Update crates, web-vault, js, workflows (#6749)

- Updated all crates - Updated web-vault to v2025.12.2 - Updated all JavaScript files - Updated all GitHub Action Workflows Also added the `concurrency` option to all workflows. Signed-off-by: BlackDex <black.dex@gmail.com>
2026-01-28 12:06:19 +02:00 · 2026-01-22 23:40:39 +01:00
parent 4737192853
commit cc80f689ed
22 changed files with 4009 additions and 5698 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,6 +1,10 @@
 name: Build
 permissions: {}

+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 on:
  push:
    paths:
@@ -30,6 +34,10 @@ on:
      - "docker/DockerSettings.yaml"
      - "macros/**"

+defaults:
+  run:
+    shell: bash
+
 jobs:
  build:
    name: Build and Test ${{ matrix.channel }}
@@ -63,7 +71,6 @@ jobs:
      # Determine rust-toolchain version
      - name: Init Variables
        id: toolchain
-        shell: bash
        env:
          CHANNEL: ${{ matrix.channel }}
        run: |
--- a/.github/workflows/check-templates.yml
+++ b/.github/workflows/check-templates.yml
@@ -1,8 +1,16 @@
 name: Check templates
 permissions: {}

+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 on: [ push, pull_request ]

+defaults:
+  run:
+    shell: bash
+
 jobs:
  docker-templates:
    name: Validate docker templates
--- a/.github/workflows/hadolint.yml
+++ b/.github/workflows/hadolint.yml
@@ -1,8 +1,15 @@
 name: Hadolint
-
-on: [ push, pull_request ]
 permissions: {}

+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+on: [ push, pull_request ]
+
+defaults:
+  run:
+    shell: bash

 jobs:
  hadolint:
@@ -25,7 +32,6 @@ jobs:

      # Download hadolint - https://github.com/hadolint/hadolint/releases
      - name: Download hadolint
-        shell: bash
        run: |
          sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint && \
          sudo chmod +x /usr/local/bin/hadolint
@@ -41,13 +47,11 @@ jobs:

      # Test Dockerfiles with hadolint
      - name: Run hadolint
-        shell: bash
        run: hadolint docker/Dockerfile.{debian,alpine}
      # End Test Dockerfiles with hadolint

      # Test Dockerfiles with docker build checks
      - name: Run docker build check
-        shell: bash
        run: |
          echo "Checking docker/Dockerfile.debian"
          docker build --check . -f docker/Dockerfile.debian
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,6 +1,12 @@
 name: Release
 permissions: {}

+concurrency:
+  # Apply concurrency control only on the upstream repo
+  group: ${{ github.repository == 'dani-garcia/vaultwarden' && format('{0}-{1}', github.workflow, github.ref) || github.run_id }}
+  # Don't cancel other runs when creating a tag
+  cancel-in-progress: ${{ github.ref_type == 'branch' }}
+
 on:
  push:
    branches:
@@ -10,12 +16,6 @@ on:
      # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
      - '[1-2].[0-9]+.[0-9]+'

-concurrency:
-  # Apply concurrency control only on the upstream repo
-  group: ${{ github.repository == 'dani-garcia/vaultwarden' && format('{0}-{1}', github.workflow, github.ref) || github.run_id }}
-  # Don't cancel other runs when creating a tag
-  cancel-in-progress: ${{ github.ref_type == 'branch' }}
-
 defaults:
  run:
    shell: bash
--- a/.github/workflows/releasecache-cleanup.yml
+++ b/.github/workflows/releasecache-cleanup.yml
@@ -1,6 +1,10 @@
 name: Cleanup
 permissions: {}

+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: false
+
 on:
  workflow_dispatch:
    inputs:
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -1,6 +1,10 @@
 name: Trivy
 permissions: {}

+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 on:
  push:
    branches:
@@ -46,6 +50,6 @@ jobs:
          severity: CRITICAL,HIGH

      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
        with:
          sarif_file: 'trivy-results.sarif'
--- a/.github/workflows/typos.yml
+++ b/.github/workflows/typos.yml
@@ -1,7 +1,11 @@
 name: Code Spell Checking
+permissions: {}
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true

 on: [ push, pull_request ]
-permissions: {}

 jobs:
  typos:
@@ -19,4 +23,4 @@ jobs:

      # When this version is updated, do not forget to update this in `.pre-commit-config.yaml` too
      - name: Spell Check Repo
-        uses: crate-ci/typos@1a319b54cc9e3b333fed6a5c88ba1a90324da514 # v1.40.1
+        uses: crate-ci/typos@65120634e79d8374d1aa2f27e54baa0c364fff5a # v1.42.1
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -1,4 +1,9 @@
 name: Security Analysis with zizmor
+permissions: {}
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true

 on:
  push:
@@ -6,8 +11,6 @@ on:
  pull_request:
    branches: ["**"]

-permissions: {}
-
 jobs:
  zizmor:
    name: Run zizmor
@@ -21,7 +24,7 @@ jobs:
          persist-credentials: false

      - name: Run zizmor
-        uses: zizmorcore/zizmor-action@e639db99335bc9038abc0e066dfcd72e23d26fb4 # v0.3.0
+        uses: zizmorcore/zizmor-action@135698455da5c3b3e55f73f4419e481ab68cdd95 # v0.4.1
        with:
          # intentionally not scanning the entire repository,
          # since it contains integration tests.