Update all dependencies

I've tweaked this so that we can easily update our dependencies in the
future.

Note that we're still using PostgreSQL 11 and we should probably start
testing everything with 12.

Dockerfile

@@ -6,7 +6,21 @@ ARG TOOLCHAIN=stable
 
 # The OpenSSL version to use. We parameterize this because many Rust
 # projects will fail to build with 1.1.
-ARG OPENSSL_VERSION=1.1.1f
+#
+# ALSO UPDATE hooks/build!
+ARG OPENSSL_VERSION=1.1.1g
+
+# Versions for other dependencies. Here are the places to check for new
+# releases:
+#
+# - https://github.com/rust-lang/mdBook/releases
+# - https://github.com/EmbarkStudios/cargo-deny/releases
+# - http://zlib.net/
+# - https://ftp.postgresql.org/pub/source/
+ARG MDBOOK_VERSION=0.3.7
+ARG CARGO_DENY_VERSION=0.6.6
+ARG ZLIB_VERSION=1.2.11
+ARG POSTGRESQL_VERSION=11.7
 
 # Make sure we have basic dev tools for building C libraries.  Our goal
 # here is to support the musl-libc builds and Cargo builds needed for a
@@ -38,16 +52,14 @@ RUN apt-get update && \
         && \
     apt-get clean && rm -rf /var/lib/apt/lists/* && \
     useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
-    MDBOOK_VERSION=0.3.6 && \
     curl -fLO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
     tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
     mv mdbook /usr/local/bin/ && \
     rm -f mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
-    DENY_VERSION=0.6.6 && \
-    curl -fLO https://github.com/EmbarkStudios/cargo-deny/releases/download/$DENY_VERSION/cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \
-    tar xf cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \
-    mv cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl/cargo-deny /usr/local/bin/ && \
-    rm -rf cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl.tar.gz 
+    curl -fLO https://github.com/EmbarkStudios/cargo-deny/releases/download/$CARGO_DENY_VERSION/cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \
+    tar xf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \
+    mv cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl/cargo-deny /usr/local/bin/ && \
+    rm -rf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz 
 
 # Static linking for C++ code
 RUN sudo ln -s "/usr/bin/g++" "/usr/bin/musl-g++"
@@ -107,7 +119,6 @@ RUN echo "Building OpenSSL" && \
 
 RUN echo "Building zlib" && \
     cd /tmp && \
-    ZLIB_VERSION=1.2.11 && \
     curl -fLO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
     tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
     CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
@@ -116,7 +127,6 @@ RUN echo "Building zlib" && \
 
 RUN echo "Building libpq" && \
     cd /tmp && \
-    POSTGRESQL_VERSION=11.2 && \
     curl -fLO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
     tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
     CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \

hooks/build

@@ -8,9 +8,11 @@
 set -euo pipefail
 
 # Default to using OpenSSL 1.1 now, because 1.0 has stopped receiving security
-# updates. 1.1 is incompatible with the crates postgres 0.15 and openssl 0.9,
-# so we do offer the option of falling back to 1.0.
-OPENSSL_VERSION=1.1.1f
+# updates. 1.1 is incompatible with the crates postgres 0.15 and openssl 0.9, so
+# we do offer the option of falling back to 1.0.
+#
+# Find the latest version at https://www.openssl.org/source/
+OPENSSL_VERSION=1.1.1g
 
 # Pick an appropriate Docker tag
 case "$DOCKER_TAG" in
@@ -19,6 +21,7 @@ case "$DOCKER_TAG" in
     ;;
   *-openssl10)
     DOCKER_TAG_WITHOUT_OPENSSL="${DOCKER_TAG/-openssl10/}"
+    # Find the latest version at https://www.openssl.org/source/old/1.0.2/
     OPENSSL_VERSION=1.0.2u
     ;;
   *)