Add audit output files and update dependencies

- Created new output files for OpenID build and deny logs. - Added JSON and text output for reqwest tree post native. - Implemented upgrade logs and error handling for build and deny processes. - Updated webauthn and webpki dependency trees in respective output files. - Addressed license rejection issues in upgrade process. - Included error logs for webauthn search and webpki tree post native.
2 months ago · 2e6b09293e
45 changed files with 1055 additions and 29 deletions
--- a/docker/audit/exp/patch_and_run.sh
+++ b/docker/audit/exp/patch_and_run.sh
@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Safe copy of workspace
+cp -a /workspace /tmp/wrk_copy
+cd /tmp/wrk_copy
+
+# Try bumping webauthn-rs to 0.6 in the copy (non-destructive)
+perl -0777 -pe 's/webauthn-rs\s*=\s*"[^"]+"/webauthn-rs = "0.6"/g' -i Cargo.toml || true
+
+# Attempt to update that package only
+/usr/local/cargo/bin/cargo update -p webauthn-rs || true
+
+# Run cargo-deny licenses check and capture outputs
+/usr/local/cargo/bin/cargo deny --manifest-path Cargo.toml --format json check licenses > /tmp/deny_licenses.json 2>/tmp/deny_licenses.err || true
+
+# Record done marker
+echo done > /tmp/exp.done
--- a/docker/audit/exp/reqwest_native_exp.sh
+++ b/docker/audit/exp/reqwest_native_exp.sh
@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+cp -a /workspace /tmp/wrk_req
+cd /tmp/wrk_req
+
+# Replace rustls features to prefer native-tls in reqwest (simple approach editing Cargo.toml)
+perl -0777 -pe 's/reqwest\s*=\s*"[^"]+"/reqwest = "0.12.24"/g' -i Cargo.toml || true
+# Remove rustls-tls feature and add tls = "native-tls" where features are specified
+perl -0777 -pe 's/rustls-tls/native-tls/g' -i Cargo.toml || true
+
+# Attempt to update reqwest and run cargo-deny licenses in the copied workspace
+/usr/local/cargo/bin/cargo update -p reqwest || true
+/usr/local/cargo/bin/cargo deny --manifest-path Cargo.toml --format json check licenses > /tmp/deny_reqwest_native.json 2>/tmp/deny_reqwest_native.err || true
+
+echo done > /tmp/req_exp.done
--- a/docker/audit/output/ar_exp.done
+++ b/docker/audit/output/ar_exp.done
@ -0,0 +1 @@
+done
--- a/docker/audit/output/deny_ar_update.err
+++ b/docker/audit/output/deny_ar_update.err
@ -0,0 +1,2 @@
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:","  - OSI approved","  - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"licenses":{"errors":1,"helps":536,"notes":0,"warnings":0}},"type":"summary"}
--- a/docker/audit/output/deny_ar_update.json
+++ b/docker/audit/output/deny_ar_update.json
--- a/docker/audit/output/deny_let_update.err
+++ b/docker/audit/output/deny_let_update.err
@ -0,0 +1 @@
+{"fields":{"licenses":{"errors":0,"helps":537,"notes":0,"warnings":0}},"type":"summary"}
--- a/docker/audit/output/deny_let_update.json
+++ b/docker/audit/output/deny_let_update.json
--- a/docker/audit/output/deny_licenses.err
+++ b/docker/audit/output/deny_licenses.err
@ -0,0 +1,2 @@
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:","  - OSI approved","  - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"licenses":{"errors":1,"helps":536,"notes":0,"warnings":0}},"type":"summary"}
--- a/docker/audit/output/deny_licenses.json
+++ b/docker/audit/output/deny_licenses.json
--- a/docker/audit/output/deny_licenses_exp.err
+++ b/docker/audit/output/deny_licenses_exp.err
@ -0,0 +1,8 @@
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:","  - OSI approved","  - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"base64urlsafedata","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true}]}]}],"labels":[{"column":12,"line":35,"message":"","span":"MPL-2.0"},{"column":12,"line":35,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":30,"message":"","span":"MPL-2.0"},{"column":12,"line":30,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}],"labels":[{"column":12,"line":39,"message":"","span":"MPL-2.0"},{"column":12,"line":39,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webpki-roots","version":"1.0.3"},"parents":[{"Krate":{"name":"hyper-rustls","version":"0.27.7"},"parents":[{"Krate":{"name":"reqwest","version":"0.12.24"},"parents":[{"Krate":{"name":"oauth2","version":"5.0.0"},"parents":[{"Krate":{"name":"openidconnect","version":"4.0.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]},{"Krate":{"name":"opendal","version":"0.54.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]},{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"yubico_ng","version":"0.14.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"reqwest","version":"0.12.24"},"repeat":true}]}],"labels":[{"column":12,"line":26,"message":"","span":"CDLA-Permissive-2.0"},{"column":12,"line":26,"message":"rejected: license is not explicitly allowed","span":"CDLA-Permissive-2.0"}],"message":"failed to satisfy license requirements","notes":["CDLA-Permissive-2.0 - Community Data License Agreement Permissive 2.0:","  - No additional metadata available for license"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"licenses":{"errors":7,"helps":530,"notes":0,"warnings":0}},"type":"summary"}
--- a/docker/audit/output/deny_licenses_exp.json
+++ b/docker/audit/output/deny_licenses_exp.json
--- a/docker/audit/output/deny_reqwest_native.err
+++ b/docker/audit/output/deny_reqwest_native.err
@ -0,0 +1,2 @@
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:","  - OSI approved","  - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"licenses":{"errors":1,"helps":536,"notes":0,"warnings":0}},"type":"summary"}
--- a/docker/audit/output/deny_reqwest_native.json
+++ b/docker/audit/output/deny_reqwest_native.json
--- a/docker/audit/output/deny_with_allow.done
+++ b/docker/audit/output/deny_with_allow.done
@ -0,0 +1 @@
+done
--- a/docker/audit/output/deny_with_allow.err
+++ b/docker/audit/output/deny_with_allow.err
@ -0,0 +1 @@
+{"fields":{"licenses":{"errors":0,"helps":537,"notes":0,"warnings":0}},"type":"summary"}
--- a/docker/audit/output/deny_with_allow.json
+++ b/docker/audit/output/deny_with_allow.json
--- a/docker/audit/output/exp.done
+++ b/docker/audit/output/exp.done
@ -0,0 +1 @@
+done
--- a/docker/audit/output/let_exp.done
+++ b/docker/audit/output/let_exp.done
@ -0,0 +1 @@
+done
--- a/docker/audit/output/metadata.err
+++ b/docker/audit/output/metadata.err
@ -0,0 +1,6 @@
+info: syncing channel updates for '1.91.0-x86_64-unknown-linux-gnu'
+info: latest update on 2025-10-30, rust version 1.91.0 (f8297e351 2025-10-28)
+info: downloading component 'clippy'
+info: downloading component 'rustfmt'
+info: installing component 'clippy'
+info: installing component 'rustfmt'
--- a/docker/audit/output/metadata.json
+++ b/docker/audit/output/metadata.json
--- a/docker/audit/output/native.done
+++ b/docker/audit/output/native.done
@ -0,0 +1 @@
+done
--- a/docker/audit/output/native.log
+++ b/docker/audit/output/native.log
@ -0,0 +1,2 @@
+starting native-tls experiment
+cargo update done
--- a/docker/audit/output/native_build.err
+++ b/docker/audit/output/native_build.err
@ -0,0 +1,305 @@
+ Downloading crates ...
+  Downloaded foreign-types v0.3.2
+  Downloaded darling_macro v0.20.11
+  Downloaded alloc-stdlib v0.2.2
+  Downloaded base64urlsafedata v0.5.3
+  Downloaded asn1-rs-impl v0.2.0
+  Downloaded alloc-no-stdlib v2.0.4
+  Downloaded event-listener-strategy v0.5.4
+  Downloaded async-stream-impl v0.3.6
+  Downloaded email-encoding v0.4.1
+  Downloaded futures-timer v3.0.3
+  Downloaded devise_codegen v0.4.2
+  Downloaded dsl_auto_type v0.2.0
+  Downloaded event-listener v2.5.3
+  Downloaded dyn-clone v1.0.20
+  Downloaded futures-executor v0.3.31
+  Downloaded hyper-tls v0.6.0
+  Downloaded group v0.13.0
+  Downloaded hostname v0.4.1
+  Downloaded futures-macro v0.3.31
+  Downloaded rand_core v0.6.4
+  Downloaded data-url v0.3.2
+  Downloaded dashmap v5.5.3
+  Downloaded rand_chacha v0.3.1
+  Downloaded blake2 v0.10.6
+  Downloaded futures v0.3.31
+  Downloaded hmac v0.12.1
+  Downloaded cookie v0.18.1
+  Downloaded base64 v0.21.7
+  Downloaded iana-time-zone v0.1.64
+  Downloaded rocket_ws v0.1.1
+  Downloaded rfc6979 v0.4.0
+  Downloaded resolv-conf v0.7.5
+  Downloaded derive_more v2.0.1
+  Downloaded rustls-pemfile v1.0.4
+  Downloaded darling_core v0.21.3
+  Downloaded serde-value v0.7.0
+  Downloaded bigdecimal v0.4.9
+  Downloaded sec1 v0.7.3
+  Downloaded diesel_derives v2.3.4
+  Downloaded siphasher v1.0.1
+  Downloaded simple_asn1 v0.6.3
+  Downloaded totp-lite v2.0.1
+  Downloaded serde_with_macros v3.15.1
+  Downloaded async-std v1.13.2
+  Downloaded webauthn-attestation-ca v0.5.3
+  Downloaded webauthn-rs-proto v0.5.3
+  Downloaded webauthn-rs v0.5.3
+  Downloaded schemars v0.9.0
+  Downloaded yubico_ng v0.14.1
+  Downloaded value-bag v1.11.1
+  Downloaded rpassword v7.4.0
+  Downloaded yansi v1.0.1
+  Downloaded curve25519-dalek v4.1.3
+  Downloaded r2d2 v0.8.10
+  Downloaded pem-rfc7468 v0.7.0
+  Downloaded winnow v0.6.26
+  Downloaded rustls v0.21.12
+  Downloaded web-time v1.1.0
+  Downloaded syn v2.0.110
+  Downloaded uncased v0.9.10
+  Downloaded tagptr v0.2.0
+  Downloaded hickory-resolver v0.25.2
+  Downloaded zerocopy-derive v0.8.27
+  Downloaded x509-parser v0.16.0
+  Downloaded psm v0.1.28
+  Downloaded webauthn-rs-core v0.5.3
+  Downloaded pest_derive v2.8.3
+  Downloaded indexmap v1.9.3
+  Downloaded litrs v1.0.0
+  Downloaded vcpkg v0.2.15
+  Downloaded which v8.0.0
+  Downloaded publicsuffix v2.3.0
+  Downloaded oauth2 v5.0.0
+  Downloaded num-bigint v0.4.6
+  Downloaded grass_compiler v0.13.4
+  Downloaded pest v2.8.3
+  Downloaded num-bigint-dig v0.8.5
+  Downloaded openidconnect v4.0.1
+  Downloaded rustls-webpki v0.101.7
+  Downloaded quick-xml v0.38.3
+  Downloaded portable-atomic v1.11.1
+  Downloaded p384 v0.13.1
+  Downloaded object v0.32.2
+  Downloaded lettre v0.11.19
+  Downloaded openssl v0.10.75
+  Downloaded moka v0.12.11
+  Downloaded hyper v0.14.32
+  Downloaded hickory-proto v0.25.2
+  Downloaded itertools v0.10.5
+  Downloaded nom v8.0.0
+  Downloaded nom v7.1.3
+  Downloaded libm v0.2.15
+  Downloaded minimal-lexical v0.2.1
+  Downloaded hkdf v0.12.4
+  Downloaded governor v0.10.1
+  Downloaded lasso v0.7.3
+  Downloaded hashbrown v0.14.5
+  Downloaded p256 v0.13.2
+  Downloaded mini-moka v0.10.3
+  Downloaded jsonwebtoken v9.3.1
+  Downloaded hashbrown v0.12.3
+  Downloaded ucd-trie v0.1.7
+  Downloaded polling v3.11.0
+  Downloaded num-modular v0.6.1
+  Downloaded native-tls v0.2.14
+  Downloaded pest_generator v2.8.3
+  Downloaded openssl-sys v0.9.111
+  Downloaded chrono-tz v0.10.4
+  Downloaded brotli v8.0.2
+  Downloaded http v0.2.12
+  Downloaded html5gum v0.8.0
+  Downloaded handlebars v6.3.2
+  Downloaded pkcs8 v0.10.2
+  Downloaded pkcs1 v0.7.5
+  Downloaded pest_meta v2.8.3
+  Downloaded num-order v1.2.0
+  Downloaded opendal v0.54.1
+  Downloaded multer v3.1.0
+  Downloaded diesel v2.3.3
+  Downloaded jetscii v0.5.3
+  Downloaded thiserror-impl v1.0.69
+  Downloaded thiserror v1.0.69
+  Downloaded quoted_printable v0.5.1
+  Downloaded pico-args v0.5.0
+  Downloaded phf_shared v0.11.3
+  Downloaded phf_generator v0.11.3
+  Downloaded phf v0.11.3
+  Downloaded pear v0.2.9
+  Downloaded oid-registry v0.7.1
+  Downloaded num_cpus v1.17.0
+  Downloaded num-iter v0.1.45
+  Downloaded num-integer v0.1.46
+  Downloaded num-derive v0.4.2
+  Downloaded migrations_macros v2.3.0
+  Downloaded md-5 v0.10.6
+  Downloaded kv-log-macro v1.0.7
+  Downloaded job_scheduler_ng v2.4.0
+  Downloaded rocket v0.5.1
+  Downloaded primeorder v0.13.6
+  Downloaded phf_macros v0.11.3
+  Downloaded phf v0.12.1
+  Downloaded pem v3.0.6
+  Downloaded nonzero_ext v0.3.0
+  Downloaded serde_with v3.15.1
+  Downloaded proc-macro2-diagnostics v0.10.1
+  Downloaded chrono v0.4.42
+  Downloaded half v2.7.1
+  Downloaded rocket_codegen v0.5.1
+  Downloaded raw-cpuid v11.6.0
+  Downloaded uuid v1.18.1
+  Downloaded tungstenite v0.21.0
+  Downloaded schemars v1.1.0
+  Downloaded brotli-decompressor v5.0.0
+  Downloaded xml-rs v0.8.28
+  Downloaded tokio-tungstenite v0.21.0
+  Downloaded tokio-stream v0.1.17
+  Downloaded threadpool v1.8.1
+  Downloaded rsa v0.9.8
+  Downloaded piper v0.2.4
+  Downloaded state v0.6.0
+  Downloaded rocket_http v0.5.1
+  Downloaded ubyte v0.10.4
+  Downloaded triomphe v0.1.15
+  Downloaded tokio-native-tls v0.3.1
+  Downloaded tokio-macros v2.6.0
+  Downloaded spinning_top v0.3.0
+  Downloaded spin v0.9.8
+  Downloaded socket2 v0.5.10
+  Downloaded sct v0.7.1
+  Downloaded openssl-macros v0.1.1
+  Downloaded num_threads v0.1.7
+  Downloaded is-terminal v0.4.17
+  Downloaded ed25519-dalek v2.2.0
+  Downloaded utf-8 v0.7.6
+  Downloaded tokio-rustls v0.24.1
+  Downloaded syslog v7.0.0
+  Downloaded stable-pattern v0.1.0
+  Downloaded spki v0.7.3
+  Downloaded serde_cbor_2 v0.13.0
+  Downloaded quick-error v2.0.1
+  Downloaded quanta v0.12.6
+  Downloaded password-hash v0.5.0
+  Downloaded migrations_internals v2.3.0
+  Downloaded inlinable_string v0.1.15
+  Downloaded svg-hush v0.9.5
+  Downloaded stacker v0.1.22
+  Downloaded pastey v0.1.1
+  Downloaded ordered-float v2.10.1
+  Downloaded signature v2.2.0
+  Downloaded serde_plain v1.0.2
+  Downloaded serde_path_to_error v0.1.20
+  Downloaded chumsky v0.9.3
+  Downloaded scheduled-thread-pool v0.2.7
+  Downloaded rusticata-macros v4.1.0
+  Downloaded rustc_version v0.4.1
+  Downloaded rtoolbox v0.0.3
+  Downloaded rmpv v1.3.0
+  Downloaded rand v0.8.5
+  Downloaded psl-types v2.0.11
+  Downloaded phf_shared v0.12.1
+  Downloaded pear_codegen v0.2.9
+  Downloaded parking v2.2.1
+  Downloaded async-compression v0.4.33
+  Downloaded asn1-rs v0.6.2
+  Downloaded reopen v1.0.3
+  Downloaded ref-cast-impl v1.0.25
+  Downloaded ref-cast v1.0.25
+  Downloaded derive_more-impl v2.0.1
+  Downloaded der v0.7.10
+  Downloaded crypto-bigint v0.5.5
+  Downloaded figment v0.10.19
+  Downloaded elliptic-curve v0.13.8
+  Downloaded der-parser v9.0.0
+  Downloaded darling_core v0.20.11
+  Downloaded cached v0.56.0
+  Downloaded event-listener v5.4.1
+  Downloaded darling v0.20.11
+  Downloaded const-oid v0.9.6
+  Downloaded hex v0.4.3
+  Downloaded ed25519 v2.2.3
+  Downloaded cookie_store v0.22.0
+  Downloaded compression-codecs v0.4.32
+  Downloaded downcast-rs v2.0.2
+  Downloaded derive_builder_core v0.20.2
+  Downloaded cookie_store v0.21.1
+  Downloaded ff v0.13.1
+  Downloaded darling v0.21.3
+  Downloaded async-io v2.6.0
+  Downloaded ahash v0.8.12
+  Downloaded email_address v0.2.9
+  Downloaded concurrent-queue v2.5.0
+  Downloaded async-trait v0.1.89
+  Downloaded async-process v2.5.0
+  Downloaded glob v0.3.3
+  Downloaded enum-as-inner v0.6.1
+  Downloaded document-features v0.2.12
+  Downloaded diesel_migrations v2.3.0
+  Downloaded devise_core v0.4.2
+  Downloaded devise v0.4.2
+  Downloaded data-encoding v2.9.0
+  Downloaded curve25519-dalek-derive v0.1.1
+  Downloaded cron v0.15.0
+  Downloaded cached_proc_macro v0.25.0
+  Downloaded httpdate v1.0.3
+  Downloaded http-body v0.4.6
+  Downloaded futures-lite v2.6.1
+  Downloaded dotenvy v0.15.7
+  Downloaded diesel_table_macro_syntax v0.3.0
+  Downloaded critical-section v1.2.0
+  Downloaded codemap v0.1.3
+  Downloaded base16ct v0.2.0
+  Downloaded atomic v0.5.3
+  Downloaded async-global-executor v2.4.1
+  Downloaded async-channel v2.5.0
+  Downloaded asn1-rs-derive v0.5.1
+  Downloaded foreign-types-shared v0.1.1
+  Downloaded ecdsa v0.16.9
+  Downloaded derive_builder v0.20.2
+  Downloaded backon v1.6.0
+  Downloaded async-stream v0.3.6
+  Downloaded async-signal v0.2.13
+  Downloaded async-lock v3.4.1
+  Downloaded diesel-derive-newtype v2.1.2
+  Downloaded compression-core v0.4.30
+  Downloaded cached_proc_macro_types v0.1.1
+  Downloaded darling_macro v0.21.3
+  Downloaded ar_archive_writer v0.2.0
+  Downloaded derive_builder_macro v0.20.2
+  Downloaded dashmap v6.1.0
+  Downloaded blocking v1.6.2
+  Downloaded base64ct v1.8.0
+  Downloaded env_home v0.1.0
+  Downloaded binascii v0.1.4
+  Downloaded async-task v4.7.1
+  Downloaded async-executor v1.13.3
+  Downloaded async-channel v1.9.0
+  Downloaded argon2 v0.5.3
+   Compiling proc-macro2 v1.0.103
+   Compiling unicode-ident v1.0.22
+   Compiling quote v1.0.42
+   Compiling libc v0.2.177
+   Compiling cfg-if v1.0.4
+   Compiling version_check v0.9.5
+   Compiling serde_core v1.0.228
+   Compiling memchr v2.7.6
+   Compiling smallvec v1.15.1
+   Compiling find-msvc-tools v0.1.4
+   Compiling shlex v1.3.0
+   Compiling serde v1.0.228
+   Compiling pin-project-lite v0.2.16
+   Compiling itoa v1.0.15
+   Compiling zeroize v1.8.2
+   Compiling portable-atomic v1.11.1
+error: linker `cc` not found
+  |
+  = note: No such file or directory (os error 2)
+
+error: could not compile `serde` (build script) due to 1 previous error
+warning: build failed, waiting for other jobs to finish...
+error: could not compile `proc-macro2` (build script) due to 1 previous error
+error: could not compile `quote` (build script) due to 1 previous error
+error: could not compile `serde_core` (build script) due to 1 previous error
+error: could not compile `libc` (build script) due to 1 previous error
+error: could not compile `portable-atomic` (build script) due to 1 previous error
--- a/docker/audit/output/native_build.out
+++ b/docker/audit/output/native_build.out
--- a/docker/audit/output/native_deny.err
+++ b/docker/audit/output/native_deny.err
@ -0,0 +1,8 @@
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:","  - OSI approved","  - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"base64urlsafedata","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true}]}]}],"labels":[{"column":12,"line":35,"message":"","span":"MPL-2.0"},{"column":12,"line":35,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":30,"message":"","span":"MPL-2.0"},{"column":12,"line":30,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}],"labels":[{"column":12,"line":39,"message":"","span":"MPL-2.0"},{"column":12,"line":39,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webpki-roots","version":"1.0.4"},"parents":[{"Krate":{"name":"hyper-rustls","version":"0.27.7"},"parents":[{"Krate":{"name":"reqwest","version":"0.12.24"},"parents":[{"Krate":{"name":"oauth2","version":"5.0.0"},"parents":[{"Krate":{"name":"openidconnect","version":"4.0.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]},{"Krate":{"name":"opendal","version":"0.54.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]},{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"yubico_ng","version":"0.14.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"reqwest","version":"0.12.24"},"repeat":true}]}],"labels":[{"column":12,"line":26,"message":"","span":"CDLA-Permissive-2.0"},{"column":12,"line":26,"message":"rejected: license is not explicitly allowed","span":"CDLA-Permissive-2.0"}],"message":"failed to satisfy license requirements","notes":["CDLA-Permissive-2.0 - Community Data License Agreement Permissive 2.0:","  - No additional metadata available for license"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"licenses":{"errors":7,"helps":530,"notes":0,"warnings":0}},"type":"summary"}
--- a/docker/audit/output/native_deny.json
+++ b/docker/audit/output/native_deny.json
--- a/docker/audit/output/openid.done
+++ b/docker/audit/output/openid.done
@ -0,0 +1 @@
+done
--- a/docker/audit/output/openid_build.err
+++ b/docker/audit/output/openid_build.err
@ -0,0 +1,302 @@
+ Downloading crates ...
+  Downloaded ar_archive_writer v0.2.0
+  Downloaded futures-timer v3.0.3
+  Downloaded codemap v0.1.3
+  Downloaded futures-lite v2.6.1
+  Downloaded derive_builder_macro v0.20.2
+  Downloaded data-url v0.3.2
+  Downloaded diesel_table_macro_syntax v0.3.0
+  Downloaded dsl_auto_type v0.2.0
+  Downloaded kv-log-macro v1.0.7
+  Downloaded jsonwebtoken v9.3.1
+  Downloaded mini-moka v0.10.3
+  Downloaded migrations_internals v2.3.0
+  Downloaded native-tls v0.2.14
+  Downloaded nonzero_ext v0.3.0
+  Downloaded migrations_macros v2.3.0
+  Downloaded hex v0.4.3
+  Downloaded hyper-tls v0.6.0
+  Downloaded async-global-executor v2.4.1
+  Downloaded data-encoding v2.9.0
+  Downloaded indexmap v1.9.3
+  Downloaded md-5 v0.10.6
+  Downloaded glob v0.3.3
+  Downloaded hmac v0.12.1
+  Downloaded compression-codecs v0.4.32
+  Downloaded futures v0.3.31
+  Downloaded multer v3.1.0
+  Downloaded ff v0.13.1
+  Downloaded dotenvy v0.15.7
+  Downloaded futures-executor v0.3.31
+  Downloaded async-compression v0.4.33
+  Downloaded elliptic-curve v0.13.8
+  Downloaded env_home v0.1.0
+  Downloaded brotli-decompressor v5.0.0
+  Downloaded dashmap v6.1.0
+  Downloaded darling_core v0.21.3
+  Downloaded darling_core v0.20.11
+  Downloaded ref-cast-impl v1.0.25
+  Downloaded ref-cast v1.0.25
+  Downloaded crypto-bigint v0.5.5
+  Downloaded oid-registry v0.7.1
+  Downloaded pkcs8 v0.10.2
+  Downloaded phf_shared v0.11.3
+  Downloaded phf_macros v0.11.3
+  Downloaded parking v2.2.1
+  Downloaded der v0.7.10
+  Downloaded num-integer v0.1.46
+  Downloaded litrs v1.0.0
+  Downloaded rustc_version v0.4.1
+  Downloaded rustls-pemfile v1.0.4
+  Downloaded rusticata-macros v4.1.0
+  Downloaded sct v0.7.1
+  Downloaded serde-value v0.7.0
+  Downloaded async-std v1.13.2
+  Downloaded thiserror-impl v1.0.69
+  Downloaded tokio-macros v2.6.0
+  Downloaded tokio-tungstenite v0.21.0
+  Downloaded utf-8 v0.7.6
+  Downloaded tungstenite v0.21.0
+  Downloaded hyper v0.14.32
+  Downloaded handlebars v6.3.2
+  Downloaded pear v0.2.9
+  Downloaded schemars v0.9.0
+  Downloaded triomphe v0.1.15
+  Downloaded yubico_ng v0.14.1
+  Downloaded webauthn-attestation-ca v0.5.3
+  Downloaded grass_compiler v0.13.4
+  Downloaded web-time v1.1.0
+  Downloaded uncased v0.9.10
+  Downloaded minimal-lexical v0.2.1
+  Downloaded rocket v0.5.1
+  Downloaded portable-atomic v1.11.1
+  Downloaded num-bigint v0.4.6
+  Downloaded quick-error v2.0.1
+  Downloaded pico-args v0.5.0
+  Downloaded vcpkg v0.2.15
+  Downloaded zerocopy-derive v0.8.27
+  Downloaded p384 v0.13.1
+  Downloaded oauth2 v5.0.0
+  Downloaded webauthn-rs-core v0.5.3
+  Downloaded object v0.32.2
+  Downloaded hickory-proto v0.25.2
+  Downloaded publicsuffix v2.3.0
+  Downloaded openidconnect v4.0.1
+  Downloaded num-bigint-dig v0.8.5
+  Downloaded nom v8.0.0
+  Downloaded moka v0.12.11
+  Downloaded libm v0.2.15
+  Downloaded lasso v0.7.3
+  Downloaded http v0.2.12
+  Downloaded html5gum v0.8.0
+  Downloaded hkdf v0.12.4
+  Downloaded hickory-resolver v0.25.2
+  Downloaded which v8.0.0
+  Downloaded webauthn-rs-proto v0.5.3
+  Downloaded value-bag v1.11.1
+  Downloaded totp-lite v2.0.1
+  Downloaded opendal v0.54.1
+  Downloaded threadpool v1.8.1
+  Downloaded tagptr v0.2.0
+  Downloaded syslog v7.0.0
+  Downloaded syn v2.0.110
+  Downloaded svg-hush v0.9.5
+  Downloaded state v0.6.0
+  Downloaded stacker v0.1.22
+  Downloaded stable-pattern v0.1.0
+  Downloaded scheduled-thread-pool v0.2.7
+  Downloaded quick-xml v0.38.3
+  Downloaded pest_meta v2.8.3
+  Downloaded resolv-conf v0.7.5
+  Downloaded openssl-sys v0.9.111
+  Downloaded quanta v0.12.6
+  Downloaded openssl v0.10.75
+  Downloaded itertools v0.10.5
+  Downloaded diesel v2.3.3
+  Downloaded chrono-tz v0.10.4
+  Downloaded pest v2.8.3
+  Downloaded ubyte v0.10.4
+  Downloaded spinning_top v0.3.0
+  Downloaded schemars v1.1.0
+  Downloaded rsa v0.9.8
+  Downloaded rpassword v7.4.0
+  Downloaded rocket_http v0.5.1
+  Downloaded rocket_codegen v0.5.1
+  Downloaded raw-cpuid v11.6.0
+  Downloaded r2d2 v0.8.10
+  Downloaded quoted_printable v0.5.1
+  Downloaded psm v0.1.28
+  Downloaded psl-types v2.0.11
+  Downloaded proc-macro2-diagnostics v0.10.1
+  Downloaded piper v0.2.4
+  Downloaded phf_shared v0.12.1
+  Downloaded phf v0.12.1
+  Downloaded pest_generator v2.8.3
+  Downloaded pest_derive v2.8.3
+  Downloaded pear_codegen v0.2.9
+  Downloaded yansi v1.0.1
+  Downloaded xml-rs v0.8.28
+  Downloaded x509-parser v0.16.0
+  Downloaded winnow v0.6.26
+  Downloaded webauthn-rs v0.5.3
+  Downloaded uuid v1.18.1
+  Downloaded serde_with_macros v3.15.1
+  Downloaded serde_with v3.15.1
+  Downloaded serde_plain v1.0.2
+  Downloaded serde_cbor_2 v0.13.0
+  Downloaded rustls v0.21.12
+  Downloaded rtoolbox v0.0.3
+  Downloaded rocket_ws v0.1.1
+  Downloaded rmpv v1.3.0
+  Downloaded rfc6979 v0.4.0
+  Downloaded figment v0.10.19
+  Downloaded diesel_derives v2.3.4
+  Downloaded derive_more-impl v2.0.1
+  Downloaded derive_more v2.0.1
+  Downloaded tokio-native-tls v0.3.1
+  Downloaded sec1 v0.7.3
+  Downloaded rustls-webpki v0.101.7
+  Downloaded lettre v0.11.19
+  Downloaded pastey v0.1.1
+  Downloaded password-hash v0.5.0
+  Downloaded p256 v0.13.2
+  Downloaded ordered-float v2.10.1
+  Downloaded num_threads v0.1.7
+  Downloaded num-order v1.2.0
+  Downloaded num-modular v0.6.1
+  Downloaded num-iter v0.1.45
+  Downloaded num-derive v0.4.2
+  Downloaded hashbrown v0.12.3
+  Downloaded ucd-trie v0.1.7
+  Downloaded tokio-stream v0.1.17
+  Downloaded tokio-rustls v0.24.1
+  Downloaded nom v7.1.3
+  Downloaded hashbrown v0.14.5
+  Downloaded governor v0.10.1
+  Downloaded rand v0.8.5
+  Downloaded iana-time-zone v0.1.64
+  Downloaded cached v0.56.0
+  Downloaded brotli v8.0.2
+  Downloaded bigdecimal v0.4.9
+  Downloaded reopen v1.0.3
+  Downloaded pem-rfc7468 v0.7.0
+  Downloaded num_cpus v1.17.0
+  Downloaded half v2.7.1
+  Downloaded chumsky v0.9.3
+  Downloaded thiserror v1.0.69
+  Downloaded spki v0.7.3
+  Downloaded spin v0.9.8
+  Downloaded socket2 v0.5.10
+  Downloaded siphasher v1.0.1
+  Downloaded simple_asn1 v0.6.3
+  Downloaded signature v2.2.0
+  Downloaded serde_path_to_error v0.1.20
+  Downloaded primeorder v0.13.6
+  Downloaded polling v3.11.0
+  Downloaded phf_generator v0.11.3
+  Downloaded pem v3.0.6
+  Downloaded openssl-macros v0.1.1
+  Downloaded event-listener v5.4.1
+  Downloaded document-features v0.2.12
+  Downloaded pkcs1 v0.7.5
+  Downloaded phf v0.11.3
+  Downloaded curve25519-dalek v4.1.3
+  Downloaded ed25519-dalek v2.2.0
+  Downloaded rand_core v0.6.4
+  Downloaded rand_chacha v0.3.1
+  Downloaded chrono v0.4.42
+  Downloaded base64 v0.21.7
+  Downloaded asn1-rs v0.6.2
+  Downloaded dashmap v5.5.3
+  Downloaded cron v0.15.0
+  Downloaded critical-section v1.2.0
+  Downloaded cookie v0.18.1
+  Downloaded foreign-types-shared v0.1.1
+  Downloaded event-listener-strategy v0.5.4
+  Downloaded event-listener v2.5.3
+  Downloaded email-encoding v0.4.1
+  Downloaded ecdsa v0.16.9
+  Downloaded compression-core v0.4.30
+  Downloaded const-oid v0.9.6
+  Downloaded async-lock v3.4.1
+  Downloaded async-channel v2.5.0
+  Downloaded async-channel v1.9.0
+  Downloaded argon2 v0.5.3
+  Downloaded httpdate v1.0.3
+  Downloaded group v0.13.0
+  Downloaded email_address v0.2.9
+  Downloaded der-parser v9.0.0
+  Downloaded futures-macro v0.3.31
+  Downloaded enum-as-inner v0.6.1
+  Downloaded ed25519 v2.2.3
+  Downloaded dyn-clone v1.0.20
+  Downloaded darling v0.20.11
+  Downloaded base64ct v1.8.0
+  Downloaded derive_builder_core v0.20.2
+  Downloaded derive_builder v0.20.2
+  Downloaded async-trait v0.1.89
+  Downloaded darling v0.21.3
+  Downloaded concurrent-queue v2.5.0
+  Downloaded ahash v0.8.12
+  Downloaded job_scheduler_ng v2.4.0
+  Downloaded jetscii v0.5.3
+  Downloaded is-terminal v0.4.17
+  Downloaded inlinable_string v0.1.15
+  Downloaded http-body v0.4.6
+  Downloaded hostname v0.4.1
+  Downloaded foreign-types v0.3.2
+  Downloaded curve25519-dalek-derive v0.1.1
+  Downloaded atomic v0.5.3
+  Downloaded async-stream v0.3.6
+  Downloaded downcast-rs v2.0.2
+  Downloaded diesel_migrations v2.3.0
+  Downloaded diesel-derive-newtype v2.1.2
+  Downloaded devise_core v0.4.2
+  Downloaded devise_codegen v0.4.2
+  Downloaded devise v0.4.2
+  Downloaded darling_macro v0.21.3
+  Downloaded cookie_store v0.22.0
+  Downloaded cookie_store v0.21.1
+  Downloaded darling_macro v0.20.11
+  Downloaded base16ct v0.2.0
+  Downloaded async-stream-impl v0.3.6
+  Downloaded asn1-rs-impl v0.2.0
+  Downloaded asn1-rs-derive v0.5.1
+  Downloaded alloc-stdlib v0.2.2
+  Downloaded alloc-no-stdlib v2.0.4
+  Downloaded cached_proc_macro_types v0.1.1
+  Downloaded cached_proc_macro v0.25.0
+  Downloaded blocking v1.6.2
+  Downloaded blake2 v0.10.6
+  Downloaded binascii v0.1.4
+  Downloaded backon v1.6.0
+  Downloaded base64urlsafedata v0.5.3
+  Downloaded async-task v4.7.1
+  Downloaded async-signal v0.2.13
+  Downloaded async-process v2.5.0
+  Downloaded async-io v2.6.0
+  Downloaded async-executor v1.13.3
+   Compiling proc-macro2 v1.0.103
+   Compiling unicode-ident v1.0.22
+   Compiling quote v1.0.42
+   Compiling libc v0.2.177
+   Compiling cfg-if v1.0.4
+   Compiling version_check v0.9.5
+   Compiling serde_core v1.0.228
+   Compiling memchr v2.7.6
+   Compiling smallvec v1.15.1
+   Compiling shlex v1.3.0
+   Compiling find-msvc-tools v0.1.4
+   Compiling pin-project-lite v0.2.16
+   Compiling serde v1.0.228
+error: linker `cc` not found
+  |
+  = note: No such file or directory (os error 2)
+
+   Compiling itoa v1.0.15
+error: could not compile `serde_core` (build script) due to 1 previous error
+warning: build failed, waiting for other jobs to finish...
+error: could not compile `quote` (build script) due to 1 previous error
+error: could not compile `proc-macro2` (build script) due to 1 previous error
+error: could not compile `libc` (build script) due to 1 previous error
+error: could not compile `serde` (build script) due to 1 previous error
--- a/docker/audit/output/openid_build.out
+++ b/docker/audit/output/openid_build.out
--- a/docker/audit/output/openid_deny.err
+++ b/docker/audit/output/openid_deny.err
@ -0,0 +1,2 @@
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:","  - OSI approved","  - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"licenses":{"errors":1,"helps":536,"notes":0,"warnings":0}},"type":"summary"}
--- a/docker/audit/output/openid_deny.json
+++ b/docker/audit/output/openid_deny.json
--- a/docker/audit/output/req_exp.done
+++ b/docker/audit/output/req_exp.done
@ -0,0 +1 @@
+done
--- a/docker/audit/output/reqwest-tree_post_native.err
+++ b/docker/audit/output/reqwest-tree_post_native.err
--- a/docker/audit/output/reqwest-tree_post_native.txt
+++ b/docker/audit/output/reqwest-tree_post_native.txt
@ -0,0 +1,9 @@
+reqwest v0.12.24
+├── oauth2 v5.0.0
+│   └── openidconnect v4.0.1
+│       └── vaultwarden v1.0.0 (/workspace)
+├── opendal v0.54.1
+│   └── vaultwarden v1.0.0 (/workspace)
+├── vaultwarden v1.0.0 (/workspace)
+└── yubico_ng v0.14.1
+    └── vaultwarden v1.0.0 (/workspace)
--- a/docker/audit/output/upgrade.done
+++ b/docker/audit/output/upgrade.done
@ -0,0 +1 @@
+done
--- a/docker/audit/output/upgrade.log
+++ b/docker/audit/output/upgrade.log
@ -0,0 +1,4 @@
+1: starting updates
+2: updated reqwest
+3: updated hyper-rustls
+4: attempted webauthn update
--- a/docker/audit/output/upgrade_build.err
+++ b/docker/audit/output/upgrade_build.err
@ -0,0 +1,309 @@
+ Downloading crates ...
+  Downloaded async-stream-impl v0.3.6
+  Downloaded alloc-stdlib v0.2.2
+  Downloaded darling_macro v0.21.3
+  Downloaded devise_codegen v0.4.2
+  Downloaded derive_builder_macro v0.20.2
+  Downloaded binascii v0.1.4
+  Downloaded foreign-types-shared v0.1.1
+  Downloaded blocking v1.6.2
+  Downloaded async-stream v0.3.6
+  Downloaded glob v0.3.3
+  Downloaded futures-timer v3.0.3
+  Downloaded event-listener v2.5.3
+  Downloaded devise v0.4.2
+  Downloaded darling_macro v0.20.11
+  Downloaded diesel_table_macro_syntax v0.3.0
+  Downloaded async-global-executor v2.4.1
+  Downloaded inlinable_string v0.1.15
+  Downloaded alloc-no-stdlib v2.0.4
+  Downloaded async-channel v1.9.0
+  Downloaded pear_codegen v0.2.9
+  Downloaded dashmap v5.5.3
+  Downloaded ff v0.13.1
+  Downloaded md-5 v0.10.6
+  Downloaded hyper-tls v0.6.0
+  Downloaded is-terminal v0.4.17
+  Downloaded async-io v2.6.0
+  Downloaded num-iter v0.1.45
+  Downloaded piper v0.2.4
+  Downloaded rand_chacha v0.3.1
+  Downloaded num_threads v0.1.7
+  Downloaded ahash v0.8.12
+  Downloaded futures v0.3.31
+  Downloaded cookie v0.18.1
+  Downloaded migrations_internals v2.3.0
+  Downloaded openssl-macros v0.1.1
+  Downloaded darling v0.20.11
+  Downloaded rfc6979 v0.4.0
+  Downloaded rustc_version v0.4.1
+  Downloaded crypto-bigint v0.5.5
+  Downloaded serde-value v0.7.0
+  Downloaded der-parser v9.0.0
+  Downloaded quick-error v2.0.1
+  Downloaded psl-types v2.0.11
+  Downloaded rmpv v1.3.0
+  Downloaded sec1 v0.7.3
+  Downloaded asn1-rs-derive v0.5.1
+  Downloaded siphasher v1.0.1
+  Downloaded stacker v0.1.22
+  Downloaded thiserror v1.0.69
+  Downloaded tokio-native-tls v0.3.1
+  Downloaded syslog v7.0.0
+  Downloaded signature v2.2.0
+  Downloaded asn1-rs v0.6.2
+  Downloaded tagptr v0.2.0
+  Downloaded threadpool v1.8.1
+  Downloaded serde_with_macros v3.15.1
+  Downloaded ubyte v0.10.4
+  Downloaded primeorder v0.13.6
+  Downloaded serde_path_to_error v0.1.20
+  Downloaded num-integer v0.1.46
+  Downloaded sct v0.7.1
+  Downloaded phf_shared v0.12.1
+  Downloaded tokio-tungstenite v0.21.0
+  Downloaded darling_core v0.21.3
+  Downloaded rand v0.8.5
+  Downloaded yubico_ng v0.14.1
+  Downloaded diesel_derives v2.3.4
+  Downloaded value-bag v1.11.1
+  Downloaded webauthn-rs v0.5.3
+  Downloaded which v8.0.0
+  Downloaded utf-8 v0.7.6
+  Downloaded rocket_http v0.5.1
+  Downloaded webauthn-attestation-ca v0.5.3
+  Downloaded bigdecimal v0.4.9
+  Downloaded phf_macros v0.11.3
+  Downloaded ucd-trie v0.1.7
+  Downloaded darling_core v0.20.11
+  Downloaded xml-rs v0.8.28
+  Downloaded spin v0.9.8
+  Downloaded webauthn-rs-proto v0.5.3
+  Downloaded web-time v1.1.0
+  Downloaded serde_plain v1.0.2
+  Downloaded schemars v1.0.4
+  Downloaded yansi v1.0.1
+  Downloaded x509-parser v0.16.0
+  Downloaded rocket_codegen v0.5.1
+  Downloaded zerocopy-derive v0.8.27
+  Downloaded webauthn-rs-core v0.5.3
+  Downloaded tokio-util v0.7.16
+  Downloaded winnow v0.6.26
+  Downloaded jetscii v0.5.3
+  Downloaded serde_with v3.15.1
+  Downloaded pkcs8 v0.10.2
+  Downloaded vcpkg v0.2.15
+  Downloaded totp-lite v2.0.1
+  Downloaded tokio-macros v2.6.0
+  Downloaded webpki-roots v1.0.3
+  Downloaded syn v2.0.108
+  Downloaded pest_derive v2.8.3
+  Downloaded password-hash v0.5.0
+  Downloaded indexmap v1.9.3
+  Downloaded group v0.13.0
+  Downloaded diesel v2.3.3
+  Downloaded jsonwebtoken v9.3.1
+  Downloaded half v2.7.1
+  Downloaded litrs v1.0.0
+  Downloaded native-tls v0.2.14
+  Downloaded rustls v0.21.12
+  Downloaded rocket v0.5.1
+  Downloaded triomphe v0.1.15
+  Downloaded tokio-rustls v0.24.1
+  Downloaded state v0.6.0
+  Downloaded polling v3.11.0
+  Downloaded handlebars v6.3.2
+  Downloaded quote v1.0.41
+  Downloaded lasso v0.7.3
+  Downloaded publicsuffix v2.3.0
+  Downloaded brotli v8.0.2
+  Downloaded pest_meta v2.8.3
+  Downloaded hickory-resolver v0.25.2
+  Downloaded chrono-tz v0.10.4
+  Downloaded hashbrown v0.12.3
+  Downloaded pest_generator v2.8.3
+  Downloaded mini-moka v0.10.3
+  Downloaded socket2 v0.5.10
+  Downloaded p256 v0.13.2
+  Downloaded quanta v0.12.6
+  Downloaded psm v0.1.28
+  Downloaded pkcs1 v0.7.5
+  Downloaded phf_generator v0.11.3
+  Downloaded pem-rfc7468 v0.7.0
+  Downloaded pear v0.2.9
+  Downloaded num-order v1.2.0
+  Downloaded num-modular v0.6.1
+  Downloaded multer v3.1.0
+  Downloaded curve25519-dalek v4.1.3
+  Downloaded tungstenite v0.21.0
+  Downloaded http v0.2.12
+  Downloaded num-bigint v0.4.6
+  Downloaded html5gum v0.8.0
+  Downloaded oauth2 v5.0.0
+  Downloaded openssl-sys v0.9.110
+  Downloaded uuid v1.18.1
+  Downloaded rsa v0.9.8
+  Downloaded itertools v0.10.5
+  Downloaded minimal-lexical v0.2.1
+  Downloaded hashbrown v0.14.5
+  Downloaded hex v0.4.3
+  Downloaded rusticata-macros v4.1.0
+  Downloaded hostname v0.4.1
+  Downloaded rustls-webpki v0.101.7
+  Downloaded raw-cpuid v11.6.0
+  Downloaded nom v7.1.3
+  Downloaded num-bigint-dig v0.8.4
+  Downloaded chrono v0.4.42
+  Downloaded async-std v1.13.2
+  Downloaded pest v2.8.3
+  Downloaded governor v0.10.1
+  Downloaded lettre v0.11.19
+  Downloaded phf v0.12.1
+  Downloaded brotli-decompressor v5.0.0
+  Downloaded nom v8.0.0
+  Downloaded libm v0.2.15
+  Downloaded hyper v0.14.32
+  Downloaded openidconnect v4.0.1
+  Downloaded hkdf v0.12.4
+  Downloaded portable-atomic v1.11.1
+  Downloaded grass_compiler v0.13.4
+  Downloaded p384 v0.13.1
+  Downloaded quick-xml v0.38.3
+  Downloaded iri-string v0.7.8
+  Downloaded rtoolbox v0.0.3
+  Downloaded rpassword v7.4.0
+  Downloaded r2d2 v0.8.10
+  Downloaded iana-time-zone v0.1.64
+  Downloaded moka v0.12.11
+  Downloaded schemars v0.9.0
+  Downloaded object v0.32.2
+  Downloaded openssl v0.10.74
+  Downloaded rustls-pemfile v1.0.4
+  Downloaded nonzero_ext v0.3.0
+  Downloaded hmac v0.12.1
+  Downloaded base64 v0.21.7
+  Downloaded rustls v0.23.34
+  Downloaded pico-args v0.5.0
+  Downloaded hickory-proto v0.25.2
+  Downloaded oid-registry v0.7.1
+  Downloaded cc v1.2.43
+  Downloaded tokio-stream v0.1.17
+  Downloaded thiserror-impl v1.0.69
+  Downloaded svg-hush v0.9.5
+  Downloaded spinning_top v0.3.0
+  Downloaded pem v3.0.6
+  Downloaded ordered-float v2.10.1
+  Downloaded uncased v0.9.10
+  Downloaded quoted_printable v0.5.1
+  Downloaded proc-macro2-diagnostics v0.10.1
+  Downloaded phf v0.11.3
+  Downloaded pastey v0.1.1
+  Downloaded num_cpus v1.17.0
+  Downloaded serde_cbor_2 v0.13.0
+  Downloaded parking v2.2.1
+  Downloaded kv-log-macro v1.0.7
+  Downloaded stable-pattern v0.1.0
+  Downloaded spki v0.7.3
+  Downloaded job_scheduler_ng v2.4.0
+  Downloaded event-listener-strategy v0.5.4
+  Downloaded simple_asn1 v0.6.3
+  Downloaded opendal v0.54.1
+  Downloaded scheduled-thread-pool v0.2.7
+  Downloaded rocket_ws v0.1.1
+  Downloaded num-derive v0.4.2
+  Downloaded ed25519-dalek v2.2.0
+  Downloaded der v0.7.10
+  Downloaded env_home v0.1.0
+  Downloaded elliptic-curve v0.13.8
+  Downloaded data-encoding v2.9.0
+  Downloaded cookie_store v0.21.1
+  Downloaded async-task v4.7.1
+  Downloaded const-oid v0.9.6
+  Downloaded async-lock v3.4.1
+  Downloaded migrations_macros v2.3.0
+  Downloaded http-body v0.4.6
+  Downloaded futures-lite v2.6.1
+  Downloaded devise_core v0.4.2
+  Downloaded derive_more-impl v2.0.1
+  Downloaded chumsky v0.9.3
+  Downloaded resolv-conf v0.7.5
+  Downloaded reopen v1.0.3
+  Downloaded ref-cast-impl v1.0.25
+  Downloaded ref-cast v1.0.25
+  Downloaded rand_core v0.6.4
+  Downloaded ed25519 v2.2.3
+  Downloaded figment v0.10.19
+  Downloaded derive_more v2.0.1
+  Downloaded cached v0.56.0
+  Downloaded argon2 v0.5.3
+  Downloaded ar_archive_writer v0.2.0
+  Downloaded base64ct v1.8.0
+  Downloaded atomic v0.5.3
+  Downloaded asn1-rs-impl v0.2.0
+  Downloaded foreign-types v0.3.2
+  Downloaded dyn-clone v1.0.20
+  Downloaded darling v0.21.3
+  Downloaded base64urlsafedata v0.5.3
+  Downloaded event-listener v5.4.1
+  Downloaded ecdsa v0.16.9
+  Downloaded backon v1.6.0
+  Downloaded phf_shared v0.11.3
+  Downloaded httpdate v1.0.3
+  Downloaded derive_builder v0.20.2
+  Downloaded dashmap v6.1.0
+  Downloaded cookie_store v0.22.0
+  Downloaded futures-macro v0.3.31
+  Downloaded diesel-derive-newtype v2.1.2
+  Downloaded derive_builder_core v0.20.2
+  Downloaded data-url v0.3.2
+  Downloaded cached_proc_macro v0.25.0
+  Downloaded blake2 v0.10.6
+  Downloaded async-channel v2.5.0
+  Downloaded email_address v0.2.9
+  Downloaded email-encoding v0.4.1
+  Downloaded downcast-rs v2.0.2
+  Downloaded concurrent-queue v2.5.0
+  Downloaded cached_proc_macro_types v0.1.1
+  Downloaded futures-executor v0.3.31
+  Downloaded dsl_auto_type v0.2.0
+  Downloaded document-features v0.2.12
+  Downloaded base16ct v0.2.0
+  Downloaded async-trait v0.1.89
+  Downloaded async-process v2.5.0
+  Downloaded async-executor v1.13.3
+  Downloaded enum-as-inner v0.6.1
+  Downloaded dotenvy v0.15.7
+  Downloaded diesel_migrations v2.3.0
+  Downloaded curve25519-dalek-derive v0.1.1
+  Downloaded critical-section v1.2.0
+  Downloaded codemap v0.1.3
+  Downloaded async-signal v0.2.13
+  Downloaded cron v0.15.0
+   Compiling proc-macro2 v1.0.103
+   Compiling quote v1.0.41
+   Compiling unicode-ident v1.0.22
+   Compiling libc v0.2.177
+   Compiling cfg-if v1.0.4
+   Compiling version_check v0.9.5
+   Compiling serde_core v1.0.228
+   Compiling memchr v2.7.6
+   Compiling smallvec v1.15.1
+   Compiling shlex v1.3.0
+   Compiling find-msvc-tools v0.1.4
+   Compiling serde v1.0.228
+   Compiling pin-project-lite v0.2.16
+   Compiling itoa v1.0.15
+   Compiling zeroize v1.8.2
+   Compiling portable-atomic v1.11.1
+error: linker `cc` not found
+  |
+  = note: No such file or directory (os error 2)
+
+   Compiling fnv v1.0.7
+error: could not compile `proc-macro2` (build script) due to 1 previous error
+warning: build failed, waiting for other jobs to finish...
+error: could not compile `serde` (build script) due to 1 previous error
+error: could not compile `serde_core` (build script) due to 1 previous error
+error: could not compile `quote` (build script) due to 1 previous error
+error: could not compile `libc` (build script) due to 1 previous error
+error: could not compile `portable-atomic` (build script) due to 1 previous error
--- a/docker/audit/output/upgrade_build.out
+++ b/docker/audit/output/upgrade_build.out
--- a/docker/audit/output/upgrade_deny.err
+++ b/docker/audit/output/upgrade_deny.err
@ -0,0 +1,8 @@
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"ar_archive_writer","version":"0.2.0"},"parents":[{"Krate":{"kind":"build","name":"psm","version":"0.1.28"},"parents":[{"Krate":{"name":"stacker","version":"0.1.22"},"parents":[{"Krate":{"name":"chumsky","version":"0.9.3"},"parents":[{"Krate":{"name":"lettre","version":"0.11.19"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]}]}]}]}],"labels":[{"column":12,"line":22,"message":"","span":"Apache-2.0 WITH LLVM-exception"},{"column":12,"line":22,"message":"rejected: license is not explicitly allowed","span":"Apache-2.0 WITH LLVM-exception"}],"message":"failed to satisfy license requirements","notes":["Apache-2.0 - Apache License 2.0:","  - OSI approved","  - FSF Free/Libre"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"base64urlsafedata","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true},{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"repeat":true}]}]}],"labels":[{"column":12,"line":35,"message":"","span":"MPL-2.0"},{"column":12,"line":35,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-attestation-ca","version":"0.5.3"},"parents":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":30,"message":"","span":"MPL-2.0"},{"column":12,"line":30,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}],"labels":[{"column":12,"line":39,"message":"","span":"MPL-2.0"},{"column":12,"line":39,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webauthn-rs-proto","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}},{"Krate":{"name":"webauthn-rs-core","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"webauthn-rs","version":"0.5.3"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]}],"labels":[{"column":12,"line":38,"message":"","span":"MPL-2.0"},{"column":12,"line":38,"message":"rejected: license is not explicitly allowed","span":"MPL-2.0"}],"message":"failed to satisfy license requirements","notes":["MPL-2.0 - Mozilla Public License 2.0:","  - OSI approved","  - FSF Free/Libre","  - Copyleft"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"code":"rejected","graphs":[{"Krate":{"name":"webpki-roots","version":"1.0.3"},"parents":[{"Krate":{"name":"hyper-rustls","version":"0.27.7"},"parents":[{"Krate":{"name":"reqwest","version":"0.12.24"},"parents":[{"Krate":{"name":"oauth2","version":"5.0.0"},"parents":[{"Krate":{"name":"openidconnect","version":"4.0.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"}}]}]},{"Krate":{"name":"opendal","version":"0.54.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]},{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true},{"Krate":{"name":"yubico_ng","version":"0.14.1"},"parents":[{"Krate":{"name":"vaultwarden","version":"1.0.0"},"repeat":true}]}]}]},{"Krate":{"name":"reqwest","version":"0.12.24"},"repeat":true}]}],"labels":[{"column":12,"line":26,"message":"","span":"CDLA-Permissive-2.0"},{"column":12,"line":26,"message":"rejected: license is not explicitly allowed","span":"CDLA-Permissive-2.0"}],"message":"failed to satisfy license requirements","notes":["CDLA-Permissive-2.0 - Community Data License Agreement Permissive 2.0:","  - No additional metadata available for license"],"severity":"error"},"type":"diagnostic"}
+{"fields":{"licenses":{"errors":7,"helps":530,"notes":0,"warnings":0}},"type":"summary"}
--- a/docker/audit/output/upgrade_deny.json
+++ b/docker/audit/output/upgrade_deny.json
--- a/docker/audit/output/webauthn_search.err
+++ b/docker/audit/output/webauthn_search.err
@ -0,0 +1,7 @@
+info: syncing channel updates for '1.91.0-x86_64-unknown-linux-gnu'
+info: latest update on 2025-10-30, rust version 1.91.0 (f8297e351 2025-10-28)
+info: downloading component 'clippy'
+info: downloading component 'rustfmt'
+info: installing component 'clippy'
+info: installing component 'rustfmt'
+note: to learn more about a package, run `cargo info <name>`
--- a/docker/audit/output/webauthn_search.txt
+++ b/docker/audit/output/webauthn_search.txt
@ -0,0 +1,9 @@
+webauthn-rs = "0.5.3"                            # Webauthn Framework for Rust Web Servers
+cable-tunnel-server-common = "0.1.0"             # Common components for webauthn-rs' caBLE tunnel server backend and frontend
+cable-tunnel-server-backend = "0.1.0"            # webauthn-rs caBLE tunnel server backend
+cable-tunnel-server-frontend = "0.1.0"           # webauthn-rs caBLE tunnel server frontend
+webauthn-rs-proto = "0.5.3"                      # Webauthn Specification Bindings
+webauthn-rs-core = "0.5.3"                       # Webauthn Cryptographic Operation Handling
+tmuntaner-webauthn = "0.1.0-alpha.18"            # A webauthn client
+webauthn-rp-proxy = "0.5.0"                      # Webauthn RP CLI Proxy
+webauthn-rs-device-catalog = "0.5.0-20230418"    # Webauthn RS Device Catalog
--- a/docker/audit/output/webpki-tree_post_native.err
+++ b/docker/audit/output/webpki-tree_post_native.err
--- a/docker/audit/output/webpki-tree_post_native.txt
+++ b/docker/audit/output/webpki-tree_post_native.txt
@ -0,0 +1,12 @@
+webpki-roots v1.0.3
+├── hyper-rustls v0.27.7
+│   └── reqwest v0.12.24
+│       ├── oauth2 v5.0.0
+│       │   └── openidconnect v4.0.1
+│       │       └── vaultwarden v1.0.0 (/workspace)
+│       ├── opendal v0.54.1
+│       │   └── vaultwarden v1.0.0 (/workspace)
+│       ├── vaultwarden v1.0.0 (/workspace)
+│       └── yubico_ng v0.14.1
+│           └── vaultwarden v1.0.0 (/workspace)
+└── reqwest v0.12.24 (*)
--- a/docker/audit/run-audit.ps1
+++ b/docker/audit/run-audit.ps1
@ -9,35 +9,19 @@ try {
    docker build -t $ImageName .

    Write-Host "Running audit container... outputs will be written to: $Workspace"
-
-    # Create a small LF-only shell script to avoid CRLF issues when passing
-    # multi-line commands into bash on Linux containers from Windows hosts.
-    $auditScriptPath = Join-Path $PSScriptRoot 'audit.sh'
-    $scriptContent = @'
-set -euo pipefail
-export PATH="/usr/local/cargo/bin:/usr/local/bin:$PATH"
-echo "=== cargo-audit --version ==="
-/usr/local/cargo/bin/cargo-audit --version || true
-echo "=== cargo-audit report ==="
-# Run cargo-audit on the workspace Cargo.lock if present; local crate otherwise
-/usr/local/cargo/bin/cargo-audit || true
-echo "=== cargo-deny --version ==="
-/usr/local/cargo/bin/cargo-deny --version || true
-echo "=== cargo-deny advisories ==="
-# Use --manifest-path as a global option and run check advisories and licenses
-/usr/local/cargo/bin/cargo-deny --manifest-path Cargo.toml check advisories || true
-echo "=== cargo-deny licenses ==="
-/usr/local/cargo/bin/cargo-deny --manifest-path Cargo.toml check licenses || true
-'@
-
-    # Ensure the script uses LF-only line endings by replacing CRLF with LF
-    $scriptContent = $scriptContent -replace "`r`n", "`n"
-    # Write bytes directly to ensure exact newlines (UTF8 without BOM)
-    $bytes = [System.Text.Encoding]::UTF8.GetBytes($scriptContent)
-    [System.IO.File]::WriteAllBytes($auditScriptPath, $bytes)
-
-    # Run the audit script inside the container by mounting it read-only
-    docker run --rm -v "${Workspace}:/workspace" -v "${auditScriptPath}:/audit.sh:ro" -w /workspace $ImageName bash -lc 'bash /audit.sh'
+    docker run --rm -v "${Workspace}:/workspace" -w /workspace $ImageName bash -lc '
+        set -euo pipefail
+        echo "=== cargo-audit --version ==="
+        /usr/local/cargo/bin/cargo-audit --version || true
+        echo "=== cargo-audit report ==="
+        /usr/local/cargo/bin/cargo-audit -q || true
+        echo "=== cargo-deny --version ==="
+        /usr/local/cargo/bin/cargo-deny --version || true
+        echo "=== cargo-deny advisories ==="
+        /usr/local/cargo/bin/cargo-deny check advisories --manifest-path Cargo.toml || true
+        echo "=== cargo-deny licenses ==="
+        /usr/local/cargo/bin/cargo-deny check licenses --manifest-path Cargo.toml || true
+    '
 }
 finally {
    Pop-Location
			`@ -0,0 +1 @@`
			`{"fields":{"licenses":{"errors":0,"helps":537,"notes":0,"warnings":0}},"type":"summary"}`