Prepare for Alpha Two

.github/workflows/build-docker.yml

@@ -41,25 +41,25 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           submodules: recursive
 
       - name: Login to GitHub container registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Sanitize branch name
         run: echo "SAFE_REF=${GITHUB_REF_NAME//\//-}" >> $GITHUB_ENV
 
       - name: Build container
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: .
           platforms: linux/${{ matrix.cpu }}
@@ -72,7 +72,7 @@ jobs:
           cache-to: type=registry,mode=max,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }}-${{ env.SAFE_REF }}
 
       - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@0.34.2
+        uses: aquasecurity/trivy-action@0.35.0
         env:
           TRIVY_SHOW_SUPPRESSED: 1
           TRIVY_IGNOREFILE: "./.trivyignore.yaml"
@@ -96,19 +96,19 @@ jobs:
 
     steps:
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v3.10.1
+        uses: sigstore/cosign-installer@v4.1.0
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
         with:
           images: |
             ${{ env.GHCR_REPO }}
           flavor: ${{ inputs.flavor }}
           tags: ${{ inputs.tags }}
 
       - name: Login to GitHub container registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

.github/workflows/ci.yml

@@ -53,12 +53,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           submodules: recursive
 
       - name: Scan code with Trivy
-        uses: aquasecurity/trivy-action@0.34.2
+        uses: aquasecurity/trivy-action@0.35.0
         env:
           TRIVY_SHOW_SUPPRESSED: 1
           TRIVY_IGNOREFILE: "./.trivyignore.yaml"

.github/workflows/dev-deployment.yml

@@ -15,6 +15,6 @@ jobs:
       - name: Add SHORT_SHA env variable
         run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV
       - name: Deploy new image version
-        uses: actions-hub/kubectl@v1.30.3
+        uses: actions-hub/kubectl@v1.34.3
         with:
           args: --namespace defguard-dev set image deployment/defguard defguard=ghcr.io/defguard/defguard:sha-${{ env.SHORT_SHA }}

.github/workflows/e2e.yml

@@ -17,12 +17,12 @@ jobs:
       tests_ok: ${{ steps.run-test.outcome == 'success' }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Login to GitHub container registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -43,7 +43,7 @@ jobs:
           echo "E2E tests will run on IMAGE_TAG=$IMAGE_TAG"
 
       - name: Set up Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: "./e2e/.nvmrc"
 
@@ -61,7 +61,7 @@ jobs:
         run: |
           echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
 
-      - uses: actions/cache@v4
+      - uses: actions/cache@v5
         name: Setup pnpm cache
         with:
           path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
@@ -90,7 +90,7 @@ jobs:
         if: always()
         run: docker compose --file './docker-compose.e2e.yaml' down
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v7
         if: steps.run-test.outcome == 'failure'
         with:
           name: playwright-report

.github/workflows/lint-e2e.yml

@@ -18,8 +18,8 @@ jobs:
   lint-e2e:
     runs-on: [self-hosted, Linux, X64]
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
           node-version-file: "./e2e/.nvmrc"
       - uses: pnpm/action-setup@v4

.github/workflows/lint-web.yml

@@ -22,10 +22,10 @@ jobs:
       - codebuild-defguard-core-runner-${{ github.run_id }}-${{ github.run_attempt }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           submodules: "recursive"
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: 25
       - name: install deps

.github/workflows/release.yml

@@ -98,7 +98,7 @@ jobs:
           echo "VERSION=$VERSION" >> $GITHUB_ENV
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           submodules: recursive
 
@@ -114,7 +114,7 @@ jobs:
           override: true
 
       - name: Set up Docker BuildX
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
         with:
           buildkitd-config-inline: |
             [registry."docker.io"]
@@ -127,7 +127,7 @@ jobs:
           version: 10.17
 
       - name: Use Node.js 24
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: 24
 
@@ -150,7 +150,7 @@ jobs:
         run: mv target/${{ matrix.target }}/release/defguard defguard-${{ github.ref_name }}-${{ matrix.target }}
 
       - name: Tar
-        uses: a7ul/tar-action@v1.1.0
+        uses: a7ul/tar-action@v1.2.0
         with:
           command: c
           files: |

.github/workflows/sbom.yml

@@ -29,13 +29,13 @@ jobs:
           echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ steps.vars.outputs.TAG_NAME }}
           submodules: recursive
 
       - name: Create SBOM with Trivy
-        uses: aquasecurity/trivy-action@0.34.2
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: 'fs'
           format: 'spdx-json'
@@ -46,7 +46,7 @@ jobs:
           skip-dirs: "e2e"
 
       - name: Create docker image SBOM with Trivy
-        uses: aquasecurity/trivy-action@0.34.2
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: "ghcr.io/defguard/defguard:${{ steps.vars.outputs.VERSION }}"
           scan-type: 'image'
@@ -56,7 +56,7 @@ jobs:
           scanners: "vuln"
 
       - name: Create security advisory file with Trivy
-        uses: aquasecurity/trivy-action@0.34.2
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: 'fs'
           format: 'json'
@@ -67,7 +67,7 @@ jobs:
           skip-dirs: "e2e"
 
       - name: Create docker image security advisory file with Trivy
-        uses: aquasecurity/trivy-action@0.34.2
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: "ghcr.io/defguard/defguard:${{ steps.vars.outputs.VERSION }}"
           scan-type: 'image'

.github/workflows/staging-deployment.yml

@@ -17,6 +17,6 @@ jobs:
       - name: Add SHORT_SHA env variable
         run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV
       - name: Deploy new image version
-        uses: actions-hub/kubectl@v1.30.3
+        uses: actions-hub/kubectl@v1.34.3
         with:
           args: --namespace defguard-staging set image deployment/defguard defguard=ghcr.io/defguard/defguard:sha-${{ env.SHORT_SHA }}

.github/workflows/test-web.yml.disabled

@@ -8,10 +8,10 @@ jobs:
     runs-on:
       - codebuild-defguard-core-runner-${{ github.run_id }}-${{ github.run_attempt }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           submodules: "recursive"
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: 24
       - name: install deps

.github/workflows/update-repositories.yml

@@ -15,7 +15,7 @@ jobs:
       - X64
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Download .deb assets from release
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -45,7 +45,7 @@ jobs:
             else
               codename="trixie"
             fi
-            
+
             echo "Uploading $deb_file to $codename"
             deb-s3 upload -l \
               --bucket=apt.defguard.net \

crates/defguard_common/src/config.rs

@@ -14,7 +14,7 @@ use rsa::{
 use secrecy::{ExposeSecret, SecretString};
 use serde::Serialize;
 
-use crate::db::models::Settings;
+use crate::{VERSION, db::models::Settings};
 
 pub static SERVER_CONFIG: OnceLock<DefGuardConfig> = OnceLock::new();
 
@@ -24,10 +24,9 @@ pub fn server_config() -> &'static DefGuardConfig {
         .expect("Server configuration not set yet")
 }
 
-#[derive(Clone, Parser, Serialize, Debug)]
-#[command(version)]
-// TODO: find a better workaround for clap not
-// working nice with test args
+#[derive(Clone, Debug, Parser, Serialize)]
+#[command(name = "defguard", version = VERSION)]
+// TODO: find a better workaround for clap not working nice with test args
 #[cfg_attr(test, command(ignore_errors(true)))]
 pub struct DefGuardConfig {
     #[arg(long, env = "DEFGUARD_LOG_LEVEL", default_value = "info")]

crates/defguard_proxy_manager/Cargo.toml

@@ -20,7 +20,6 @@ defguard_grpc_tls.workspace = true
 axum.workspace = true
 axum-extra.workspace = true
 semver.workspace = true
-secrecy.workspace = true
 hyper-rustls.workspace = true
 openidconnect.workspace = true
 reqwest.workspace = true

web/package.json

@@ -22,7 +22,7 @@
     "@stablelib/x25519": "^2.0.1",
     "@tanstack/react-form": "^1.28.4",
     "@tanstack/react-query": "^5.90.21",
-    "@tanstack/react-router": "^1.166.6",
+    "@tanstack/react-router": "^1.166.7",
     "@tanstack/react-table": "^8.21.3",
     "@tanstack/react-virtual": "^3.13.21",
     "@uidotdev/usehooks": "^2.4.1",
@@ -56,8 +56,8 @@
     "@tanstack/devtools-vite": "^0.5.3",
     "@tanstack/react-devtools": "^0.9.10",
     "@tanstack/react-query-devtools": "^5.91.3",
-    "@tanstack/react-router-devtools": "^1.166.6",
-    "@tanstack/router-plugin": "^1.166.6",
+    "@tanstack/react-router-devtools": "^1.166.7",
+    "@tanstack/router-plugin": "^1.166.7",
     "@types/byte-size": "^8.1.2",
     "@types/humanize-duration": "^3.27.4",
     "@types/lodash-es": "^4.17.12",
@@ -69,7 +69,7 @@
     "autoprefixer": "^10.4.27",
     "globals": "^17.4.0",
     "prettier": "^3.8.1",
-    "sass": "^1.97.3",
+    "sass": "^1.98.0",
     "sharp": "^0.34.5",
     "stylelint": "^17.4.0",
     "stylelint-config-standard-scss": "^17.0.0",