Merge pull request #9 from flibusta-apps/dependabot/github_actions/github/codeql-action-4

Bump github/codeql-action from 3 to 4

.github/workflows/build_docker_image.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3

.github/workflows/rust-clippy.yml

@@ -0,0 +1,55 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# rust-clippy is a tool that runs a bunch of lints to catch common
+# mistakes in your Rust code and help improve your Rust code.
+# More details at https://github.com/rust-lang/rust-clippy
+# and https://rust-lang.github.io/rust-clippy/
+
+name: rust-clippy analyze
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '44 5 * * 6'
+
+jobs:
+  rust-clippy-analyze:
+    name: Run rust-clippy analyzing
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          components: clippy
+          override: true
+
+      - name: Install required cargo
+        run: cargo install clippy-sarif sarif-fmt
+
+      - name: Run rust-clippy
+        run:
+          cargo clippy
+          --all-features
+          --message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
+        continue-on-error: true
+
+      - name: Upload analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: rust-clippy-results.sarif
+          wait-for-processing: true

Cargo.toml

@@ -26,13 +26,13 @@ futures-util = "0.3.31"
 
 tracing = "0.1.41"
 tracing-subscriber = { version = "0.3.19", features = ["env-filter"]}
-sentry-tracing = "0.41.0"
+sentry-tracing = "0.42.0"
 tower-http = { version = "0.6.2", features = ["trace"] }
 
 once_cell = "1.21.1"
 
 axum = { version = "0.8.1", features = ["multipart"] }
-axum-prometheus = "0.8.0"
+axum-prometheus = "0.9.0"
 
 serde = { version = "1.0.219", features = ["derive"] }
 serde_json = "1.0.140"
@@ -47,7 +47,7 @@ reqwest = { version = "0.12.15", features = ["json", "stream", "multipart"] }
 
 bytes = "1.10.1"
 tempfile = "3.19.1"
-zip = "4.2.0"
+zip = "4.6.0"
 
 base64 = "0.22.1"
 
@@ -55,6 +55,6 @@ async-stream = "0.3.6"
 
 translit = "0.6.0"
 
-sentry = { version = "0.41.0", features = ["debug-images"] }
+sentry = { version = "0.42.0", features = ["debug-images"] }
 
 chrono = "0.4.40"