chore: updated dependencies

.github/workflows/security-audit.yml

@@ -21,3 +21,5 @@ jobs:
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          rust-version: "1.83.0"

backend/Cargo.toml

@@ -12,7 +12,7 @@ path = "src/main.rs"
 name = "atrium"
 
 [dependencies]
-anyhow = { default-features = false, version = "1.0.93" }
+anyhow = { default-features = false, version = "1.0.94" }
 argon2 = { features = ["alloc", "password-hash"], default-features = false, version = "0.5.3" }
 async_zip = { features = ["deflate", "tokio"], default-features = false, version = "0.0.17" }
 async-stream = "0.3.6"
@@ -22,12 +22,12 @@ axum-extra = { version = "0.9.6", features = ["cookie-private", "typed-header"],
 axum-server = "0.7.1"
 base64ct = { version = "1.6.0", features = ["alloc"] }
 chacha20poly1305 = { version = "0.10.1", features = ["stream"], default-features = false }
-chrono = { default-features = false, version = "0.4.38" }
+chrono = { default-features = false, version = "0.4.39" }
 filetime = "0.2.25"
 futures = { default-features = false, version = "0.3.31" }
 futures-util = { default-features = false, version = "0.3.31" }
 headers = "0.4.0"
-http = "1.1.0"
+http = "1.2.0"
 http-body-util = "0.1.2"
 hyper = { version = "1.5.1", default-features = false }
 hyper-util = { version = "0.1.10", features = ["client-legacy", "http1", "tokio"], default-features = false }
@@ -42,24 +42,24 @@ percent-encoding = { default-features = false, version = "2.3.1" }
 quick-xml = "0.37.1"
 rand = { default-features = false, version = "0.8.5" }
 rcgen = { version = "0.13.1", default-features = false, optional = true }
-rustls = { default-features = false, version = "0.23.18", features = ["ring"] }
+rustls = { default-features = false, version = "0.23.19", features = ["ring"] }
 rustls-pki-types = { version = "1.10.0" }
 rustls-acme = { version = "0.12.1", features = ["axum", "ring"], default-features = false }
 serde = { version = "1.0.215", default-features = false }
 serde_json = { default-features = false, version = "1.0.133" }
 serde_yml = "0.0.12"
 sha2 = { default-features = false, version = "0.10.8" }
-sysinfo = { default-features = false, version = "0.32.0", features = ["disk", "system"] }
-time = { default-features = false, version = "0.3.36" }
-tokio = { version = "1.41.1", features = ["full"], default-features = false }
-tokio-stream = { version = "0.1.16", default-features = false }
-tokio-util = { version = "0.7.12", default-features = false }
+sysinfo = { default-features = false, version = "0.33.0", features = ["disk", "system"] }
+time = { default-features = false, version = "0.3.37" }
+tokio = { version = "1.42.0", features = ["full"], default-features = false }
+tokio-stream = { version = "0.1.17", default-features = false }
+tokio-util = { version = "0.7.13", default-features = false }
 tower = { default-features = false, version = "0.5.1", features = ["util"] }
 tower-http = { version = "0.6.2", features = ["fs"], default-features = false }
 tower-service = "0.3.3"
-tracing = { default-features = false, version = "0.1.40" }
+tracing = { default-features = false, version = "0.1.41" }
 tracing-appender = "0.2.3"
-tracing-subscriber = { version = "0.3.18", features = ["ansi", "env-filter", "local-time"], default-features = false }
+tracing-subscriber = { version = "0.3.19", features = ["ansi", "env-filter", "local-time"], default-features = false }
 trim-in-place = "0.1.7"
 urlencoding = "2.1.3"
 uuid = { version = "1.11.0", features = ["fast-rng", "v4"], default-features = false }
@@ -69,7 +69,7 @@ default = ["self_signed"]
 self_signed = ["dep:rcgen"]
 
 [dev-dependencies]
-async-tungstenite = { version = "0.28.0", features = ["tokio-runtime"] }
+async-tungstenite = { version = "0.28.1", features = ["tokio-runtime"] }
 reqwest = { version = "0.12.9", default-features = false, features = ["cookies", "json", "rustls-tls", "stream"] }
 tungstenite = "0.24.0"
 

backend/deny.toml

@@ -11,6 +11,9 @@
 
 # Root options
 
+# The graph table configures how the dependency graph is constructed and thus
+# which crates the checks are performed against
+[graph]
 # If 1 or more target triples (and optionally, target_features) are specified,
 # only the specified targets will be checked when running `cargo deny check`.
 # This means, if a particular package is only ever used as a target specific
@@ -22,7 +25,7 @@
 targets = [
     # The triple can be any string, but only the target triples built in to
     # rustc (as of 1.40) can be checked against actual config expressions
-    #{ triple = "x86_64-unknown-linux-musl" },
+    #"x86_64-unknown-linux-musl",
     # You can also specify which target_features you promise are enabled for a
     # particular target. target_features are currently not validated against
     # the actual valid features supported by the target architecture.
@@ -46,6 +49,9 @@ no-default-features = false
 # If set, these feature will be enabled when collecting metadata. If `--features`
 # is specified on the cmd line they will take precedence over this option.
 #features = []
+
+# The output table provides options for how/if diagnostics are outputted
+[output]
 # When outputting inclusion graphs in diagnostics that include features, this
 # option can be used to specify the depth at which feature edges will be added.
 # This option is included since the graphs can be quite large and the addition
@@ -57,35 +63,18 @@ feature-depth = 1
 # More documentation for the advisories section can be found here:
 # https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
 [advisories]
-# The path where the advisory database is cloned/fetched into
-db-path = "~/.cargo/advisory-db"
+# The path where the advisory databases are cloned/fetched into
+#db-path = "$CARGO_HOME/advisory-dbs"
 # The url(s) of the advisory databases to use
-db-urls = ["https://github.com/rustsec/advisory-db"]
-# The lint level for security vulnerabilities
-vulnerability = "deny"
-# The lint level for unmaintained crates
-unmaintained = "warn"
-# The lint level for crates that have been yanked from their source registry
-yanked = "warn"
-# The lint level for crates with security notices. Note that as of
-# 2019-12-17 there are no security notice advisories in
-# https://github.com/rustsec/advisory-db
-notice = "warn"
+#db-urls = ["https://github.com/rustsec/advisory-db"]
 # A list of advisory IDs to ignore. Note that ignored advisories will still
 # output a note when they are encountered.
 ignore = [
     #"RUSTSEC-0000-0000",
+    #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
+    #"[email protected]", # you can also ignore yanked crate versions if you wish
+    #{ crate = "[email protected]", reason = "you can specify why you are ignoring the yanked crate" },
 ]
-# Threshold for security vulnerabilities, any vulnerability with a CVSS score
-# lower than the range specified will be ignored. Note that ignored advisories
-# will still output a note when they are encountered.
-# * None - CVSS Score 0.0
-# * Low - CVSS Score 0.1 - 3.9
-# * Medium - CVSS Score 4.0 - 6.9
-# * High - CVSS Score 7.0 - 8.9
-# * Critical - CVSS Score 9.0 - 10.0
-#severity-threshold =
-
 # If this is true, then cargo deny will use the git executable to fetch advisory database.
 # If this is false, then it uses a built-in git library.
 # Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
@@ -96,41 +85,10 @@ ignore = [
 # More documentation for the licenses section can be found here:
 # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
 [licenses]
-# The lint level for crates which do not have a detectable license
-unlicensed = "allow"
 # List of explicitly allowed licenses
 # See https://spdx.org/licenses/ for list of possible licenses
 # [possible values: any SPDX 3.11 short identifier (+ optional exception)].
-allow = [
-    "MIT",
-    "Apache-2.0",
-    "ISC",
-    "MPL-2.0",
-    "Unicode-3.0",
-    "Unicode-DFS-2016",
-    "BSD-3-Clause"
-    #"Apache-2.0 WITH LLVM-exception",
-]
-# List of explicitly disallowed licenses
-# See https://spdx.org/licenses/ for list of possible licenses
-# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
-deny = [
-    #"Nokia",
-]
-# Lint level for licenses considered copyleft
-copyleft = "warn"
-# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
-# * both - The license will be approved if it is both OSI-approved *AND* FSF
-# * either - The license will be approved if it is either OSI-approved *OR* FSF
-# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF
-# * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved
-# * neither - This predicate is ignored and the default lint level is used
-allow-osi-fsf-free = "neither"
-# Lint level used when no other predicates are matched
-# 1. License isn't in the allow or deny lists
-# 2. License isn't copyleft
-# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither"
-default = "deny"
+allow = ["AGPL-3.0", "Apache-2.0", "BSD-3-Clause", "ISC", "MIT", "MPL-2.0", "Unicode-3.0"]
 # The confidence threshold for detecting a license from license text.
 # The higher the value, the more closely the license text must be to the
 # canonical license text of a valid SPDX license file.
@@ -141,28 +99,13 @@ confidence-threshold = 0.8
 exceptions = [
     # Each entry is the crate and version constraint, and its specific allow
     # list
-    #{ allow = ["Zlib"], name = "adler32", version = "*" },
+    #{ allow = ["Zlib"], crate = "adler32" },
 ]
 
-# Some crates don't have (easily) machine readable licensing information,
-# adding a clarification entry for it allows you to manually specify the
-# licensing information
-#[[licenses.clarify]]
-# The name of the crate the clarification applies to
-#name = "ring"
-# The optional version constraint for the crate
-#version = "*"
-# The SPDX expression for the license requirements of the crate
-#expression = "MIT AND ISC AND OpenSSL"
-# One or more files in the crate's source used as the "source of truth" for
-# the license expression. If the contents match, the clarification will be used
-# when running the license check, otherwise the clarification will be ignored
-# and the crate will be checked normally, which may produce warnings or errors
-# depending on the rest of your configuration
-#license-files = [
-    # Each entry is a crate relative path, and the (opaque) hash of its contents
-    #{ path = "LICENSE", hash = 0xbd0eed23 }
-#]
+[[licenses.clarify]]
+crate = "ring"
+expression = "ISC"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
 
 [licenses.private]
 # If true, ignores workspace crates that aren't published, or are only
@@ -192,33 +135,32 @@ wildcards = "allow"
 # * all - Both lowest-version and simplest-path are used
 highlight = "all"
 # The default lint level for `default` features for crates that are members of
-# the workspace that is being checked. This can be overriden by allowing/denying
+# the workspace that is being checked. This can be overridden by allowing/denying
 # `default` on a crate-by-crate basis if desired.
 workspace-default-features = "allow"
 # The default lint level for `default` features for external crates that are not
-# members of the workspace. This can be overriden by allowing/denying `default`
+# members of the workspace. This can be overridden by allowing/denying `default`
 # on a crate-by-crate basis if desired.
 external-default-features = "allow"
 # List of crates that are allowed. Use with care!
 allow = [
-    #{ name = "ansi_term", version = "=0.11.0" },
+    #"[email protected]",
+    #{ crate = "[email protected]", reason = "you can specify a reason it is allowed" },
 ]
 # List of crates to deny
 deny = [
-    # Each entry the name of a crate and a version range. If version is
-    # not specified, all versions will be matched.
-    #{ name = "ansi_term", version = "=0.11.0" },
-    #
+    #"[email protected]",
+    #{ crate = "[email protected]", reason = "you can specify a reason it is banned" },
     # Wrapper crates can optionally be specified to allow the crate when it
     # is a direct dependency of the otherwise banned crate
-    #{ name = "ansi_term", version = "=0.11.0", wrappers = [] },
+    #{ crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] },
 ]
 
 # List of features to allow/deny
 # Each entry the name of a crate and a version range. If version is
 # not specified, all versions will be matched.
 #[[bans.features]]
-#name = "reqwest"
+#crate = "reqwest"
 # Features to not allow
 #deny = ["json"]
 # Features to allow
@@ -239,14 +181,16 @@ deny = [
 
 # Certain crates/versions that will be skipped when doing duplicate detection.
 skip = [
-    #{ name = "ansi_term", version = "=0.11.0" },
+    #"[email protected]",
+    #{ crate = "[email protected]", reason = "you can specify a reason why it can't be updated/removed" },
 ]
 # Similarly to `skip` allows you to skip certain crates during duplicate
 # detection. Unlike skip, it also includes the entire tree of transitive
 # dependencies starting at the specified crate, up to a certain depth, which is
 # by default infinite.
 skip-tree = [
-    #{ name = "ansi_term", version = "=0.11.0", depth = 20 },
+    #"[email protected]", # will be skipped along with _all_ of its direct and transitive dependencies
+    #{ crate = "[email protected]", depth = 20 },
 ]
 
 # This section is considered when running `cargo deny check sources`.
@@ -266,9 +210,9 @@ allow-registry = ["https://github.com/rust-lang/crates.io-index"]
 allow-git = []
 
 [sources.allow-org]
-# 1 or more github.com organizations to allow git sources for
-github = [""]
-# 1 or more gitlab.com organizations to allow git sources for
-gitlab = [""]
-# 1 or more bitbucket.org organizations to allow git sources for
-bitbucket = [""]
+# github.com organizations to allow git sources for
+github = []
+# gitlab.com organizations to allow git sources for
+gitlab = []
+# bitbucket.org organizations to allow git sources for
+bitbucket = []

backend/src/sysinfo.rs

@@ -5,12 +5,15 @@ use std::{
     path::PathBuf,
     sync::{LazyLock, Mutex},
 };
-use sysinfo::{CpuRefreshKind, Disks, MemoryRefreshKind, RefreshKind, System};
+use sysinfo::{CpuRefreshKind, DiskRefreshKind, Disks, MemoryRefreshKind, RefreshKind, System};
 use tokio::task;
 
 static SYSTEM_INFO: LazyLock<Mutex<System>> = LazyLock::new(|| Mutex::new(System::new_all()));
-static DISKS_INFO: LazyLock<Mutex<Disks>> =
-    LazyLock::new(|| Mutex::new(Disks::new_with_refreshed_list()));
+static DISKS_INFO: LazyLock<Mutex<Disks>> = LazyLock::new(|| {
+    Mutex::new(Disks::new_with_refreshed_list_specifics(
+        DiskRefreshKind::nothing().with_storage(),
+    ))
+});
 
 #[derive(Serialize, Deserialize, Debug)]
 pub struct SystemInfo {
@@ -32,7 +35,7 @@ pub async fn disk_info(path: PathBuf) -> Result<DiskInfo, &'static str> {
     let disksinfo: Result<Vec<DiskInfo>, &str> = task::spawn_blocking(|| {
         let mut disks = DISKS_INFO.lock().map_err(|_| "could not lock disks info")?;
 
-        disks.refresh_list();
+        disks.refresh_specifics(true, DiskRefreshKind::nothing().with_storage());
         let disksinfo = disks
             .iter()
             .map(|disk| DiskInfo {
@@ -78,9 +81,9 @@ pub async fn system_info(_user: UserToken) -> Result<Json<SystemInfo>, ErrRespon
             .lock()
             .map_err(|_| ErrResponse::S500("could not lock system info"))?;
         sys.refresh_specifics(
-            RefreshKind::new()
-                .with_memory(MemoryRefreshKind::new().with_ram())
-                .with_cpu(CpuRefreshKind::new().with_cpu_usage()),
+            RefreshKind::nothing()
+                .with_memory(MemoryRefreshKind::nothing().with_ram())
+                .with_cpu(CpuRefreshKind::nothing().with_cpu_usage()),
         );
         Ok(SystemInfo {
             total_memory: sys.total_memory(),

backend/tests/backend/apps/proxy.rs

@@ -1,6 +1,5 @@
 use async_tungstenite::tokio::{accept_async, connect_async};
 use atrium::{apps::App, configuration::Config};
-use futures::SinkExt;
 use http::{
     header::{CONNECTION, HOST, UPGRADE},
     HeaderValue,