mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
3c55ddcd1e0198221d90209abe4e49e9987b2ac5
7967 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jamil
|
3c55ddcd1e |
fix(ci): move rust cache to Azure; docker on main (#10169)
We are _very much_ over our GHA cache limit of 10 GB so in an effort to keep evictions to a minimum, we update the Rust SCCACHE to only write on `main` and the Docker elixir and data plane image build steps to do the same. Fixes #10145 |
||
|
Jamil
|
6f0e7f3caa |
chore(ci): enable data plane arm64 debug images (#10165)
On developers with Apple Silicon machines, this allows for testing native binaries without having to build data plane images. |
||
|
Firezone Bot
|
95ee111e62 | chore: publish apple-client 1.5.7 (#10159) | ||
|
Jamil
|
e5b2af1d4e |
chore(portal): add ChangeLogs.truncate/2 and tests (#10155)
In preparation to delete old change_logs based on account and insertion time, we introduce a simple `truncate` function that removes old change logs past a cutoff date. Related: https://github.com/firezone/firezone/issues/10146 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Jamil
|
25e15bbd14 |
chore(portal): drop id in favor of lsn pkey (#10152)
On the `change_logs` table, we want to minimize write overhead as much as possible. One major way to do this is the minimize the number of indexes maintained. Because `lsn` is guaranteed to be unique, we can use it as the primary, saving us an index (and column). **NOTE**: This migration will need to acquire a lock on the table, so it's added as a manual migration to execute out of band. Since we don't read ChangeLogs anywhere, it should be fine for the app servers to come up without this migration applied. |
||
|
Jamil
|
2c788a31aa |
test(portal): Flows.delete_expired_flows/0 (#10150)
Adds a missing test for the `Flows.delete_expired_flows/0` function. |
||
|
Thomas Eizinger
|
456fde5b60 |
ci: increase bitrate of direct connection UDP perf tests (#10154)
We can easily handle 1GBit/s for the direct connections. |
||
|
Thomas Eizinger
|
507a8957c2 |
chore(connlib): only debug-assert non-retransmitted DNS queries (#10136)
When we receive the same TCP DNS query twice, we currently wrongly hit a debug assert. |
||
|
Thomas Eizinger
|
2dde3b8573 |
fix(relay): read from most-recently-ready socket first (#10148)
The relay uses `mio` to react to readiness events from multiple sockets at once. Including the control port 3478, the relay needs to also send and receive traffic from up to 16384 sockets (one for each possible allocation). We need to process readiness events from these sockets as fairly as possible. Under high-load, it may otherwise happen that we don't read packets from an allocation socket, resulting in ICE timeouts of the connection being relayed. To achieve this fairness, we collect all readiness tokens into a set and store it with the number of packets we have read so far from this socket. Then, we always read from the socket next that we have so far read the least amount of packets from. |
||
|
Thomas Eizinger
|
b5e3ee8065 |
ci: reduce UDP perf test bitrate (#10153)
Forcing 500MBit/s through a relayed connection in CI makes the user-space relay fall-over and drop control messages, leading to ICE timeouts of the connection. |
||
|
Thomas Eizinger
|
f27683760a | fix(relay): check for ANSI support on stdout (#10149) | ||
|
Thomas Eizinger
|
2841fd0017 |
chore(connlib): spawn dedicated tasks for UDP send/recv (#10147)
At the moment, `connlib`'s UDP thread spawns a single task for reading and writing to the UDP socket. It will always first try to write data before reading new data. To avoid scheduling issues, we split this into two dedicated tasks and insert ```rust tokio::task::yield_now().await; ``` into each loop. This allows the `tokio` runtime to schedule each of the tasks fairly even if one of them is very busy. For example, if we are very busy writing data (because we are receiving a lot of IP traffic), this ensures that we will occasionally also read from our socket to receive STUN control messages from our peers. |
||
|
Jamil
|
708a4b000e |
fix(ci): enable GHA backend for sccache (#10144)
We need to actually enable the GHA backend for sccache. Related: #10142 |
||
|
Jamil
|
b96ee526c1 |
fix(apple/ios): don't require hard link to __res_9_state (#10143)
In Xcode 16, how the compiler determines the size of C structs changed. In Xcode 15 and below, when the compiler saw `__res_9_state()`, it thought, "This is a C struct. I know its size and layout from the system's header files. I will generate code to allocate that much memory and zero it out." This was a type-based operation; it only needed the "blueprint" for the struct. In Xcode 16 and later, the compiler sees `__res_9_state()` and thinks, "This is a C struct. To initialize it, I need to link to the actual symbol named `___res_9_state` inside the libresolv library." This became a symbol-based operation, creating a direct dependency that didn't exist before. To fix this, we initialize a raw pointer with a manual type specification to the zeroed-out struct, which reverts to the prior behavior. Has been tested on iPhone 12, iOS 17. Fixes #10108 |
||
|
Jamil
|
15d281d91c |
chore(ci): set up sccache (again) (#10142)
This was removed in
|
||
|
Brian Manifold
|
80e1c3255f |
refactor(portal): refactor billing event handler (#10064)
Why: * There were intermittent issues with accounts updates from Stripe events. Specifically, when an account would update it's subscription from Starter to Team. The reason was due to the fact that Stripe does not guarantee order of delivery for it's webhook events. At times we were seeing and responding to an event that was a few seconds old after processing a newer event. This would have the effect of quickly transitioning an account from Team back to Starter. This commit refactors our event handler and adds a `processed_stripe_events` DB table to make sure we don't process duplicate events as well as prevent processing an event that was created prior to the last event we've processed for a given account. * Along with refactoring the billing event handling, the Stripe mock module has also been refactored to better reflect real Stripe objects. Related: #8668 |
||
|
Firezone Bot
|
ea960cce74 | chore: publish android-client 1.5.3 (#10141) | ||
|
Jamil
|
6ad10c8f39 |
fix(ci): use etc-resolv-conf as default in headless image (#10126)
The headless client image we ship doesn't have systemd-resolved. By
default, if you try to run it without setting the `FIREZONE_DNS_CONTROL`
var, it will exit with an unhelpful error message that is difficult to
diagnose / debug for anyone unfamiliar to the inner workings of the
headless client:
```
Error: I/O error: No such file or directory (os error 2)
Caused by:
No such file or directory (os error 2)
Stack backtrace:
0: anyhow::error::<impl core::convert::From<E> for anyhow::Error>::from
1: firezone_bin_shared::network_changes::imp::Worker::new_dbus::{{closure}}
2: firezone_headless_client::main::{{closure}}
3: tokio::runtime::runtime::Runtime::block_on
4: firezone_headless_client::main
5: std::sys::backtrace::__rust_begin_short_backtrace
6: std::rt::lang_start::{{closure}}
7: main
```
To fix this, we set `FIREZONE_DNS_CONTROL=etc-resolv-conf` for the user
inside our headless-client image.
---------
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
|
||
|
Jamil
|
a05067d410 |
chore(ci): Add 50ms simulated API latency (#10132)
In the real world, it's entirely possible that the latency between clients, gateways, and relays is much lower than the latency to the API nodes. This added latency will test that we can handle such cases reliably. --------- Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Jamil
|
cacb44f7bb |
test(portal): fix flaky acceptance auth test (#10140)
Occasionally, this fails because the element is found, but not visible due to a race condition. To fix this, we assert that the element should be visible before clicking on it. Fixes https://github.com/firezone/firezone/actions/runs/16751908154/job/47424125321 |
||
|
Thomas Eizinger
|
3e46727362 |
chore(snownet): improve logging of boringtun session index (#10135)
Previously, boringtun's sender/receiver index of a session would just be rendered as a full u32. In reality, this u32 contains two pieces of information: The higher 24 bits identify the peer and the lower 8 bits identify the session with that peer. With the update to boringtun in https://github.com/firezone/boringtun/pull/112, we encode this logic in a dedicated type that has prints this information separately. Here is what the logs now look like: ``` 2025-08-05T07:38:37.742Z DEBUG boringtun::noise: Received handshake_response local_idx=(3428714|1) remote_idx=(1937676|1) 2025-08-05T07:38:37.743Z DEBUG boringtun::noise: New session idx=(3428714|1) 2025-08-05T07:38:37.743Z DEBUG boringtun::noise: Sending keepalive local_idx=(3428714|1) ``` |
||
|
dependabot[bot]
|
036cae84f3 |
build(deps): bump tokio from 1.46.1 to 1.47.1 in /rust (#10119)
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.46.1 to 1.47.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.47.1</h2> <h1>1.47.1 (August 1st, 2025)</h1> <h3>Fixed</h3> <ul> <li>process: fix panic from spurious pidfd wakeup (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7494">#7494</a>)</li> <li>sync: fix broken link of Python <code>asyncio.Event</code> in <code>SetOnce</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7485">#7485</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7485">#7485</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7485">tokio-rs/tokio#7485</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7494">#7494</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7494">tokio-rs/tokio#7494</a></p> <h2>Tokio v1.47.0</h2> <h1>1.47.0 (July 25th, 2025)</h1> <p>This release adds <code>poll_proceed</code> and <code>cooperative</code> to the <code>coop</code> module for cooperative scheduling, adds <code>SetOnce</code> to the <code>sync</code> module which provides similar functionality to [<code>std::sync::OnceLock</code>], and adds a new method <code>sync::Notify::notified_owned()</code> which returns an <code>OwnedNotified</code> without a lifetime parameter.</p> <h2>Added</h2> <ul> <li>coop: add <code>cooperative</code> and <code>poll_proceed</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7405">#7405</a>)</li> <li>sync: add <code>SetOnce</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7418">#7418</a>)</li> <li>sync: add <code>sync::Notify::notified_owned()</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7465">#7465</a>)</li> </ul> <h2>Changed</h2> <ul> <li>deps: upgrade windows-sys 0.52 → 0.59 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7117">#7117</a>)</li> <li>deps: update to socket2 v0.6 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7443">#7443</a>)</li> <li>sync: improve <code>AtomicWaker::wake</code> performance (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7450">#7450</a>)</li> </ul> <h2>Documented</h2> <ul> <li>metrics: fix listed feature requirements for some metrics (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7449">#7449</a>)</li> <li>runtime: improve safety comments of <code>Readiness<'_></code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7415">#7415</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7405">#7405</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7405">tokio-rs/tokio#7405</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7415">#7415</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7415">tokio-rs/tokio#7415</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7418">#7418</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7418">tokio-rs/tokio#7418</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7449">#7449</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7449">tokio-rs/tokio#7449</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7450">#7450</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7450">tokio-rs/tokio#7450</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7465">#7465</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7465">tokio-rs/tokio#7465</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
8f35f3a0dc |
build(deps): bump serde_json from 1.0.141 to 1.0.142 in /rust (#10121)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.141 to 1.0.142. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.142</h2> <ul> <li>impl Default for &Value (<a href="https://redirect.github.com/serde-rs/json/issues/1265">#1265</a>, thanks <a href="https://github.com/aatifsyed"><code>@aatifsyed</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
50f2cc3e2c |
build(deps): bump uniffi from 0.29.3 to 0.29.4 in /rust (#10113)
Bumps [uniffi](https://github.com/mozilla/uniffi-rs) from 0.29.3 to 0.29.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mozilla/uniffi-rs/blob/main/CHANGELOG.md">uniffi's changelog</a>.</em></p> <blockquote> <h2>v0.29.4 (backend crates: v0.29.4) - (<em>2025-07-24</em>)</h2> <ul> <li>Fixed a bug where objects with alignment >= 32 could be freed to early (<a href="https://redirect.github.com/mozilla/uniffi-rs/issues/2600">mozilla/uniffi-rs#2600</a>)</li> </ul> <p><a href="https://github.com/mozilla/uniffi-rs/compare/v0.29.3...v0.29.4">All changes in v0.29.4</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
f4e69a2743 |
build(deps): bump rangemap from 1.5.1 to 1.6.0 in /rust (#10116)
Bumps [rangemap](https://github.com/jeffparsons/rangemap) from 1.5.1 to 1.6.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jeffparsons/rangemap/blob/main/CHANGELOG.md">rangemap's changelog</a>.</em></p> <blockquote> <h3>v1.6.0 (2025-07-26)</h3> <ul> <li><strong>Features</strong>: <ul> <li>Add quickcheck support, gated behind the <code>quickcheck</code> feature.</li> <li>Improve performance of <code>RangeMap::gaps</code> by efficiently seeking to the start of the query range.</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/jeffparsons/rangemap/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
4f29d13b14 |
build(deps): bump clap from 4.5.41 to 4.5.42 in /rust (#10122)
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.41 to 4.5.42. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.5.42</h2> <h2>[4.5.42] - 2025-07-30</h2> <h3>Fixes</h3> <ul> <li>Include subcommand visible long aliases in <code>--help</code></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.5.42] - 2025-07-30</h2> <h3>Fixes</h3> <ul> <li>Include subcommand visible long aliases in <code>--help</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d30b5e66ae |
build(deps): bump rustls from 0.23.29 to 0.23.31 in /rust (#10120)
Bumps [rustls](https://github.com/rustls/rustls) from 0.23.29 to 0.23.31. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b5566f19f2 |
build(deps): bump the tauri group in /rust with 4 updates (#10118)
Bumps the tauri group in /rust with 4 updates: [tauri-build](https://github.com/tauri-apps/tauri), [tauri-plugin-dialog](https://github.com/tauri-apps/plugins-workspace), [tauri-runtime](https://github.com/tauri-apps/tauri) and [tauri-utils](https://github.com/tauri-apps/tauri). Updates `tauri-build` from 2.3.0 to 2.3.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri-build's releases</a>.</em></p> <blockquote> <h2>tauri-build v2.3.1</h2> <!-- raw HTML omitted --> <pre><code>Updating git repository `https://github.com/tauri-apps/schemars.git` Updating crates.io index warning: Patch `schemars_derive v0.8.21 (https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)` was not used in the crate graph. Check that the patched package version and available features are compatible with the dependency requirements. If the patch has a different version from what is locked in the Cargo.lock file, run `cargo update` to use the new version. This may also occur with an optional dependency that is not enabled. Locking 1034 packages to latest compatible versions Adding apple-codesign v0.27.0 (available: v0.29.0) Adding cargo_metadata v0.19.2 (available: v0.21.0) Adding colored v2.2.0 (available: v3.0.0) Adding ctor v0.2.9 (available: v0.4.2) Adding elf v0.7.4 (available: v0.8.0) Adding goblin v0.9.3 (available: v0.10.0) Adding html5ever v0.29.1 (available: v0.35.0) Adding itertools v0.13.0 (available: v0.14.0) Adding json-patch v3.0.1 (available: v4.0.0) Adding jsonrpsee v0.24.9 (available: v0.25.1) Adding jsonrpsee-client-transport v0.24.9 (available: v0.25.1) Adding jsonrpsee-core v0.24.9 (available: v0.25.1) Adding jsonrpsee-ws-client v0.24.9 (available: v0.25.1) Adding matchit v0.8.4 (available: v0.8.6) Adding minisign v0.7.3 (available: v0.7.9) Adding object v0.36.7 (available: v0.37.1) Adding oxc_allocator v0.36.0 (available: v0.77.3) Adding oxc_ast v0.36.0 (available: v0.77.3) Adding oxc_parser v0.36.0 (available: v0.77.3) Adding oxc_span v0.36.0 (available: v0.77.3) Adding phf v0.11.3 (available: v0.12.1) Adding proc-macro-crate v2.0.0 (available: v2.0.2) Adding rpm v0.16.0 (available: v0.17.0) Adding schemars v0.8.22 (available: v1.0.4) Adding serialize-to-javascript v0.1.1 (available: v0.1.2) Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2) Adding tiny_http v0.11.0 (available: v0.12.0) Adding toml v0.8.23 (available: v0.9.2) Adding toml_edit v0.22.27 (available: v0.23.2) Adding which v7.0.3 (available: v8.0.0) Adding x509-certificate v0.23.1 (available: v0.24.0) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 792 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1059 crate dependencies) Crate: atk Version: 0.18.2 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2816ced0a7 |
build(deps): bump strum from 0.27.1 to 0.27.2 in /rust (#10117)
Bumps [strum](https://github.com/Peternator7/strum) from 0.27.1 to 0.27.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Peternator7/strum/releases">strum's releases</a>.</em></p> <blockquote> <h2>v0.27.2</h2> <h2>What's Changed</h2> <ul> <li>Adding support for doc comments on <code>EnumDiscriminants</code> generated type… by <a href="https://github.com/linclelinkpart5"><code>@linclelinkpart5</code></a> in <a href="https://redirect.github.com/Peternator7/strum/pull/141">Peternator7/strum#141</a></li> <li>Drop needless <code>rustversion</code> dependency by <a href="https://github.com/paolobarbolini"><code>@paolobarbolini</code></a> in <a href="https://redirect.github.com/Peternator7/strum/pull/446">Peternator7/strum#446</a></li> <li>Upgrade <code>phf</code> to v0.12 by <a href="https://github.com/paolobarbolini"><code>@paolobarbolini</code></a> in <a href="https://redirect.github.com/Peternator7/strum/pull/448">Peternator7/strum#448</a></li> <li>allow discriminants on empty enum by <a href="https://github.com/crop2000"><code>@crop2000</code></a> in <a href="https://redirect.github.com/Peternator7/strum/pull/435">Peternator7/strum#435</a></li> <li>Remove broken link to EnumTable docs by <a href="https://github.com/schneems"><code>@schneems</code></a> in <a href="https://redirect.github.com/Peternator7/strum/pull/427">Peternator7/strum#427</a></li> <li>Change enum table callbacks to FnMut. by <a href="https://github.com/ClaytonKnittel"><code>@ClaytonKnittel</code></a> in <a href="https://redirect.github.com/Peternator7/strum/pull/443">Peternator7/strum#443</a></li> <li>Add <code>#[automatically_derived]</code> to the <code>impl</code>s by <a href="https://github.com/dandedotdev"><code>@dandedotdev</code></a> in <a href="https://redirect.github.com/Peternator7/strum/pull/444">Peternator7/strum#444</a></li> <li>Implement a <code>suffix</code> attribute for serialization of enum variants by <a href="https://github.com/amogh-dambal"><code>@amogh-dambal</code></a> in <a href="https://redirect.github.com/Peternator7/strum/pull/440">Peternator7/strum#440</a></li> <li>Expound upon use_phf docs by <a href="https://github.com/Peternator7"><code>@Peternator7</code></a> in <a href="https://redirect.github.com/Peternator7/strum/pull/449">Peternator7/strum#449</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/paolobarbolini"><code>@paolobarbolini</code></a> made their first contribution in <a href="https://redirect.github.com/Peternator7/strum/pull/446">Peternator7/strum#446</a></li> <li><a href="https://github.com/crop2000"><code>@crop2000</code></a> made their first contribution in <a href="https://redirect.github.com/Peternator7/strum/pull/435">Peternator7/strum#435</a></li> <li><a href="https://github.com/schneems"><code>@schneems</code></a> made their first contribution in <a href="https://redirect.github.com/Peternator7/strum/pull/427">Peternator7/strum#427</a></li> <li><a href="https://github.com/ClaytonKnittel"><code>@ClaytonKnittel</code></a> made their first contribution in <a href="https://redirect.github.com/Peternator7/strum/pull/443">Peternator7/strum#443</a></li> <li><a href="https://github.com/dandedotdev"><code>@dandedotdev</code></a> made their first contribution in <a href="https://redirect.github.com/Peternator7/strum/pull/444">Peternator7/strum#444</a></li> <li><a href="https://github.com/amogh-dambal"><code>@amogh-dambal</code></a> made their first contribution in <a href="https://redirect.github.com/Peternator7/strum/pull/440">Peternator7/strum#440</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Peternator7/strum/compare/v0.27.1...v0.27.2">https://github.com/Peternator7/strum/compare/v0.27.1...v0.27.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Peternator7/strum/blob/master/CHANGELOG.md">strum's changelog</a>.</em></p> <blockquote> <h2>0.27.2</h2> <ul> <li> <p><a href="https://redirect.github.com/Peternator7/strum/pull/141">#141</a>: Adding support for doc comments on <code>EnumDiscriminants</code> generated type.</p> <ul> <li>The doc comment will be copied from the variant on the type itself.</li> </ul> </li> <li> <p><a href="https://redirect.github.com/Peternator7/strum/pull/435">#435</a>:allow discriminants on empty enum.</p> </li> <li> <p><a href="https://redirect.github.com/Peternator7/strum/pull/443">#443</a>: Change enum table callbacks to FnMut.</p> </li> <li> <p><a href="https://redirect.github.com/Peternator7/strum/pull/444">#444</a>: Add <code>#[automatically_derived]</code> to the <code>impl</code>s by <a href="https://github.com/dandedotdev"><code>@dandedotdev</code></a> in <a href="https://redirect.github.com/Peternator7/strum/pull/444">Peternator7/strum#444</a></p> <ul> <li>This should make the linter less noisy with warnings in generated code.</li> </ul> </li> <li> <p><a href="https://redirect.github.com/Peternator7/strum/pull/440">#440</a>: Implement a <code>suffix</code> attribute for serialization of enum variants.</p> <pre lang="rust"><code>#[derive(strum::Display)] #[strum(suffix=".json")] #[strum(serialize_all="snake_case")] enum StorageConfiguration { PostgresProvider, S3StorageProvider, AzureStorageProvider, } <p>fn main() { let response = SurveyResponse::Other("It was good".into()); println!("Loading configuration from: {}", StorageConfiguration::PostgresProvider); // prints: Loaded Configuration from: postgres_provider.json } </code></pre></p> </li> <li> <p><a href="https://redirect.github.com/Peternator7/strum/pull/446">#446</a>: Drop needless <code>rustversion</code> dependency.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
46373d3020 |
build(deps): bump tokio-util from 0.7.15 to 0.7.16 in /rust (#10115)
Bumps [tokio-util](https://github.com/tokio-rs/tokio) from 0.7.15 to 0.7.16. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
56f5405849 |
chore(ci): increase perf test time to 30s (#10133)
Our ICE timeout is ~15s, so it would be a good idea to ensure the perf tests span a possible ICE timeout if it occurs in the test, so that we may detect cases where high throughput may cause an ICE timeout. |
||
|
Firezone Bot
|
3e529ed36c | chore: publish gateway 1.4.15 (#10134) | ||
|
Thomas Eizinger
|
0e32f1c4f2 |
fix(relay): increase nonce usage to 10000 (#10128)
On a Gateway with a busy connections, only being able to use a nonce 100 times causes unnecessary churn. We increase this to 10000 to be able to handle bursts of messages such as channel bindings better. |
||
|
Thomas Eizinger
|
96579483d8 |
fix(phoenix-channel): timeout room join after 5s (#10130)
If we fail to join a given room for longer than 5s, we fail the WebSocket connection and reconnect. |
||
|
Thomas Eizinger
|
d1cbf4f76d |
chore(snownet): fix relay sampling spam (#10127)
When we disconnect from a relay, we currently spam `Failed to sample new relay for connection` until we connect to a new one. |
||
|
Thomas Eizinger
|
08d900f3dc |
ci: remove duplicate log output (#10124)
These are already shown in prior steps. |
||
|
Thomas Eizinger
|
27de29fee7 |
test(connlib): downgrade error (#10123)
We can run into this when multiple DNS queries all need to be sent to the same Gateway and we don't have a connection yet. Hence, downgrade this error to a debug log. |
||
|
Thomas Eizinger
|
1222be8fc9 |
fix(snownet): de-multiplex packets based on WG session index (#10109)
Right now, `snownet` de-multiplexes WireGuard packets based on their source tuple (IP + port) to the _first_ connection that would like to handle this traffic. What appears to be happening based on observation from customer logs is that we sometimes dispatch the traffic to the wrong connection. The WireGuard packet format uses session indices to declare, which session a packet is for. The local session index is selected during the handshake for a particular session. By associating the different session indices (we can have up to 8 in parallel per peer) with our Firezone-specific connection ID, we can change our de-multiplexing scheme to uses these indices instead of the source tuple. This is especially important for Gateways as those talk to multiple different clients. The session index is a 32-bit integer where the top 24 bits identify the connection and the bottom 8 bits are used in a round-robin fashion to identify individual sessions within the connection. Thus, to find the correct connection, we right-shift the session index of an incoming packet to arrive back at the 24-bit connection identifier. In environments with a limited number of ports outside the NAT, a connection from a new Client may come from a source tuple of a previous Client. In such a case, we'd dispatch the packets to the wrong connection, causing the Client to not be able to handshake a tunnel. |
||
|
Thomas Eizinger
|
324edce754 |
feat(connlib): roll-over WireGuard session on connection upsert (#10102)
When a Client upserts a connection to a Gateway, we currently assume that the connection is still intact. After all, it hasn't hit an ICE timeout, otherwise the connection would not be present in memory. If however the Gateway restarted or somehow lost its connection state and the Client hasn't noticed yet, then the upsert will be an _insert_ for the Gateway and ICE will create a new connection for us. In order to ensure that the WireGuard tunnel state and ICE are synchronized at all times, we also need to handshake a new session. `boringtun` maintains up to 8 concurrent sessions for us. This allows for a smooth roll-over where packets encrypted with the keys from previous sessions can still be decrypted. Thus, we can easily roll-over the session on every connection upsert without any trouble. To ensure that this doesn't happen _very_ rapidly, we debounce these proactive session roll-overs to happen at most every 20s. This follows the idea of MADR-0017. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Firezone Bot
|
acf52ccf1e | chore: publish apple-client 1.5.6 (#10106) | ||
|
dependabot[bot]
|
eb31d71ffa |
build(deps): bump fast-xml-parser from 5.2.4 to 5.2.5 in /website (#10082)
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.2.4 to 5.2.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p><strong>5.2.5 / 2025-06-08</strong></p> <ul> <li>Inform user to use <a href="https://github.com/NaturalIntelligence/fxp-cli">fxp-cli</a> instead of in-built CLI feature</li> <li>Export typings for direct use</li> </ul> <p><strong>5.2.4 / 2025-06-06</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/747">#747</a>): fix EMPTY and ANY with ELEMENT in DOCTYPE</li> </ul> <p><strong>5.2.3 / 2025-05-11</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/747">#747</a>): support EMPTY and ANY with ELEMENT in DOCTYPE</li> </ul> <p><strong>5.2.2 / 2025-05-05</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/746">#746</a>): update strnum to fix parsing issues related to enotations</li> </ul> <p><strong>5.2.1 / 2025-04-22</strong></p> <ul> <li>fix: read DOCTYPE entity value correctly</li> <li>read DOCTYPE NOTATION, ELEMENT exp but not using read values</li> </ul> <p><strong>5.2.0 / 2025-04-03</strong></p> <ul> <li>feat: support metadata on nodes (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/593">#593</a>) (By <a href="https://github.com/srl295">Steven R. Loomis</a>)</li> </ul> <p><strong>5.1.0 / 2025-04-02</strong></p> <ul> <li>feat: declare package as side-effect free (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/738">#738</a>) (By <a href="https://github.com/tbouffard">Thomas Bouffard</a>)</li> <li>fix cjs build mode</li> <li>fix builder return type to string</li> <li></li> </ul> <p><strong>5.0.9 / 2025-03-14</strong></p> <ul> <li>fix: support numeric entities with values over 0xFFFF (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/726">#726</a>) (By <a href="https://github.com/mcdurdin">Marc Durdin</a>)</li> <li>fix: update strnum to fix parsing 0 if skiplike option is used</li> </ul> <p><strong>5.0.8 / 2025-02-27</strong></p> <ul> <li>fix parsing 0 if skiplike option is used. <ul> <li>updating strnum dependency</li> </ul> </li> </ul> <p><strong>5.0.7 / 2025-02-25</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/724">#724</a>) typings for cjs.</li> </ul> <p><strong>5.0.6 / 2025-02-20</strong></p> <ul> <li>fix cli output (By <a href="https://github.com/angeld7">Angel Delgado</a>) <ul> <li>remove multiple JSON parsing</li> </ul> </li> </ul> <p><strong>5.0.5 / 2025-02-20</strong></p> <ul> <li>fix parsing of string starting with 'e' or 'E' by updating strnum</li> </ul> <p><strong>5.0.4 / 2025-02-20</strong></p> <ul> <li>fix CLI to support all the versions of node js when displaying library version.</li> <li>fix CJS import in v5</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
ea6f1ce145 |
chore(telemetry): allow to dynamically change the log filter (#10065)
In addition to sending true/false for a feature-flag, PostHog also allows us to send a payload with them. We can use this to carry the log-filter we'd like to stream logs for. With this, we can dynamically change which logs we are getting forwarded to Sentry. Unfortunately, this cannot be done on a per-user basis, meaning we will always have the same log filter for all users where the feature-flag is enabled. |
||
|
Thomas Eizinger
|
cd177a6448 |
fix(gateway): don't remove peer state on disconnect (#10040)
When the connection to a Client disappears, the Gateway currently clears all state related to this peer. Whilst eagerly cleaning up memory can be good, in this case, it may lead to the Client thinking it has access to a resource when in reality it doesn't. Just because the connection to a Client failed doesn't mean their access authorizations are invalid. In case the Client reconnects, it should be able to just continue sending traffic. At the moment, this only works if the connection also failed on the Client and therefore, its view of the world in regards to "which resources do I have access to" was also reset. What we are seeing in Sentry reports though is that Clients are attempting to access these resources, thinking they have access but the Gateway denies it because it has lost the access authorization state. |
||
|
Thomas Eizinger
|
a4eb6509c6 |
chore(snownet): fix buffering log message (#10060)
What we are actually buffering here are unencrypted IP packets that are waiting for the tunnel to be established. |
||
|
dependabot[bot]
|
269286ab1b |
build(deps): bump framer-motion from 12.20.2 to 12.23.12 in /website (#10078)
Bumps [framer-motion](https://github.com/motiondivision/motion) from 12.20.2 to 12.23.12. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[12.23.12] 2025-07-29</h2> <h3>Added</h3> <ul> <li>Exporting internal APIs for use in view animations.</li> </ul> <h2>[12.23.11] 2025-07-28</h2> <h3>Added</h3> <ul> <li>Children of variants with <code>delayChildren: stagger()</code> will now be staggered correctly alongside their newly-entering siblings.</li> </ul> <h2>[12.23.10] 2025-07-28</h2> <h3>Fixed</h3> <ul> <li>Fixed shared layout animation in situations where no <code>motion</code> components have re-rendered between shared element switching.</li> </ul> <h2>[12.23.9] 2025-07-24</h2> <h3>Changed</h3> <ul> <li>Removing redundant <code>renderRequest</code> <code>MotionValue</code> lifecycle.</li> </ul> <h2>[12.23.8] 2025-07-24</h2> <h3>Fixed</h3> <ul> <li>Ensuring that when an animation is skipped via <code>duration = 0</code> that we also set <code>type = "keyframes"</code> so that <code>duration</code> takes effect.</li> </ul> <h2>[12.23.7] 2025-07-23</h2> <h3>Fixed</h3> <ul> <li><code>springValue</code> cleanup.</li> <li>Removed additional <code>removeNode</code> from <code>AnimatePresence</code> when using <code>popLayout</code>.</li> </ul> <h2>[12.23.6] 2025-07-11</h2> <h3>Changed</h3> <ul> <li>Added explainer for reduced motion warning.</li> <li>Refactored <code>motion</code> component creation to remove indirection.</li> </ul> <h2>[12.23.5] 2025-07-11</h2> <h3>Fixed</h3> <ul> <li>Fix animation timings within dynamically-generated popups.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4e40afb959 |
build(deps): bump hackney from 1.24.1 to 1.25.0 in /elixir (#10083)
Bumps [hackney](https://github.com/benoitc/hackney) from 1.24.1 to 1.25.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/benoitc/hackney/releases">hackney's releases</a>.</em></p> <blockquote> <h2>1.25.0 - 2025-07-24</h2> <p><strong>IMPORTANT CHANGE</strong></p> <ul> <li> <p>change: <code>insecure_basic_auth</code> now defaults to <code>true</code> instead of <code>false</code></p> <p>This restores backward compatibility with pre-1.24.0 behavior where basic auth was allowed over HTTP connections. If you need strict HTTPS-only basic auth:</p> <ul> <li>Set globally: <code>application:set_env(hackney, insecure_basic_auth, false)</code></li> <li>Or per-request: <code>{insecure_basic_auth, false}</code> in options</li> </ul> </li> </ul> <p>Hex.pm : <a href="https://hex.pm/packages/hackney/1.25.0">https://hex.pm/packages/hackney/1.25.0</a> Doc: <a href="https://hexdocs.pm/hackney/readme.html">https://hexdocs.pm/hackney/readme.html</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/benoitc/hackney/blob/master/NEWS.md">hackney's changelog</a>.</em></p> <blockquote> <h2>1.25.0 - 2025-07-24</h2> <p>** IMPORTANT CHANGE **</p> <ul> <li> <p>change: <code>insecure_basic_auth</code> now defaults to <code>true</code> instead of <code>false</code></p> <p>This restores backward compatibility with pre-1.24.0 behavior where basic auth was allowed over HTTP connections. If you need strict HTTPS-only basic auth:</p> <ul> <li>Set globally: <code>application:set_env(hackney, insecure_basic_auth, false)</code></li> <li>Or per-request: <code>{insecure_basic_auth, false}</code> in options</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b3d005536b |
build(deps): bump the navigation group in /kotlin/android with 4 updates (#10095)
Bumps the navigation group in /kotlin/android with 4 updates: androidx.navigation:navigation-safe-args-gradle-plugin, androidx.navigation:navigation-fragment-ktx, androidx.navigation:navigation-ui-ktx and androidx.navigation:navigation-testing. Updates `androidx.navigation:navigation-safe-args-gradle-plugin` from 2.9.2 to 2.9.3 Updates `androidx.navigation:navigation-fragment-ktx` from 2.9.2 to 2.9.3 Updates `androidx.navigation:navigation-ui-ktx` from 2.9.2 to 2.9.3 Updates `androidx.navigation:navigation-testing` from 2.9.2 to 2.9.3 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
0738427f08 |
build(deps): bump logger_json from 7.0.3 to 7.0.4 in /elixir (#10084)
Bumps [logger_json](https://github.com/Nebo15/logger_json) from 7.0.3 to 7.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Nebo15/logger_json/releases">logger_json's releases</a>.</em></p> <blockquote> <h2>7.0.4</h2> <h2>What's Changed</h2> <ul> <li>Add indentation to the code snippet for docs by <a href="https://github.com/RudolfMan"><code>@RudolfMan</code></a> in <a href="https://redirect.github.com/Nebo15/logger_json/pull/160">Nebo15/logger_json#160</a></li> <li>Google Cloud: Handle non-binary values in <code>format_affected_user/1</code> by <a href="https://github.com/raulpe7eira"><code>@raulpe7eira</code></a> in <a href="https://redirect.github.com/Nebo15/logger_json/pull/161">Nebo15/logger_json#161</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Nebo15/logger_json/compare/7.0.3...7.0.4">https://github.com/Nebo15/logger_json/compare/7.0.3...7.0.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c02986299e |
build(deps): bump postgrex from 0.20.0 to 0.21.0 in /elixir (#10085)
Bumps [postgrex](https://github.com/elixir-ecto/postgrex) from 0.20.0 to 0.21.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elixir-ecto/postgrex/blob/master/CHANGELOG.md">postgrex's changelog</a>.</em></p> <blockquote> <h2>v0.21.0 (2025-07-31)</h2> <p>This release requires Erlang/OTP 25+</p> <ul> <li> <p>Enhancements</p> <ul> <li>Add query timeout option on ReplicationConnection</li> </ul> </li> <li> <p>Bug fixes</p> <ul> <li>PGHOST option does not override explicitly given endpoint configuration</li> <li>Add ltxtquery support</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/elixir-ecto/postgrex/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
60b6c40da2 |
build(deps): bump next from 15.3.3 to 15.4.5 in /website (#10079)
Bumps [next](https://github.com/vercel/next.js) from 15.3.3 to 15.4.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.4.5</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Fix API stripping JSON incorrectly (<a href="https://redirect.github.com/vercel/next.js/issues/82062">#82062</a>)</li> <li>Fix i18n fallback: false collision (<a href="https://redirect.github.com/vercel/next.js/issues/82158">#82158</a>)</li> <li>Revert "Fix tracing of server actions imported by client components (<a href="https://redirect.github.com/vercel/next.js/issues/82167">#82167</a>)</li> <li>Ensure setAssetPrefix updates config instance (<a href="https://redirect.github.com/vercel/next.js/issues/82165">#82165</a>)</li> <li>Turbopack: update mimalloc (<a href="https://redirect.github.com/vercel/next.js/issues/82166">#82166</a>)</li> <li>fix(next/image): fix image-optimizer.ts headers (<a href="https://redirect.github.com/vercel/next.js/issues/82175">#82175</a>)</li> <li>fix(next/image): improve and simplify detect-content-type (<a href="https://redirect.github.com/vercel/next.js/issues/82174">#82174</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/ijjk"><code>@ijjk</code></a>, <a href="https://github.com/sokra"><code>@sokra</code></a>, and <a href="https://github.com/styfle"><code>@styfle</code></a> for helping!</p> <h2>v15.4.4</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Fix dynamicParams false layout case in dev (<a href="https://redirect.github.com/vercel/next.js/issues/82026">#82026</a>)</li> <li>Turbopack: fix scope hoisting variable renaming bug (<a href="https://redirect.github.com/vercel/next.js/issues/81640">#81640</a>)</li> <li>Upgrade to swc v33 (<a href="https://redirect.github.com/vercel/next.js/issues/81750">#81750</a>)</li> <li>Revert "[metadata] use https protocol for schema urls" (<a href="https://redirect.github.com/vercel/next.js/issues/81934">#81934</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgw"><code>@bgw</code></a> <a href="https://github.com/mischnic"><code>@mischnic</code></a> <a href="https://github.com/huozhi"><code>@huozhi</code></a> <a href="https://github.com/lukesandberg"><code>@lukesandberg</code></a> and <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> <h2>v15.4.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Turbopack: fix dist dir on Windows (<a href="https://redirect.github.com/vercel/next.js/issues/81758">#81758</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v15.4.2</h2> <blockquote> <p>[!NOTE]</p> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |