atomic"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "1.10.0"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "280dc24453071f1b63954171985a0b0d30058d287960968b9b2aca264c8d4ee6"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "powerfmt"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
Move backend checks to build.rs to fail fast, and updated dependencies
2019-07-09 17:26:34 +02:00
[[package]]
name = "ppv-lite86"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
version = "0.2.20"
Move backend checks to build.rs to fail fast, and updated dependencies
2019-07-09 17:26:34 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
dependencies = [
"zerocopy",
]
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
[[package]]
name = "pq-sys"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
version = "0.6.3"
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
checksum = "f6cc05d7ea95200187117196eee9edd0644424911821aeb28a18ce60ea0b8793"
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
dependencies = [
"vcpkg",
]
Move backend checks to build.rs to fail fast, and updated dependencies
2019-07-09 17:26:34 +02:00
Updated web vault to hide org plans again and updated dependencies
2019-05-11 22:27:51 +02:00
[[package]]
name = "proc-macro2"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "1.0.93"
Update rocket to 0.3.11
2018-05-21 13:20:34 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99"
Update rocket to 0.3.11
2018-05-21 13:20:34 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"unicode-ident",
Update rocket to 0.3.11
2018-05-21 13:20:34 +01:00
]
Update dependencies
2019-08-18 19:31:54 +02:00
[[package]]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
name = "proc-macro2-diagnostics"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
version = "0.10.1"
Update dependencies
2019-08-18 19:31:54 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8"
Update dependencies
2019-08-18 19:31:54 +02:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"version_check",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"yansi",
Update dependencies
2019-08-18 19:31:54 +02:00
]
Updated icon fetching and crates. - Updated some crates - Updated icon fetching code: + Use a cookie jar and set Max-Age to 2 minutes for all cookies + Locate the base href tag to fix some locations + Changed User-Agent (Helps on some sites to get HTML instead of JS) + Reduced HTML code limit from 512KB to 384KB + Allow some large icons higer-up in the sort + Allow GIF images + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
[[package]]
name = "psl-types"
Update web vault to 2022.8.1 and cargo dependencies
2022-09-04 23:18:27 +02:00
version = "2.0.11"
Updated icon fetching and crates. - Updated some crates - Updated icon fetching code: + Use a cookie jar and set Max-Age to 2 minutes for all cookies + Locate the base href tag to fix some locations + Changed User-Agent (Helps on some sites to get HTML instead of JS) + Reduced HTML code limit from 512KB to 384KB + Allow some large icons higer-up in the sort + Allow GIF images + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update web vault to 2022.8.1 and cargo dependencies
2022-09-04 23:18:27 +02:00
checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac"
Updated icon fetching and crates. - Updated some crates - Updated icon fetching code: + Use a cookie jar and set Max-Age to 2 minutes for all cookies + Locate the base href tag to fix some locations + Changed User-Agent (Helps on some sites to get HTML instead of JS) + Reduced HTML code limit from 512KB to 384KB + Allow some large icons higer-up in the sort + Allow GIF images + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "psm"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.1.24"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "200b9ff220857e53e184257720a14553b2f4aa02577d2ed9842d45d4b9654810"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
"cc",
]
Updated icon fetching and crates. - Updated some crates - Updated icon fetching code: + Use a cookie jar and set Max-Age to 2 minutes for all cookies + Locate the base href tag to fix some locations + Changed User-Agent (Helps on some sites to get HTML instead of JS) + Reduced HTML code limit from 512KB to 384KB + Allow some large icons higer-up in the sort + Allow GIF images + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
[[package]]
name = "publicsuffix"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "2.3.0"
Updated icon fetching and crates. - Updated some crates - Updated icon fetching code: + Use a cookie jar and set Max-Age to 2 minutes for all cookies + Locate the base href tag to fix some locations + Changed User-Agent (Helps on some sites to get HTML instead of JS) + Reduced HTML code limit from 512KB to 384KB + Allow some large icons higer-up in the sort + Allow GIF images + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "6f42ea446cab60335f76979ec15e12619a2165b5ae2c12166bef27d283a9fadf"
Updated icon fetching and crates. - Updated some crates - Updated icon fetching code: + Use a cookie jar and set Max-Age to 2 minutes for all cookies + Locate the base href tag to fix some locations + Changed User-Agent (Helps on some sites to get HTML instead of JS) + Reduced HTML code limit from 512KB to 384KB + Allow some large icons higer-up in the sort + Allow GIF images + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
dependencies = [
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"idna",
Updated icon fetching and crates. - Updated some crates - Updated icon fetching code: + Use a cookie jar and set Max-Age to 2 minutes for all cookies + Locate the base href tag to fix some locations + Changed User-Agent (Helps on some sites to get HTML instead of JS) + Reduced HTML code limit from 512KB to 384KB + Allow some large icons higer-up in the sort + Allow GIF images + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
"psl-types",
]
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
[[package]]
name = "quanta"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "0.12.5"
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "3bd1fe6824cea6538803de3ff1bc0cf3949024db3d43c9643024bfb33a807c0e"
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
dependencies = [
Dependency updates
2022-01-30 22:24:42 +01:00
"crossbeam-utils",
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
"libc",
Dependency updates
2022-01-30 22:24:42 +01:00
"once_cell",
"raw-cpuid",
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
"wasi",
Dependency updates
2022-01-30 22:24:42 +01:00
"web-sys",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"winapi",
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
]
Upload and download attachments, and added License file
2018-02-15 00:40:34 +01:00
[[package]]
name = "quick-error"
Make sure handlebars is not updated, as the next patch version has breaking changes
2020-01-05 00:09:24 +01:00
version = "1.2.3"
Upload and download attachments, and added License file
2018-02-15 00:40:34 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
Upload and download attachments, and added License file
2018-02-15 00:40:34 +01:00
Update dependencies
2019-08-18 19:31:54 +02:00
[[package]]
name = "quote"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "1.0.38"
Update dependencies
2019-08-18 19:31:54 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc"
Update dependencies
2019-08-18 19:31:54 +02:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
Update dependencies
2019-08-18 19:31:54 +02:00
]
Fixed long e-mail message extending 1000 lines. - Added quoted_printable crate to encode the e-mail messages. - Change the way the e-mail gets build to use custom part headers.
2019-03-25 09:48:19 +01:00
[[package]]
name = "quoted_printable"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
version = "0.5.1"
Fixed long e-mail message extending 1000 lines. - Added quoted_printable crate to encode the e-mail messages. - Change the way the e-mail gets build to use custom part headers.
2019-03-25 09:48:19 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
checksum = "640c9bd8497b02465aeef5375144c26062e0dcd5939dfcbb0f5db76cb8c17c73"
Fixed long e-mail message extending 1000 lines. - Added quoted_printable crate to encode the e-mail messages. - Change the way the e-mail gets build to use custom part headers.
2019-03-25 09:48:19 +01:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "r2d2"
Update dep's and small improvements on favicons - Updated dependencies (html5gum for favicon downloading) * Also openssl, time, jsonwebtoken and r2d2 - Small optimizations on downloading favicons. It now only emits tokens/tags which needs to be parsed, all others are being skipped. This prevents unneeded items within the for-loop being parsed.
2022-06-21 18:47:01 +02:00
version = "0.8.10"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update dep's and small improvements on favicons - Updated dependencies (html5gum for favicon downloading) * Also openssl, time, jsonwebtoken and r2d2 - Small optimizations on downloading favicons. It now only emits tokens/tags which needs to be parsed, all others are being skipped. This prevents unneeded items within the for-loop being parsed.
2022-06-21 18:47:01 +02:00
checksum = "51de85fb3fb6524929c8a2eb85e6b6d363de4e8c48f9e2c2eac4944abc181c93"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
Update dep's and small improvements on favicons - Updated dependencies (html5gum for favicon downloading) * Also openssl, time, jsonwebtoken and r2d2 - Small optimizations on downloading favicons. It now only emits tokens/tags which needs to be parsed, all others are being skipped. This prevents unneeded items within the for-loop being parsed.
2022-06-21 18:47:01 +02:00
"parking_lot",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"scheduled-thread-pool",
First working version
2018-02-10 01:00:55 +01:00
]
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
[[package]]
name = "rand"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
version = "0.8.5"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
dependencies = [
"libc",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"rand_chacha",
"rand_core",
Move backend checks to build.rs to fail fast, and updated dependencies
2019-07-09 17:26:34 +02:00
]
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
[[package]]
name = "rand_chacha"
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
version = "0.3.1"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
dependencies = [
"ppv-lite86",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"rand_core",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
]
[[package]]
name = "rand_core"
Update libraries and Rust version - Updated to Rust v1.64.0 - Updated all libararies - Updated multer-rs to be based upon the latest version - Updated Dockerfiles to match the Rust version
2022-09-22 21:30:34 +02:00
version = "0.6.4"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update libraries and Rust version - Updated to Rust v1.64.0 - Updated all libararies - Updated multer-rs to be based upon the latest version - Updated Dockerfiles to match the Rust version
2022-09-22 21:30:34 +02:00
checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"getrandom",
Move backend checks to build.rs to fail fast, and updated dependencies
2019-07-09 17:26:34 +02:00
]
Dependency updates
2022-01-30 22:24:42 +01:00
[[package]]
name = "raw-cpuid"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "11.3.0"
Dependency updates
2022-01-30 22:24:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "c6928fa44c097620b706542d428957635951bade7143269085389d42c8a4927e"
Dependency updates
2022-01-30 22:24:42 +01:00
dependencies = [
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"bitflags",
Dependency updates
2022-01-30 22:24:42 +01:00
]
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "redox_syscall"
Some refactoring and optimizations (#5291) - Refactored several code to use more modern syntax - Made some checks a bit more strict - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-14 00:55:34 +01:00
version = "0.5.8"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Some refactoring and optimizations (#5291) - Refactored several code to use more modern syntax - Made some checks a bit more strict - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-14 00:55:34 +01:00
checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"bitflags",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "ref-cast"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "1.0.23"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "ccf0a6f84d5f1d581da8b41b47ec8600871962f2a528115b542b362d4b744931"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"ref-cast-impl",
]
[[package]]
name = "ref-cast-impl"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "1.0.23"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "bcc303e793d3734489387d205e9b186fac9c6cfacedd98cbb2e8a5943595f3e6"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
]
Updated dependencies and removed some warnings from jsonwebtoken
2018-06-01 15:34:26 +02:00
[[package]]
name = "regex"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "1.11.1"
Updated dependencies and removed some warnings from jsonwebtoken
2018-06-01 15:34:26 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191"
Updated dependencies and removed some warnings from jsonwebtoken
2018-06-01 15:34:26 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"aho-corasick",
"memchr",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"regex-automata 0.4.9",
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
"regex-syntax 0.8.5",
Updated dependencies and removed some warnings from jsonwebtoken
2018-06-01 15:34:26 +02:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "regex-automata"
version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
dependencies = [
Update Rust and Crates - Updated Rust to v1.69.0 - Updated MSRV to v1.67.1 - Updated crates - Updated GitHub Actions
2023-04-21 16:21:04 +02:00
"regex-syntax 0.6.29",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
]
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
[[package]]
name = "regex-automata"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.4.9"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
dependencies = [
"aho-corasick",
"memchr",
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
"regex-syntax 0.8.5",
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "regex-syntax"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
version = "0.6.29"
Updated dependencies and removed some warnings from jsonwebtoken
2018-06-01 15:34:26 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
Updated dependencies and removed some warnings from jsonwebtoken
2018-06-01 15:34:26 +02:00
Update Rust and Crates - Updated Rust to v1.69.0 - Updated MSRV to v1.67.1 - Updated crates - Updated GitHub Actions
2023-04-21 16:21:04 +02:00
[[package]]
name = "regex-syntax"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.8.5"
Update Rust and Crates - Updated Rust to v1.69.0 - Updated MSRV to v1.67.1 - Updated crates - Updated GitHub Actions
2023-04-21 16:21:04 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
Update Rust and Crates - Updated Rust to v1.69.0 - Updated MSRV to v1.67.1 - Updated crates - Updated GitHub Actions
2023-04-21 16:21:04 +02:00
Reopen log file on SIGHUP
2023-09-22 17:03:41 +02:00
[[package]]
name = "reopen"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff42cec3acf85845f5b18b3cbb7fec619ccbd4a349f6ecbe1c62ab46d4d98293"
dependencies = [
"autocfg",
"libc",
"signal-hook",
]
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
[[package]]
name = "reqwest"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "0.12.12"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "43e734407157c3c2034e0258f5e4473ddb361b1e85f95a66690d67264d7cd1da"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
dependencies = [
"async-compression",
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
"base64 0.22.1",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"bytes",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"cookie",
"cookie_store",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"encoding_rs",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"futures-channel",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"futures-core",
"futures-util",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"h2",
"http 1.2.0",
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
"http-body 1.0.1",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"http-body-util",
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
"hyper 1.5.2",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"hyper-rustls",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"hyper-tls",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"hyper-util",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"ipnet",
"js-sys",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
"mime",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"native-tls",
Update libraries and Rust version - Updated to Rust v1.64.0 - Updated all libararies - Updated multer-rs to be based upon the latest version - Updated Dockerfiles to match the Rust version
2022-09-22 21:30:34 +02:00
"once_cell",
Update to diesel2
2022-05-20 23:39:47 +02:00
"percent-encoding",
Update dependencies
2021-02-06 16:49:28 +01:00
"pin-project-lite",
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
"rustls-pemfile 2.2.0",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"serde",
"serde_json",
"serde_urlencoded",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"sync_wrapper",
"system-configuration",
Update dependencies
2021-02-06 16:49:28 +01:00
"tokio",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"tokio-native-tls",
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
"tokio-socks",
Update deps and fix file-uploads - Update deps. One of them is multer-rs which fixes #2516 - Changed MSRV to `1.59.0`, since that is the correct MSRV currently. It could be lower, but that would mean removing the `strip` option.
2022-07-15 16:03:57 +02:00
"tokio-util",
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
"tower",
Updated deps and misc fixes and updates - Updated some Rust dependencies - Fixed an issue with CSP header, this was not configured correctly - Prevent sending CSP and Frame headers for the MFA connector.html files. Else some clients will fail to handle these protocols. - Add `unsafe-inline` for `script-src` only to the CSP for the Admin Interface - Updated JavaScript and CSS files for the Admin interface - Changed the layout for showing overridden settings, better visible now. - Made the version check cachable to prevent hitting the Github API rate limits - Hide the `database_url` as if it is a password in the Admin Interface Else for MariaDB/MySQL or PostgreSQL this was plain text. - Fixed an issue that pressing enter on the SMTP Test would save the config. resolves #2542 - Prevent user names larger then 50 characters resolves #2419
2022-06-08 19:46:33 +02:00
"tower-service",
Update to diesel2
2022-05-20 23:39:47 +02:00
"url",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"wasm-bindgen",
"wasm-bindgen-futures",
Updated web vault to 2023.1.1 and rust dependencies
2023-01-24 20:39:09 +01:00
"wasm-streams",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"web-sys",
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
"windows-registry",
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
]
[[package]]
name = "resolv-conf"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "52e44394d2086d010551b14b53b1f24e31647570cd1deb0379e2c21b329aba00"
dependencies = [
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"hostname 0.3.1",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"quick-error",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
]
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "ring"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
version = "0.17.8"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
"cc",
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
"cfg-if",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"getrandom",
"libc",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"spin",
"untrusted",
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
"windows-sys 0.52.0",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
]
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
[[package]]
name = "rmp"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
version = "0.8.14"
Use rmp upstream version
2019-12-31 02:00:05 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
checksum = "228ed7c16fa39782c3b3468e974aec2795e9089153cd08ee2e9aefb3613334c4"
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"byteorder",
"num-traits",
Update web vault to 2.28.0 and dependencies
2022-04-23 18:18:15 +02:00
"paste",
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
]
[[package]]
name = "rmpv"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "1.3.0"
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "58450723cd9ee93273ce44a20b6ec4efe17f8ed2e3631474387bfdecf18bb2a9"
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"num-traits",
"rmp",
Initial version of websockets notification support. For now only folder notifications are sent (create, rename, delete). The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested. The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy. My testing is done with Caddy server, and the following config: ``` localhost { # The negotiation endpoint is also proxied to Rocket proxy /notifications/hub/negotiate 0.0.0.0:8000 { transparent } # Notifications redirected to the websockets server proxy /notifications/hub 0.0.0.0:3012 { websocket } # Proxy the Root directory to Rocket proxy / 0.0.0.0:8000 { transparent } } ``` This exposes the service in port 2015.
2018-08-30 17:43:46 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "rocket"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
version = "0.5.1"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
checksum = "a516907296a31df7dc04310e7043b61d71954d703b603cc6867a026d7e72d73f"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"async-stream",
"async-trait",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"atomic 0.5.3",
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
"binascii",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"bytes",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"either",
"figment",
"futures",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"indexmap",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"memchr",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"multer",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"num_cpus",
Update dep's and small improvements on favicons - Updated dependencies (html5gum for favicon downloading) * Also openssl, time, jsonwebtoken and r2d2 - Small optimizations on downloading favicons. It now only emits tokens/tags which needs to be parsed, all others are being skipped. This prevents unneeded items within the for-loop being parsed.
2022-06-21 18:47:01 +02:00
"parking_lot",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"pin-project-lite",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"rand",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"ref-cast",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"rocket_codegen",
"rocket_http",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"serde",
"serde_json",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"state",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"tempfile",
Update to diesel2
2022-05-20 23:39:47 +02:00
"time",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"tokio",
"tokio-stream",
Update deps and fix file-uploads - Update deps. One of them is multer-rs which fixes #2516 - Changed MSRV to `1.59.0`, since that is the correct MSRV currently. It could be lower, but that would mean removing the `strip` option.
2022-07-15 16:03:57 +02:00
"tokio-util",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"ubyte",
"version_check",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"yansi",
First working version
2018-02-10 01:00:55 +01:00
]
[[package]]
name = "rocket_codegen"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
version = "0.5.1"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
checksum = "575d32d7ec1a9770108c879fc7c47815a80073f96ca07ff9525a94fcede1dd46"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"devise",
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
"glob",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"indexmap",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"rocket_http",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"unicode-xid",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"version_check",
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
]
[[package]]
name = "rocket_http"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
version = "0.5.1"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
checksum = "e274915a20ee3065f611c044bd63c40757396b6dbc057d6046aec27f14f882b9"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
dependencies = [
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"cookie",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"either",
Improve sync speed and updated dep. versions Improved sync speed by resolving the N+1 query issues. Solves #1402 and Solves #1453 With this change there is just one query done to retreive all the important data, and matching is done in-code/memory. With a very large database the sync time went down about 3 times. Also updated misc crates and Github Actions versions.
2022-05-04 21:13:05 +02:00
"futures",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"http 0.2.12",
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
"hyper 0.14.32",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"indexmap",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
"memchr",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"pear",
Update to diesel2
2022-05-20 23:39:47 +02:00
"percent-encoding",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"pin-project-lite",
"ref-cast",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"rustls 0.21.12",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"rustls-pemfile 1.0.4",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"serde",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"smallvec",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"stable-pattern",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"state",
Update to diesel2
2022-05-20 23:39:47 +02:00
"time",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"tokio",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"tokio-rustls 0.24.1",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"uncased",
First working version
2018-02-10 01:00:55 +01:00
]
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "rocket_ws"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
version = "0.1.1"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
checksum = "25f1877668c937b701177c349f21383c556cd3bb4ba8fa1d07fa96ccb3a8782e"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
dependencies = [
"rocket",
"tokio-tungstenite",
]
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
[[package]]
name = "rpassword"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
version = "7.3.1"
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
checksum = "80472be3c897911d0137b2d2b9055faf6eeac5b14e324073d83bc17b191d7e3f"
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
dependencies = [
"libc",
"rtoolbox",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"windows-sys 0.48.0",
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
]
[[package]]
name = "rtoolbox"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
version = "0.0.2"
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
checksum = "c247d24e63230cdb56463ae328478bd5eac8b8faa8c69461a77e8e323afac90e"
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
dependencies = [
"libc",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"windows-sys 0.48.0",
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
]
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
[[package]]
name = "rustc-demangle"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "0.1.24"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
Temp fix for OpenSSL 1.1.1 compatibility
2018-09-19 21:45:50 +02:00
[[package]]
Upd Crates, Rust, MSRV, GHA and remove Backtrace - Changed MSRV to v1.65. Discussed this with @dani-garcia, and we will support **N-2**. This is/will be the same as for the `time` crate we use. Also updated the wiki regarding this https://github.com/dani-garcia/vaultwarden/wiki/Building-binary - Removed backtrace crate in favor of `std::backtrace` stable since v1.65 - Updated Rust to v1.67.1 - Updated all the crates - Updated the GHA action versions - Adjusted the GHA MSRV build to extract the MSRV from `Cargo.toml`
2023-03-04 19:18:38 +01:00
name = "rustix"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.38.44"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
dependencies = [
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"bitflags",
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
"errno",
"libc",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"linux-raw-sys",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"windows-sys 0.59.0",
Upd Crates, Rust, MSRV, GHA and remove Backtrace - Changed MSRV to v1.65. Discussed this with @dani-garcia, and we will support **N-2**. This is/will be the same as for the `time` crate we use. Also updated the wiki regarding this https://github.com/dani-garcia/vaultwarden/wiki/Building-binary - Removed backtrace crate in favor of `std::backtrace` stable since v1.65 - Updated Rust to v1.67.1 - Updated all the crates - Updated the GHA action versions - Adjusted the GHA MSRV build to extract the MSRV from `Cargo.toml`
2023-03-04 19:18:38 +01:00
]
Temp fix for OpenSSL 1.1.1 compatibility
2018-09-19 21:45:50 +02:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "rustls"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
version = "0.21.12"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"ring",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"rustls-webpki 0.101.7",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"sct",
First working version
2018-02-10 01:00:55 +01:00
]
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
[[package]]
name = "rustls"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.23.21"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "8f287924602bf649d949c63dc8ac8b235fa5387d394020705b80c4eb597ce5b8"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
dependencies = [
"once_cell",
"rustls-pki-types",
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
"rustls-webpki 0.102.8",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"subtle",
"zeroize",
]
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
[[package]]
name = "rustls-pemfile"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
version = "1.0.4"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
dependencies = [
Update crates and fix icon issue (#4237) - Fix icon download issue by removing the deflate feature - Updated all the crates - Updated Handlebars code Fixes #4224
2024-01-12 20:44:37 +01:00
"base64 0.21.7",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
]
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
[[package]]
name = "rustls-pemfile"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "2.2.0"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
dependencies = [
"rustls-pki-types",
]
[[package]]
name = "rustls-pki-types"
Some refactoring and optimizations (#5291) - Refactored several code to use more modern syntax - Made some checks a bit more strict - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-14 00:55:34 +01:00
version = "1.10.1"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Some refactoring and optimizations (#5291) - Refactored several code to use more modern syntax - Made some checks a bit more strict - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-14 00:55:34 +01:00
checksum = "d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37"
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "rustls-webpki"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
version = "0.101.7"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
dependencies = [
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"ring",
"untrusted",
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
]
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
[[package]]
name = "rustls-webpki"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
version = "0.102.8"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
dependencies = [
"ring",
"rustls-pki-types",
"untrusted",
]
Updated dependencies, added Travis CI integration and some badges
2018-08-24 17:07:11 +02:00
[[package]]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
name = "rustversion"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "1.0.19"
Updated dependencies, added Travis CI integration and some badges
2018-08-24 17:07:11 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "f7c45b9784283f1b2e7fb61b42047c2fd678ef0960d4f6f1eba131594cc369d4"
Updated dependencies, added Travis CI integration and some badges
2018-08-24 17:07:11 +02:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
name = "ryu"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "1.0.18"
Updated dependencies and Docker image to new web-vault
2018-07-21 17:27:00 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
Updated dependencies and Docker image to new web-vault
2018-07-21 17:27:00 +02:00
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
[[package]]
name = "same-file"
Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates. The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.
2020-01-18 20:09:52 +01:00
version = "1.0.6"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"winapi-util",
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "schannel"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.1.27"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
"windows-sys 0.59.0",
First working version
2018-02-10 01:00:55 +01:00
]
[[package]]
name = "scheduled-thread-pool"
Upd Crates, Rust, MSRV, GHA and remove Backtrace - Changed MSRV to v1.65. Discussed this with @dani-garcia, and we will support **N-2**. This is/will be the same as for the `time` crate we use. Also updated the wiki regarding this https://github.com/dani-garcia/vaultwarden/wiki/Building-binary - Removed backtrace crate in favor of `std::backtrace` stable since v1.65 - Updated Rust to v1.67.1 - Updated all the crates - Updated the GHA action versions - Adjusted the GHA MSRV build to extract the MSRV from `Cargo.toml`
2023-03-04 19:18:38 +01:00
version = "0.2.7"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Upd Crates, Rust, MSRV, GHA and remove Backtrace - Changed MSRV to v1.65. Discussed this with @dani-garcia, and we will support **N-2**. This is/will be the same as for the `time` crate we use. Also updated the wiki regarding this https://github.com/dani-garcia/vaultwarden/wiki/Building-binary - Removed backtrace crate in favor of `std::backtrace` stable since v1.65 - Updated Rust to v1.67.1 - Updated all the crates - Updated the GHA action versions - Adjusted the GHA MSRV build to extract the MSRV from `Cargo.toml`
2023-03-04 19:18:38 +01:00
checksum = "3cbc66816425a074528352f5789333ecff06ca41b36b0b0efdfbb29edc391a19"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update dep's and small improvements on favicons - Updated dependencies (html5gum for favicon downloading) * Also openssl, time, jsonwebtoken and r2d2 - Small optimizations on downloading favicons. It now only emits tokens/tags which needs to be parsed, all others are being skipped. This prevents unneeded items within the for-loop being parsed.
2022-06-21 18:47:01 +02:00
"parking_lot",
First working version
2018-02-10 01:00:55 +01:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "scoped-tls"
Update Rust version, deps and workflow - Update Rust to v1.65.0 - Update dependencies - Updated workflow files - Added some extra clippy checks - Fixed some clippy checks
2022-11-04 12:56:02 +01:00
version = "1.0.1"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust version, deps and workflow - Update Rust to v1.65.0 - Update dependencies - Updated workflow files - Added some extra clippy checks - Fixed some clippy checks
2022-11-04 12:56:02 +01:00
checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
Update dependencies and remove unwraps from Cipher::to_json
2019-06-14 22:51:50 +02:00
[[package]]
name = "scopeguard"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
version = "1.2.0"
Update dependencies and remove unwraps from Cipher::to_json
2019-06-14 22:51:50 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
Update dependencies and remove unwraps from Cipher::to_json
2019-06-14 22:51:50 +02:00
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
[[package]]
name = "sct"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
version = "0.7.1"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
dependencies = [
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"ring",
"untrusted",
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
]
Updated dependencies
2018-09-19 21:43:03 +02:00
[[package]]
name = "security-framework"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
version = "2.11.1"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
Updated dependencies
2018-09-19 21:43:03 +02:00
dependencies = [
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"bitflags",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"core-foundation",
"core-foundation-sys",
Make web vault show a more informative error when browsers block WebCrypto in insecure contexts and update dependencies
2020-04-09 22:54:31 +02:00
"libc",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"security-framework-sys",
Updated dependencies
2018-09-19 21:43:03 +02:00
]
[[package]]
name = "security-framework-sys"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "2.14.0"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32"
Updated dependencies
2018-09-19 21:43:03 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"core-foundation-sys",
Update dependencies
2020-03-09 22:00:26 +01:00
"libc",
Updated dependencies
2018-09-19 21:43:03 +02:00
]
Support Org Export for v2022.11 clients Since v2022.9.x the org export uses a different endpoint. But, since v2022.11.x this endpoint will return a different format. See: https://github.com/bitwarden/clients/pull/3641 and https://github.com/bitwarden/server/pull/2316 To support both version in the case of users having an older client either web-vault or cli this PR checks the version and responds using the correct format. If no version can be determined it will use the new format as a default.
2022-11-07 17:13:34 +01:00
[[package]]
name = "semver"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "1.0.25"
Support Org Export for v2022.11 clients Since v2022.9.x the org export uses a different endpoint. But, since v2022.11.x this endpoint will return a different format. See: https://github.com/bitwarden/clients/pull/3641 and https://github.com/bitwarden/server/pull/2316 To support both version in the case of users having an older client either web-vault or cli this PR checks the version and responds using the correct format. If no version can be determined it will use the new format as a default.
2022-11-07 17:13:34 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "f79dfe2d285b0488816f30e700a7438c5a73d816b5b7d3ac72fbc48b0d185e03"
Support Org Export for v2022.11 clients Since v2022.9.x the org export uses a different endpoint. But, since v2022.11.x this endpoint will return a different format. See: https://github.com/bitwarden/clients/pull/3641 and https://github.com/bitwarden/server/pull/2316 To support both version in the case of users having an older client either web-vault or cli this PR checks the version and responds using the correct format. If no version can be determined it will use the new format as a default.
2022-11-07 17:13:34 +01:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "serde"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "1.0.217"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70"
Update deps and swap back to official u2f crate again
2019-05-17 15:34:58 +02:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"serde_derive",
Update deps and swap back to official u2f crate again
2019-05-17 15:34:58 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
[[package]]
name = "serde_cbor"
Dependency updates Updated several dependencies and switch to different totp library. - Switch oath with totp-lite oauth hasn't been updated in a long while and some dependencies could not be updated any more It now also validates a preseeding 0, as the previous library returned an int instead of a str which stripped a leading 0 - Updated rust to the current latest nightly (including build image) - Updated bootstrap css and js - Updated hadolint to latest version - Updated default rust image from v1.53 to v1.54 - Updated new nightly build/clippy messages
2021-08-22 13:46:48 +02:00
version = "0.11.2"
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Dependency updates Updated several dependencies and switch to different totp library. - Switch oath with totp-lite oauth hasn't been updated in a long while and some dependencies could not be updated any more It now also validates a preseeding 0, as the previous library returned an int instead of a str which stripped a leading 0 - Updated rust to the current latest nightly (including build image) - Updated bootstrap css and js - Updated hadolint to latest version - Updated default rust image from v1.53 to v1.54 - Updated new nightly build/clippy messages
2021-08-22 13:46:48 +02:00
checksum = "2bef2ebfde456fb76bbcf9f59315333decc4fda0b2b44b420243c11e0f5ec1f5"
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
dependencies = [
"half",
"serde",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "serde_derive"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "1.0.217"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
First working version
2018-02-10 01:00:55 +01:00
]
[[package]]
name = "serde_json"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "1.0.137"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "930cfb6e6abf99298aaad7d29abbef7a9999a9a8806a40088f55f0dcec03146b"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"itoa",
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
"memchr",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"ryu",
"serde",
First working version
2018-02-10 01:00:55 +01:00
]
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
[[package]]
name = "serde_spanned"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.6.8"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
dependencies = [
"serde",
]
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "serde_urlencoded"
Dependency updates
2022-01-30 22:24:42 +01:00
version = "0.7.1"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Dependency updates
2022-01-30 22:24:42 +01:00
checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
Updated dependencies and Dockerfiles - Updated crates - Updated rust-toolchain - Updated Dockerfile to use latest rust 1.48 version - Updated AMD64 Alpine to use same version as rust-toolchain and support PostgreSQL. - Updated Rocket to the commit right before they updated hyper. Until that update there were some crates updated and some small fixes. After that build fails and we probably need to make some changes (which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
"form_urlencoded",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"itoa",
Updated dependencies and Dockerfiles - Updated crates - Updated rust-toolchain - Updated Dockerfile to use latest rust 1.48 version - Updated AMD64 Alpine to use same version as rust-toolchain and support PostgreSQL. - Updated Rocket to the commit right before they updated hyper. Until that update there were some crates updated and some small fixes. After that build fails and we probably need to make some changes (which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
"ryu",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"serde",
]
Dependency updates
2022-05-11 22:03:07 +02:00
[[package]]
name = "sha1"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
version = "0.10.6"
Dependency updates
2022-05-11 22:03:07 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
Dependency updates
2022-05-11 22:03:07 +02:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Dependency updates
2022-05-11 22:03:07 +02:00
"cpufeatures",
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
"digest",
Dependency updates
2022-05-11 22:03:07 +02:00
]
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
[[package]]
name = "sha2"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
version = "0.10.8"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"cpufeatures",
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
"digest",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "sharded-slab"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
version = "0.1.7"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"lazy_static",
]
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
[[package]]
name = "shlex"
version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "signal-hook"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
version = "0.3.17"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
checksum = "8621587d4798caf8eb44879d42e56b9a93ea5dcd315a6487c357130095b62801"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
dependencies = [
"libc",
"signal-hook-registry",
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "signal-hook-registry"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
version = "1.4.2"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"libc",
]
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
[[package]]
name = "simple_asn1"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.6.3"
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "297f631f50729c8c99b84667867963997ec0b50f32b2a7dbcab828ef0541e8bb"
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
dependencies = [
"num-bigint",
"num-traits",
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
"thiserror 2.0.11",
Update to diesel2
2022-05-20 23:39:47 +02:00
"time",
Update dependencies Primarily updating rocket, which needed some dependencies Latest versions of: - ring - time - jsonwebtoken - yubico - rocket (git)
2020-03-16 16:32:33 +01:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "siphasher"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
version = "1.0.1"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault to v2025.1.0 (#5368) - Updated the web-vault to use v2025.1.0 (pre-release) - Updated crates Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-08 18:14:08 +01:00
checksum = "56199f7ddabf13fe5074ce809e7d3f42b42ae711800501b5b16ea82ad029c39d"
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "slab"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
version = "0.4.9"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67"
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
dependencies = [
"autocfg",
]
First working version
2018-02-10 01:00:55 +01:00
Add an option to fetch and parse href="data:image" Some sites are using base64 encoded inline images for favicons. This will try to match those with some sane checks and return that. These icons will have lower prio then the icons with a normal URL.
2019-11-22 13:16:12 +01:00
[[package]]
name = "smallvec"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
version = "1.13.2"
Add an option to fetch and parse href="data:image" Some sites are using base64 encoded inline images for favicons. This will try to match those with some sane checks and return that. These icons will have lower prio then the icons with a normal URL.
2019-11-22 13:16:12 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#4445) - Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
Add an option to fetch and parse href="data:image" Some sites are using base64 encoded inline images for favicons. This will try to match those with some sane checks and return that. These icons will have lower prio then the icons with a normal URL.
2019-11-22 13:16:12 +01:00
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
[[package]]
name = "socket2"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.5.8"
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8"
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
dependencies = [
"libc",
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
"windows-sys 0.52.0",
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "spin"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
version = "0.9.8"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
[[package]]
name = "spinning_top"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d96d2d1d716fb500937168cc09353ffdc7a012be8475ac7308e1bdf0e3923300"
dependencies = [
"lock_api",
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "stable-pattern"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4564168c00635f88eaed410d5efa8131afa8d8699a612c80c455a0ba05c21045"
dependencies = [
"memchr",
]
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
name = "stable_deref_trait"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "stacker"
Update web-vault, crates and gha (#4909) - Updated the web-vault to fix an issue with personal export. Thanks to @stefan0xC for patching this. Fixes #4875 - Updated crates to there latest version - Updated the GitHub Actions - Updated the xx image to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-01 15:53:03 +02:00
version = "0.1.17"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update web-vault, crates and gha (#4909) - Updated the web-vault to fix an issue with personal export. Thanks to @stefan0xC for patching this. Fixes #4875 - Updated crates to there latest version - Updated the GitHub Actions - Updated the xx image to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-01 15:53:03 +02:00
checksum = "799c883d55abdb5e98af1a7b3f23b9b6de8ecada0ecac058672d7635eb48ca7b"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
"cc",
"cfg-if",
"libc",
"psm",
Update web-vault, crates and gha (#4909) - Updated the web-vault to fix an issue with personal export. Thanks to @stefan0xC for patching this. Fixes #4875 - Updated crates to there latest version - Updated the GitHub Actions - Updated the xx image to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2024-09-01 15:53:03 +02:00
"windows-sys 0.59.0",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "state"
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
version = "0.6.0"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
checksum = "2b8c4a4445d81357df8b1a650d0d0d6fbbbfe99d064aa5e02f3e4022061476d8"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"loom",
]
First working version
2018-02-10 01:00:55 +01:00
Added better favicon downloader.
2019-01-27 15:39:19 +01:00
[[package]]
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
name = "strsim"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
version = "0.11.1"
Added better favicon downloader.
2019-01-27 15:39:19 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust, crates and web-vault (#4558) * Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
Added better favicon downloader.
2019-01-27 15:39:19 +01:00
Updated dependencies, removing need for yubico fork
2019-01-12 15:23:46 +01:00
[[package]]
name = "subtle"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "2.6.1"
Updated dependencies, removing need for yubico fork
2019-01-12 15:23:46 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
Updated dependencies, removing need for yubico fork
2019-01-12 15:23:46 +01:00
Update dependencies
2019-08-18 19:31:54 +02:00
[[package]]
name = "syn"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "2.0.96"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "d5d0adab1ae378d7f53bdebc67a39f1f151407ef230f0ce2883572f5d8985c80"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
dependencies = [
"proc-macro2",
"quote",
"unicode-ident",
]
Update crates to fix new builds (#4308) Because handlebars yanked a version which was there for a few days, we need to downgrade this crate. In this process update all the others. Fixes #4307
2024-02-02 18:30:54 +01:00
[[package]]
name = "sync_wrapper"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "1.0.2"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
dependencies = [
"futures-core",
]
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
name = "synstructure"
version = "0.13.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
2018-12-06 20:35:25 +01:00
[[package]]
name = "syslog"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "7.0.0"
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
2018-12-06 20:35:25 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "019f1500a13379b7d051455df397c75770de6311a7a188a699499502704d9f10"
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
2018-12-06 20:35:25 +01:00
dependencies = [
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"hostname 0.4.0",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"libc",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
Update to diesel2
2022-05-20 23:39:47 +02:00
"time",
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
2018-12-06 20:35:25 +01:00
]
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
[[package]]
name = "system-configuration"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b"
dependencies = [
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"bitflags",
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
"core-foundation",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"system-configuration-sys",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
]
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
[[package]]
name = "system-configuration-sys"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e1d1b10ced5ca923a1fcb8d03e96b8d3268065d724548c0211415ff6ac6bac4"
dependencies = [
"core-foundation-sys",
"libc",
]
Updated dependencies
2018-09-19 21:43:03 +02:00
[[package]]
name = "tempfile"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "3.15.0"
Updated dependencies
2018-09-19 21:43:03 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "9a8a559c81686f576e8cd0290cd2a24a2a9ad80c98b3478856500fcbd7acd704"
Updated dependencies
2018-09-19 21:43:03 +02:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"fastrand",
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
"getrandom",
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
"once_cell",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"rustix",
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
"windows-sys 0.59.0",
Updated dependencies
2018-09-19 21:43:03 +02:00
]
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
[[package]]
name = "thiserror"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "1.0.69"
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
dependencies = [
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"thiserror-impl 1.0.69",
]
[[package]]
name = "thiserror"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "2.0.11"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "d452f284b73e6d76dd36758a0c8684b1d5be31f92b89d07fd5822175732206fc"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
dependencies = [
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
"thiserror-impl 2.0.11",
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
]
[[package]]
name = "thiserror-impl"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "1.0.69"
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
]
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
[[package]]
name = "thiserror-impl"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "2.0.11"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "26afc1baea8a989337eeb52b6e72a039780ce45c3edfcc9c5b9d112feeb173c2"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
dependencies = [
"proc-macro2",
"quote",
"syn",
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "thread_local"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
version = "1.1.8"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
"cfg-if",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"once_cell",
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
]
Adds yubico-rs library dep
2018-11-15 18:34:17 -07:00
[[package]]
name = "threadpool"
Update dependencies
2020-05-14 00:18:18 +02:00
version = "1.8.1"
Adds yubico-rs library dep
2018-11-15 18:34:17 -07:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update dependencies
2020-05-14 00:18:18 +02:00
checksum = "d050e60b33d41c19108b32cea32164033a9013fe3b46cbd4457559bfbf77afaa"
Adds yubico-rs library dep
2018-11-15 18:34:17 -07:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"num_cpus",
First working version
2018-02-10 01:00:55 +01:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "time"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.3.37"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
"deranged",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"itoa",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"libc",
Update crates to fix new builds (#4308) Because handlebars yanked a version which was there for a few days, we need to downgrade this crate. In this process update all the others. Fixes #4307
2024-02-02 18:30:54 +01:00
"num-conv",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"num_threads",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"powerfmt",
Update dependencies
2022-10-26 21:42:12 +02:00
"serde",
"time-core",
Updated deps and misc fixes and updates - Updated some Rust dependencies - Fixed an issue with CSP header, this was not configured correctly - Prevent sending CSP and Frame headers for the MFA connector.html files. Else some clients will fail to handle these protocols. - Add `unsafe-inline` for `script-src` only to the CSP for the Admin Interface - Updated JavaScript and CSS files for the Admin interface - Changed the layout for showing overridden settings, better visible now. - Made the version check cachable to prevent hitting the Github API rate limits - Hide the `database_url` as if it is a password in the Admin Interface Else for MariaDB/MySQL or PostgreSQL this was plain text. - Fixed an issue that pressing enter on the SMTP Test would save the config. resolves #2542 - Prevent user names larger then 50 characters resolves #2419
2022-06-08 19:46:33 +02:00
"time-macros",
Update handlebars to 3.0 which included performance improvements. Updated lettre to newer git revision, which should give better error messages now.
2020-01-26 15:29:14 +01:00
]
Update dependencies
2022-10-26 21:42:12 +02:00
[[package]]
name = "time-core"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
version = "0.1.2"
Update dependencies
2022-10-26 21:42:12 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
Update dependencies
2022-10-26 21:42:12 +02:00
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "time-macros"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.2.19"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "2834e6017e3e5e4b9834939793b282bc03b37a3336245fa820e35e233e2a85de"
Update dependencies
2022-10-26 21:42:12 +02:00
dependencies = [
Update crates to fix new builds (#4308) Because handlebars yanked a version which was there for a few days, we need to downgrade this crate. In this process update all the others. Fixes #4307
2024-02-02 18:30:54 +01:00
"num-conv",
Update dependencies
2022-10-26 21:42:12 +02:00
"time-core",
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
name = "tinystr"
version = "0.7.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f"
dependencies = [
"displaydoc",
"zerovec",
]
Update dependencies
2020-06-22 17:15:20 +02:00
[[package]]
name = "tinyvec"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "1.8.1"
Updated dependencies and Dockerfiles - Updated crates - Updated rust-toolchain - Updated Dockerfile to use latest rust 1.48 version - Updated AMD64 Alpine to use same version as rust-toolchain and support PostgreSQL. - Updated Rocket to the commit right before they updated hyper. Until that update there were some crates updated and some small fixes. After that build fails and we probably need to make some changes (which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "022db8904dfa342efe721985167e9fcd16c29b226db4397ed752a761cfce81e8"
Updated dependencies and Dockerfiles - Updated crates - Updated rust-toolchain - Updated Dockerfile to use latest rust 1.48 version - Updated AMD64 Alpine to use same version as rust-toolchain and support PostgreSQL. - Updated Rocket to the commit right before they updated hyper. Until that update there were some crates updated and some small fixes. After that build fails and we probably need to make some changes (which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
dependencies = [
"tinyvec_macros",
]
[[package]]
name = "tinyvec_macros"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
version = "0.1.1"
Update dependencies
2020-06-22 17:15:20 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
Update dependencies
2020-06-22 17:15:20 +02:00
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "tokio"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "1.43.0"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "3d61fa4ffa3de412bfea335c6ecff681de2b609ba3c77ef3e00e521813a9ed9e"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
dependencies = [
Update crates and small clippy fix - Update all crates - Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
"backtrace",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"bytes",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
"libc",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"mio",
Update dep's and small improvements on favicons - Updated dependencies (html5gum for favicon downloading) * Also openssl, time, jsonwebtoken and r2d2 - Small optimizations on downloading favicons. It now only emits tokens/tags which needs to be parsed, all others are being skipped. This prevents unneeded items within the for-loop being parsed.
2022-06-21 18:47:01 +02:00
"parking_lot",
Update dependencies
2021-02-06 16:49:28 +01:00
"pin-project-lite",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"signal-hook-registry",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"socket2",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"tokio-macros",
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
"windows-sys 0.52.0",
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "tokio-macros"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "2.5.0"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
]
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
[[package]]
name = "tokio-native-tls"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
version = "0.3.1"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
Updated dependencies and small mail fixes - Updated rust nightly - Updated depenencies - Removed unicode support for regex (less dependencies) - Fixed dependency and nightly changes/deprications - Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
dependencies = [
"native-tls",
Update dependencies
2021-02-06 16:49:28 +01:00
"tokio",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "tokio-rustls"
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
version = "0.24.1"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"rustls 0.21.12",
"tokio",
]
[[package]]
name = "tokio-rustls"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "0.26.1"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37"
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
dependencies = [
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
"rustls 0.23.21",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"tokio",
]
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
[[package]]
name = "tokio-socks"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
version = "0.5.2"
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
checksum = "0d4770b8024672c1101b3f6733eab95b18007dbe0847a8afe341fcf79e06043f"
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
dependencies = [
"either",
"futures-util",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"thiserror 1.0.69",
Enable socks feature for reqwest This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
"tokio",
]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "tokio-stream"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
version = "0.1.17"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
checksum = "eca58d7bba4a75707817a2c44174253f9236b2d5fbd055602e9d5c07c139a047"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"futures-core",
"pin-project-lite",
"tokio",
]
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
[[package]]
name = "tokio-tungstenite"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
version = "0.21.0"
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
checksum = "c83b561d025642014097b66e6c1bb422783339e0909e4429cde4749d1990bc38"
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
dependencies = [
"futures-util",
"log",
"tokio",
"tungstenite",
]
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
[[package]]
name = "tokio-util"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.7.13"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"bytes",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"futures-core",
"futures-sink",
"pin-project-lite",
"tokio",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "toml"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
version = "0.8.19"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
checksum = "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
"serde",
"serde_spanned",
"toml_datetime",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"toml_edit",
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
]
[[package]]
name = "toml_datetime"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
version = "0.6.8"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
dependencies = [
"serde",
]
[[package]]
name = "toml_edit"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.22.22"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "4ae48d6208a266e853d946088ed816055e556cc6028c5e8e2b84d9fa5dd7c7f5"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
dependencies = [
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"indexmap",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
"serde",
"serde_spanned",
"toml_datetime",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"winnow",
First working version
2018-02-10 01:00:55 +01:00
]
Dependency updates Updated several dependencies and switch to different totp library. - Switch oath with totp-lite oauth hasn't been updated in a long while and some dependencies could not be updated any more It now also validates a preseeding 0, as the previous library returned an int instead of a str which stripped a leading 0 - Updated rust to the current latest nightly (including build image) - Updated bootstrap css and js - Updated hadolint to latest version - Updated default rust image from v1.53 to v1.54 - Updated new nightly build/clippy messages
2021-08-22 13:46:48 +02:00
[[package]]
name = "totp-lite"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
version = "2.0.1"
Dependency updates Updated several dependencies and switch to different totp library. - Switch oath with totp-lite oauth hasn't been updated in a long while and some dependencies could not be updated any more It now also validates a preseeding 0, as the previous library returned an int instead of a str which stripped a leading 0 - Updated rust to the current latest nightly (including build image) - Updated bootstrap css and js - Updated hadolint to latest version - Updated default rust image from v1.53 to v1.54 - Updated new nightly build/clippy messages
2021-08-22 13:46:48 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
checksum = "f8e43134db17199f7f721803383ac5854edd0d3d523cc34dba321d6acfbe76c3"
Dependency updates Updated several dependencies and switch to different totp library. - Switch oath with totp-lite oauth hasn't been updated in a long while and some dependencies could not be updated any more It now also validates a preseeding 0, as the previous library returned an int instead of a str which stripped a leading 0 - Updated rust to the current latest nightly (including build image) - Updated bootstrap css and js - Updated hadolint to latest version - Updated default rust image from v1.53 to v1.54 - Updated new nightly build/clippy messages
2021-08-22 13:46:48 +02:00
dependencies = [
Update deps and Alpine image - Updated deps - Updated Alpine images to 3.16 - Removed dumb-init, not needed anymore - Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
"digest",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"hmac",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"sha1",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"sha2",
Dependency updates Updated several dependencies and switch to different totp library. - Switch oath with totp-lite oauth hasn't been updated in a long while and some dependencies could not be updated any more It now also validates a preseeding 0, as the previous library returned an int instead of a str which stripped a leading 0 - Updated rust to the current latest nightly (including build image) - Updated bootstrap css and js - Updated hadolint to latest version - Updated default rust image from v1.53 to v1.54 - Updated new nightly build/clippy messages
2021-08-22 13:46:48 +02:00
]
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
[[package]]
name = "tower"
version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9"
dependencies = [
"futures-core",
"futures-util",
"pin-project-lite",
"sync_wrapper",
"tokio",
"tower-layer",
"tower-service",
]
[[package]]
name = "tower-layer"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "tower-service"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
version = "0.3.3"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
Updated dependencies
2020-07-14 16:08:11 +02:00
[[package]]
name = "tracing"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.1.41"
Updated dependencies
2020-07-14 16:08:11 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
Updated dependencies
2020-07-14 16:08:11 +02:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
Update dependencies
2021-02-06 16:49:28 +01:00
"pin-project-lite",
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
"tracing-attributes",
Updated dependencies
2020-07-14 16:08:11 +02:00
"tracing-core",
]
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
[[package]]
name = "tracing-attributes"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.1.28"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d"
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Icon and SMTP Debug fixes. - We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584 - Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149 - Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons. Fixes #1540
2021-03-29 10:27:58 +02:00
]
Updated dependencies
2020-07-14 16:08:11 +02:00
[[package]]
name = "tracing-core"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.1.33"
Updated dependencies
2020-07-14 16:08:11 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c"
Updated dependencies
2020-07-14 16:08:11 +02:00
dependencies = [
Updated deps and misc fixes and updates - Updated some Rust dependencies - Fixed an issue with CSP header, this was not configured correctly - Prevent sending CSP and Frame headers for the MFA connector.html files. Else some clients will fail to handle these protocols. - Add `unsafe-inline` for `script-src` only to the CSP for the Admin Interface - Updated JavaScript and CSS files for the Admin interface - Changed the layout for showing overridden settings, better visible now. - Made the version check cachable to prevent hitting the Github API rate limits - Hide the `database_url` as if it is a password in the Admin Interface Else for MariaDB/MySQL or PostgreSQL this was plain text. - Fixed an issue that pressing enter on the SMTP Test would save the config. resolves #2542 - Prevent user names larger then 50 characters resolves #2419
2022-06-08 19:46:33 +02:00
"once_cell",
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
"valuable",
Updated dependencies
2020-07-14 16:08:11 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
name = "tracing-log"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
version = "0.2.0"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"log",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"once_cell",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"tracing-core",
]
[[package]]
name = "tracing-subscriber"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.3.19"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "e8189decb5ac0fa7bc8b96b7cb9b2701d60d48805aca84a238004d665fcc4008"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"matchers",
Update dependencies
2022-10-09 17:40:45 +02:00
"nu-ansi-term",
Upgrade dependencies and swap lettre to async transport
2022-07-06 23:57:37 +02:00
"once_cell",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"regex",
"sharded-slab",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"smallvec",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"thread_local",
"tracing",
"tracing-core",
"tracing-log",
]
First working version
2018-02-10 01:00:55 +01:00
Update rocket to 0.3.11
2018-05-21 13:20:34 +01:00
[[package]]
name = "try-lock"
Fix the version string (#4153) For some reason still not known, the `.git` directory was not copied into the container. I think buildkit (buildx) did this by default before, and stopped this with newer versions. This PR fixes this by also touching `build.rs` besides `src/main.rs`. This PR also updates Rust to v1.74.1 and some crates, including the latest version of Alpine 3.19. Fixes #4150
2023-12-09 23:04:33 +01:00
version = "0.2.5"
Update rocket to 0.3.11
2018-05-21 13:20:34 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix the version string (#4153) For some reason still not known, the `.git` directory was not copied into the container. I think buildkit (buildx) did this by default before, and stopped this with newer versions. This PR fixes this by also touching `build.rs` besides `src/main.rs`. This PR also updates Rust to v1.74.1 and some crates, including the latest version of Alpine 3.19. Fixes #4150
2023-12-09 23:04:33 +01:00
checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
Update rocket to 0.3.11
2018-05-21 13:20:34 +01:00
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
[[package]]
name = "tungstenite"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
version = "0.21.0"
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates (#4587) - Update crates including rocket and rocket_ws
2024-05-25 15:14:19 +02:00
checksum = "9ef1a641ea34f399a848dea702823bbecfb4c486f911735368f1f137cb8257e1"
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
dependencies = [
"byteorder",
"bytes",
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
"data-encoding",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"http 1.2.0",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"httparse",
"log",
"rand",
Update dependencies for Rust and Admin interface. - Updated Rust deps and one small change regarding chrono - Updated bootstrap 5 css - Updated datatables - Replaced identicon.js with jdenticon. identicon.js is unmaintained ( https://github.com/stewartlord/identicon.js/issues/52 ) The icon's are very different, but nice. It also doesn't need custom code to find and update the icons our selfs.
2022-12-01 17:18:29 +01:00
"sha1",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"thiserror 1.0.69",
Update to diesel2
2022-05-20 23:39:47 +02:00
"url",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"utf-8",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "typenum"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
version = "1.17.0"
Updated dependencies
2018-03-21 00:08:46 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
Updated dependencies
2018-03-21 00:08:46 +01:00
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
[[package]]
name = "ubyte"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
version = "0.10.4"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
checksum = "f720def6ce1ee2fc44d40ac9ed6d3a59c361c80a75a7aa8e75bb9baed31cf2ea"
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
dependencies = [
"serde",
]
Initial stab at templates
2019-01-13 01:39:29 +01:00
[[package]]
name = "ucd-trie"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
version = "0.1.7"
Initial stab at templates
2019-01-13 01:39:29 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updates and collection management fixes (#5072) * Fix collections not editable by managers Since a newer version of the web-vault we use manager were not able to create sub collections anymore. This was because of some missing details in the response of some json objects. This commit fixes this by using the `to_json_details` instead of the `to_json` Fixes #5066 Fixes #5044 * Update crates and GitHub Actions - Updated all the crates - Updated all the GHA dependencies - Configured the trivy workflow to only run on the main repo and not on forks Also selected a random new scheduled date so it will not run at the same time as all other forks. The two changes should help running this scan every day without failing, and also prevent the same for new or updated forks.
2024-10-11 18:42:40 +02:00
checksum = "2896d95c02a80c6d6a5d6e953d479f5ddf2dfdb6a244441010e373ac0fb88971"
Initial stab at templates
2019-01-13 01:39:29 +01:00
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
[[package]]
name = "uncased"
Update crates, web-vault and GHA (#4275) - Update GitHub Actions - Updated crates - Updated web-vault to v2024.1.2
2024-01-26 20:19:53 +01:00
version = "0.9.10"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and GHA (#4275) - Update GitHub Actions - Updated crates - Updated web-vault to v2024.1.2
2024-01-26 20:19:53 +01:00
checksum = "e1b88fcfe09e89d3866a5c11019378088af2d24c3fbd4f0543f96b479ec90697"
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition
2021-09-22 20:26:48 +02:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"serde",
"version_check",
First working version
2018-02-10 01:00:55 +01:00
]
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
[[package]]
name = "unicode-ident"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "1.0.15"
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "11cd88e12b17c6494200a9c1b683a04fcac9573ed74cd1b62aeb2727c5592243"
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
Update dependencies
2019-08-18 19:31:54 +02:00
[[package]]
name = "unicode-xid"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
version = "0.2.6"
Update dependencies
2019-08-18 19:31:54 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Fix Device Type column for 2FA migration (#4971)
2024-09-20 12:06:06 +02:00
checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853"
Update dependencies
2019-08-18 19:31:54 +02:00
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "untrusted"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
[[package]]
name = "url"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "2.5.4"
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60"
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
dependencies = [
Update dependencies
2020-11-07 23:01:04 +01:00
"form_urlencoded",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"idna",
Update to diesel2
2022-05-20 23:39:47 +02:00
"percent-encoding",
Update dependencies
2021-10-24 21:50:26 +02:00
"serde",
Updated dependencies and fixed panic getting icons
2019-07-30 19:38:54 +02:00
]
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
[[package]]
name = "utf-8"
version = "0.7.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
name = "utf16_iter"
version = "1.0.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246"
[[package]]
name = "utf8_iter"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
Update dependencies and docker base images
2019-10-24 20:37:17 +02:00
[[package]]
name = "uuid"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "1.12.1"
Update dependencies and docker base images
2019-10-24 20:37:17 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "b3758f5e68192bb96cc8f9b7e2c2cfdabb435499a28499a42f8f984092adad4b"
Update dependencies and docker base images
2019-10-24 20:37:17 +02:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"getrandom",
Update dependencies and docker base images
2019-10-24 20:37:17 +02:00
]
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
[[package]]
name = "valuable"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.1.1"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
Update async to prepare for main merge - Changed nightly to stable in Dockerfile and Workflow - Updated Dockerfile to use stable and updated ENV's - Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default - Updated Github Workflow actions to the latest versions - Updated Hadolint version - Re-orderd the Cargo.toml file a bit and put libs together which are linked - Updated some libs - Updated .dockerignore file
2022-02-07 22:26:22 +01:00
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
[[package]]
name = "value-bag"
Update crates and fix Mail issue (#5125) - Updated all the crates Including in this update is an update from lettre, which solves an issue with some specific SMTP mail providers.
2024-10-24 19:13:20 +02:00
version = "1.10.0"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix Mail issue (#5125) - Updated all the crates Including in this update is an update from lettre, which solves an issue with some specific SMTP mail providers.
2024-10-24 19:13:20 +02:00
checksum = "3ef4c4aa54d5d05a279399bfa921ec387b7aba77caf7a682ae8d86785b8fdad2"
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
Project renaming
2021-04-27 23:18:32 +02:00
[[package]]
name = "vaultwarden"
version = "1.0.0"
dependencies = [
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
"argon2",
Improve file limit handling (#4242) * Improve file limit handling * Oops * Update PostgreSQL migration * Review comments --------- Co-authored-by: BlackDex <black.dex@gmail.com>
2024-01-27 02:43:26 +01:00
"bigdecimal",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"bytes",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"cached",
Project renaming
2021-04-27 23:18:32 +02:00
"chrono",
"chrono-tz",
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
"cookie",
"cookie_store",
Update crates and fix Mail issue (#5125) - Updated all the crates Including in this update is an update from lettre, which solves an issue with some specific SMTP mail providers.
2024-10-24 19:13:20 +02:00
"dashmap",
Project renaming
2021-04-27 23:18:32 +02:00
"data-encoding",
"data-url",
rename membership and adopt newtype pattern (#5320) * rename membership rename UserOrganization to Membership to clarify the relation and prevent confusion whether something refers to a member(ship) or user * use newtype pattern * implement custom derive macro IdFromParam * add UuidFromParam macro for UUIDs * add macros to Docker build Co-authored-by: dfunkt <dfunkt@users.noreply.github.com> --------- Co-authored-by: dfunkt <dfunkt@users.noreply.github.com>
2025-01-09 18:37:23 +01:00
"derive_more",
Project renaming
2021-04-27 23:18:32 +02:00
"diesel",
rename membership and adopt newtype pattern (#5320) * rename membership rename UserOrganization to Membership to clarify the relation and prevent confusion whether something refers to a member(ship) or user * use newtype pattern * implement custom derive macro IdFromParam * add UuidFromParam macro for UUIDs * add macros to Docker build Co-authored-by: dfunkt <dfunkt@users.noreply.github.com> --------- Co-authored-by: dfunkt <dfunkt@users.noreply.github.com>
2025-01-09 18:37:23 +01:00
"diesel-derive-newtype",
Add dev-only query logging support This PR adds query logging support as an optional feature. It is only allowed during development/debug builds, and will abort when used during a `--release` build. For this feature to be fully activated you also need to se an environment variable `QUERY_LOGGER=1` to activate the debug log-level for this crate, else there will be no output. The reason for this PR is that sometimes it is useful to be able to see the generated queries, like when debugging an issue, or trying to optimize a query. Currently i always added this code when needed, but having this a part of the code could benifit other developers too who maybe need this.
2022-12-03 18:25:59 +01:00
"diesel_logger",
Project renaming
2021-04-27 23:18:32 +02:00
"diesel_migrations",
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
"dotenvy",
validate billing_email on save
2022-10-25 22:21:22 +02:00
"email_address",
Project renaming
2021-04-27 23:18:32 +02:00
"fern",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"futures",
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
"governor",
Add dynamic CSS support (#4940) * Add dynamic CSS support Together with https://github.com/dani-garcia/bw_web_builds/pull/180 this PR will add support for dynamic CSS changes. For example, we could hide the register link if signups are not allowed. In the future show or hide the SSO button depending on if it is enabled or not. There also is a special `user.vaultwarden.scss` file so that users can add custom CSS without the need to modify the default (static) changes. This will prevent future changes from not being applied and still have the custom user changes to be added. Also added a special redirect when someone goes directly to `/index.html` as that might cause issues with loading other scripts and files. Signed-off-by: BlackDex <black.dex@gmail.com> * Add versions and fallback to built-in - Add both Vaultwarden and web-vault versions to the css_options. - Fallback to the inner templates if rendering or compiling the scss fails. This ensures the basics are always working even if someone breaks the templates. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix fallback code to actually work The fallback now works by using an alternative `reg!` macro. This adds an extra template register which prefixes the template with `fallback_`. Signed-off-by: BlackDex <black.dex@gmail.com> * Updated the wiki link in the user template --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-11 20:14:04 +01:00
"grass_compiler",
Project renaming
2021-04-27 23:18:32 +02:00
"handlebars",
Implement custom DNS resolver (#3988)
2024-04-27 20:25:34 +02:00
"hickory-resolver",
Favicon, SMTP and misc updates Favicon: - Replaced HTML tokenizer, much faster now. - Caching the domain blacklist function. - Almost all functions are async now. - Fixed bug on minimizing data to parse - Changed maximum icon download size to 5MB to match Bitwarden - Added `apple-touch-icon.png` as a second fallback besides `favicon.ico` SMTP: - Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY Misc: - Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283) - Updated Javscript and CSS files for admin interface - Fixed an issue with the /admin interface which did not cleared the login cookie correctly - Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import. This is also the same as Bitwarden which does not trigger this refresh via websockets. Rust: - Updated to use v1.59 - Use the new `strip` option and enabled to strip `debuginfo` - Enabled `lto` with `thin` - Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-22 20:48:00 +01:00
"html5gum",
Move to job_scheduler_ng
2022-05-20 21:10:52 +02:00
"job_scheduler_ng",
Project renaming
2021-04-27 23:18:32 +02:00
"jsonwebtoken",
"lettre",
"libsqlite3-sys",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
rename membership and adopt newtype pattern (#5320) * rename membership rename UserOrganization to Membership to clarify the relation and prevent confusion whether something refers to a member(ship) or user * use newtype pattern * implement custom derive macro IdFromParam * add UuidFromParam macro for UUIDs * add macros to Docker build Co-authored-by: dfunkt <dfunkt@users.noreply.github.com> --------- Co-authored-by: dfunkt <dfunkt@users.noreply.github.com>
2025-01-09 18:37:23 +01:00
"macros",
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
"mimalloc",
Project renaming
2021-04-27 23:18:32 +02:00
"num-derive",
"num-traits",
"once_cell",
"openssl",
"paste",
Update to diesel2
2022-05-20 23:39:47 +02:00
"percent-encoding",
Project renaming
2021-04-27 23:18:32 +02:00
"pico-args",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"rand",
Project renaming
2021-04-27 23:18:32 +02:00
"regex",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"reqwest",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"ring",
Project renaming
2021-04-27 23:18:32 +02:00
"rmpv",
"rocket",
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
"rocket_ws",
Admin token Argon2 hashing support Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash.
2023-02-28 23:09:51 +01:00
"rpassword",
Support Org Export for v2022.11 clients Since v2022.9.x the org export uses a different endpoint. But, since v2022.11.x this endpoint will return a different format. See: https://github.com/bitwarden/clients/pull/3641 and https://github.com/bitwarden/server/pull/2316 To support both version in the case of users having an older client either web-vault or cli this PR checks the version and responds using the correct format. If no version can be determined it will use the new format as a default.
2022-11-07 17:13:34 +01:00
"semver",
Project renaming
2021-04-27 23:18:32 +02:00
"serde",
"serde_json",
"syslog",
Update to diesel2
2022-05-20 23:39:47 +02:00
"time",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"tokio",
Dependency updates Updated several dependencies and switch to different totp library. - Switch oath with totp-lite oauth hasn't been updated in a long while and some dependencies could not be updated any more It now also validates a preseeding 0, as the previous library returned an int instead of a str which stripped a leading 0 - Updated rust to the current latest nightly (including build image) - Updated bootstrap css and js - Updated hadolint to latest version - Updated default rust image from v1.53 to v1.54 - Updated new nightly build/clippy messages
2021-08-22 13:46:48 +02:00
"totp-lite",
Project renaming
2021-04-27 23:18:32 +02:00
"tracing",
Update to diesel2
2022-05-20 23:39:47 +02:00
"url",
Project renaming
2021-04-27 23:18:32 +02:00
"uuid",
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
"webauthn-rs",
check if SENDMAIL_COMMAND is valid using 'which' crate
2023-01-25 22:54:50 +01:00
"which",
Project renaming
2021-04-27 23:18:32 +02:00
"yubico",
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "vcpkg"
Update webauthn-rs crate to upstream version
2021-06-19 21:25:55 +02:00
version = "0.2.15"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update webauthn-rs crate to upstream version
2021-06-19 21:25:55 +02:00
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
First working version
2018-02-10 01:00:55 +01:00
Update rocket to latest master Downgrade rust version to fix cargo issue Set rustup profile to minimal
2019-10-24 23:21:04 +02:00
[[package]]
name = "version_check"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
version = "0.9.5"
Update rocket to latest master Downgrade rust version to fix cargo issue Set rustup profile to minimal
2019-10-24 23:21:04 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
Update rocket to latest master Downgrade rust version to fix cargo issue Set rustup profile to minimal
2019-10-24 23:21:04 +02:00
Update rocket to 0.3.11
2018-05-21 13:20:34 +01:00
[[package]]
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
name = "walkdir"
Update crates
2024-03-17 14:25:49 +01:00
version = "2.5.0"
Update rocket to 0.3.11
2018-05-21 13:20:34 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates
2024-03-17 14:25:49 +01:00
checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
Update rocket to 0.3.11
2018-05-21 13:20:34 +01:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"same-file",
"winapi-util",
Update rocket to 0.3.11
2018-05-21 13:20:34 +01:00
]
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "want"
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
version = "0.3.1"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
"try-lock",
]
Several updates and fixes - Removed all `thread::sleep` and use `tokio::time::sleep` now. This solves an issue with updating to Bullseye ( Resolves #1998 ) - Updated all Debian images to Bullseye - Added MiMalloc feature and enabled it by default for Alpine based images This increases performance for the Alpine images because the default memory allocator for MUSL based binaries isn't that fast - Updated `dotenv` to `dotenvy` a maintained and updated fork - Fixed an issue with a newer jslib (not fully released yet) That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
[[package]]
name = "wasi"
version = "0.11.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "wasm-bindgen"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.2.100"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
"once_cell",
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
"rustversion",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"wasm-bindgen-macro",
]
[[package]]
name = "wasm-bindgen-backend"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.2.100"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
"bumpalo",
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"log",
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-futures"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.4.50"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "555d470ec0bc3bb57890405e5d4322cc9ea83cebb085523ced7be4144dac1e61"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"cfg-if",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"js-sys",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"once_cell",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"wasm-bindgen",
"web-sys",
]
[[package]]
name = "wasm-bindgen-macro"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.2.100"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"quote",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"wasm-bindgen-macro-support",
]
[[package]]
name = "wasm-bindgen-macro-support"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.2.100"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2021-11-07 18:53:39 +01:00
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-shared"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.2.100"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d"
dependencies = [
"unicode-ident",
]
Updated dependencies and Dockerfiles - Updated crates - Updated rust-toolchain - Updated Dockerfile to use latest rust 1.48 version - Updated AMD64 Alpine to use same version as rust-toolchain and support PostgreSQL. - Updated Rocket to the commit right before they updated hyper. Until that update there were some crates updated and some small fixes. After that build fails and we probably need to make some changes (which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
Updated web vault to 2023.1.1 and rust dependencies
2023-01-24 20:39:09 +01:00
[[package]]
name = "wasm-streams"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
version = "0.4.2"
Updated web vault to 2023.1.1 and rust dependencies
2023-01-24 20:39:09 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix several issues Signed-off-by: BlackDex <black.dex@gmail.com>
2024-11-09 19:58:10 +01:00
checksum = "15053d8d85c7eccdbefef60f06769760a563c7f0a9d6902a13d35c7800b0ad65"
Updated web vault to 2023.1.1 and rust dependencies
2023-01-24 20:39:09 +01:00
dependencies = [
"futures-util",
"js-sys",
"wasm-bindgen",
"wasm-bindgen-futures",
"web-sys",
]
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
[[package]]
name = "web-sys"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.3.77"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "33b6dd2ef9186f1f2072e409e99cd22a975331a6b3591b12c764e0e55c60d5d2"
Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
dependencies = [
"js-sys",
"wasm-bindgen",
]
Update crates & fix crate vulnerability (#4771) - fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 01:26:39 +03:00
[[package]]
name = "web-time"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb"
dependencies = [
"js-sys",
"wasm-bindgen",
]
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
[[package]]
name = "webauthn-rs"
Dependency updates
2022-01-30 22:24:42 +01:00
version = "0.3.2"
Fix WebAuthn issues and some small updates - Updated some packages - Updated code related to package updates. - Disabled User Verification enforcement when WebAuthn Key sends UV=1 This makes it compatible with upstream and resolves #1840 - Fixed a bug where removing an individual WebAuthn key deleted the wrong key.
2021-07-25 14:49:55 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Dependency updates
2022-01-30 22:24:42 +01:00
checksum = "90b266eccb4b32595876f5c73ea443b0516da0b1df72ca07bc08ed9ba7f96ec1"
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
dependencies = [
Update dependencies and MSRV - Updated dependencies. This includes a janked openssl crate version we currently use. - Updated MSRV to v1.61.0 because hashbrown/cached has this version restriction.
2023-01-09 16:49:26 +01:00
"base64 0.13.1",
Improve sync speed and updated dep. versions Improved sync speed by resolving the N+1 query issues. Solves #1402 and Solves #1453 With this change there is just one query done to retreive all the important data, and matching is done in-code/memory. With a very large database the sync time went down about 3 times. Also updated misc crates and Github Actions versions.
2022-05-04 21:13:05 +02:00
"nom",
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
"openssl",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"rand",
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
"serde",
"serde_cbor",
"serde_derive",
"serde_json",
Update crates (#5268) - fixes CVE-2024-12224
2024-12-10 18:59:28 +02:00
"thiserror 1.0.69",
Support all DB's for Alpine and Debian - Using my own rust-musl build containers we now support all database types for both Debian and Alpine. - Added new Alpine containers for armv6 and arm64/aarch64 - The Debian builds can also be done wihout dpkg magic stuff, probably some fixes in Rust regarding linking (Or maybe OpenSSL or Diesel), in any case, it works now without hacking dpkg and apt. - Updated toolchain and crates
2021-12-26 12:40:12 +01:00
"tracing",
Update to diesel2
2022-05-20 23:39:47 +02:00
"url",
Support for webauthn and u2f->webauthn migrations
2021-06-07 23:34:00 +02:00
]
check if SENDMAIL_COMMAND is valid using 'which' crate
2023-01-25 22:54:50 +01:00
[[package]]
name = "which"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
version = "7.0.1"
check if SENDMAIL_COMMAND is valid using 'which' crate
2023-01-25 22:54:50 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
checksum = "fb4a9e33648339dc1642b0e36e21b3385e6148e289226f657c809dee59df5028"
check if SENDMAIL_COMMAND is valid using 'which' crate
2023-01-25 22:54:50 +01:00
dependencies = [
"either",
Update crates and GHA (#5346) - Updated crates to the latest version - Updated GitHub Actions to the latest version Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-04 19:02:15 +01:00
"env_home",
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
"rustix",
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
"winsafe",
check if SENDMAIL_COMMAND is valid using 'which' crate
2023-01-25 22:54:50 +01:00
]
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
[[package]]
name = "widestring"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
version = "1.1.0"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
checksum = "7219d36b6eac893fa81e84ebe06485e7dcbb616177469b142df14f1f4deb1311"
Enabled trust-dns and some updates. - Enabled trust-dns feature which seems to help a bit when DNS is causing long timeouts. Though in the blocking version it is less visible then on the async branch. - Updated crates - Removed some redundant code - Updated javascript/css libraries Resolves #2118 Resolves #2119
2021-11-28 13:02:27 +01:00
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "winapi"
Updated dependencies ans web vault version
2020-07-05 01:38:16 +02:00
version = "0.3.9"
First working version
2018-02-10 01:00:55 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Updated dependencies ans web vault version
2020-07-05 01:38:16 +02:00
checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
First working version
2018-02-10 01:00:55 +01:00
dependencies = [
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"winapi-i686-pc-windows-gnu",
"winapi-x86_64-pc-windows-gnu",
First working version
2018-02-10 01:00:55 +01:00
]
[[package]]
name = "winapi-i686-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
First working version
2018-02-10 01:00:55 +01:00
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
[[package]]
name = "winapi-util"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
version = "0.1.9"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
dependencies = [
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
"windows-sys 0.59.0",
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
]
First working version
2018-02-10 01:00:55 +01:00
[[package]]
name = "winapi-x86_64-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
First working version
2018-02-10 01:00:55 +01:00
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
[[package]]
name = "windows"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
version = "0.48.0"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f"
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
dependencies = [
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"windows-targets 0.48.5",
Update web vault to v2023.3.0 and dependencies
2023-03-22 21:30:07 +01:00
]
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
[[package]]
name = "windows"
version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be"
dependencies = [
"windows-core",
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
"windows-targets 0.52.6",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
]
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
[[package]]
name = "windows-core"
Update crates and fix icon issue (#4237) - Fix icon download issue by removing the deflate feature - Updated all the crates - Updated Handlebars code Fixes #4224
2024-01-12 20:44:37 +01:00
version = "0.52.0"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and fix icon issue (#4237) - Fix icon download issue by removing the deflate feature - Updated all the crates - Updated Handlebars code Fixes #4224
2024-01-12 20:44:37 +01:00
checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
dependencies = [
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
"windows-targets 0.52.6",
Container building changes (#3958) * WIP: Container building changes * Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier * Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. * Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
]
Update crates (GHSA-wq9x-qwcq-mmgf) (#4889) - Updated crates - Fixed MSRV to actually be N-2 - Changed some features to use the `dep:` prefix. This is needed for edition-2024 anyway although that will be a while before we can use that. Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-23 22:06:11 +02:00
[[package]]
name = "windows-registry"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e400001bb720a623c1c69032f8e3e4cf09984deec740f007dd2b03ec864804b0"
dependencies = [
"windows-result",
"windows-strings",
"windows-targets 0.52.6",
]
[[package]]
name = "windows-result"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e"
dependencies = [
"windows-targets 0.52.6",
]
[[package]]
name = "windows-strings"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10"
dependencies = [
"windows-result",
"windows-targets 0.52.6",
]
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "windows-sys"
version = "0.48.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
dependencies = [
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"windows-targets 0.48.5",
]
[[package]]
name = "windows-sys"
version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
dependencies = [
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
"windows-targets 0.52.6",
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
]
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
[[package]]
name = "windows-sys"
version = "0.59.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
dependencies = [
"windows-targets 0.52.6",
]
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "windows-targets"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
version = "0.48.5"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
dependencies = [
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"windows_aarch64_gnullvm 0.48.5",
"windows_aarch64_msvc 0.48.5",
"windows_i686_gnu 0.48.5",
"windows_i686_msvc 0.48.5",
"windows_x86_64_gnu 0.48.5",
"windows_x86_64_gnullvm 0.48.5",
"windows_x86_64_msvc 0.48.5",
]
[[package]]
name = "windows-targets"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.52.6"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
dependencies = [
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
"windows_aarch64_gnullvm 0.52.6",
"windows_aarch64_msvc 0.52.6",
"windows_i686_gnu 0.52.6",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"windows_i686_gnullvm",
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
"windows_i686_msvc 0.52.6",
"windows_x86_64_gnu 0.52.6",
"windows_x86_64_gnullvm 0.52.6",
"windows_x86_64_msvc 0.52.6",
Updated Rust and crates - Updated Rust to v1.67.0 - Updated all crates except for `cookies` and `webauthn`
2023-02-08 17:13:14 +01:00
]
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "windows_aarch64_gnullvm"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
version = "0.48.5"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
[[package]]
name = "windows_aarch64_gnullvm"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.52.6"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "windows_aarch64_msvc"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
version = "0.48.5"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
[[package]]
name = "windows_aarch64_msvc"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.52.6"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "windows_i686_gnu"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
version = "0.48.5"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
[[package]]
name = "windows_i686_gnu"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.52.6"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
[[package]]
name = "windows_i686_gnullvm"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.52.6"
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "windows_i686_msvc"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
version = "0.48.5"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
[[package]]
name = "windows_i686_msvc"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.52.6"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "windows_x86_64_gnu"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
version = "0.48.5"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
[[package]]
name = "windows_x86_64_gnu"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.52.6"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "windows_x86_64_gnullvm"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
version = "0.48.5"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
[[package]]
name = "windows_x86_64_gnullvm"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.52.6"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
[[package]]
name = "windows_x86_64_msvc"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
version = "0.48.5"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and Crates - Updated Rust to v1.72.0 - Updated all the crates Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21 - Updated GitHub Workflows - Run `cargo fmt` which has some new fmt's - Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-28 16:48:42 +02:00
checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
WebSockets via Rocket's Upgrade connection This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections. No more need for multiple ports to be opened for Vaultwarden. No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy). - Using a git revision for Rocket, since `rocket_ws` is not yet released. - Updated other crates as well. - Added a connection guard to clear the WS connection from the Users list. Fixes #685 Fixes #2917 Fixes #1424
2023-03-30 17:18:59 +02:00
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
[[package]]
name = "windows_x86_64_msvc"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.52.6"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
[[package]]
name = "winnow"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
version = "0.6.24"
Update crates, GHA and a Python/JS scripts (#4357) - Update all crates - Update GHA - Update Global Domains script to use main instead of master Also fixed some Python linting warnings - Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Org fixes (#5438) * Security fixes for admin and sendmail Because the Vaultwarden Admin Backend endpoints did not validated the Content-Type during a request, it was possible to update settings via CSRF. But, this was only possible if there was no `ADMIN_TOKEN` set at all. To make sure these environments are also safe I added the needed content-type checks at the functions. This could cause some users who have scripts which uses cURL for example to adjust there commands to provide the correct headers. By using a crafted favicon and having access to the Admin Backend an attacker could run custom commands on the host/container where Vaultwarden is running on. The main issue here is that we allowed the sendmail binary name/path to be changed. To mitigate this we removed this configuration item and only then `sendmail` binary as a name can be used. This could cause some issues where the `sendmail` binary is not in the `$PATH` and thus not able to be started. In these cases the admins should make sure `$PATH` is set correctly or create a custom shell script or symlink at a location which is in the `$PATH`. Added an extra security header and adjusted the CSP to be more strict by setting `default-src` to `none` and added the needed missing specific policies. Also created a general email validation function which does some more checking to catch invalid email address not found by the email_address crate. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix security issue with organizationId validation Because of a invalid check/validation of the OrganizationId which most of the time is located in the path but sometimes provided as a URL Parameter, the parameter overruled the path ID during the Guard checks. This resulted in someone being able to execute commands as an Admin or Owner of the OrganizationId fetched from the parameter, but the API endpoints then used the OrganizationId located in the path instead. This commit fixes the extraction of the OrganizationId in the Guard and also added some extra validations of this OrgId in several functions. Also added an extra `OrgMemberHeaders` which can be used to only allow access to organization endpoints which should only be accessible by members of that org. Signed-off-by: BlackDex <black.dex@gmail.com> * Update server version in config endpoint Updated the server version reported to the clients to `2025.1.0`. This should make Vaultwarden future proof for the newer clients released by Bitwarden. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix and adjust build workflow The build workflow had an issue with some `if` checks. For one they had two `$` signs, and it is not recommended to use `always()` since canceling a workflow does not cancel those calls. Using `!cancelled()` is the preferred way. Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Allow sendmail to be configurable This reverts a previous change which removed the sendmail to be configurable. We now set the config to be read-only, and omit all read-only values from being stored during a save action from the admin interface. Signed-off-by: BlackDex <black.dex@gmail.com> * Add more org_id checks Added more org_id checks at all functions which use the org_id in there path. Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-01-25 01:32:09 +01:00
checksum = "c8d71a593cc5c42ad7876e2c1fda56f314f3754c084128833e64f1345ff8a03a"
Update crates and GH Workflow - Updated crates - Updated GHA where needed
2023-05-26 14:53:13 +02:00
dependencies = [
"memchr",
]
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
[[package]]
name = "winreg"
version = "0.50.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1"
dependencies = [
"cfg-if",
Update Rust, Crates, Profile and Actions (#4126) - Updated Rust to v1.74.0 - Updated all crates (where possible) - Changed release profile to use * fat lto * 1 codegen-unit This should optimize a bit for speed and a lot for size ~15MB smaller - Updated Github actions to use caching for the bake process - Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images - During the release action, the Alpine/static binaries are added as artifects. Later we could also automatically add them to the releases maybe. - Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
"windows-sys 0.48.0",
Update crates and workflow - Updated all the crates - Updated workflow actions - Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
]
Update crates and some Clippy fixes (#4475) - Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
[[package]]
name = "winsafe"
version = "0.0.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d135d17ab770252ad95e9a872d365cf3090e3be864a34ab46f48555993efc904"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
name = "write16"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936"
[[package]]
name = "writeable"
version = "0.5.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
[[package]]
name = "yansi"
Update crates
2024-03-17 14:25:49 +01:00
version = "1.0.1"
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates
2024-03-17 14:25:49 +01:00
checksum = "cfe53a6657fd280eaa890a3bc59152892ffa3e30101319d168b781ed6529b049"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
dependencies = [
"is-terminal",
]
Update images to Bookworm and PQ15 This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15. The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm. Also: - Enabled spares crate registry - Updated workflow actions - Updated Rust to v1.71.0 - The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher. The 64bit arch's already used musl v1.2.3. - Updated crates. Improves / Closes #3434
2023-06-11 18:11:09 +02:00
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
name = "yoke"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.7.5"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
dependencies = [
"serde",
"stable_deref_trait",
"yoke-derive",
"zerofrom",
]
[[package]]
name = "yoke-derive"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.7.5"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
dependencies = [
"proc-macro2",
"quote",
"syn",
"synstructure",
]
Adds yubico-rs library dep
2018-11-15 18:34:17 -07:00
[[package]]
name = "yubico"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.12.0"
source = "git+https://github.com/BlackDex/yubico-rs?rev=00df14811f58155c0f02e3ab10f1570ed3e115c6#00df14811f58155c0f02e3ab10f1570ed3e115c6"
Adds yubico-rs library dep
2018-11-15 18:34:17 -07:00
dependencies = [
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"base64 0.22.1",
Dependency updates
2022-05-11 22:03:07 +02:00
"form_urlencoded",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"futures",
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies
2022-05-20 20:37:32 +02:00
"hmac",
"rand",
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
"reqwest",
Updated deps and misc fixes and updates - Updated some Rust dependencies - Fixed an issue with CSP header, this was not configured correctly - Prevent sending CSP and Frame headers for the MFA connector.html files. Else some clients will fail to handle these protocols. - Add `unsafe-inline` for `script-src` only to the CSP for the Admin Interface - Updated JavaScript and CSS files for the Admin interface - Changed the layout for showing overridden settings, better visible now. - Made the version check cachable to prevent hitting the Github API rate limits - Hide the `database_url` as if it is a password in the Admin Interface Else for MariaDB/MySQL or PostgreSQL this was plain text. - Fixed an issue that pressing enter on the SMTP Test would save the config. resolves #2542 - Prevent user names larger then 50 characters resolves #2419
2022-06-08 19:46:33 +02:00
"sha1",
Convert email domains to punycode
2020-01-30 22:11:53 +01:00
"threadpool",
]
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
[[package]]
name = "zerocopy"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.7.35"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
dependencies = [
Update crates, web-vault and fixes (#4823) * Update crates, web-vault and fixes - Updated crates - Updated web-vault to v2024.6.2 This version is currently the latest version compatible with our API implementation. For newer versions we need more code updates to make it compatible. Thanks to @stefan0xC this version fixes #4628 - Added a small fix to prevent errors in the Vaultwarden and Client logs. The v2024.6.2 web-vault calls an endpoint with invalid arguments. If this happens we ignore the call and just return an Ok. - Added the bulk-collection endpoint (Though not yet available in v2024.6.2) Fixes #4628 * Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
"byteorder",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
"zerocopy-derive",
]
[[package]]
name = "zerocopy-derive"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
version = "0.7.35"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update crates and web-vault (#4714) - Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
dependencies = [
"proc-macro2",
"quote",
Update Crate and Rust (#4522) * Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
2024-04-27 00:53:42 +02:00
"syn",
Update crates (#4074) * Remove another header for websocket connections * Fix small bake issue * Update crates Updated crates and adjusted code where needed. One major update is Rocket rc4, no need anymore (again) for crates.io patching. The only item still pending is openssl/openssl-sys for which we need to wait if https://github.com/sfackler/rust-openssl/pull/2094 will be merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
]
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
name = "zerofrom"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.1.5"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
dependencies = [
"zerofrom-derive",
]
[[package]]
name = "zerofrom-derive"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
version = "0.1.5"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
source = "registry+https://github.com/rust-lang/crates.io-index"
Update Rust and crates (#5248) * Update Rust and crates - Updated Rust to v1.83.0 - Updated MSRV to v1.82.0 (Needed for html5gum crate) - Updated icon fetching code to match new html5gum version - Updated workflows - Enabled edition 2024 clippy lints Nightly reports some clippy hints, but that would be too much to change in this PR i think. Signed-off-by: BlackDex <black.dex@gmail.com> * Some additional updates - Patch fern to allow syslog-7 feature - Fixed diesel logger which was broken because of the sqlite backup feature Refactored the sqlite backup because of this - Added a build workflow test to include the query_logger feature Signed-off-by: BlackDex <black.dex@gmail.com> * Also patch yubico-rs and latest updates Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2024-12-05 22:10:59 +01:00
checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
dependencies = [
"proc-macro2",
"quote",
"syn",
"synstructure",
]
Update crates, web-vault and GHA (#4648) - Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
[[package]]
name = "zeroize"
version = "1.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
Update Rust version & crates (#4928)
2024-09-07 11:39:29 +03:00
[[package]]
name = "zerovec"
version = "0.10.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079"
dependencies = [
"yoke",
"zerofrom",
"zerovec-derive",
]
[[package]]
name = "zerovec-derive"
version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
Reference in New Issue Copy Permalink