mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
470680cb1f1055b80b2d7d5b066452b3984c04fa
8395 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Mariusz Klochowicz
|
470680cb1f |
chore(apple): Migrate to latest Xcode recommended settings (#10766)
Prompted by Xcode warning at project startup. Most of the changes are simple migrations from entitlements files to build settings, which is the recommended approach, and were done automatically by Xcode. new settings: - REGISTER_APP_GROUPS - Automatically registers app groups with provisioning profile (I had to set this manually when setting up, so it's a welcome change) - STRING_CATALOG_GENERATE_SYMBOLS - type-safe localization (no regression, we're not doing any localization currently) - ENABLE_USER_SCRIPT_SANDBOXING - sandboxing all the build scripts Note: I had to turn off the recommended `ENABLE_USER_SCRIPT_SANDBOXING` as it would interfere with our building of connlib during the build. Also: make Makefile more ergonomic to use (setup LSP config during first build) |
||
|
Thomas Eizinger
|
602844ae4a |
fix(gateway): always update translation table from DNS response (#10796)
For DNS resources, the Gateway maintains a per-peer NAT table from the client-assigned proxy IPs to the real IPs of the domain. Whenever the Client re-queries a DNS resource domain locally, we asynchronously ping the Gateway to also re-query said domain. This allows us to detect changes in the DNS records of DNS resources. To avoid breaking existing connections, the mapping between proxy IPs and real IPs is currently not updated if there are any active UDP or TCP flows for a proxy IP. This logic turns out to be unnecessarily restrictive as TCP flows can linger around for up to 2h before they timeout if they are not closed with a TCP RST. What we really need to do is always update the mapping of proxy IP <> real IP but honor existing NAT table entries when we route packets before creating new ones. This ensures that an existing connection to a previously resolved IP remains intact, even if a later DNS response for the same domain updates the mapping. At the same time, new connections (i.e. with a different source port) will immediately use the new destination IP. |
||
|
Mariusz Klochowicz
|
b5048ad779 |
refactor(apple): Convert IPCClient from actor to stateless enum (#10797)
Refactors IPCClient from an actor to a stateless enum with static methods, removing unnecessary actor isolation and instance management. - IPCClient: Actor → enum with static methods taking session parameter - Store: Removed IPCClient instance caching, added resource list caching - Store: Moved resource fetching logic from IPCClient into Store - All call sites: Updated to pass session directly to static methods Store now directly manages resource list hashing and caching via fetchResources() method, using SHA256 hash optimisation to avoid redundant updates when resource lists haven't changed. |
||
|
Mariusz Klochowicz
|
936b095391 |
chore(apple): Enable Swift 6.2 Approachable Concurrency features (#10799)
Enables SWIFT_APPROACHABLE_CONCURRENCY build setting which activates a few key Swift 6.2 concurrency features, including: 1. NonisolatedNonsendingByDefault - Makes nonisolated async functions run on the caller's executor instead of the global executor, providing more predictable performance and behaviour 2. InferIsolatedConformances - Protocol conformances automatically inherit global actor isolation, reducing annotation burden Read more: https://www.donnywals.com/what-is-approachable-concurrency-in-xcode-26/ Also bumps swift-tools-version from 6.0 to 6.2 in Package.swift to enable newer Package Manager manifest APIs. As a result of better type inference, removes 1 redundant @Sendable annotation in Store.swift: - vpnStatusChangeHandler: @MainActor closures are implicitly Sendable |
||
|
Thomas Eizinger
|
72dd7187f4 |
revert: specify systemd-resolved dependency (#10798)
I can't make the CI smoke install work with this change. Reverts firezone/firezone#10783 |
||
|
Mariusz Klochowicz
|
bf95dc45a3 |
refactor(apple): Upgrade to Swift 6.2 with concurrency checks (#10682)
This PR upgrades the Swift client from Swift 5 to Swift 6.2, addressing
all
concurrency-related warnings and runtime crashes that come with Swift
6's
strict concurrency checking.
## Swift 6 Concurrency Primer
**`actor`** - A new reference type that provides thread-safe, serialised
access to mutable state. Unlike classes, actors ensure that only one
piece of
code can access their mutable properties at a time. Access to actor
methods/properties requires await and automatically hops to the actor's
isolated executor.
**`@MainActor`** - An attribute that marks code to run on the main
thread.
Essential for UI updates and anything that touches UIKit/AppKit. When a
class/function is marked @MainActor, all its methods and properties
inherit
this isolation.
**`@Sendable`** - A protocol indicating that a type can be safely passed
across concurrency domains (between actors, tasks, etc.). Value types
(structs, enums) with Sendable stored properties are automatically
Sendable.
Reference types (classes) need explicit @unchecked Sendable if they
manage
thread-safety manually.
**`nonisolated`** - Opts out of the containing type's actor isolation.
For
example, a nonisolated method in a @MainActor class can be called from
any
thread without await. Useful for static methods or thread-safe
operations.
**`@concurrent`** - Used on closure parameters in delegate methods.
Indicates
the closure may be called from any thread, preventing the closure from
inheriting the surrounding context's actor isolation. Critical for
callbacks
from system frameworks that call from background threads.
**Data Races** - Swift 6 enforces at compile-time (and optionally at
runtime)
that mutable state cannot be accessed concurrently from multiple
threads. This
eliminates entire classes of bugs that were previously only caught
through
testing or production crashes.
## Swift Language Upgrade
- **Bump Swift 5 → 6.2**: Enabled strict concurrency checking throughout
the
codebase
- **Enable ExistentialAny (SE-0335)**: Adds compile-time safety by
making
protocol type erasure explicit (e.g., any Protocol instead of implicit
Protocol)
- **Runtime safety configuration**: Added environment variables to log
concurrency violations during development instead of crashing, allowing
gradual migration
## Concurrency Fixes
### Actor Isolation
- **TelemetryState actor** (Telemetry.swift:10): Extracted mutable
telemetry
state into a dedicated actor to eliminate data races from concurrent
access
- **SessionNotification @MainActor isolation**
(SessionNotification.swift:25):
Properly isolated the class to MainActor since it manages UI-related
callbacks
- **IPCClient caching** (IPCClient.swift): Fixed actor re-entrance
issues and
resource hash-based optimisation by caching the client instance in Store
### Thread-Safe Callbacks
- **WebAuthSession @concurrent delegate** (WebAuthSession.swift:46): The
authentication callback is invoked from a background thread by
ASWebAuthenticationSession. Marked the wrapper function as @concurrent
to
prevent MainActor inference on the completion handler closure, then
explicitly hopped back to MainActor for the session.start() call. This
fixes EXC_BAD_INSTRUCTION crashes at _dispatch_assert_queue_fail.
- **SessionNotification @concurrent delegate**
(SessionNotification.swift:131): Similarly marked the notification
delegate
method as @concurrent and used Task { @MainActor in } to safely invoke
the
MainActor-isolated signInHandler
### Sendable Conformances
- Added Sendable to Resource, Site, Token, Configuration, and other
model
types that are passed between actors and tasks
- **LogWriter immutability** (Log.swift): Made jsonData immutable to
prevent
capturing mutable variables in @Sendable closures
### Nonisolated Methods
- **Static notification display** (SessionNotification.swift:73): Marked
showSignedOutNotificationiOS() as nonisolated since it's called from the
Network Extension (different process) and only uses thread-safe APIs
Fixes #10674
Fixes #10675
|
||
|
Thomas Eizinger
|
bae38ec345 |
feat(connlib): add HTTP2 client with pluggable sockets (#10788)
Firezone's ability to tunnel all traffic on a particular Client (i.e. the Internet Resource) means we have to ensure that traffic originating from within the Firezone process does not get routed back into the tunnel. On MacOS and iOS, this is automatically taken care of for us. On all other platforms, we need to take steps to prevent these routing loops. This functionality is abstracted away using our `SocketFactory`. A socket created with such a factory is guaranteed to route its traffic outside of the tunnel. These sockets are used for the WebSocket connection to the portal, as well as for recursive UDP and TCP DNS queries. In order to support DoH, we need to also be able to send HTTPS requests without causing packet loops. This PR adds a new crate `http-client` that does exactly that. It composes together `hyper` and `rustls` such that the configured `SocketFactory` is used to create the TCP socket for the underlying HTTP2 connection. Consequently, HTTPS requests made with this library will automatically be routed outside of the tunnel, assuming the `SocketFactory` is adequately configured. Right now, this crate just stands by itself. It will be integrated into connlib at a later point. Resolves: #10774 Related: #4668 Related: #10272 |
||
|
Thomas Eizinger
|
b8b52c1f07 |
fix(portal): do not allow ports for upstream DNS servers (#10772)
DNS servers are standarised to be contacted on port 53. This is also hard-coded within `connlib` when we contact an upstream server. As such, we should disallow users inputting any custom port for upstream DNS servers. Luckily - or perhaps because it doesn't presently work - no users in production have actually put in a port. Resolves: #8330 |
||
|
Thomas Eizinger
|
352a83bbb0 |
refactor(connlib): allow creating multiple layer 4 DNS servers (#10763)
Within Firezone, there are multiple components that deal with DNS queries. Two of those components are the `l4-udp-dns-server` and `l4-tcp-dns-server`. Both of them are responsible for receiving DNS queries on layer 4, i.e. UDP or TCP. In other words, they do _not_ operate on an IP level (which would be layer 3) but instead use `UdpSocket` and `TcpListener` to receive queries and sent back responses. Right now, the interfaces of these crates are designed for the usecase of receiving forwarded DNS queries from the CLient on the Gateway's TUN device. This is a special-case of DNS resolution. When receiving a TXT or SRV query for a domain that is covered by a DNS resources, Firezone Client's will forward that query to the corresponding Gateway and resolve it in its network context. SRV and TXT records are commonly used for service discovery and as such, should be resolved in the network context of the service, i.e. the site that assigned to the resource. For that usecase, it made sense to allow each DNS server to listen on 1 IPv4 and 1 IPv6 address. Since then, our event-loop has evolved a bit, being able to handle multiple inputs at once. As such, we can simplify the API of these crates to only listen on a single address and instead create multiple instances of them inside `Io`. Depending on how the design of our DNS implementation for the Clients evolves, this may be used to listen on multiple IPs later (e.g. from the `127.0.0.0/8` subnet). Related: #8263 |
||
|
Thomas Eizinger
|
804ef7a3fb |
fix(connlib): retain order of system/upstream DNS servers (#10773)
Right now, connlib hands out a `BiMap` of sentinel IPs <> upstream servers whenever it emits a `TunInterfaceUpdated` event. This `BiMap` internally uses two `HashMap`s. The iteration order of `HashMap`s is non-deterministic and therefore, we lose the order in which the upstream / system resolvers have been passed to us originally. To prevent that, we now emit a dedicated `DnsMapping` type that does not expose its internal data structure but only getters for retrieving the sentinel and upstream servers. Internally, it uses a `Vec` to store this mapping and thus retains the original order. This is asserted as part of our proptests by comparing the resulting `Vec`s. This fix is preceded by a few refactorings that encapsulate the code for creating and updating this DNS mapping. Resolves: #8439 |
||
|
Thomas Eizinger
|
1b7313622a |
feat(connlib): introduce l3-udp-dns-client (#10764)
With #8263, we will stop receiving UDP and TCP DNS queries on the tunnel but use regular sockets instead. This means that for UDP DNS queries that need to be sent _through_ the tunnel, we actually need to make new IP packets again. For TCP, we already have a crate that does this for us because there, we need to manage an entire TCP stack. For UDP, the story is a bit simpler but there are still a few things involved. In particular, we need to set a source address for the packets and we need to sample a new random port for each query. The crate added in this PR does exactly that. It is not yet used anywhere but split out into a separate PR to reduce the reviewing burden of the larger refactor. Related: #8263 Related: #10758 |
||
|
Thomas Eizinger
|
9e33e514c4 |
chore(linux): specify systemd-resolved dependency (#10783)
On Ubuntu, this should be the default anyway and already be installed but to be correct, we should list this dependency in the `depends` section of our `.deb`. That way, it will automatically get installed again if a user chooses to install the GUI client from our repository and doesn't have `systemd-resolved` installed. |
||
|
Jamil
|
0f73ec18ab | fix(website): azure app id json structure (#10785) | ||
|
dependabot[bot]
|
b5c420bd5b |
build(deps): bump serde_with from 3.14.0 to 3.15.0 in /rust (#10777)
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.14.0 to 3.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jonasbb/serde_with/releases">serde_with's releases</a>.</em></p> <blockquote> <h2>serde_with v3.15.0</h2> <h3>Added</h3> <ul> <li> <p>Added error inspection to <code>VecSkipError</code> and <code>MapSkipError</code> by <a href="https://github.com/michelhe"><code>@michelhe</code></a> (<a href="https://redirect.github.com/jonasbb/serde_with/issues/878">#878</a>) This allows interacting with the previously hidden error, for example for logging. Checkout the newly added example to both types.</p> </li> <li> <p>Allow documenting the types generated by <code>serde_conv!</code>. The <code>serde_conv!</code> macro now acceps outer attributes before the optional visibility modifier. This allow adding doc comments in the shape of <code>#[doc = "..."]</code> or any other attributes, such as lint modifiers.</p> <pre lang="rust"><code>serde_conv!( #[doc = "Serialize bools as string"] #[allow(dead_code)] pub BoolAsString, bool, |x: &bool| ::std::string::ToString::to_string(x), |x: ::std::string::String| x.parse() ); </code></pre> </li> <li> <p>Add support for <code>hashbrown</code> v0.16 (<a href="https://redirect.github.com/jonasbb/serde_with/issues/877">#877</a>)</p> <p>This extends the existing support for <code>hashbrown</code> v0.14 and v0.15 to the newly released version.</p> </li> </ul> <h3>Changed</h3> <ul> <li>Bump MSRV to 1.76, since that is required for <code>toml</code> dev-dependency.</li> </ul> <h2>serde_with v3.14.1</h2> <h3>Fixed</h3> <ul> <li>Show macro expansion in the docs.rs generated rustdoc. Since macros are used to generate trait implementations, this is useful to understand the exact generated code.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6d60653bac |
build(deps): bump gat-lending-iterator from 0.1.6 to 0.1.7 in /rust (#10776)
Bumps [gat-lending-iterator](https://github.com/Crazytieguy/gat-lending-iterator) from 0.1.6 to 0.1.7. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Crazytieguy/gat-lending-iterator/commits/v0.1.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
5bf8482826 |
build(deps): bump com.google.firebase.appdistribution from 5.1.1 to 5.2.0 in /kotlin/android (#10781)
Bumps com.google.firebase.appdistribution from 5.1.1 to 5.2.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
f6aa499711 |
build(deps): bump com.google.firebase:firebase-bom from 34.4.0 to 34.5.0 in /kotlin/android (#10782)
Bumps com.google.firebase:firebase-bom from 34.4.0 to 34.5.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Thomas Eizinger
|
9016ffc9dc |
build(rust): bump to Rust 1.91.0 (#10767)
Rust 1.91 has been released and brings with it a few new lints that we need to tidy up. In addition, it also stabilizes `BTreeMap::extract_if`: A really nifty std-lib function that allows us to conditionally take elements from a map. We need that in a bunch of places. |
||
|
dependabot[bot]
|
21846b81e5 |
build(deps): bump vite from 7.1.7 to 7.1.11 in /rust/gui-client in the npm_and_yarn group across 1 directory (#10769)
Bumps the npm_and_yarn group with 1 update in the /rust/gui-client directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 7.1.7 to 7.1.11 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v7.1.11</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.11/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.10</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.10/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.9</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.9/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.8</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.8/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v7.1.10...v7.1.11">7.1.11</a> (2025-10-20)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li><strong>dev:</strong> trim trailing slash before <code>server.fs.deny</code> check (<a href="https://redirect.github.com/vitejs/vite/issues/20968">#20968</a>) (<a href=" |
||
|
dependabot[bot]
|
1ac1bb044a |
build(deps): bump the sentry group in /rust with 2 updates (#10727)
Bumps the sentry group in /rust with 2 updates: [sentry](https://github.com/getsentry/sentry-rust) and [sentry-tracing](https://github.com/getsentry/sentry-rust). Updates `sentry` from 0.42.0 to 0.43.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-rust/releases">sentry's releases</a>.</em></p> <blockquote> <h2>0.43.0</h2> <h3>Breaking changes</h3> <ul> <li>ref(tracing): rework tracing to Sentry span name/op conversion (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a> <ul> <li>The <code>tracing</code> integration now uses the tracing span name as the Sentry span name by default.</li> <li>Before this change, the span name would be set based on the <code>tracing</code> span target (<code><module>::<function></code> when using the <code>tracing::instrument</code> macro).</li> <li>The <code>tracing</code> integration now uses <code><span target>::<span name></code> as the default Sentry span op (i.e. <code><module>::<function></code> when using <code>tracing::instrument</code>).</li> <li>Before this change, the span op would be set based on the <code>tracing</code> span name.</li> <li>Read below to learn how to customize the span name and op.</li> <li>When upgrading, please ensure to adapt any queries, metrics or dashboards to use the new span names/ops.</li> </ul> </li> <li>ref(tracing): use standard code attributes (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/899">#899</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a> <ul> <li>Logs now carry the attributes <code>code.module.name</code>, <code>code.file.path</code> and <code>code.line.number</code> standardized in OTEL to surface the respective information, in contrast with the previously sent <code>tracing.module_path</code>, <code>tracing.file</code> and <code>tracing.line</code>.</li> </ul> </li> <li>fix(actix): capture only server errors (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/877">#877</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a> <ul> <li>The Actix integration now properly honors the <code>capture_server_errors</code> option (enabled by default), capturing errors returned by middleware only if they are server errors (HTTP status code 5xx).</li> <li>Previously, if a middleware were to process the request after the Sentry middleware and return an error, our middleware would always capture it and send it to Sentry, regardless if it was a client, server or some other kind of error.</li> <li>With this change, we capture errors returned by middleware only if those errors can be classified as server errors.</li> <li>There is no change in behavior when it comes to errors returned by services, in which case the Sentry middleware only captures server errors exclusively.</li> </ul> </li> <li>fix: send trace origin correctly (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/906">#906</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a> <ul> <li><code>TraceContext</code> now has an additional field <code>origin</code>, used to report which integration created a transaction.</li> </ul> </li> </ul> <h3>Behavioral changes</h3> <ul> <li>feat(tracing): send both breadcrumbs and logs by default (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/878">#878</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a> <ul> <li>If the <code>logs</code> feature flag is enabled, and <code>enable_logs: true</code> is set on your client options, the default Sentry <code>tracing</code> layer now sends logs for all events at or above INFO.</li> </ul> </li> </ul> <h3>Features</h3> <ul> <li> <p>ref(tracing): rework tracing to Sentry span name/op conversion (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a></p> <ul> <li>Additional special fields have been added that allow overriding certain data on the Sentry span: <ul> <li><code>sentry.op</code>: override the Sentry span op.</li> <li><code>sentry.name</code>: override the Sentry span name.</li> <li><code>sentry.trace</code>: given a string matching a valid <code>sentry-trace</code> header (sent automatically by client SDKs), continues the distributed trace instead of starting a new one. If the value is not a valid <code>sentry-trace</code> header or a trace is already started, this value is ignored.</li> </ul> </li> <li><code>sentry.op</code> and <code>sentry.name</code> can also be applied retroactively by declaring fields with value <code>tracing::field::Empty</code> and then recorded using <code>tracing::Span::record</code>.</li> <li>Example usage: <pre lang="rust"><code>#[tracing::instrument(skip_all, fields( sentry.op = "http.server", sentry.name = "GET /payments", sentry.trace = headers.get("sentry-trace").unwrap_or(&"".to_owned()), ))] async fn handle_request(headers: std::collections::HashMap<String, String>) { // ... } </code></pre> </li> <li>Additional attributes are sent along with each span by default: <ul> <li><code>sentry.tracing.target</code>: corresponds to the <code>tracing</code> span's <code>metadata.target()</code></li> <li><code>code.module.name</code>, <code>code.file.path</code>, <code>code.line.number</code></li> </ul> </li> </ul> </li> <li> <p>feat(core): add Response context (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/874">#874</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a></p> <ul> <li>The <code>Response</code> context can now be attached to events, to include information about HTTP responses such as headers, cookies and status code.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-rust/blob/master/CHANGELOG.md">sentry's changelog</a>.</em></p> <blockquote> <h2>0.43.0</h2> <h3>Breaking changes</h3> <ul> <li>ref(tracing): rework tracing to Sentry span name/op conversion (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a> <ul> <li>The <code>tracing</code> integration now uses the tracing span name as the Sentry span name by default.</li> <li>Before this change, the span name would be set based on the <code>tracing</code> span target (<code><module>::<function></code> when using the <code>tracing::instrument</code> macro).</li> <li>The <code>tracing</code> integration now uses <code><span target>::<span name></code> as the default Sentry span op (i.e. <code><module>::<function></code> when using <code>tracing::instrument</code>).</li> <li>Before this change, the span op would be set based on the <code>tracing</code> span name.</li> <li>Read below to learn how to customize the span name and op.</li> <li>When upgrading, please ensure to adapt any queries, metrics or dashboards to use the new span names/ops.</li> </ul> </li> <li>ref(tracing): use standard code attributes (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/899">#899</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a> <ul> <li>Logs now carry the attributes <code>code.module.name</code>, <code>code.file.path</code> and <code>code.line.number</code> standardized in OTEL to surface the respective information, in contrast with the previously sent <code>tracing.module_path</code>, <code>tracing.file</code> and <code>tracing.line</code>.</li> </ul> </li> <li>fix(actix): capture only server errors (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/877">#877</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a> <ul> <li>The Actix integration now properly honors the <code>capture_server_errors</code> option (enabled by default), capturing errors returned by middleware only if they are server errors (HTTP status code 5xx).</li> <li>Previously, if a middleware were to process the request after the Sentry middleware and return an error, our middleware would always capture it and send it to Sentry, regardless if it was a client, server or some other kind of error.</li> <li>With this change, we capture errors returned by middleware only if those errors can be classified as server errors.</li> <li>There is no change in behavior when it comes to errors returned by services, in which case the Sentry middleware only captures server errors exclusively.</li> </ul> </li> <li>fix: send trace origin correctly (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/906">#906</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a> <ul> <li><code>TraceContext</code> now has an additional field <code>origin</code>, used to report which integration created a transaction.</li> </ul> </li> </ul> <h3>Behavioral changes</h3> <ul> <li>feat(tracing): send both breadcrumbs and logs by default (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/878">#878</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a> <ul> <li>If the <code>logs</code> feature flag is enabled, and <code>enable_logs: true</code> is set on your client options, the default Sentry <code>tracing</code> layer now sends logs for all events at or above INFO.</li> </ul> </li> </ul> <h3>Features</h3> <ul> <li> <p>ref(tracing): rework tracing to Sentry span name/op conversion (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a></p> <ul> <li>Additional special fields have been added that allow overriding certain data on the Sentry span: <ul> <li><code>sentry.op</code>: override the Sentry span op.</li> <li><code>sentry.name</code>: override the Sentry span name.</li> <li><code>sentry.trace</code>: given a string matching a valid <code>sentry-trace</code> header (sent automatically by client SDKs), continues the distributed trace instead of starting a new one. If the value is not a valid <code>sentry-trace</code> header or a trace is already started, this value is ignored.</li> </ul> </li> <li><code>sentry.op</code> and <code>sentry.name</code> can also be applied retroactively by declaring fields with value <code>tracing::field::Empty</code> and then recorded using <code>tracing::Span::record</code>.</li> <li>Example usage: <pre lang="rust"><code>#[tracing::instrument(skip_all, fields( sentry.op = "http.server", sentry.name = "GET /payments", sentry.trace = headers.get("sentry-trace").unwrap_or(&"".to_owned()), ))] async fn handle_request(headers: std::collections::HashMap<String, String>) { // ... } </code></pre> </li> <li>Additional attributes are sent along with each span by default: <ul> <li><code>sentry.tracing.target</code>: corresponds to the <code>tracing</code> span's <code>metadata.target()</code></li> <li><code>code.module.name</code>, <code>code.file.path</code>, <code>code.line.number</code></li> </ul> </li> </ul> </li> <li> <p>feat(core): add Response context (<a href="https://redirect.github.com/getsentry/sentry-rust/pull/874">#874</a>) by <a href="https://github.com/lcian"><code>@lcian</code></a></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
20c40312dd | chore(website): add entra sync domain association (#10771) | ||
|
dependabot[bot]
|
a426ee2608 |
build(deps): bump the react group in /rust/gui-client with 2 updates (#10722)
Bumps the react group in /rust/gui-client with 2 updates: [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) and [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router). Updates `@types/react` from 19.1.13 to 19.1.15 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare view</a></li> </ul> </details> <br /> Updates `react-router` from 7.9.1 to 7.9.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/releases">react-router's releases</a>.</em></p> <blockquote> <h2>v7.9.3</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793</a></p> <h2>v7.9.2</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's changelog</a>.</em></p> <blockquote> <h2>7.9.3</h2> <h3>Patch Changes</h3> <ul> <li> <p>Do not try to use <code>turbo-stream</code> to decode CDN errors that never reached the server (<a href="https://redirect.github.com/remix-run/react-router/pull/14385">#14385</a>)</p> <ul> <li>We used to do this but lost this check with the adoption of single fetch</li> </ul> </li> <li> <p>Fix Data Mode regression causing a 404 during initial load in when <code>middleware</code> exists without any <code>loader</code> functions (<a href="https://redirect.github.com/remix-run/react-router/pull/14393">#14393</a>)</p> </li> </ul> <h2>7.9.2</h2> <h3>Patch Changes</h3> <ul> <li> <ul> <li>Update client-side router to run client <code>middleware</code> on initial load even if no loaders exist (<a href="https://redirect.github.com/remix-run/react-router/pull/14348">#14348</a>)</li> <li>Update <code>createRoutesStub</code> to run route middleware <ul> <li>You will need to set the <code><RoutesStub future={{ v8_middleware: true }} /></code> flag to enable the proper <code>context</code> type</li> </ul> </li> </ul> </li> <li> <p>Update Lazy Route Discovery manifest requests to use a singular comma-separated <code>paths</code> query param instead of repeated <code>p</code> query params (<a href="https://redirect.github.com/remix-run/react-router/pull/14321">#14321</a>)</p> <ul> <li>This is because Cloudflare has a hard limit of 100 URL search param key/value pairs when used as a key for caching purposes</li> <li>If more that 100 paths were included, the cache key would be incomplete and could produce false-positive cache hits</li> </ul> </li> <li> <p>[UNSTABLE] Add <code>fetcher.unstable_reset()</code> API (<a href="https://redirect.github.com/remix-run/react-router/pull/14206">#14206</a>)</p> </li> <li> <p>Made useOutlet element reference have stable identity in-between route chages (<a href="https://redirect.github.com/remix-run/react-router/pull/13382">#13382</a>)</p> </li> <li> <p>feat: enable full transition support for the rsc router (<a href="https://redirect.github.com/remix-run/react-router/pull/14362">#14362</a>)</p> </li> <li> <p>In RSC Data Mode, handle SSR'd client errors and re-try in the browser (<a href="https://redirect.github.com/remix-run/react-router/pull/14342">#14342</a>)</p> </li> <li> <p>Support <code>middleware</code> prop on <code><Route></code> for usage with a data router via <code>createRoutesFromElements</code> (<a href="https://redirect.github.com/remix-run/react-router/pull/14357">#14357</a>)</p> </li> <li> <p>Handle encoded question mark and hash characters in ancestor splat routes (<a href="https://redirect.github.com/remix-run/react-router/pull/14249">#14249</a>)</p> </li> <li> <p>Fail gracefully on manifest version mismatch logic if <code>sessionStorage</code> access is blocked (<a href="https://redirect.github.com/remix-run/react-router/pull/14335">#14335</a>)</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
398bb09880 |
build(deps): bump lru from 0.12.5 to 0.16.1 in /rust (#10650)
Bumps [lru](https://github.com/jeromefroe/lru-rs) from 0.12.5 to 0.16.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md">lru's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/jeromefroe/lru-rs/tree/0.16.1">v0.16.1</a> - 2025-09-08</h2> <ul> <li>Fix <code>Clone</code> for unbounded cache.</li> </ul> <h2><a href="https://github.com/jeromefroe/lru-rs/tree/0.16.0">v0.16.0</a> - 2025-07-02</h2> <ul> <li>Implement <code>Clone</code> for caches with custom hashers.</li> </ul> <h2><a href="https://github.com/jeromefroe/lru-rs/tree/0.15.0">v0.15.0</a> - 2025-06-26</h2> <ul> <li>Return bool from <code>promote</code> and <code>demote</code> to indicate whether key was found.</li> </ul> <h2><a href="https://github.com/jeromefroe/lru-rs/tree/0.14.0">v0.14.0</a> - 2025-04-12</h2> <ul> <li>Use <code>NonZeroUsize::MAX</code> instead of <code>unwrap()</code>, and update MSRV to 1.70.0.</li> </ul> <h2><a href="https://github.com/jeromefroe/lru-rs/tree/0.13.0">v0.13.0</a> - 2025-01-27</h2> <ul> <li>Add <code>peek_mru</code> and <code>pop_mru</code> methods, upgrade dependency on <code>hashbrown</code> to 0.15.2, and update MSRV to 1.65.0.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
3811a793f0 |
chore(connlib): log fatal tunnel errors (#10768)
Resolves: #10765 |
||
|
seer-by-sentry[bot]
|
ac7aaf820c |
fix(apple): move reset command to work queue (#10707)
Fixes [APPLE-CLIENT-7S](https://sentry.io/organizations/firezone-inc/issues/6812982801/). The issue was that: Synchronous access to `Adapter.systemConfigurationResolvers` during concurrent deallocation causes an EXC_BAD_ACCESS crash. - Moves the `reset` command execution to the `workQueue` to prevent potential deadlocks or race conditions when accessing shared resources or interacting with the network extension's internal state. This fix was generated by Seer in Sentry, triggered by jamil@firezone.dev. 👁️ Run ID: 2183818 Not quite right? [Click here to continue debugging with Seer.](https://sentry.io/organizations/firezone-inc/issues/6812982801/?seerDrawer=true) Fixes #10195 --------- Co-authored-by: seer-by-sentry[bot] <157164994+seer-by-sentry[bot]@users.noreply.github.com> Co-authored-by: Mariusz Klochowicz <mariusz@klochowicz.com> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
3308e3c010 |
fix(linux): introduce tiered routing tables (#10742)
With the fix of taking into account link-scoped routes in #10554 we introduced a bug: If a customer defines routes in Firezone that conflict with the link-scope ones, those currently take priority as they are usually more specific. To fix this, we introduce tiered routing tables controlled by a set of rules with different priority. 1. In the first "Firezone" routing table, we add all CIDR/IP routes that users define in Firezone. 2. In the second "Firezone" routing table, we sync in all link-scope routes from the system. 3. In the third "Firezone" routing table, we only add the Internet Resource if it is active. By evaluating the routing tables in this order, we effectively always prioritize Firezone-controlled routes over local ones but still allow access to LAN resources when the Internet Resource is active. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
9cde3265e7 |
chore: enable lints in dns-over-tcp (#10762)
Appears to have been an oversight when we first introduced this crate. |
||
|
dependabot[bot]
|
498c0de006 |
build(deps): bump the hilt group in /kotlin/android with 4 updates (#10735)
Bumps the hilt group in /kotlin/android with 4 updates: [com.google.dagger.hilt.android](https://github.com/google/dagger), [com.google.dagger:hilt-android](https://github.com/google/dagger), [com.google.dagger:hilt-android-compiler](https://github.com/google/dagger) and [com.google.dagger:hilt-android-testing](https://github.com/google/dagger). Updates `com.google.dagger.hilt.android` from 2.57.1 to 2.57.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/dagger/releases">com.google.dagger.hilt.android's releases</a>.</em></p> <blockquote> <h2>Dagger 2.57.2</h2> <h1>Bug fixes</h1> <ul> <li>Fixed <a href="https://redirect.github.com/google/dagger/issues/4847">#4847</a>: Fixed an issue with the Hilt Gradle Plugin registered transforms on projects using Gradle 9.0.0 (ea570e7)</li> <li>Fixes <a href="https://redirect.github.com/google/dagger/issues/4898">#4898</a>: Fixed an issue with backwards compatibility handling for libraries that export Hilt roots. (85c470ca4)</li> <li>Fixes <a href="https://redirect.github.com/google/dagger/issues/4937">#4937</a>: Fixed the incorrectly declared version of the Kotlin stdlib dependency in the Hilt Gradle Plugin. (deefd9a2d)</li> <li>Updated ASM dependency to 9.8 (365bc499d)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4fa92e514c |
build(deps): bump axum from 0.8.4 to 0.8.5 in /rust (#10719)
Bumps [axum](https://github.com/tokio-rs/axum) from 0.8.4 to 0.8.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/axum/releases">axum's releases</a>.</em></p> <blockquote> <h2>axum v0.8.5</h2> <ul> <li><strong>fixed:</strong> Reject JSON request bodies with trailing characters after the JSON document (<a href="https://redirect.github.com/tokio-rs/axum/issues/3453">#3453</a>)</li> <li><strong>added:</strong> Implement <code>OptionalFromRequest</code> for <code>Multipart</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/3220">#3220</a>)</li> <li><strong>added:</strong> Getter methods <code>Location::{status_code, location}</code></li> <li><strong>added:</strong> Support for writing arbitrary binary data into server-sent events (<a href="https://redirect.github.com/tokio-rs/axum/issues/3425">#3425</a>)]</li> <li><strong>added:</strong> <code>middleware::ResponseAxumBodyLayer</code> for mapping response body to <code>axum::body::Body</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/3469">#3469</a>)</li> <li><strong>added:</strong> <code>impl FusedStream for WebSocket</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/3443">#3443</a>)</li> <li><strong>changed:</strong> The <code>sse</code> module and <code>Sse</code> type no longer depend on the <code>tokio</code> feature (<a href="https://redirect.github.com/tokio-rs/axum/issues/3154">#3154</a>)</li> <li><strong>changed:</strong> If the location given to one of <code>Redirect</code>s constructors is not a valid header value, instead of panicking on construction, the <code>IntoResponse</code> impl now returns an HTTP 500, just like <code>Json</code> does when serialization fails (<a href="https://redirect.github.com/tokio-rs/axum/issues/3377">#3377</a>)</li> <li><strong>changed:</strong> Update minimum rust version to 1.78 (<a href="https://redirect.github.com/tokio-rs/axum/issues/3412">#3412</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/axum/issues/3154">#3154</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3154">tokio-rs/axum#3154</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3220">#3220</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3220">tokio-rs/axum#3220</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3377">#3377</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3377">tokio-rs/axum#3377</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3412">#3412</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3412">tokio-rs/axum#3412</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3425">#3425</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3425">tokio-rs/axum#3425</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3443">#3443</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3443">tokio-rs/axum#3443</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3453">#3453</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3453">tokio-rs/axum#3453</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3469">#3469</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3469">tokio-rs/axum#3469</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
97c69dfac6 |
build(deps): bump typescript-eslint from 8.34.1 to 8.44.1 in /rust/gui-client (#10723)
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.34.1 to 8.44.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's releases</a>.</em></p> <blockquote> <h2>v8.44.1</h2> <h2>8.44.1 (2025-09-22)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [no-base-to-string] make ignoredTypeNames match type names without generics (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11597">#11597</a>)</li> <li><strong>eslint-plugin:</strong> [no-unsafe-enum-comparison] support unions of literals (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11599">#11599</a>)</li> <li><strong>eslint-plugin:</strong> [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11611">#11611</a>)</li> <li><strong>typescript-estree:</strong> forbid class property with name <code>constructor</code> (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11590">#11590</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>fisker Cheung <a href="https://github.com/fisker"><code>@fisker</code></a></li> <li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@kirkwaiblinger</code></a></li> <li>mdm317</li> <li>Ronen Amiel</li> </ul> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>v8.44.0</h2> <h2>8.44.0 (2025-09-15)</h2> <h3>🚀 Features</h3> <ul> <li><strong>eslint-plugin:</strong> [await-thenable] report invalid (non-promise) values passed to promise aggregator methods (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11267">#11267</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>deps:</strong> update dependency <code>@eslint-community/eslint-utils</code> to v4.8.0 (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11589">#11589</a>)</li> <li><strong>eslint-plugin:</strong> [no-unnecessary-type-conversion] ignore enum members (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11490">#11490</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Moses Odutusin <a href="https://github.com/thebolarin"><code>@thebolarin</code></a></li> <li>Ronen Amiel</li> </ul> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>v8.43.0</h2> <h2>8.43.0 (2025-09-08)</h2> <h3>🚀 Features</h3> <ul> <li><strong>typescript-estree:</strong> disallow empty type parameter/argument lists (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11563">#11563</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [no-non-null-assertion] do not suggest optional chain on LHS of assignment (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11489">#11489</a>)</li> <li><strong>eslint-plugin:</strong> [no-unnecessary-type-conversion] only report ~~ on integer literal types (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11517">#11517</a>)</li> <li><strong>eslint-plugin:</strong> [consistent-type-exports] fix declaration shadowing (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11457">#11457</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's changelog</a>.</em></p> <blockquote> <h2>8.44.1 (2025-09-22)</h2> <p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>8.44.0 (2025-09-15)</h2> <p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>8.43.0 (2025-09-08)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [no-deprecated] should report deprecated exports and reexports (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11359">#11359</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Victor Genaev <a href="https://github.com/mainframev"><code>@mainframev</code></a></li> </ul> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>8.42.0 (2025-09-02)</h2> <h3>🚀 Features</h3> <ul> <li>deprecate tseslint.config() (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11531">#11531</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>typescript-eslint:</strong> handle non-normalized windows paths produced by jiti (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11546">#11546</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@kirkwaiblinger</code></a></li> </ul> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>8.41.0 (2025-08-25)</h2> <p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p> <p>You can read about our <a href="https://main--typescript-eslint.netlify.app/users/versioning">versioning strategy</a> and <a href="https://main--typescript-eslint.netlify.app/users/releases">releases</a> on our website.</p> <h2>8.40.0 (2025-08-18)</h2> <h3>🩹 Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
08e95d124b |
build(deps): bump libc from 0.2.175 to 0.2.176 in /rust (#10738)
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.175 to 0.2.176. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/releases">libc's releases</a>.</em></p> <blockquote> <h2>0.2.176</h2> <h3>Support</h3> <ul> <li>The default FreeBSD version has been raised from 11 to 12. This matches <code>rustc</code> since 1.78. (<a href="https://redirect.github.com/rust-lang/libc/pull/2406">#2406</a>)</li> <li><code>Debug</code> is now always implemented, rather than being gated behind the <code>extra_traits</code> feature. (<a href="https://redirect.github.com/rust-lang/libc/pull/4624">#4624</a>)</li> </ul> <h3>Added</h3> <ul> <li>AIX: Restore some non-POSIX functions guarded by the <code>_KERNEL</code> macro. (<a href="https://redirect.github.com/rust-lang/libc/pull/4607">#4607</a>)</li> <li>FreeBSD 14: Add <code>st_fileref</code> to <code>struct stat</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4642">#4642</a>)</li> <li>Haiku: Add the <code>accept4</code> POSIX call (<a href="https://redirect.github.com/rust-lang/libc/pull/4586">#4586</a>)</li> <li>Introduce a wrapper for representing padding (<a href="https://redirect.github.com/rust-lang/libc/pull/4632">#4632</a>)</li> <li>Linux: Add <code>EM_RISCV</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4659">#4659</a>)</li> <li>Linux: Add <code>MS_NOSYMFOLLOW</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4389">#4389</a>)</li> <li>Linux: Add <code>backtrace_symbols(_fd)</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4668">#4668</a>)</li> <li>Linux: Add missing <code>SOL_PACKET</code> optnames (<a href="https://redirect.github.com/rust-lang/libc/pull/4669">#4669</a>)</li> <li>Musl s390x: Add <code>SYS_mseal</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4549">#4549</a>)</li> <li>NuttX: Add <code>__errno</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4687">#4687</a>)</li> <li>Redox: Add <code>dirfd</code>, <code>VDISABLE</code>, and resource consts (<a href="https://redirect.github.com/rust-lang/libc/pull/4660">#4660</a>)</li> <li>Redox: Add more <code>resource.h</code>, <code>fcntl.h</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4666">#4666</a>)</li> <li>Redox: Enable <code>strftime</code> and <code>mkostemp[s]</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4629">#4629</a>)</li> <li>Unix, Windows: Add <code>qsort_r</code> (Unix), and <code>qsort(_s)</code> (Windows) (<a href="https://redirect.github.com/rust-lang/libc/pull/4677">#4677</a>)</li> <li>Unix: Add <code>dlvsym</code> for Linux-gnu, FreeBSD, and NetBSD (<a href="https://redirect.github.com/rust-lang/libc/pull/4671">#4671</a>)</li> <li>Unix: Add <code>sigqueue</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4620">#4620</a>)</li> </ul> <h3>Changed</h3> <ul> <li>FreeBSD 15: Mark <code>kinfo_proc</code> as non-exhaustive (<a href="https://redirect.github.com/rust-lang/libc/pull/4553">#4553</a>)</li> <li>FreeBSD: Set the ELF symbol version for <code>readdir_r</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4694">#4694</a>)</li> <li>Linux: Correct the config for whether or not <code>epoll_event</code> is packed (<a href="https://redirect.github.com/rust-lang/libc/pull/4639">#4639</a>)</li> <li>Tests: Replace the old <code>ctest</code> with the much more reliable new implementation (<a href="https://redirect.github.com/rust-lang/libc/pull/4655">#4655</a> and many related PRs)</li> </ul> <h3>Fixed</h3> <ul> <li>AIX: Fix the type of the 4th arguement of <code>getgrnam_r</code> ([#4656](<a href="https://redirect.github.com/rust-lang/libc/pull/4656">rust-lang/libc#4656</a></li> <li>FreeBSD: Limit <code>P_IDLEPROC</code> to FreeBSD 15 (<a href="https://redirect.github.com/rust-lang/libc/pull/4640">#4640</a>)</li> <li>FreeBSD: Limit <code>mcontext_t::mc_tlsbase</code> to FreeBSD 15 (<a href="https://redirect.github.com/rust-lang/libc/pull/464">#4640</a>)</li> <li>FreeBSD: Update gating of <code>mcontext_t.mc_tlsbase</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4703">#4703</a>)</li> <li>Musl s390x: Correct the definition of <code>statfs[64]</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4549">#4549</a>)</li> <li>Musl s390x: Make <code>fpreg_t</code> a union (<a href="https://redirect.github.com/rust-lang/libc/pull/4549">#4549</a>)</li> <li>Redox: Fix the types of <code>gid_t</code> and <code>uid_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4689">#4689</a>)</li> <li>Redox: Fix the value of <code>MAP_FIXED</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4684">#4684</a>)</li> </ul> <h3>Deprecated</h3> <ul> <li>Apple: Correct the <code>deprecated</code> attribute for <code>iconv</code> (<a href=" |
||
|
dependabot[bot]
|
4c04d78da2 |
build(deps): bump serde from 1.0.223 to 1.0.228 in /rust (#10731)
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.223 to 1.0.228. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/serde/releases">serde's releases</a>.</em></p> <blockquote> <h2>v1.0.228</h2> <ul> <li>Allow building documentation with <code>RUSTDOCFLAGS='--cfg=docsrs'</code> set for the whole dependency graph (<a href="https://redirect.github.com/serde-rs/serde/issues/2995">#2995</a>)</li> </ul> <h2>v1.0.227</h2> <ul> <li>Documentation improvements (<a href="https://redirect.github.com/serde-rs/serde/issues/2991">#2991</a>)</li> </ul> <h2>v1.0.226</h2> <ul> <li>Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (<a href="https://redirect.github.com/serde-rs/serde/issues/2935">#2935</a>, thanks <a href="https://github.com/Mingun"><code>@Mingun</code></a>)</li> </ul> <h2>v1.0.225</h2> <ul> <li>Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains its own deprecations (<a href="https://redirect.github.com/serde-rs/serde/issues/2879">#2879</a>, thanks <a href="https://github.com/rcrisanti"><code>@rcrisanti</code></a>)</li> </ul> <h2>v1.0.224</h2> <ul> <li>Remove private types being suggested in rustc diagnostics (<a href="https://redirect.github.com/serde-rs/serde/issues/2979">#2979</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
3e9ef4772b |
feat(gateway): extend flow logs with more client properties (#10717)
In order to make the flow logs emitted by the Gateway more useful and self-contained, we extend the `authorize_flow` message sent to the Gateway with some more context around the Client and Actor of that flow. In particular, we now also send the following to the Gateway: - `client_version` - `device_os_version` - `device_os_name` - `device_serial` - `device_uuid` - `device_identifier_for_vendor` - `device_firebase_installation_id` - `identity_id` - `identity_name` - `actor_id` - `actor_email` We only extend the `authorize_flow` message with these additional properties. The legacy messages for 1.3.x Clients remain as is. For those Clients, the above properties will be empty in the flow logs. Resolves: #10690 --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
dependabot[bot]
|
f872754540 |
build(deps): bump the netlink group in /rust with 3 updates (#10635)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps the netlink group in /rust with 3 updates: [netlink-packet-core](https://github.com/rust-netlink/netlink-packet-core), [netlink-packet-route](https://github.com/rust-netlink/netlink-packet-route) and [rtnetlink](https://github.com/rust-netlink/rtnetlink). Updates `netlink-packet-core` from 0.7.0 to 0.8.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-netlink/netlink-packet-core/releases">netlink-packet-core's releases</a>.</em></p> <blockquote> <h2>New release 0.8.1</h2> <h3>Breaking changes</h3> <ul> <li>N/A</li> </ul> <h3>New features</h3> <ul> <li>N/A</li> </ul> <h3>Bug fixes</h3> <ul> <li>Revert back to paste dependency. (4447216)</li> </ul> <h2>New release 0.8.0</h2> <h3>Breaking changes</h3> <ul> <li>Changed <code>DecodeError</code> from enum to struct. (f55d7b7, 63da36a)</li> <li>Merged <code>netlink-packet-utils</code> into <code>netlink-packet-core</code>. (f55d7b7, 0951455, ba127bf, a232478, 8027f63, 41fe03d, 260e596, cc6bf08, 63da36a, 410c61d)</li> <li>Remove dependency of byteorder crate. (16d63fb)</li> </ul> <h3>New features</h3> <ul> <li>Support zero sized done message. (100413a)</li> </ul> <h3>Bug fixes</h3> <ul> <li>N/A</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-netlink/netlink-packet-core/blob/main/CHANGELOG">netlink-packet-core's changelog</a>.</em></p> <blockquote> <h2>[0.8.1] - 2025-09-18</h2> <h3>Breaking changes</h3> <ul> <li>N/A</li> </ul> <h3>New features</h3> <ul> <li>N/A</li> </ul> <h3>Bug fixes</h3> <ul> <li>Revert back to paste dependency. (4447216)</li> </ul> <h2>[0.8.0] - 2025-08-27</h2> <h3>Breaking changes</h3> <ul> <li>Changed <code>DecodeError</code> from enum to struct. (f55d7b7, 63da36a)</li> <li>Merged <code>netlink-packet-utils</code> into <code>netlink-packet-core</code>. (f55d7b7, 0951455, ba127bf, a232478, 8027f63, 41fe03d, 260e596, cc6bf08, 63da36a, 410c61d)</li> <li>Remove dependency of byteorder crate. (16d63fb)</li> </ul> <h3>New features</h3> <ul> <li>Support zero sized done message. (100413a)</li> </ul> <h3>Bug fixes</h3> <ul> <li>N/A</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
941f6f3d1c |
build(deps): bump secrecy from 0.8.0 to 0.10.3 in /rust (#10631)
Bumps [secrecy](https://github.com/iqlusioninc/crates) from 0.8.0 to 0.10.3. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/iqlusioninc/crates/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
dependabot[bot]
|
a22c7c9918 |
build(deps): bump proptest-state-machine from 0.4.0 to 0.5.0 in /rust (#10725)
Bumps [proptest-state-machine](https://github.com/proptest-rs/proptest) from 0.4.0 to 0.5.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3cef16e09b |
build(deps): bump tokio-tungstenite from 0.27.0 to 0.28.0 in /rust (#10730)
Bumps [tokio-tungstenite](https://github.com/snapview/tokio-tungstenite) from 0.27.0 to 0.28.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/snapview/tokio-tungstenite/blob/master/CHANGELOG.md">tokio-tungstenite's changelog</a>.</em></p> <blockquote> <h1>0.28.0</h1> <ul> <li>Update <code>tungstenite</code> to <code>0.18.0</code>. See <a href="https://github.com/snapview/tungstenite-rs/blob/master/CHANGELOG.md"><code>tungstenite</code> release</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
5196c2988e |
build(deps): update to mio v1.1.0 (#10756)
The patch we have contributed to `mio` has been merged and released. We remove the dependency on our fork again. |
||
|
dependabot[bot]
|
7a0a3a050f |
build(deps): bump network-types from 0.0.8 to 0.1.0 in /rust (#10644)
Bumps [network-types](https://github.com/vadorovsky/network-types) from 0.0.8 to 0.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vadorovsky/network-types/blob/main/CHANGELOG.md">network-types's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>, and this project adheres to <a href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2>[Unreleased]</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c59b3e107c |
build(deps): bump getsentry/action-release from 3.2.0 to 3.3.0 in /.github/actions/create-sentry-release (#10671)
Bumps [getsentry/action-release](https://github.com/getsentry/action-release) from 3.2.0 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/action-release/releases">getsentry/action-release's releases</a>.</em></p> <blockquote> <h2>3.3.0</h2> <h3>Various fixes & improvements</h3> <ul> <li>chore: pin cache action (<a href="https://redirect.github.com/getsentry/action-release/issues/290">#290</a>) by <a href="https://github.com/saibotk"><code>@saibotk</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/action-release/blob/master/CHANGELOG.md">getsentry/action-release's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>3.3.0</h2> <h3>Various fixes & improvements</h3> <ul> <li>chore: pin cache action (<a href="https://redirect.github.com/getsentry/action-release/issues/290">#290</a>) by <a href="https://github.com/saibotk"><code>@saibotk</code></a></li> <li>chore: Set docker tag for master [skip ci] (ae1d1cd5) by <a href="https://github.com/getsantry"><code>@getsantry</code></a>[bot]</li> </ul> <h2>3.2.0</h2> <h3>Various fixes & improvements</h3> <ul> <li>chore: Set docker tag for master [skip ci] (e8340952) by <a href="https://github.com/getsantry"><code>@getsantry</code></a>[bot]</li> <li>feat: Bump to node 20.19.2 (<a href="https://redirect.github.com/getsentry/action-release/issues/284">#284</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> <li>chore: Set docker tag for master [skip ci] (ec695e24) by <a href="https://github.com/getsantry"><code>@getsantry</code></a>[bot]</li> </ul> <h2>3.1.2</h2> <ul> <li>fix: Preserve existing Node version on macOS and Windows runners (<a href="https://redirect.github.com/getsentry/action-release/issues/280">#280</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <h2>3.1.1</h2> <ul> <li>fix: Only pass <code>urlPrefix</code> to sentry-cli if it's not empty (<a href="https://redirect.github.com/getsentry/action-release/issues/275">#275</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <h2>3.1.0</h2> <ul> <li>feat: Add <code>release</code> and <code>release_prefix</code> in favor of <code>version</code> and <code>version_prefix</code> (<a href="https://redirect.github.com/getsentry/action-release/issues/273">#273</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <p>Input parameter <code>version</code> has been deprecated and will be removed in a future version in favor of a newly introduced <code>release</code> parameter.</p> <p>Input parameter <code>version_prefix</code> has been deprecated and will be removed in a future version in favor of a newly introduced <code>release_prefix</code> parameter.</p> <h2>3.0.0</h2> <p>Version <code>3.0.0</code> contains breaking changes:</p> <ul> <li>feat(sourcemaps)!: Enable injecting debug ids by default (<a href="https://redirect.github.com/getsentry/action-release/issues/272">#272</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <p>The action now automatically injects Debug IDs into your JavaScript source files and source maps to ensure your stacktraces can be properly un-minified.</p> <p>This is a <strong>breaking change as it modifies your source files</strong>. You can disable this behavior by setting <code>inject: false</code>:</p> <pre lang="yaml"><code>- uses: getsentry/action-release@v3 with: environment: 'production' sourcemaps: './dist' inject: false </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
39b2f61cfd |
fix(ci): ensure version markers are replaced across all files (#10752)
Upon moving the version string from PKG_VERSION and Cargo.toml, we lost the bump version automation. To avoid more bugs here in the future, we now check for the version marker across all Git-tracked files, regardless of their extension. Fixes #10748 --------- Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Jamil
|
54e6f8bc0f |
chore(ci): replace macos-13 runners with macos-26 (#10753)
https://github.com/actions/runner-images/issues/13046 Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Mariusz Klochowicz
|
ac6b3922be |
fix(apple): don't call setConfiguration when not connected (#10747)
Skip `setConfiguration()` IPC call when not in connected state; this was observed as the root cause of the utun interface increments which we've seen recently. Note: `utun` increments can still happen during other IPC calls when not signed in, notably during log export when signed out of Firezone. This is not a major issue though, as other IPC calls happen only as a result of user interaction between network extension sleeps. To fully get rid of the problem, we should address #10754. To ensure we still are able to pass on configuration before sign in, we are now passing configuration directly in the startTunnel() options dictionary. Fixes #10603 |
||
|
Firezone Bot
|
04f4415344 |
chore: publish android-client 1.5.6 (#10745)
Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Thomas Eizinger
|
4e95dd1cb6 |
ci: fail fast inside the merge queue (#10746)
Setting `fail-fast: false` unsurprisingly makes our CI fail pretty slowly. This is especially noticable in the merge queue where a long-running job could still hold up the entire queue even though a different job has failed already and the PR is never going to make it in anyway. To avoid this scenario, we set `fail-fast: true` whenever we are in the merge queue. |
||
|
dependabot[bot]
|
d5c3c67dc4 |
build(deps-dev): bump eslint-config-next from 15.5.3 to 15.5.4 in /website (#10728)
Bumps
[eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)
from 15.5.3 to 15.5.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">eslint-config-next's
releases</a>.</em></p>
<blockquote>
<h2>v15.5.4</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>fix: ensure onRequestError is invoked when otel enabled (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83343">#83343</a>)</li>
<li>fix: devtools initial position should be from next config (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83571">#83571</a>)</li>
<li>[devtool] fix overlay styles are missing (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83721">#83721</a>)</li>
<li>Turbopack: don't match dynamic pattern for node_modules packages (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83176">#83176</a>)</li>
<li>Turbopack: don't treat metadata routes as RSC (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/82911">#82911</a>)</li>
<li>[turbopack] Improve handling of symlink resolution errors in
track_glob and read_glob (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83357">#83357</a>)</li>
<li>Turbopack: throw large static metadata error earlier (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/82939">#82939</a>)</li>
<li>fix: error overlay not closing when backdrop clicked (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83981">#83981</a>)</li>
<li>Turbopack: flush Node.js worker IPC on error (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/84077">#84077</a>)</li>
</ul>
<h3>Misc Changes</h3>
<ul>
<li>[CNA] use linter preference (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83194">#83194</a>)</li>
<li>CI: use KV for test timing data (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83745">#83745</a>)</li>
<li>docs: september improvements and fixes (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83997">#83997</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/yiminghe"><code>@yiminghe</code></a>, <a
href="https://github.com/huozhi"><code>@huozhi</code></a>, <a
href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>,
<a href="https://github.com/mischnic"><code>@mischnic</code></a>, <a
href="https://github.com/lukesandberg"><code>@lukesandberg</code></a>,
<a href="https://github.com/ztanner"><code>@ztanner</code></a>, <a
href="https://github.com/icyJoseph"><code>@icyJoseph</code></a>, <a
href="https://github.com/leerob"><code>@leerob</code></a>, <a
href="https://github.com/fufuShih"><code>@fufuShih</code></a>, <a
href="https://github.com/dwrth"><code>@dwrth</code></a>, <a
href="https://github.com/aymericzip"><code>@aymericzip</code></a>, <a
href="https://github.com/obendev"><code>@obendev</code></a>, <a
href="https://github.com/molebox"><code>@molebox</code></a>, <a
href="https://github.com/OoMNoO"><code>@OoMNoO</code></a>, <a
href="https://github.com/pontasan"><code>@pontasan</code></a>, <a
href="https://github.com/styfle"><code>@styfle</code></a>, <a
href="https://github.com/HondaYt"><code>@HondaYt</code></a>, <a
href="https://github.com/ryuapp"><code>@ryuapp</code></a>, <a
href="https://github.com/lpalmes"><code>@lpalmes</code></a>, and <a
href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="
|
||
|
dependabot[bot]
|
d11c5a6eab |
build(deps): bump framer-motion from 12.23.18 to 12.23.22 in /website (#10721)
Bumps [framer-motion](https://github.com/motiondivision/motion) from 12.23.18 to 12.23.22. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[12.23.22] 2025-09-25</h2> <h3>Added</h3> <ul> <li>Exporting <code>HTMLElements</code> and <code>useComposedRefs</code> type for internal use.</li> </ul> <h2>[12.23.21] 2025-09-24</h2> <h3>Fixed</h3> <ul> <li>Fixing main-thread <code>scroll</code> with animations that contain <code>delay</code>.</li> </ul> <h2>[12.23.20] 2025-09-24</h2> <h3>Fixed</h3> <ul> <li>Suppress non-animatable value warning for instant animations.</li> </ul> <h2>[12.23.19] 2025-09-23</h2> <h3>Fixed</h3> <ul> <li>Remove support for changing <code>ref</code> prop.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d2249a4898 |
build(deps): bump @next/mdx from 15.5.3 to 15.5.4 in /website (#10729)
Bumps
[@next/mdx](https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx)
from 15.5.3 to 15.5.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases"><code>@next/mdx</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v15.5.4</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>fix: ensure onRequestError is invoked when otel enabled (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83343">#83343</a>)</li>
<li>fix: devtools initial position should be from next config (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83571">#83571</a>)</li>
<li>[devtool] fix overlay styles are missing (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83721">#83721</a>)</li>
<li>Turbopack: don't match dynamic pattern for node_modules packages (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83176">#83176</a>)</li>
<li>Turbopack: don't treat metadata routes as RSC (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/82911">#82911</a>)</li>
<li>[turbopack] Improve handling of symlink resolution errors in
track_glob and read_glob (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83357">#83357</a>)</li>
<li>Turbopack: throw large static metadata error earlier (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/82939">#82939</a>)</li>
<li>fix: error overlay not closing when backdrop clicked (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83981">#83981</a>)</li>
<li>Turbopack: flush Node.js worker IPC on error (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/84077">#84077</a>)</li>
</ul>
<h3>Misc Changes</h3>
<ul>
<li>[CNA] use linter preference (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83194">#83194</a>)</li>
<li>CI: use KV for test timing data (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83745">#83745</a>)</li>
<li>docs: september improvements and fixes (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83997">#83997</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/yiminghe"><code>@yiminghe</code></a>, <a
href="https://github.com/huozhi"><code>@huozhi</code></a>, <a
href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>,
<a href="https://github.com/mischnic"><code>@mischnic</code></a>, <a
href="https://github.com/lukesandberg"><code>@lukesandberg</code></a>,
<a href="https://github.com/ztanner"><code>@ztanner</code></a>, <a
href="https://github.com/icyJoseph"><code>@icyJoseph</code></a>, <a
href="https://github.com/leerob"><code>@leerob</code></a>, <a
href="https://github.com/fufuShih"><code>@fufuShih</code></a>, <a
href="https://github.com/dwrth"><code>@dwrth</code></a>, <a
href="https://github.com/aymericzip"><code>@aymericzip</code></a>, <a
href="https://github.com/obendev"><code>@obendev</code></a>, <a
href="https://github.com/molebox"><code>@molebox</code></a>, <a
href="https://github.com/OoMNoO"><code>@OoMNoO</code></a>, <a
href="https://github.com/pontasan"><code>@pontasan</code></a>, <a
href="https://github.com/styfle"><code>@styfle</code></a>, <a
href="https://github.com/HondaYt"><code>@HondaYt</code></a>, <a
href="https://github.com/ryuapp"><code>@ryuapp</code></a>, <a
href="https://github.com/lpalmes"><code>@lpalmes</code></a>, and <a
href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="
|
||
|
dependabot[bot]
|
29aede5e79 |
build(deps): bump actions/cache from 4.2.3 to 4.3.0 (#10734)
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to 4.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>Add note on runner versions by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li> <li>Prepare <code>v4.3.0</code> release by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1655">actions/cache#1655</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4...v4.3.0">https://github.com/actions/cache/compare/v4...v4.3.0</a></p> <h2>v4.2.4</h2> <h2>What's Changed</h2> <ul> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1620">actions/cache#1620</a></li> <li>Upgrade <code>@actions/cache</code> to <code>4.0.5</code> and move <code>@protobuf-ts/plugin</code> to dev depdencies by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1634">actions/cache#1634</a></li> <li>Prepare release <code>4.2.4</code> by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1636">actions/cache#1636</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1620">actions/cache#1620</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4...v4.2.4">https://github.com/actions/cache/compare/v4...v4.2.4</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>4.3.0</h3> <ul> <li>Bump <code>@actions/cache</code> to <a href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li> </ul> <h3>4.2.4</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.5</li> </ul> <h3>4.2.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in debug logs for cache entries)</li> </ul> <h3>4.2.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.2</li> </ul> <h3>4.2.1</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.1</li> </ul> <h3>4.2.0</h3> <p>TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. <a href="https://github.com/actions/cache">actions/cache</a> now integrates with the new cache service (v2) APIs.</p> <p>The new service will gradually roll out as of <strong>February 1st, 2025</strong>. The legacy service will also be sunset on the same date. Changes in these release are <strong>fully backward compatible</strong>.</p> <p><strong>We are deprecating some versions of this action</strong>. We recommend upgrading to version <code>v4</code> or <code>v3</code> as soon as possible before <strong>February 1st, 2025.</strong> (Upgrade instructions below).</p> <p>If you are using pinned SHAs, please use the SHAs of versions <code>v4.2.0</code> or <code>v3.4.0</code></p> <p>If you do not upgrade, all workflow runs using any of the deprecated <a href="https://github.com/actions/cache">actions/cache</a> will fail.</p> <p>Upgrading to the recommended versions will not break your workflows.</p> <h3>4.1.2</h3> <ul> <li>Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - <a href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li> <li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li> </ul> <h3>4.1.1</h3> <ul> <li>Restore original behavior of <code>cache-hit</code> output - <a href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li> </ul> <h3>4.1.0</h3> <ul> <li>Ensure <code>cache-hit</code> output is set when a cache is missed - <a href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li> <li>Deprecate <code>save-always</code> input - <a href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
51ef2ad353 |
build(deps): bump next from 15.5.3 to 15.5.4 in /website (#10736)
Bumps [next](https://github.com/vercel/next.js) from 15.5.3 to 15.5.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.4</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: ensure onRequestError is invoked when otel enabled (<a href="https://redirect.github.com/vercel/next.js/issues/83343">#83343</a>)</li> <li>fix: devtools initial position should be from next config (<a href="https://redirect.github.com/vercel/next.js/issues/83571">#83571</a>)</li> <li>[devtool] fix overlay styles are missing (<a href="https://redirect.github.com/vercel/next.js/issues/83721">#83721</a>)</li> <li>Turbopack: don't match dynamic pattern for node_modules packages (<a href="https://redirect.github.com/vercel/next.js/issues/83176">#83176</a>)</li> <li>Turbopack: don't treat metadata routes as RSC (<a href="https://redirect.github.com/vercel/next.js/issues/82911">#82911</a>)</li> <li>[turbopack] Improve handling of symlink resolution errors in track_glob and read_glob (<a href="https://redirect.github.com/vercel/next.js/issues/83357">#83357</a>)</li> <li>Turbopack: throw large static metadata error earlier (<a href="https://redirect.github.com/vercel/next.js/issues/82939">#82939</a>)</li> <li>fix: error overlay not closing when backdrop clicked (<a href="https://redirect.github.com/vercel/next.js/issues/83981">#83981</a>)</li> <li>Turbopack: flush Node.js worker IPC on error (<a href="https://redirect.github.com/vercel/next.js/issues/84077">#84077</a>)</li> </ul> <h3>Misc Changes</h3> <ul> <li>[CNA] use linter preference (<a href="https://redirect.github.com/vercel/next.js/issues/83194">#83194</a>)</li> <li>CI: use KV for test timing data (<a href="https://redirect.github.com/vercel/next.js/issues/83745">#83745</a>)</li> <li>docs: september improvements and fixes (<a href="https://redirect.github.com/vercel/next.js/issues/83997">#83997</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/yiminghe"><code>@yiminghe</code></a>, <a href="https://github.com/huozhi"><code>@huozhi</code></a>, <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, <a href="https://github.com/mischnic"><code>@mischnic</code></a>, <a href="https://github.com/lukesandberg"><code>@lukesandberg</code></a>, <a href="https://github.com/ztanner"><code>@ztanner</code></a>, <a href="https://github.com/icyJoseph"><code>@icyJoseph</code></a>, <a href="https://github.com/leerob"><code>@leerob</code></a>, <a href="https://github.com/fufuShih"><code>@fufuShih</code></a>, <a href="https://github.com/dwrth"><code>@dwrth</code></a>, <a href="https://github.com/aymericzip"><code>@aymericzip</code></a>, <a href="https://github.com/obendev"><code>@obendev</code></a>, <a href="https://github.com/molebox"><code>@molebox</code></a>, <a href="https://github.com/OoMNoO"><code>@OoMNoO</code></a>, <a href="https://github.com/pontasan"><code>@pontasan</code></a>, <a href="https://github.com/styfle"><code>@styfle</code></a>, <a href="https://github.com/HondaYt"><code>@HondaYt</code></a>, <a href="https://github.com/ryuapp"><code>@ryuapp</code></a>, <a href="https://github.com/lpalmes"><code>@lpalmes</code></a>, and <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |