Address review remarks and small updates

- Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2 years ago · 79903d241b
17 changed files with 552 additions and 229 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -114,46 +114,46 @@ jobs:
          prefix-key: "v2023.07-rust"
      # End Enable Rust Caching
-      # Run cargo tests (In release mode to speed up future builds)
+      # Run cargo tests
      # First test all features together, afterwards test them separately.
      - name: "test features: sqlite,mysql,postgresql,enable_mimalloc"
        id: test_sqlite_mysql_postgresql_mimalloc
        if: $${{ always() }}
        run: |
-          cargo test --release --features sqlite,mysql,postgresql,enable_mimalloc
+          cargo test --features sqlite,mysql,postgresql,enable_mimalloc
      - name: "test features: sqlite,mysql,postgresql"
        id: test_sqlite_mysql_postgresql
        if: $${{ always() }}
        run: |
-          cargo test --release --features sqlite,mysql,postgresql
+          cargo test --features sqlite,mysql,postgresql
      - name: "test features: sqlite"
        id: test_sqlite
        if: $${{ always() }}
        run: |
-          cargo test --release --features sqlite
+          cargo test --features sqlite
      - name: "test features: mysql"
        id: test_mysql
        if: $${{ always() }}
        run: |
-          cargo test --release --features mysql
+          cargo test --features mysql
      - name: "test features: postgresql"
        id: test_postgresql
        if: $${{ always() }}
        run: |
-          cargo test --release --features postgresql
+          cargo test --features postgresql
      # End Run cargo tests
-      # Run cargo clippy, and fail on warnings (In release mode to speed up future builds)
+      # Run cargo clippy, and fail on warnings
      - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc"
        id: clippy
        if: ${{ always() && matrix.channel == 'rust-toolchain' }}
        run: |
-          cargo clippy --release --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
+          cargo clippy --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
      # End Run cargo clippy
@ -195,21 +195,3 @@ jobs:
        run: |
          echo "### :tada: Checks Passed!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
      # Build the binary to upload to the artifacts
      - name: "build features: sqlite,mysql,postgresql"
        if: ${{ matrix.channel == 'rust-toolchain' }}
        run: |
          cargo build --release --features sqlite,mysql,postgresql
      # End Build the binary
      # TODO: We should not upload these. We should extract Alpine build binaries from the containers and upload them
      # # Upload artifact to Github Actions
      # - name: "Upload artifact"
      #   uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
      #   if: ${{ matrix.channel == 'rust-toolchain' }}
      #   with:
      #     name: vaultwarden
      #     path: target/release/vaultwarden
      # # End Upload artifact to Github Actions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -14,6 +14,7 @@ on:
    branches: # Only on paths above
      - main
      - release-build-revision
    tags: # Always, regardless of paths above
      - '*'
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,7 +1,7 @@
 ---
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
    hooks:
    - id: check-yaml
    - id: check-json
--- a/Cargo.lock
+++ b/Cargo.lock
@ -17,6 +17,17 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
 [[package]]
 name = "ahash"
 version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47"
 dependencies = [
 "getrandom",
 "once_cell",
 "version_check",
 ]
 [[package]]
 name = "ahash"
 version = "0.8.3"
@ -98,9 +109,9 @@ dependencies = [
 [[package]]
 name = "async-compression"
-version = "0.4.3"
+version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb42b2197bf15ccb092b62c74515dbd8b86d0effd934795f6687c93b6e679a2c"
+checksum = "f658e2baef915ba0f26f1f7c42bfb8e12f532a01f449a090ded75ae7a07e9ba2"
 dependencies = [
 "brotli",
 "flate2",
@ -112,9 +123,9 @@ dependencies = [
 [[package]]
 name = "async-executor"
-version = "1.5.4"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2c1da3ae8dabd9c00f453a329dfe1fb28da3c0a72e2478cdcd93171740c20499"
+checksum = "4b0c4a4f319e45986f347ee47fef8bf5e81c9abc3f6f58dc2391439f30df65f0"
 dependencies = [
 "async-lock",
 "async-task",
@ -153,9 +164,9 @@ dependencies = [
 "log",
 "parking",
 "polling",
- "rustix 0.37.24",
+ "rustix 0.37.26",
 "slab",
- "socket2 0.4.9",
+ "socket2 0.4.10",
 "waker-fn",
 ]
@ -181,7 +192,7 @@ dependencies = [
 "cfg-if",
 "event-listener 3.0.0",
 "futures-lite",
- "rustix 0.38.18",
+ "rustix 0.38.20",
 "windows-sys",
 ]
@ -197,7 +208,7 @@ dependencies = [
 "cfg-if",
 "futures-core",
 "futures-io",
- "rustix 0.38.18",
+ "rustix 0.38.20",
 "signal-hook-registry",
 "slab",
 "windows-sys",
@ -254,15 +265,15 @@ dependencies = [
 [[package]]
 name = "async-task"
-version = "4.4.1"
+version = "4.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9441c6b2fe128a7c2bf680a44c34d0df31ce09e5b7e401fcca3faa483dbc921"
+checksum = "b4eb2cdb97421e01129ccb49169d8279ed21e829929144f4a22a6e54ac549ca1"
 [[package]]
 name = "async-trait"
-version = "0.1.73"
+version = "0.1.74"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0"
+checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9"
 dependencies = [
 "proc-macro2",
 "quote",
@ -343,9 +354,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 [[package]]
 name = "bitflags"
-version = "2.4.0"
+version = "2.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635"
+checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07"
 [[package]]
 name = "blake2"
@ -432,12 +443,12 @@ version = "0.46.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8cead8ece0da6b744b2ad8ef9c58a4cdc7ef2921e60a6ddfb9eaaa86839b5fc5"
 dependencies = [
- "ahash",
+ "ahash 0.8.3",
 "async-trait",
 "cached_proc_macro",
 "cached_proc_macro_types",
 "futures",
- "hashbrown 0.14.1",
+ "hashbrown 0.14.2",
 "instant",
 "once_cell",
 "thiserror",
@ -512,6 +523,16 @@ dependencies = [
 "phf_codegen",
 ]
 [[package]]
 name = "chumsky"
 version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "23170228b96236b5a7299057ac284a321457700bc8c41a4476052f0f4ba5349d"
 dependencies = [
 "hashbrown 0.12.3",
 "stacker",
 ]
 [[package]]
 name = "concurrent-queue"
 version = "2.3.0"
@ -595,9 +616,9 @@ checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa"
 [[package]]
 name = "cpufeatures"
-version = "0.2.9"
+version = "0.2.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1"
+checksum = "3fbc60abd742b35f2492f808e1abbb83d45f72db402e14c55057edc9c7b1e9e4"
 dependencies = [
 "libc",
 ]
@ -683,7 +704,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856"
 dependencies = [
 "cfg-if",
- "hashbrown 0.14.1",
+ "hashbrown 0.14.2",
 "lock_api",
 "once_cell",
 "parking_lot_core",
@ -703,9 +724,12 @@ checksum = "41b319d1b62ffbd002e057f36bebd1f42b9f97927c9577461d855f3513c4289f"
 [[package]]
 name = "deranged"
-version = "0.3.8"
+version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946"
+checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3"
 dependencies = [
 "powerfmt",
 ]
 [[package]]
 name = "devise"
@ -733,7 +757,7 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "35b50dba0afdca80b187392b24f2499a88c336d5a8493e4b4ccfb608708be56a"
 dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
 "proc-macro2",
 "proc-macro2-diagnostics",
 "quote",
@ -746,7 +770,7 @@ version = "2.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2268a214a6f118fce1838edba3d1561cf0e78d8de785475957a580a7f8c69d33"
 dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
 "byteorder",
 "chrono",
 "diesel_derives",
@ -950,9 +974,9 @@ dependencies = [
 [[package]]
 name = "flate2"
-version = "1.0.27"
+version = "1.0.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010"
+checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e"
 dependencies = [
 "crc32fast",
 "miniz_oxide",
@ -1219,14 +1243,17 @@ name = "hashbrown"
 version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
 dependencies = [
 "ahash 0.7.6",
 ]
 [[package]]
 name = "hashbrown"
-version = "0.14.1"
+version = "0.14.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12"
+checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156"
 dependencies = [
- "ahash",
+ "ahash 0.8.3",
 "allocator-api2",
 ]
@ -1331,7 +1358,7 @@ dependencies = [
 "httpdate",
 "itoa",
 "pin-project-lite",
- "socket2 0.4.9",
+ "socket2 0.4.10",
 "tokio",
 "tower-service",
 "tracing",
@ -1353,16 +1380,16 @@ dependencies = [
 [[package]]
 name = "iana-time-zone"
-version = "0.1.57"
+version = "0.1.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2fad5b825842d2b38bd206f3e81d6957625fd7f0a361e345c30e01a0ae2dd613"
+checksum = "8326b86b6cff230b97d0d312a6c40a60726df3332e721f72a1b035f451663b20"
 dependencies = [
 "android_system_properties",
 "core-foundation-sys",
 "iana-time-zone-haiku",
 "js-sys",
 "wasm-bindgen",
- "windows",
+ "windows-core",
 ]
 [[package]]
@ -1429,7 +1456,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897"
 dependencies = [
 "equivalent",
- "hashbrown 0.14.1",
+ "hashbrown 0.14.2",
 ]
 [[package]]
@ -1464,7 +1491,7 @@ version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f"
 dependencies = [
- "socket2 0.5.4",
+ "socket2 0.5.5",
 "widestring",
 "windows-sys",
 "winreg",
@ -1483,7 +1510,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b"
 dependencies = [
 "hermit-abi",
- "rustix 0.38.18",
+ "rustix 0.38.20",
 "windows-sys",
 ]
@ -1521,13 +1548,13 @@ dependencies = [
 [[package]]
 name = "jsonwebtoken"
-version = "8.3.0"
+version = "9.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378"
+checksum = "1e863f95209c79b9b8b001c4b03463385f890a765dbc4e0802cb8d4177e3e410"
 dependencies = [
 "base64 0.21.4",
 "pem",
- "ring",
+ "ring 0.17.5",
 "serde",
 "serde_json",
 "simple_asn1",
@ -1550,31 +1577,33 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 [[package]]
 name = "lettre"
-version = "0.10.4"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76bd09637ae3ec7bd605b8e135e757980b3968430ff2b1a4a94fb7769e50166d"
+checksum = "d47084ad58f99c26816d174702f60e873f861fcef3f9bd6075b4ad2dd72d07d5"
 dependencies = [
 "async-std",
 "async-trait",
 "base64 0.21.4",
 "chumsky",
 "email-encoding",
 "email_address",
- "fastrand 1.9.0",
+ "fastrand 2.0.1",
 "futures-io",
 "futures-util",
 "hostname",
 "httpdate",
- "idna 0.3.0",
+ "idna 0.4.0",
 "mime",
 "native-tls",
 "nom",
 "once_cell",
 "quoted_printable",
 "serde",
- "socket2 0.4.9",
+ "socket2 0.5.5",
 "tokio",
 "tokio-native-tls",
 "tracing",
 "url",
 ]
 [[package]]
@ -1624,9 +1653,9 @@ checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f"
 [[package]]
 name = "lock_api"
-version = "0.4.10"
+version = "0.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16"
+checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45"
 dependencies = [
 "autocfg",
 "scopeguard",
@ -1924,7 +1953,7 @@ version = "0.10.57"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bac25ee399abb46215765b1cb35bc0212377e58a061560d8b29b024fd0430e7c"
 dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
 "cfg-if",
 "foreign-types",
 "libc",
@ -1980,9 +2009,9 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
 [[package]]
 name = "parking"
-version = "2.1.1"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e52c774a4c39359c1d1c52e43f73dd91a75a614652c825408eec30c95a9b2067"
+checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae"
 [[package]]
 name = "parking_lot"
@ -1996,13 +2025,13 @@ dependencies = [
 [[package]]
 name = "parking_lot_core"
-version = "0.9.8"
+version = "0.9.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447"
+checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e"
 dependencies = [
 "cfg-if",
 "libc",
- "redox_syscall",
+ "redox_syscall 0.4.1",
 "smallvec",
 "windows-targets",
 ]
@ -2058,11 +2087,12 @@ dependencies = [
 [[package]]
 name = "pem"
-version = "1.1.1"
+version = "3.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8"
+checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.21.4",
 "serde",
 ]
 [[package]]
@ -2205,6 +2235,12 @@ dependencies = [
 "windows-sys",
 ]
 [[package]]
 name = "powerfmt"
 version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
 [[package]]
 name = "ppv-lite86"
 version = "0.2.17"
@ -2248,6 +2284,15 @@ version = "2.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac"
 [[package]]
 name = "psm"
 version = "0.1.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5787f7cda34e3033a72192c018bc5883100330f362ef279a8cbccfce8bb4e874"
 dependencies = [
 "cc",
 ]
 [[package]]
 name = "publicsuffix"
 version = "2.2.3"
@ -2291,9 +2336,9 @@ dependencies = [
 [[package]]
 name = "quoted_printable"
-version = "0.4.8"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a3866219251662ec3b26fc217e3e05bf9c4f84325234dfb96bf0bf840889e49"
+checksum = "79ec282e887b434b68c18fe5c121d38e72a5cf35119b59e54ec5b992ea9c8eb0"
 [[package]]
 name = "r2d2"
@ -2354,6 +2399,15 @@ dependencies = [
 "bitflags 1.3.2",
 ]
 [[package]]
 name = "redox_syscall"
 version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa"
 dependencies = [
 "bitflags 1.3.2",
 ]
 [[package]]
 name = "ref-cast"
 version = "1.0.20"
@ -2376,14 +2430,14 @@ dependencies = [
 [[package]]
 name = "regex"
-version = "1.10.0"
+version = "1.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d119d7c7ca818f8a53c300863d4f87566aac09943aef5b355bb83969dae75d87"
+checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343"
 dependencies = [
 "aho-corasick",
 "memchr",
- "regex-automata 0.4.1",
+ "regex-automata 0.4.3",
- "regex-syntax 0.8.0",
+ "regex-syntax 0.8.2",
 ]
 [[package]]
@ -2397,13 +2451,13 @@ dependencies = [
 [[package]]
 name = "regex-automata"
-version = "0.4.1"
+version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "465c6fc0621e4abc4187a2bda0937bfd4f722c2730b29562e19689ea796c9a4b"
+checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f"
 dependencies = [
 "aho-corasick",
 "memchr",
- "regex-syntax 0.8.0",
+ "regex-syntax 0.8.2",
 ]
 [[package]]
@ -2414,9 +2468,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
 [[package]]
 name = "regex-syntax"
-version = "0.8.0"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3cbb081b9784b07cceb8824c8583f86db4814d172ab043f3c23f7dc600bf83d"
+checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
 [[package]]
 name = "reopen"
@ -2494,11 +2548,25 @@ dependencies = [
 "libc",
 "once_cell",
 "spin 0.5.2",
- "untrusted",
+ "untrusted 0.7.1",
 "web-sys",
 "winapi",
 ]
 [[package]]
 name = "ring"
 version = "0.17.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b"
 dependencies = [
 "cc",
 "getrandom",
 "libc",
 "spin 0.9.8",
 "untrusted 0.9.0",
 "windows-sys",
 ]
 [[package]]
 name = "rmp"
 version = "0.8.12"
@ -2640,9 +2708,9 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"
 [[package]]
 name = "rustix"
-version = "0.37.24"
+version = "0.37.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4279d76516df406a8bd37e7dff53fd37d1a093f997a3c34a5c21658c126db06d"
+checksum = "84f3f8f960ed3b5a59055428714943298bf3fa2d4a1d53135084e0544829d995"
 dependencies = [
 "bitflags 1.3.2",
 "errno",
@ -2654,11 +2722,11 @@ dependencies = [
 [[package]]
 name = "rustix"
-version = "0.38.18"
+version = "0.38.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a74ee2d7c2581cd139b42447d7d9389b889bdaad3a73f1ebb16f2a3237bb19c"
+checksum = "67ce50cb2e16c2903e30d1cbccfd8387a74b9d4c938b6a4c5ec6cc7556f7a8a0"
 dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
 "errno",
 "libc",
 "linux-raw-sys 0.4.10",
@ -2672,7 +2740,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8"
 dependencies = [
 "log",
- "ring",
+ "ring 0.16.20",
 "rustls-webpki",
 "sct",
 ]
@ -2692,8 +2760,8 @@ version = "0.101.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe"
 dependencies = [
- "ring",
+ "ring 0.16.20",
- "untrusted",
+ "untrusted 0.7.1",
 ]
 [[package]]
@ -2753,8 +2821,8 @@ version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
 dependencies = [
- "ring",
+ "ring 0.16.20",
- "untrusted",
+ "untrusted 0.7.1",
 ]
 [[package]]
@ -2788,9 +2856,9 @@ checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090"
 [[package]]
 name = "serde"
-version = "1.0.188"
+version = "1.0.189"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e"
+checksum = "8e422a44e74ad4001bdc8eede9a4570ab52f71190e9c076d14369f38b9200537"
 dependencies = [
 "serde_derive",
 ]
@ -2807,9 +2875,9 @@ dependencies = [
 [[package]]
 name = "serde_derive"
-version = "1.0.188"
+version = "1.0.189"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2"
+checksum = "1e48d1f918009ce3145511378cf68d613e3b3d9137d67272562080d68a2b32d5"
 dependencies = [
 "proc-macro2",
 "quote",
@ -2890,6 +2958,16 @@ dependencies = [
 "lazy_static",
 ]
 [[package]]
 name = "signal-hook"
 version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8621587d4798caf8eb44879d42e56b9a93ea5dcd315a6487c357130095b62801"
 dependencies = [
 "libc",
 "signal-hook-registry",
 ]
 [[package]]
 name = "signal-hook-registry"
 version = "1.4.1"
@ -2934,9 +3012,9 @@ checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a"
 [[package]]
 name = "socket2"
-version = "0.4.9"
+version = "0.4.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662"
+checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d"
 dependencies = [
 "libc",
 "winapi",
@ -2944,9 +3022,9 @@ dependencies = [
 [[package]]
 name = "socket2"
-version = "0.5.4"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4031e820eb552adee9295814c0ced9e5cf38ddf1e8b7d566d6de8e2538ea989e"
+checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9"
 dependencies = [
 "libc",
 "windows-sys",
@ -2973,6 +3051,19 @@ dependencies = [
 "memchr",
 ]
 [[package]]
 name = "stacker"
 version = "0.1.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c886bd4480155fd3ef527d45e9ac8dd7118a898a46530b7b94c3e21866259fce"
 dependencies = [
 "cc",
 "cfg-if",
 "libc",
 "psm",
 "winapi",
 ]
 [[package]]
 name = "state"
 version = "0.6.0"
@ -3058,25 +3149,25 @@ checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef"
 dependencies = [
 "cfg-if",
 "fastrand 2.0.1",
- "redox_syscall",
+ "redox_syscall 0.3.5",
- "rustix 0.38.18",
+ "rustix 0.38.20",
 "windows-sys",
 ]
 [[package]]
 name = "thiserror"
-version = "1.0.49"
+version = "1.0.50"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1177e8c6d7ede7afde3585fd2513e611227efd6481bd78d2e82ba1ce16557ed4"
+checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2"
 dependencies = [
 "thiserror-impl",
 ]
 [[package]]
 name = "thiserror-impl"
-version = "1.0.49"
+version = "1.0.50"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "10712f02019e9288794769fba95cd6847df9874d49d871d062172f9dd41bc4cc"
+checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8"
 dependencies = [
 "proc-macro2",
 "quote",
@ -3104,14 +3195,15 @@ dependencies = [
 [[package]]
 name = "time"
-version = "0.3.29"
+version = "0.3.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "426f806f4089c493dcac0d24c29c01e2c38baf8e30f1b716ee37e83d200b18fe"
+checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5"
 dependencies = [
 "deranged",
 "itoa",
 "libc",
 "num_threads",
 "powerfmt",
 "serde",
 "time-core",
 "time-macros",
@ -3161,7 +3253,7 @@ dependencies = [
 "parking_lot",
 "pin-project-lite",
 "signal-hook-registry",
- "socket2 0.5.4",
+ "socket2 0.5.5",
 "tokio-macros",
 "windows-sys",
 ]
@ -3325,11 +3417,10 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"
 [[package]]
 name = "tracing"
-version = "0.1.37"
+version = "0.1.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
+checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
 dependencies = [
 "cfg-if",
 "log",
 "pin-project-lite",
 "tracing-attributes",
@ -3338,9 +3429,9 @@ dependencies = [
 [[package]]
 name = "tracing-attributes"
-version = "0.1.26"
+version = "0.1.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab"
+checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
 "proc-macro2",
 "quote",
@ -3349,9 +3440,9 @@ dependencies = [
 [[package]]
 name = "tracing-core"
-version = "0.1.31"
+version = "0.1.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a"
+checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54"
 dependencies = [
 "once_cell",
 "valuable",
@ -3388,9 +3479,9 @@ dependencies = [
 [[package]]
 name = "trust-dns-proto"
-version = "0.23.0"
+version = "0.23.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0dc775440033cb114085f6f2437682b194fa7546466024b1037e82a48a052a69"
+checksum = "559ac980345f7f5020883dd3bcacf176355225e01916f8c2efecad7534f682c6"
 dependencies = [
 "async-trait",
 "cfg-if",
@ -3413,9 +3504,9 @@ dependencies = [
 [[package]]
 name = "trust-dns-resolver"
-version = "0.23.0"
+version = "0.23.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2dff7aed33ef3e8bf2c9966fccdfed93f93d46f432282ea875cd66faabc6ef2f"
+checksum = "c723b0e608b24ad04c73b2607e0241b2c98fd79795a95e98b068b6966138a29d"
 dependencies = [
 "cfg-if",
 "futures-util",
@ -3521,6 +3612,12 @@ version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
 [[package]]
 name = "untrusted"
 version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
 [[package]]
 name = "url"
 version = "2.4.1"
@ -3541,9 +3638,9 @@ checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
 [[package]]
 name = "uuid"
-version = "1.4.1"
+version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79daa5ed5740825c40b389c5e50312b9c86df53fccd33f281df655642b43869d"
+checksum = "88ad59a7560b41a70d191093a945f0b87bc1deeda46fb237479708a1d6b6cdfc"
 dependencies = [
 "getrandom",
 ]
@ -3556,9 +3653,9 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
 [[package]]
 name = "value-bag"
-version = "1.4.1"
+version = "1.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d92ccd67fb88503048c01b59152a04effd0782d035a83a6d256ce6085f08f4a3"
+checksum = "4a72e1902dde2bd6441347de2b70b7f5d59bf157c6c62f0c44572607a1d55bbe"
 [[package]]
 name = "vaultwarden"
@ -3601,7 +3698,7 @@ dependencies = [
 "rand",
 "regex",
 "reqwest",
- "ring",
+ "ring 0.17.5",
 "rmpv",
 "rocket",
 "rocket_ws",
@ -3775,14 +3872,15 @@ dependencies = [
 [[package]]
 name = "which"
-version = "4.4.2"
+version = "5.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+checksum = "9bf3ea8596f3a0dd5980b46430f2058dfe2c36a27ccfbb1845d6fbfcd9ba6e14"
 dependencies = [
 "either",
 "home",
 "once_cell",
- "rustix 0.38.18",
+ "rustix 0.38.20",
 "windows-sys",
 ]
 [[package]]
@ -3831,6 +3929,15 @@ dependencies = [
 "windows-targets",
 ]
 [[package]]
 name = "windows-core"
 version = "0.51.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1f8cf84f35d2db49a46868f947758c7a1138116f7fac3bc844f43ade1292e64"
 dependencies = [
 "windows-targets",
 ]
 [[package]]
 name = "windows-sys"
 version = "0.48.0"
@ -3899,9 +4006,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
 [[package]]
 name = "winnow"
-version = "0.5.16"
+version = "0.5.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "037711d82167854aff2018dfd193aa0fef5370f456732f0d5a0c59b0f1b4b907"
+checksum = "a3b801d0e0a6726477cc207f60162da452f3a95adb368399bef20a946e06f65c"
 dependencies = [
 "memchr",
 ]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -42,7 +42,7 @@ syslog = "6.1.0"
 # Logging
 log = "0.4.20"
 fern = { version = "0.6.2", features = ["syslog-6", "reopen-1"] }
-tracing = { version = "0.1.37", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
+tracing = { version = "0.1.40", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
 # A `dotenv` implementation for Rust
 dotenvy = { version = "0.15.7", default-features = false }
@ -71,7 +71,7 @@ futures = "0.3.28"
 tokio = { version = "1.33.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }
 # A generic serialization/deserialization framework
-serde = { version = "1.0.188", features = ["derive"] }
+serde = { version = "1.0.189", features = ["derive"] }
 serde_json = "1.0.107"
 # A safe, extensible ORM and Query builder
@ -84,15 +84,15 @@ libsqlite3-sys = { version = "0.26.0", features = ["bundled"], optional = true }
 # Crypto-related libraries
 rand = { version = "0.8.5", features = ["small_rng"] }
-ring = "0.16.20"
+ring = "0.17.5"
 # UUID generation
-uuid = { version = "1.4.1", features = ["v4"] }
+uuid = { version = "1.5.0", features = ["v4"] }
 # Date and time libraries
 chrono = { version = "0.4.31", features = ["clock", "serde"], default-features = false }
 chrono-tz = "0.8.3"
-time = "0.3.29"
+time = "0.3.30"
 # Job scheduler
 job_scheduler_ng = "2.0.4"
@ -101,7 +101,7 @@ job_scheduler_ng = "2.0.4"
 data-encoding = "2.4.0"
 # JWT library
-jsonwebtoken = "8.3.0"
+jsonwebtoken = "9.0.0"
 # TOTP library
 totp-lite = "2.0.0"
@ -116,7 +116,7 @@ webauthn-rs = "0.3.2"
 url = "2.4.1"
 # Email libraries
-lettre = { version = "0.10.4", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
+lettre = { version = "0.11.0", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
 percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails
 email_address = "0.2.4"
@ -128,7 +128,7 @@ reqwest = { version = "0.11.22", features = ["stream", "json", "deflate", "gzip"
 # Favicon extraction libraries
 html5gum = "0.5.7"
-regex = { version = "1.10.0", features = ["std", "perf", "unicode-perl"], default-features = false }
+regex = { version = "1.10.2", features = ["std", "perf", "unicode-perl"], default-features = false }
 data-url = "0.3.0"
 bytes = "1.5.0"
@ -158,7 +158,7 @@ semver = "1.0.20"
 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
 mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true }
-which = "4.4.2"
+which = "5.0.0"
 # Argon2 library with support for the PHC format
 argon2 = "0.5.2"
--- a/2
+++ b/2
@ -1 +1 @@
-docker/amd64/Dockerfile
+docker/Dockerfile.debian
--- a/docker/DockerSettings.yaml
+++ b/docker/DockerSettings.yaml
@ -1,6 +1,9 @@
 ---
-vault_version: "v2023.8.2"
+vault_version: "v2023.9.1"
-vault_image_digest: "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252"
+vault_image_digest: "sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd"
 # Cross Compile Docker Helper Scripts v1.3.0
 # We use the linux/amd64 platform shell scripts since there is no difference between the different platform scripts
 xx_image_digest: "sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc"
 rust_version: 1.73.0 # Rust version to be used
 debian_version: bookworm # Debian release name to be used
 alpine_version: 3.18 # Alpine version to be used
--- a/docker/Dockerfile.alpine
+++ b/docker/Dockerfile.alpine
@ -18,15 +18,15 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.9.1
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.9.1
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
+#     [docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
+#     [docker.io/vaultwarden/web-vault:v2023.9.1]
 #
-FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd as vault
 ########################## ALPINE BUILD IMAGES ##########################
 ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
@ -65,11 +65,6 @@ RUN mkdir -pv "${CARGO_HOME}" \
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain.toml ./rust-toolchain.toml
 COPY ./build.rs ./build.rs
 # Shared variables across Debian and Alpine
 RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \
    # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
@ -84,6 +79,12 @@ RUN source /env-cargo && \
    rustup target add "${CARGO_TARGET}"
 ARG CARGO_PROFILE=release
 ARG VW_VERSION
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain.toml ./rust-toolchain.toml
 COPY ./build.rs ./build.rs
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@ -113,7 +114,7 @@ RUN source /env-cargo && \
 # Create a new stage with a minimal image
 # because we already have a binary built
 #
-# For these images to be able to built you need to have qemu binfmt support.
+# To build these images you need to have qemu binfmt support.
 # See the following pages to help install these tools locally
 # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
 # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
@ -123,7 +124,9 @@ RUN source /env-cargo && \
 # See: https://github.com/tonistiigi/binfmt
 # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
 # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
-FROM docker.io/library/alpine:3.18
+#
 # We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
 FROM --platform=$TARGETPLATFORM docker.io/library/alpine:3.18
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
@ -133,10 +136,10 @@ ENV ROCKET_PROFILE="release" \
 # Create data folder and Install needed libraries
 RUN mkdir /data && \
    apk --no-cache add \
-          ca-certificates \
+        ca-certificates \
-          curl \
+        curl \
-          openssl \
+        openssl \
-          tzdata
+        tzdata
 VOLUME /data
 EXPOSE 80
--- a/docker/Dockerfile.debian
+++ b/docker/Dockerfile.debian
@ -18,18 +18,20 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.9.1
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.9.1
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
+#     [docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
+#     [docker.io/vaultwarden/web-vault:v2023.9.1]
 #
-FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd as vault
 ########################## Cross Compile Docker Helper Scripts ##########################
-FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx
+## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts
 ## And these bash scripts do not have any significant difference if at all
 FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc AS xx
 ########################## BUILD IMAGE ##########################
 # hadolint ignore=DL3006
@ -51,11 +53,14 @@ ENV DEBIAN_FRONTEND=noninteractive \
 # Install clang to get `xx-cargo` working
 # Install pkg-config to allow amd64 builds to find all libraries
 # Install git so build.rs can determine the correct version
 # Install the libc cross packages based upon the debian-arch
 RUN apt-get update && \
    apt-get install -y \
        --no-install-recommends \
-        clang pkg-config \
+        clang \
        pkg-config \
        git \
        "libc6-$(xx-info debian-arch)-cross" \
        "libc6-dev-$(xx-info debian-arch)-cross" \
        "linux-libc-dev-$(xx-info debian-arch)-cross" && \
@ -82,11 +87,6 @@ RUN mkdir -pv "${CARGO_HOME}" \
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain.toml ./rust-toolchain.toml
 COPY ./build.rs ./build.rs
 # Environment variables for cargo across Debian and Alpine
 RUN source /env-cargo && \
    if xx-info is-cross ; then \
@ -109,6 +109,12 @@ RUN source /env-cargo && \
    rustup target add "${CARGO_TARGET}"
 ARG CARGO_PROFILE=release
 ARG VW_VERSION
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain.toml ./rust-toolchain.toml
 COPY ./build.rs ./build.rs
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@ -138,7 +144,7 @@ RUN source /env-cargo && \
 # Create a new stage with a minimal image
 # because we already have a binary built
 #
-# For these images to be able to built you need to have qemu binfmt support.
+# To build these images you need to have qemu binfmt support.
 # See the following pages to help install these tools locally
 # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
 # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
@ -148,7 +154,9 @@ RUN source /env-cargo && \
 # See: https://github.com/tonistiigi/binfmt
 # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
 # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
-FROM docker.io/library/debian:bookworm-slim
+#
 # We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
 FROM --platform=$TARGETPLATFORM docker.io/library/debian:bookworm-slim
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
@ -164,8 +172,8 @@ RUN mkdir /data && \
        libmariadb-dev-compat \
        libpq5 \
        openssl && \
-        apt-get clean && \
+    apt-get clean && \
-        rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*
 VOLUME /data
 EXPOSE 80
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@ -30,7 +30,9 @@ FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@{{ vault_image_diges
 {% if base == "debian" %}
 ########################## Cross Compile Docker Helper Scripts ##########################
-FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx
+## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts
 ## And these bash scripts do not have any significant difference if at all
 FROM --platform=linux/amd64 docker.io/tonistiigi/xx@{{ xx_image_digest }} AS xx
 {% elif base == "alpine" %}
 ########################## ALPINE BUILD IMAGES ##########################
 ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
@ -69,11 +71,14 @@ ENV DEBIAN_FRONTEND=noninteractive \
 # Install clang to get `xx-cargo` working
 # Install pkg-config to allow amd64 builds to find all libraries
 # Install git so build.rs can determine the correct version
 # Install the libc cross packages based upon the debian-arch
 RUN apt-get update && \
    apt-get install -y \
        --no-install-recommends \
-        clang pkg-config \
+        clang \
        pkg-config \
        git \
        "libc6-$(xx-info debian-arch)-cross" \
        "libc6-dev-$(xx-info debian-arch)-cross" \
        "linux-libc-dev-$(xx-info debian-arch)-cross" && \
@ -101,19 +106,14 @@ RUN mkdir -pv "${CARGO_HOME}" \
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain.toml ./rust-toolchain.toml
 COPY ./build.rs ./build.rs
 {% if base == "debian" %}
 # Environment variables for cargo across Debian and Alpine
 RUN source /env-cargo && \
    if xx-info is-cross ; then \
        # We can't use xx-cargo since that uses clang, which doesn't work for our libraries.
        # Because of this we generate the needed environment variables here which we can load in the needed steps.
-        echo "export CC_$(echo ${CARGO_TARGET} | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+        echo "export CC_$(echo "${CARGO_TARGET}" | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
-        echo "export CARGO_TARGET_$(echo ${CARGO_TARGET} | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+        echo "export CARGO_TARGET_$(echo "${CARGO_TARGET}" | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
        echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \
        echo "export CROSS_COMPILE=1" >> /env-cargo && \
        echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \
@ -140,6 +140,12 @@ RUN source /env-cargo && \
    rustup target add "${CARGO_TARGET}"
 ARG CARGO_PROFILE=release
 ARG VW_VERSION
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain.toml ./rust-toolchain.toml
 COPY ./build.rs ./build.rs
 # Builds your dependencies and removes the
 # dummy project, except the target folder
@ -169,7 +175,7 @@ RUN source /env-cargo && \
 # Create a new stage with a minimal image
 # because we already have a binary built
 #
-# For these images to be able to built you need to have qemu binfmt support.
+# To build these images you need to have qemu binfmt support.
 # See the following pages to help install these tools locally
 # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
 # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
@ -179,7 +185,9 @@ RUN source /env-cargo && \
 # See: https://github.com/tonistiigi/binfmt
 # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
 # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
-FROM {{ runtime_stage_image[base] }}
+#
 # We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
 FROM --platform=$TARGETPLATFORM {{ runtime_stage_image[base] }}
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
@ -200,14 +208,14 @@ RUN mkdir /data && \
        libmariadb-dev-compat \
        libpq5 \
        openssl && \
-        apt-get clean && \
+    apt-get clean && \
-        rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*
 {% elif base == "alpine" %}
    apk --no-cache add \
-          ca-certificates \
+        ca-certificates \
-          curl \
+        curl \
-          openssl \
+        openssl \
-          tzdata
+        tzdata
 {% endif %}
 VOLUME /data
--- a/docker/Makefile
+++ b/docker/Makefile
@ -1,3 +1,4 @@
 all:
 	./render_template Dockerfile.j2 '{"base": "debian"}' > Dockerfile.debian
 	./render_template Dockerfile.j2 '{"base": "alpine"}' > Dockerfile.alpine
 .PHONY: all
--- a/docker/README.md
+++ b/docker/README.md
@ -1,7 +1,7 @@
 # Vaultwarden Container Building
 To build and release new testing and stable releases of Vaultwarden we use `docker buildx bake`.<br>
-This can be used locally by running the command your self, but it is also used by GitHub Actions.
+This can be used locally by running the command yourself, but it is also used by GitHub Actions.
 This makes it easier for us to test and maintain the different architectures we provide.<br>
 We also just have two Dockerfile's one for Debian and one for Alpine based images.<br>
@ -67,7 +67,7 @@ docker buildx bake --file docker/docker-bake.hcl alpine-armv6
 ## Local Multi Architecture container building
-Start the the initialization, this only needs to be done once.
+Start the initialization, this only needs to be done once.
 ```bash
 # Create and use a new buildx builder instance which connects to the host network
@ -92,6 +92,7 @@ CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \
 docker buildx bake --file docker/docker-bake.hcl alpine-multi
 ```
 ## Using the `bake.sh` script
 To make it a bit more easier to trigger a build, there also is a `bake.sh` script.<br>
@ -109,6 +110,66 @@ Or if you want to just build a Debian container from the repo root, you can run
 docker/bake.sh
 ```
 You can append both `alpine` and `debian` with `-amd64`, `-arm64`, `-armv7` or `-armv6`, which will trigger a build for that specific platform.<br>
 This will also append those values to the tag so you can see the builded container when running `docker images`.
 You can also append extra arguments after the target if you want. This can be useful for example to print what bake will use.
 ```bash
 docker/bake.sh alpine-all --print
 ```
 ### Testing baked images
 To test these images you can run these images by using the correct tag and provide the platform.<br>
 For example, after you have build an arm64 image via `./bake.sh debian-arm64` you can run:
 ```bash
 docker run --rm -it \
  -e DISABLE_ADMIN_TOKEN=true \
  -e I_REALLY_WANT_VOLATILE_STORAGE=true \
  -p8080:80 --platform=linux/arm64 \
  vaultwarden/server:testing-arm64
 ```
 ## Using the `podman-bake.sh` script
 To also make building easier using podman, there is a `podman-bake.sh` script.<br>
 This script calls `podman buildx build` with the needed parameters and the same as `bake.sh`, it will generate some variables automatically.<br>
 This script can be called from both the repo root or within the docker directory.
 **NOTE:** Unlike the `bake.sh` script, this only supports a single `CONTAINER_REGISTRIES`, and a single `BASE_TAGS` value, no comma separated values. It also only supports building separate architectures, no Multi Arch containers.
 To build an Alpine arm64 image with only sqlite support and mimalloc, run this:
 ```bash
 DB="sqlite,enable_mimalloc" \
 ./podman-bake.sh alpine-arm64
 ```
 Or if you want to just build a Debian container from the repo root, you can run this.
 ```bash
 docker/podman-bake.sh
 ```
 You can append extra arguments after the target if you want. This can be useful for example to disable cache like this.
 ```bash
 ./podman-bake.sh alpine-arm64 --no-cache
 ```
 For the podman builds you can, just like the `bake.sh` script, also append the architecture to build for that specific platform.<br>
 ### Testing podman builded images
 The command to start a podman built container is almost the same as for the docker/bake built containers. The images start with `localhost/`, so you need to prepend that.
 ```bash
 podman run --rm -it \
  -e DISABLE_ADMIN_TOKEN=true \
  -e I_REALLY_WANT_VOLATILE_STORAGE=true \
  -p8080:80 --platform=linux/arm64 \
  localhost/vaultwarden/server:testing-arm64
 ```
 ## Variables supported
 | Variable              | default | description |
 | --------------------- | ------------------ | ----------- |
@ -119,3 +180,4 @@ docker/bake.sh
 | SOURCE_VERSION        | null               | The current exact tag of this commit, else the last tag and the first 8 chars of the source commit                 |
 | BASE_TAGS             | testing            | Tags to be used. Can be a comma separated value like "latest,1.29.2"                                               |
 | CONTAINER_REGISTRIES  | vaultwarden/server | Comma separated value of container registries. Like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` |
 | VW_VERSION            | null               | To override the `SOURCE_VERSION` value. This is also used by the `build.rs` code for example                       |
--- a/docker/bake.sh
+++ b/docker/bake.sh
@ -1,25 +1,15 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 # Determine the basedir of this script.
 # It should be located in the same directory as the docker-bake.hcl
 # This ensures you can run this script from both inside and outside of the docker directory
 BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")")
-if [ -z "${SOURCE_COMMIT}" ]; then
+# Load build env's
-    SOURCE_COMMIT="$(git rev-parse HEAD)"
+source "${BASEDIR}/bake_env.sh"
 fi
-GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)"
+# Be verbose on what is being executed
-if [ -n "${GIT_EXACT_TAG}" ]; then
+set -x
    SOURCE_VERSION="${GIT_EXACT_TAG}"
 else
    GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
    SOURCE_VERSION="${GIT_LAST_TAG}-$(printf '%s' "${SOURCE_COMMIT}" | cut -c 8)"
 fi
 # Export the rendered variables above so bake will use them
 export SOURCE_COMMIT
 export SOURCE_VERSION
 # Make sure we set the context to `..` so it will go up one directory
 docker buildx bake --progress plain --set "*.context=${BASEDIR}/.." -f "${BASEDIR}/docker-bake.hcl" "$@"
--- a/docker/bake_env.sh
+++ b/docker/bake_env.sh
@ -0,0 +1,33 @@
 #!/usr/bin/env bash
 # If SOURCE_COMMIT is provided via env skip this
 if [ -z "${SOURCE_COMMIT+x}" ]; then
    SOURCE_COMMIT="$(git rev-parse HEAD)"
 fi
 # If VW_VERSION is provided via env use it as SOURCE_VERSION
 # Else define it using git
 if [[ -n "${VW_VERSION}" ]]; then
    SOURCE_VERSION="${VW_VERSION}"
 else
    GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)"
    if [[ -n "${GIT_EXACT_TAG}" ]]; then
        SOURCE_VERSION="${GIT_EXACT_TAG}"
    else
        GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
        SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}"
        GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)"
        case "${GIT_BRANCH}" in
            main|master|HEAD)
                # Do not add the branch name for these branches
                ;;
            *)
                SOURCE_VERSION="${SOURCE_VERSION} (${GIT_BRANCH})"
                ;;
        esac
    fi
 fi
 # Export the rendered variables above so bake will use them
 export SOURCE_COMMIT
 export SOURCE_VERSION
--- a/docker/docker-bake.hcl
+++ b/docker/docker-bake.hcl
@ -29,6 +29,12 @@ variable "SOURCE_VERSION" {
  default = null
 }
 // This can be used to overwrite SOURCE_VERSION
 // It will be used during the build.rs building stage
 variable "VW_VERSION" {
  default = null
 }
 // The base tag(s) to use
 // This can be a comma separated value like "testing,1.29.2"
 variable "BASE_TAGS" {
@ -51,9 +57,10 @@ group "default" {
 // ==== Shared Baking ====
-
+function "labels" {
-target "_default_attributes" {
+  params = []
-  labels = {
+  result = {
    "org.opencontainers.image.description" = "Unofficial Bitwarden compatible server written in Rust - ${SOURCE_VERSION}"
    "org.opencontainers.image.licenses" = "AGPL-3.0-only"
    "org.opencontainers.image.documentation" = "https://github.com/dani-garcia/vaultwarden/wiki"
    "org.opencontainers.image.url" = "https://github.com/dani-garcia/vaultwarden"
@ -62,9 +69,14 @@ target "_default_attributes" {
    "org.opencontainers.image.revision" = "${SOURCE_COMMIT}"
    "org.opencontainers.image.version" = "${SOURCE_VERSION}"
  }
 }
 target "_default_attributes" {
  labels = labels()
  args = {
    DB = "${DB}"
    CARGO_PROFILE = "${CARGO_PROFILE}"
    VW_VERSION = "${VW_VERSION}"
  }
 }
@ -75,8 +87,8 @@ target "_default_attributes" {
 target "debian" {
  inherits = ["_default_attributes"]
  dockerfile = "docker/Dockerfile.debian"
  output = ["type=docker"]
  tags = generate_tags("", platform_tag())
  output = [join(",", flatten([["type=docker"], image_index_annotations()]))]
 }
 // Multi Platform target, will build one tagged manifest with all supported architectures
@ -85,7 +97,7 @@ target "debian-multi" {
  inherits = ["debian"]
  platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
  tags = generate_tags("", "")
-  output = ["type=registry"]
+  output = [join(",", flatten([["type=registry"], image_index_annotations()]))]
 }
 // Per platform targets, to individually test building per platform locally
@ -125,8 +137,8 @@ group "debian-all" {
 target "alpine" {
  inherits = ["_default_attributes"]
  dockerfile = "docker/Dockerfile.alpine"
  output = ["type=docker"]
  tags = generate_tags("-alpine", platform_tag())
  output = [join(",", flatten([["type=docker"], image_index_annotations()]))]
 }
 // Multi Platform target, will build one tagged manifest with all supported architectures
@ -135,7 +147,7 @@ target "alpine-multi" {
  inherits = ["alpine"]
  platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
  tags = generate_tags("-alpine", "")
-  output = ["type=registry"]
+  output = [join(",", flatten([["type=registry"], image_index_annotations()]))]
 }
 // Per platform targets, to individually test building per platform locally
@ -207,3 +219,11 @@ function "generate_tags" {
        concat(["${registry}:${base_tag}${suffix}${platform}"])]
  ])
 }
 function "image_index_annotations" {
  params = []
  result = flatten([
    for key, value in labels() :
      value != null ? formatlist("annotation-index.%s=%s", "${key}", "${value}") : []
  ])
 }
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@ -10,7 +10,7 @@ CONFIG_FILE="${DATA_FOLDER}"/config.json
 # Given a config key, return the corresponding config value from the
 # config file. If the key doesn't exist, return an empty string.
 get_config_val() {
-    local key="$1"
+    key="$1"
    # Extract a line of the form:
    #   "domain": "https://bw.example.com/path",
    grep "\"${key}\":" "${CONFIG_FILE}" |
--- a/docker/podman-bake.sh
+++ b/docker/podman-bake.sh
@ -0,0 +1,105 @@
 #!/usr/bin/env bash
 # Determine the basedir of this script.
 # It should be located in the same directory as the docker-bake.hcl
 # This ensures you can run this script from both inside and outside of the docker directory
 BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")")
 # Load build env's
 source "${BASEDIR}/bake_env.sh"
 # Check if a target is given as first argument
 # If not we assume the defaults and pass the given arguments to the podman command
 case "${1}" in
    alpine*|debian*)
        TARGET="${1}"
        # Now shift the $@ array so we only have the rest of the arguments
        # This allows us too append these as extra arguments too the podman buildx build command
        shift
    ;;
 esac
 LABEL_ARGS=(
    --label org.opencontainers.image.description="Unofficial Bitwarden compatible server written in Rust"
    --label org.opencontainers.image.licenses="AGPL-3.0-only"
    --label org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki"
    --label org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden"
    --label org.opencontainers.image.created="$(date --utc --iso-8601=seconds)"
 )
 if [[ -n "${SOURCE_REPOSITORY_URL}" ]]; then
    LABEL_ARGS+=(--label org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}")
 fi
 if [[ -n "${SOURCE_COMMIT}" ]]; then
    LABEL_ARGS+=(--label org.opencontainers.image.revision="${SOURCE_COMMIT}")
 fi
 if [[ -n "${SOURCE_VERSION}" ]]; then
    LABEL_ARGS+=(--label org.opencontainers.image.version="${SOURCE_VERSION}")
 fi
 # Check if and which --build-arg arguments we need to configure
 BUILD_ARGS=()
 if [[ -n "${DB}" ]]; then
    BUILD_ARGS+=(--build-arg DB="${DB}")
 fi
 if [[ -n "${CARGO_PROFILE}" ]]; then
    BUILD_ARGS+=(--build-arg CARGO_PROFILE="${CARGO_PROFILE}")
 fi
 if [[ -n "${VW_VERSION}" ]]; then
    BUILD_ARGS+=(--build-arg VW_VERSION="${VW_VERSION}")
 fi
 # Set the default BASE_TAGS if non are provided
 if [[ -z "${BASE_TAGS}" ]]; then
    BASE_TAGS="testing"
 fi
 # Set the default CONTAINER_REGISTRIES if non are provided
 if [[ -z "${CONTAINER_REGISTRIES}" ]]; then
    CONTAINER_REGISTRIES="vaultwarden/server"
 fi
 # Check which Dockerfile we need to use, default is debian
 case "${TARGET}" in
    alpine*)
        BASE_TAGS="${BASE_TAGS}-alpine"
        DOCKERFILE="Dockerfile.alpine"
        ;;
    *)
        DOCKERFILE="Dockerfile.debian"
        ;;
 esac
 # Check which platform we need to build and append the BASE_TAGS with the architecture
 case "${TARGET}" in
    *-arm64)
        BASE_TAGS="${BASE_TAGS}-arm64"
        PLATFORM="linux/arm64"
        ;;
    *-armv7)
        BASE_TAGS="${BASE_TAGS}-armv7"
        PLATFORM="linux/arm/v7"
        ;;
    *-armv6)
        BASE_TAGS="${BASE_TAGS}-armv6"
        PLATFORM="linux/arm/v6"
        ;;
    *)
        BASE_TAGS="${BASE_TAGS}-amd64"
        PLATFORM="linux/amd64"
        ;;
 esac
 # Be verbose on what is being executed
 set -x
 # Build the image with podman
 # We use the docker format here since we are using `SHELL`, which is not supported by OCI
 # shellcheck disable=SC2086
 podman buildx build \
  --platform="${PLATFORM}" \
  --tag="${CONTAINER_REGISTRIES}:${BASE_TAGS}" \
  --format=docker \
  "${LABEL_ARGS[@]}" \
  "${BUILD_ARGS[@]}" \
  --file="${BASEDIR}/${DOCKERFILE}" "$@" \
  "${BASEDIR}/.."
	`@ -1 +1 @@`
		`docker/amd64/Dockerfile`			`docker/Dockerfile.debian`