We move the resource events to the WAL system. Notably, we no longer
need `fetch_and_update_breakable` for resource updates, so a bit of
refactoring is included to update the call sites for those.
Additionally, we need to add a `Flow.expire_flows_for_resource_id/1`
function to expire flows from the WAL system. This is now being called
in the WAL event handler. To prevent this from blocking the WAL
consumer/broadcaster, we wrap it with a Task.async. These will be
cleaned up when the lookup table for access is implemented next.
Another thing to note is that we lose the `subject` when moving from
`Flows.expire_flows_for(%Resource{}, subject)` to
`Flows.expire_flows_for_resource_id(resource_id)` when a resource is
deleted or updated by an actor since we respond to this event in the WAL
where that data isn't available. However, we don't actually _use_ the
subject when expiring flows (other than authorize the initial resource
update), so this isn't an issue.
Related: #9501
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Brian Manifold <bmanifold@users.noreply.github.com>
Why:
* This commit brings our web app inline with how new Phoenix
applications manage and configure js/css/font assets. Along with that
this commit updates our Tailwind and esbuild tools.
Why:
* The current README in the `/elixir` directory is a circular reference
that does not explain much. This commit updates the README to give the
basics of how to get started with Firezone Elixir development.
Why:
* We've seen some Stripe API requests come back with 429 responses,
which likely could be retried and succeed. This commit adds some basic
retry logic to our Stripe API client.
Bumps [esbuild](https://github.com/phoenixframework/esbuild) from 0.9.0
to 0.10.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/phoenixframework/esbuild/blob/main/CHANGELOG.md">esbuild's
changelog</a>.</em></p>
<blockquote>
<h2>v0.10.0 (2025-05-27)</h2>
<ul>
<li>Automatically join environment variables specified as lists using
the
correct <code>PATH</code> separator. For example:
<pre lang="elixir"><code>config :esbuild,
my_profile: [
...
env: %{
"NODE_PATH" => [Path.expand("../deps", __DIR__),
Mix.Project.build_path()]
}
]
</code></pre>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="86f43046c0"><code>86f4304</code></a>
release v0.10.0</li>
<li><a
href="c891ea2560"><code>c891ea2</code></a>
Merge pull request <a
href="https://redirect.github.com/phoenixframework/esbuild/issues/78">#78</a>
from phoenixframework/sd-path-sep</li>
<li><a
href="6f8b4dffe6"><code>6f8b4df</code></a>
join all lists</li>
<li><a
href="e818a27858"><code>e818a27</code></a>
update CI</li>
<li><a
href="809c25fd07"><code>809c25f</code></a>
support passing NODE_PATH as list</li>
<li>See full diff in <a
href="https://github.com/phoenixframework/esbuild/compare/v0.9.0...v0.10.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view)
from 1.0.14 to 1.0.17.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/phoenixframework/phoenix_live_view/blob/v1.0.17/CHANGELOG.md">phoenix_live_view's
changelog</a>.</em></p>
<blockquote>
<h2>1.0.17 (2025-06-04)</h2>
<h3>Bug fixes</h3>
<ul>
<li>Fix <code><select></code> elements not being included in form
recovery (regression in 1.0.14; <a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3831">#3831</a>)</li>
<li>Fix events from destroyed child LiveViews being accidentally sent to
the parent LiveView instead</li>
</ul>
<h2>1.0.16 (2025-06-04)</h2>
<h3>Bug fixes</h3>
<ul>
<li>Fix <code>Phoenix.Component.focus_wrap/1</code> running into an
infinite JavaScript recursion (<a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3828">#3828</a>)</li>
</ul>
<h2>1.0.15 (2025-06-02)</h2>
<h3>Bug fixes</h3>
<ul>
<li>Fix accumulation of empty text nodes inside
<code>phx-update="stream"</code> containers (<a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3784">#3784</a>).
This could lead to exponential memory growth when the stream container
was part of a
form with concurrent updates.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4aa2242f72"><code>4aa2242</code></a>
release v1.0.17</li>
<li><a
href="567ac1d02b"><code>567ac1d</code></a>
Update assets</li>
<li><a
href="396e1ea13b"><code>396e1ea</code></a>
Update assets</li>
<li><a
href="35881d59e3"><code>35881d5</code></a>
backport fix for <a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3831">#3831</a></li>
<li><a
href="b7f82d42c1"><code>b7f82d4</code></a>
release v1.0.16</li>
<li><a
href="8968180a8d"><code>8968180</code></a>
Update assets</li>
<li><a
href="da5f6d63fe"><code>da5f6d6</code></a>
backport <a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3829">#3829</a></li>
<li><a
href="d173d241c9"><code>d173d24</code></a>
release v1.0.15</li>
<li><a
href="c1497e9fa7"><code>c1497e9</code></a>
Update assets</li>
<li><a
href="ff5a6b0238"><code>ff5a6b0</code></a>
backport <a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3824">#3824</a></li>
<li>See full diff in <a
href="https://github.com/phoenixframework/phoenix_live_view/compare/v1.0.14...v1.0.17">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Membership events are quite simple to move to the WAL:
- Only one topic is used to determine which client(s) receive updates
for which Actor(s).
- The unsubscribe was removed because it was unused.
- Notably, the N+1 query problem regarding re-evaluating all access
again after each membership is updated is still present. This will be
fixed using a lookup table in the client channel in the last PR to move
events to the WAL.
Related: https://github.com/firezone/firezone/issues/6294
Related: https://github.com/firezone/firezone/issues/8187
> This PR adds two configuration keys for the replication connection.
> Exemple usecase:
> If you run two firezone control planes on the same db cluster (like me
😂 ), you'll need to have two different replication slot names
Related: #9395
Co-authored-by: Antoine <antoinelabarussias@gmail.com>
When upserting a client, the device name would overwrite any name
changes performed by the admin. To prevent this, we don't allow changing
a device's name on upsert conflicts, only on initial insert and updates.
Fixes#8536
Co-authored-by: Antoine <antoinelabarussias@gmail.com>
Bumps [sobelow](https://github.com/sobelow/sobelow) from 0.13.0 to
0.14.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sobelow/sobelow/releases">sobelow's
releases</a>.</em></p>
<blockquote>
<h2>v0.14.0</h2>
<ul>
<li>Removed
<ul>
<li>Support for minimum Elixir versions 1.7 - 1.11 (<strong>POTENTIALLY
BREAKING</strong> - only applies if you relied on Elixir 1.7 through
1.11, 1.12+ is still supported)</li>
</ul>
</li>
<li>Enhancements
<ul>
<li>Added support for multiple variations of
<code>SQL.query()</code></li>
<li>Added support for `System.shell' command introduced in Elixir
v1.12</li>
<li>Ignore runtime config during <code>Config.HSTS</code></li>
<li>Updated developer dependencies (<code>ex_doc</code> &
<code>credo</code>)</li>
</ul>
</li>
<li>Bug fixes
<ul>
<li>Fixed <code>is_endpoint?</code> error in main</li>
<li>Fixed findings normalization bug</li>
<li>Fixed truncation error</li>
</ul>
</li>
<li>Misc
<ul>
<li>GitHub Actions test matrix updated (hence the large drop in support
for old Elixir versions)</li>
<li>Addressed compiler warnings from Elixir v1.18.x</li>
<li>Moved from <code>master</code> branch to <code>main</code></li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sobelow/sobelow/blob/main/CHANGELOG.md">sobelow's
changelog</a>.</em></p>
<blockquote>
<h2>v0.14.0</h2>
<ul>
<li>Removed
<ul>
<li>Support for minimum Elixir versions 1.7 - 1.11 (<strong>POTENTIALLY
BREAKING</strong> - only applies if you relied on Elixir 1.7 through
1.11, 1.12+ is still supported)</li>
</ul>
</li>
<li>Enhancements
<ul>
<li>Added support for multiple variations of
<code>SQL.query()</code></li>
<li>Added support for `System.shell' command introduced in Elixir
v1.12</li>
<li>Ignore runtime config during <code>Config.HSTS</code></li>
<li>Updated developer dependencies (<code>ex_doc</code> &
<code>credo</code>)</li>
</ul>
</li>
<li>Bug fixes
<ul>
<li>Fixed <code>is_endpoint?</code> error in main</li>
<li>Fixed findings normalization bug</li>
<li>Fixed truncation error</li>
</ul>
</li>
<li>Misc
<ul>
<li>GitHub Actions test matrix updated (hence the large drop in support
for old Elixir versions)</li>
<li>Addressed compiler warnings from Elixir v1.18.x</li>
<li>Moved from <code>master</code> branch to <code>main</code></li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d1ba5432c5"><code>d1ba543</code></a>
version bump - 0.14.0 (<a
href="https://redirect.github.com/sobelow/sobelow/issues/5">#5</a>)</li>
<li><a
href="527d1c5420"><code>527d1c5</code></a>
Merge upstream pr 175 (<a
href="https://redirect.github.com/sobelow/sobelow/issues/4">#4</a>)</li>
<li><a
href="db26dcd636"><code>db26dcd</code></a>
Updated default branch to 'main' (<a
href="https://redirect.github.com/sobelow/sobelow/issues/3">#3</a>)</li>
<li><a
href="6ff224478a"><code>6ff2244</code></a>
Removed deprecated OTP versions and bumped minimum supported Sobelow
version ...</li>
<li><a
href="c1ddd3242e"><code>c1ddd32</code></a>
Minor tweaks (<a
href="https://redirect.github.com/sobelow/sobelow/issues/1">#1</a>)</li>
<li><a
href="9302f842b7"><code>9302f84</code></a>
Merge upstream PR <a
href="https://redirect.github.com/sobelow/sobelow/issues/174">#174</a>:
Fixed typespec-warning</li>
<li><a
href="7a2435ebc0"><code>7a2435e</code></a>
Merge PR <a
href="https://redirect.github.com/sobelow/sobelow/issues/173">#173</a>
from upstream by <a
href="https://github.com/camdencheek"><code>@camdencheek</code></a>:
Add plug params support</li>
<li><a
href="adf482f59c"><code>adf482f</code></a>
Fixed typespec-warning</li>
<li><a
href="0e89405e14"><code>0e89405</code></a>
fix possible KeyError</li>
<li><a
href="b47ad2fbdd"><code>b47ad2f</code></a>
Ignore HSTS check in Runtime Config (<a
href="https://redirect.github.com/sobelow/sobelow/issues/166">#166</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sobelow/sobelow/compare/v0.13.0...v0.14.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@fontsource/source-sans-3](https://github.com/fontsource/font-files/tree/HEAD/fonts/google/source-sans-3)
from 5.2.7 to 5.2.8.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/fontsource/font-files/commits/HEAD/fonts/google/source-sans-3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [gen_smtp](https://github.com/gen-smtp/gen_smtp) from 1.2.0 to
1.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gen-smtp/gen_smtp/releases">gen_smtp's
releases</a>.</em></p>
<blockquote>
<h2>1.3.0</h2>
<p>This release marks significant improvements in stability, compliance
with current OTP versions, and enhanced capabilities with the addition
of LMTP support.</p>
<h2>Features</h2>
<ul>
<li>
<p><strong>Add LMTP support to the gen_smtp_client</strong><br />
<em>Author: Pablo Willian Suchewschy</em><br />
This addition includes support for the LMTP protocol, along with a
dedicated test for the LMTP client.</p>
</li>
<li>
<p><strong>Document socket options</strong><br />
<em>Author: Oneric</em><br />
Updated documentation to clarify that <code>tls_options</code> is no
longer filtered and to explain the use of socket options for newer OTP
releases.</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>
<p><strong>Fix issues with gen_smtp_server_session compilation on
OTP-28</strong><br />
<em>Author: Marc Worrell</em><br />
Resolved a compilation error for <code>gen_smtp_server_session</code> on
OTP-28. This commit also includes updates to GitHub actions and CI
environments by removing older OTP versions.</p>
</li>
<li>
<p><strong>Allow sender to immediately hang up after QUIT
message</strong><br />
<em>Author: Marc Worrell</em><br />
Introduced the ability for the sender to terminate the session
immediately after sending a QUIT message.</p>
</li>
<li>
<p><strong>Fix DATA response in smtp_server_example</strong><br />
<em>Author: ts-klassen</em><br />
Addressed errors in the DATA response handling within the
smtp_server_example.</p>
</li>
<li>
<p><strong>Fix OTP 26 compilation failure</strong><br />
<em>Author: Thanabodee Charoenpiriyakij</em><br />
Corrected type specifications in <code>handle_error</code> to resolve
compilation issues with OTP 26.</p>
</li>
<li>
<p><strong>Fix source links in documentation</strong><br />
<em>Author: Adam Millerchip</em><br />
Updated documentation links to ensure they direct correctly to relevant
sources.</p>
</li>
<li>
<p><strong>Correct README instructions for IPv6 launching</strong><br />
<em>Author: rdtq</em><br />
Adjusted instructions to better clarify how to launch the server on
IPv6.</p>
</li>
<li>
<p><strong>Fix parameter value encoding</strong><br />
<em>Authors: Maria Scott & Jan Uhlig</em><br />
Corrected parameter value encoding issues for better functionality.</p>
</li>
<li>
<p><strong>Fix CI environment compatibility</strong><br />
<em>Author: Chris Wögi</em><br />
Modified the CI setup to ensure that it functions correctly given that
OTP 23 is not available on Ubuntu 22.04.</p>
</li>
<li>
<p><strong>Various improvements and simplifications</strong><br />
<em>Author: Marc Worrell</em><br />
Streamlined various implementations, including simplifying code related
to message sending.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="68ab11101a"><code>68ab111</code></a>
Bump version to 1.3.0</li>
<li><a
href="a48929deeb"><code>a48929d</code></a>
Fix an issue where gen_smtp_server_session did not compile on OTP-28 (<a
href="https://redirect.github.com/gen-smtp/gen_smtp/issues/353">#353</a>)</li>
<li><a
href="185c54dbd6"><code>185c54d</code></a>
Simplify try_send code (<a
href="https://redirect.github.com/gen-smtp/gen_smtp/issues/345">#345</a>)</li>
<li><a
href="bd7fae350d"><code>bd7fae3</code></a>
Allow sender to immediately hangup after QUIT message (<a
href="https://redirect.github.com/gen-smtp/gen_smtp/issues/344">#344</a>)</li>
<li><a
href="da7893dbe5"><code>da7893d</code></a>
smtp_server_example: fix DATA response (<a
href="https://redirect.github.com/gen-smtp/gen_smtp/issues/338">#338</a>)</li>
<li><a
href="21c3e247a6"><code>21c3e24</code></a>
Fix docs source links (<a
href="https://redirect.github.com/gen-smtp/gen_smtp/issues/330">#330</a>)</li>
<li><a
href="e4cd410668"><code>e4cd410</code></a>
Document sockopts (<a
href="https://redirect.github.com/gen-smtp/gen_smtp/issues/335">#335</a>)</li>
<li><a
href="15e969d06a"><code>15e969d</code></a>
hookup.email is using gen_smtp (<a
href="https://redirect.github.com/gen-smtp/gen_smtp/issues/333">#333</a>)</li>
<li><a
href="ac4f8bafdc"><code>ac4f8ba</code></a>
Fix OTP 26 compilation failure (<a
href="https://redirect.github.com/gen-smtp/gen_smtp/issues/325">#325</a>)</li>
<li><a
href="17b161613e"><code>17b1616</code></a>
Add OTP 25 (<a
href="https://redirect.github.com/gen-smtp/gen_smtp/issues/326">#326</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/gen-smtp/gen_smtp/compare/1.2.0...1.3.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view)
from 1.0.12 to 1.0.14.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/phoenixframework/phoenix_live_view/blob/v1.0.14/CHANGELOG.md">phoenix_live_view's
changelog</a>.</em></p>
<blockquote>
<h2>1.0.14 (2025-05-30)</h2>
<h3>Bug fixes</h3>
<ul>
<li>Ensure <code>_unused</code> parameters are sent correctly during
form recovery (<a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3809">#3809</a>)</li>
<li>Fix form recovery failing and blocking updates when a form does not
have any inputs (<a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3818">#3818</a>)</li>
</ul>
<h2>1.0.13 (2025-05-28)</h2>
<h3>Bug fixes</h3>
<ul>
<li>Ensure submitter value is sent when submitting a form with
<code>phx-trigger-action</code> (<a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3815">#3815</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="34e0634d1c"><code>34e0634</code></a>
release v1.0.14</li>
<li><a
href="cb37eb1266"><code>cb37eb1</code></a>
Update assets</li>
<li><a
href="9c8be3e96c"><code>9c8be3e</code></a>
backport <a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3821">#3821</a></li>
<li><a
href="8d417129e1"><code>8d41712</code></a>
backport <a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3816">#3816</a></li>
<li><a
href="1c4cec573a"><code>1c4cec5</code></a>
release v1.0.13</li>
<li><a
href="11c99906f3"><code>11c9990</code></a>
Update form-bindings.md to add a note about known limitations of
phx-disable-...</li>
<li><a
href="8bca18692b"><code>8bca186</code></a>
Add section for preventing form submission in the form bindings guide
(<a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3798">#3798</a>)</li>
<li><a
href="f29bbc572c"><code>f29bbc5</code></a>
Improve doc links betweens <code>async result/1</code> and
<code>assign_async/4</code> (<a
href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3803">#3803</a>)</li>
<li><a
href="1ab79c9c8e"><code>1ab79c9</code></a>
fix live_reload_test on OTP 28</li>
<li><a
href="a819547247"><code>a819547</code></a>
Update assets</li>
<li>Additional commits viewable in <a
href="https://github.com/phoenixframework/phoenix_live_view/compare/v1.0.12...v1.0.14">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[opentelemetry_logger_metadata](https://github.com/salemove/opentelemetry_logger_metadata)
from 0.1.0 to 0.2.0.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/salemove/opentelemetry_logger_metadata/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Why:
* When a directory sync occurs, all groups in the DB need to be pulled
in case a synced group needs to be resurrected. Prior to adding the
directory sync deletion circuit breaker the app would "re-delete"
already deleted groups. This was basically a no-op, however, once the
deletion circuit breaker was put in the deletion of already deleted
groups had the possibility of throwing off the circuit breaker and cause
it to fail a directory sync when it was not needed, due to making it
seem as though too many groups were being deleted. This commit makes
sure we don't add already deleted groups to the list of groups needing
to be deleted for a given sync.
Fixes: #9364
When a Google account has no organization units defined in its
directory, the Google API can return a `200` response without the
`organizationUnits` key. In such cases, we should treat this as an empty
list such that the remainder of the sync will continue.
Fixes the following issues after learning they're still a problem:
- We need to include our own node when checking for connected node count
- Need to match against the `formatted` key inside message when
filtering Sentry events
In #9342 we started logging only if our connected nodes fell below the
threshold. However, on error, we failed to calculated the new list.
On startup, the first few `loads` will be failures, and the connected
list will remain empty, causing this to report a false positive.
A regression was introduced in #9242 where it appears that some Sentry
events don't contain messages, so the filtering module is updated only
to act on events with messages.
Why:
* This commit contains only a migration to remove the
created_by_identity and created_by_actor columns on multiple tables.
This migration will be run manually due to the long running sync jobs
that are currently in the system. This migration should be a no-op after
the manual DB updates.
This PR moves Gateway events to be triggered by the WAL broadcaster.
Some things of note that are cleaned up:
- The gateway `:update` event was never received anywhere (but in a
test) and so has been removed
- The account topic has been removed as it was also never acted upon
anywhere. Presence yes, but topic no
- The group topic has also been removed as it was only used to receive
broadcasted disconnects when a group is deleted, but this was already
handled by the token deletion and so is redundant.
We periodically fetch a list of all `RUNNING` VMs in GCP and then try to
connect to them for clustering. However, during deploys, it's expected
that we won't be able to connect to new VMs until they are fully up. The
fetch doesn't take health checks into account, so we need a
threshold-based error logging.
To address this, we do the following:
- We only log an error when failing to connect to nodes if we are
currently below the threshold for each of the `api`, `domain`, and `web`
node counts
- We silence node timeout errors, as these will happen during deploys
We use `libcluster`, a common Elixir library, for node discovery. It's a
very lightweight wrapper around Erlang's standard `Node.connect`
functionality.
It supports custom cluster formation strategies, and we've implemented
one based on fetching the list of nodes from the GCP API, and then
attempting to connect to them.
Unfortunately, our implementation had two bugs that prevented the
cluster from healing in the following two cases:
- If we successfully connect to nodes, we tracked an internal state var
as having successfully connected to them, forever. If we lost the
connection to these nodes (such as during a deploy where the elixir
nodes don't come up in time, causing the instance group manager to reap
them), then the state would never be updated, and we would never
reconnect to the lost nodes.
- If we failed to fetch the list of nodes more than 10 times (every 10
seconds, so 100 seconds), then we would fail to schedule the timer to
load the nodes again.
The first issue is fixed by removing our kept state altogether - this is
what libcluster is for. We can simply try to connect to the most recent
list of nodes returned from Google's API, and we now log a warning for
any nodes that don't connect.
The second issue is fixed by always scheduling the timer, forever,
regardless of the state of the Google API.
Fixes#8660Fixes#8698
When the client is connecting for the first time without any cookies
loaded the `conn.assigns.account` is non-existent, causing a `KeyError`.
Instead, we should be loading this param from the URL and fetching the
account from it.
Why:
* Now that we have started using the `created_by_subject` field on
various tables, we no longer need to keep the
`created_by_<identity/actor>` fields. This will help remove a foreign
key reference and will be one step closer to allowing us to hard delete
data rather than soft deleting all data in order to keep foreign key
references like these.
Moves the broadcasting of `disconnect` messages caused by token
soft-deletions to the WAL broadcaster.
Notably, many tests had to be cleaned up because they were specifically
testing this side effect. Instead, these tests now test (1) the token is
deleted, and then the token deletion handler is tested to ensure the
message is broadcasted.
Client updates are next on the path to moving more side effects to the
WAL broadcaster. This one has the following notable changes:
- ~~The `actor_clients` pubsub topic were only used to broadcast removal
of clients belonging to an actor; these are no longer needed since we
handle this in the individual removal event~~ EDIT: only the presence is
kept
- The `account_clients:{account_id}` pubsub and presence topic
definition has been moved to `Events.Hooks.Accounts` because these are
broadcasted using the account_id field based on account changes, and
have nothing to do with the client lifecycle
Related: #6294
Related: #8187
Similar to #9285, we move the `expire_flow` event to be broadcasted from
the WAL broadcaster.
Unrelated tests needed to be updated to not expect to receive the
broadcast, and instead check to ensure the record has been updated.
A minor bug is also fixed in the ordering of the `old_data, data`
fields.
Tested manually on dev.
Related: #6294
Related: #8187
Now that the WAL consumer has been dry running in production for some
time, we can begin moving events over to it.
We start with a relatively simple case: the account `config_changed`
event.
Since side effects now happen decoupled from the actual record updates,
testing is updated in this PR:
- We don't expect broadcasts to happen in the `accounts_test.exs` -
these context modules are now solely responsible for managing updates to
records and will no longer need to worry about side effects (in the
typical case) like subscribe and broadcast
- The Event hooks module now contains all logic related to processing
side effects for a particular account update.
The net effect is that we now have dedicated module and tests for side
effects, starting with `accounts`.
Related: #6294
Related: #8187
Bumps [logger_json](https://github.com/Nebo15/logger_json) from 7.0.2 to
7.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Nebo15/logger_json/releases">logger_json's
releases</a>.</em></p>
<blockquote>
<h2>7.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Format <code>metadata[:file]</code> as string in
<code>Formatters.Basic</code> by <a
href="https://github.com/smaximov"><code>@smaximov</code></a> in <a
href="https://redirect.github.com/Nebo15/logger_json/pull/159">Nebo15/logger_json#159</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/smaximov"><code>@smaximov</code></a>
made their first contribution in <a
href="https://redirect.github.com/Nebo15/logger_json/pull/159">Nebo15/logger_json#159</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Nebo15/logger_json/compare/7.0.2...7.0.3">https://github.com/Nebo15/logger_json/compare/7.0.2...7.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a0436795e1"><code>a043679</code></a>
Bump version</li>
<li><a
href="6d524a5577"><code>6d524a5</code></a>
Format <code>metadata[:file]</code> as string in
<code>Formatters.Basic</code> (<a
href="https://redirect.github.com/Nebo15/logger_json/issues/159">#159</a>)</li>
<li>See full diff in <a
href="https://github.com/Nebo15/logger_json/compare/7.0.2...7.0.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [phoenix_ecto](https://github.com/phoenixframework/phoenix_ecto)
from 4.6.3 to 4.6.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/phoenixframework/phoenix_ecto/blob/main/CHANGELOG.md">phoenix_ecto's
changelog</a>.</em></p>
<blockquote>
<h2>v4.6.4</h2>
<ul>
<li>Enhancements
<ul>
<li>Wrap raised Ecto exceptions so context is not lost</li>
<li>Do not override changeset actions</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/phoenixframework/phoenix_ecto/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@fontsource/source-sans-3](https://github.com/fontsource/font-files/tree/HEAD/fonts/google/source-sans-3)
from 5.2.6 to 5.2.7.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/fontsource/font-files/commits/HEAD/fonts/google/source-sans-3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [workos](https://github.com/workos/workos-elixir) from 1.1.0 to
1.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/workos/workos-elixir/releases">workos's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update WorkOS Dependency Version in Readme by <a
href="https://github.com/matthew-kerle"><code>@matthew-kerle</code></a>
in <a
href="https://redirect.github.com/workos/workos-elixir/pull/65">workos/workos-elixir#65</a></li>
<li>Fix types n cast by <a
href="https://github.com/apoorv-2204"><code>@apoorv-2204</code></a> in
<a
href="https://redirect.github.com/workos/workos-elixir/pull/63">workos/workos-elixir#63</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/matthew-kerle"><code>@matthew-kerle</code></a>
made their first contribution in <a
href="https://redirect.github.com/workos/workos-elixir/pull/65">workos/workos-elixir#65</a></li>
<li><a
href="https://github.com/apoorv-2204"><code>@apoorv-2204</code></a>
made their first contribution in <a
href="https://redirect.github.com/workos/workos-elixir/pull/63">workos/workos-elixir#63</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/workos/workos-elixir/compare/v1.1.0...v1.1.1">https://github.com/workos/workos-elixir/compare/v1.1.0...v1.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b90ef7ae62"><code>b90ef7a</code></a>
Bump to 1.1.1</li>
<li><a
href="16616322b3"><code>1661632</code></a>
fix(profile): 🐛 ensure casting of all fields in profile</li>
<li><a
href="d5adc7bbbd"><code>d5adc7b</code></a>
fix(profile struct): ⚡ fix cast of profile and token, to cast
profile map...</li>
<li><a
href="4fead72dcc"><code>4fead72</code></a>
Update deprecated runner in GHA workflow</li>
<li><a
href="ea11c24bd3"><code>ea11c24</code></a>
Pin third-party actions to currently used SHA (<a
href="https://redirect.github.com/workos/workos-elixir/issues/66">#66</a>)</li>
<li><a
href="d65cec3d04"><code>d65cec3</code></a>
Update WorkOS Dependency Version in Readme</li>
<li>See full diff in <a
href="https://github.com/workos/workos-elixir/compare/v1.1.0...v1.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Why:
* We have seen issues with Google Admin SDK API returning bad
information when requesting directory info, such as Groups and
Identities. The requests seem to return successful HTTP codes, but the
data is missing, which our sync system interprets as all
Groups/Identities have been deleted from the Google Workspace. In order
to prevent this from happening a deletion circuit breaker function has
been added to stop a sync job if a certain percentage of the identities
will be deleted on the current run. This should prevent the possibility
of mass deleting Groups/Identities if an Identity Provider hands back
incorrect info on any sync.
Fixes: #9188
Why:
* We have decided to change the way we will do audit logging. Instead of
soft deleting data and keeping it in the table it was created in, we
will be moving to an audit trail table where various actions will be
recorded in a table/DB specifically for auditing purposes. Due to this
change we need to make sure that we don't have stale/dangling
references. One set of references we keep everywhere is
`created_by_identity_id` and `created_by_actor_id`. Those foreign key
references won't be able to be used after moving to the new audit
system. This commit will allow us to keep that info by pulling the
values and storing the data in a created_by_subject field on the record.
