diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 3d036b84..805d2585 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,3 +1,5 @@ /.github @dani-garcia @BlackDex +/.github/** @dani-garcia @BlackDex /.github/CODEOWNERS @dani-garcia @BlackDex /.github/workflows/** @dani-garcia @BlackDex +/SECURITY.md @dani-garcia @BlackDex diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index da9b713b..43ec251f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -290,25 +290,25 @@ jobs: # Upload artifacts to Github Actions and Attest the binaries - name: "Upload amd64 artifact ${{ matrix.base_image }}" - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 #v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-amd64-${{ matrix.base_image }} path: vaultwarden-amd64-${{ matrix.base_image }} - name: "Upload arm64 artifact ${{ matrix.base_image }}" - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 #v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-arm64-${{ matrix.base_image }} path: vaultwarden-arm64-${{ matrix.base_image }} - name: "Upload armv7 artifact ${{ matrix.base_image }}" - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 #v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv7-${{ matrix.base_image }} path: vaultwarden-armv7-${{ matrix.base_image }} - name: "Upload armv6 artifact ${{ matrix.base_image }}" - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 #v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv6-${{ matrix.base_image }} path: vaultwarden-armv6-${{ matrix.base_image }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1d949b5a..e3c19e0b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,7 +31,7 @@ repos: language: system args: ["--features", "sqlite,mysql,postgresql,enable_mimalloc", "--"] types_or: [rust, file] - files: (Cargo.toml|Cargo.lock|rust-toolchain|.*\.rs$) + files: (Cargo.toml|Cargo.lock|rust-toolchain.toml|rustfmt.toml|.*\.rs$) pass_filenames: false - id: cargo-clippy name: cargo clippy @@ -40,11 +40,11 @@ repos: language: system args: ["--features", "sqlite,mysql,postgresql,enable_mimalloc", "--", "-D", "warnings"] types_or: [rust, file] - files: (Cargo.toml|Cargo.lock|rust-toolchain|clippy.toml|.*\.rs$) + files: (Cargo.toml|Cargo.lock|rust-toolchain.toml|rustfmt.toml|.*\.rs$) pass_filenames: false - id: check-docker-templates name: check docker templates - desciption: Check if the Docker templates are updated + description: Check if the Docker templates are updated language: system entry: sh args: diff --git a/Cargo.lock b/Cargo.lock index 78cf24cd..45ab9a9d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2303,9 +2303,9 @@ checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa" [[package]] name = "libmimalloc-sys" -version = "0.1.40" +version = "0.1.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07d0e07885d6a754b9c7993f2625187ad694ee985d60f23355ff0e7077261502" +checksum = "ec9d6fac27761dabcd4ee73571cdb06b7022dc99089acbe5435691edffaac0f4" dependencies = [ "cc", "libc", @@ -2439,9 +2439,9 @@ dependencies = [ [[package]] name = "mimalloc" -version = "0.1.44" +version = "0.1.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99585191385958383e13f6b822e6b6d8d9cf928e7d286ceb092da92b43c87bc1" +checksum = "995942f432bbb4822a7e9c3faa87a695185b0d09273ba85f097b54f4e458f2af" dependencies = [ "libmimalloc-sys", ] @@ -4899,7 +4899,6 @@ dependencies = [ "job_scheduler_ng", "jsonwebtoken", "lettre", - "libmimalloc-sys", "libsqlite3-sys", "log", "macros", diff --git a/Cargo.toml b/Cargo.toml index 712d7e50..7499be3e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,4 +1,5 @@ -workspace = { members = ["macros"] } +[workspace] +members = ["macros"] [package] name = "vaultwarden" @@ -75,7 +76,7 @@ dashmap = "6.1.0" # Async futures futures = "0.3.31" -tokio = { version = "1.44.1", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal", "net"] } +tokio = { version = "1.44.2", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal", "net"] } # A generic serialization/deserialization framework serde = { version = "1.0.219", features = ["derive"] } @@ -170,11 +171,9 @@ semver = "1.0.26" # Allow overriding the default memory allocator # Mainly used for the musl builds, since the default musl malloc is very slow -# Currently pinned to v0.1.44/v0.1.40 because of compile issues with musl - https://github.com/microsoft/mimalloc/issues/1056 -mimalloc = { version = "=0.1.44", features = ["secure"], default-features = false, optional = true } -libmimalloc-sys = { version = "=0.1.40", optional = true } +mimalloc = { version = "0.1.46", features = ["secure"], default-features = false, optional = true } -which = "7.0.2" +which = "7.0.3" # Argon2 library with support for the PHC format argon2 = "0.5.3" @@ -225,7 +224,7 @@ codegen-units = 16 # Linting config # https://doc.rust-lang.org/rustc/lints/groups.html -[lints.rust] +[workspace.lints.rust] # Forbid unsafe_code = "forbid" non_ascii_idents = "forbid" @@ -255,7 +254,7 @@ if_let_rescope = "allow" tail_expr_drop_order = "allow" # https://rust-lang.github.io/rust-clippy/stable/index.html -[lints.clippy] +[workspace.lints.clippy] # Warn dbg_macro = "warn" todo = "warn" @@ -293,3 +292,6 @@ unused_async = "deny" unused_self = "deny" verbose_file_reads = "deny" zero_sized_map_values = "deny" + +[lints] +workspace = true diff --git a/macros/Cargo.toml b/macros/Cargo.toml index 323f198d..eb4aeb7d 100644 --- a/macros/Cargo.toml +++ b/macros/Cargo.toml @@ -9,5 +9,8 @@ path = "src/lib.rs" proc-macro = true [dependencies] -quote = "1.0.38" -syn = "2.0.98" +quote = "1.0.40" +syn = "2.0.100" + +[lints] +workspace = true diff --git a/macros/src/lib.rs b/macros/src/lib.rs index ec8863bb..2d923ce1 100644 --- a/macros/src/lib.rs +++ b/macros/src/lib.rs @@ -1,5 +1,3 @@ -extern crate proc_macro; - use proc_macro::TokenStream; use quote::quote; @@ -12,7 +10,7 @@ pub fn derive_uuid_from_param(input: TokenStream) -> TokenStream { fn impl_derive_uuid_macro(ast: &syn::DeriveInput) -> TokenStream { let name = &ast.ident; - let gen = quote! { + let gen_derive = quote! { #[automatically_derived] impl<'r> rocket::request::FromParam<'r> for #name { type Error = (); @@ -27,7 +25,7 @@ fn impl_derive_uuid_macro(ast: &syn::DeriveInput) -> TokenStream { } } }; - gen.into() + gen_derive.into() } #[proc_macro_derive(IdFromParam)] @@ -39,7 +37,7 @@ pub fn derive_id_from_param(input: TokenStream) -> TokenStream { fn impl_derive_safestring_macro(ast: &syn::DeriveInput) -> TokenStream { let name = &ast.ident; - let gen = quote! { + let gen_derive = quote! { #[automatically_derived] impl<'r> rocket::request::FromParam<'r> for #name { type Error = (); @@ -54,5 +52,5 @@ fn impl_derive_safestring_macro(ast: &syn::DeriveInput) -> TokenStream { } } }; - gen.into() + gen_derive.into() } diff --git a/src/api/notifications.rs b/src/api/notifications.rs index de97be6f..2b325b70 100644 --- a/src/api/notifications.rs +++ b/src/api/notifications.rs @@ -495,7 +495,7 @@ impl WebSocketUsers { pub async fn send_auth_request( &self, user_id: &UserId, - auth_request_uuid: &String, + auth_request_uuid: &str, acting_device_id: &DeviceId, conn: &mut DbConn, ) { @@ -504,7 +504,7 @@ impl WebSocketUsers { return; } let data = create_update( - vec![("Id".into(), auth_request_uuid.clone().into()), ("UserId".into(), user_id.to_string().into())], + vec![("Id".into(), auth_request_uuid.to_owned().into()), ("UserId".into(), user_id.to_string().into())], UpdateType::AuthRequest, Some(acting_device_id.clone()), ); @@ -513,7 +513,7 @@ impl WebSocketUsers { } if CONFIG.push_enabled() { - push_auth_request(user_id.clone(), auth_request_uuid.to_string(), conn).await; + push_auth_request(user_id.clone(), auth_request_uuid.to_owned(), conn).await; } }