mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
112be91cae3bdffbe2204f6b6d51642ba6a4ddbd
5467 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Reactor Scram
|
112be91cae |
fix(rust/gui-client): if we can't raise the tunnel, sign out (#6548)
Refs #6547 Given a valid token is on disk, when the Client tries to auto-sign-in to Firezone and something breaks during sign-in, then... **Old behavior:** ...then the GUI silently implodes and we can't export logs. When you restart the GUI, it reloads the token and immediately implodes again. **New behavior:** ...then the GUI doesn't silently implode, it silently signs out. Which is still weird, but exporting logs will work. This addresses an issue where a customer couldn't export logs while helping us debug #6547. |
||
|
Thomas Eizinger
|
e3688a475e |
refactor(connlib): only buffer 1 unsent packet if socket is busy (#6563)
Currently, we buffer UDP packets whenever the socket is busy and try to flush them out at a later point. This requires allocations and is tricky to get right. In order to solve both of these problems, we refactor `snownet` to return us an `EncryptedPacket` instead of a `Transmit`. An `EncryptedPacket` is an indirection-abstraction that can be turned into a `Transmit` given an `EncryptBuffer`. This combination of types allows us to hold on to the `EncryptedPacket` (which does not contain any references itself) in the `io` component whilst we are waiting for the socket to be ready to send again. This means we will immediately suspend the event loop in case the socket is no longer ready for sending and resend the datagram in the `EncryptBuffer` once we get re-polled. |
||
|
Jamil
|
6ec585336b | fix(website): Fix title space (#6589) | ||
|
Jamil
|
c581439ee2 |
fix(portal): Use app-ipv6.firezone.dev for IPv6 app to prevent websocket / http from using different stacks (#6522)
Based on testing and research it does not appear that Chrome will reliably choose a consistent protocol stack for loading the initial web page as it does for connecting the WebSocket when connecting over VPN tunnels. If one or the other stacks experiences a slight delay or packet loss causing retransmission, or QUIC simply doesn't play nicely with the MTU (in our case 1280), it may fall back to IPv4 (which has less per-packet overhead) or even a TCP connection. Unfortunately this violates an assumption we have in token validation logic. Namely, that the remote_ip used to create the token (via sign in) is the same one used to the connect the WebSocket. I can see where this logic comes from in a security context, but thinking through the attack vector(s) that would be able to leverage this violation has me left wondering if this check is worth the breakage we currently face in #6511. - Scenario 1: MITM - attacker steals token somehow via MITM (would need to somehow break TLS) - the attacker is already in our network path and can rewrite the remote_ip already with his/her own. - Scenario 2: Malicious browser plugin stealing session token. It will be harder to spoof the remote IP in this case, but if this is a possibility, the plugin could presumably directly control the tab where the user is logged in. - Scenario 3: IdP is compromised leading to malicious redirect before arriving to Firezone - if this is the case, the user could likely login in directly and create his/her own valid session token anyhow. Perhaps I'm missing other scenarios, open to feedback. If we want to ensure the token used by the websocket originated from the same browser as it was minted from, perhaps we could generate a small random key, save it in local storage, and send that in a header when connecting the WebSocket. I think cookies handle that for us already though. Fixes #6511 |
||
|
Andrew Dryga
|
4e08e69c84 | fix(portal): Reset the rate limit when user signed in (#6582) | ||
|
Patti
|
4e24806924 |
fix(website): Change subscription plan text colour to neutral (#6588)
Signed-off-by: Patti <139997703+Patticatti@users.noreply.github.com> |
||
|
Patti
|
cc442bfebf |
fix(website): New subscription cards style (#6549)
Signed-off-by: Patti <139997703+Patticatti@users.noreply.github.com> |
||
|
dependabot[bot]
|
29d46bcb87 |
build(deps-dev): Bump @types/node from 22.0.2 to 22.5.2 in /rust/gui-client (#6553)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.0.2 to 22.5.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Reactor Scram
|
32bf1898d1 |
chore(rust/gui-client): remove unused version of tauri-winrt-notification (#6586)
We use a newer version directly, we don't need the one Tauri wraps. Refs #6247 |
||
|
Jamil
|
7178878184 |
fix(website): Remove logo (#6585)
Requested. Co-authored-by: Patti <139997703+Patticatti@users.noreply.github.com> |
||
|
dependabot[bot]
|
a646d88537 |
build(deps): Bump framer-motion from 11.3.28 to 11.3.31 in /website (#6533)
Bumps [framer-motion](https://github.com/framer/motion) from 11.3.28 to 11.3.31. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/framer/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[11.3.31] 2024-08-29</h2> <h3>Fixed</h3> <ul> <li>Detects conflicts between optimised animations and rendered <code>style</code>.</li> <li>Resumes optimised animations where possible once layout measurements are complete.</li> </ul> <h2>[11.3.30] 2024-08-23</h2> <h3>Fixed</h3> <ul> <li>Removed double <code>"change"</code> handler on externally-provided <code>MotionValue</code>s.</li> </ul> <h2>[11.3.29] 2024-08-21</h2> <h3>Fixed</h3> <ul> <li>Selective cancellation of optimised appear animations.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c01be3cbde |
build(deps): Bump com.google.firebase:firebase-bom from 33.1.2 to 33.2.0 in /kotlin/android (#6531)
Bumps com.google.firebase:firebase-bom from 33.1.2 to 33.2.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Patti
|
5101756df6 | fix(website): Fix overflowing logos animation (#6570) | ||
|
Andrew Dryga
|
931b81e4be | chore(portal): Add session data to fields truncated by logger (#6572) | ||
|
Thomas Eizinger
|
0e84ef8fee |
test(connlib): track pending connections to gateways (#6497)
Instead of tracking pending connections to resources, we need to model pending connections to gateways. The offending test seed has a CIDR resource that is a DNS server and the Internet resources, both routed via the same gateway. When sending concurrent DNS queries to those resources, we need to track which _gateways_ we are connecting to as a result to figure out which queries get lost. In particular, only the _first_ resource to trigger a connection to a gateway will be authorized. Subsequent queries will be completely lost and require another packet to authorize the connection. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Not Applicable <ReactorScram@users.noreply.github.com> |
||
|
Andrew Dryga
|
812dc9190c |
fix(portal): Reduce the timeouts for rate limited emails (#6573)
Fixes #6108 |
||
|
Reactor Scram
|
afb405ce9f |
chore(rust/gui-client): log connlib connection errors (#6574)
Old behavior: Connection errors are sent to the GUI but the IPC service forgets about them. New behavior: Clone the error and log it on both sides. Found while debugging a customer issue. This would have made the logs easier to read. |
||
|
Reactor Scram
|
09f4b6e790 |
chore(rust/gui-client): log the IPC message variant if the service can't handle it (#6571)
This would have helped while debugging a customer issue --------- Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com> Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Patti
|
98847557f4 | fix(website): Fix spelling errors and tweak blob responsiveness (#6559) | ||
|
Reactor Scram
|
bfccc1b836 |
chore(rust/gui-client): log OS name when the GUI client starts (#6569)
Closes #6568 This way when I'm looking at customer logs, I don't have to remember the whole issue to know if they're Linux or Windows. |
||
|
Thomas Eizinger
|
8bc43eb90f |
chore(connlib): fix field name for match_resource_linear span (#6523)
The span of this method didn't end up logging and fields because it got renamed without the span also being adjusted. |
||
|
Thomas Eizinger
|
de90596d79 |
ci: remove test data upload (#6567)
This upload never worked because we generate too many test files. Now that the tests are deterministic, we shouldn't need that. |
||
|
Reactor Scram
|
d7810ef9c0 |
chore(rust/gui-client/windows): update windows to 0.58 (#6565)
Updates `windows` crates to 0.58 without the bug in #6551. Supersedes #6556. The bug was calling `try_send()?` on an MPSC channel of capacity 1, which would bail out of the worker thread if we got 2 DNS change notifications faster than the controller task / thread could process the first one. |
||
|
Patti
|
ad329c196b | feat(website): Animate elevator pitch points (#6562) | ||
|
Patti
|
25b8eedb67 |
fix(website): Removed carousel from customer testimonials (#6499)
Signed-off-by: Patti <139997703+Patticatti@users.noreply.github.com> Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
dependabot[bot]
|
db6f712d63 |
build(deps): Bump gradle/actions from 3 to 4 (#6527)
Bumps [gradle/actions](https://github.com/gradle/actions) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p>Final release of <code>v4.0.0</code> of the <code>setup-gradle</code>, <code>dependency-submission</code> and <code>wrapper-validation</code> actions provided under <code>gradle/actions</code>. This release is available under the <code>v4</code> tag.</p> <h2>Major changes from the <code>v3</code> release</h2> <h3>The <code>arguments</code> parameter has been removed</h3> <p>Using the action to execute Gradle via the <code>arguments </code>parameter was deprecated in <code>v3</code> and this parameter has been removed. <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/deprecation-upgrade-guide.md#using-the-action-to-execute-gradle-via-the-arguments-parameter-is-deprecated">See here for more details</a>.</p> <h3>Cache cleanup enabled by default</h3> <p>After a number of fixes and improvements, this release enables <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/setup-gradle.md#configuring-cache-cleanup">cache-cleanup</a> by default for all Jobs using the <code>setup-gradle</code> and <code>dependency-submission</code> actions.</p> <p>Improvements and bugfixes related cache cleanup:</p> <ul> <li>By default, cache cleanup is not run if any Gradle build fails (<a href="https://redirect.github.com/gradle/actions/issues/71">#71</a>)</li> <li>Cache cleanup is not run after configuration-cache reuse (<a href="https://redirect.github.com/gradle/actions/issues/19">#19</a>)</li> </ul> <p>This feature should help to minimize the size of entries written to the GitHub Actions cache, speeding up builds and reducing cache usage.</p> <h3>Wrapper validation enabled by default</h3> <p>In <code>v3</code>, the <code>setup-gradle</code> action was enhanced to support Gradle wrapper validation, removing the need to use a separate workflow file with the <code>gradle/actions/wrapper-validation</code> action.</p> <p>With this release, wrapper validation has been significantly improved, and is now enabled by default (<a href="https://redirect.github.com/gradle/actions/issues/12">#12</a>):</p> <ul> <li>The <code>allow-snapshot-wrappers</code> makes it possible to validate snapshot wrapper jars using <code>setup-gradle</code>.</li> <li>Checksums for <a href="https://services.gradle.org/distributions-snapshots/">nightly and snapshot Gradle versions</a> are now validated (<a href="https://redirect.github.com/gradle/actions/issues/281">#281</a>).</li> <li>Valid wrapper checksums are cached in Gradle User Home, reducing the need to retrieve checksum values remotely (<a href="https://redirect.github.com/gradle/actions/issues/172">#172</a>).</li> <li>Reduce network calls in <code>wrapper-validation</code> for new Gradle versions: By only fetching wrapper checksums for Gradle versions that were not known when this action was released, this release reduces the likelihood that a network failure could cause failure in wrapper validation (<a href="https://redirect.github.com/gradle/actions/issues/171">#171</a>)</li> <li>Improved error message when <code>wrapper-validation</code> finds no wrapper jars (<a href="https://redirect.github.com/gradle/actions/issues/284">#284</a>)</li> </ul> <p>Wrapper validation is important for supply-chain integrity. Enabling this feature by default will increase the coverage of wrapper validation on projects using GitHub Actions.</p> <h3>New input parameters for Dependency Graph generation</h3> <p>Some dependency-graph inputs that could previously only be configured via environment variables now have dedicated action inputs:</p> <ul> <li><code>dependency-graph-report-dir</code>: sets the location where dependency-graph reports will be generated</li> <li><code>dependency-graph-exclude-projects</code> and <code>dependency-graph-include-projects</code>: <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/dependency-submission.md#selecting-gradle-projects-that-will-contribute-to-the-dependency-graph">select which Gradle projects will contribute to the generated dependency graph</a>.</li> <li><code>dependency-graph-exclude-configurations</code> and <code>dependency-graph-include-configurations</code>: <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/dependency-submission.md#selecting-gradle-configurations-that-will-contribute-to-the-dependency-graph">select which Gradle configurations will contribute to the generated dependency graph</a>.</li> </ul> <h3>Other improvements</h3> <ul> <li>In Job summary, the action now provides an explanation when cache is set to <code>read-only</code> or <code>disabled</code> (<a href="https://redirect.github.com/gradle/actions/issues/255">#255</a>)</li> <li>When <code>setup-gradle</code> requests a specific Gradle version, the action will no longer download and install that version if it is already available on the <code>PATH</code> of the runner (<a href="https://redirect.github.com/gradle/actions/issues/270">#270</a>)</li> <li>To attempt to speed up builds, the <code>setup-gradle</code> and <code>dependency-submission</code> actions now attempt to use the <code>D:</code> drive for Gradle User Home if it is available (<a href="https://redirect.github.com/gradle/actions/issues/290">#290</a>)</li> </ul> <h2>Deprecations and breaking changes</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
275a5cab87 |
build(deps): Bump the hilt group in /kotlin/android with 4 updates (#6529)
Bumps the hilt group in /kotlin/android with 4 updates: [com.google.dagger.hilt.android](https://github.com/google/dagger), [com.google.dagger:hilt-android](https://github.com/google/dagger), [com.google.dagger:hilt-android-compiler](https://github.com/google/dagger) and [com.google.dagger:hilt-android-testing](https://github.com/google/dagger). Updates `com.google.dagger.hilt.android` from 2.51.1 to 2.52 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/dagger/releases">com.google.dagger.hilt.android's releases</a>.</em></p> <blockquote> <p>Dagger 2.52</p> <p>Notes: Dagger KSP now requires at least KSP 1.9.24-1.0.20.</p> <h1>Bug fixes</h1> <ul> <li>Fixed <a href="https://redirect.github.com/google/dagger/issues/4302">#4302</a>: Suppress deprecation warnings in generated code. (f41033cc4)</li> <li>Fixed <a href="https://redirect.github.com/google/dagger/issues/4323">#4323</a>: Added rules to stop LazyClassKey referenced classes being merged with R8 (81512af9e).</li> <li>Fixed <a href="https://redirect.github.com/google/dagger/issues/4345">#4345</a>: Fixes intersection type bounds order in generated factories when using KSP (<a href="https://android-review.googlesource.com/c/platform/frameworks/support/+/3164197">aosp/3164197</a>).</li> <li>Fixed <a href="https://redirect.github.com/google/dagger/issues/4352">#4352</a>: Fixes an issue where the parameter name "instance" could conflict with fields of the same name in the component. (952c2504a)</li> <li>Merged pull request <a href="https://redirect.github.com/google/dagger/pull/4305">#4305</a>: Skip view injection when in edit mode for previews. (65b74f832)</li> <li>Fixed an issue where base classes with a package private constructor would cause the generated code to fail (db25237df)</li> <li>Add a jakarta.inject.Provider runtime dependency in preparation for supporting Jakarta Providers (a8581e0a6)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bf3221fd0f |
build(deps): Bump @next/third-parties from 14.2.5 to 14.2.7 in /website (#6532)
Bumps [@next/third-parties](https://github.com/vercel/next.js/tree/HEAD/packages/third-parties) from 14.2.5 to 14.2.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases"><code>@next/third-parties</code>'s releases</a>.</em></p> <blockquote> <h2>v14.2.7</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Revert "chore: externalize undici for bundling" (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/65727">#65727</a>)</li> <li>Refactor internal routing headers to use request meta (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66987">#66987</a>)</li> <li>fix(next): add cross origin in react dom preload (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67423">#67423</a>)</li> <li>build: upgrade edge-runtime (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67565">#67565</a>)</li> <li>GTM dataLayer parameter should take an object, not an array of strings (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66339">#66339</a>)</li> <li>fix: properly patch lockfile against swc bindings (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66515">#66515</a>)</li> <li>Add deployment id header for rsc payload if present (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67255">#67255</a>)</li> <li>Update font data (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/68639">#68639</a>)</li> <li>fix i18n data pathname resolving (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/68947">#68947</a>)</li> <li>pages router: ensure x-middleware-cache is respected (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67734">#67734</a>)</li> <li>Fix bad modRequest in flight entry manifest <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/68888">#68888</a></li> <li>Reject next image urls in image optimizer <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/68628">#68628</a></li> <li>Fix hmr assetPrefix escaping and reuse logic from other files <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67983">#67983</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/kjugi"><code>@kjugi</code></a>, <a href="https://github.com/huozhi"><code>@huozhi</code></a>, <a href="https://github.com/ztanner"><code>@ztanner</code></a>, <a href="https://github.com/SukkaW"><code>@SukkaW</code></a>, <a href="https://github.com/marlier"><code>@marlier</code></a>, <a href="https://github.com/Kikobeats"><code>@Kikobeats</code></a>, <a href="https://github.com/syi0808"><code>@syi0808</code></a>, <a href="https://github.com/ijjk"><code>@ijjk</code></a>, and <a href="https://github.com/samcx"><code>@samcx</code></a> for helping!</p> <h2>v14.2.6</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Ensure fetch cache TTL is updated properly (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/69164">#69164</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Patti
|
e7f5b3cd00 |
fix(website): Adjust pricing table appearance (#6557)
- Adjusted colour and offset of underlines to not be distracting - Made feature column a bit wider to allow easier comparison of columns - Bolded text of comparison columns |
||
|
Reactor Scram
|
1505b699e5 |
fix(client/windows): Revert "chore(rust/gui-client/windows): update windows to 0.58 (#6506)" (#6555)
This reverts commit
|
||
|
dependabot[bot]
|
053f440f87 |
build(deps): Bump @tauri-apps/cli from 1.6.0 to 1.6.1 in /rust/gui-client (#6534)
Bumps [@tauri-apps/cli](https://github.com/tauri-apps/tauri) from 1.6.0 to 1.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases"><code>@tauri-apps/cli</code>'s releases</a>.</em></p> <blockquote> <h2><code>@tauri-apps/cli</code> v1.6.1</h2> <h2>[1.6.1]</h2> <h3>New Features</h3> <ul> <li><a href=" |
||
|
dependabot[bot]
|
986487f296 |
build(deps): Bump keyring from 3.2.0 to 3.2.1 in /rust (#6542)
Bumps [keyring](https://github.com/hwchen/keyring-rs) from 3.2.0 to 3.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hwchen/keyring-rs/releases">keyring's releases</a>.</em></p> <blockquote> <h2>v3.2.1: Re-enable access to v1 credentials</h2> <p>The v3.2.0 release, which fixed <a href="https://redirect.github.com/hwchen/keyring-rs/issues/204">#204</a>, had an unfortunate side effect: it broke compatibility with credentials that were originally written by a v1.x release (see <a href="https://redirect.github.com/hwchen/keyring-rs/issues/207">#207</a>). This bug-fix release restores that compatibility.</p> <p>With this change, the CLI changes in v3.2.0 have been reverted, because they are no longer necessary.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6241cc31fa |
build(deps): Bump tempfile from 3.10.1 to 3.12.0 in /rust (#6543)
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.10.1 to 3.12.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's changelog</a>.</em></p> <blockquote> <h2>3.12.0</h2> <ul> <li>Add a <code>keep(keep: bool)</code> function to builder that suppresses delete-on-drop behavior (thanks to <a href="https://github.com/RalfJung"><code>@RalfJung</code></a>).</li> <li>Update <code>windows-sys</code> from 0.52 to 0.59.</li> </ul> <h2>3.11.0</h2> <ul> <li>Add the ability to override the default temporary directory. This API shouldn't be used in general, but there are some cases where it's unavoidable.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Stebalien/tempfile/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
c2f53d0e21 |
build(deps): Bump async-trait from 0.1.80 to 0.1.82 in /rust (#6544)
Bumps [async-trait](https://github.com/dtolnay/async-trait) from 0.1.80 to 0.1.82. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/async-trait/releases">async-trait's releases</a>.</em></p> <blockquote> <h2>0.1.82</h2> <ul> <li>Prevent elided_named_lifetimes lint being produced in generated code (<a href="https://redirect.github.com/dtolnay/async-trait/issues/276">#276</a>)</li> </ul> <h2>0.1.81</h2> <ul> <li>Turn off unneeded features of <code>syn</code> dependency (<a href="https://redirect.github.com/dtolnay/async-trait/issues/272">#272</a>, thanks <a href="https://github.com/klensy"><code>@klensy</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Reactor Scram
|
2da6d9bc02 |
refactor(rust/gui-client): control our dependency list in Debian (#6516)
If we get rid of Tauri we'll have to remove `webkit2gtk` and add `libxdotool3` as dependencies. For now this does nothing, since we're still using Tauri. We want to get rid of Tauri because Tauri 1 only works on Ubuntu 22.04 and older, and Tauri 2 only works on 24.04 and newer, and we assume supporting both Tauri 1 and Tauri 2 side-by-side and bundling them with a shim is too much work. However, Tauri's bundler is convenient, especially for Windows MSIs, so we want to keep that around a little bit longer. To use Tauri's bundler on Debian without listing WebKit as a dependency and compiling Tauri itself, we need to hack around it and tell the deb file not to depend on WebKit. |
||
|
Reactor Scram
|
d8f25f9bf8 |
chore(rust/gui-client/windows): update windows to 0.58 (#6506)
Supersedes #5913 This required a big refactor because `HANDLE` is no longer `Send` and was never supposed to be. So we add a worker thread for listening to DNS changes, since that requires us to hold a `HANDLE` across `await` points and I couldn't find any simpler way to do it. I could add integration tests for this in a future PR that prove the notifiers work by poking the registry or setting DNS servers and seeing if we pick up the changes on time. But setting DNS servers without the tunnel up may be tricky, so I left it out of scope for this PR. ```[tasklist] - [x] Fix force-kill bug ``` |
||
|
dependabot[bot]
|
c7620055a9 |
build(deps): Bump mixpanel-browser and @types/mixpanel-browser in /website (#6536)
Bumps [mixpanel-browser](https://github.com/mixpanel/mixpanel-js) and [@types/mixpanel-browser](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/mixpanel-browser). These dependencies needed to be updated together. Updates `mixpanel-browser` from 2.55.0 to 2.55.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mixpanel/mixpanel-js/releases">mixpanel-browser's releases</a>.</em></p> <blockquote> <h2>Misc fixes and updates</h2> <ul> <li>Adds a minimum recording length option for session recording. For example, <code>{record_min_ms: 4000}</code> won't send any recordings that are less than 4 seconds long. The maximum value allowed is 8000.</li> <li>Added a fix for session recordings being sent with an empty start time.</li> <li>Fixes and improvements for request batcher to support offline queueing and retry.</li> <li>Fix for query param parsing/escaping (<a href="https://redirect.github.com/mixpanel/mixpanel-js/issues/443">mixpanel/mixpanel-js#443</a>).</li> <li>Support for more UTM tags / click IDs (<a href="https://redirect.github.com/mixpanel/mixpanel-js/pull/442">mixpanel/mixpanel-js#442</a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mixpanel/mixpanel-js/blob/master/CHANGELOG.md">mixpanel-browser's changelog</a>.</em></p> <blockquote> <p><strong>2.55.1</strong> (27 Aug 2024)</p> <ul> <li>Adds a minimum recording length option for session recording</li> <li>Fixes and improvements for session recording batcher to support offline queueing and retry</li> <li>Fix for query param parsing/escaping</li> <li>Support for more UTM tags / click IDs (thanks <a href="https://github.com/aliyalcinkaya"><code>@aliyalcinkaya</code></a>)</li> </ul> <p><strong>2.55.0</strong> (2 Aug 2024)</p> <ul> <li>Added new build to support native JavaScript modules</li> </ul> <p><strong>2.54.1</strong> (30 Jul 2024)</p> <ul> <li>Fixes and improvements for user-idleness detection in session recording</li> </ul> <p><strong>2.54.0</strong> (23 Jul 2024)</p> <ul> <li>Provides optional builds without session recording module and without asynchronous script loading.</li> <li>Integrates request batcher with session recording module for increased reliability.</li> <li>Improved user inactivity heuristic for session recording timeout.</li> <li>Adds config options to inline images and collect fonts during session recording.</li> </ul> <p><strong>2.53.0</strong> (21 Jun 2024)</p> <ul> <li>Switch to new session-recording network payload format, utilizing client-side compression when available</li> <li>Session-recording methods are now available through Google Tag Manager wrapper</li> </ul> <p><strong>2.52.0</strong> (7 Jun 2024)</p> <ul> <li>Reverted UTM param persistence change from 2.51.0: UTM parameters are again persisted by default</li> </ul> <p><strong>2.51.0</strong> (30 May 2024)</p> <ul> <li>UTM parameter properties are no longer persisted by default</li> <li>Existing superproperties persisted in localStorage are now copied back to cookie storage if the library is initialized with cookie persistence (support migrations from localStorage->cookie)</li> <li>Added session-recording options <code>record_block_class</code>, <code>record_block_selector</code>, and <code>record_mask_text_class</code></li> <li>Added method <code>mixpanel.get_session_recording_properties()</code> for interop with other client-side SDKs</li> </ul> <p><strong>2.50.0</strong> (26 Apr 2024)</p> <ul> <li>Initial support for session recording</li> </ul> <p><strong>2.49.0</strong> (5 Feb 2024)</p> <ul> <li>SPA support in pageview-tracking</li> <li>Support for configurable UTM parameter persistence</li> <li>Initial-referrer profile properties are now stored with <code>set_once</code> instead of <code>set</code></li> <li>Ignore AhrefsSiteAudit crawler</li> </ul> <p><strong>2.48.1</strong> (14 Nov 2023)</p> <ul> <li>UTM campaign properties will always be persisted super properties (fixes discrepancy between minified and unminified package)</li> </ul> <p><strong>2.48.0</strong> (7 Nov 2023)</p> <ul> <li>API endpoint routes can now be configured individually (i.e. rename /track, /engage, /groups)</li> <li>Event properties object passed to mixpanel.track() will no longer be mutated</li> <li>Super properties are now reloaded from persistence when making every tracking call (i.e., kept fresh when another tab/window in the same browser has updated them)</li> <li>Extra failsafe behavior for trying to clear queued requests when localStorage doesn't work on startup, e.g., when localStorage is full so writes fail</li> <li>Block Chrome-Lighthouse user agent</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
49a09a17cd |
build(deps): Bump tailwindcss from 3.4.7 to 3.4.10 in /website (#6540)
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from 3.4.7 to 3.4.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's releases</a>.</em></p> <blockquote> <h2>v3.4.10</h2> <h3>Fixed</h3> <ul> <li>Bump versions of plugins in the Standalone CLI (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14185">#14185</a>)</li> </ul> <h2>v3.4.9</h2> <h3>Fixed</h3> <ul> <li>No longer warns when broad glob patterns are detecting <code>vendor</code> folders</li> </ul> <h2>v3.4.8</h2> <h3>Fixed</h3> <ul> <li>Fix minification when using nested CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14105">#14105</a>)</li> <li>Warn when broad glob patterns are used in the content configuration (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14140">#14140</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/v3.4.10/CHANGELOG.md">tailwindcss's changelog</a>.</em></p> <blockquote> <h2>[3.4.10] - 2024-08-13</h2> <h3>Fixed</h3> <ul> <li>Bump versions of plugins in the Standalone CLI (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14185">#14185</a>)</li> </ul> <h2>[3.4.9] - 2024-08-08</h2> <h3>Fixed</h3> <ul> <li>No longer warns when broad glob patterns are detecting <code>vendor</code> folders</li> </ul> <h2>[3.4.8] - 2024-08-07</h2> <h3>Fixed</h3> <ul> <li>Fix minification when using nested CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14105">#14105</a>)</li> <li>Warn when broad glob patterns are used in the content configuration (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14140">#14140</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
3ddb0ddf70 |
test(connlib): replace panics with ERROR logs (#6519)
In order to see all things that went wrong during a test run, we install a special subscriber with the logger for `tunnel_test` that panics after it has received at least 1 `ERROR` log. The panics changed in this PR are still from a time when we didn't have that. We change them so that we have better diagnostics for when they get hit. |
||
|
Jamil
|
cb061bf9ba |
fix(apple): Trigger connlib reset() when IPv4, IPv6, or available network gateways has changed (#6521)
On Apple, we try to be smart about triggering connlib's `reset()` in order to keep from triggering endless update loops. This can happen because connlib itself triggers path monitoring updates through onUpdateRoutes and such. Before, we only kept track of whether our primary interface changed in order to consider the path updated. Now, we also track IPv4/IPv6 connectivity and the network's available gateways (read: routers) to trigger changes. This fixes the case where our interface loses or gains IPv4 / IPv6 connectivity, or the router address changes. Fixes #6515 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Jamil
|
d4f4c29b05 |
fix(android): Disable DisconnectMonitor while applying changes (#6517)
Disables the `DisconnectMonitor` when calling `buildVpnService()` to prevent self-triggered VPN config changes from disconnect the VPN. Other minor cleanups as well. |
||
|
Thomas Eizinger
|
9173601af4 |
build(nix): install rust-src as part of toolchain (#6520)
In order for `rust-analyzer` to show the correct version of the Rust standard library, we need to install `rust-src` together with the toolchain version that we use in the Nix dev-shell. |
||
|
Reactor Scram
|
ac2d4cd95e |
chore(rust): disable ANSI coloring in log files (#6508)
Closes #6467 It's still enabled for the stdout / stderr logs |
||
|
Andrew Dryga
|
1dae0a3ed5 |
fix(portal): Do not send resources not connected to any sites down to clients (#6512)
This is only possible for internet resources, any other resource will always have at least one site connected at all times. Closes #6510 |
||
|
Andrew Dryga
|
282abb8534 | fix(portal): Fix issue with Google Workspace sync token permissions (#6494) | ||
|
Jamil
|
e9fbb0358e |
fix(website): slow down animation speed, disable gradient until lg (#6507)
Disabling the linear-gradient on small screens fixes a mobile browser crash on iOS. |
||
|
Jamil
|
5acea60dc6 |
fix(portal): Fix flash width and hero logo on auth pages (#6482)
# Before <img width="1131" alt="Screenshot 2024-08-29 at 8 54 21 AM" src="https://github.com/user-attachments/assets/65aadaaa-dc92-4b2d-8fd4-a8ec776bc697"> <img width="3120" alt="Screenshot 2024-08-29 at 9 00 38 AM" src="https://github.com/user-attachments/assets/aa9846dc-9a01-4282-b9eb-539b38e7f67d"> <img width="702" alt="Screenshot 2024-08-29 at 9 03 26 AM" src="https://github.com/user-attachments/assets/39e30430-ed0a-46c6-84a1-f4edecacbdb3"> # After <img width="1100" alt="Screenshot 2024-08-29 at 8 54 30 AM" src="https://github.com/user-attachments/assets/9b5ee17a-e95f-4195-8439-f94298d6ecf9"> <img width="3120" alt="Screenshot 2024-08-29 at 9 00 54 AM" src="https://github.com/user-attachments/assets/be962785-684f-4de1-bf60-31e3567440ca"> <img width="621" alt="Screenshot 2024-08-29 at 9 09 54 AM" src="https://github.com/user-attachments/assets/33b6d501-b5ad-494d-8c75-faf6bf63068f"> <img width="572" alt="Screenshot 2024-08-29 at 9 14 52 AM" src="https://github.com/user-attachments/assets/c72cfc5a-8824-49e2-9ba2-984ebd490251"> |
||
|
Jamil
|
6afaadf452 |
fix(website): Fix syncs text (#6505)
The top graphic said `Signed in: Last week` while the card said `Last signed in: 2 weeks ago`. I did my best to recreate the original shadow and such. The graphic I exported this PNG from is the one in the New Landing Page. |
||
|
Jamil
|
c6b0b0a922 |
ci: Release 1.3.0 for Internet Resource (#6503)
This publishes the 1.3.0 clients and gateways so that Internet Resources will work. The feature is still disabled for the Stripe plans until we publish the launch post. Select customers have the feature enabled. Closes #2667 |
||
|
Jamil
|
c66f0c15c0 |
ci: Draft bump 1.3.0 clients (#6470)
- Internet resources |