github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-05-23 08:32:45 -05:00
Code Issues 307 Packages Projects Releases 83 Wiki Activity

[PR #6980] [MERGED] Update crates and GHA #24745

New Issue
Closed
opened 2026-05-22 02:20:58 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-05-22 02:20:58 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/6980
Author: @BlackDex
Created: 3/21/2026
Status: Merged
Merged: 3/23/2026
Merged by: @dani-garcia

Base: mainHead: update-crates-and-gha

📝 Commits (1)

📊 Changes

7 files changed (+129 additions, -114 deletions)

View changed files

📝 .github/workflows/build.yml (+13 -22)
📝 .github/workflows/release.yml (+1 -1)
📝 .github/workflows/trivy.yml (+2 -2)
📝 .github/workflows/zizmor.yml (+1 -1)
📝 Cargo.lock (+106 -81)
📝 Cargo.toml (+6 -6)
📝 src/api/admin.rs (+0 -1)

📄 Description

Updated all crates which are possible.

Updated all GitHub Actions to their latest version. There was a supply-chain attack on the trivy action to which we were not exposed since we were using pinned sha hashes. The latest version v0.35.0 is not vulnerable and that version will be used with this commit.

Also removed dtolnay/rust-toolchain as suggested by zizmor and adjusted the way to install the correct toolchain. Since this GitHub Action did not used any version tagging, it was also cumbersome to update.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/6980 **Author:** [@BlackDex](https://github.com/BlackDex) **Created:** 3/21/2026 **Status:** ✅ Merged **Merged:** 3/23/2026 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `update-crates-and-gha` --- ### 📝 Commits (1) - [`5126fe2`](https://github.com/dani-garcia/vaultwarden/commit/5126fe28b8a8ce8ac82f7c4d9cb8ad524f411107) Update crates and GHA ### 📊 Changes **7 files changed** (+129 additions, -114 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/build.yml` (+13 -22) 📝 `.github/workflows/release.yml` (+1 -1) 📝 `.github/workflows/trivy.yml` (+2 -2) 📝 `.github/workflows/zizmor.yml` (+1 -1) 📝 `Cargo.lock` (+106 -81) 📝 `Cargo.toml` (+6 -6) 📝 `src/api/admin.rs` (+0 -1) </details> ### 📄 Description Updated all crates which are possible. Updated all GitHub Actions to their latest version. There was a supply-chain attack on the trivy action to which we were not exposed since we were using pinned sha hashes. The latest version v0.35.0 is not vulnerable and that version will be used with this commit. Also removed `dtolnay/rust-toolchain` as suggested by zizmor and adjusted the way to install the correct toolchain. Since this GitHub Action did not used any version tagging, it was also cumbersome to update. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-22 02:20:58 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#24745
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?