Bumps [zbus](https://github.com/dbus2/zbus) from 5.8.0 to 5.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dbus2/zbus/releases">zbus's
releases</a>.</em></p>
<blockquote>
<h2>🔖 zbus 5.9.0</h2>
<ul>
<li>🧵 Remove deadlocks in Connection name request tasks, resulting in
leaks under certain
circumstances.</li>
<li>🐛 When registering names, allow name replacement by default.</li>
<li>✨ Allow setting request name flags in
<code>connection::Builder</code>.</li>
<li>✨ Proper Default impl for <code>RequestNameFlags</code>. This change
is theoretically an API break for
users who assumed the default value to be empty.</li>
<li>🧑💻 Add <code>fdo::StartServiceReply</code> type. In 6.0 this will be
the return type of
<code>fdo::DBusProxy::start_service_by_name</code>. For now, just
provide a <code>TryFrom<u32></code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="30487b8fdb"><code>30487b8</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1434">#1434</a> from
zeenix/zb-release</li>
<li><a
href="4b7928d2f8"><code>4b7928d</code></a>
🔖 zb,zm: Release 5.9.0</li>
<li><a
href="d570c947ea"><code>d570c94</code></a>
📝 CONTRIBUTING: Link to gimoji's web interface</li>
<li><a
href="0bf6e14b54"><code>0bf6e14</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1431">#1431</a> from
zeenix/name-request-defaults</li>
<li><a
href="ba2a40752d"><code>ba2a407</code></a>
🧵 zb: Remove deadlocks in Connection name request tasks</li>
<li><a
href="3d35496021"><code>3d35496</code></a>
🐛 zb: Allow name replacement by default</li>
<li><a
href="0ad37f317a"><code>0ad37f3</code></a>
📝 zb: Remove a bunch of unnecessary links</li>
<li><a
href="493a9943d6"><code>493a994</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1429">#1429</a> from
valpackett/val/knrmmkqzrvyp</li>
<li><a
href="f2fb16fd18"><code>f2fb16f</code></a>
🧑💻 zb: add fdo::dbus::StartServiceReply type</li>
<li><a
href="f93584de1f"><code>f93584d</code></a>
⬆️ micro: Update winnow to v0.7.12 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1428">#1428</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/dbus2/zbus/compare/zbus-5.8.0...zbus-5.9.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.140 to
1.0.141.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/json/releases">serde_json's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.141</h2>
<ul>
<li>Optimize string escaping during serialization (<a
href="https://redirect.github.com/serde-rs/json/issues/1273">#1273</a>,
thanks <a
href="https://github.com/conradludgate"><code>@conradludgate</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6843c3660e"><code>6843c36</code></a>
Release 1.0.141</li>
<li><a
href="6e2c21063a"><code>6e2c210</code></a>
Touch up PR 1273</li>
<li><a
href="623d9b47cf"><code>623d9b4</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1273">#1273</a>
from conradludgate/optimise-string-escaping</li>
<li><a
href="de70b7db1f"><code>de70b7d</code></a>
use unreachable_unchecked for escape table. use a second match to
roundtrip E...</li>
<li><a
href="f2d940dd54"><code>f2d940d</code></a>
replace start index with bytes slice reference</li>
<li><a
href="cd55b5a0ff"><code>cd55b5a</code></a>
Ignore mismatched_lifetime_syntaxes lint</li>
<li><a
href="c1826ebccc"><code>c1826eb</code></a>
Pin nightly toolchain used for miri job</li>
<li><a
href="8a56cfa6d0"><code>8a56cfa</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1248">#1248</a>
from jimmycathy/master</li>
<li><a
href="af3d80de56"><code>af3d80d</code></a>
chore: fix typo</li>
<li>See full diff in <a
href="https://github.com/serde-rs/json/compare/v1.0.140...v1.0.141">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
From Sentry reports and user-submitted logs, we know that it is possible
for Client and Gateway to de-sync in regards to what each other's public
key is. In such a scenario, ICE will succeed to make a connection but
`boringtun` will fail to handshake a tunnel. By default, `boringtun`
tries for 90s to handshake a session before it gives up and expires it.
In Firezone, the ICE agent takes care of establishing connectivity
whereas `boringtun` itself just encrypts and decrypts packets. As such,
if ICE is working, we know that packets aren't getting lost but instead,
there must be some other issue as to why we cannot establish a session.
To improve the UX in these error cases, we reduce the rekey-attempt-time
to 15s. This roughly matches our ICE timeout. Those 15s count from the
moment we send the first handshake which is just after ICE completes.
Thus we can be sure that after at most 15s, we either have a working
WireGuard session or the connection gets cleaned up.
Related: #9890
Related: #9850
Bumps [rustls](https://github.com/rustls/rustls) from 0.23.28 to
0.23.29.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4e0b5fed17"><code>4e0b5fe</code></a>
Bump version to 0.23.29</li>
<li><a
href="b8540790dc"><code>b854079</code></a>
Propagate context for webpki signature algorithm errors</li>
<li><a
href="c84675e34b"><code>c84675e</code></a>
key_schedule: minimise lifetime of resumption secret</li>
<li><a
href="788b0df122"><code>788b0df</code></a>
key_schedule: erase master secret in traffic state</li>
<li><a
href="d2c64f0416"><code>d2c64f0</code></a>
key_schedule: separate ops not using current secret</li>
<li><a
href="e5998cd100"><code>e5998cd</code></a>
key_schedule: add state for derivations before finish</li>
<li><a
href="9620bec130"><code>9620bec</code></a>
tls13::key_schedule: move <code>KeySchedule</code> struct down</li>
<li><a
href="373ad888e2"><code>373ad88</code></a>
tls13::key_schedule: move <code>SecretKind</code> down</li>
<li><a
href="efa2066469"><code>efa2066</code></a>
Improve compactness of Debug impl for extensions</li>
<li><a
href="a5433a154b"><code>a5433a1</code></a>
Correct calculation of ServerHello ECH confirmation</li>
<li>Additional commits viewable in <a
href="https://github.com/rustls/rustls/compare/v/0.23.28...v/0.23.29">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.40 to 4.5.41.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's
changelog</a>.</em></p>
<blockquote>
<h2>[4.5.41] - 2025-07-09</h2>
<h3>Features</h3>
<ul>
<li>Add <code>Styles::context</code> and
<code>Styles::context_value</code> to customize the styling of
<code>[default: value]</code> like notes in the <code>--help</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="92fcd83b76"><code>92fcd83</code></a>
chore: Release</li>
<li><a
href="aca91b99c1"><code>aca91b9</code></a>
docs: Update changelog</li>
<li><a
href="8434510cee"><code>8434510</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5869">#5869</a>
from tw4452852/patch-1</li>
<li><a
href="33b1fc304e"><code>33b1fc3</code></a>
fix(complete): Fix env leakage in elvish dynamic completion</li>
<li><a
href="e5f1f4884c"><code>e5f1f48</code></a>
chore: Release</li>
<li><a
href="9466a552fb"><code>9466a55</code></a>
docs: Update changelog</li>
<li><a
href="d74b793512"><code>d74b793</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5865">#5865</a>
from gifnksm/nushell-completion-value-types</li>
<li><a
href="ecbc775d3b"><code>ecbc775</code></a>
fix(nu): Set argument type based on <code>ValueHint</code></li>
<li><a
href="6784054536"><code>6784054</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5857">#5857</a>
from epage/empty</li>
<li><a
href="cca5f32b3a"><code>cca5f32</code></a>
test(complete): Show empty option-value behavior</li>
<li>Additional commits viewable in <a
href="https://github.com/clap-rs/clap/compare/clap_complete-v4.5.40...clap_complete-v4.5.41">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [zbus](https://github.com/dbus2/zbus) from 5.7.1 to 5.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dbus2/zbus/releases">zbus's
releases</a>.</em></p>
<blockquote>
<h2>🔖 zbus 5.8.0</h2>
<ul>
<li>✨ <code>interface</code> macro now supports write-only
properties.</li>
<li>✨ Copy attributes over to <code>receive_*_changed</code> and
<code>cached_*</code> methods in <code>proxy</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7d8e935927"><code>7d8e935</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1425">#1425</a> from
zeenix/zb-release</li>
<li><a
href="da0ca55c28"><code>da0ca55</code></a>
🔖 zb,zm: Release 5.8.0</li>
<li><a
href="be41117c4b"><code>be41117</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1424">#1424</a> from
zeenix/zv-release</li>
<li><a
href="dda4f376e4"><code>dda4f37</code></a>
🔖 zv,zd: Release 5.6.0</li>
<li><a
href="747c64505c"><code>747c645</code></a>
⬆️ micro: Update blocking to v1.6.2 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1423">#1423</a>)</li>
<li><a
href="d01e893a8b"><code>d01e893</code></a>
⬆️ micro: Update tokio to v1.46.1 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1422">#1422</a>)</li>
<li><a
href="8250c5357e"><code>8250c53</code></a>
⬆️ micro: Update libfuzzer-sys to v0.4.10 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1421">#1421</a>)</li>
<li><a
href="7ab8fa67ee"><code>7ab8fa6</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1420">#1420</a> from
dbus2/renovate/tokio-1.x-lockfile</li>
<li><a
href="36fde484aa"><code>36fde48</code></a>
⬆️ Update tokio to v1.46.0</li>
<li><a
href="f9870cde4a"><code>f9870cd</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1419">#1419</a> from
zeenix/fix-zv-regression</li>
<li>Additional commits viewable in <a
href="https://github.com/dbus2/zbus/compare/zbus-5.7.1...zbus-5.8.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
As per the WireGuard paper, `boringtun` tries to handshake with the
remote peer for 90s before it gives up. This timeout is important
because when a session is discarded due to e.g. missing replies,
WireGuard attempts to handshake a new session. Without this timeout, we
would then try to handshake a session forever.
Unfortunately, `boringtun` does not distinguish a missing handshake
response from a bad one. Decryption errors whilst decoding a handshake
response are simply passed up to the upper layer, in our case `snownet`.
I am not sure how we can actually fail to decrypt a handshake but the
pattern we are seeing in customer logs is that this happens over and
over again, so there is no point in having `boringtun` retry the
handshake. Therefore, we immediately fail the connection when this
happens.
Failed connections are immediately removed, triggering the client send a
new connection-intent to the portal. Such a new connection intent will
then sync-up the state between Client and Gateway so both of them use
the most recent public key.
Resolves: #9845
As a first step in preparation for sending OTEL metrics from Clients and
Gateways to a cloud-hosted OTEL collector, we extend the CLI of the
Gateway with configuration options to provide a gRPC endpoint to an OTEL
collector.
If `FIREZONE_METRICS` is set to `otel-collector` and an endpoint is
configured via `OTLP_GRPC_ENDPOINT`, we will report our metrics to that
collector.
The future plan for extending this is such that if `FIREZONE_METRICS` is
set to `otel-collector` (which will likely be the default) and no
`OTLP_GRPC_ENDPOINT` is set, then we will use our own, hosted OTEL
collector and report metrics IF the `export-metrics` feature-flag is set
to `true`.
This is a similar integration as we have done it with streaming logs to
Sentry. We can therefore enable it on a similar granularity as we do
with the logs and e.g. only enable it for the `firezone` account to
start with.
In meantime, customers can already make use of those metrics if they'd
like by using the current integration.
Resolves: #1550
Related: #7419
---------
Co-authored-by: Antoine Labarussias <antoinelabarussias@gmail.com>
The latest version of str0m includes a fix that would result in an
immediate ICE timeout if a remote candidate was added prior to a local
candidate. We mitigated this in #9793 to make Firezone overall more
resilient towards sudden changes in the ICE connection state.
As a defense-in-depth measure, we also fixed this issue in str0m by not
transitioning to `Disconnected` if haven't even formed an candidate
pairs yet.
Diff:
2153bf0385...3d6e3d2f27
I am no longer able to compile `jemalloc` on my system in a debug build.
It fails with the following error:
```
src/malloc_io.c: In function ‘buferror’:
src/malloc_io.c:107:16: error: returning ‘char *’ from a function with return type ‘int’ makes integer from pointer without a cast [-Wint-conversion]
107 | return strerror_r(err, buf, buflen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
This appears to be a problem with modern versions of clang/gcc. I
believe this started happening when I recently upgraded my system. The
upstream [`jemalloc`](https://github.com/jemalloc/jemalloc) repository
is now archived and thus unmaintained. I am not sure if we ever measured
a significant benefit in using `jemalloc`.
Related: https://github.com/servo/servo/issues/31059
With this patch, we sample a list of DNS resources on each test run and
create a "TCP service" for each of their addresses. Using this list of
resources, we then change the `SendTcpPayload` transition to
`ConnectTcp` and establish TCP connections using `smoltcp` to these
services.
For now, we don't send any data on these connections but we do set the
keep-alive interval to 5s, meaning `smoltcp` itself will keep these
connections alive. We also set the timeout to 30s and after each
transition in a test-run, we assert that all TCP sockets are still in
their expected state:
- `ESTABLISHED` for most of them.
- `CLOSED` for all sockets where we ended up sampling an IPv4 address
but the DNS resource only supports IPv6 addresses (or vice-versa). In
these cases, we use the ICMP error to sent by the Gateway to assert that
the socket is `CLOSED`. Unfortunately, `smoltcp` currently does not
handle ICMP messages for its sockets, so we have to call `abort`
ourselves.
Overall, this should assert that regardless of whether we roam networks,
switch relays or do other kind of stuff with the underlying connection,
the tunneled TCP connection stays alive.
In order to make this work, I had to tweak the timeouts when we are
on-demand refreshing allocations. This only happens in one particular
case: When we are being given new relays by the portal, we refresh all
_other_ relays to make sure they are still present. In other words, all
relays that we didn't remove and didn't just add but still had in-memory
are refreshed. This is important for cases where we are
network-partitioned from the portal whilst relays are deployed or reset
their state otherwise. Instead of the previous 8s max elapsed time of
the exponential backoff like we have it for other requests, we now only
use a single message with a 1s timeout there. With the increased ICE
timeout of 15s, a TCP connection with a 30s timeout would otherwise not
survive such an event. This is because it takes the above mentioned 8s
for us to remove a non-functioning relay, all whilst trying to establish
a new connection (which also incurs its own ICE timeout then).
With the reduced timeout on the on-demand refresh of 1s, we detect the
disappeared relay much quicker and can immediately establish a new
connection via one of the new ones. As always with reduced timeouts,
this can create false-positives if the relay doesn't reply within 1s for
some reason.
Resolves: #9531
Socket APIs across operating systems vary in how they handle
back-pressure. In most cases, a non-blocking socket should return
`EWOULDBLOCK` when it cannot send a given datagram and would have to
block to wait for resources to free up.
It appears that macOS doesn't always behave like that. In particular, we
are seeing error logs from a few users where sending a datagram fails
with
> No buffer space available (os error 55)
Digging through `libc`, I've found that this error is known as `ENOBUFS`
[0].
There are reports on the Apple developer forum [1] that recommend
retrying when this error happens. It is however unclear as to whether it
is entirely safe to map this error to `EWOULDBLOCK`. Other non-blocking
event-loop implementations [2] appear to do that but we don't know
whether it is fully correct.
At present, Firezone's behaviour here is to drop the packet. This means
the host networking stack has to fall-back to running into a timeout and
re-send the packet. This very likely negatively impacts the UX for the
users hitting this.
In order to validate this assumption, we implement a feature-flag. This
allows us to ship this code but switch back to the old behaviour, should
it negatively impact how Firezone behaves. In particular, if the
assumption that mapping `ENOBUFS` to `EWOULDBLOCK` is safe turns out
wrong and `kqueue` does in fact not signal readiness when more buffers
are available, then we may have missing wake-ups which would lead a
further delay in datagrams being sent.
[0]:
8e6f36c6ba/src/unix/bsd/apple/mod.rs (L2998)
[1]: https://developer.apple.com/forums/thread/42334
[2]:
aac866f399/src/unix/stream.c (L820)
Bumps [tslink](https://github.com/icsmw/tslink) from 0.3.0 to 0.4.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/icsmw/tslink/blob/master/changelog.md">tslink's
changelog</a>.</em></p>
<blockquote>
<h1>0.4.2 (08.06.2025)</h1>
<h2>Changes</h2>
<ul>
<li>Migrate settings to <code>package.metadata.tslink</code></li>
</ul>
<h1>0.4.1 (08.06.2025)</h1>
<h2>Changes</h2>
<ul>
<li>Add support arrays in the context of <code>const</code></li>
</ul>
<h1>0.4.0 (08.06.2025)</h1>
<h2>Features</h2>
<ul>
<li>Add support of <code>const</code> for primitive types</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/icsmw/tslink/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Certain UNIX systems such as macOS also use the EHOSTDOWN error to
signal that a packet cannot be sent to a certain IP. There is nothing we
can do about this error so we downgrade it from a WARN to a DEBUG like
we do for other kinds of "unreachable" errors.
Instead of conditionally enabling the `logs` feature in the Sentry
client, we always enable it and control via the `tracing` integration,
which events should get forwarded to Sentry. The feature-flag check
accesses only shared-memory and is therefore really fast.
We already re-evaluate feature flags on a timer which means this boolean
will flip over automatically and logs will be streamed to Sentry.
Bumps the tauri group in /rust with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [tauri-plugin-dialog](https://github.com/tauri-apps/plugins-workspace)
| `2.2.2` | `2.3.0` |
|
[tauri-plugin-notification](https://github.com/tauri-apps/plugins-workspace)
| `2.2.2` | `2.3.0` |
| [tauri-plugin-opener](https://github.com/tauri-apps/plugins-workspace)
| `2.2.7` | `2.4.0` |
| [tauri-plugin-shell](https://github.com/tauri-apps/plugins-workspace)
| `2.2.1` | `2.3.0` |
| [tauri-runtime](https://github.com/tauri-apps/tauri) | `2.6.0` |
`2.7.0` |
| [tauri-utils](https://github.com/tauri-apps/tauri) | `2.4.0` | `2.5.0`
|
Updates `tauri-plugin-dialog` from 2.2.2 to 2.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-dialog's
releases</a>.</em></p>
<blockquote>
<h2>opener-js v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run "npm pkg fix" to
address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an
object
npm warn publish "repository.url" was normalized to
"git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦 @tauri-apps/plugin-opener@2.3.0
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 4.3kB README.md
npm notice 2.8kB dist-js/index.cjs
npm notice 1.8kB dist-js/index.d.ts
npm notice 2.7kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 729B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-opener
npm notice version: 2.3.0
npm notice filename: tauri-apps-plugin-opener-2.3.0.tgz
npm notice package size: 3.4 kB
npm notice unpacked size: 13.2 kB
npm notice shasum: ea883f48daffd22873bbc40cc81b266df6f6a6cd
npm notice integrity: sha512-yAbauwp8BCHIh[...]otjYnnbUVmYrw==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=240371238
+ @tauri-apps/plugin-opener@2.3.0
</code></pre>
<!-- raw HTML omitted -->
<h2>opener v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code></tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adc23d6c4f"><code>adc23d6</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2808">#2808</a>)</li>
<li><a
href="fc573b35a7"><code>fc573b3</code></a>
chore(deps): update rust crate tokio-tungstenite to 0.27 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2768">#2768</a>)</li>
<li><a
href="901ddfb73d"><code>901ddfb</code></a>
ci: enable create-pull-request sign commits (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2809">#2809</a>)</li>
<li><a
href="f209b2f23c"><code>f209b2f</code></a>
chore(deps): update tauri monorepo to v2.6.0 (v2) (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2804">#2804</a>)</li>
<li><a
href="19ed1bd3cc"><code>19ed1bd</code></a>
chore(deps): update dependency prettier to v3.6.1 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2806">#2806</a>)</li>
<li><a
href="5779099688"><code>5779099</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2780">#2780</a>)</li>
<li><a
href="2aec8ff4c4"><code>2aec8ff</code></a>
feat(opener): add <code>inAppBrowser</code> option for iOS and Android
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2803">#2803</a>)</li>
<li><a
href="9799f0dbab"><code>9799f0d</code></a>
fix(log): iOS simulator freezing due to early logging (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2802">#2802</a>)</li>
<li><a
href="8cdaacdc6e"><code>8cdaacd</code></a>
chore(examples): update API example mobile projects</li>
<li><a
href="d46778e80b"><code>d46778e</code></a>
chore(deps): update dependency typescript-eslint to v8.35.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2794">#2794</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/os-v2.2.2...os-v2.3.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-plugin-notification` from 2.2.2 to 2.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-notification's
releases</a>.</em></p>
<blockquote>
<h2>opener-js v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run "npm pkg fix" to
address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an
object
npm warn publish "repository.url" was normalized to
"git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦 @tauri-apps/plugin-opener@2.3.0
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 4.3kB README.md
npm notice 2.8kB dist-js/index.cjs
npm notice 1.8kB dist-js/index.d.ts
npm notice 2.7kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 729B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-opener
npm notice version: 2.3.0
npm notice filename: tauri-apps-plugin-opener-2.3.0.tgz
npm notice package size: 3.4 kB
npm notice unpacked size: 13.2 kB
npm notice shasum: ea883f48daffd22873bbc40cc81b266df6f6a6cd
npm notice integrity: sha512-yAbauwp8BCHIh[...]otjYnnbUVmYrw==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=240371238
+ @tauri-apps/plugin-opener@2.3.0
</code></pre>
<!-- raw HTML omitted -->
<h2>opener v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code></tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adc23d6c4f"><code>adc23d6</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2808">#2808</a>)</li>
<li><a
href="fc573b35a7"><code>fc573b3</code></a>
chore(deps): update rust crate tokio-tungstenite to 0.27 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2768">#2768</a>)</li>
<li><a
href="901ddfb73d"><code>901ddfb</code></a>
ci: enable create-pull-request sign commits (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2809">#2809</a>)</li>
<li><a
href="f209b2f23c"><code>f209b2f</code></a>
chore(deps): update tauri monorepo to v2.6.0 (v2) (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2804">#2804</a>)</li>
<li><a
href="19ed1bd3cc"><code>19ed1bd</code></a>
chore(deps): update dependency prettier to v3.6.1 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2806">#2806</a>)</li>
<li><a
href="5779099688"><code>5779099</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2780">#2780</a>)</li>
<li><a
href="2aec8ff4c4"><code>2aec8ff</code></a>
feat(opener): add <code>inAppBrowser</code> option for iOS and Android
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2803">#2803</a>)</li>
<li><a
href="9799f0dbab"><code>9799f0d</code></a>
fix(log): iOS simulator freezing due to early logging (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2802">#2802</a>)</li>
<li><a
href="8cdaacdc6e"><code>8cdaacd</code></a>
chore(examples): update API example mobile projects</li>
<li><a
href="d46778e80b"><code>d46778e</code></a>
chore(deps): update dependency typescript-eslint to v8.35.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2794">#2794</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/os-v2.2.2...os-v2.3.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-plugin-opener` from 2.2.7 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-opener's
releases</a>.</em></p>
<blockquote>
<h2>cli-js v2.4.0</h2>
<h2>[2.4.0]</h2>
<ul>
<li><a
href="f209b2f23c"><code>f209b2f2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2804">#2804</a>
by <a
href="https://github.com/tauri-apps/plugins-workspace/../../renovate"><code>@renovate</code></a>)
Updated tauri to 2.6</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run "npm pkg fix" to
address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an
object
npm warn publish "repository.url" was normalized to
"git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦 @tauri-apps/plugin-cli@2.4.0
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 3.4kB README.md
npm notice 1.1kB dist-js/index.cjs
npm notice 1.3kB dist-js/index.d.ts
npm notice 1.0kB dist-js/index.js
npm notice 653B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-cli
npm notice version: 2.4.0
npm notice filename: tauri-apps-plugin-cli-2.4.0.tgz
npm notice package size: 2.9 kB
npm notice unpacked size: 8.4 kB
npm notice shasum: 8d6eacb113a377bb690a36676c63c7b426212f46
npm notice integrity: sha512-3AUUaaqj3Pkac[...]WBNAL4I4iIZRg==
npm notice total files: 6
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=249977649
+ @tauri-apps/plugin-cli@2.4.0
</code></pre>
<!-- raw HTML omitted -->
<h2>cli v2.4.0</h2>
<h2>[2.4.0]</h2>
<ul>
<li><a
href="f209b2f23c"><code>f209b2f2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2804">#2804</a>
by <a
href="https://github.com/tauri-apps/plugins-workspace/../../renovate"><code>@renovate</code></a>)
Updated tauri to 2.6</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>Updating crates.io index
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adc23d6c4f"><code>adc23d6</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2808">#2808</a>)</li>
<li><a
href="fc573b35a7"><code>fc573b3</code></a>
chore(deps): update rust crate tokio-tungstenite to 0.27 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2768">#2768</a>)</li>
<li><a
href="901ddfb73d"><code>901ddfb</code></a>
ci: enable create-pull-request sign commits (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2809">#2809</a>)</li>
<li><a
href="f209b2f23c"><code>f209b2f</code></a>
chore(deps): update tauri monorepo to v2.6.0 (v2) (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2804">#2804</a>)</li>
<li><a
href="19ed1bd3cc"><code>19ed1bd</code></a>
chore(deps): update dependency prettier to v3.6.1 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2806">#2806</a>)</li>
<li><a
href="5779099688"><code>5779099</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2780">#2780</a>)</li>
<li><a
href="2aec8ff4c4"><code>2aec8ff</code></a>
feat(opener): add <code>inAppBrowser</code> option for iOS and Android
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2803">#2803</a>)</li>
<li><a
href="9799f0dbab"><code>9799f0d</code></a>
fix(log): iOS simulator freezing due to early logging (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2802">#2802</a>)</li>
<li><a
href="8cdaacdc6e"><code>8cdaacd</code></a>
chore(examples): update API example mobile projects</li>
<li><a
href="d46778e80b"><code>d46778e</code></a>
chore(deps): update dependency typescript-eslint to v8.35.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2794">#2794</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/opener-v2.2.7...fs-v2.4.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-plugin-shell` from 2.2.1 to 2.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-shell's
releases</a>.</em></p>
<blockquote>
<h2>opener-js v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run "npm pkg fix" to
address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an
object
npm warn publish "repository.url" was normalized to
"git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦 @tauri-apps/plugin-opener@2.3.0
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 4.3kB README.md
npm notice 2.8kB dist-js/index.cjs
npm notice 1.8kB dist-js/index.d.ts
npm notice 2.7kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 729B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-opener
npm notice version: 2.3.0
npm notice filename: tauri-apps-plugin-opener-2.3.0.tgz
npm notice package size: 3.4 kB
npm notice unpacked size: 13.2 kB
npm notice shasum: ea883f48daffd22873bbc40cc81b266df6f6a6cd
npm notice integrity: sha512-yAbauwp8BCHIh[...]otjYnnbUVmYrw==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=240371238
+ @tauri-apps/plugin-opener@2.3.0
</code></pre>
<!-- raw HTML omitted -->
<h2>opener v2.3.0</h2>
<h2>[2.3.0]</h2>
<ul>
<li><a
href="ce9888a2d4"><code>ce9888a2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2762">#2762</a>)
Similar to the <code>fs</code> plugin the <code>opener</code> plugin now
supports a <code>requireLiteralLeadingDot</code> configuration in
<code>tauri.conf.json</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code></tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adc23d6c4f"><code>adc23d6</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2808">#2808</a>)</li>
<li><a
href="fc573b35a7"><code>fc573b3</code></a>
chore(deps): update rust crate tokio-tungstenite to 0.27 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2768">#2768</a>)</li>
<li><a
href="901ddfb73d"><code>901ddfb</code></a>
ci: enable create-pull-request sign commits (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2809">#2809</a>)</li>
<li><a
href="f209b2f23c"><code>f209b2f</code></a>
chore(deps): update tauri monorepo to v2.6.0 (v2) (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2804">#2804</a>)</li>
<li><a
href="19ed1bd3cc"><code>19ed1bd</code></a>
chore(deps): update dependency prettier to v3.6.1 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2806">#2806</a>)</li>
<li><a
href="5779099688"><code>5779099</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2780">#2780</a>)</li>
<li><a
href="2aec8ff4c4"><code>2aec8ff</code></a>
feat(opener): add <code>inAppBrowser</code> option for iOS and Android
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2803">#2803</a>)</li>
<li><a
href="9799f0dbab"><code>9799f0d</code></a>
fix(log): iOS simulator freezing due to early logging (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2802">#2802</a>)</li>
<li><a
href="8cdaacdc6e"><code>8cdaacd</code></a>
chore(examples): update API example mobile projects</li>
<li><a
href="d46778e80b"><code>d46778e</code></a>
chore(deps): update dependency typescript-eslint to v8.35.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2794">#2794</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/os-v2.2.1...os-v2.3.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-runtime` from 2.6.0 to 2.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-runtime's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.7.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1020 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.4)
Adding cargo_metadata v0.19.2 (available: v0.20.0)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.2)
Adding elf v0.7.4 (available: v0.8.0)
Adding getrandom v0.2.16 (available: v0.3.3)
Adding html5ever v0.29.1 (available: v0.32.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding jsonrpsee v0.24.9 (available: v0.25.1)
Adding jsonrpsee-client-transport v0.24.9 (available: v0.25.1)
Adding jsonrpsee-core v0.24.9 (available: v0.25.1)
Adding jsonrpsee-ws-client v0.24.9 (available: v0.25.1)
Adding minisign v0.7.3 (available: v0.7.9)
Adding muda v0.16.1 (available: v0.17.0)
Adding object v0.36.7 (available: v0.37.1)
Adding oxc_allocator v0.36.0 (available: v0.74.0)
Adding oxc_ast v0.36.0 (available: v0.74.0)
Adding oxc_parser v0.36.0 (available: v0.74.0)
Adding oxc_span v0.36.0 (available: v0.74.0)
Adding phf v0.11.3 (available: v0.12.1)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.1)
Adding rpm v0.16.0 (available: v0.17.0)
Adding schemars v0.8.22 (available: v1.0.1)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding which v7.0.3 (available: v8.0.0)
Adding worker v0.5.0 (available: v0.6.0)
Adding worker-macros v0.5.0 (available: v0.6.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 787 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1045 crate dependencies)
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="594822aa55"><code>594822a</code></a>
Apply Version Updates From Current Changes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13282">#13282</a>)</li>
<li><a
href="e4aa35e083"><code>e4aa35e</code></a>
fix(cli): init tests</li>
<li><a
href="9c16eefa31"><code>9c16eef</code></a>
Update kuchikiki, html5ever, tao, wry, webview2-com (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13629">#13629</a>)</li>
<li><a
href="3242e1c946"><code>3242e1c</code></a>
feat(cli): allow passing Cargo commands to mobile dev/build commands (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13659">#13659</a>)</li>
<li><a
href="4a880ca697"><code>4a880ca</code></a>
feat(cli): synchronize productName changes with iOS Xcode project (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13658">#13658</a>)</li>
<li><a
href="d1ce9af628"><code>d1ce9af</code></a>
feat(cli): add <code>--config</code> arg to the mobile init cmds, closes
<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13284">#13284</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13660">#13660</a>)</li>
<li><a
href="ec6065fa4a"><code>ec6065f</code></a>
fix(cli): use original identifier to fix mobile options reading (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13625">#13625</a>)</li>
<li><a
href="18b5299952"><code>18b5299</code></a>
docs: where does resource dir resolve to (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13640">#13640</a>)</li>
<li><a
href="eb3f0248c2"><code>eb3f024</code></a>
fix: write default permission words if not empty (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13646">#13646</a>)</li>
<li><a
href="c03cc586e3"><code>c03cc58</code></a>
chore: check generated file on package lock change (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13641">#13641</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-runtime-v2.6.0...tauri-runtime-v2.7.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-utils` from 2.4.0 to 2.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-utils's
releases</a>.</em></p>
<blockquote>
<h2>tauri-utils v2.5.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1020 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.4)
Adding cargo_metadata v0.19.2 (available: v0.20.0)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.2)
Adding elf v0.7.4 (available: v0.8.0)
Adding getrandom v0.2.16 (available: v0.3.3)
Adding html5ever v0.29.1 (available: v0.32.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding jsonrpsee v0.24.9 (available: v0.25.1)
Adding jsonrpsee-client-transport v0.24.9 (available: v0.25.1)
Adding jsonrpsee-core v0.24.9 (available: v0.25.1)
Adding jsonrpsee-ws-client v0.24.9 (available: v0.25.1)
Adding minisign v0.7.3 (available: v0.7.9)
Adding muda v0.16.1 (available: v0.17.0)
Adding object v0.36.7 (available: v0.37.1)
Adding oxc_allocator v0.36.0 (available: v0.74.0)
Adding oxc_ast v0.36.0 (available: v0.74.0)
Adding oxc_parser v0.36.0 (available: v0.74.0)
Adding oxc_span v0.36.0 (available: v0.74.0)
Adding phf v0.11.3 (available: v0.12.1)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.1)
Adding rpm v0.16.0 (available: v0.17.0)
Adding schemars v0.8.22 (available: v1.0.1)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding which v7.0.3 (available: v8.0.0)
Adding worker v0.5.0 (available: v0.6.0)
Adding worker-macros v0.5.0 (available: v0.6.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 787 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1045 crate dependencies)
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="594822aa55"><code>594822a</code></a>
Apply Version Updates From Current Changes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13282">#13282</a>)</li>
<li><a
href="e4aa35e083"><code>e4aa35e</code></a>
fix(cli): init tests</li>
<li><a
href="9c16eefa31"><code>9c16eef</code></a>
Update kuchikiki, html5ever, tao, wry, webview2-com (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13629">#13629</a>)</li>
<li><a
href="3242e1c946"><code>3242e1c</code></a>
feat(cli): allow passing Cargo commands to mobile dev/build commands (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13659">#13659</a>)</li>
<li><a
href="4a880ca697"><code>4a880ca</code></a>
feat(cli): synchronize productName changes with iOS Xcode project (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13658">#13658</a>)</li>
<li><a
href="d1ce9af628"><code>d1ce9af</code></a>
feat(cli): add <code>--config</code> arg to the mobile init cmds, closes
<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13284">#13284</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13660">#13660</a>)</li>
<li><a
href="ec6065fa4a"><code>ec6065f</code></a>
fix(cli): use original identifier to fix mobile options reading (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13625">#13625</a>)</li>
<li><a
href="18b5299952"><code>18b5299</code></a>
docs: where does resource dir resolve to (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13640">#13640</a>)</li>
<li><a
href="eb3f0248c2"><code>eb3f024</code></a>
fix: write default permission words if not empty (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13646">#13646</a>)</li>
<li><a
href="c03cc586e3"><code>c03cc58</code></a>
chore: check generated file on package lock change (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13641">#13641</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-utils-v2.4.0...tauri-utils-v2.5.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [rustls](https://github.com/rustls/rustls) from 0.23.27 to
0.23.28.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="12fe0c123f"><code>12fe0c1</code></a>
Prepare 0.23.28</li>
<li><a
href="46ba039ba0"><code>46ba039</code></a>
Expose <code>named_groups</code> extension in
<code>ClientHello</code></li>
<li><a
href="b9a530a746"><code>b9a530a</code></a>
ci-bench: low-noise benchmarks with rustls-fuzzing-provider</li>
<li><a
href="9b452d26a4"><code>9b452d2</code></a>
fuzzing-provider: support no-op ticketer</li>
<li><a
href="136e857c77"><code>136e857</code></a>
fuzzing-provider: make ciphersuites public</li>
<li><a
href="96d66569c9"><code>96d6656</code></a>
Only include renegotiation SCSV for TLS1.2 attempts</li>
<li><a
href="568b2c6500"><code>568b2c6</code></a>
Use <code>ProtocolName</code> for ALPN protocol pervasively</li>
<li><a
href="229dfe250d"><code>229dfe2</code></a>
Allow future customisation of alert sent for
<code>InvalidMessage</code></li>
<li><a
href="d8828602c5"><code>d882860</code></a>
Return more specific type from <code>outer_hello_ext()</code></li>
<li><a
href="34cdce3d8c"><code>34cdce3</code></a>
Return more specific type from <code>grease_ext()</code></li>
<li>Additional commits viewable in <a
href="https://github.com/rustls/rustls/compare/v/0.23.27...v/0.23.28">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.173 to 0.2.174.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/libc/releases">libc's
releases</a>.</em></p>
<blockquote>
<h2>0.2.174</h2>
<h3>Added</h3>
<ul>
<li>Linux: Make <code>pidfd_info</code> fields pub (<a
href="https://redirect.github.com/rust-lang/libc/pull/4487">#4487</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Gnu x32: Add missing <code>timespec.tv_nsec</code> (<a
href="https://redirect.github.com/rust-lang/libc/pull/4497">#4497</a>)</li>
<li>NuttX: Use <code>nlink_t</code> type for <code>st_nlink</code> in
<code>struct stat</code> definition (<a
href="https://redirect.github.com/rust-lang/libc/pull/4483">#4483</a>)</li>
</ul>
<h3>Other</h3>
<ul>
<li>Allow new <code>unpredictable_function_pointer_comparisons</code>
lints (<a
href="https://redirect.github.com/rust-lang/libc/pull/4489">#4489</a>)</li>
<li>OpenBSD: Fix some clippy warnings to use <code>pointer::cast</code>.
(<a
href="https://redirect.github.com/rust-lang/libc/pull/4490">#4490</a>)</li>
<li>Remove unessecary semicolons from definitions of
<code>CMSG_NXTHDR</code>. (<a
href="https://redirect.github.com/rust-lang/libc/pull/4492">#4492</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/libc/blob/0.2.174/CHANGELOG.md">libc's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/rust-lang/libc/compare/0.2.173...0.2.174">0.2.174</a>
- 2025-06-17</h2>
<h3>Added</h3>
<ul>
<li>Linux: Make <code>pidfd_info</code> fields pub (<a
href="https://redirect.github.com/rust-lang/libc/pull/4487">#4487</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Gnu x32: Add missing <code>timespec.tv_nsec</code> (<a
href="https://redirect.github.com/rust-lang/libc/pull/4497">#4497</a>)</li>
<li>NuttX: Use <code>nlink_t</code> type for <code>st_nlink</code> in
<code>struct stat</code> definition (<a
href="https://redirect.github.com/rust-lang/libc/pull/4483">#4483</a>)</li>
</ul>
<h3>Other</h3>
<ul>
<li>Allow new <code>unpredictable_function_pointer_comparisons</code>
lints (<a
href="https://redirect.github.com/rust-lang/libc/pull/4489">#4489</a>)</li>
<li>OpenBSD: Fix some clippy warnings to use <code>pointer::cast</code>.
(<a
href="https://redirect.github.com/rust-lang/libc/pull/4490">#4490</a>)</li>
<li>Remove unessecary semicolons from definitions of
<code>CMSG_NXTHDR</code>. (<a
href="https://redirect.github.com/rust-lang/libc/pull/4492">#4492</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ea6f07f982"><code>ea6f07f</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/libc/issues/4500">#4500</a>
from tgross35/release</li>
<li><a
href="ce31fdaf1c"><code>ce31fda</code></a>
chore: release libc 0.2.174</li>
<li><a
href="296b5801e9"><code>296b580</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/libc/issues/4499">#4499</a>
from tgross35/backport-hungarian-wax</li>
<li><a
href="264a5399ab"><code>264a539</code></a>
Add missing timespec.tv_nsec for gnux32</li>
<li><a
href="7d92568ed6"><code>7d92568</code></a>
fix: use nlink_t type for st_nlink in struct stat definition for
NuttX</li>
<li><a
href="790180ba16"><code>790180b</code></a>
Remove unessecary semicolons from definitions of
<code>CMSG_NXTHDR</code>.</li>
<li><a
href="1e99d50bc9"><code>1e99d50</code></a>
make pidfd_info fields pub</li>
<li><a
href="c08c5073ef"><code>c08c507</code></a>
openbsd: Fix some clippy warnings to use
<code>pointer::cast</code>.</li>
<li><a
href="513405844c"><code>5134058</code></a>
Allow new <code>unpredictable_function_pointer_comparisons</code>
lints</li>
<li>See full diff in <a
href="https://github.com/rust-lang/libc/compare/0.2.173...0.2.174">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [arboard](https://github.com/1Password/arboard) from 3.5.0 to
3.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/1Password/arboard/releases">arboard's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.0</h2>
<h3>Added</h3>
<ul>
<li>Add support for excluding data from clipboard history on Linux.</li>
<li><code>arboard</code>, in debug builds, now attempts to call out
clipboard lifetime mishandling.
<ul>
<li>This is a debugging feature, and as such has no absolute or promised
behavior.</li>
</ul>
</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The background thread in the X11 backend no longer exits on every
selection request failure.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Handled cases where using an unsupported Primary clipboard on
Wayland would return the wrong error.</li>
<li>Clearing the clipboard on Linux now behaves correctly when
interacting with other apps on the system.</li>
<li>Pasting text with an explicit locale ID on Windows now works as
intended.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/MrSmoer"><code>@MrSmoer</code></a> made
their first contribution in <a
href="https://redirect.github.com/1Password/arboard/pull/155">1Password/arboard#155</a></li>
<li><a
href="https://github.com/crumblingstatue"><code>@crumblingstatue</code></a>
made their first contribution in <a
href="https://redirect.github.com/1Password/arboard/pull/186">1Password/arboard#186</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/1Password/arboard/compare/v3.5.0...v3.6.0">https://github.com/1Password/arboard/compare/v3.5.0...v3.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/1Password/arboard/blob/master/CHANGELOG.md">arboard's
changelog</a>.</em></p>
<blockquote>
<h2>3.6.0 on 2025-06-27</h2>
<h3>Added</h3>
<ul>
<li>Add support for excluding data from clipboard history on Linux.</li>
<li><code>arboard</code>, in debug builds, now attempts to call out
clipboard lifetime mishandling.
<ul>
<li>This is a debugging feature, and as such has no absolute or promised
behavior.</li>
</ul>
</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The background thread in the X11 backend no longer exits on every
selection request failure.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Handled cases where using an unsupported Primary clipboard on
Wayland would return the wrong error.</li>
<li>Clearing the clipboard on Linux now behaves correctly when
interacting with other apps on the system.</li>
<li>Pasting text with an explicit locale ID on Windows now works as
intended.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4f9bff86dc"><code>4f9bff8</code></a>
Release 3.6.0</li>
<li><a
href="380d2a691b"><code>380d2a6</code></a>
Remove deprecated authors Cargo manifest field</li>
<li><a
href="68ea2074ac"><code>68ea207</code></a>
Resolve new Clippy lints</li>
<li><a
href="8f6bab7d48"><code>8f6bab7</code></a>
Add README section about Linux clipboard ownership</li>
<li><a
href="b704da3cea"><code>b704da3</code></a>
Add debug helper for too-early Linux clipboard dropping</li>
<li><a
href="1040043ca4"><code>1040043</code></a>
Reword README sections and elaborate on Linux support</li>
<li><a
href="5f80bc1ddf"><code>5f80bc1</code></a>
linux/x11: Don't stop worker thread if handling selection request fails
(<a
href="https://redirect.github.com/1Password/arboard/issues/186">#186</a>)</li>
<li><a
href="b1e6720c3e"><code>b1e6720</code></a>
Fix getting text on Windows when locale identifiers differ</li>
<li><a
href="6b0e47ac8a"><code>6b0e47a</code></a>
Reimplement Linux clipboard clearing with correct primitives</li>
<li><a
href="825026572a"><code>8250265</code></a>
Refactor Wayland error handling to better account for missing Primary
clipboard</li>
<li>Additional commits viewable in <a
href="https://github.com/1Password/arboard/compare/v3.5.0...v3.6.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.103 to 2.0.104.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/syn/releases">syn's
releases</a>.</em></p>
<blockquote>
<h2>2.0.104</h2>
<ul>
<li>Disallow attributes on range expression (<a
href="https://redirect.github.com/dtolnay/syn/issues/1872">#1872</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2283a9852a"><code>2283a98</code></a>
Release 2.0.104</li>
<li><a
href="d745687fff"><code>d745687</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/syn/issues/1872">#1872</a>
from dtolnay/attrrange</li>
<li><a
href="350a4ab22d"><code>350a4ab</code></a>
Disallow attributes on range expression</li>
<li><a
href="da96f95362"><code>da96f95</code></a>
Add test of attributes on range</li>
<li><a
href="7a79818f44"><code>7a79818</code></a>
Update test suite to nightly-2025-06-19</li>
<li>See full diff in <a
href="https://github.com/dtolnay/syn/compare/2.0.103...2.0.104">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [test-strategy](https://github.com/frozenlib/test-strategy) from
0.4.1 to 0.4.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2816a09947"><code>2816a09</code></a>
Version 0.4.3.</li>
<li><a
href="f36275f3f8"><code>f36275f</code></a>
Clippy.</li>
<li><a
href="b45b00b214"><code>b45b00b</code></a>
Suppress <code>clippy::shadow_unrelated</code> warning in generated
code. (fix <a
href="https://redirect.github.com/frozenlib/test-strategy/issues/19">#19</a>)</li>
<li><a
href="bb9ef1bda5"><code>bb9ef1b</code></a>
Use <code>#![warn(clippy::shadow_unrelated)]</code> in tests.</li>
<li><a
href="58a9e9c5ad"><code>58a9e9c</code></a>
Version 0.4.2.</li>
<li><a
href="47172e723e"><code>47172e7</code></a>
Clippy.</li>
<li><a
href="c622d5faf4"><code>c622d5f</code></a>
Use edition 2021.</li>
<li><a
href="b397bbb466"><code>b397bbb</code></a>
Format.</li>
<li><a
href="75017c402d"><code>75017c4</code></a>
Resolve macro hygiene issue in Arbitrary. (fix <a
href="https://redirect.github.com/frozenlib/test-strategy/issues/18">#18</a>)</li>
<li><a
href="1822090c2f"><code>1822090</code></a>
Update expected compile error message.</li>
<li>Additional commits viewable in <a
href="https://github.com/frozenlib/test-strategy/compare/v0.4.1...v0.4.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [uniffi](https://github.com/mozilla/uniffi-rs) from 0.29.2 to
0.29.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/mozilla/uniffi-rs/blob/main/CHANGELOG.md">uniffi's
changelog</a>.</em></p>
<blockquote>
<h2>v0.29.3 (backend crates: v0.29.3) - (<em>2025-06-06</em>)</h2>
<h3>What's new?</h3>
<ul>
<li>HashMaps in UDL now support a default value with an empty map (<a
href="https://redirect.github.com/mozilla/uniffi-rs/pull/2539">#2539</a>).</li>
</ul>
<p><a
href="https://github.com/mozilla/uniffi-rs/compare/v0.29.2...v0.29.3">All
changes in v0.29.3</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8ece6a7211"><code>8ece6a7</code></a>
chore: Release</li>
<li><a
href="b12e09dc26"><code>b12e09d</code></a>
chore: Release</li>
<li><a
href="9aa167459b"><code>9aa1674</code></a>
Merge remote-tracking branch 'upstream/main' into release-v0.29.x</li>
<li><a
href="89a49b0504"><code>89a49b0</code></a>
Merge pull request <a
href="https://redirect.github.com/mozilla/uniffi-rs/issues/2559">#2559</a>
from mozilla/uniffi-309-unique-trait-interfaces</li>
<li><a
href="eb8eb00be5"><code>eb8eb00</code></a>
UNIFFI-309 Make callback interfaces unique</li>
<li><a
href="c9a59448e3"><code>c9a5944</code></a>
Internal docs for Rust/callback interface calls</li>
<li><a
href="a8ef084051"><code>a8ef084</code></a>
General pipeline updates</li>
<li><a
href="f04409aec5"><code>f04409a</code></a>
Merge pull request <a
href="https://redirect.github.com/mozilla/uniffi-rs/issues/2554">#2554</a>
from mozilla/groovecoder-patch-1</li>
<li><a
href="dc02a0c739"><code>dc02a0c</code></a>
Explicitly catch kotlin.Exception. (<a
href="https://redirect.github.com/mozilla/uniffi-rs/issues/2544">#2544</a>)</li>
<li><a
href="08aa589918"><code>08aa589</code></a>
fix typo in custom_types.md</li>
<li>Additional commits viewable in <a
href="https://github.com/mozilla/uniffi-rs/compare/v0.29.2...v0.29.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [proptest](https://github.com/proptest-rs/proptest) from 1.6.0 to
1.7.0.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/proptest-rs/proptest/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Originally, we introduced these to gather some data from logs / warnings
that we considered to be too spammy. We've since merged a
burst-protection that will at most submit the same event once every 5
minutes.
The data from the telemetry spans themselves have not been used at all.
Sentry has a new "Logs" feature where we can stream logs directly to
Sentry. Doing this for all Clients and Gateways would be way too much
data to collect though.
In order to aid debugging from customer installations, we add a
PostHog-managed feature flag that - if set to `true` - enables the
streaming of logs to Sentry. This feature flag is evaluated every time
the telemetry context is initialised:
- For all FFI usages of connlib, this happens every time a new session
is created.
- For the Windows/Linux Tunnel service, this also happens every time we
create a new session.
- For the Headless Client and Gateway, it happens on startup and
afterwards, every minute. The feature-flag context itself is only
checked every 5 minutes though so it might take up to 5 minutes before
this takes effect.
The default value - like all feature flags - is `false`. Therefore, if
there is any issue with the PostHog service, we will fallback to the
previous behaviour where logs are simply stored locally.
Resolves: #9600
A bit of legacy that we have inherited around our Firezone ID is that
the ID stored on the user's device is sha'd before being passed to the
portal as the "external ID". This makes it difficult to correlate IDs in
Sentry and PostHog with the data we have in the portal. For Sentry and
PostHog, we submit the raw UUID stored on the user's device.
As a first step in overcoming this, we embed an "external ID" in those
services as well IF the provided Firezone ID is a valid UUID. This will
allow us to immediately correlate those events.
As a second step, we automatically generate all new Firezone IDs for the
Windows and Linux Client as `hex(sha256(uuid))`. These won't parse as
valid UUIDs and therefore will be submitted as is to the portal.
As a third step, we update all documentation around generating Firezone
IDs to use `uuidgen | sha256` instead of just `uuidgen`. This is
effectively the equivalent of (2) but for the Headless Client and
Gateway where the Firezone ID can be configured via environment
variables.
Resolves: #9382
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
The latest `main` of str0m undoes a breaking change in the constructor
of `Candidate::relayed` by flipping the parameters back. This will make
it easier to upgrade to the latest release once it is out.
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.39 to 4.5.40.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's
changelog</a>.</em></p>
<blockquote>
<h2>[4.5.40] - 2025-06-09</h2>
<h3>Features</h3>
<ul>
<li>Support quoted ids in <code>arg!()</code> macro (e.g.
<code>arg!("check-config": ...)</code>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cff27dbf57"><code>cff27db</code></a>
chore: Release</li>
<li><a
href="4ef41249f1"><code>4ef4124</code></a>
docs: Update changelog</li>
<li><a
href="ca896175c1"><code>ca89617</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5848">#5848</a>
from jennings/jennings/push-xolwzyoornps</li>
<li><a
href="99b6391ee9"><code>99b6391</code></a>
fix(complete): Fix PowerShell dynamic completion</li>
<li>See full diff in <a
href="https://github.com/clap-rs/clap/compare/clap_complete-v4.5.39...clap_complete-v4.5.40">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The recent changes to str0m include a bug fix for network constellations
where both peers are behind symmetric NAT and therefore need a
relay-relay candidate pair to succeed. In the current version, such
candidate pairs would erroneously be rejected as redundant with host
candidates.
Fixes: #9514
To make our FFI layer between Android and Rust safer, we adopt the
UniFFI tool from Mozilla. UniFFI allows us to create a dedicated crate
(here `client-ffi`) that contains Rust structs annotated with various
attributes. These macros then generate code at compile time that is
built into the shared object. Using a dedicated CLI from the UniFFI
project, we can then generate Kotlin bindings from this shared object.
The primary motivation for this effort is memory safety across the FFI
boundary. Most importantly, we want to ensure that:
- The session pointer is not used after it has been free'd
- Disconnecting the session frees the pointer
- Freeing the session does not happen as part of a callback as that
triggers a cyclic dependency on the Rust side (callbacks are executed on
a runtime and that runtime is dropped as part of dropping the session)
To achieve all of these goals, we move away from callbacks altogether.
UniFFI has great support for async functions. We leverage this support
to expose a `suspend fn` to Android that returns `Event`s. These events
map to the current callback functions. Internally, these events are read
from a channel with a capacity of 1000 events. It is therefore not very
time-critical that the app reads from this channel. `connlib` will
happily continue even if the channel is full. 1000 events should be more
than sufficient though in case the host app cannot immediately process
them. We don't send events very often after all.
This event-based design has major advantages: It allows us to make use
of `AutoCloseable` on the Kotlin side, meaning the `session` pointer is
only ever accessed as part of a `use` block and automatically closed
(and therefore free'd) at the end of the block.
To communicate with the session, we introduce a `TunnelCommand` which
represents all actions that the host app can send to `connlib`. These
are passed through a channel to the `suspend fn` which continuously
listens for events and commands.
Resolves: #9499
Related: #3959
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
It is in the nature of our application that errors may occur in rapid
succession if anything in the packet processing path fails. Most of the
time, these repeated errors don't add any additional information so
reporting one of them to Sentry is more than enough.
To achieve this, we add a `before_send` callback that utilizes a
concurrent cache with an upper bound of 10000 items and a TTL of 5
minutes. In other words, if we have submitted an event to Sentry that
had the exact same message in the last 5 minutes, we will not send it.
Internally, `moka` uses a concurrent hash map and therefore, the key is
hashed and not actually stored. Hash codes are u64, meaning the memory
footprint of this cache is only ~ 64kb (not accounting for constant
overhead of the cache internals).
Bumps the windows group in /rust with 1 update:
[windows](https://github.com/microsoft/windows-rs).
Updates `windows` from 0.61.1 to 0.61.3
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/microsoft/windows-rs/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.101 to 2.0.103.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/syn/releases">syn's
releases</a>.</em></p>
<blockquote>
<h2>2.0.103</h2>
<ul>
<li>Insert parentheses around binary operation with attribute (<a
href="https://redirect.github.com/dtolnay/syn/issues/1871">#1871</a>)</li>
</ul>
<h2>2.0.102</h2>
<ul>
<li>Fix printing of nested Expr::Index and Expr::Tuple in non-full mode
(<a
href="https://redirect.github.com/dtolnay/syn/issues/1869">#1869</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="85d427679f"><code>85d4276</code></a>
Release 2.0.103</li>
<li><a
href="6f7b0f39b3"><code>6f7b0f3</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/syn/issues/1871">#1871</a>
from dtolnay/binaryattr</li>
<li><a
href="89f88facd1"><code>89f88fa</code></a>
Correctly track bailouts in parenthesized binary expressions</li>
<li><a
href="0e07372e40"><code>0e07372</code></a>
Add binary operator attribute bailout test</li>
<li><a
href="ca8d876bde"><code>ca8d876</code></a>
Insert parentheses around binary operation with attribute</li>
<li><a
href="5be0f7121f"><code>5be0f71</code></a>
Add binary operator attribute tests</li>
<li><a
href="026bb3cf32"><code>026bb3c</code></a>
Discard paren attrs in unparenthesize test</li>
<li><a
href="217dd626aa"><code>217dd62</code></a>
Preserve attributes of Expr::Paren in FlattenParens</li>
<li><a
href="ef977c1059"><code>ef977c1</code></a>
Update test suite to nightly-2025-06-11</li>
<li><a
href="b1cc55995d"><code>b1cc559</code></a>
Release 2.0.102</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/syn/compare/2.0.101...2.0.103">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Firezone Bot