mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
52efb280ee6603dd46be3afe7e795e45d29f7789
7088 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Thomas Eizinger
|
52efb280ee |
chore(ip-packet): print length of payload (#8913)
This is useful when debugging things. |
||
|
Thomas Eizinger
|
e0faddf43f |
chore(connlib): maintain order within a single GSO batch (#8912)
Generic Segmentation Offload (GSO) is a clever way of reducing the number of syscalls made when a you want to send a lot of packets with the same length to the same recipient. The way this works is that the packets are concatenated and passed to the kernel as a single packet together with the `segment_size` as an out-of-band argument. The component managing this batching in `connlib` is called `GsoQueue`. In #8772, we made the order in which these batches are sent to the kernel explicit by prioritising batches with smaller segments. What we overlooked with that strategy is that in a particular GSO batch, the last packet is actually allowed to be of a different length. For example, say the user is downloading an image of 4500Kb. With our MTU of 1280, we have a payload size of 1252. This results in three fully-filled packets and one packet of 744 bytes. With the change in #8772, the small packet of 744 bytes will be transferred first, followed by the "train" of fully filled packets. To fix this, we flip the order here and transfer batches or larger sizes first. The original problem we attempted to mitigate in #8772 no longer exists now that we merged #7590. We will simply suspend now if the UDP socket isn't ready contrary to dropping the next batch. By flipping the order here, we guarantee that batches with a larger size are sent before batches with a smaller size. This should also imply that the encapsulated IP packets of e.g. an image arrive in the correct order (with the smallest packet last as it is part of a smaller batch). What we don't guarantee with this is that there won't be any other IP packets sent "in the middle" of such a batch. This shouldn't be a problem though as we are simply interleaving packets of different TCP / UDP connections with each other which already happens on the regular Internet anyway. |
||
|
Jamil
|
050a27cb07 |
chore: Update environments for slot management (#8911)
Bumps environments to address drift and remove slot management from terraform. See https://github.com/firezone/environments/pull/22 See https://github.com/firezone/environments/pull/21 |
||
|
Jamil
|
48319df9f0 |
revert(#8893): Revert adding wal2json dev image (#8908)
Turns out that the standard `pgoutput` plugin shipped with Postgres will do everything we need it to, and there are good examples of prior art decoding its binary output in Elixir (in production). So to avoid adding a dependency on `wal2json` here, we'll go with that. |
||
|
Brian Manifold
|
3f3f007920 |
fix(portal): Update copy to clipboard button (#8907)
Why: * The copy to clipboard button was not working at all on the API new token page due to the fact that the FlowbiteJS library expects the presence of the elements in the DOM on first render. This was not true of the API Token code block. Along with that issue the existing code blocks copy to clipboard buttons did not give any visual indication that the copy had been completed. It was also somewhat difficult to see the copy to clipboard button on those code blocks as well. This commit updates the buttons to be more visible, as well as adds a phx-hook to make sure the FlowbiteJS init functions are run on every code block even if it's inserted after the initial load of the page and adds functions that are run as a callback to toggle the button text and icon to show the text has been copied. |
||
|
Jamil
|
4fbfa5247f |
chore(ci): Remove version override from buildx (#8904)
The override we needed from before is no longer needed. |
||
|
Jamil
|
7e052313af |
feat(infra): Enable wal logical for dev (#8879)
Enables `wal_level = logical` so we can start implementing CDC. **WARNING**: This will trigger a restart of our database instance, so it should be deployed during our standard maintenance window (Saturday evening). |
||
|
Jamil
|
f6ae7559e8 |
feat(ci): Add custom postgres Dockerfile for wal2json (#8893)
In order to develop and test WAL replication, we need the wal2json module installed in our dev postgres image. The module itself builds very quickly, but I thought it would be better to have this automatically built and pushed as part of a nightly job so that CI and developers can make use of it. |
||
|
Jamil
|
1a1c812f66 |
fix(portal): Set migration_lock to advisory lock (#8902)
The migration that failed today got hung up on a global migration lock. This PR would alleviate that if we also run the index creation concurrently, which we should do in many cases. See https://hexdocs.pm/ecto_sql/Ecto.Migration.html#index/3-adding-dropping-indexes-concurrently |
||
|
Jamil
|
5c084971c0 |
fix(portal): Reduce occupancy of reservations (#8900)
See
|
||
|
Jamil
|
5f3cf82eef |
chore(infra): Bump tf envs to deploy replication conf to staging (#8896)
See https://github.com/firezone/environments/pull/20 |
||
|
Jamil
|
f181a3245b |
chore(website): Remove old docs (#8895)
These confuse users and are horribly outdated. Fixes #8528 |
||
|
Jamil
|
0a2a393d4c |
fix(portal): Prevent additional email identities per actor (#8888)
This is a UI-only change for now to serve as a stop-gap while we work to overhaul the identity domain model. Related: #6294 |
||
|
Jamil
|
8293e6c440 |
fix(portal): Don't peek groups for api_client actors (#8890)
API clients don't belong to any actor_groups and attempting to deep link into the `groups` section when viewing an actor raises a 500 error. This PR fixes that by removing the deep link into `actor_groups` from the actors index view. |
||
|
Jamil
|
0f300f2484 |
fix(portal): Prevent dupe sync adapters (#8887)
Prevents more than one sync-enabled adapter per account in order to prepare for eventually adding a unique constraint on `provider_identifier` for identities and groups per account. Related: #6294 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Brian Manifold <bmanifold@users.noreply.github.com> |
||
|
Thomas Eizinger
|
ac5e44d5d0 |
feat(connlib): request larger buffers for UDP sockets (#8731)
Sufficiently large receive buffers are important to sustain high-throughput as latency increases. If the receive buffer in the kernel is too small, packets need to be dropped on arrival. Firefox uses 1MB in its QUIC stack [0]. `quic-go` recommends to set send and receive buffers to 7.5 MB [1]. Power users of Firezone are likely receiving a lot more traffic than the average Firefox user (especially with Internet Resource activated) so setting it to 10 MB seems reasonable. Sending packets is likely not as critical because we have back-pressure through our system such that we will stop reading IP packets when we cannot write to our UDP socket. The UDP socket is sitting in a separate thread and those threads are connected with dedicated queues which act as another buffer. However, as the data below shows, some systems have really small send buffers which are currently likely a speed bottleneck because we need to suspend writing so frequently. Assuming a 50ms latency, the bandwidth-delay product tells us that we can (in theory) saturate a 1.6 Gbps link with a 10MB receive buffer (assuming the OS also has large enough buffer sizes in its TCP or QUIC stack): ``` 80 Mb / 0.05s = 1600Mbps ``` Experiments and research [2] show the following: |OS|Receive buffer (default)|Receive buffer (this PR)|Send buffer (default)|Send buffer (this PR)| |---|---|---|---|---| |Windows|65KB|10MB|65KB|1MB| |MacOS|786KB|8MB|9KB|1MB| |Linux|212KB|212KB|212KB|212KB| With the exception of Linux, the OSes appear to be quite generous with how big they allow receive buffers to be. On Linux, these limit can be changed by setting the `core.net.rmem_max` and `core.net.wmem_max` parameters using `sysctl`. Most of our users are on Windows and MacOS, meaning they immediately benefit from this without having to change any system settings. Larger client-side UDP receive buffers are critical for any "download" scenario which is likely the majority of usecases that Firezone is used for. On Windows, increasing this receive buffer almost doubles the throughput in an iperf3 download test. [0]: https://github.com/mozilla/neqo/pull/2470 [1]: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes [2]: https://unix.stackexchange.com/a/424381 --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
93036734ae |
build(rust): move our own windows dependency to 0.61.0 (#8730)
Version `0.61.0` is what most of our dependencies bring in, so depending on that allows us to unify the dependency tree here. |
||
|
Thomas Eizinger
|
44a402e1db |
feat(connlib): increase the number of GRO batches (#8874)
When reading from our UDP socket, we utilise GRO to read multiple packets originating from the same IP + port and with the same length in a single syscall. Currently, we can read up to 10 different combinations here in a single syscall. `quinn_udp` actually exposes a constant for how many batches it can handle at a time. Instead of hard-coding the value 10, we now follow this constant. On Linux and MacOS (with `apple-fast-datapath`), this constant has the value 32. On Windows, it is 1. Even on my not-so-fast Internet connection of 100Mbit, I can see an increase in batch-count of up to 29 so increasing this value seems to be definitely worth it. |
||
|
Thomas Eizinger
|
74ff39ec6d |
fix(connlib): shortcut DatagramSegmentIter on len (#8877)
When the `recv` syscall completes, `quinn-udp` tells us how many batches we have read. On Windows, this is always 1 because Windows doesn't have an APIs to read more than a single GRO batch. The `DatagramSegmentIter` already has a way of detecting this, however it currently needs to iterator through all batches (10) and check that their `meta.length == 0` before realising this. We can shortcut the iterator early which might improve download performance on Windows. I can't measure a direct improvement here but I believe that is because we are currently limited by the buffer size on Windows. Regardless, this feels like the right thing to do. |
||
|
Thomas Eizinger
|
d2e275be56 |
feat(connlib): classify UDP traffic by protocol (#8886)
It creates a bit of duplication with code that we have in `snownet` but it is code that is unlikely to change because the protocols are already standarised. Contrary to recording the port, the cardinality of these protocols is much fixed to a much smaller range which will allow us to safely record these metrics in an actual time-series database further down the line whilst still reasoning about how much traffic we are sending over TURN, as STUN or as WireGuard. |
||
|
Thomas Eizinger
|
bcbc8cd212 |
build(rust): bump aya to include BTF information feature (#8883)
The latest version of `aya-build` automatically builds our eBPF program with BTF information enabled. Related: https://github.com/aya-rs/aya/pull/1250 |
||
|
Jamil
|
d10c77c17d |
chore(portal): Drop unused table configurations (#8881)
This was left behind in a large refactor as part of #3642 and was never cleaned up. I verified on prod this table in fact has no meaningful data in it and has not changed since that PR was merged. |
||
|
Jamil
|
5db8e20f3b |
chore: release Apple and GUI clients (#8882)
- Apple clients 1.4.12 - GUI clients 1.4.11 |
||
|
Jamil
|
368ace2c6e |
ci: Release Android 1.4.7 (#8878)
App is live on Play store. |
||
|
Jamil
|
3dc0bbeabb |
chore(infra): Bump environments to enable replica on staging (#8880)
See https://github.com/firezone/environments/pull/19 |
||
|
dependabot[bot]
|
078e0c5002 |
build(deps): bump androidx.security:security-crypto from 1.1.0-alpha06 to 1.1.0-alpha07 in /kotlin/android (#8826)
Bumps androidx.security:security-crypto from 1.1.0-alpha06 to 1.1.0-alpha07. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Thomas Eizinger
|
4d20856d21 |
chore(connlib): record GRO batch-size as histogram metric (#8875)
This will allow us to test, how many batches we typically read from the UDP socket in a single syscall. Knowing that should help in profiling #8874. |
||
|
dependabot[bot]
|
0ad7cc5b93 |
build(deps): bump log from 0.4.26 to 0.4.27 in /rust (#8870)
Bumps [log](https://github.com/rust-lang/log) from 0.4.26 to 0.4.27. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/log/releases">log's releases</a>.</em></p> <blockquote> <h2>0.4.27</h2> <h2>What's Changed</h2> <ul> <li>A few minor lint fixes by <a href="https://github.com/nyurik"><code>@nyurik</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/671">rust-lang/log#671</a></li> <li>Enable clippy support for format-like macros by <a href="https://github.com/nyurik"><code>@nyurik</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/665">rust-lang/log#665</a></li> <li>Add an optional logger param by <a href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/664">rust-lang/log#664</a></li> <li>Pass global logger by value, supplied logger by ref by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/673">rust-lang/log#673</a></li> <li>Prepare for 0.4.27 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/674">rust-lang/log#674</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/log/compare/0.4.26...0.4.27">https://github.com/rust-lang/log/compare/0.4.26...0.4.27</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/log/blob/master/CHANGELOG.md">log's changelog</a>.</em></p> <blockquote> <h2>[0.4.27] - 2025-03-24</h2> <h3>What's Changed</h3> <ul> <li>A few minor lint fixes by <a href="https://github.com/nyurik"><code>@nyurik</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/671">rust-lang/log#671</a></li> <li>Enable clippy support for format-like macros by <a href="https://github.com/nyurik"><code>@nyurik</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/665">rust-lang/log#665</a></li> <li>Add an optional logger param by <a href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/664">rust-lang/log#664</a></li> <li>Pass global logger by value, supplied logger by ref by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/673">rust-lang/log#673</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/log/compare/0.4.26...0.4.27">https://github.com/rust-lang/log/compare/0.4.26...0.4.27</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
04a3cf1a33 |
build(deps): bump keyring from 3.6.1 to 3.6.2 in /rust (#8869)
Bumps [keyring](https://github.com/hwchen/keyring-rs) from 3.6.1 to 3.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hwchen/keyring-rs/releases">keyring's releases</a>.</em></p> <blockquote> <h2>v3.6.2: better docs, lighter-weight tests</h2> <p>Thanks to <a href="https://github.com/unkcpz"><code>@unkcpz</code></a>, this release fully documents all the platform-specific modules in each platform on <a href="https://docs.rs/keyring/latest/keyring/">docs.rs</a>.</p> <p>The dev dependencies (used for testing) have been switched from using <code>rand</code> to using the lighter-weight module <code>fastrand</code>.</p> <p>There are no functional code changes in this release, only test changes.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-source-cooperative/keyring-rs/blob/master/CHANGELOG.md">keyring's changelog</a>.</em></p> <blockquote> <h2>Version 3.6.2</h2> <ul> <li>Have docs.rs build docs for all modules on all platforms (thanks to <a href="https://github.com/unkcpz"><code>@unkcpz</code></a> - see <a href="https://redirect.github.com/hwchen/keyring-rs/issues/235">#235</a>).</li> <li>Switch to <code>fastrand</code> for tests (see <a href="https://redirect.github.com/hwchen/keyring-rs/issues/237">#237</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
23c0db825e |
build(deps): bump tauri from 2.5.0 to 2.5.1 in /rust in the tauri group (#8868)
Bumps the tauri group in /rust with 1 update: [tauri](https://github.com/tauri-apps/tauri). Updates `tauri` from 2.5.0 to 2.5.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri-runtime v2.5.1</h2> <!-- raw HTML omitted --> <pre><code>Updating git repository `https://github.com/tauri-apps/schemars.git` Updating crates.io index warning: Patch `schemars_derive v0.8.21 (https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)` was not used in the crate graph. Check that the patched package version and available features are compatible with the dependency requirements. If the patch has a different version from what is locked in the Cargo.lock file, run `cargo update` to use the new version. This may also occur with an optional dependency that is not enabled. Locking 1021 packages to latest compatible versions Adding apple-codesign v0.27.0 (available: v0.29.0) Adding axum v0.7.9 (available: v0.8.3) Adding colored v2.2.0 (available: v3.0.0) Adding ctor v0.2.9 (available: v0.4.1) Adding getrandom v0.2.15 (available: v0.3.2) Adding html5ever v0.26.0 (available: v0.30.0) Adding itertools v0.13.0 (available: v0.14.0) Adding json-patch v3.0.1 (available: v4.0.0) Adding minisign v0.7.3 (available: v0.7.9) Adding oxc_allocator v0.36.0 (available: v0.61.2) Adding oxc_ast v0.36.0 (available: v0.61.2) Adding oxc_parser v0.36.0 (available: v0.61.2) Adding oxc_span v0.36.0 (available: v0.61.2) Adding proc-macro-crate v2.0.0 (available: v2.0.2) Adding rand v0.8.5 (available: v0.9.0) Adding rpm v0.16.0 (available: v0.17.0) Adding serialize-to-javascript v0.1.1 (available: v0.1.2) Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2) Adding tauri-utils v1.6.0 (available: v1.6.2) Adding tiny_http v0.11.0 (available: v0.12.0) Adding webview2-com v0.36.0 (available: v0.37.0) Adding windows v0.60.0 (available: v0.61.1) Adding x509-certificate v0.23.1 (available: v0.24.0) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 748 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1046 crate dependencies) Crate: atk Version: 0.18.2 Warning: unmaintained Title: gtk-rs GTK3 bindings - no longer maintained Date: 2024-03-04 ID: RUSTSEC-2024-0413 URL: https://rustsec.org/advisories/RUSTSEC-2024-0413 Dependency tree: atk 0.18.2 └── gtk 0.18.2 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
182eb145aa |
ci(swift): split uploads of packages into two (#8872)
In #8795 we added an additional path to the artifact upload which appeared to have broken it. The action cannot seem to handle multiple direct paths that lead to files. It tries to but fails: ``` Multiple search paths detected. Calculating the least common ancestor of all paths The least common ancestor is /Users/runner/work/firezone/firezone/"/Users/runner/work/_temp. This will be the root directory of the artifact Warning: No files were found with the provided path: "/Users/runner/work/_temp/firezone-macos-client-1.4.12.dmg" "/Users/runner/work/_temp/firezone-macos-client-1.4.12.pkg". No artifacts will be uploaded. ``` Source: https://github.com/firezone/firezone/actions/runs/14571295945/job/40868936348#step:7:31 Splitting this step into two and creating one artifact each fixes this as can be seen in the following job (which I triggered for this PR): https://github.com/firezone/firezone/actions/runs/14572176039/job/40871304453 |
||
|
Thomas Eizinger
|
d67fb8ef22 |
ci(rust): remove unused cache backend (#8864)
We are no longer building binaries with `cross` which was the only user of the `github` cache backend. |
||
|
Thomas Eizinger
|
0a620d20ca |
build(rust): bump iana-time-zone (#8863)
This eliminates one duplicate version of the `windows` crate in our dependency tree. |
||
|
dependabot[bot]
|
80cf386a3a |
build(deps): bump tempfile from 3.13.0 to 3.19.1 in /rust (#8845)
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.13.0 to 3.19.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's changelog</a>.</em></p> <blockquote> <h2>3.19.1</h2> <ul> <li>Don't unlink temporary files immediately on Windows (fixes <a href="https://redirect.github.com/Stebalien/tempfile/issues/339">#339</a>). Unfortunately, this seemed to corrupt the file object (possibly a Windows kernel bug) in rare cases and isn't strictly speaking necessary.</li> </ul> <h2>3.19.0</h2> <ul> <li>Remove direct dependency on <code>cfg-if</code>. It's still in the tree, but we didn't really need to use it in this crate.</li> <li>Add an unstable feature (<code>unstable-windows-keep-open-tempfile</code>) to test a potential fix to <a href="https://redirect.github.com/Stebalien/tempfile/issues/339">#339</a>.</li> </ul> <h2>3.18.0</h2> <ul> <li>Update <code>rustix</code> to 1.0.0.</li> <li>Make <code>NamedTempFile::persist_noclobber</code> atomic on Apple operating systems. It's now atomic on MacOS, Windows, and Linux (depending on the OS version and filesystem used).</li> </ul> <h2>3.17.1</h2> <ul> <li>Fix build with <code>windows-sys</code> 0.52. Unfortunately, we have no CI for older <code>windows-sys</code> versions at the moment...</li> </ul> <h2>3.17.0</h2> <ul> <li>Make sure to use absolute paths in when creating unnamed temporary files (avoids a small race in the "immediate unlink" logic) and in <code>Builder::make_in</code> (when creating temporary files of arbitrary types).</li> <li>Prevent a theoretical crash that could (maybe) happen when a temporary file is created from a drop function run in a TLS destructor. Nobody has actually reported a case of this happening in practice and I have been unable to create this scenario in a test.</li> <li>When reseeding with <code>getrandom</code>, use platform (e.g., CPU) specific randomness sources where possible.</li> <li>Clarify some documentation.</li> <li>Unlink unnamed temporary files on windows <em>immediately</em> when possible instead of waiting for the handle to be closed. We open files with "Unix" semantics, so this is generally possible.</li> </ul> <h2>3.16.0</h2> <ul> <li>Update <code>getrandom</code> to <code>0.3.0</code> (thanks to <a href="https://github.com/paolobarbolini"><code>@paolobarbolini</code></a>).</li> <li>Allow <code>windows-sys</code> versions <code>0.59.x</code> in addition to <code>0.59.0</code> (thanks <a href="https://github.com/ErichDonGubler"><code>@ErichDonGubler</code></a>).</li> <li>Improved security documentation (thanks to <a href="https://github.com/n0toose"><code>@n0toose</code></a> for collaborating with me on this).</li> </ul> <h2>3.15.0</h2> <p>Re-seed the per-thread RNG from system randomness when we repeatedly fail to create temporary files (<a href="https://redirect.github.com/Stebalien/tempfile/issues/314">#314</a>). This resolves a potential DoS vector (<a href="https://redirect.github.com/Stebalien/tempfile/issues/178">#178</a>) while avoiding <code>getrandom</code> in the common case where it's necessary. The feature is optional but enabled by default via the <code>getrandom</code> feature.</p> <p>For libc-free builds, you'll either need to disable this feature or opt-in to a different <a href="https://github.com/rust-random/getrandom?tab=readme-ov-file#opt-in-backends"><code>getrandom</code> backend</a>.</p> <h2>3.14.0</h2> <ul> <li>Make the wasip2 target work (requires tempfile's "nightly" feature to be enabled). <a href="https://redirect.github.com/Stebalien/tempfile/pull/305">#305</a>.</li> <li>Allow older windows-sys versions <a href="https://redirect.github.com/Stebalien/tempfile/pull/304">#304</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
4c5fd9b256 |
feat(connlib): prefer relay candidates of same IP version (#8798)
When calculating preferences for candidates, `str0m` currently always prefer IPv6 over IPv4. This is as per the ICE spec. Howver, this can lead to sub-optimal situations when a connection ends up using a TURN server. TURN allows a client to allocate an IPv4 and an IPv6 address in the same allocation. This makes it possible for e.g. an IPv4-only client to connect to an IPv6-only peer as long as the TURN server runs in dual-stack AND the client requests an IPv6 address in addition to an IPv4 address with the `ADDITIONAL-ADDRESS-FAMILY` attribute. Assume that a client sits behind symmetric NAT and therefore needs to rely on a TURN server to communicate with its peers. The TURN server as well as all the peers operate in dual-stack mode. The current priority calculation will yield a communication path that uses IPv4 to talk to the TURN server (as that is the only one available) but due to the preference ordering of IPv6 over IPv4, will use an IPv6 path to the peer, despite the peer also supporting IPv4. This isn't a problem per-se but makes our life unnecessarily difficult. Our TURN servers use eBPF to efficiently deal with TURN's channel-data messages. This however is at present only implemented for the IPv4 <> IPv4 and IPv6 <> IPv6 path. Implementing the other paths is possible but complicates the eBPF code because we need to also translate IP headers between versions and not just update the source and destination IPs. We have since patched `str0m` to extend the `Candidate::relayed` constructor to also take a `base` address which is - similar to the other candidate types - the address the client is sending from in order to use this candidate. In the context of relayed candidates, this is the address the client is using to talk to the TURN server. We can use this information in the candidate's priority calculation to prefer candidates that allow traffic to remain within one IP version, i.e. if the client talks to the TURN server over IPv4, the candidate with an allocated IPv4 address will have a higher priority than the one with the IPv6 address because we are applying a "punishment" factor as part of the local-preference component in the priority formula. Staying within the same IP version whilst relaying traffic allows our TURN servers to use their eBPF kernel which results in a better UX due to lower latency and higher throughput. The final candidate ordering is ultimately decided by the controlling ICE agent which in our case is the Firezone Client. Thus, we don't necessarily need to update Gateways in order to test / benefit from this. Building a Client with this patch included should be enough to benefit from this change. Related: https://github.com/algesten/str0m/pull/640 Related: https://github.com/algesten/str0m/pull/644 |
||
|
dependabot[bot]
|
eeb4d568c9 |
build(deps): bump the hilt group in /kotlin/android with 4 updates (#8823)
Bumps the hilt group in /kotlin/android with 4 updates: [com.google.dagger.hilt.android](https://github.com/google/dagger), [com.google.dagger:hilt-android](https://github.com/google/dagger), [com.google.dagger:hilt-android-compiler](https://github.com/google/dagger) and [com.google.dagger:hilt-android-testing](https://github.com/google/dagger). Updates `com.google.dagger.hilt.android` from 2.56.1 to 2.56.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/dagger/releases">com.google.dagger.hilt.android's releases</a>.</em></p> <blockquote> <h2>Dagger 2.56.2</h2> <h1>Bug fixes</h1> <ul> <li>[Dagger] Fixes <a href="https://redirect.github.com/google/dagger/issues/4676">#4676</a>: Fixes <code>IndexOutOfBoundException</code> when returning <code>suspend</code> from <code>@Provides</code> method. (5d59aedd1)</li> <li>[Dagger] Fixes <a href="https://redirect.github.com/google/dagger/issues/4658">#4658</a>: Fixes <code>NoSuchMethodError</code> due to incorrect Guava runtime (Dagger’s Guava version is now temporarily pinned to 33.0.0 to avoid the issue). (9fc3df48e)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9cf3a69605 |
build(deps): bump androidx.core:core-ktx from 1.15.0 to 1.16.0 in /kotlin/android in the androidx group (#8854)
Bumps the androidx group in /kotlin/android with 1 update: androidx.core:core-ktx. Updates `androidx.core:core-ktx` from 1.15.0 to 1.16.0 [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
b35fb666fd |
build(deps): bump com.google.code.gson:gson from 2.12.1 to 2.13.0 in /kotlin/android (#8827)
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.12.1 to 2.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/gson/releases">com.google.code.gson:gson's releases</a>.</em></p> <blockquote> <h2>Gson 2.13.0</h2> <h2>What's Changed</h2> <ul> <li> <p>A bug in deserializing collections has been fixed. Previously, if you did something like this:</p> <pre><code>gson.fromJson(jsonString, new TypeToken<ImmutableList<String>>() {}) </code></pre> <p>then the inferred type would be <code>ImmutableList<String></code>, but Gson actually gave you an <code>ArrayList<String></code>. Usually that would lead to an immediate <code>ClassCastException</code>, but in some circumstances the code might sometimes succeed despite the wrong type. Now you will see an exception like this:</p> <pre><code>com.google.gson.JsonIOException: Abstract classes can't be instantiated! Adjust the R8 configuration or register an InstanceCreator or a TypeAdapter for this type. Class name: com.google.common.collect.ImmutableList </code></pre> <p>because Gson now really is trying to create an <code>ImmutableList</code> through its constructor, but that isn't possible. Either change the requested type (in the <code>TypeToken</code>) to <code>List<String></code>, or register a <code>TypeAdapter</code> or <code>JsonDeserializer</code> for <code>ImmutableList</code>.</p> </li> <li> <p>The internal classes <code>$Gson$Types</code> and <code>$Gson$Preconditions</code> have been renamed to remove the <code>$</code> characters. Since these are internal classes (as signaled not only by the package name but by the <code>$</code> characters), client code should not be affected. If your code <em>was</em> depending on these classes then we suggest making a copy of the class (subject to the <a href="https://www.apache.org/licenses/LICENSE-2.0">license</a>) rather than depending on the new names.</p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/gson/compare/gson-parent-2.12.1...gson-parent-2.13.0">https://github.com/google/gson/compare/gson-parent-2.12.1...gson-parent-2.13.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4a81aed3cb |
build(deps): bump domain from 0.10.3 to 0.10.4 in /rust (#8856)
Bumps [domain](https://github.com/nlnetlabs/domain) from 0.10.3 to 0.10.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nlnetlabs/domain/releases">domain's releases</a>.</em></p> <blockquote> <h2>0.10.4</h2> <p>Other changes</p> <ul> <li>Fix a build issue with <a href="https://time-rs.github.io/"><em>time</em></a> 0.3.41. (<a href="https://redirect.github.com/nlnetlabs/domain/issues/505">#505</a>, backported from <a href="https://redirect.github.com/nlnetlabs/domain/issues/503">#503</a> by [<a href="https://github.com/PSeitz"><code>@PSeitz</code></a>])</li> </ul> <p><a href="https://redirect.github.com/nlnetlabs/domain/issues/503">#503</a>: <a href="https://redirect.github.com/NLnetLabs/domain/pull/503">NLnetLabs/domain#503</a> <a href="https://redirect.github.com/nlnetlabs/domain/issues/505">#505</a>: <a href="https://redirect.github.com/NLnetLabs/domain/pull/505">NLnetLabs/domain#505</a> [<a href="https://github.com/PSeitz"><code>@PSeitz</code></a>]: <a href="https://github.com/PSeitz">https://github.com/PSeitz</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NLnetLabs/domain/blob/main/Changelog.md">domain's changelog</a>.</em></p> <blockquote> <h2>0.10.4</h2> <p>Released 2025-03-31.</p> <p>Other changes</p> <ul> <li>Fix a build issue with <a href="https://time-rs.github.io/"><em>time</em></a> 0.3.41. (<a href="https://redirect.github.com/nlnetlabs/domain/issues/505">#505</a>, backported from <a href="https://redirect.github.com/nlnetlabs/domain/issues/503">#503</a> by [<a href="https://github.com/PSeitz"><code>@PSeitz</code></a>])</li> </ul> <p><a href="https://redirect.github.com/nlnetlabs/domain/issues/503">#503</a>: <a href="https://redirect.github.com/NLnetLabs/domain/pull/503">NLnetLabs/domain#503</a> <a href="https://redirect.github.com/nlnetlabs/domain/issues/505">#505</a>: <a href="https://redirect.github.com/NLnetLabs/domain/pull/505">NLnetLabs/domain#505</a> [<a href="https://github.com/PSeitz"><code>@PSeitz</code></a>]: <a href="https://github.com/PSeitz">https://github.com/PSeitz</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6bae165302 |
build(deps-dev): bump @types/node from 22.13.9 to 22.14.1 in /rust/gui-client (#8833)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.13.9 to 22.14.1. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
ea53eebb74 |
build(deps): bump serde_json from 1.0.135 to 1.0.140 in /rust (#8857)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.135 to 1.0.140. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.140</h2> <ul> <li>Documentation improvements</li> </ul> <h2>v1.0.139</h2> <ul> <li>Documentation improvements</li> </ul> <h2>v1.0.138</h2> <ul> <li>Documentation improvements</li> </ul> <h2>v1.0.137</h2> <ul> <li>Turn on "float_roundtrip" and "unbounded_depth" features for serde_json in play.rust-lang.org (<a href="https://redirect.github.com/serde-rs/json/issues/1231">#1231</a>)</li> </ul> <h2>v1.0.136</h2> <ul> <li>Optimize serde_json::value::Serializer::serialize_map by using Map::with_capacity (<a href="https://redirect.github.com/serde-rs/json/issues/1230">#1230</a>, thanks <a href="https://github.com/goffrie"><code>@goffrie</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
92534ae4ec |
test(connlib): ensure we have gaps in port ranges (#8862)
This should fix the flaky proptest. |
||
|
Thomas Eizinger
|
1af7f4f8c1 |
fix(rust): don't use jemalloc on ARMv7 (#8859)
Doesn't compile on ARMv7 so we just fallback to the default allocator there. |
||
|
Thomas Eizinger
|
ae4b7d9d08 |
test(connlib): correctly assert in Io unit-test (#8861)
Not sure what I was smoking when I wrote this test but the current assertion makes no sense for what we actually want to test. As the test name says, we want to assert that if we are given an `Instant` in the past, we do in fact return a more recent one and therefore what is returned in `Input::Timeout` is at least as recent as `now`. |
||
|
Thomas Eizinger
|
f7f6e3885d |
docs(website): remove duplicate init (#8860)
Resolves: #8858 |
||
|
dependabot[bot]
|
9c10fbf8b5 |
build(deps-dev): bump typescript from 5.7.3 to 5.8.3 in /rust/gui-client (#8855)
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.7.3 to 5.8.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/TypeScript/releases">typescript's releases</a>.</em></p> <blockquote> <h2>TypeScript 5.8.3</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-8/">release announcement</a>.</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.8.0%22+is%3Aclosed+">fixed issues query for Typescript 5.8.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.8.1%22+is%3Aclosed+">fixed issues query for Typescript 5.8.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.8.2%22+is%3Aclosed+">fixed issues query for Typescript 5.8.2 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.8.3%22+is%3Aclosed+">fixed issues query for Typescript 5.8.3 (Stable)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> <h2>TypeScript 5.8</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-8/">release announcement</a>.</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.8.0%22+is%3Aclosed+">fixed issues query for Typescript 5.8.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.8.1%22+is%3Aclosed+">fixed issues query for Typescript 5.8.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.8.2%22+is%3Aclosed+">fixed issues query for Typescript 5.8.2 (Stable)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> <h2>TypeScript 5.8 RC</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-8-rc/">release announcement</a>.</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.8.0%22+is%3Aclosed+">fixed issues query for Typescript 5.8.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.8.1%22+is%3Aclosed+">fixed issues query for Typescript 5.8.1 (RC)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> <h2>TypeScript 5.8 Beta</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-8-beta/">release announcement</a>.</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.8.0%22+is%3Aclosed+">fixed issues query for Typescript 5.8.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5d196075b6 |
build(deps): bump phoenix_live_view from 1.0.9 to 1.0.10 in /elixir (#8831)
Bumps [phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view) from 1.0.9 to 1.0.10. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix_live_view/blob/v1.0.10/CHANGELOG.md">phoenix_live_view's changelog</a>.</em></p> <blockquote> <h2>1.0.10 (2025-04-17)</h2> <h3>Bug fixes</h3> <ul> <li>Fix flash getting lost when falling back to a full page reload due to navigating across live sessions (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3686">#3686</a>)</li> <li>Fix edge case where locked DOM nodes were not properly patched on unlock (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3758">#3758</a>)</li> <li>Fix <code>used_input?</code> returning <code>false</code> when a form parameter value is a struct (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3757">#3757</a>)</li> <li>Catch promise rejections from <code>pushWithReply</code> (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3766">#3766</a>)</li> <li>Fix empty optgroups breaking DOM patching of other select options (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3742">#3742</a>)</li> <li>Don't shutdown sticky LiveViews when they <code>push_navigate</code> (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3612">#3612</a>)</li> </ul> <h3>Enhancements</h3> <ul> <li>Allow testing <code>phx-viewport-bottom</code> and <code>phx-viewport-top</code> with <code>Phoenix.LiveViewTest.render_hook/3</code> (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3755">#3755</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
41d38c3302 |
build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 (#8822)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.3.0 to 4.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v4.4.0</h2> <h2>What's Changed</h2> <h3>Bug fixes:</h3> <ul> <li>Make eslint-compact matcher compatible with Stylelint by <a href="https://github.com/FloEdelmann"><code>@FloEdelmann</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/98">actions/setup-node#98</a></li> <li>Add support for indented eslint output by <a href="https://github.com/fregante"><code>@fregante</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1245">actions/setup-node#1245</a></li> </ul> <h3>Enhancement:</h3> <ul> <li>Support private mirrors by <a href="https://github.com/marco-ippolito"><code>@marco-ippolito</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1240">actions/setup-node#1240</a></li> </ul> <h3>Dependency update:</h3> <ul> <li>Upgrade <code>@action/cache</code> from 4.0.2 to 4.0.3 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1262">actions/setup-node#1262</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/FloEdelmann"><code>@FloEdelmann</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/98">actions/setup-node#98</a></li> <li><a href="https://github.com/fregante"><code>@fregante</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1245">actions/setup-node#1245</a></li> <li><a href="https://github.com/marco-ippolito"><code>@marco-ippolito</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1240">actions/setup-node#1240</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v4...v4.4.0">https://github.com/actions/setup-node/compare/v4...v4.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
83a1467ee2 |
build(deps): bump @next/third-parties from 15.1.6 to 15.3.1 in /website (#8828)
Bumps [@next/third-parties](https://github.com/vercel/next.js/tree/HEAD/packages/third-parties) from 15.1.6 to 15.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases"><code>@next/third-parties</code>'s releases</a>.</em></p> <blockquote> <h2>v15.3.1</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>chore: Backport SWC-based RC optimization (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78260">#78260</a>)</li> <li>fix: bump image-size@1.2.1 (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78164">#78164</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/kdy1"><code>@kdy1</code></a> and <a href="https://github.com/styfle"><code>@styfle</code></a> for helping!</p> <h2>v15.3.1-canary.14</h2> <h3>Core Changes</h3> <ul> <li>Add graceful error boundary for bots requests: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78298">#78298</a></li> <li>make sure eslint-plugin-next is built when running 'pnpm dev': <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78305">#78305</a></li> <li>Migrate pages API routes to handler interface: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78166">#78166</a></li> <li>Update middleware public/static matching: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78325">#78325</a></li> <li>Fix dynamic route param encoding: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78326">#78326</a></li> </ul> <h3>Misc Changes</h3> <ul> <li>fix(turbopack): Fix duplicate modules when tree shaking: true: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78203">#78203</a></li> <li>test: try to fix flakiness in amphtml util: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78304">#78304</a></li> <li>remove BrowserInterface: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78308">#78308</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/kdy1"><code>@kdy1</code></a>, <a href="https://github.com/huozhi"><code>@huozhi</code></a>, <a href="https://github.com/lubieowoce"><code>@lubieowoce</code></a>, and <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> <h2>v15.3.1-canary.13</h2> <h3>Core Changes</h3> <ul> <li><code>@next/mdx</code>: Use stable turbopack config options: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78261">#78261</a></li> <li>Upgrade React from <code>b04254fd-20250415</code> to <code>4a36d3ea-20250416</code>: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78297">#78297</a></li> </ul> <h3>Misc Changes</h3> <ul> <li>Turbopack: fix duplicate unsupported edge import modules: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78236">#78236</a></li> <li>Turbopack: Include Next.js version in panic handler report: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/78263">#78263</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/wbinnssmith"><code>@wbinnssmith</code></a> and <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v15.3.1-canary.12</h2> <h3>Core Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eb16fdc11c |
build(deps-dev): bump credo from 1.7.11 to 1.7.12 in /elixir (#8836)
Bumps [credo](https://github.com/rrrene/credo) from 1.7.11 to 1.7.12. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rrrene/credo/releases">credo's releases</a>.</em></p> <blockquote> <h2>v1.7.12</h2> <p>Check it out on Hex: <a href="https://hex.pm/packages/credo/1.7.12">https://hex.pm/packages/credo/1.7.12</a></p> <ul> <li>Fix compatibility & compiler warnings with Elixir 1.19 (dev)</li> <li>Provide <code>:column</code> on all checks</li> <li>Fix check docs in other project's documentation</li> <li><code>Credo.Check.Refactor.DoubleBooleanNegation</code> fixed false positive</li> <li><code>Credo.Check.Readability.NestedFunctionCalls</code> fixed false positive</li> <li><code>Credo.Check.Consistency.UnusedVariableNames</code> fixed duplicate issues</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rrrene/credo/blob/master/CHANGELOG.md">credo's changelog</a>.</em></p> <blockquote> <h2>1.7.12</h2> <ul> <li>Fix compatibility & compiler warnings with Elixir 1.19 (dev)</li> <li>Provide <code>:column</code> on all checks</li> <li>Fix check docs in other project's documentation</li> <li><code>Credo.Check.Refactor.DoubleBooleanNegation</code> fixed false positive</li> <li><code>Credo.Check.Readability.NestedFunctionCalls</code> fixed false positive</li> <li><code>Credo.Check.Consistency.UnusedVariableNames</code> fixed duplicate issues</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |