Update Rust dependencies.

2026-01-08 10:50:15 -06:00 · 2025-09-30 13:56:08 +02:00
parent 33a770d4ea
commit be4e54fb53
6 changed files with 55 additions and 32 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -153,9 +153,9 @@ dependencies = [

 [[package]]
 name = "anstyle"
-version = "1.0.11"
+version = "1.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "862ed96ca487e809f1c8e5a8447f6ee2cf102f846893800b20cebdf541fc6bbd"
+checksum = "5192cca8006f1fd4f7237516f40fa183bb07f8fbdfedaa0036de5ea9b0b45e78"

 [[package]]
 name = "anstyle-parse"
@@ -587,11 +587,11 @@ dependencies = [

 [[package]]
 name = "axum"
-version = "0.8.5"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "98e529aee37b5c8206bb4bf4c44797127566d72f76952c970bd3d1e85de8f4e2"
+checksum = "8a18ed336352031311f4e0b4dd2ff392d4fbb370777c9d18d7fc9d7359f73871"
 dependencies = [
- "axum-core 0.5.4",
+ "axum-core 0.5.5",
 "bytes",
 "form_urlencoded",
 "futures-util",
@@ -641,9 +641,9 @@ dependencies = [

 [[package]]
 name = "axum-core"
-version = "0.5.4"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ac7a6beb1182c7e30253ee75c3e918080bfb83f5a3023bcdf7209d85fd147e6"
+checksum = "59446ce19cd142f8833f856eb31f3eb097812d1479ab224f54d72428ca21ea22"
 dependencies = [
 "bytes",
 "futures-core",
@@ -667,7 +667,7 @@ dependencies = [
 "anyhow",
 "assert-json-diff",
 "auto-future",
- "axum 0.8.5",
+ "axum 0.8.6",
 "bytes",
 "bytesize",
 "cookie",
@@ -964,9 +964,9 @@ checksum = "f5c434ae3cf0089ca203e9019ebe529c47ff45cefe8af7c85ecb734ef541822f"

 [[package]]
 name = "camino"
-version = "1.2.0"
+version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1de8bc0aa9e9385ceb3bf0c152e3a9b9544f6c4a912c8ae504e80c1f0368603"
+checksum = "276a59bf2b2c967788139340c9f0c5b12d7fd6630315c15c217e559de85d2609"
 dependencies = [
 "serde_core",
 ]
@@ -1734,7 +1734,7 @@ dependencies = [
 name = "custom-binary"
 version = "0.1.0"
 dependencies = [
- "axum 0.8.5",
+ "axum 0.8.6",
 "env_logger",
 "tokio",
 "trailbase",
@@ -3925,10 +3925,31 @@ checksum = "5a87cc7a48537badeae96744432de36f4be2b4a34a05a5ef32e9dd8a1c169dde"
 dependencies = [
 "base64",
 "js-sys",
- "pem",
 "ring",
 "serde",
 "serde_json",
+]
+
+[[package]]
+name = "jsonwebtoken"
+version = "10.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1417155a38e99d7704ddb3ea7445fe57fdbd5d756d727740a9ed8b9ebaed6e1"
+dependencies = [
+ "base64",
+ "ed25519-dalek",
+ "getrandom 0.2.16",
+ "hmac",
+ "js-sys",
+ "p256",
+ "p384",
+ "pem",
+ "rand 0.8.5",
+ "rsa",
+ "serde",
+ "serde_json",
+ "sha2",
+ "signature",
 "simple_asn1",
 ]

@@ -7686,7 +7707,7 @@ version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "151b5a3e3c45df17466454bb74e9ecedecc955269bdedbf4d150dfa393b55a36"
 dependencies = [
- "axum-core 0.5.4",
+ "axum-core 0.5.5",
 "cookie",
 "futures-util",
 "http",
@@ -7803,7 +7824,7 @@ dependencies = [
 "askama",
 "async-channel 2.5.0",
 "async-trait",
- "axum 0.8.5",
+ "axum 0.8.6",
 "axum-test",
 "base64",
 "bytes",
@@ -7823,7 +7844,7 @@ dependencies = [
 "indoc",
 "itertools 0.14.0",
 "jsonschema",
- "jsonwebtoken",
+ "jsonwebtoken 10.0.0",
 "kanal",
 "lazy_static",
 "lettre",
@@ -7884,7 +7905,7 @@ name = "trailbase-assets"
 version = "0.2.0"
 dependencies = [
 "askama",
- "axum 0.8.5",
+ "axum 0.8.6",
 "itertools 0.14.0",
 "log",
 "rust-embed",
@@ -7907,7 +7928,7 @@ dependencies = [
 name = "trailbase-cli"
 version = "0.2.0"
 dependencies = [
- "axum 0.8.5",
+ "axum 0.8.6",
 "chrono",
 "clap",
 "env_logger",
@@ -7935,7 +7956,7 @@ dependencies = [
 "base64",
 "eventsource-stream",
 "futures-lite",
- "jsonwebtoken",
+ "jsonwebtoken 9.3.1",
 "parking_lot",
 "reqwest",
 "serde",
@@ -8437,7 +8458,7 @@ version = "9.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d047458f1b5b65237c2f6dc6db136945667f40a7668627b3490b9513a3d43a55"
 dependencies = [
- "axum 0.8.5",
+ "axum 0.8.6",
 "base64",
 "mime_guess",
 "regex",
@@ -9823,9 +9844,9 @@ dependencies = [

 [[package]]
 name = "zeroize"
-version = "1.8.1"
+version = "1.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
+checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0"
 dependencies = [
 "zeroize_derive",
 ]
--- a/crates/client/Cargo.toml
+++ b/crates/client/Cargo.toml
@@ -14,7 +14,7 @@ exclude = [
 [dependencies]
 eventsource-stream = { version = "0.2.3", features = [] }
 futures-lite = "2.6.1"
-jsonwebtoken = { version = "9.3.0", default-features = false }
+jsonwebtoken = { version = "9.3.1", default-features = false }
 parking_lot = { workspace = true }
 reqwest = { version = "0.12.8", features = ["stream"] }
 serde = { version = "1.0.217", features = ["derive"] }
--- a/crates/client/src/lib.rs
+++ b/crates/client/src/lib.rs
@@ -231,8 +231,8 @@ struct JwtTokenClaims {
  csrf_token: String,
 }

-fn decode_auth_token<T: DeserializeOwned>(token: &str) -> Result<T, Error> {
-  let decoding_key = jsonwebtoken::DecodingKey::from_secret(&[]);
+fn decode_auth_token<T: DeserializeOwned + Clone>(token: &str) -> Result<T, Error> {
+  let decoding_key = jsonwebtoken::DecodingKey::from_ed_der(&[]);

  // Don't validate the token, we don't have the secret key. Just deserialize the claims/contents.
  let mut validation = jsonwebtoken::Validation::new(jsonwebtoken::Algorithm::EdDSA);
@@ -584,11 +584,13 @@ impl TokenState {
    let headers = build_headers(tokens);
    return TokenState {
      state: tokens.and_then(|tokens| {
-        let Ok(jwt_token) = decode_auth_token::<JwtTokenClaims>(&tokens.auth_token) else {
-          error!("Failed to decode auth token.");
-          return None;
+        return match decode_auth_token::<JwtTokenClaims>(&tokens.auth_token) {
+          Ok(jwt_token) => Some((tokens.clone(), jwt_token)),
+          Err(err) => {
+            error!("Failed to decode auth token: {err}");
+            None
+          }
        };
-        return Some((tokens.clone(), jwt_token));
      }),
      headers,
    };
--- a/crates/core/Cargo.toml
+++ b/crates/core/Cargo.toml
@@ -50,7 +50,7 @@ hyper-util = "0.1.7"
 indoc = "2.0.5"
 itertools = "0.14.0"
 jsonschema = { version = "0.33.0", default-features = false }
-jsonwebtoken = { version = "^9.3.0", default-features = false, features = ["use_pem"] }
+jsonwebtoken = { version = "^10.0.0", default-features = false, features = ["use_pem", "rust_crypto"] }
 kanal = "0.1.1"
 lazy_static = "1.4.0"
 lettre = { version = "^0.11.7", default-features = false, features = ["tokio1-rustls-tls", "sendmail-transport", "smtp-transport", "builder"] }
--- a/crates/core/src/auth/jwt.rs
+++ b/crates/core/src/auth/jwt.rs
@@ -117,7 +117,7 @@ impl JwtHelper {
    return self.public_key.clone();
  }

-  pub fn decode<T: DeserializeOwned>(&self, token: &str) -> Result<T, JwtError> {
+  pub fn decode<T: DeserializeOwned + Clone>(&self, token: &str) -> Result<T, JwtError> {
    // Note: we don't need to expose the token headers.
    return jsonwebtoken::decode::<T>(token, &self.decoding_key, &self.validation)
      .map(|data| data.claims);
--- a/crates/core/src/auth/oauth/state.rs
+++ b/crates/core/src/auth/oauth/state.rs
@@ -1,6 +1,6 @@
 use serde::{Deserialize, Serialize};

-#[derive(Debug, Serialize, Deserialize, PartialEq)]
+#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
 pub(crate) enum ResponseType {
  #[serde(rename = "code")]
  Code,
@@ -9,7 +9,7 @@ pub(crate) enum ResponseType {
 /// State that will be round-tripped from login -> remote oauth -> callback via the user's cookies.
 ///
 /// NOTE: Consider encrypting the state to make it tamper-proof.
-#[derive(Debug, Serialize, Deserialize, PartialEq)]
+#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
 pub(crate) struct OAuthState {
  /// Expiration timestamp. Required for JWT. We could remove this is we made this tamper-proof w/o
  /// JWT.