Bump the all group with 22 updates (#3376)

* Bump the all group with 22 updates Bumps the all group with 22 updates: | Package | From | To | | --- | --- | --- | | [async-trait](https://github.com/dtolnay/async-trait) | `0.1.83` | `0.1.85` | | [bitflags](https://github.com/bitflags/bitflags) | `2.6.0` | `2.8.0` | | [clap](https://github.com/clap-rs/clap) | `4.5.23` | `4.5.27` | | [clap_complete](https://github.com/clap-rs/clap) | `4.5.40` | `4.5.42` | | [lodepng](https://github.com/kornelski/lodepng-rust) | `3.10.7` | `3.11.0` | | [openssl](https://github.com/sfackler/rust-openssl) | `0.10.68` | `0.10.69` | | [proc-macro2](https://github.com/dtolnay/proc-macro2) | `1.0.92` | `1.0.93` | | [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.11` | `0.12.12` | | [rustls](https://github.com/rustls/rustls) | `0.23.20` | `0.23.21` | | [sd-notify](https://github.com/lnicola/sd-notify) | `0.4.4` | `0.4.5` | | [serde_json](https://github.com/serde-rs/json) | `1.0.134` | `1.0.137` | | [syn](https://github.com/dtolnay/syn) | `2.0.93` | `2.0.96` | | [tempfile](https://github.com/Stebalien/tempfile) | `3.14.0` | `3.15.0` | | [tokio](https://github.com/tokio-rs/tokio) | `1.42.0` | `1.43.0` | | [uuid](https://github.com/uuid-rs/uuid) | `1.11.0` | `1.12.1` | | [oauth2](https://github.com/ramosbugs/oauth2-rs) | `4.4.2` | `5.0.0` | | [cc](https://github.com/rust-lang/cc-rs) | `1.2.6` | `1.2.10` | | [axum-extra](https://github.com/tokio-rs/axum) | `0.9.6` | `0.10.0` | | [axum-macros](https://github.com/tokio-rs/axum) | `0.4.2` | `0.5.0` | | [fantoccini](https://github.com/jonhoo/fantoccini) | `0.21.3` | `0.21.4` | | [petgraph](https://github.com/petgraph/petgraph) | `0.6.5` | `0.7.1` | | [jsonschema](https://github.com/Stranger6667/jsonschema) | `0.28.0` | `0.28.3` | Updates `async-trait` from 0.1.83 to 0.1.85 - [Release notes](https://github.com/dtolnay/async-trait/releases) - [Commits](https://github.com/dtolnay/async-trait/compare/0.1.83...0.1.85) Updates `bitflags` from 2.6.0 to 2.8.0 - [Release notes](https://github.com/bitflags/bitflags/releases) - [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md) - [Commits](https://github.com/bitflags/bitflags/compare/2.6.0...2.8.0) Updates `clap` from 4.5.23 to 4.5.27 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.23...clap_complete-v4.5.27) Updates `clap_complete` from 4.5.40 to 4.5.42 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.40...clap_complete-v4.5.42) Updates `lodepng` from 3.10.7 to 3.11.0 - [Commits](https://github.com/kornelski/lodepng-rust/compare/v3.10.7...v3.11.0) Updates `openssl` from 0.10.68 to 0.10.69 - [Release notes](https://github.com/sfackler/rust-openssl/releases) - [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69) Updates `proc-macro2` from 1.0.92 to 1.0.93 - [Release notes](https://github.com/dtolnay/proc-macro2/releases) - [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.92...1.0.93) Updates `reqwest` from 0.12.11 to 0.12.12 - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.11...v0.12.12) Updates `rustls` from 0.23.20 to 0.23.21 - [Release notes](https://github.com/rustls/rustls/releases) - [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md) - [Commits](https://github.com/rustls/rustls/compare/v/0.23.20...v/0.23.21) Updates `sd-notify` from 0.4.4 to 0.4.5 - [Changelog](https://github.com/lnicola/sd-notify/blob/master/CHANGELOG.md) - [Commits](https://github.com/lnicola/sd-notify/compare/v0.4.4...v0.4.5) Updates `serde_json` from 1.0.134 to 1.0.137 - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.134...v1.0.137) Updates `syn` from 2.0.93 to 2.0.96 - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](https://github.com/dtolnay/syn/compare/2.0.93...2.0.96) Updates `tempfile` from 3.14.0 to 3.15.0 - [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md) - [Commits](https://github.com/Stebalien/tempfile/compare/v3.14.0...v3.15.0) Updates `tokio` from 1.42.0 to 1.43.0 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.42.0...tokio-1.43.0) Updates `uuid` from 1.11.0 to 1.12.1 - [Release notes](https://github.com/uuid-rs/uuid/releases) - [Commits](https://github.com/uuid-rs/uuid/compare/1.11.0...1.12.1) Updates `oauth2` from 4.4.2 to 5.0.0 - [Release notes](https://github.com/ramosbugs/oauth2-rs/releases) - [Upgrade guide](https://github.com/ramosbugs/oauth2-rs/blob/main/UPGRADE.md) - [Commits](https://github.com/ramosbugs/oauth2-rs/compare/4.4.2...5.0.0) Updates `cc` from 1.2.6 to 1.2.10 - [Release notes](https://github.com/rust-lang/cc-rs/releases) - [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md) - [Commits](https://github.com/rust-lang/cc-rs/compare/cc-v1.2.6...cc-v1.2.10) Updates `axum-extra` from 0.9.6 to 0.10.0 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.9.6...axum-extra-v0.10.0) Updates `axum-macros` from 0.4.2 to 0.5.0 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.4.2...axum-macros-v0.5.0) Updates `fantoccini` from 0.21.3 to 0.21.4 - [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.3...v0.21.4) Updates `petgraph` from 0.6.5 to 0.7.1 - [Changelog](https://github.com/petgraph/petgraph/blob/master/RELEASES.rst) - [Commits](https://github.com/petgraph/petgraph/compare/petgraph@v0.6.5...petgraph@v0.7.1) Updates `jsonschema` from 0.28.0 to 0.28.3 - [Release notes](https://github.com/Stranger6667/jsonschema/releases) - [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md) - [Commits](https://github.com/Stranger6667/jsonschema/compare/rust-v0.28.0...rust-v0.28.3) --- updated-dependencies: - dependency-name: async-trait dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: bitflags dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: clap dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: clap_complete dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: lodepng dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: openssl dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: proc-macro2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: reqwest dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: rustls dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: sd-notify dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: syn dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: tempfile dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: tokio dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: uuid dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: oauth2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: cc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: axum-extra dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: axum-macros dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: fantoccini dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: petgraph dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * ok the otel stuff works now * linting fixes * fix: less parse more from_str, adding a todo * fix: removing a TODO --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2025-02-23 04:27:02 +01:00 · 2025-01-29 13:57:38 +10:00 · 2025-01-29 13:57:38 +10:00 · ed76bdbfb1
parent 12532ee32d
commit ed76bdbfb1
16 changed files with 474 additions and 602 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -140,7 +140,7 @@ anyhow = { version = "1.0.95" }
 argon2 = { version = "0.5.3", features = ["alloc"] }
 askama = { version = "0.12.1", features = ["serde", "with-axum"] }
 askama_axum = { version = "0.4.0" }
-async-trait = "^0.1.83"
+async-trait = "^0.1.85"
 axum = { version = "0.7.9", features = [
    "form",
    "json",
@ -155,10 +155,10 @@ axum-htmx = { version = "0.5.0", features = ["serde", "guards"] }
 base32 = "^0.5.1"
 base64 = "^0.22.1"
 base64urlsafedata = "0.5.1"
-bitflags = "^2.6.0"
+bitflags = "^2.8.0"
 bytes = "^1.9.0"
-clap = { version = "^4.5.23", features = ["derive", "env"] }
-clap_complete = "^4.5.38"
+clap = { version = "^4.5.27", features = ["derive", "env"] }
+clap_complete = "^4.5.42"
 # Forced by saffron/cron
 chrono = "^0.4.39"
 compact_jwt = { version = "^0.4.2", default-features = false }
@ -199,7 +199,7 @@ ldap3_proto = { version = "^0.5.2", features = ["serde"] }
 libc = "^0.2.168"
 libnss = "^0.8.0"
 libsqlite3-sys = "^0.25.2"
-lodepng = "3.10.7"
+lodepng = "3.11.0"
 lru = "^0.12.5"
 mathru = "^0.13.0"
 mimalloc = "0.1.43"
@ -207,31 +207,33 @@ notify-debouncer-full = { version = "0.1" }
 num_enum = "^0.5.11"
 oauth2_ext = { version = "^4.4.2", package = "oauth2", default-features = false }
 openssl-sys = "^0.9"
-openssl = "^0.10.68"
+openssl = "^0.10.69"

-opentelemetry = { version = "0.20.0" }
-opentelemetry_api = { version = "0.20.0", features = ["logs", "metrics"] }
-opentelemetry-otlp = { version = "0.13.0", default-features = false, features = [
+opentelemetry = { version = "0.27.0" }
+opentelemetry_api = { version = "0.27.0", features = ["logs", "metrics"] }
+opentelemetry-otlp = { version = "0.27.0", default-features = false, features = [
    "serde",
    "logs",
    "metrics",
    "http-proto",
    "grpc-tonic",
 ] }
-opentelemetry_sdk = "0.20.0"
-tracing-opentelemetry = "0.21.0"
+opentelemetry_sdk = { version = "0.27.0", features = ["rt-tokio"] }
+opentelemetry-semantic-conventions = "0.27.0"
+tracing-opentelemetry = "0.28.0"
+tracing-core = "0.1.33"

 paste = "^1.0.14"
 peg = "0.8"
 pkg-config = "^0.3.31"
 prctl = "1.0.0"
-proc-macro2 = "1.0.92"
+proc-macro2 = "1.0.93"
 qrcode = "^0.12.0"
 quote = "1"
 rand = "^0.8.5"
 rand_chacha = "0.3.1"
 regex = "1.11.0"
-reqwest = { version = "0.12.11", default-features = false, features = [
+reqwest = { version = "0.12.12", default-features = false, features = [
    "cookies",
    "http2",
    "json",
@ -239,15 +241,15 @@ reqwest = { version = "0.12.11", default-features = false, features = [
    "rustls-tls-native-roots",
 ] }
 rusqlite = { version = "^0.28.0", features = ["array", "bundled"] }
-rustls = { version = "0.23.20", default-features = false, features = [
+rustls = { version = "0.23.21", default-features = false, features = [
    "aws_lc_rs",
 ] }

-sd-notify = "^0.4.4"
+sd-notify = "^0.4.5"
 selinux = "^0.4.6"
 serde = "^1.0.217"
 serde_cbor = { version = "0.12.0-dev", package = "serde_cbor_2" }
-serde_json = "^1.0.134"
+serde_json = "^1.0.137"
 serde_urlencoded = "^0.7.1"
 serde_with = "3.12.0"
 sha-crypt = "0.5.0"
@ -258,12 +260,12 @@ smolset = "^1.3.1"
 sshkey-attest = "^0.5.0"
 sshkeys = "0.3.3"
 svg = "0.13.1"
-syn = { version = "2.0.93", features = ["full"] }
-tempfile = "3.14.0"
+syn = { version = "2.0.96", features = ["full"] }
+tempfile = "3.15.0"
 testkit-macros = { path = "./server/testkit-macros" }
 time = { version = "^0.3.36", features = ["formatting", "local-offset"] }

-tokio = "^1.42.0"
+tokio = "^1.43.0"
 tokio-openssl = "^0.6.5"
 tokio-util = "^0.7.13"

@ -279,7 +281,7 @@ url = "^2.5.2"
 urlencoding = "2.1.3"
 utoipa = { version = "4.2.0", features = ["url", "uuid"] }
 utoipa-swagger-ui = "6.0.0"
-uuid = "^1.11.0"
+uuid = "^1.12.1"

 webauthn-authenticator-rs = { version = "0.5.1", features = [
    "softpasskey",
@ -297,4 +299,3 @@ x509-cert = "0.2.5"
 zxcvbn = "^2.2.2"

 nonempty = "0.8.1"
-
--- a/libs/sketching/Cargo.toml
+++ b/libs/sketching/Cargo.toml
@ -19,7 +19,7 @@ doctest = false
 [dependencies]
 gethostname = "0.5.0"
 num_enum = { workspace = true }
-opentelemetry = { workspace = true, features = ["metrics", "rt-tokio"] }
+opentelemetry = { workspace = true, features = ["metrics"] }
 opentelemetry-otlp = { workspace = true, default-features = false, features = [
    "serde",
    "logs",
@ -27,9 +27,12 @@ opentelemetry-otlp = { workspace = true, default-features = false, features = [
    "http-proto",
    "grpc-tonic",
 ] }
-opentelemetry_sdk = { workspace = true }
+opentelemetry_sdk = { workspace = true, features = ["rt-tokio"] }
+opentelemetry-semantic-conventions = { workspace = true }
+
 serde = { workspace = true, features = ["derive"] }
 tracing = { workspace = true, features = ["attributes"] }
+tracing-core = { workspace = true }
 tracing-forest = { workspace = true, features = [
    "uuid",
    "smallvec",
--- a/libs/sketching/src/otel.rs
+++ b/libs/sketching/src/otel.rs
@ -1,16 +1,26 @@
-use gethostname::gethostname;
-use opentelemetry::KeyValue;
+use std::{str::FromStr, time::Duration};
+
 use opentelemetry_otlp::{Protocol, WithExportConfig};
-use opentelemetry_sdk::trace::{self, Sampler};
-use opentelemetry_sdk::Resource;
-use std::time::Duration;
+
+use opentelemetry::{global, trace::TracerProvider as _, KeyValue};
+
+use opentelemetry_sdk::{
+    trace::{Sampler, TracerProvider},
+    Resource,
+};
 use tracing::Subscriber;
-use tracing_subscriber::Registry;
-use tracing_subscriber::{prelude::*, EnvFilter};
+use tracing_core::Level;
+
+use tracing_subscriber::{filter::Directive, prelude::*, EnvFilter, Registry};

 pub const MAX_EVENTS_PER_SPAN: u32 = 64 * 1024;
 pub const MAX_ATTRIBUTES_PER_SPAN: u32 = 128;

+use opentelemetry_semantic_conventions::{
+    attribute::{SERVICE_NAME, SERVICE_VERSION},
+    SCHEMA_URL,
+};
+
 // TODO: this is coming back later
 // #[allow(dead_code)]
 // pub fn init_metrics() -> metrics::Result<MeterProvider> {
@ -44,28 +54,26 @@ pub fn start_logging_pipeline(
            // adding these filters because when you close out the process the OTLP comms layer is NOISY
            let forest_filter = forest_filter
                .add_directive(
-                    "tonic=info"
-                        .parse()
-                        .expect("Failed to set tonic logging to info"),
+                    Directive::from_str("tonic=info").expect("Failed to set tonic logging to info"),
                )
-                .add_directive("h2=info".parse().expect("Failed to set h2 logging to info"))
                .add_directive(
-                    "hyper=info"
-                        .parse()
-                        .expect("Failed to set hyper logging to info"),
+                    Directive::from_str("h2=info").expect("Failed to set h2 logging to info"),
+                )
+                .add_directive(
+                    Directive::from_str("hyper=info").expect("Failed to set hyper logging to info"),
                );
            let forest_layer = tracing_forest::ForestLayer::default().with_filter(forest_filter);
            let t_filter: EnvFilter = EnvFilter::builder()
                .with_default_directive(log_filter.into())
                .from_env_lossy();

-            let tracer = opentelemetry_otlp::new_pipeline().tracing().with_exporter(
-                opentelemetry_otlp::new_exporter()
-                    .tonic()
+            let otlp_exporter = opentelemetry_otlp::SpanExporter::builder()
+                .with_tonic()
                .with_endpoint(endpoint)
+                .with_protocol(Protocol::HttpBinary)
                .with_timeout(Duration::from_secs(5))
-                    .with_protocol(Protocol::HttpBinary),
-            );
+                .build()
+                .map_err(|err| err.to_string())?;

            // this env var gets set at build time, if we can pull it, add it to the metadata
            let git_rev = match option_env!("KANIDM_PKG_COMMIT_REV") {
@ -74,39 +82,47 @@ pub fn start_logging_pipeline(
            };

            let version = format!("{}{}", env!("CARGO_PKG_VERSION"), git_rev);
-            let hostname = gethostname();
-            let hostname = hostname.to_string_lossy();
-            let hostname = hostname.to_lowercase();
+            // let hostname = gethostname::gethostname();
+            // let hostname = hostname.to_string_lossy();
+            // let hostname = hostname.to_lowercase();

-            let tracer = tracer
-                .with_trace_config(
-                    trace::config()
+            let resource = Resource::from_schema_url(
+                [
+                    // TODO: it'd be really nice to be able to set the instance ID here, from the server UUID so we know *which* instance on this host is logging
+                    KeyValue::new(SERVICE_NAME, service_name),
+                    KeyValue::new(SERVICE_VERSION, version),
+                    // TODO: currently marked as an experimental flag, leaving it out for now
+                    // KeyValue::new(DEPLOYMENT_ENVIRONMENT_NAME, hostname),
+                ],
+                SCHEMA_URL,
+            );
+
+            let provider = TracerProvider::builder()
+                .with_batch_exporter(otlp_exporter, opentelemetry_sdk::runtime::Tokio)
                // we want *everything!*
                .with_sampler(Sampler::AlwaysOn)
                .with_max_events_per_span(MAX_EVENTS_PER_SPAN)
                .with_max_attributes_per_span(MAX_ATTRIBUTES_PER_SPAN)
-                        .with_resource(Resource::new(vec![
-                            KeyValue::new("service.name", service_name),
-                            KeyValue::new("service.version", version),
-                            KeyValue::new("host.name", hostname),
-                            // TODO: it'd be really nice to be able to set the instance ID here, from the server UUID so we know *which* instance on this host is logging
-                        ])),
-                )
-                .install_batch(opentelemetry::runtime::Tokio)
-                .map_err(|err| {
-                    let err = format!("Failed to start OTLP pipeline: {:?}", err);
-                    eprintln!("{}", err);
-                    err
-                })?;
-            // Create a tracing layer with the configured tracer;
-            let telemetry = tracing_opentelemetry::layer()
-                .with_tracer(tracer)
-                .with_threads(true)
-                .with_filter(t_filter);
+                .with_resource(resource)
+                .build();

-            Ok(Box::new(
-                Registry::default().with(forest_layer).with(telemetry),
-            ))
+            global::set_tracer_provider(provider.clone());
+            provider.tracer("tracing-otel-subscriber");
+            use tracing_opentelemetry::OpenTelemetryLayer;
+
+            let registry = tracing_subscriber::registry()
+                .with(
+                    tracing_subscriber::filter::LevelFilter::from_level(Level::INFO)
+                        .with_filter(t_filter),
+                )
+                .with(tracing_subscriber::fmt::layer())
+                // .with(MetricsLayer::new(meter_provider.clone()))
+                .with(forest_layer)
+                .with(OpenTelemetryLayer::new(
+                    provider.tracer("tracing-otel-subscriber"),
+                ));
+
+            Ok(Box::new(registry))
        }
        None => {
            let forest_layer = tracing_forest::ForestLayer::default().with_filter(forest_filter);
@ -122,7 +138,6 @@ pub struct TracingPipelineGuard {}
 impl Drop for TracingPipelineGuard {
    fn drop(&mut self) {
        opentelemetry::global::shutdown_tracer_provider();
-        opentelemetry::global::shutdown_logger_provider();
        eprintln!("Logging pipeline completed shutdown");
    }
 }
--- a/server/core/Cargo.toml
+++ b/server/core/Cargo.toml
@ -25,7 +25,7 @@ askama_axum = { workspace = true }
 axum = { workspace = true }
 axum-htmx = { workspace = true }
 axum-extra = { version = "0.9.6", features = ["cookie"] }
-axum-macros = "0.4.1"
+axum-macros = "0.4.2"
 axum-server = { version = "0.7.1", default-features = false }
 bytes = { workspace = true }
 chrono = { workspace = true }
--- a/server/lib/src/idm/application.rs
+++ b/server/lib/src/idm/application.rs
@ -134,7 +134,7 @@ impl TryFrom<Vec<Arc<EntrySealedCommitted>>> for LdapApplications {
    }
 }

-impl<'a> IdmServerAuthTransaction<'a> {
+impl IdmServerAuthTransaction<'_> {
    pub async fn application_auth_ldap(
        &mut self,
        lae: &LdapApplicationAuthEvent,
--- a/server/lib/src/idm/ldap.rs
+++ b/server/lib/src/idm/ldap.rs
@ -693,9 +693,9 @@ impl LdapServer {
        } // end match server op
    }

-    async fn bind_target_from_bind_dn<'a>(
+    async fn bind_target_from_bind_dn(
        &self,
-        idm_auth: &mut IdmServerAuthTransaction<'a>,
+        idm_auth: &mut IdmServerAuthTransaction<'_>,
        dn: &str,
        pw: &str,
    ) -> Result<LdapBindTarget, OperationError> {
--- a/server/lib/src/idm/oauth2.rs
+++ b/server/lib/src/idm/oauth2.rs
@ -2968,7 +2968,7 @@ fn host_is_local(host: &Host<&str>) -> bool {

 /// Ensure that the redirect URI is a loopback/localhost address
 fn check_is_loopback(redirect_uri: &Url) -> bool {
-    redirect_uri.host().map_or(false, |host| {
+    redirect_uri.host().is_some_and(|host| {
        // Check if the host is a loopback/localhost address.
        host_is_local(&host)
    })
--- a/server/lib/src/idm/reauth.rs
+++ b/server/lib/src/idm/reauth.rs
@ -17,7 +17,7 @@ use kanidm_proto::v1::AuthIssueSession;

 use super::server::CredSoftLockMutex;

-impl<'a> IdmServerAuthTransaction<'a> {
+impl IdmServerAuthTransaction<'_> {
    pub async fn reauth_init(
        &mut self,
        ident: Identity,
--- a/server/lib/src/idm/server.rs
+++ b/server/lib/src/idm/server.rs
@ -1008,7 +1008,7 @@ impl<'a> IdmServerTransaction<'a> for IdmServerAuthTransaction<'a> {
    }
 }

-impl<'a> IdmServerAuthTransaction<'a> {
+impl IdmServerAuthTransaction<'_> {
    #[cfg(test)]
    pub fn is_sessionid_present(&self, sessionid: Uuid) -> bool {
        let session_read = self.sessions.read();
--- a/server/lib/src/modify.rs
+++ b/server/lib/src/modify.rs
@ -214,10 +214,7 @@ impl ModifyList<ModifyInvalid> {
            })
            .collect();

-        let valid_mods = match res {
-            Ok(v) => v,
-            Err(e) => return Err(e),
-        };
+        let valid_mods = res?;

        // Return new ModifyList!
        Ok(ModifyList {
--- a/server/lib/src/valueset/eckey.rs
+++ b/server/lib/src/valueset/eckey.rs
@ -158,8 +158,8 @@ impl ValueSetT for ValueSetEcKeyPrivate {

    fn equal(&self, other: &super::ValueSet) -> bool {
        #[allow(clippy::expect_used)]
-        other.as_ec_key_private().map_or(false, |other_key| {
-            self.set.as_ref().map_or(false, |key| {
+        other.as_ec_key_private().is_some_and(|other_key| {
+            self.set.as_ref().is_some_and(|key| {
                key.priv_key
                    .private_key_to_der()
                    .expect("Failed to retrieve key der")
--- a/server/testkit/Cargo.toml
+++ b/server/testkit/Cargo.toml
@ -53,17 +53,17 @@ assert_cmd = "2.0.16"
 compact_jwt = { workspace = true }
 escargot = "0.5.13"
 # used for webdriver testing
-fantoccini = { version = "0.21.3" }
+fantoccini = { version = "0.21.4" }
 futures = { workspace = true }
 oauth2_ext = { workspace = true, default-features = false, features = [
    "reqwest",
 ] }
 openssl = { workspace = true }
-petgraph = { version = "0.6.4", features = ["serde", "serde-1"] }
+petgraph = { version = "0.7.1", features = ["serde", "serde-1"] }
 serde_json = { workspace = true }
 time = { workspace = true }
 tokio-openssl = { workspace = true }
 kanidm_lib_crypto = { workspace = true }
 uuid = { workspace = true }
 webauthn-authenticator-rs = { workspace = true }
-jsonschema = "0.28.0"
+jsonschema = "0.28.3"
--- a/tools/device_flow/Cargo.toml
+++ b/tools/device_flow/Cargo.toml
@ -20,8 +20,8 @@ doctest = false
 [dependencies]
 kanidm_proto = { workspace = true }
 anyhow = { workspace = true }
-oauth2 = "4.4.2"
-reqwest = { version = "0.12.11", default-features = false, features = [
+oauth2 = "5.0.0"
+reqwest = { version = "0.12.12", default-features = false, features = [
    "rustls-tls",
 ] }

--- a/tools/device_flow/examples/device_flow.rs
+++ b/tools/device_flow/examples/device_flow.rs
@ -4,10 +4,11 @@ use kanidm_proto::constants::uri::{
    OAUTH2_AUTHORISE, OAUTH2_AUTHORISE_DEVICE, OAUTH2_TOKEN_ENDPOINT,
 };
 use oauth2::basic::BasicClient;
-use oauth2::devicecode::StandardDeviceAuthorizationResponse;
+
 use oauth2::http::StatusCode;
 use oauth2::{
-    AuthUrl, ClientId, DeviceAuthorizationUrl, HttpRequest, HttpResponse, Scope, TokenUrl,
+    AuthUrl, ClientId, DeviceAuthorizationUrl, HttpRequest, HttpResponse, Scope,
+    StandardDeviceAuthorizationResponse, TokenUrl,
 };
 use reqwest::Client;
 use sketching::tracing_subscriber::layer::SubscriberExt;
@ -16,41 +17,34 @@ use sketching::tracing_subscriber::{fmt, EnvFilter};
 use tracing::level_filters::LevelFilter;
 use tracing::{debug, error, info};

-async fn http_client(
-    request: HttpRequest,
-) -> Result<HttpResponse, oauth2::reqwest::Error<reqwest::Error>> {
+async fn http_client(request: HttpRequest) -> Result<HttpResponse, oauth2::reqwest::Error> {
    let client = Client::builder()
        .danger_accept_invalid_certs(true)
        // Following redirects opens the client up to SSRF vulnerabilities.
        .redirect(reqwest::redirect::Policy::none())
-        .build()
-        .map_err(oauth2::reqwest::Error::Reqwest)?;
+        .build()?;

-    let method = reqwest::Method::from_str(request.method.as_str())
-        .map_err(|err| oauth2::reqwest::Error::Other(err.to_string()))?;
+    let method = reqwest::Method::from_str(request.method().as_str())
+        .expect("this is definitely a bug but OK in an example!");

    let mut request_builder = client
-        .request(method, request.url.as_str())
-        .body(request.body);
+        .request(method, request.uri().to_string())
+        .body(request.body().to_vec());

-    for (name, value) in &request.headers {
+    for (name, value) in request.headers().iter() {
        request_builder = request_builder.header(name.as_str(), value.as_bytes());
    }

    let response = client
-        .execute(request_builder.build().map_err(|err| {
-            error!("Failed to build request... {:?}", err);
-            oauth2::reqwest::Error::Reqwest(err)
-        })?)
+        .execute(request_builder.build()?)
        .await
-        .map_err(|err| {
-            error!("Failed to query url {} error={:?}", request.url, err);
-            oauth2::reqwest::Error::Reqwest(err)
+        .inspect_err(|err| {
+            error!("Failed to query url {} error={:?}", request.uri(), err);
        })?;

-    let status_code = StatusCode::from_u16(response.status().as_u16())
-        .map_err(|err| oauth2::reqwest::Error::Other(err.to_string()))?;
-    let headers = response
+    let status_code =
+        StatusCode::from_u16(response.status().as_u16()).expect("This'll work, for an example");
+    let headers: Vec<(oauth2::http::HeaderName, oauth2::http::HeaderValue)> = response
        .headers()
        .into_iter()
        .map(|(k, v)| {
@ -65,17 +59,17 @@ async fn http_client(
        })
        .collect();

-    let body = response.bytes().await.map_err(|err| {
-        error!("Failed to parse body...? {:?}", err);
-        oauth2::reqwest::Error::Reqwest(err)
-    })?;
+    let body = response.bytes().await?;
    info!("Response body: {:?}", String::from_utf8(body.to_vec()));

-    Ok(HttpResponse {
-        status_code,
-        headers,
-        body: body.to_vec(),
-    })
+    let mut response = HttpResponse::new(body.to_vec());
+
+    let headers_mut = response.headers_mut();
+    headers_mut.extend(headers);
+
+    *response.status_mut() = status_code;
+
+    Ok(response)
 }

 #[tokio::main]
@ -94,15 +88,13 @@ async fn main() -> anyhow::Result<()> {
    info!("building client...");

    // kanidm system oauth2 create-public device_flow device_flow 'https://deviceauth'
-    let client = BasicClient::new(
-        ClientId::new("device_code".to_string()),
-        None,
-        AuthUrl::new(format!("https://localhost:8443{}", OAUTH2_AUTHORISE))?,
-        Some(TokenUrl::new(format!(
-            "https://localhost:8443{}",
-            OAUTH2_TOKEN_ENDPOINT
-        ))?),
-    )
+    let client = BasicClient::new(ClientId::new("device_code".to_string()))
+        .set_token_uri(TokenUrl::from_url(
+            format!("https://localhost:8443{}", OAUTH2_TOKEN_ENDPOINT).parse()?,
+        ))
+        .set_auth_uri(AuthUrl::from_url(
+            format!("https://localhost:8443{}", OAUTH2_AUTHORISE).parse()?,
+        ))
        .set_device_authorization_url(DeviceAuthorizationUrl::new(format!(
            "https://localhost:8443{}",
            OAUTH2_AUTHORISE_DEVICE
@ -112,9 +104,9 @@ async fn main() -> anyhow::Result<()> {

    let details: StandardDeviceAuthorizationResponse = client
        .exchange_device_code()
-        .inspect_err(|err| error!("configuration error: {:?}", err))?
+        // .inspect_err(|err| error!("configuration error: {:?}", err))?
        .add_scope(Scope::new("read".to_string()))
-        .request_async(http_client)
+        .request_async(&http_client)
        .await?;

    println!(
@ -129,7 +121,7 @@ async fn main() -> anyhow::Result<()> {

    let token_result = client
        .exchange_device_access_token(&details)
-        .request_async(http_client, tokio::time::sleep, None)
+        .request_async(&http_client, tokio::time::sleep, None)
        .await?;
    println!("Result: {:?}", token_result);
    Ok(())
--- a/unix_integration/nss_kanidm/Cargo.toml
+++ b/unix_integration/nss_kanidm/Cargo.toml
@ -25,7 +25,7 @@ paste = { workspace = true }
 lazy_static = { workspace = true }

 [target."cfg(target_os = \"freebsd\")".build-dependencies]
-cc = "^1.2.6"
+cc = "^1.2.10"

 ## Debian packaging
 # The base metadata does **not** work to build a functioning package!