Upon moving the version string from PKG_VERSION and Cargo.toml, we lost
the bump version automation. To avoid more bugs here in the future, we
now check for the version marker across all Git-tracked files,
regardless of their extension.
Fixes#10748
---------
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Skip `setConfiguration()` IPC call when not in connected state; this was
observed as the root cause of the utun interface increments which we've
seen
recently.
Note: `utun` increments can still happen during other IPC calls when not
signed in,
notably during log export when signed out of Firezone. This is not a
major issue though,
as other IPC calls happen only as a result of user interaction between
network extension sleeps.
To fully get rid of the problem, we should address #10754.
To ensure we still are able to pass on configuration before sign in, we
are now
passing configuration directly in the startTunnel() options dictionary.
Fixes#10603
Setting `fail-fast: false` unsurprisingly makes our CI fail pretty
slowly. This is especially noticable in the merge queue where a
long-running job could still hold up the entire queue even though a
different job has failed already and the PR is never going to make it in
anyway.
To avoid this scenario, we set `fail-fast: true` whenever we are in the
merge queue.
Bumps [framer-motion](https://github.com/motiondivision/motion) from
12.23.18 to 12.23.22.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's
changelog</a>.</em></p>
<blockquote>
<h2>[12.23.22] 2025-09-25</h2>
<h3>Added</h3>
<ul>
<li>Exporting <code>HTMLElements</code> and <code>useComposedRefs</code>
type for internal use.</li>
</ul>
<h2>[12.23.21] 2025-09-24</h2>
<h3>Fixed</h3>
<ul>
<li>Fixing main-thread <code>scroll</code> with animations that contain
<code>delay</code>.</li>
</ul>
<h2>[12.23.20] 2025-09-24</h2>
<h3>Fixed</h3>
<ul>
<li>Suppress non-animatable value warning for instant animations.</li>
</ul>
<h2>[12.23.19] 2025-09-23</h2>
<h3>Fixed</h3>
<ul>
<li>Remove support for changing <code>ref</code> prop.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="833abbb5a7"><code>833abbb</code></a>
v12.23.22</li>
<li><a
href="41346e2af9"><code>41346e2</code></a>
Exporting HTMLElements</li>
<li><a
href="f469973999"><code>f469973</code></a>
Update README.md with Notion logo</li>
<li><a
href="5232c64895"><code>5232c64</code></a>
Update sponsor links and images in README</li>
<li><a
href="7d5ab4ba4f"><code>7d5ab4b</code></a>
Add Notion logo to Gold section</li>
<li><a
href="aae6399409"><code>aae6399</code></a>
Updating tests</li>
<li><a
href="0ef633e2e3"><code>0ef633e</code></a>
v12.23.21</li>
<li><a
href="28ea5f8d68"><code>28ea5f8</code></a>
Updating changelog</li>
<li><a
href="d941e3aea2"><code>d941e3a</code></a>
Merge pull request <a
href="https://redirect.github.com/motiondivision/motion/issues/3380">#3380</a>
from motiondivision/fix/return-total-duration</li>
<li><a
href="80288e54e2"><code>80288e5</code></a>
Replacing map with for loop</li>
<li>Additional commits viewable in <a
href="https://github.com/motiondivision/motion/compare/v12.23.18...v12.23.22">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to
4.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add note on runner versions by <a
href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li>
<li>Prepare <code>v4.3.0</code> release by <a
href="https://github.com/Link"><code>@Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1655">actions/cache#1655</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4...v4.3.0">https://github.com/actions/cache/compare/v4...v4.3.0</a></p>
<h2>v4.2.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1620">actions/cache#1620</a></li>
<li>Upgrade <code>@actions/cache</code> to <code>4.0.5</code> and move
<code>@protobuf-ts/plugin</code> to dev depdencies by <a
href="https://github.com/Link"><code>@Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1634">actions/cache#1634</a></li>
<li>Prepare release <code>4.2.4</code> by <a
href="https://github.com/Link"><code>@Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1636">actions/cache#1636</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1620">actions/cache#1620</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4...v4.2.4">https://github.com/actions/cache/compare/v4...v4.2.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.3.0</h3>
<ul>
<li>Bump <code>@actions/cache</code> to <a
href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li>
</ul>
<h3>4.2.4</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.5</li>
</ul>
<h3>4.2.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in
debug logs for cache entries)</li>
</ul>
<h3>4.2.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.2</li>
</ul>
<h3>4.2.1</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.1</li>
</ul>
<h3>4.2.0</h3>
<p>TLDR; The cache backend service has been rewritten from the ground up
for improved performance and reliability. <a
href="https://github.com/actions/cache">actions/cache</a> now integrates
with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st,
2025</strong>. The legacy service will also be sunset on the same date.
Changes in these release are <strong>fully backward
compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We
recommend upgrading to version <code>v4</code> or <code>v3</code> as
soon as possible before <strong>February 1st, 2025.</strong> (Upgrade
instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions
<code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated
<a href="https://github.com/actions/cache">actions/cache</a> will
fail.</p>
<p>Upgrading to the recommended versions will not break your
workflows.</p>
<h3>4.1.2</h3>
<ul>
<li>Add GitHub Enterprise Cloud instances hostname filters to inform API
endpoint choices - <a
href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li>
<li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a
href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li>
</ul>
<h3>4.1.1</h3>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output - <a
href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li>
</ul>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed -
<a
href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a
href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0057852bfa"><code>0057852</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1655">#1655</a>
from actions/Link-/prepare-4.3.0</li>
<li><a
href="4f5ea67f1c"><code>4f5ea67</code></a>
Update licensed cache</li>
<li><a
href="9fcad95d03"><code>9fcad95</code></a>
Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release</li>
<li><a
href="638ed79f9d"><code>638ed79</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1642">#1642</a>
from actions/GhadimiR-patch-1</li>
<li><a
href="3862dccb17"><code>3862dcc</code></a>
Add note on runner versions</li>
<li><a
href="0400d5f644"><code>0400d5f</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1636">#1636</a>
from actions/Link-/release-4.2.4</li>
<li><a
href="374a27f269"><code>374a27f</code></a>
Prepare release 4.2.4</li>
<li><a
href="358a7306cd"><code>358a730</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1634">#1634</a>
from actions/Link-/optimise-deps</li>
<li><a
href="2ee706ef74"><code>2ee706e</code></a>
Fix with another approach</li>
<li><a
href="94f7b5d913"><code>94f7b5d</code></a>
Fix bundle exec</li>
<li>Additional commits viewable in <a
href="5a3ec84eff...0057852bfa">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 2.0.16 to
2.0.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/thiserror/releases">thiserror's
releases</a>.</em></p>
<blockquote>
<h2>2.0.17</h2>
<ul>
<li>Use differently named __private module per patch release (<a
href="https://redirect.github.com/dtolnay/thiserror/issues/434">#434</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="72ae716e6d"><code>72ae716</code></a>
Release 2.0.17</li>
<li><a
href="599fdce83a"><code>599fdce</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/thiserror/issues/434">#434</a>
from dtolnay/private</li>
<li><a
href="9ec05f6b38"><code>9ec05f6</code></a>
Use differently named __private module per patch release</li>
<li><a
href="d2c492b549"><code>d2c492b</code></a>
Raise minimum tested compiler to rust 1.76</li>
<li><a
href="fc3ab9501d"><code>fc3ab95</code></a>
Opt in to generate-macro-expansion when building on docs.rs</li>
<li><a
href="819fe29dbb"><code>819fe29</code></a>
Update ui test suite to nightly-2025-09-12</li>
<li><a
href="259f48c549"><code>259f48c</code></a>
Enforce trybuild >= 1.0.108</li>
<li><a
href="470e6a681c"><code>470e6a6</code></a>
Update ui test suite to nightly-2025-08-24</li>
<li><a
href="544e191e6e"><code>544e191</code></a>
Update actions/checkout@v4 -> v5</li>
<li><a
href="cbc1ebad3e"><code>cbc1eba</code></a>
Delete duplicate cap-lints flag from build script</li>
<li>See full diff in <a
href="https://github.com/dtolnay/thiserror/compare/2.0.16...2.0.17">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[github.com/getsentry/sentry-cocoa](https://github.com/getsentry/sentry-cocoa)
from 8.56.0 to 8.56.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-cocoa/releases">github.com/getsentry/sentry-cocoa's
releases</a>.</em></p>
<blockquote>
<h2>8.56.2</h2>
<blockquote>
<p>[!Warning]
Session Replay in this version does not correctly mask views when built
with Xcode 26 and running on iOS 26 with Liquid Glass, which may lead to
PII leaks. Please upgrade to 8.57.0 or later, which automatically
<strong>disables session replay</strong> in such environments.</p>
</blockquote>
<h3>Fixes</h3>
<ul>
<li>Fix crash from null UIApplication in SwiftUI apps (<a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/6264">#6264</a>)</li>
</ul>
<h2>8.56.1</h2>
<blockquote>
<p>[!Warning]
This version can cause runtime crashes because the
<code>UIApplication.sharedApplication</code>/<code>NSApplication.sharedApplication</code>
is not yet available during SDK initialization, due to the changes in
[PR <a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/5900">#5900</a>](<a
href="https://redirect.github.com/getsentry/sentry-cocoa/pull/5900">getsentry/sentry-cocoa#5900</a>),
released in <a
href="https://github.com/getsentry/sentry-cocoa/releases/tag/8.56.0">8.56.0</a>.</p>
</blockquote>
<blockquote>
<p>[!Warning]
Session Replay in this version does not correctly mask views when built
with Xcode 26 and running on iOS 26 with Liquid Glass, which may lead to
PII leaks. Please upgrade to 8.57.0 or later, which automatically
<strong>disables session replay</strong> in such environments.</p>
</blockquote>
<h3>Fixes</h3>
<ul>
<li>Fix potential app launch hang caused by the SentrySDK (<a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/6181">#6181</a>)
Fixed by removing the call to <code>_dyld_get_image_header</code> on the
main thread.</li>
<li>Fix dynamic selector crash in SentryReplayRecording (<a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/6211">#6211</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9e193ac0b7"><code>9e193ac</code></a>
release: 8.56.2</li>
<li><a
href="d1c491625f"><code>d1c4916</code></a>
test: Skip flaky user feedback UITests (<a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/6289">#6289</a>)</li>
<li><a
href="9a32d525be"><code>9a32d52</code></a>
fix: Lazily access UIApplication.shared (<a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/6264">#6264</a>)</li>
<li><a
href="2ec27000f0"><code>2ec2700</code></a>
chore(ci): Set iOS version for running Test Server unit tests (<a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/6287">#6287</a>)</li>
<li><a
href="4be5cd8ec9"><code>4be5cd8</code></a>
ci: Extra test plan for test server unit tests (<a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/6177">#6177</a>)</li>
<li><a
href="449d185f00"><code>449d185</code></a>
chore(deps): Update clang-format version (<a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/6276">#6276</a>)</li>
<li><a
href="649265b71b"><code>649265b</code></a>
test: Skip AppHangTracking when debugger attached (<a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/6242">#6242</a>)</li>
<li><a
href="7dabfb9176"><code>7dabfb9</code></a>
docs: Add warning to releases v8.56.0 and v8.56.1 (<a
href="https://redirect.github.com/getsentry/sentry-cocoa/issues/6266">#6266</a>)</li>
<li><a
href="d8ceea3a0c"><code>d8ceea3</code></a>
Merge branch 'release/8.56.1'</li>
<li><a
href="a82041aad9"><code>a82041a</code></a>
release: 8.56.1</li>
<li>Additional commits viewable in <a
href="https://github.com/getsentry/sentry-cocoa/compare/8.56.0...8.56.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.4 to
4.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add note on runner versions by <a
href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li>
<li>Prepare <code>v4.3.0</code> release by <a
href="https://github.com/Link"><code>@Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1655">actions/cache#1655</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4...v4.3.0">https://github.com/actions/cache/compare/v4...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.3.0</h3>
<ul>
<li>Bump <code>@actions/cache</code> to <a
href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li>
</ul>
<h3>4.2.4</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.5</li>
</ul>
<h3>4.2.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in
debug logs for cache entries)</li>
</ul>
<h3>4.2.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.2</li>
</ul>
<h3>4.2.1</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.1</li>
</ul>
<h3>4.2.0</h3>
<p>TLDR; The cache backend service has been rewritten from the ground up
for improved performance and reliability. <a
href="https://github.com/actions/cache">actions/cache</a> now integrates
with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st,
2025</strong>. The legacy service will also be sunset on the same date.
Changes in these release are <strong>fully backward
compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We
recommend upgrading to version <code>v4</code> or <code>v3</code> as
soon as possible before <strong>February 1st, 2025.</strong> (Upgrade
instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions
<code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated
<a href="https://github.com/actions/cache">actions/cache</a> will
fail.</p>
<p>Upgrading to the recommended versions will not break your
workflows.</p>
<h3>4.1.2</h3>
<ul>
<li>Add GitHub Enterprise Cloud instances hostname filters to inform API
endpoint choices - <a
href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li>
<li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a
href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li>
</ul>
<h3>4.1.1</h3>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output - <a
href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li>
</ul>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed -
<a
href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a
href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0057852bfa"><code>0057852</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1655">#1655</a>
from actions/Link-/prepare-4.3.0</li>
<li><a
href="4f5ea67f1c"><code>4f5ea67</code></a>
Update licensed cache</li>
<li><a
href="9fcad95d03"><code>9fcad95</code></a>
Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release</li>
<li><a
href="638ed79f9d"><code>638ed79</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1642">#1642</a>
from actions/GhadimiR-patch-1</li>
<li><a
href="3862dccb17"><code>3862dcc</code></a>
Add note on runner versions</li>
<li>See full diff in <a
href="0400d5f644...0057852bfa">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [quote](https://github.com/dtolnay/quote) from 1.0.40 to 1.0.41.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/quote/releases">quote's
releases</a>.</em></p>
<blockquote>
<h2>1.0.41</h2>
<ul>
<li>Improve compile error when repetition contains no interpolated value
that is an iterator (<a
href="https://redirect.github.com/dtolnay/quote/issues/302">#302</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="594c865ce8"><code>594c865</code></a>
Release 1.0.41</li>
<li><a
href="68956e650b"><code>68956e6</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/quote/issues/302">#302</a>
from dtolnay/hasiter</li>
<li><a
href="6a69784268"><code>6a69784</code></a>
Make diagnostic attribute conditional on compiler version</li>
<li><a
href="5f1924bd99"><code>5f1924b</code></a>
Tweak CheckHasIterator error message</li>
<li><a
href="c0adb26f41"><code>c0adb26</code></a>
Add diagnostic::on_unimplemented for no iterator in repetition</li>
<li><a
href="a1ddcab61b"><code>a1ddcab</code></a>
Combine HasIterator and ThereIsNoIteratorInRepetition to one type</li>
<li><a
href="bf48c854da"><code>bf48c85</code></a>
Switch to trait for checking iterator in repetition</li>
<li><a
href="d3b4777367"><code>d3b4777</code></a>
Update ui test suite to nightly-2025-09-27</li>
<li><a
href="3e6b04d98b"><code>3e6b04d</code></a>
Raise minimum tested compiler to rust 1.76</li>
<li><a
href="07deaaf89e"><code>07deaaf</code></a>
Opt in to generate-macro-expansion when building on docs.rs</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/quote/compare/1.0.40...1.0.41">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Currently, we launch the `required_check` right away with all others and
poll the GitHub API to see if all others have completed already. This
eats into our API quota.
An easier way to do the same thing is to declare a dependency of the
`required_check` onto all other jobs. Normally, this wouldn't work
because we skip certain jobs if the related files haven't been modified.
We can opt out of this default behaviour by telling GitHub to `always()`
run our job. That way, it naturally gets scheduled after all others,
even if some of the jobs have been skipped.
By default, Docker creates network interfaces with a txqueuelen of 1000.
This is pretty small and causes unnecessary packet drops when running
perf tests in that setup.
This comment breaks the multi-line command. The debian archive will be available from the APT repository so uploading that to the releases page is not actually necessary. We can still do it later if we want to though. For now, remove the comment to make the workflow work again.
To allow for better analysis of flow logs, we embed the resource name
and its address into the flow flogs. For the Internet Resource, the name
will be displayed as "Internet` and the address is either `0.0.0.0/0` or
`::/0` depending on the IP version of the packet. For CIDR resources,
the address is the subnet and for DNS resources, it is the domain
pattern.
Resolves: #10693
On clients prior to https://github.com/firezone/firezone/pull/10604,
sending `resource_created_or_updated` for a site change would cause a
panic. With the introduction of that PR, the portal can now send this
message without needing to "toggle" the resource first by sending
`resource_deleted`.
Fixes: #10593
This improves the secret handling inside `firezone-cli` by using the
`rpassword` crate to hide the token from stdin and using `secrecy` to
zeroize the memory afterwards. To make it easier to test locally, we add
a dry run mode for local testing, hidden behind the `FZ_DRY_RUN` env
variable.
With the refactoring coming up in #6294 we will be dropping production
support for JumpCloud directory sync.
In practice, this likely won't be an issue due to the better ergonomics
/ JIT provisioning that will be offered in the new system.
Related: #2701
Related: #6294
Related: #3115
Related: #7834
With this PR we add `cargo-deb` to our CI pipeline and build a debian
package for the Gateway. The debian package comes with several
configuration files that make it easy for admins to start and maintain a
Gateway installation:
- The embedded systemd unit file is essentially the same one as what we
currently install with the install script with some minor modifications.
- The token is read from `/etc/firezone/gateway-token` and passed as a
systemd credential. This allows us to set the permissions for this file
to `0400` and have it owned by `root:root`.
- The configuration is read from `/etc/firezone/gateway-env`.
- Both of these changes basically mean the user should never need to
touch the unit file itself.
- The `sysusers` configuration file ensures the `firezone` user and
group are present on the system.
- The `tmpfiles` configuration file ensures the necessary directories
are present.
All of the above is automatically installed and configured using the
post-installation script which is called by `apt` once the package is
installed.
In addition to the Gateway, we also package a first version of the
`firezone-cli`. Right now, `firezone-cli` (installed as `firezone`) has
three subcommands:
- `gateway authenticate`: Asks for the Gateway's token and installs it
at `/etc/firezone/gateway-token`. The user doesn't have to know how we
manage this token and can trust that we are using safe defaults.
- `gateway enable`: Enables and starts the systemd service.
- `gateway disable`: Disables the systemd service.
Right now, the `.deb` file is only uploaded to the preview APT
repository and not attached to the release. It should therefore not yet
be user-visible unless somebody pokes around a lot, meaning we can defer
documentation to a later PR and start testing it from the preview
repository for our own purposes.
Related: #10598Resolves: #8484Resolves: #10681
It is possible that our "roaming" integration test only ever connects
Client and Gateway over IPv6. In that case, the number of unique source
tuples after roaming is only 2 and not 3. To handle this case, we count
the number of IPv4 tuples and change the assertion accordingly.
In the current state, this causes test failures on `main`.
Currently, the default log level for both the Gateway and the headless
Client is actually `error` which basically means no logs at all. To
avoid having to create additional configuration as part of the Debian
packages, we set the default log level to `info`.
Unix tools often write a newline at the end of a file. When using the
file's contents as a token, they need to match byte-for-byte otherwise
we cannot authenticate to the portal. To ensure that, we trim the
content from the file before creating the `SecretString`.
Adding new keys to the `/etc/apt/trusted.gpg.d` keyring is not
recommended because it will make `apt` accept packages from any
repository signed by this key. This could lead to third-party
repositories "overriding" packages from the official ones.
To prevent that, we create a dedicated keyring for the Microsoft key and
specify that it is only to be used for packages from the `azure-cli`
repository.
Similarly to #10537, we upload the `.deb` files attached to the draft
releases to the APT preview repository. This makes it easier to install
these preview releases on test machines.
Related: #10681
Currently, the `sync-apt.sh` script just generates metadata for all
packages found in the `.deb` directory. Unfortunately, this requires the
packages to already be uploaded with a certain naming convention,
otherwise `apt-ftparchive packages` doesn't actually detect them and
creates an empty `Packages` file.
The solution here is to extend the `sync-apt.sh` script to normalize the
filename to what we need it to be. This requires us to upload the new
`.deb` files to the `pool` directory. Instead of messing around with the
existing files in there, we slightly change how the `sync-apt.sh` script
works.
In its new version, it expects packages to be in the `import-stable` and
`import-preview` directories. It will then download these, normalize
their names and move them to a local `pool-stable` and `pool-preview`
directory respectively (potentially overwriting and existing one that is
already there, this allows for updating packages).
As a final step, it will generate the metadata for all packages in
`pool-stable` and `pool-preview`, upload both directories, upload the
metadata and then delete the imported `.deb` files.
Bumps [dns-lookup](https://github.com/keeperofdakeys/dns-lookup) from
2.1.1 to 3.0.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec8ceceb6b"><code>ec8cece</code></a>
Bump to version 3.0.0</li>
<li><a
href="8b650bd273"><code>8b650bd</code></a>
Bump to version 2.1.0</li>
<li><a
href="0d90628d54"><code>0d90628</code></a>
Update to 2021 edition</li>
<li><a
href="e4f5e19d80"><code>e4f5e19</code></a>
Apply clipply lints</li>
<li><a
href="1d02095eb7"><code>1d02095</code></a>
deps(socket2): update to 0.6 with windwos-sys 0.60</li>
<li><a
href="7745e71a61"><code>7745e71</code></a>
Update example lookup_host with collect in README</li>
<li><a
href="615ee8cc85"><code>615ee8c</code></a>
Downgrade windows-sys back to 0.52</li>
<li><a
href="aa1380981a"><code>aa13809</code></a>
Fix clippy errors</li>
<li><a
href="c5b86b6882"><code>c5b86b6</code></a>
Remove useless clippy feature</li>
<li><a
href="b581ca0c6a"><code>b581ca0</code></a>
Update deps</li>
<li>Additional commits viewable in <a
href="https://github.com/keeperofdakeys/dns-lookup/compare/2.1.1...3.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [winreg](https://github.com/gentoo90/winreg-rs) from 0.52.0 to
0.55.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gentoo90/winreg-rs/releases">winreg's
releases</a>.</em></p>
<blockquote>
<h2>0.55.0 (windows-sys)</h2>
<ul>
<li>Breaking change: Increate MSRV to 1.60</li>
<li>Breaking change: Upgrade <code>windows-sys</code> to version 0.59
(<a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/77">#77</a>)</li>
</ul>
<h2>0.54.0 (windows-sys)</h2>
<ul>
<li>Breaking change: Migrate to the 2021 edition of Rust (MSRV
1.56)</li>
<li>Breaking change: Upgrade <code>windows-sys</code> to version 0.52
(closes <a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/63">#63</a>,
<a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/70">#70</a>)</li>
</ul>
<h2>0.53.0 (windows-sys)</h2>
<ul>
<li>Don't stop deserialization of <code>Any</code> due to
<code>REG_NONE</code> (pullrequest <a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/67">#67</a>,
fixes <a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/66">#66</a>)</li>
<li>Implement (de)serialization of <code>Option</code> (<a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/56">#56</a>)</li>
<li>Add <code>RegKey</code> methods for creating/opening subkeys with
custom options (<a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/65">#65</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/gentoo90/winreg-rs/blob/master/CHANGELOG.md">winreg's
changelog</a>.</em></p>
<blockquote>
<h2>0.55.0</h2>
<ul>
<li>Breaking change: Increate MSRV to 1.60</li>
<li>Breaking change: Upgrade <code>windows-sys</code> to version 0.59
(<a
href="https://redirect.github.com/gentoo90/winreg-rs/pull/77">#77</a>)</li>
</ul>
<h2>0.54.0</h2>
<ul>
<li>Breaking change: Migrate to the 2021 edition of Rust (MSRV
1.56)</li>
<li>Breaking change: Upgrade <code>windows-sys</code> to version 0.52
(closes <a
href="https://redirect.github.com/gentoo90/winreg-rs/pull/63">#63</a>,
<a
href="https://redirect.github.com/gentoo90/winreg-rs/pull/70">#70</a>)</li>
</ul>
<h2>0.15.0, 0.53.0</h2>
<ul>
<li>Don't stop deserialization of <code>Any</code> due to
<code>REG_NONE</code> (pullrequest <a
href="https://redirect.github.com/gentoo90/winreg-rs/pull/67">#67</a>,
fixes <a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/66">#66</a>)</li>
<li>Implement (de)serialization of <code>Option</code> (<a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/56">#56</a>)</li>
<li>Add <code>RegKey</code> methods for creating/opening subkeys with
custom options (<a
href="https://redirect.github.com/gentoo90/winreg-rs/pull/65">#65</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9243b23849"><code>9243b23</code></a>
Bump version to 0.55.0</li>
<li><a
href="f0440749e8"><code>f044074</code></a>
Upgrade <code>windows-sys</code> to version 0.59 (and MSRV to 1.60)</li>
<li><a
href="4574febe77"><code>4574feb</code></a>
Bump version to 0.54.0</li>
<li><a
href="105ca7aee3"><code>105ca7a</code></a>
Upgrade <code>windows-sys</code> to version 0.52</li>
<li><a
href="93aefdf523"><code>93aefdf</code></a>
Migrate to the 2021 edition of Rust</li>
<li><a
href="c9315d07f0"><code>c9315d0</code></a>
Clippy: remove unnecessary typecasts</li>
<li><a
href="e62111ee60"><code>e62111e</code></a>
Merge branch 'winapi'</li>
<li><a
href="049035fe94"><code>049035f</code></a>
Update the transaction example in the docs</li>
<li><a
href="5baac5d5a4"><code>5baac5d</code></a>
CI: upgrade actions to the latest versions</li>
<li><a
href="cbaeb4e00a"><code>cbaeb4e</code></a>
CI: check <code>Cargo.toml</code> formatting</li>
<li>Additional commits viewable in <a
href="https://github.com/gentoo90/winreg-rs/compare/v0.52.0...v0.55.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Whenever we route a packet from the Client to a DNS resource, we now
also capture the domain name. If this is the first packet and we are
thus creating a new flow, we'll save that domain in it. Later packets
for the same IP are rolled up under the same flow and thus don't need to
re-set the domain.
Resolves: #10691
In order to properly free all memory allocated by the `Event` returned
from connlib, we need to `.destroy()` it. For this to happen
automatically, we can call the `.use` helper.
Unfortunately, there are no compile-time warnings about this so we have
to manually audit the generated code to check which objects needs
closing after use.
From what I can gather, the `Event` only needs to be closed because we
hold a reference to the `DisconnectError` inside `Disconnected`. Because
we exit after that anyway, I believe all memory is free'd regardless
already.
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 24.5.0 to 24.5.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
In order to secure an APT repository, the `Release` file containing the
hashes of all packages needs to be signed with a GPG key. These
signatures simply need to be synced back up to the repository. The rest
is handled by `apt` itself.
Resolves: #10599
This integration test is currently flaky because we might "roam" between
IPv4 and IPv6 during ICE already. To assert that we actually roamed, we
need to check that we have at least 3 different source tuples in our
list of flows.
Bumps [etherparse](https://github.com/JulianSchmid/etherparse) from
0.17.0 to 0.19.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/JulianSchmid/etherparse/releases">etherparse's
releases</a>.</em></p>
<blockquote>
<h2>v0.19.0 Add basic ICMPv6 Neighbor Discovery Support</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: add ICMPv6 neighbour solicitation by <a
href="https://github.com/thomaseizinger"><code>@thomaseizinger</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/129">JulianSchmid/etherparse#129</a></li>
<li>Minor fixups for ICMPv6 NeighborSolicitation &
NeighborAdvertisement & Add RouterSolicitation &
RouterAdvertisement & Redirect by <a
href="https://github.com/JulianSchmid"><code>@JulianSchmid</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/130">JulianSchmid/etherparse#130</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/thomaseizinger"><code>@thomaseizinger</code></a>
made their first contribution in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/129">JulianSchmid/etherparse#129</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.18.2...v0.19.0">https://github.com/JulianSchmid/etherparse/compare/v0.18.2...v0.19.0</a></p>
<h2>v0.18.2 Add core::error::Error implementation to non_std build</h2>
<h2>What's Changed</h2>
<ul>
<li>Implement core::error::Error for the error types by <a
href="https://github.com/xyzzyz"><code>@xyzzyz</code></a> in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/127">JulianSchmid/etherparse#127</a></li>
<li>Increment version 0.18.2 by <a
href="https://github.com/JulianSchmid"><code>@JulianSchmid</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/128">JulianSchmid/etherparse#128</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/xyzzyz"><code>@xyzzyz</code></a> made
their first contribution in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/127">JulianSchmid/etherparse#127</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.18.1...v0.18.2">https://github.com/JulianSchmid/etherparse/compare/v0.18.1...v0.18.2</a></p>
<h2>v0.18.1 Add LaxPacketHeader:: from_linux_sll</h2>
<h2>What's Changed</h2>
<ul>
<li>Add from_linux_sll for LaxPacketHeaders by <a
href="https://github.com/shu-kitamura"><code>@shu-kitamura</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/125">JulianSchmid/etherparse#125</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/shu-kitamura"><code>@shu-kitamura</code></a>
made their first contribution in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/125">JulianSchmid/etherparse#125</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.18.0...v0.18.1">https://github.com/JulianSchmid/etherparse/compare/v0.18.0...v0.18.1</a></p>
<h2>v0.18.0 MACsec Support & ECN+DSCP Support for IPv6</h2>
<h2>What are the major changes?</h2>
<ul>
<li>Support for MACsec (IEEE 802.1AE)</li>
<li>The <code>vlan</code> field in <code>SlicedPacket</code>,
<code>LaxSlicedPacket</code>, <code>PacketHeaders</code>,
<code>LaxPacketHeaders</code> has been replaced with
<code>link_exts</code>.</li>
<li><code>Ipv4Ecn</code> & <code>Ipv4Dscp</code> have been replaced
by <code>IpEcn</code> & <code>IpDscp</code>.</li>
<li><code>Ipv6Header</code> & <code>Ipv6HeaderSlice</code> now
supports the reading & setting of <code>IpEcn</code> &
<code>IpDscp</code> (thanks to <a
href="https://github.com/baxterjo"><code>@baxterjo</code></a>)</li>
<li><code>LaxEtherPayloadSlice</code> has been introduced &
<code>len_source</code> added to <code>EtherPayloadSlice</code>.</li>
<li><code>source_addr()</code> & <code>destination_addr()</code>
methods of <code>IpSlice</code>, <code>Ipv4HeaderSlice</code>,
<code>Ipv6Header</code>, <code>Ipv6HeaderSlice</code>,
<code>LaxIpSlice</code> are now available in non-std mode (thanks to <a
href="https://github.com/Dominaezzz"><code>@Dominaezzz</code></a>)</li>
<li>Minimum supported Rust version as been configured to 1.83.0 (thanks
to <a
href="https://github.com/baxterjo"><code>@baxterjo</code></a>)</li>
</ul>
<h3>What is MACsec (IEEE 802.1AE)?</h3>
<p>MACsec is a protocol that allows the signing and/or encryption of
packet contents from the link layer downwards. The main difference
between MACsec and IPSec is that IPSec is located after the IP header
while MACsec is located above the IP header and can also encrypt the
contents of the IP header itself while IPSSec does not encrypt the IP
header. As such MACsec is usually used to secure local networks, while
IPSec is more commonly used for VPNs and alike that leave the local
network.</p>
<h3>Changes needed for MACsec Support</h3>
<p>Adding MACsec support required some breaking changes, specifically on
how VLAN headers are handled. The MACsec SECTAG is a header that can be
present in the same locations as "VLAN" headers. It has no
fixed position and can be located before or after VLAN headers or after
the Ethernet 2 header without a VLAN header being present at all. This
invalidates the assumption <code>etherparse</code> had in previous
versions that VLAN headers are always directly located after the
Ethernet2 header and that if there are multiple VLAN headers that they
are directly located after each other. Now there could be a MACsec
header present in between VLAN headers.</p>
<p>To support the different combinations of MACSec & VLAN headers
the <code>vlan</code> field in <code>SlicedPacket</code>,
<code>PacketHeaders</code>, <code>LaxSlicedPacket</code> &
<code>LaxPacketHeaders</code> has been replaced with a
<code>link_exts</code> field that can contain up to three "link
extensions":</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b76f71ac3e"><code>b76f71a</code></a>
Update version to 0.19.0 for etherparse</li>
<li><a
href="9fd5758f78"><code>9fd5758</code></a>
Merge pull request <a
href="https://redirect.github.com/JulianSchmid/etherparse/issues/130">#130</a>
from JulianSchmid/coverage-fixups</li>
<li><a
href="cd9266d03f"><code>cd9266d</code></a>
Add Router & Redirect ICMPv6 messages</li>
<li><a
href="e50e502898"><code>e50e502</code></a>
Renamed neighbour_discovery.rs to neighbor_advertisement_header.rs</li>
<li><a
href="46b4dfbfcf"><code>46b4dfb</code></a>
Further tests for coverage</li>
<li><a
href="d821f04435"><code>d821f04</code></a>
Further tests for coverage</li>
<li><a
href="454c35c271"><code>454c35c</code></a>
Increment version to 0.19.0</li>
<li><a
href="79b915aa2d"><code>79b915a</code></a>
Minor fixups for ICMPv6</li>
<li><a
href="9e967ba879"><code>9e967ba</code></a>
Merge pull request <a
href="https://redirect.github.com/JulianSchmid/etherparse/issues/129">#129</a>
from thomaseizinger/feat/icmpv6-neighbour-soliciation</li>
<li><a
href="e59fc8498b"><code>e59fc84</code></a>
Add ICMPv6 neighbour solicitation</li>
<li>Additional commits viewable in <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.17.0...v0.19.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Jamil