fix(deps): update all dependencies

Author: renovate[bot]

.github/workflows/add-issues-to-project.yaml

@@ -10,7 +10,7 @@ jobs:
     name: Add issue to project
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/add-to-project@v1.0.2
+      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
         with:
           project-url: https://github.com/orgs/famedly/projects/50
           github-token: ${{ secrets.ADD_ISSUE_TO_PROJECT_PAT }}

.github/workflows/release.yml

@@ -26,10 +26,10 @@ jobs:
             runner: arm-ubuntu-latest-8core
             asset_name: ${{ github.event.repository.name }}-linux-aarch64-latest
     runs-on: ${{ matrix.runner }}
-    container: registry.famedly.net/docker-oss/rust-container:nightly
+    container: registry.famedly.net/docker-oss/rust-container:nightly@sha256:2aaa8961f8d80a5bc6d3858589e01d4a52d3a5f268aeed94755b4ad12f1c1872
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
 
       - name: Set up Rust
         uses: famedly/backend-build-workflows/.github/actions/rust-prepare@main
@@ -39,13 +39,13 @@ jobs:
           gitlab_pass: ${{ secrets.GITLAB_PASS }}
 
       - name: Caching
-        uses: Swatinem/rust-cache@68b3cb7503c78e67dae8373749990a220eb65352
+        uses: Swatinem/rust-cache@c071727fc96109277f0135b3f13503db23b6cc1b
         with:
           cache-on-failure: true
           cache-all-crates: true
 
       - name: Install additional cargo tooling
-        uses: taiki-e/cache-cargo-install-action@3d5e3efe44b020826abe522d18cb4457042280ef
+        uses: taiki-e/cache-cargo-install-action@b8c5be6c3fb064f797977463ac00b01844751632
         with:
           tool: cargo-auditable
 
@@ -58,12 +58,12 @@ jobs:
         run: "mv target/release/${{ github.event.repository.name }} target/release/${{ matrix.asset_name }}"
 
       - name: Attest
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1
         with:
           subject-path: '${{ github.workspace }}/target/release/${{ matrix.asset_name }}'
 
       - name: Upload binary
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
         with:
           name: release-${{ matrix.asset_name }}
           path: '${{ github.workspace }}/target/release/${{ matrix.asset_name }}'
@@ -74,10 +74,10 @@ jobs:
       contents: read
       attestations: write
     runs-on: ubuntu-latest
-    container: registry.famedly.net/docker-oss/rust-container:nightly
+    container: registry.famedly.net/docker-oss/rust-container:nightly@sha256:2aaa8961f8d80a5bc6d3858589e01d4a52d3a5f268aeed94755b4ad12f1c1872
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
 
       - name: Set up Rust
         uses: famedly/backend-build-workflows/.github/actions/rust-prepare@main
@@ -87,18 +87,18 @@ jobs:
           gitlab_pass: ${{ secrets.GITLAB_PASS }}
 
       - name: Caching
-        uses: Swatinem/rust-cache@68b3cb7503c78e67dae8373749990a220eb65352
+        uses: Swatinem/rust-cache@c071727fc96109277f0135b3f13503db23b6cc1b
         with:
           cache-on-failure: true
           cache-all-crates: true
 
       - name: Install cargo-sbom
-        uses: taiki-e/cache-cargo-install-action@3d5e3efe44b020826abe522d18cb4457042280ef
+        uses: taiki-e/cache-cargo-install-action@b8c5be6c3fb064f797977463ac00b01844751632
         with:
           tool: cargo-sbom
 
       - name: Install cyclonedx-rust-cargo
-        uses: taiki-e/cache-cargo-install-action@3d5e3efe44b020826abe522d18cb4457042280ef
+        uses: taiki-e/cache-cargo-install-action@b8c5be6c3fb064f797977463ac00b01844751632
         with:
           tool: cargo-cyclonedx
 
@@ -110,21 +110,21 @@ jobs:
         run: cargo cyclonedx -f json
 
       - name: Attest SPDX SBOM
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1
         with:
           subject-path: '${{ github.workspace }}/${{ github.event.repository.name }}.spdx.json'
       - name: Attest CycloneDX SBOM
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1
         with:
           subject-path: '${{ github.workspace }}/${{ github.event.repository.name }}.cdx.json'
 
       - name: Upload SPDX SBOM
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
         with:
           name: release-sbom-spdx
           path: '${{ github.workspace }}/${{ github.event.repository.name}}.spdx.json'
       - name: Upload CycloneDX SBOM
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
         with:
           name: release-sbom-cdx
           path: '${{ github.workspace }}/${{ github.event.repository.name }}.cdx.json'
@@ -134,14 +134,14 @@ jobs:
     needs: [build, sbom]
     steps:
       - name: Download artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
         with:
           pattern: release-*
           path: artifacts
           merge-multiple: true
 
       - name: Create release
-        uses: softprops/action-gh-release@79721680dfc87fb0f44dfe65df68961056d55c38
+        uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe
         with:
           files: artifacts/*
           prerelease: "${{ contains(github.ref_name, 'rc') }}"

.github/workflows/rust-workflow.yml

@@ -19,11 +19,11 @@ concurrency:
 # Defined CI jobs.
 jobs:
   simple-checks:
-    container: registry.famedly.net/docker-oss/rust-container:nightly
+    container: registry.famedly.net/docker-oss/rust-container:nightly@sha256:2aaa8961f8d80a5bc6d3858589e01d4a52d3a5f268aeed94755b4ad12f1c1872
     runs-on: ubuntu-latest
     steps:
     - name: Checkout current repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
 
     - uses: famedly/backend-build-workflows/.github/actions/rust-prepare@main
       with:
@@ -32,7 +32,7 @@ jobs:
         gitlab_pass: ${{ secrets.GITLAB_PASS }}
 
     - name: Caching
-      uses: Swatinem/rust-cache@68b3cb7503c78e67dae8373749990a220eb65352
+      uses: Swatinem/rust-cache@c071727fc96109277f0135b3f13503db23b6cc1b
       with:
         cache-on-failure: true
         cache-all-crates: true
@@ -61,7 +61,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout current repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
 
     - uses: famedly/backend-build-workflows/.github/actions/rust-prepare@main
       with:
@@ -73,7 +73,7 @@ jobs:
       run: rustup component add llvm-tools-preview --toolchain stable-x86_64-unknown-linux-gnu
 
     - name: Caching
-      uses: Swatinem/rust-cache@68b3cb7503c78e67dae8373749990a220eb65352
+      uses: Swatinem/rust-cache@c071727fc96109277f0135b3f13503db23b6cc1b
       with:
         cache-on-failure: true
         cache-all-crates: true
@@ -96,12 +96,12 @@ jobs:
         docker compose --project-directory ./tests/environment logs
 
     - name: Codecov - Upload coverage
-      uses: codecov/codecov-action@v4
+      uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4
       with:
         token: ${{secrets.CODECOV_TOKEN}}
         files: lcov.info
 
     - name: Codecov - Upload test results
-      uses: codecov/test-results-action@v1
+      uses: codecov/test-results-action@47f89e9acb64b76debcd5ea40642d25a4adced9f # v1
       with:
         token: ${{secrets.CODECOV_TOKEN}}

Cargo.toml

@@ -14,7 +14,7 @@ anyhow = { version = "1.0.95", features = ["backtrace"] }
 async-trait = "0.1.82"
 base64 = "0.22.1"
 chrono = "0.4.19"
-config = { version = "0.14.0" }
+config = { version = "0.15.0" }
 http = "1.1.0"
 serde = { version = "1.0.203", features = ["derive"] }
 serde_json = "1.0.127"
@@ -29,7 +29,7 @@ wiremock = "0.6.2"
 csv = "1.3.0"
 tempfile = "3.12.0"
 futures = "0.3.31"
-ldap3 = { version = "0.11.1", default-features = false, features = ["tls-native"] }
+ldap3 = { version = "0.12.0", default-features = false, features = ["tls-native"] }
 native-tls = "0.2.12"
 hex = "0.4.3"
 itertools = "0.14.0"
@@ -45,7 +45,7 @@ vergen = { version = "8.2.6", features = ["git", "gitcl", "build"] } # vergen pa
 
 [dev-dependencies]
 indoc = "2.0.5"
-ldap3 = { version = "0.11.1", default-features = false, features = ["tls-native"] }
+ldap3 = { version = "0.12.0", default-features = false, features = ["tls-native"] }
 serde_yaml = "0.9.34"
 tempfile = "3.10.1"
 test-log = { version = "0.2.16", features = ["trace", "unstable"] }

Dockerfile

@@ -1,4 +1,4 @@
-FROM registry.famedly.net/docker-oss/rust-container:nightly AS builder
+FROM registry.famedly.net/docker-oss/rust-container:nightly@sha256:2aaa8961f8d80a5bc6d3858589e01d4a52d3a5f268aeed94755b4ad12f1c1872 AS builder
 ARG CARGO_NET_GIT_FETCH_WITH_CLI=true
 ARG FAMEDLY_CRATES_REGISTRY
 ARG CARGO_HOME
@@ -20,7 +20,7 @@ COPY . /app
 WORKDIR /app
 RUN cargo auditable build --release
 
-FROM debian:bookworm-slim AS famedly-sync-agent
+FROM debian:bookworm-slim@sha256:b4aa902587c2e61ce789849cb54c332b0400fe27b1ee33af4669e1f7e7c3e22f AS famedly-sync-agent
 
 RUN apt update && apt install ca-certificates curl -y
 RUN mkdir -p /opt/famedly-sync

docker-compose.yaml

@@ -1,6 +1,6 @@
 services:
   famedly-sync-agent:
-    image: registry.famedly.net/docker-oss/famedly-sync-agent:latest
+    image: registry.famedly.net/docker-oss/famedly-sync-agent:latest@sha256:3011fd81b53d85ebd202fe5cb04ae83153313fddc06a507752a0b1a4f98f1933
     volumes:
       - type: bind
         source: ./opt