This isn't plugged into anything yet on the Swift side but lays the
foundation for changing the log-level at runtime without having to sign
the user out.
Currently, when `connlib`'s log file gets deleted, we write logs into
nirvana until the corresponding process gets restarted. This is painful
for users to do because they need to restart the IPC service or Network
Extension. Instead, we can simply check if the log file exists prior to
writing to it and re-create it if it doesn't.
Resolves: #6850
Related: #7569
When working on the Rust code of Firezone from a MacOS computer, it is
useful to have pretty much all of the code at least compile to ensure
detect problems early. Eventually, once we target features like a
headless MacOS client, some of these stubs will actually be filled in an
be functional.
This shouldn't matter because we are only using the `UniquePacketBuffer`
on the client and not on the Gateway where SYN-ACK packets would be sent
from. To be fully correct though, we need to also compare the ACK flag
of the two packets.
Despite our efforts in #8912, the current implementation still does not
do enough to maintain packet ordering across GSO batches.
At present, we very aggressively batch packets of the same length
together. This however is too eager when we consider packet flows such
as the following:
```
9:03:49.585143 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 1:1229, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
09:03:49.585151 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 1229:2063, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 834
09:03:49.585157 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 2063:3094, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1031
09:03:49.585187 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 3094:4322, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
09:03:49.585188 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 4322:5156, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 834
09:03:49.585227 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 5156:6384, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
09:03:49.585228 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 6384:7612, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
09:03:49.585230 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 7612:8249, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 637
09:03:49.585846 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 8249:9477, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
09:03:49.585851 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 9477:10705, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
```
As we can see here, the remote sends us packet batches of varying
lengths:
- 1228, 834
- 1031
- 1228, 834
- 1228, 1228, 637
- 1228, 1228
1228 represents a "full" TCP packet so any packet following a
full-packet SHOULD be grouped together into a GSO batch.
Currently, we are batching all the 1228 packets together and we ignore
the fact that there were actually smaller sized packets inbetween those
that belong together.
To mitigate this, we refactor the `GsoQueue` to remove the
`segment_size` from the binning key of our map and instead only group
batches by their source, destination and ECN information. Within such a
connection, we then create an ordered list of batches. A new batch is
started if the length differs or we have previously pushed a packet that
isn't of the length of the batch, therefore signalling the end of the
batch.
The result here looks very promising (this is loading
`blog.firezone.dev` via the `lynx` browser from within the
headless-client docker container, so going through a Gateway running
this PR):
|main|this PR|
|---|---|
|||
Related: #8899
Having multiple threads for reading and writing the TUN device can cause
packet re-orderings on the client. All other clients only use a single
TUN thread, so aligning this value means a more consistent behaviour of
Firezone across all platforms.
Generic Segmentation Offload (GSO) is a clever way of reducing the
number of syscalls made when a you want to send a lot of packets with
the same length to the same recipient. The way this works is that the
packets are concatenated and passed to the kernel as a single packet
together with the `segment_size` as an out-of-band argument.
The component managing this batching in `connlib` is called `GsoQueue`.
In #8772, we made the order in which these batches are sent to the
kernel explicit by prioritising batches with smaller segments. What we
overlooked with that strategy is that in a particular GSO batch, the
last packet is actually allowed to be of a different length.
For example, say the user is downloading an image of 4500Kb. With our
MTU of 1280, we have a payload size of 1252. This results in three
fully-filled packets and one packet of 744 bytes. With the change in
#8772, the small packet of 744 bytes will be transferred first, followed
by the "train" of fully filled packets.
To fix this, we flip the order here and transfer batches or larger sizes
first. The original problem we attempted to mitigate in #8772 no longer
exists now that we merged #7590. We will simply suspend now if the UDP
socket isn't ready contrary to dropping the next batch.
By flipping the order here, we guarantee that batches with a larger size
are sent before batches with a smaller size. This should also imply that
the encapsulated IP packets of e.g. an image arrive in the correct order
(with the smallest packet last as it is part of a smaller batch). What
we don't guarantee with this is that there won't be any other IP packets
sent "in the middle" of such a batch. This shouldn't be a problem though
as we are simply interleaving packets of different TCP / UDP connections
with each other which already happens on the regular Internet anyway.
Turns out that the standard `pgoutput` plugin shipped with Postgres will
do everything we need it to, and there are good examples of prior art
decoding its binary output in Elixir (in production).
So to avoid adding a dependency on `wal2json` here, we'll go with that.
Why:
* The copy to clipboard button was not working at all on the API new
token page due to the fact that the FlowbiteJS library expects the
presence of the elements in the DOM on first render. This was not true
of the API Token code block. Along with that issue the existing code
blocks copy to clipboard buttons did not give any visual indication that
the copy had been completed. It was also somewhat difficult to see the
copy to clipboard button on those code blocks as well. This commit
updates the buttons to be more visible, as well as adds a phx-hook to
make sure the FlowbiteJS init functions are run on every code block even
if it's inserted after the initial load of the page and adds functions
that are run as a callback to toggle the button text and icon to show
the text has been copied.
Enables `wal_level = logical` so we can start implementing CDC.
**WARNING**: This will trigger a restart of our database instance, so it
should be deployed during our standard maintenance window (Saturday
evening).
In order to develop and test WAL replication, we need the wal2json
module installed in our dev postgres image. The module itself builds
very quickly, but I thought it would be better to have this
automatically built and pushed as part of a nightly job so that CI and
developers can make use of it.
API clients don't belong to any actor_groups and attempting to deep link
into the `groups` section when viewing an actor raises a 500 error.
This PR fixes that by removing the deep link into `actor_groups` from
the actors index view.
Prevents more than one sync-enabled adapter per account in order to
prepare for eventually adding a unique constraint on
`provider_identifier` for identities and groups per account.
Related: #6294
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Brian Manifold <bmanifold@users.noreply.github.com>
Sufficiently large receive buffers are important to sustain
high-throughput as latency increases. If the receive buffer in the
kernel is too small, packets need to be dropped on arrival.
Firefox uses 1MB in its QUIC stack [0]. `quic-go` recommends to set send
and receive buffers to 7.5 MB [1]. Power users of Firezone are likely
receiving a lot more traffic than the average Firefox user (especially
with Internet Resource activated) so setting it to 10 MB seems
reasonable. Sending packets is likely not as critical because we have
back-pressure through our system such that we will stop reading IP
packets when we cannot write to our UDP socket. The UDP socket is
sitting in a separate thread and those threads are connected with
dedicated queues which act as another buffer. However, as the data below
shows, some systems have really small send buffers which are currently
likely a speed bottleneck because we need to suspend writing so
frequently.
Assuming a 50ms latency, the bandwidth-delay product tells us that we
can (in theory) saturate a 1.6 Gbps link with a 10MB receive buffer
(assuming the OS also has large enough buffer sizes in its TCP or QUIC
stack):
```
80 Mb / 0.05s = 1600Mbps
```
Experiments and research [2] show the following:
|OS|Receive buffer (default)|Receive buffer (this PR)|Send buffer
(default)|Send buffer (this PR)|
|---|---|---|---|---|
|Windows|65KB|10MB|65KB|1MB|
|MacOS|786KB|8MB|9KB|1MB|
|Linux|212KB|212KB|212KB|212KB|
With the exception of Linux, the OSes appear to be quite generous with
how big they allow receive buffers to be. On Linux, these limit can be
changed by setting the `core.net.rmem_max` and `core.net.wmem_max`
parameters using `sysctl`.
Most of our users are on Windows and MacOS, meaning they immediately
benefit from this without having to change any system settings. Larger
client-side UDP receive buffers are critical for any "download" scenario
which is likely the majority of usecases that Firezone is used for.
On Windows, increasing this receive buffer almost doubles the throughput
in an iperf3 download test.
[0]: https://github.com/mozilla/neqo/pull/2470
[1]: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
[2]: https://unix.stackexchange.com/a/424381
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
When reading from our UDP socket, we utilise GRO to read multiple
packets originating from the same IP + port and with the same length in
a single syscall. Currently, we can read up to 10 different combinations
here in a single syscall. `quinn_udp` actually exposes a constant for
how many batches it can handle at a time. Instead of hard-coding the
value 10, we now follow this constant.
On Linux and MacOS (with `apple-fast-datapath`), this constant has the
value 32. On Windows, it is 1.
Even on my not-so-fast Internet connection of 100Mbit, I can see an
increase in batch-count of up to 29 so increasing this value seems to be
definitely worth it.
When the `recv` syscall completes, `quinn-udp` tells us how many batches
we have read. On Windows, this is always 1 because Windows doesn't have
an APIs to read more than a single GRO batch. The `DatagramSegmentIter`
already has a way of detecting this, however it currently needs to
iterator through all batches (10) and check that their `meta.length ==
0` before realising this.
We can shortcut the iterator early which might improve download
performance on Windows.
I can't measure a direct improvement here but I believe that is because
we are currently limited by the buffer size on Windows. Regardless, this
feels like the right thing to do.
It creates a bit of duplication with code that we have in `snownet` but
it is code that is unlikely to change because the protocols are already
standarised. Contrary to recording the port, the cardinality of these
protocols is much fixed to a much smaller range which will allow us to
safely record these metrics in an actual time-series database further
down the line whilst still reasoning about how much traffic we are
sending over TURN, as STUN or as WireGuard.
This was left behind in a large refactor as part of #3642 and was never
cleaned up.
I verified on prod this table in fact has no meaningful data in it and
has not changed since that PR was merged.
Bumps androidx.security:security-crypto from 1.1.0-alpha06 to
1.1.0-alpha07.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [keyring](https://github.com/hwchen/keyring-rs) from 3.6.1 to
3.6.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hwchen/keyring-rs/releases">keyring's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.2: better docs, lighter-weight tests</h2>
<p>Thanks to <a
href="https://github.com/unkcpz"><code>@unkcpz</code></a>, this release
fully documents all the platform-specific modules in each platform on <a
href="https://docs.rs/keyring/latest/keyring/">docs.rs</a>.</p>
<p>The dev dependencies (used for testing) have been switched from using
<code>rand</code> to using the lighter-weight module
<code>fastrand</code>.</p>
<p>There are no functional code changes in this release, only test
changes.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-source-cooperative/keyring-rs/blob/master/CHANGELOG.md">keyring's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.6.2</h2>
<ul>
<li>Have docs.rs build docs for all modules on all platforms (thanks to
<a href="https://github.com/unkcpz"><code>@unkcpz</code></a> - see <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/235">#235</a>).</li>
<li>Switch to <code>fastrand</code> for tests (see <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/237">#237</a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ee3f80d0d3"><code>ee3f80d</code></a>
Merge pull request <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/238">#238</a>
from brotskydotcom/issue-236</li>
<li><a
href="766c8bc4e6"><code>766c8bc</code></a>
Switch to using fastrand for testing.</li>
<li><a
href="f1b7ec192e"><code>f1b7ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/237">#237</a>
from unkcpz/fix/235/keyring-doc-xplat</li>
<li><a
href="09c9c0dd94"><code>09c9c0d</code></a>
using matrix for targets in doctest.yaml</li>
<li><a
href="307e575e2f"><code>307e575</code></a>
Move to doctest.yaml as ind CI and run inline from action</li>
<li><a
href="8a5c6dd838"><code>8a5c6dd</code></a>
fast-fail test-docsrs-build.sh</li>
<li><a
href="a40bd956fd"><code>a40bd95</code></a>
r-brot</li>
<li><a
href="ac2a3b474d"><code>ac2a3b4</code></a>
experiment doccfg with attr docrs</li>
<li><a
href="3d8da9603c"><code>3d8da96</code></a>
multi-target toolchain CI</li>
<li><a
href="a994584d9b"><code>a994584</code></a>
remove -Zbuild-std which not required on docs.rs</li>
<li>Additional commits viewable in <a
href="https://github.com/hwchen/keyring-rs/compare/v3.6.1...v3.6.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the tauri group in /rust with 1 update:
[tauri](https://github.com/tauri-apps/tauri).
Updates `tauri` from 2.5.0 to 2.5.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.5.1</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1021 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.3)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.1)
Adding getrandom v0.2.15 (available: v0.3.2)
Adding html5ever v0.26.0 (available: v0.30.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.61.2)
Adding oxc_ast v0.36.0 (available: v0.61.2)
Adding oxc_parser v0.36.0 (available: v0.61.2)
Adding oxc_span v0.36.0 (available: v0.61.2)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.0)
Adding rpm v0.16.0 (available: v0.17.0)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding webview2-com v0.36.0 (available: v0.37.0)
Adding windows v0.60.0 (available: v0.61.1)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 748 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="766bccc341"><code>766bccc</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13243">#13243</a>)</li>
<li><a
href="31becbd1d1"><code>31becbd</code></a>
enhance(core): respect
<code>data-tauri-drag-region="false"</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13269">#13269</a>)</li>
<li><a
href="da2a6ae5e3"><code>da2a6ae</code></a>
fix(core): raw channel message type regression (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13268">#13268</a>)</li>
<li><a
href="87fdc3b9cd"><code>87fdc3b</code></a>
chore(deps): update rust crate jsonschema to 0.30 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13249">#13249</a>)</li>
<li><a
href="30e76c7d3a"><code>30e76c7</code></a>
chore(deps): update rust crate brotli to v8 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13264">#13264</a>)</li>
<li><a
href="85b1912529"><code>85b1912</code></a>
Make tauri-runtime-wry optional with features (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13241">#13241</a>)</li>
<li><a
href="82da4f17f5"><code>82da4f1</code></a>
fix(ci): ubuntu 20.04 no longer exists (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13240">#13240</a>)</li>
<li>See full diff in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-v2.5.0...tauri-v2.5.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
In #8795 we added an additional path to the artifact upload which
appeared to have broken it. The action cannot seem to handle multiple
direct paths that lead to files. It tries to but fails:
```
Multiple search paths detected. Calculating the least common ancestor of all paths
The least common ancestor is /Users/runner/work/firezone/firezone/"/Users/runner/work/_temp. This will be the root directory of the artifact
Warning: No files were found with the provided path: "/Users/runner/work/_temp/firezone-macos-client-1.4.12.dmg"
"/Users/runner/work/_temp/firezone-macos-client-1.4.12.pkg". No artifacts will be uploaded.
```
Source:
https://github.com/firezone/firezone/actions/runs/14571295945/job/40868936348#step:7:31
Splitting this step into two and creating one artifact each fixes this
as can be seen in the following job (which I triggered for this PR):
https://github.com/firezone/firezone/actions/runs/14572176039/job/40871304453
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.13.0 to
3.19.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's
changelog</a>.</em></p>
<blockquote>
<h2>3.19.1</h2>
<ul>
<li>Don't unlink temporary files immediately on Windows (fixes <a
href="https://redirect.github.com/Stebalien/tempfile/issues/339">#339</a>).
Unfortunately, this seemed to corrupt the file object (possibly a
Windows kernel bug) in rare cases and isn't strictly speaking
necessary.</li>
</ul>
<h2>3.19.0</h2>
<ul>
<li>Remove direct dependency on <code>cfg-if</code>. It's still in the
tree, but we didn't really need to use it in this crate.</li>
<li>Add an unstable feature
(<code>unstable-windows-keep-open-tempfile</code>) to test a potential
fix to <a
href="https://redirect.github.com/Stebalien/tempfile/issues/339">#339</a>.</li>
</ul>
<h2>3.18.0</h2>
<ul>
<li>Update <code>rustix</code> to 1.0.0.</li>
<li>Make <code>NamedTempFile::persist_noclobber</code> atomic on Apple
operating systems. It's now atomic on MacOS, Windows, and Linux
(depending on the OS version and filesystem used).</li>
</ul>
<h2>3.17.1</h2>
<ul>
<li>Fix build with <code>windows-sys</code> 0.52. Unfortunately, we have
no CI for older <code>windows-sys</code> versions at the moment...</li>
</ul>
<h2>3.17.0</h2>
<ul>
<li>Make sure to use absolute paths in when creating unnamed temporary
files (avoids a small race in the "immediate unlink" logic)
and in <code>Builder::make_in</code> (when creating temporary files of
arbitrary types).</li>
<li>Prevent a theoretical crash that could (maybe) happen when a
temporary file is created from a drop function run in a TLS destructor.
Nobody has actually reported a case of this happening in practice and I
have been unable to create this scenario in a test.</li>
<li>When reseeding with <code>getrandom</code>, use platform (e.g., CPU)
specific randomness sources where possible.</li>
<li>Clarify some documentation.</li>
<li>Unlink unnamed temporary files on windows <em>immediately</em> when
possible instead of waiting for the handle to be closed. We open files
with "Unix" semantics, so this is generally possible.</li>
</ul>
<h2>3.16.0</h2>
<ul>
<li>Update <code>getrandom</code> to <code>0.3.0</code> (thanks to <a
href="https://github.com/paolobarbolini"><code>@paolobarbolini</code></a>).</li>
<li>Allow <code>windows-sys</code> versions <code>0.59.x</code> in
addition to <code>0.59.0</code> (thanks <a
href="https://github.com/ErichDonGubler"><code>@ErichDonGubler</code></a>).</li>
<li>Improved security documentation (thanks to <a
href="https://github.com/n0toose"><code>@n0toose</code></a> for
collaborating with me on this).</li>
</ul>
<h2>3.15.0</h2>
<p>Re-seed the per-thread RNG from system randomness when we repeatedly
fail to create temporary files (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/314">#314</a>).
This resolves a potential DoS vector (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/178">#178</a>)
while avoiding <code>getrandom</code> in the common case where it's
necessary. The feature is optional but enabled by default via the
<code>getrandom</code> feature.</p>
<p>For libc-free builds, you'll either need to disable this feature or
opt-in to a different <a
href="https://github.com/rust-random/getrandom?tab=readme-ov-file#opt-in-backends"><code>getrandom</code>
backend</a>.</p>
<h2>3.14.0</h2>
<ul>
<li>Make the wasip2 target work (requires tempfile's "nightly"
feature to be enabled). <a
href="https://redirect.github.com/Stebalien/tempfile/pull/305">#305</a>.</li>
<li>Allow older windows-sys versions <a
href="https://redirect.github.com/Stebalien/tempfile/pull/304">#304</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="95540ed3fc"><code>95540ed</code></a>
chore: release v3.19.1</li>
<li><a
href="b60aae49c1"><code>b60aae4</code></a>
fix(windows): don't automatically delete files on open (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/344">#344</a>)</li>
<li><a
href="167f544abe"><code>167f544</code></a>
ci(cargo-deny): remove windows-sys exception (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/343">#343</a>)</li>
<li><a
href="42fff6813d"><code>42fff68</code></a>
chore: release v3.19.0</li>
<li><a
href="61b4283c20"><code>61b4283</code></a>
feat(windows): add a feature to immediate tempfile deletion (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/340">#340</a>)</li>
<li><a
href="c2d16b3bc3"><code>c2d16b3</code></a>
ci: downgrade once-cell on old rustc versions (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/342">#342</a>)</li>
<li><a
href="35c204d7c2"><code>35c204d</code></a>
chore: remove cfg-if dependency (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/338">#338</a>)</li>
<li><a
href="b8bddaf0cf"><code>b8bddaf</code></a>
release 3.18.0</li>
<li><a
href="0e17869470"><code>0e17869</code></a>
update rustix (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/336">#336</a>)</li>
<li><a
href="6cf65365a4"><code>6cf6536</code></a>
doc: fix markdown</li>
<li>Additional commits viewable in <a
href="https://github.com/Stebalien/tempfile/compare/v3.13.0...v3.19.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
When calculating preferences for candidates, `str0m` currently always
prefer IPv6 over IPv4. This is as per the ICE spec. Howver, this can
lead to sub-optimal situations when a connection ends up using a TURN
server.
TURN allows a client to allocate an IPv4 and an IPv6 address in the same
allocation. This makes it possible for e.g. an IPv4-only client to
connect to an IPv6-only peer as long as the TURN server runs in
dual-stack AND the client requests an IPv6 address in addition to an
IPv4 address with the `ADDITIONAL-ADDRESS-FAMILY` attribute.
Assume that a client sits behind symmetric NAT and therefore needs to
rely on a TURN server to communicate with its peers. The TURN server as
well as all the peers operate in dual-stack mode.
The current priority calculation will yield a communication path that
uses IPv4 to talk to the TURN server (as that is the only one available)
but due to the preference ordering of IPv6 over IPv4, will use an IPv6
path to the peer, despite the peer also supporting IPv4.
This isn't a problem per-se but makes our life unnecessarily difficult.
Our TURN servers use eBPF to efficiently deal with TURN's channel-data
messages. This however is at present only implemented for the IPv4 <>
IPv4 and IPv6 <> IPv6 path. Implementing the other paths is possible but
complicates the eBPF code because we need to also translate IP headers
between versions and not just update the source and destination IPs.
We have since patched `str0m` to extend the `Candidate::relayed`
constructor to also take a `base` address which is - similar to the
other candidate types - the address the client is sending from in order
to use this candidate. In the context of relayed candidates, this is the
address the client is using to talk to the TURN server. We can use this
information in the candidate's priority calculation to prefer candidates
that allow traffic to remain within one IP version, i.e. if the client
talks to the TURN server over IPv4, the candidate with an allocated IPv4
address will have a higher priority than the one with the IPv6 address
because we are applying a "punishment" factor as part of the
local-preference component in the priority formula.
Staying within the same IP version whilst relaying traffic allows our
TURN servers to use their eBPF kernel which results in a better UX due
to lower latency and higher throughput.
The final candidate ordering is ultimately decided by the controlling
ICE agent which in our case is the Firezone Client. Thus, we don't
necessarily need to update Gateways in order to test / benefit from
this. Building a Client with this patch included should be enough to
benefit from this change.
Related: https://github.com/algesten/str0m/pull/640
Related: https://github.com/algesten/str0m/pull/644
Bumps the hilt group in /kotlin/android with 4 updates:
[com.google.dagger.hilt.android](https://github.com/google/dagger),
[com.google.dagger:hilt-android](https://github.com/google/dagger),
[com.google.dagger:hilt-android-compiler](https://github.com/google/dagger)
and
[com.google.dagger:hilt-android-testing](https://github.com/google/dagger).
Updates `com.google.dagger.hilt.android` from 2.56.1 to 2.56.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/dagger/releases">com.google.dagger.hilt.android's
releases</a>.</em></p>
<blockquote>
<h2>Dagger 2.56.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>[Dagger] Fixes <a
href="https://redirect.github.com/google/dagger/issues/4676">#4676</a>:
Fixes <code>IndexOutOfBoundException</code> when returning
<code>suspend</code> from <code>@Provides</code> method.
(5d59aedd1)</li>
<li>[Dagger] Fixes <a
href="https://redirect.github.com/google/dagger/issues/4658">#4658</a>:
Fixes <code>NoSuchMethodError</code> due to incorrect Guava runtime
(Dagger’s Guava version is now temporarily pinned to 33.0.0 to avoid the
issue). (9fc3df48e)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cb98d977e8"><code>cb98d97</code></a>
2.56.2 release</li>
<li><a
href="96e755c0ef"><code>96e755c</code></a>
[XPoet Migration]: Migrate ParameterSpec to XParameterSpec.</li>
<li><a
href="cccec89061"><code>cccec89</code></a>
[XPoet Migration]: Migrate FieldSpec to XPropertySpec.</li>
<li><a
href="5d59aedd1c"><code>5d59aed</code></a>
Disable ad-hoc support for type-use nullability on generated jave type
argume...</li>
<li><a
href="9fc3df48ee"><code>9fc3df4</code></a>
Pin Guava to version 33.0.0 specified in MODULE.bazel.</li>
<li><a
href="b3ba9b3924"><code>b3ba9b3</code></a>
Add maven install lock file.</li>
<li><a
href="7a92bc8b4a"><code>7a92bc8</code></a>
Internal changes</li>
<li><a
href="dc3a8b32ba"><code>dc3a8b3</code></a>
[XPoet Migration]: Migrate all MethodSpec to XFunSpec.</li>
<li><a
href="9d2fda15ab"><code>9d2fda1</code></a>
Automated Code Change</li>
<li><a
href="592ff20c73"><code>592ff20</code></a>
[XPoet Migration]: Migrate remaining TypeSpec to XTypeSpec.</li>
<li>Additional commits viewable in <a
href="https://github.com/google/dagger/compare/dagger-2.56.1...dagger-2.56.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `com.google.dagger:hilt-android` from 2.56.1 to 2.56.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/dagger/releases">com.google.dagger:hilt-android's
releases</a>.</em></p>
<blockquote>
<h2>Dagger 2.56.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>[Dagger] Fixes <a
href="https://redirect.github.com/google/dagger/issues/4676">#4676</a>:
Fixes <code>IndexOutOfBoundException</code> when returning
<code>suspend</code> from <code>@Provides</code> method.
(5d59aedd1)</li>
<li>[Dagger] Fixes <a
href="https://redirect.github.com/google/dagger/issues/4658">#4658</a>:
Fixes <code>NoSuchMethodError</code> due to incorrect Guava runtime
(Dagger’s Guava version is now temporarily pinned to 33.0.0 to avoid the
issue). (9fc3df48e)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cb98d977e8"><code>cb98d97</code></a>
2.56.2 release</li>
<li><a
href="96e755c0ef"><code>96e755c</code></a>
[XPoet Migration]: Migrate ParameterSpec to XParameterSpec.</li>
<li><a
href="cccec89061"><code>cccec89</code></a>
[XPoet Migration]: Migrate FieldSpec to XPropertySpec.</li>
<li><a
href="5d59aedd1c"><code>5d59aed</code></a>
Disable ad-hoc support for type-use nullability on generated jave type
argume...</li>
<li><a
href="9fc3df48ee"><code>9fc3df4</code></a>
Pin Guava to version 33.0.0 specified in MODULE.bazel.</li>
<li><a
href="b3ba9b3924"><code>b3ba9b3</code></a>
Add maven install lock file.</li>
<li><a
href="7a92bc8b4a"><code>7a92bc8</code></a>
Internal changes</li>
<li><a
href="dc3a8b32ba"><code>dc3a8b3</code></a>
[XPoet Migration]: Migrate all MethodSpec to XFunSpec.</li>
<li><a
href="9d2fda15ab"><code>9d2fda1</code></a>
Automated Code Change</li>
<li><a
href="592ff20c73"><code>592ff20</code></a>
[XPoet Migration]: Migrate remaining TypeSpec to XTypeSpec.</li>
<li>Additional commits viewable in <a
href="https://github.com/google/dagger/compare/dagger-2.56.1...dagger-2.56.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `com.google.dagger:hilt-android-compiler` from 2.56.1 to 2.56.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/dagger/releases">com.google.dagger:hilt-android-compiler's
releases</a>.</em></p>
<blockquote>
<h2>Dagger 2.56.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>[Dagger] Fixes <a
href="https://redirect.github.com/google/dagger/issues/4676">#4676</a>:
Fixes <code>IndexOutOfBoundException</code> when returning
<code>suspend</code> from <code>@Provides</code> method.
(5d59aedd1)</li>
<li>[Dagger] Fixes <a
href="https://redirect.github.com/google/dagger/issues/4658">#4658</a>:
Fixes <code>NoSuchMethodError</code> due to incorrect Guava runtime
(Dagger’s Guava version is now temporarily pinned to 33.0.0 to avoid the
issue). (9fc3df48e)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cb98d977e8"><code>cb98d97</code></a>
2.56.2 release</li>
<li><a
href="96e755c0ef"><code>96e755c</code></a>
[XPoet Migration]: Migrate ParameterSpec to XParameterSpec.</li>
<li><a
href="cccec89061"><code>cccec89</code></a>
[XPoet Migration]: Migrate FieldSpec to XPropertySpec.</li>
<li><a
href="5d59aedd1c"><code>5d59aed</code></a>
Disable ad-hoc support for type-use nullability on generated jave type
argume...</li>
<li><a
href="9fc3df48ee"><code>9fc3df4</code></a>
Pin Guava to version 33.0.0 specified in MODULE.bazel.</li>
<li><a
href="b3ba9b3924"><code>b3ba9b3</code></a>
Add maven install lock file.</li>
<li><a
href="7a92bc8b4a"><code>7a92bc8</code></a>
Internal changes</li>
<li><a
href="dc3a8b32ba"><code>dc3a8b3</code></a>
[XPoet Migration]: Migrate all MethodSpec to XFunSpec.</li>
<li><a
href="9d2fda15ab"><code>9d2fda1</code></a>
Automated Code Change</li>
<li><a
href="592ff20c73"><code>592ff20</code></a>
[XPoet Migration]: Migrate remaining TypeSpec to XTypeSpec.</li>
<li>Additional commits viewable in <a
href="https://github.com/google/dagger/compare/dagger-2.56.1...dagger-2.56.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `com.google.dagger:hilt-android-testing` from 2.56.1 to 2.56.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/dagger/releases">com.google.dagger:hilt-android-testing's
releases</a>.</em></p>
<blockquote>
<h2>Dagger 2.56.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>[Dagger] Fixes <a
href="https://redirect.github.com/google/dagger/issues/4676">#4676</a>:
Fixes <code>IndexOutOfBoundException</code> when returning
<code>suspend</code> from <code>@Provides</code> method.
(5d59aedd1)</li>
<li>[Dagger] Fixes <a
href="https://redirect.github.com/google/dagger/issues/4658">#4658</a>:
Fixes <code>NoSuchMethodError</code> due to incorrect Guava runtime
(Dagger’s Guava version is now temporarily pinned to 33.0.0 to avoid the
issue). (9fc3df48e)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cb98d977e8"><code>cb98d97</code></a>
2.56.2 release</li>
<li><a
href="96e755c0ef"><code>96e755c</code></a>
[XPoet Migration]: Migrate ParameterSpec to XParameterSpec.</li>
<li><a
href="cccec89061"><code>cccec89</code></a>
[XPoet Migration]: Migrate FieldSpec to XPropertySpec.</li>
<li><a
href="5d59aedd1c"><code>5d59aed</code></a>
Disable ad-hoc support for type-use nullability on generated jave type
argume...</li>
<li><a
href="9fc3df48ee"><code>9fc3df4</code></a>
Pin Guava to version 33.0.0 specified in MODULE.bazel.</li>
<li><a
href="b3ba9b3924"><code>b3ba9b3</code></a>
Add maven install lock file.</li>
<li><a
href="7a92bc8b4a"><code>7a92bc8</code></a>
Internal changes</li>
<li><a
href="dc3a8b32ba"><code>dc3a8b3</code></a>
[XPoet Migration]: Migrate all MethodSpec to XFunSpec.</li>
<li><a
href="9d2fda15ab"><code>9d2fda1</code></a>
Automated Code Change</li>
<li><a
href="592ff20c73"><code>592ff20</code></a>
[XPoet Migration]: Migrate remaining TypeSpec to XTypeSpec.</li>
<li>Additional commits viewable in <a
href="https://github.com/google/dagger/compare/dagger-2.56.1...dagger-2.56.2">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the androidx group in /kotlin/android with 1 update:
androidx.core:core-ktx.
Updates `androidx.core:core-ktx` from 1.15.0 to 1.16.0
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from
2.12.1 to 2.13.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/gson/releases">com.google.code.gson:gson's
releases</a>.</em></p>
<blockquote>
<h2>Gson 2.13.0</h2>
<h2>What's Changed</h2>
<ul>
<li>
<p>A bug in deserializing collections has been fixed. Previously, if you
did something like this:</p>
<pre><code>gson.fromJson(jsonString, new
TypeToken<ImmutableList<String>>() {})
</code></pre>
<p>then the inferred type would be
<code>ImmutableList<String></code>, but Gson actually gave you an
<code>ArrayList<String></code>. Usually that would lead to an
immediate <code>ClassCastException</code>, but in some circumstances the
code might sometimes succeed despite the wrong type. Now you will see an
exception like this:</p>
<pre><code>com.google.gson.JsonIOException: Abstract classes can't be
instantiated!
Adjust the R8 configuration or register an InstanceCreator or a
TypeAdapter for this type.
Class name: com.google.common.collect.ImmutableList
</code></pre>
<p>because Gson now really is trying to create an
<code>ImmutableList</code> through its constructor, but that isn't
possible.
Either change the requested type (in the <code>TypeToken</code>) to
<code>List<String></code>, or register a <code>TypeAdapter</code>
or <code>JsonDeserializer</code> for <code>ImmutableList</code>.</p>
</li>
<li>
<p>The internal classes <code>$Gson$Types</code> and
<code>$Gson$Preconditions</code> have been renamed to remove the
<code>$</code> characters. Since these are internal classes (as signaled
not only by the package name but by the <code>$</code> characters),
client code should not be affected. If your code <em>was</em> depending
on these classes then we suggest making a copy of the class (subject to
the <a href="https://www.apache.org/licenses/LICENSE-2.0">license</a>)
rather than depending on the new names.</p>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google/gson/compare/gson-parent-2.12.1...gson-parent-2.13.0">https://github.com/google/gson/compare/gson-parent-2.12.1...gson-parent-2.13.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bfe0fd58e3"><code>bfe0fd5</code></a>
[maven-release-plugin] prepare release gson-parent-2.13.0</li>
<li><a
href="6ed64ca3a8"><code>6ed64ca</code></a>
add multi-catch support to the code base (<a
href="https://redirect.github.com/google/gson/issues/2841">#2841</a>)</li>
<li><a
href="0074376f7e"><code>0074376</code></a>
Bump the maven group with 3 updates (<a
href="https://redirect.github.com/google/gson/issues/2840">#2840</a>)</li>
<li><a
href="45e5e141b1"><code>45e5e14</code></a>
Rename <code>$Gson$Preconditions</code> and <code>$Gson$Types</code>.
(<a
href="https://redirect.github.com/google/gson/issues/2838">#2838</a>)</li>
<li><a
href="c6d44259b5"><code>c6d4425</code></a>
Remove obsolete comment in pom.xml (<a
href="https://redirect.github.com/google/gson/issues/2835">#2835</a>)</li>
<li><a
href="9afd6f8e6c"><code>9afd6f8</code></a>
Bump the maven group with 10 updates (<a
href="https://redirect.github.com/google/gson/issues/2831">#2831</a>)</li>
<li><a
href="ad5371eaa4"><code>ad5371e</code></a>
Fix findings that are new with the latest Error Prone. (<a
href="https://redirect.github.com/google/gson/issues/2834">#2834</a>)</li>
<li><a
href="de190d7ef5"><code>de190d7</code></a>
Restructure code to avoid assignment expression warning. (<a
href="https://redirect.github.com/google/gson/issues/2833">#2833</a>)</li>
<li><a
href="3d6684741e"><code>3d66847</code></a>
Bump the github-actions group with 3 updates (<a
href="https://redirect.github.com/google/gson/issues/2832">#2832</a>)</li>
<li><a
href="2549ba93fc"><code>2549ba9</code></a>
Fix ConstructorConstructor creating mismatching Collection and Map
instances ...</li>
<li>Additional commits viewable in <a
href="https://github.com/google/gson/compare/gson-parent-2.12.1...gson-parent-2.13.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 22.13.9 to 22.14.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.135 to
1.0.140.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/json/releases">serde_json's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.140</h2>
<ul>
<li>Documentation improvements</li>
</ul>
<h2>v1.0.139</h2>
<ul>
<li>Documentation improvements</li>
</ul>
<h2>v1.0.138</h2>
<ul>
<li>Documentation improvements</li>
</ul>
<h2>v1.0.137</h2>
<ul>
<li>Turn on "float_roundtrip" and "unbounded_depth"
features for serde_json in play.rust-lang.org (<a
href="https://redirect.github.com/serde-rs/json/issues/1231">#1231</a>)</li>
</ul>
<h2>v1.0.136</h2>
<ul>
<li>Optimize serde_json::value::Serializer::serialize_map by using
Map::with_capacity (<a
href="https://redirect.github.com/serde-rs/json/issues/1230">#1230</a>,
thanks <a
href="https://github.com/goffrie"><code>@goffrie</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="762783414e"><code>7627834</code></a>
Release 1.0.140</li>
<li><a
href="d77a498c80"><code>d77a498</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1245">#1245</a>
from serde-rs/powerpc</li>
<li><a
href="b34d317089"><code>b34d317</code></a>
Delete unused gcc installation</li>
<li><a
href="f7200c3cf6"><code>f7200c3</code></a>
Ignore unbuffered_bytes clippy lint</li>
<li><a
href="76cd4fb383"><code>76cd4fb</code></a>
Ignore elidable_lifetime_names pedantic clippy lint</li>
<li><a
href="400eaa977f"><code>400eaa9</code></a>
Point standard library links to stable</li>
<li><a
href="4d4f53c3b7"><code>4d4f53c</code></a>
Release 1.0.139</li>
<li><a
href="5d6b32f378"><code>5d6b32f</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1242">#1242</a>
from dtolnay/writefloat</li>
<li><a
href="e5bb8bd38f"><code>e5bb8bd</code></a>
Document behavior of write_f32/f64 on non-finite floats</li>
<li><a
href="7a797810d2"><code>7a79781</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1241">#1241</a>
from dtolnay/doclink</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/json/compare/v1.0.135...v1.0.140">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
