mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
0d2d9c3fdb54699f485ee5bcbd95ca9480969e8a
4691 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jamil
|
0d2d9c3fdb |
chore: Enable jumpcloud adapter for dev and staging (#5343)
Will need to do the same for prod after deploy. |
||
|
Thomas Eizinger
|
02b39c6315 |
test(connlib): make use of check_invariants function (#5331)
Previously, we asserted at the end of `TunnelTest::apply`. `proptest-state-machine` offers a dedicated function for checking invariants which only gives you a regular reference. That is a good thing to enforce as we don't want our assertions to change state. |
||
|
Jamil
|
b07686ce6d |
chore: Bump Android version 1.0.3 (#5338)
Android 1.0.3 has been published. |
||
|
Jamil
|
46d4f2230d |
fix(infra): Remove stale DNS records (#5312)
Removes stale records that aren't pointing to valid services in use. |
||
|
Brian Manifold
|
bb92e26ade |
chore(infra): Add EC2 instance connect and remove bastion host (#5339)
Why: * As part of the SOC2 process, rather than having a bastion host to connect to EC2 instances in our AWS infra, this PR removes the bastion host and replaces it with an EC2 instance connect endpoint. This will allow SSH connections to use AWS IAM credentials rather than static SSH keys. Closes #5215 |
||
|
Jamil
|
fd3d66293c |
feat(portal): Enable address_description field to provide hint for accessing Resources in Clients (#5273)
Fixes #5270 - Relaxes the `NOT NULL` constraint because in Clients we already account for empty address descriptions (by showing the address in its place if missing). We may want to simply hide the Resource altogether if the description is missing (based on user feedback). With a blank field, we can differentiate between not entered vs entered an address. - Updates help text a bit ```[tasklist] - [x] Update docs with examples ``` <img width="772" alt="Screenshot 2024-06-06 at 12 01 48 PM" src="https://github.com/firezone/firezone/assets/167144/523aa0ff-f30d-44cb-bb3c-5d5cda7236e6"> --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Jamil
|
77d979e67b |
fix(portal): fix email sent flash when using oidc (#5128) (#5267)
For oidc users, `provider_identifier` is an id and not the email of the user. Contributed by @Intuinewin --------- Co-authored-by: Antoine <antoinelabarussias@gmail.com> |
||
|
Brian Manifold
|
26d8f7eab3 |
feat(portal): Add WorkOS/JumpCloud integration (#5269)
Why: * JumpCloud directory sync was requested from customers. JumpCloud only offers the ability to use it's API with an admin level access token that is tied to a specific user within a given JumpCloud account. This would require Firezone customers to give an access token with much more permissions that needed for our directory sync. To avoid this, we've decide to use WorkOS to provide SCIM support between JumpCloud and WorkOS, which will allow Firezone to then easily and safely retrieve JumpCloud directory info from WorkOS. --------- Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
dependabot[bot]
|
04063874a3 |
build(deps-dev): Bump @types/node from 20.14.0 to 20.14.2 in /rust/gui-client (#5315)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.14.0 to 20.14.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Jamil
|
8700a680d5 |
chore: Bump versions to point to new artifacts (#5337)
Currently dl links are broken due to the updated format. |
||
|
Jamil
|
a11697ca18 |
ci: Use github.ref_name instead of github.event_name (#5334)
`github.event_name` is never `workflow_call`, so we need a better value to use for the conditional for drafting releases. |
||
|
Jamil
|
adaaa0cbd3 |
ci: fix release drafter call conditional (#5333)
https://github.com/actions/runner/discussions/1884 |
||
|
Thomas Eizinger
|
f0c1f9556a |
refactor(connlib): use selectors to randomly pick values (#5310)
Reading through more of the `proptest` library, I came across the `Selector` concept. It is more generic than the `sample::Index` and allows us to directly pick from anything that is an `IntoIterator`. This greatly simplifies a lot of the code in `tunnel_test`. In order (pun intended) to make things deterministic, we migrate all maps and sets to `BTreeMap`s and `BTreeSets` which have a deterministic ordering of their contents, thus avoiding additional sorting. |
||
|
Jamil
|
9880ecb12f |
ci: Update publish to publish from staging artifacts (#5330)
Now that #4397 is done, deploying infra to production no longer happens before publishing Gateway/Client docker images, so we need to push those from their respective staging artifacts instead. |
||
|
dependabot[bot]
|
3cd724215c |
build(deps): Bump puppeteer from 22.10.0 to 22.10.1 in /scripts/tests/browser (#5316)
Bumps [puppeteer](https://github.com/puppeteer/puppeteer) from 22.10.0 to 22.10.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/puppeteer/puppeteer/releases">puppeteer's releases</a>.</em></p> <blockquote> <h2>puppeteer-core: v22.10.1</h2> <h2><a href="https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v22.10.0...puppeteer-core-v22.10.1">22.10.1</a> (2024-06-11)</h2> <h3>Bug Fixes</h3> <ul> <li>add a way to run page.$$ without the isolation (<a href="https://redirect.github.com/puppeteer/puppeteer/issues/12539">#12539</a>) (<a href=" |
||
|
dependabot[bot]
|
2a1d60ad01 |
build(deps): Bump tailwindcss from 3.4.3 to 3.4.4 in /website (#5325)
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from 3.4.3 to 3.4.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's releases</a>.</em></p> <blockquote> <h2>v3.4.4</h2> <h3>Fixed</h3> <ul> <li>Make it possible to use multiple <code><alpha-value></code> placeholders in a single color definition (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13740">#13740</a>)</li> <li>Don't prefix classes in arbitrary values of <code>has-*</code>, <code>group-has-*</code>, and <code>peer-has-*</code> variants (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13770">#13770</a>)</li> <li>Support negative values for <code>{col,row}-{start,end}</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13781">#13781</a>)</li> <li>Update embedded browserslist database (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13792">#13792</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/v3.4.4/CHANGELOG.md">tailwindcss's changelog</a>.</em></p> <blockquote> <h2>[3.4.4] - 2024-06-05</h2> <h3>Fixed</h3> <ul> <li>Make it possible to use multiple <code><alpha-value></code> placeholders in a single color definition (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13740">#13740</a>)</li> <li>Don't prefix classes in arbitrary values of <code>has-*</code>, <code>group-has-*</code>, and <code>peer-has-*</code> variants (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13770">#13770</a>)</li> <li>Support negative values for <code>{col,row}-{start,end}</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13781">#13781</a>)</li> <li>Update embedded browserslist database (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13792">#13792</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Reactor Scram
|
eecdda9f2c |
feat(blog): using Tauri (#5203)
Closes #5199 Not ready for review ```[tasklist] ### Before merging - [x] Remove that outline at the top - [x] Replace Mermaid diagrams with pre-rendered SVGs - [x] Fix or ditch the diagrams - [x] Use `we` instead of `I` - [x] Elaborate on Tauri's architecture - [x] Elaborate on our architecture - [x] Grep for `TODO`s - [x] Change "secure tunnel" to "connlib" to be more specific - [x] Double-check alt texts on images - [x] Last look - [x] Fix the publish date - [x] Last check that I didn't break anything else on the site ``` --------- Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
28cddc8304 |
chore(snownet): improve logs on blocked STUN traffic (#5305)
Detecting blocked STUN traffic is somewhat tricky. What we can observe is not receiving any responses from a relay (neither on IPv4 nor IPv6). Once an `Allocation` gives up retrying requests with a relay (after 60s), we now de-allocate the `Allocation` and print the following message: > INFO snownet::node: Disconnecting from relay; no response received. Is STUN blocked? id=613f68ac-483e-4e9d-bf87-457fd7223bf6 I chose to go with the wording of "disconnecting from relay" as sysdamins likely don't have any clue of what an "Allocation" is. The error message is specific to a relay though so it could also be emitted if a relay is down for > 60s or not responding for whatever reason. Resolves: #5281. |
||
|
dependabot[bot]
|
abb28f16a3 |
build(deps): Bump @types/node from 20.12.7 to 20.14.2 in /website (#5324)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.12.7 to 20.14.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
6a4f4fe07d |
build(deps): Bump react-dom and @types/react-dom in /website (#5328)
Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) and [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom). These dependencies needed to be updated together. Updates `react-dom` from 18.2.0 to 18.3.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/react/releases">react-dom's releases</a>.</em></p> <blockquote> <h2>18.3.1 (April 26, 2024)</h2> <ul> <li>Export <code>act</code> from <code>react</code> <a href=" |
||
|
Jamil
|
3bfc6d597a |
ci: Only run release_drafter on workflow_call (#5329)
Fixes https://github.com/firezone/firezone/actions/runs/9471306551/job/26094229731?pr=5325#step:2:22 |
||
|
dependabot[bot]
|
98b37f56ed |
build(deps): Bump crash-handler from 0.6.1 to 0.6.2 in /rust (#5326)
Bumps [crash-handler](https://github.com/EmbarkStudios/crash-handling) from 0.6.1 to 0.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/EmbarkStudios/crash-handling/releases">crash-handler's releases</a>.</em></p> <blockquote> <h2>crash-handler-0.6.2</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/crash-handling/pull/86">PR#86</a> (carrying on from <a href="https://redirect.github.com/EmbarkStudios/crash-handling/pull/85">PR#85</a>) added support for <a href="https://learn.microsoft.com/en-us/windows/win32/debug/vectored-exception-handling">vectored exception handlers</a> on Windows, which can catch heap corruption exceptions that the vanilla exception handler cannot catch. Thanks <a href="https://github.com/h3r2tic">Tom!</a>!</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bd9ab8d88c |
build(deps-dev): Bump tailwindcss from 3.4.3 to 3.4.4 in /rust/gui-client (#5321)
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from 3.4.3 to 3.4.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's releases</a>.</em></p> <blockquote> <h2>v3.4.4</h2> <h3>Fixed</h3> <ul> <li>Make it possible to use multiple <code><alpha-value></code> placeholders in a single color definition (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13740">#13740</a>)</li> <li>Don't prefix classes in arbitrary values of <code>has-*</code>, <code>group-has-*</code>, and <code>peer-has-*</code> variants (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13770">#13770</a>)</li> <li>Support negative values for <code>{col,row}-{start,end}</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13781">#13781</a>)</li> <li>Update embedded browserslist database (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13792">#13792</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/v3.4.4/CHANGELOG.md">tailwindcss's changelog</a>.</em></p> <blockquote> <h2>[3.4.4] - 2024-06-05</h2> <h3>Fixed</h3> <ul> <li>Make it possible to use multiple <code><alpha-value></code> placeholders in a single color definition (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13740">#13740</a>)</li> <li>Don't prefix classes in arbitrary values of <code>has-*</code>, <code>group-has-*</code>, and <code>peer-has-*</code> variants (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13770">#13770</a>)</li> <li>Support negative values for <code>{col,row}-{start,end}</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13781">#13781</a>)</li> <li>Update embedded browserslist database (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13792">#13792</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3e177230cd |
build(deps-dev): Bump @types/node from 20.13.0 to 20.14.2 in /scripts/tests/browser (#5317)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.13.0 to 20.14.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
2d5460c616 |
build(deps): Bump com.google.android.material:material from 1.11.0 to 1.12.0 in /kotlin/android (#5318)
Bumps [com.google.android.material:material](https://github.com/material-components/material-components-android) from 1.11.0 to 1.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/material-components/material-components-android/releases">com.google.android.material:material's releases</a>.</em></p> <blockquote> <h2>1.12.0</h2> <h1>What's new since 1.11.0</h1> <ul> <li><code>Slider</code> and <code>Progress Indicator</code> have been updated to better support Non-Text Contrast Accessibility requirements.</li> <li>Predictive Back Fragment/View support added to Material motion transitions (<code>MaterialSharedAxis</code>, <code>MaterialFadeThrough</code>, <code>MaterialFade</code>, <code>MaterialElevationScale</code>).</li> </ul> <h2>Important</h2> <p>Required <code>minSdkVersion</code> is now 19 or higher, for Material and AndroidX (<a href="https://android-developers.googleblog.com/2023/10/androidx-minsdkversion-19.html">blog post</a>).</p> <h2>Dependency Updates</h2> <table> <thead> <tr> <th>Dependency</th> <th>Previous version</th> <th>New version</th> </tr> </thead> <tbody> <tr> <td>androidx.transition</td> <td>1.2.0</td> <td>1.5.0</td> </tr> </tbody> </table> <h2>Library Updates</h2> <ul> <li><code>Gradle</code> <ul> <li>Update library minSdkVersion to 19. (1bbb43d155df64d24463455fe6fb291b6940a7b2)</li> <li>Upgrade to //third_party/gradle to 8.4 (1756f233ec3ac2085c07acf26a65b94e11038bd3)</li> </ul> </li> <li><code>Carousel</code> <ul> <li>Shifted keylines in contained strategies when there exists padding, and clipToPadding=false (1ef42e2f23a5ce21d5963c62fe2a7332dadaf296)</li> <li>Fixed Javadoc formatting error in <code>FullScreenCarouselStrategy</code> class documentation. (a0a1c6e04499c324b61c0a5b7b628cd4f9fc3cbc)</li> <li>Added support for cross axis wrap_content RecyclerViews (e88a1b98d240c451a8f1f3920958be28cd2ac563)</li> <li>Added documentation recommending snapping for multi-browse strategy (9e64a1f5f682f435018b6ba4546085745f1b4a8f)</li> <li>Add attributes to change small item size (92a5444de95501dbf5bc12eaaa7a969b44fe2151)</li> </ul> </li> <li><code>CollapsingToolbarLayout</code> <ul> <li>Fix text shadow fading when transitioning between expanded and collapsed states (7674e12ea818793fe654f7691941f0bdc97c75f3)</li> </ul> </li> <li><code>Checkbox</code> <ul> <li>Updated string translations (198e08cf5ebf77b140c194d6267270d6e52f99ed)</li> </ul> </li> <li><code>Dialog</code> <ul> <li>Unified scrim opacity in Material themes/theme overlays. (f3e4439ca69f993baa6626ad6a82937c2d283155)</li> </ul> </li> <li><code>Divider</code> <ul> <li>Fixed divider instantly appearing or disappearing on insertion or removal (ef4a0c5e36315904d7bce7f0f33d59b734f2657b)</li> </ul> </li> <li><code>i18n</code> <ul> <li>Update translated strings (a8307ef79280c1db52728127ae12809e58b82e8f)</li> </ul> </li> <li><code>MaterialDatePicker</code> <ul> <li>Fix date validation on Samsung devices (5aa6edfaed08a6dff8439b51e91cd43e2ffb0386)</li> </ul> </li> <li><code>MaterialAutoCompleteTextView</code> <ul> <li>Enabled switch access in MaterialAutoCompleteTextView. (14a7b4036334e4d0573a46731ea18a388f87dc98)</li> </ul> </li> <li><code>NavigationDrawer</code> <ul> <li>Fixed wrong item selected after click (a3af20a86970a77c6225c5254c6540bb81bdc049)</li> </ul> </li> <li><code>NavigationRail</code> <ul> <li>Added label padding for when the label is long enough to reach the sides of the nav rail (2439dc0e8141a44418d32148c16e0cfc7a5beba7)</li> <li>Increased padding in between items as per design specs (16eca7eef3af53fe594d66440db796dab8762777)</li> </ul> </li> <li><code>Predictive Back</code> <ul> <li>Animated corners during predictive back when no drawerLayoutCornerSize is set (c8b9b1c0bb8e51501246c902073acc45aedeebd6)</li> </ul> </li> <li><code>ProgressIndicator</code> <ul> <li>Updated inactive track color from primary container to secondary container. (c8cb0c60379adfd76efbf54adeac316a9bfaec4e)</li> <li>Updated the setter of track thickness to not update track corner radius. (540f5ee9839ca3472e990f597d6f0a2b203b1b4f)</li> <li>Added the limit to not have stop indicator size bigger than track thickness. (689e04f9edd1398f53bfc149aa78a2ab864953ba)</li> <li>Fixed the rounded ends overlapping bug with semi-transparent track/indicator color in Circular default style. (8167c115e34e6b206a8446d98ce22c574d8a1584)</li> <li>Removed the call to draw a transparent full track. (3f80fdb9e1f31df4c970025e34450726bbb822ec)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
405cf338d6 |
build(deps): Bump com.google.code.gson:gson from 2.10.1 to 2.11.0 in /kotlin/android (#5322)
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.10.1 to 2.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/gson/releases">com.google.code.gson:gson's releases</a>.</em></p> <blockquote> <h2>Gson 2.11.0</h2> <h1>Most important changes</h1> <ul> <li>Added default ProGuard / R8 rules (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2397">#2397</a>, <a href="https://redirect.github.com/google/gson/issues/2420">#2420</a>; <a href="https://github.com/sgjesse"><code>@sgjesse</code></a>, <a href="https://redirect.github.com/google/gson/issues/2448">#2448</a>; <a href="https://github.com/sfreilich"><code>@sfreilich</code></a>)<br /> If you are using ProGuard or R8 (for example for Android projects) you might not need any special Gson configuration anymore if your classes have a no-args constructor and use <code>@SerializedName</code> for their fields.</li> <li>On Android, Gson now requires API level 21 or newer</li> <li>Added new <code>Strictness</code> API (<a href="https://github.com/marten-voorberg"><code>@marten-voorberg</code></a> & fellow students, <a href="https://redirect.github.com/google/gson/issues/2437">#2437</a>)<br /> Some of Gson's API is still lenient by default, but you can now use the newly added methods <code>GsonBuilder#setStrictness</code>, <code>JsonReader#setStrictness</code> and <code>JsonWriter#setStrictness</code> with <code>Strictness.STRICT</code> to override this behavior and to instead strictly adhere to the JSON specification when parsing.</li> <li>New <code>FormattingStyle</code> class to allow configuring line breaks in JSON output (<a href="https://github.com/mihnita"><code>@mihnita</code></a>, <a href="https://redirect.github.com/google/gson/issues/2231">#2231</a>)<br /> Can be set using <code>GsonBuilder#setFormattingStyle</code> and <code>JsonWriter#setFormattingStyle</code>.</li> <li><code>TypeToken</code> can no longer capture type variables by default (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2376">#2376</a>)<br /> This was previously a common source of issues. The newly thrown exception refers to a <a href="https://github.com/google/gson/blob/main/Troubleshooting.md#typetoken-type-variable">Troubleshooting Guide article</a> which explains this in more detail and provides suggestions for updating affected code.</li> <li>Added serialization support for anonymous and local classes with a custom adapter (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2498">#2498</a>)<br /> This affects for example <code>List</code> implementations returned by libraries such as Guava which are implemented as anonymous class, which were previously serialized as <code>null</code>. Anonymous and local classes without custom adapter will still be serialized as <code>null</code>.</li> <li>Added dependency on <code>com.google.errorprone:error_prone_annotations</code><br /> Your project can use Maven or Gradle dependency exclusions to remove the transitive error_prone_annotations dependency from Gson. Or if you are manually maintaining dependencies as JARs in your project you can omit error_prone_annotations. And it should still work correctly.<br /> But Gson itself does declare it as a required dependency, and if you don't perform any custom configuration, then Maven or Gradle will by default try to download and use it.</li> <li>Many exception messages now refer to the <a href="https://github.com/google/gson/blob/main/Troubleshooting.md">Troubleshooting Guide</a> (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2357">#2357</a>)<br /> Feedback regarding the Troubleshooting Guide is appreciated!</li> <li>Officially documented that JVM languages other than Java might not be fully supported, see the <a href="https://github.com/google/gson/blob/main/README.md">README</a>.</li> <li>Guarantee that <code>JsonElement#toString</code> produces JSON output (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2659">#2659</a>)</li> </ul> <h1>Other changes</h1> <h2>Bug fixes</h2> <ul> <li>Fixed incorrect <code>JsonPrimitive#equals</code> results for large <code>BigInteger</code> values (<a href="https://github.com/MaicolAntali"><code>@MaicolAntali</code></a>, <a href="https://redirect.github.com/google/gson/issues/2311">#2311</a>)</li> <li>Fixed incorrect <code>JsonPrimitive#equals</code> results for large <code>BigDecimal</code> values (<a href="https://github.com/MaicolAntali"><code>@MaicolAntali</code></a>, <a href="https://redirect.github.com/google/gson/issues/2364">#2364</a>)</li> <li>Fixed <code>JsonReader</code> throwing <code>NumberFormatException</code> instead of <code>MalformedJsonException</code> for malformed Unicode escape sequences (<a href="https://github.com/MaicolAntali"><code>@MaicolAntali</code></a>, <a href="https://redirect.github.com/google/gson/issues/2337">#2337</a>)</li> <li>Fixed <code>TypeToken#getParameterized</code> returning bogus <code>ParameterizedType</code> for non-generic types (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2447">#2447</a>)</li> <li>Fixed Java Record adapter not working for GraalVM Native Image (<a href="https://github.com/eamonnmcmanus"><code>@eamonnmcmanus</code></a>, <a href="https://redirect.github.com/google/gson/issues/2465">#2465</a>)</li> <li>Fixed <code>JsonWriter#name</code> not throwing exception when no JSON object is currently being written (<a href="https://github.com/shivam-sehgal"><code>@shivam-sehgal</code></a>, <a href="https://redirect.github.com/google/gson/issues/2475">#2475</a>; <a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2476">#2476</a>)</li> <li>Fixed <code>Gson#getDelegateAdapter</code> not working properly for <code>@JsonAdapter</code> (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2435">#2435</a>)<br /> Note that <code>null</code> is now not allowed as <code>skipPast</code> value anymore, which was previously allowed but undocumented.</li> <li>Fixed <code>GsonBuilder</code> not rejecting type adapters for <code>Object</code> and <code>JsonElement</code>, whose default adapters cannot be overridden (<a href="https://github.com/sachinp97"><code>@sachinp97</code></a>; <a href="https://redirect.github.com/google/gson/issues/2479">#2479</a>)</li> <li>Fixed no limits being enforced when deserializing <code>BigDecimal</code> and <code>BigInteger</code> (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2510">#2510</a>)<br /> The new limits prevent potential performance problems when user code uses the deserialized numbers. Gson itself was and is not affected by these performance problems. The limits should be high enough to not cause issues for most use cases, but feedback is appreciated.</li> <li>Fixed <code>GsonBuilder#setDateFormat</code> not rejecting invalid date formats (<a href="https://github.com/Carpe-Wang"><code>@Carpe-Wang</code></a>, <a href="https://redirect.github.com/google/gson/issues/2538">#2538</a>)</li> <li>Fixed <code>GsonBuilder#setDateFormat</code> not rejecting invalid date styles (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2545">#2545</a>)</li> <li>Fixed <code>GsonBuilder#setDateFormat</code> ignoring partial DEFAULT style (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2556">#2556</a>)</li> <li>Fixed <code>TypeToken#isAssignableFrom</code> throwing <code>AssertionError</code> in some cases (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2544">#2544</a>)</li> <li>Fixed date adapters not restoring time zone after parsing (<a href="https://github.com/Carpe-Wang"><code>@Carpe-Wang</code></a>, <a href="https://redirect.github.com/google/gson/issues/2549">#2549</a>)</li> <li>Fixed <code>TypeToken#equals</code> erroneously returning <code>false</code> for equal generic type parameters in some cases (<a href="https://github.com/d-william"><code>@d-william</code></a>, <a href="https://redirect.github.com/google/gson/issues/2599">#2599</a>)</li> <li>Fixed incorrect inherited URLs in <code>pom.xml</code> (<a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2351">#2351</a>)</li> </ul> <h2>Performance improvements</h2> <ul> <li>Slightly reduce memory usage for reflection-based adapter (<a href="https://github.com/sembseth"><code>@sembseth</code></a>, <a href="https://redirect.github.com/google/gson/issues/2325">#2325</a>; <a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a>, <a href="https://redirect.github.com/google/gson/issues/2440">#2440</a>)</li> <li>Improved parsing speed of <code>ToNumberPolicy#LONG_OR_DOUBLE</code> (<a href="https://github.com/ctasada"><code>@ctasada</code></a>, <a href="https://redirect.github.com/google/gson/issues/2674">#2674</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
dbee52871a |
build(deps): Bump com.google.firebase.appdistribution from 4.2.0 to 5.0.0 in /kotlin/android (#5320)
Bumps com.google.firebase.appdistribution from 4.2.0 to 5.0.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
52ed9d5cce |
build(deps-dev): Bump braces from 3.0.2 to 3.0.3 in /rust/gui-client in the npm_and_yarn group (#5314)
Bumps the npm_and_yarn group in /rust/gui-client with 1 update: [braces](https://github.com/micromatch/braces). Updates `braces` from 3.0.2 to 3.0.3 <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2b6cfd8904 |
build(deps): Bump autoprefixer from 10.4.18 to 10.4.19 in /website (#5327)
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 10.4.18 to 10.4.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/autoprefixer/releases">autoprefixer's releases</a>.</em></p> <blockquote> <h2>10.4.19</h2> <ul> <li>Removed <code>end value has mixed support, consider using flex-end</code> warning since <code>end</code>/<code>start</code> now have good support.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md">autoprefixer's changelog</a>.</em></p> <blockquote> <h2>10.4.19</h2> <ul> <li>Removed <code>end value has mixed support, consider using flex-end</code> warning since <code>end</code>/<code>start</code> now have good support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
72bd395f38 |
build(deps): Bump com.google.gms.google-services from 4.4.1 to 4.4.2 in /kotlin/android (#5319)
Bumps com.google.gms.google-services from 4.4.1 to 4.4.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Jamil
|
2e436f7f77 |
chore(portal): Fix policy creation for conditions disabled; tweak design (#5301)
- Fixes policy creation when `policy_conditions` is disabled - Updates design so that items are a little more aligned and text has more / consistent spacing around. https://github.com/firezone/firezone/assets/167144/b9c29110-ae1c-4841-b999-a0da022f4a38 Test is failing though. Before sinking more time into this I wanted to open this PR to get @AndrewDryga's input. |
||
|
dependabot[bot]
|
9a01745a1d |
build(deps): Bump the windows group in /rust with 2 updates (#5288)
Bumps the windows group in /rust with 2 updates: [windows](https://github.com/microsoft/windows-rs) and [windows-implement](https://github.com/microsoft/windows-rs). Updates `windows` from 0.56.0 to 0.57.0 <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
5b8e9441c3 |
chore(website): Add sign in to navbar (#5300)
Back by customer request, sign in from website navbar. Witnessed a couple customers fumble around trying to sign in after entering `firezone.dev` in their navbar. |
||
|
Thomas Eizinger
|
c35a7579a8 |
refactor(connlib): split tunnel_test into multiple modules (#5266)
The implementation of `tunnel_test` has grown substantially in the last couple of weeks (> 2500 LoC). To make things easier to manage, we split it up into multiple modules: - `assertions`: Houses the actual assertions of the test. - `reference:` The reference implementation of connlib. Used to as the "expectation" for the assertions. - `sut`: A wrapper around connlib itself, acting as the system-under-test (SUT). - `transition`: All state transitions that the test might go through. - `strategies`: Auxiliary strategies used in multiple places. - `sim_*`: Wrappers for simulating various parts in the code: Clients, relays, gateways & the portal. I chose to place strategies into the same modules as where things are defined. For example, the `sim_node_prototype` strategy is defined in the `sim_node` module. Similarly, the strategies for the individual transitions are also defined in the `transition` module. |
||
|
Thomas Eizinger
|
e1877bc250 |
fix(snownet): don't invalidate candidates after nomination (#5283)
Currently, there is a bug in `snownet` where we accidentally invalidate a srflx candidate because we try and look for the nominated candidate based on the nominated address. The nominated address represents the socket that the application should send from: - For host candidates, this is the host candidate's address itself. - For server-reflexive candidates, it is their base (which is equivalent to the host candidate) - For relay candidates, it is the address of the allocation. Because of the ambiguity between host and server-reflexive candidates, we invalidate the server-reflexive candidate locally, send that to the remote and the remote as a result kills the connection because it thinks it should no longer talk to this address. To fix this, we don't add server-reflexive candidates to the local agent anymore. Only the remote peer needs to know about the server-reflexive address in order to send packets _to_ it. By sending from the host candidate, we automatically send "from" the server-reflexive address. Not adding these server-reflexive candidates has an additional impact. To make the tests pass reliably, I am entirely removing the invalidation of candidates after the connection setup, as keeping that fails connections early in the roaming test. This will increase background traffic a bit but that seems like an okay trade-off to get more resilient connections (the current bug is only caused by us trying to be clever in how many candidate pairs we keep alive). We still use the messages for invalidating candidates on the remote to make roaming work reasonably smoothly. Resolves: #5276. |
||
|
Thomas Eizinger
|
96ced27e5a |
fix(snownet): notify remote of invalidated relay candidate (#5303)
When migrating to new relays, we need to notify the remote of our invalidated relay candidates and not just invalidate them locally. Related: #5283. |
||
|
Thomas Eizinger
|
5b065d3e4c |
test(snownet): migrate relays for both parties (#5302)
In production, the portal will signal disconnected relays to both the client and the gateway. We should mimic this in the tests. In #5283, we remove invalidation of candidates during the connection setup which breaks this roaming test due to "unhandled messages". We could ignore those but I'd prefer to setup the test such that we panic on unhandled messages instead and thus, this seems to be the better fix. |
||
|
Jamil
|
948f5515d5 |
docs: add more specific IP ranges for Relays (#5282)
Needed for customers with restrictive network environments. |
||
|
Jamil
|
926e26f578 |
ci: fix workflow order (#5299)
https://github.com/firezone/firezone/actions/runs/9453837712 |
||
|
Jamil
|
7697d3c8cb |
ci: prevent release drafter from drafting excessive bodies (#5298)
https://github.com/firezone/firezone/actions/runs/9453535771 |
||
|
Jamil
|
4d6af727c6 |
ci: split release drafter configs (#5297)
How the heck |
||
|
Jamil
|
dc41383140 |
ci: Fix release drafter tag (#5296)
https://github.com/firezone/firezone/actions/runs/9453208745/job/26038106406 |
||
|
Jamil
|
b37f2f08df |
ci: Try again to separate releases (#5295)
https://github.com/firezone/firezone/actions/runs/9453112091 |
||
|
Jamil
|
649ce7a18a |
ci: fix release name and artifact cp (#5294)
https://github.com/firezone/firezone/actions/runs/9452931933 |
||
|
Jamil
|
7d91d47ccb |
ci: Fix leftovers from #5287 (#5293)
https://github.com/firezone/firezone/actions/runs/9452482657 |
||
|
Jamil
|
7e533c42f8 |
refactor: Split releases for Clients and Gateways (#5287)
- Removes version numbers from infra components (elixir/relay) - Removes version bumping from Rust workspace members that don't get published - Splits release publishing into `gateway-`, `headless-client-`, and `gui-client-` - Removes auto-deploying new infrastructure when a release is published. Use the Deploy Production workflow instead. Fixes #4397 |
||
|
Jamil
|
56a8f3c974 |
chore(ci): Bump CI tool versions (#5285)
Bumps the tool versions that fall through the Dependabot cracks. |
||
|
Andrew Dryga
|
650d7d7998 |
feat(portal): Add Policy conditions (#5144)
Now policies can have additional conditions based on Client location (country or IP range), IdP provider used for sign in or the current time of the day at a given timezone. This covers use cases where employees can access the production system only from certain countries (states can be added later) or when contractors can only access internal tools during working hours. Closes https://github.com/firezone/firezone/issues/4743 Closes #4742 Closes #4741 Closes #4740 <img width="1728" alt="Screenshot 2024-05-31 at 13 50 53" src="https://github.com/firezone/firezone/assets/1877644/55f509f2-0f49-4edb-8c03-7a5a6d884ccc"> <img width="1728" alt="Screenshot 2024-05-31 at 13 50 56" src="https://github.com/firezone/firezone/assets/1877644/756bb03f-4024-4978-ac85-6daa918ae037"> <img width="1728" alt="Screenshot 2024-05-31 at 13 51 01" src="https://github.com/firezone/firezone/assets/1877644/cf159a86-077f-4ada-9952-9e8d399d0dc1"> <img width="1728" alt="Screenshot 2024-05-31 at 13 51 03" src="https://github.com/firezone/firezone/assets/1877644/c070719e-2d4b-41bd-ad03-430baf2dbe9b"> <img width="676" alt="Screenshot 2024-05-31 at 14 56 06" src="https://github.com/firezone/firezone/assets/1877644/435a4951-479d-4371-99c4-29a055348175"> |
||
|
Jamil
|
74e9b5c8a6 | chore: Update codeowners (#5286) | ||
|
Thomas Eizinger
|
4117639cf4 |
fix(connlib): reply with SERVFAIL on DNS query errors (#5263)
Currently, we simply drop a DNS query if we can't fulfill it. Because DNS is based on UDP which is unreliable, a downstream system will re-send a DNS query if it doesn't receive an answer within a certain timeout window. Instead of dropping queries, we now reply with `SERVFAIL`, indicating to the client that we can't fulfill that DNS query. The intent is that this will stop any kind of automated retry-loop and surface an error to the user. Related: #4800. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com> |