github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,094 Commits 1 Branch 0 Tags
6114bb274fa483185cbc4a4ef3fbbe13f42b4f6d
Commit Graph

2263 Commits

Author SHA1 Message Date
Thomas Eizinger
6114bb274f chore(rust): make most of the Rust code compile on MacOS (#8924) 
When working on the Rust code of Firezone from a MacOS computer, it is
useful to have pretty much all of the code at least compile to ensure
detect problems early. Eventually, once we target features like a
headless MacOS client, some of these stubs will actually be filled in an
be functional.
 2025-04-29 11:20:09 +00:00
Thomas Eizinger
091a1d0ab9 fix(headless-client): don't print error for -h (#8925) 
Resolves: #8897
 2025-04-29 07:58:57 +00:00
Thomas Eizinger
66b7ca6f7f fix(connlib): ensure we don't mistake SYN-ACK for SYN (#8922) 
This shouldn't matter because we are only using the `UniquePacketBuffer`
on the client and not on the Gateway where SYN-ACK packets would be sent
from. To be fully correct though, we need to also compare the ACK flag
of the two packets.
 2025-04-29 04:17:18 +00:00
Thomas Eizinger
fde8d08423 fix(connlib): maintain packet order across GSO batches (#8920) 
Despite our efforts in #8912, the current implementation still does not
do enough to maintain packet ordering across GSO batches.

At present, we very aggressively batch packets of the same length
together. This however is too eager when we consider packet flows such
as the following:

```
9:03:49.585143 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 1:1229, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
09:03:49.585151 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 1229:2063, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 834
09:03:49.585157 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 2063:3094, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1031
09:03:49.585187 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 3094:4322, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
09:03:49.585188 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 4322:5156, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 834
09:03:49.585227 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 5156:6384, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
09:03:49.585228 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 6384:7612, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
09:03:49.585230 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 7612:8249, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 637
09:03:49.585846 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 8249:9477, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
09:03:49.585851 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 9477:10705, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228
```

As we can see here, the remote sends us packet batches of varying
lengths:

- 1228, 834
- 1031
- 1228, 834
- 1228, 1228, 637
- 1228, 1228

1228 represents a "full" TCP packet so any packet following a
full-packet SHOULD be grouped together into a GSO batch.

Currently, we are batching all the 1228 packets together and we ignore
the fact that there were actually smaller sized packets inbetween those
that belong together.

To mitigate this, we refactor the `GsoQueue` to remove the
`segment_size` from the binning key of our map and instead only group
batches by their source, destination and ECN information. Within such a
connection, we then create an ordered list of batches. A new batch is
started if the length differs or we have previously pushed a packet that
isn't of the length of the batch, therefore signalling the end of the
batch.

The result here looks very promising (this is loading
`blog.firezone.dev` via the `lynx` browser from within the
headless-client docker container, so going through a Gateway running
this PR):

|main|this PR|
|---|---|
|![Screenshot From 2025-04-29
10-32-00](https://github.com/user-attachments/assets/ba0535e4-1df9-4601-a2d7-ba099ba2313f)|![image](https://github.com/user-attachments/assets/ab2ccec7-ce96-4305-8514-2e43d82ecc7d)|

Related: #8899
 2025-04-29 00:50:23 +00:00
Thomas Eizinger
ad9a453aa1 feat(linux-client): reduce number of TUN threads to 1 (#8914) 
Having multiple threads for reading and writing the TUN device can cause
packet re-orderings on the client. All other clients only use a single
TUN thread, so aligning this value means a more consistent behaviour of
Firezone across all platforms.
 2025-04-28 12:25:27 +00:00
Thomas Eizinger
52efb280ee chore(ip-packet): print length of payload (#8913) 
This is useful when debugging things.
 2025-04-28 10:45:15 +00:00
Thomas Eizinger
e0faddf43f chore(connlib): maintain order within a single GSO batch (#8912) 
Generic Segmentation Offload (GSO) is a clever way of reducing the
number of syscalls made when a you want to send a lot of packets with
the same length to the same recipient. The way this works is that the
packets are concatenated and passed to the kernel as a single packet
together with the `segment_size` as an out-of-band argument.

The component managing this batching in `connlib` is called `GsoQueue`.
In #8772, we made the order in which these batches are sent to the
kernel explicit by prioritising batches with smaller segments. What we
overlooked with that strategy is that in a particular GSO batch, the
last packet is actually allowed to be of a different length.

For example, say the user is downloading an image of 4500Kb. With our
MTU of 1280, we have a payload size of 1252. This results in three
fully-filled packets and one packet of 744 bytes. With the change in
#8772, the small packet of 744 bytes will be transferred first, followed
by the "train" of fully filled packets.

To fix this, we flip the order here and transfer batches or larger sizes
first. The original problem we attempted to mitigate in #8772 no longer
exists now that we merged #7590. We will simply suspend now if the UDP
socket isn't ready contrary to dropping the next batch.

By flipping the order here, we guarantee that batches with a larger size
are sent before batches with a smaller size. This should also imply that
the encapsulated IP packets of e.g. an image arrive in the correct order
(with the smallest packet last as it is part of a smaller batch). What
we don't guarantee with this is that there won't be any other IP packets
sent "in the middle" of such a batch. This shouldn't be a problem though
as we are simply interleaving packets of different TCP / UDP connections
with each other which already happens on the regular Internet anyway.
 2025-04-28 06:53:43 +00:00
Thomas Eizinger
ac5e44d5d0 feat(connlib): request larger buffers for UDP sockets (#8731) 
Sufficiently large receive buffers are important to sustain
high-throughput as latency increases. If the receive buffer in the
kernel is too small, packets need to be dropped on arrival.

Firefox uses 1MB in its QUIC stack [0]. `quic-go` recommends to set send
and receive buffers to 7.5 MB [1]. Power users of Firezone are likely
receiving a lot more traffic than the average Firefox user (especially
with Internet Resource activated) so setting it to 10 MB seems
reasonable. Sending packets is likely not as critical because we have
back-pressure through our system such that we will stop reading IP
packets when we cannot write to our UDP socket. The UDP socket is
sitting in a separate thread and those threads are connected with
dedicated queues which act as another buffer. However, as the data below
shows, some systems have really small send buffers which are currently
likely a speed bottleneck because we need to suspend writing so
frequently.

Assuming a 50ms latency, the bandwidth-delay product tells us that we
can (in theory) saturate a 1.6 Gbps link with a 10MB receive buffer
(assuming the OS also has large enough buffer sizes in its TCP or QUIC
stack):

```
80 Mb / 0.05s = 1600Mbps
```

Experiments and research [2] show the following:

|OS|Receive buffer (default)|Receive buffer (this PR)|Send buffer
(default)|Send buffer (this PR)|
|---|---|---|---|---|
|Windows|65KB|10MB|65KB|1MB|
|MacOS|786KB|8MB|9KB|1MB|
|Linux|212KB|212KB|212KB|212KB|

With the exception of Linux, the OSes appear to be quite generous with
how big they allow receive buffers to be. On Linux, these limit can be
changed by setting the `core.net.rmem_max` and `core.net.wmem_max`
parameters using `sysctl`.

Most of our users are on Windows and MacOS, meaning they immediately
benefit from this without having to change any system settings. Larger
client-side UDP receive buffers are critical for any "download" scenario
which is likely the majority of usecases that Firezone is used for.

On Windows, increasing this receive buffer almost doubles the throughput
in an iperf3 download test.

[0]: https://github.com/mozilla/neqo/pull/2470
[1]: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
[2]: https://unix.stackexchange.com/a/424381

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
 2025-04-22 06:52:33 +00:00
Thomas Eizinger
93036734ae build(rust): move our own windows dependency to 0.61.0 (#8730) 
Version `0.61.0` is what most of our dependencies bring in, so depending
on that allows us to unify the dependency tree here.
 2025-04-22 02:35:28 +00:00
Thomas Eizinger
44a402e1db feat(connlib): increase the number of GRO batches (#8874) 
When reading from our UDP socket, we utilise GRO to read multiple
packets originating from the same IP + port and with the same length in
a single syscall. Currently, we can read up to 10 different combinations
here in a single syscall. `quinn_udp` actually exposes a constant for
how many batches it can handle at a time. Instead of hard-coding the
value 10, we now follow this constant.

On Linux and MacOS (with `apple-fast-datapath`), this constant has the
value 32. On Windows, it is 1.

Even on my not-so-fast Internet connection of 100Mbit, I can see an
increase in batch-count of up to 29 so increasing this value seems to be
definitely worth it.
 2025-04-22 02:07:12 +00:00
Thomas Eizinger
74ff39ec6d fix(connlib): shortcut DatagramSegmentIter on len (#8877) 
When the `recv` syscall completes, `quinn-udp` tells us how many batches
we have read. On Windows, this is always 1 because Windows doesn't have
an APIs to read more than a single GRO batch. The `DatagramSegmentIter`
already has a way of detecting this, however it currently needs to
iterator through all batches (10) and check that their `meta.length ==
0` before realising this.

We can shortcut the iterator early which might improve download
performance on Windows.

I can't measure a direct improvement here but I believe that is because
we are currently limited by the buffer size on Windows. Regardless, this
feels like the right thing to do.
 2025-04-22 01:35:45 +00:00
Thomas Eizinger
d2e275be56 feat(connlib): classify UDP traffic by protocol (#8886) 
It creates a bit of duplication with code that we have in `snownet` but
it is code that is unlikely to change because the protocols are already
standarised. Contrary to recording the port, the cardinality of these
protocols is much fixed to a much smaller range which will allow us to
safely record these metrics in an actual time-series database further
down the line whilst still reasoning about how much traffic we are
sending over TURN, as STUN or as WireGuard.
 2025-04-22 01:35:38 +00:00
Thomas Eizinger
bcbc8cd212 build(rust): bump aya to include BTF information feature (#8883) 
The latest version of `aya-build` automatically builds our eBPF program
with BTF information enabled.

Related: https://github.com/aya-rs/aya/pull/1250
 2025-04-22 00:36:41 +00:00
Jamil
5db8e20f3b chore: release Apple and GUI clients (#8882) 
- Apple clients 1.4.12
- GUI clients 1.4.11
 2025-04-21 21:45:16 +00:00
Jamil
368ace2c6e ci: Release Android 1.4.7 (#8878) 
App is live on Play store.
 2025-04-21 21:12:27 +00:00
Thomas Eizinger
4d20856d21 chore(connlib): record GRO batch-size as histogram metric (#8875) 
This will allow us to test, how many batches we typically read from the
UDP socket in a single syscall. Knowing that should help in profiling
#8874.
 2025-04-21 13:17:25 +00:00
dependabot[bot]
0ad7cc5b93 build(deps): bump log from 0.4.26 to 0.4.27 in /rust (#8870) 
Bumps [log](https://github.com/rust-lang/log) from 0.4.26 to 0.4.27.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/log/releases">log's
releases</a>.</em></p>
<blockquote>
<h2>0.4.27</h2>
<h2>What's Changed</h2>
<ul>
<li>A few minor lint fixes by <a
href="https://github.com/nyurik"><code>@​nyurik</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/671">rust-lang/log#671</a></li>
<li>Enable clippy support for format-like macros by <a
href="https://github.com/nyurik"><code>@​nyurik</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/665">rust-lang/log#665</a></li>
<li>Add an optional logger param by <a
href="https://github.com/tisonkun"><code>@​tisonkun</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/664">rust-lang/log#664</a></li>
<li>Pass global logger by value, supplied logger by ref by <a
href="https://github.com/KodrAus"><code>@​KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/673">rust-lang/log#673</a></li>
<li>Prepare for 0.4.27 release by <a
href="https://github.com/KodrAus"><code>@​KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/674">rust-lang/log#674</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.26...0.4.27">https://github.com/rust-lang/log/compare/0.4.26...0.4.27</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/log/blob/master/CHANGELOG.md">log's
changelog</a>.</em></p>
<blockquote>
<h2>[0.4.27] - 2025-03-24</h2>
<h3>What's Changed</h3>
<ul>
<li>A few minor lint fixes by <a
href="https://github.com/nyurik"><code>@​nyurik</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/671">rust-lang/log#671</a></li>
<li>Enable clippy support for format-like macros by <a
href="https://github.com/nyurik"><code>@​nyurik</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/665">rust-lang/log#665</a></li>
<li>Add an optional logger param by <a
href="https://github.com/tisonkun"><code>@​tisonkun</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/664">rust-lang/log#664</a></li>
<li>Pass global logger by value, supplied logger by ref by <a
href="https://github.com/KodrAus"><code>@​KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/673">rust-lang/log#673</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.26...0.4.27">https://github.com/rust-lang/log/compare/0.4.26...0.4.27</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="35161d0d25"><code>35161d0</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/674">#674</a>
from rust-lang/cargo/0.4.27</li>
<li><a
href="cc131ef268"><code>cc131ef</code></a>
prepare for 0.4.27 release</li>
<li><a
href="ea6f54d395"><code>ea6f54d</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/673">#673</a>
from rust-lang/feat/logger-by-ref</li>
<li><a
href="d229c7355b"><code>d229c73</code></a>
fix unclosed code block</li>
<li><a
href="02486e458c"><code>02486e4</code></a>
fill in more tests for logger argument</li>
<li><a
href="71e034ffa6"><code>71e034f</code></a>
expand logger tests</li>
<li><a
href="dfa067e65c"><code>dfa067e</code></a>
fix up kv passing</li>
<li><a
href="39d4c3ab88"><code>39d4c3a</code></a>
run fmt</li>
<li><a
href="7aacc8fea3"><code>7aacc8f</code></a>
pass global logger by value, supplied logger by ref</li>
<li><a
href="a438c6ed08"><code>a438c6e</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/664">#664</a>
from tisonkun/logger-field</li>
<li>Additional commits viewable in <a
href="https://github.com/rust-lang/log/compare/0.4.26...0.4.27">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=log&package-manager=cargo&previous-version=0.4.26&new-version=0.4.27)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-21 12:19:13 +00:00
dependabot[bot]
04a3cf1a33 build(deps): bump keyring from 3.6.1 to 3.6.2 in /rust (#8869) 
Bumps [keyring](https://github.com/hwchen/keyring-rs) from 3.6.1 to
3.6.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hwchen/keyring-rs/releases">keyring's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.2: better docs, lighter-weight tests</h2>
<p>Thanks to <a
href="https://github.com/unkcpz"><code>@​unkcpz</code></a>, this release
fully documents all the platform-specific modules in each platform on <a
href="https://docs.rs/keyring/latest/keyring/">docs.rs</a>.</p>
<p>The dev dependencies (used for testing) have been switched from using
<code>rand</code> to using the lighter-weight module
<code>fastrand</code>.</p>
<p>There are no functional code changes in this release, only test
changes.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-source-cooperative/keyring-rs/blob/master/CHANGELOG.md">keyring's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.6.2</h2>
<ul>
<li>Have docs.rs build docs for all modules on all platforms (thanks to
<a href="https://github.com/unkcpz"><code>@​unkcpz</code></a> - see <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/235">#235</a>).</li>
<li>Switch to <code>fastrand</code> for tests (see <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/237">#237</a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ee3f80d0d3"><code>ee3f80d</code></a>
Merge pull request <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/238">#238</a>
from brotskydotcom/issue-236</li>
<li><a
href="766c8bc4e6"><code>766c8bc</code></a>
Switch to using fastrand for testing.</li>
<li><a
href="f1b7ec192e"><code>f1b7ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/237">#237</a>
from unkcpz/fix/235/keyring-doc-xplat</li>
<li><a
href="09c9c0dd94"><code>09c9c0d</code></a>
using matrix for targets in doctest.yaml</li>
<li><a
href="307e575e2f"><code>307e575</code></a>
Move to doctest.yaml as ind CI and run inline from action</li>
<li><a
href="8a5c6dd838"><code>8a5c6dd</code></a>
fast-fail test-docsrs-build.sh</li>
<li><a
href="a40bd956fd"><code>a40bd95</code></a>
r-brot</li>
<li><a
href="ac2a3b474d"><code>ac2a3b4</code></a>
experiment doccfg with attr docrs</li>
<li><a
href="3d8da9603c"><code>3d8da96</code></a>
multi-target toolchain CI</li>
<li><a
href="a994584d9b"><code>a994584</code></a>
remove -Zbuild-std which not required on docs.rs</li>
<li>Additional commits viewable in <a
href="https://github.com/hwchen/keyring-rs/compare/v3.6.1...v3.6.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=keyring&package-manager=cargo&previous-version=3.6.1&new-version=3.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-21 12:19:09 +00:00
dependabot[bot]
23c0db825e build(deps): bump tauri from 2.5.0 to 2.5.1 in /rust in the tauri group (#8868) 
Bumps the tauri group in /rust with 1 update:
[tauri](https://github.com/tauri-apps/tauri).

Updates `tauri` from 2.5.0 to 2.5.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.5.1</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
    Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
     Locking 1021 packages to latest compatible versions
      Adding apple-codesign v0.27.0 (available: v0.29.0)
      Adding axum v0.7.9 (available: v0.8.3)
      Adding colored v2.2.0 (available: v3.0.0)
      Adding ctor v0.2.9 (available: v0.4.1)
      Adding getrandom v0.2.15 (available: v0.3.2)
      Adding html5ever v0.26.0 (available: v0.30.0)
      Adding itertools v0.13.0 (available: v0.14.0)
      Adding json-patch v3.0.1 (available: v4.0.0)
      Adding minisign v0.7.3 (available: v0.7.9)
      Adding oxc_allocator v0.36.0 (available: v0.61.2)
      Adding oxc_ast v0.36.0 (available: v0.61.2)
      Adding oxc_parser v0.36.0 (available: v0.61.2)
      Adding oxc_span v0.36.0 (available: v0.61.2)
      Adding proc-macro-crate v2.0.0 (available: v2.0.2)
      Adding rand v0.8.5 (available: v0.9.0)
      Adding rpm v0.16.0 (available: v0.17.0)
      Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
      Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
      Adding tauri-utils v1.6.0 (available: v1.6.2)
      Adding tiny_http v0.11.0 (available: v0.12.0)
      Adding webview2-com v0.36.0 (available: v0.37.0)
      Adding windows v0.60.0 (available: v0.61.1)
      Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 748 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="766bccc341"><code>766bccc</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13243">#13243</a>)</li>
<li><a
href="31becbd1d1"><code>31becbd</code></a>
enhance(core): respect
<code>data-tauri-drag-region=&quot;false&quot;</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13269">#13269</a>)</li>
<li><a
href="da2a6ae5e3"><code>da2a6ae</code></a>
fix(core): raw channel message type regression (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13268">#13268</a>)</li>
<li><a
href="87fdc3b9cd"><code>87fdc3b</code></a>
chore(deps): update rust crate jsonschema to 0.30 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13249">#13249</a>)</li>
<li><a
href="30e76c7d3a"><code>30e76c7</code></a>
chore(deps): update rust crate brotli to v8 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13264">#13264</a>)</li>
<li><a
href="85b1912529"><code>85b1912</code></a>
Make tauri-runtime-wry optional with features (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13241">#13241</a>)</li>
<li><a
href="82da4f17f5"><code>82da4f1</code></a>
fix(ci): ubuntu 20.04 no longer exists (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13240">#13240</a>)</li>
<li>See full diff in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-v2.5.0...tauri-v2.5.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tauri&package-manager=cargo&previous-version=2.5.0&new-version=2.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-21 12:19:07 +00:00
Thomas Eizinger
0a620d20ca build(rust): bump iana-time-zone (#8863) 
This eliminates one duplicate version of the `windows` crate in our
dependency tree.
 2025-04-20 22:59:22 +00:00
dependabot[bot]
80cf386a3a build(deps): bump tempfile from 3.13.0 to 3.19.1 in /rust (#8845) 
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.13.0 to
3.19.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's
changelog</a>.</em></p>
<blockquote>
<h2>3.19.1</h2>
<ul>
<li>Don't unlink temporary files immediately on Windows (fixes <a
href="https://redirect.github.com/Stebalien/tempfile/issues/339">#339</a>).
Unfortunately, this seemed to corrupt the file object (possibly a
Windows kernel bug) in rare cases and isn't strictly speaking
necessary.</li>
</ul>
<h2>3.19.0</h2>
<ul>
<li>Remove direct dependency on <code>cfg-if</code>. It's still in the
tree, but we didn't really need to use it in this crate.</li>
<li>Add an unstable feature
(<code>unstable-windows-keep-open-tempfile</code>) to test a potential
fix to <a
href="https://redirect.github.com/Stebalien/tempfile/issues/339">#339</a>.</li>
</ul>
<h2>3.18.0</h2>
<ul>
<li>Update <code>rustix</code> to 1.0.0.</li>
<li>Make <code>NamedTempFile::persist_noclobber</code> atomic on Apple
operating systems. It's now atomic on MacOS, Windows, and Linux
(depending on the OS version and filesystem used).</li>
</ul>
<h2>3.17.1</h2>
<ul>
<li>Fix build with <code>windows-sys</code> 0.52. Unfortunately, we have
no CI for older <code>windows-sys</code> versions at the moment...</li>
</ul>
<h2>3.17.0</h2>
<ul>
<li>Make sure to use absolute paths in when creating unnamed temporary
files (avoids a small race in the &quot;immediate unlink&quot; logic)
and in <code>Builder::make_in</code> (when creating temporary files of
arbitrary types).</li>
<li>Prevent a theoretical crash that could (maybe) happen when a
temporary file is created from a drop function run in a TLS destructor.
Nobody has actually reported a case of this happening in practice and I
have been unable to create this scenario in a test.</li>
<li>When reseeding with <code>getrandom</code>, use platform (e.g., CPU)
specific randomness sources where possible.</li>
<li>Clarify some documentation.</li>
<li>Unlink unnamed temporary files on windows <em>immediately</em> when
possible instead of waiting for the handle to be closed. We open files
with &quot;Unix&quot; semantics, so this is generally possible.</li>
</ul>
<h2>3.16.0</h2>
<ul>
<li>Update <code>getrandom</code> to <code>0.3.0</code> (thanks to <a
href="https://github.com/paolobarbolini"><code>@​paolobarbolini</code></a>).</li>
<li>Allow <code>windows-sys</code> versions <code>0.59.x</code> in
addition to <code>0.59.0</code> (thanks <a
href="https://github.com/ErichDonGubler"><code>@​ErichDonGubler</code></a>).</li>
<li>Improved security documentation (thanks to <a
href="https://github.com/n0toose"><code>@​n0toose</code></a> for
collaborating with me on this).</li>
</ul>
<h2>3.15.0</h2>
<p>Re-seed the per-thread RNG from system randomness when we repeatedly
fail to create temporary files (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/314">#314</a>).
This resolves a potential DoS vector (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/178">#178</a>)
while avoiding <code>getrandom</code> in the common case where it's
necessary. The feature is optional but enabled by default via the
<code>getrandom</code> feature.</p>
<p>For libc-free builds, you'll either need to disable this feature or
opt-in to a different <a
href="https://github.com/rust-random/getrandom?tab=readme-ov-file#opt-in-backends"><code>getrandom</code>
backend</a>.</p>
<h2>3.14.0</h2>
<ul>
<li>Make the wasip2 target work (requires tempfile's &quot;nightly&quot;
feature to be enabled). <a
href="https://redirect.github.com/Stebalien/tempfile/pull/305">#305</a>.</li>
<li>Allow older windows-sys versions <a
href="https://redirect.github.com/Stebalien/tempfile/pull/304">#304</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="95540ed3fc"><code>95540ed</code></a>
chore: release v3.19.1</li>
<li><a
href="b60aae49c1"><code>b60aae4</code></a>
fix(windows): don't automatically delete files on open (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/344">#344</a>)</li>
<li><a
href="167f544abe"><code>167f544</code></a>
ci(cargo-deny): remove windows-sys exception (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/343">#343</a>)</li>
<li><a
href="42fff6813d"><code>42fff68</code></a>
chore: release v3.19.0</li>
<li><a
href="61b4283c20"><code>61b4283</code></a>
feat(windows): add a feature to immediate tempfile deletion (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/340">#340</a>)</li>
<li><a
href="c2d16b3bc3"><code>c2d16b3</code></a>
ci: downgrade once-cell on old rustc versions (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/342">#342</a>)</li>
<li><a
href="35c204d7c2"><code>35c204d</code></a>
chore: remove cfg-if dependency (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/338">#338</a>)</li>
<li><a
href="b8bddaf0cf"><code>b8bddaf</code></a>
release 3.18.0</li>
<li><a
href="0e17869470"><code>0e17869</code></a>
update rustix (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/336">#336</a>)</li>
<li><a
href="6cf65365a4"><code>6cf6536</code></a>
doc: fix markdown</li>
<li>Additional commits viewable in <a
href="https://github.com/Stebalien/tempfile/compare/v3.13.0...v3.19.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tempfile&package-manager=cargo&previous-version=3.13.0&new-version=3.19.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
 2025-04-20 22:49:41 +00:00
Thomas Eizinger
4c5fd9b256 feat(connlib): prefer relay candidates of same IP version (#8798) 
When calculating preferences for candidates, `str0m` currently always
prefer IPv6 over IPv4. This is as per the ICE spec. Howver, this can
lead to sub-optimal situations when a connection ends up using a TURN
server.

TURN allows a client to allocate an IPv4 and an IPv6 address in the same
allocation. This makes it possible for e.g. an IPv4-only client to
connect to an IPv6-only peer as long as the TURN server runs in
dual-stack AND the client requests an IPv6 address in addition to an
IPv4 address with the `ADDITIONAL-ADDRESS-FAMILY` attribute.

Assume that a client sits behind symmetric NAT and therefore needs to
rely on a TURN server to communicate with its peers. The TURN server as
well as all the peers operate in dual-stack mode.

The current priority calculation will yield a communication path that
uses IPv4 to talk to the TURN server (as that is the only one available)
but due to the preference ordering of IPv6 over IPv4, will use an IPv6
path to the peer, despite the peer also supporting IPv4.

This isn't a problem per-se but makes our life unnecessarily difficult.
Our TURN servers use eBPF to efficiently deal with TURN's channel-data
messages. This however is at present only implemented for the IPv4 <>
IPv4 and IPv6 <> IPv6 path. Implementing the other paths is possible but
complicates the eBPF code because we need to also translate IP headers
between versions and not just update the source and destination IPs.

We have since patched `str0m` to extend the `Candidate::relayed`
constructor to also take a `base` address which is - similar to the
other candidate types - the address the client is sending from in order
to use this candidate. In the context of relayed candidates, this is the
address the client is using to talk to the TURN server. We can use this
information in the candidate's priority calculation to prefer candidates
that allow traffic to remain within one IP version, i.e. if the client
talks to the TURN server over IPv4, the candidate with an allocated IPv4
address will have a higher priority than the one with the IPv6 address
because we are applying a "punishment" factor as part of the
local-preference component in the priority formula.

Staying within the same IP version whilst relaying traffic allows our
TURN servers to use their eBPF kernel which results in a better UX due
to lower latency and higher throughput.

The final candidate ordering is ultimately decided by the controlling
ICE agent which in our case is the Firezone Client. Thus, we don't
necessarily need to update Gateways in order to test / benefit from
this. Building a Client with this patch included should be enough to
benefit from this change.

Related: https://github.com/algesten/str0m/pull/640
Related: https://github.com/algesten/str0m/pull/644
 2025-04-20 22:41:56 +00:00
dependabot[bot]
4a81aed3cb build(deps): bump domain from 0.10.3 to 0.10.4 in /rust (#8856) 
Bumps [domain](https://github.com/nlnetlabs/domain) from 0.10.3 to
0.10.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nlnetlabs/domain/releases">domain's
releases</a>.</em></p>
<blockquote>
<h2>0.10.4</h2>
<p>Other changes</p>
<ul>
<li>Fix a build issue with <a
href="https://time-rs.github.io/"><em>time</em></a> 0.3.41. (<a
href="https://redirect.github.com/nlnetlabs/domain/issues/505">#505</a>,
backported from <a
href="https://redirect.github.com/nlnetlabs/domain/issues/503">#503</a>
by [<a href="https://github.com/PSeitz"><code>@​PSeitz</code></a>])</li>
</ul>
<p><a
href="https://redirect.github.com/nlnetlabs/domain/issues/503">#503</a>:
<a
href="https://redirect.github.com/NLnetLabs/domain/pull/503">NLnetLabs/domain#503</a>
<a
href="https://redirect.github.com/nlnetlabs/domain/issues/505">#505</a>:
<a
href="https://redirect.github.com/NLnetLabs/domain/pull/505">NLnetLabs/domain#505</a>
[<a href="https://github.com/PSeitz"><code>@​PSeitz</code></a>]: <a
href="https://github.com/PSeitz">https://github.com/PSeitz</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/NLnetLabs/domain/blob/main/Changelog.md">domain's
changelog</a>.</em></p>
<blockquote>
<h2>0.10.4</h2>
<p>Released 2025-03-31.</p>
<p>Other changes</p>
<ul>
<li>Fix a build issue with <a
href="https://time-rs.github.io/"><em>time</em></a> 0.3.41.
(<a
href="https://redirect.github.com/nlnetlabs/domain/issues/505">#505</a>,
backported from <a
href="https://redirect.github.com/nlnetlabs/domain/issues/503">#503</a>
by [<a href="https://github.com/PSeitz"><code>@​PSeitz</code></a>])</li>
</ul>
<p><a
href="https://redirect.github.com/nlnetlabs/domain/issues/503">#503</a>:
<a
href="https://redirect.github.com/NLnetLabs/domain/pull/503">NLnetLabs/domain#503</a>
<a
href="https://redirect.github.com/nlnetlabs/domain/issues/505">#505</a>:
<a
href="https://redirect.github.com/NLnetLabs/domain/pull/505">NLnetLabs/domain#505</a>
[<a href="https://github.com/PSeitz"><code>@​PSeitz</code></a>]: <a
href="https://github.com/PSeitz">https://github.com/PSeitz</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b851eeb543"><code>b851eeb</code></a>
Release 0.10.4. (<a
href="https://redirect.github.com/nlnetlabs/domain/issues/509">#509</a>)</li>
<li><a
href="556255bcef"><code>556255b</code></a>
Update dependencies. (<a
href="https://redirect.github.com/nlnetlabs/domain/issues/508">#508</a>)</li>
<li><a
href="1aae138ebd"><code>1aae138</code></a>
Explicit cast in comparison (series 0.10) (<a
href="https://redirect.github.com/nlnetlabs/domain/issues/505">#505</a>)</li>
<li><a
href="bffb0d97c9"><code>bffb0d9</code></a>
Clippy-suggested fixes introduces in Rust 1.85. (<a
href="https://redirect.github.com/nlnetlabs/domain/issues/506">#506</a>)</li>
<li>See full diff in <a
href="https://github.com/nlnetlabs/domain/compare/v0.10.3...v0.10.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=domain&package-manager=cargo&previous-version=0.10.3&new-version=0.10.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-20 11:58:20 +00:00
dependabot[bot]
6bae165302 build(deps-dev): bump @types/node from 22.13.9 to 22.14.1 in /rust/gui-client (#8833) 
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 22.13.9 to 22.14.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/node&package-manager=npm_and_yarn&previous-version=22.13.9&new-version=22.14.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-20 11:16:56 +00:00
dependabot[bot]
ea53eebb74 build(deps): bump serde_json from 1.0.135 to 1.0.140 in /rust (#8857) 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.135 to
1.0.140.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/json/releases">serde_json's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.140</h2>
<ul>
<li>Documentation improvements</li>
</ul>
<h2>v1.0.139</h2>
<ul>
<li>Documentation improvements</li>
</ul>
<h2>v1.0.138</h2>
<ul>
<li>Documentation improvements</li>
</ul>
<h2>v1.0.137</h2>
<ul>
<li>Turn on &quot;float_roundtrip&quot; and &quot;unbounded_depth&quot;
features for serde_json in play.rust-lang.org (<a
href="https://redirect.github.com/serde-rs/json/issues/1231">#1231</a>)</li>
</ul>
<h2>v1.0.136</h2>
<ul>
<li>Optimize serde_json::value::Serializer::serialize_map by using
Map::with_capacity (<a
href="https://redirect.github.com/serde-rs/json/issues/1230">#1230</a>,
thanks <a
href="https://github.com/goffrie"><code>@​goffrie</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="762783414e"><code>7627834</code></a>
Release 1.0.140</li>
<li><a
href="d77a498c80"><code>d77a498</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1245">#1245</a>
from serde-rs/powerpc</li>
<li><a
href="b34d317089"><code>b34d317</code></a>
Delete unused gcc installation</li>
<li><a
href="f7200c3cf6"><code>f7200c3</code></a>
Ignore unbuffered_bytes clippy lint</li>
<li><a
href="76cd4fb383"><code>76cd4fb</code></a>
Ignore elidable_lifetime_names pedantic clippy lint</li>
<li><a
href="400eaa977f"><code>400eaa9</code></a>
Point standard library links to stable</li>
<li><a
href="4d4f53c3b7"><code>4d4f53c</code></a>
Release 1.0.139</li>
<li><a
href="5d6b32f378"><code>5d6b32f</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1242">#1242</a>
from dtolnay/writefloat</li>
<li><a
href="e5bb8bd38f"><code>e5bb8bd</code></a>
Document behavior of write_f32/f64 on non-finite floats</li>
<li><a
href="7a797810d2"><code>7a79781</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1241">#1241</a>
from dtolnay/doclink</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/json/compare/v1.0.135...v1.0.140">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde_json&package-manager=cargo&previous-version=1.0.135&new-version=1.0.140)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-20 11:14:40 +00:00
Thomas Eizinger
92534ae4ec test(connlib): ensure we have gaps in port ranges (#8862) 
This should fix the flaky proptest.
 2025-04-20 11:02:55 +00:00
Thomas Eizinger
1af7f4f8c1 fix(rust): don't use jemalloc on ARMv7 (#8859) 
Doesn't compile on ARMv7 so we just fallback to the default allocator
there.
 2025-04-19 22:20:05 +00:00
Thomas Eizinger
ae4b7d9d08 test(connlib): correctly assert in Io unit-test (#8861) 
Not sure what I was smoking when I wrote this test but the current
assertion makes no sense for what we actually want to test.

As the test name says, we want to assert that if we are given an
`Instant` in the past, we do in fact return a more recent one and
therefore what is returned in `Input::Timeout` is at least as recent as
`now`.
 2025-04-19 22:17:51 +00:00
dependabot[bot]
9c10fbf8b5 build(deps-dev): bump typescript from 5.7.3 to 5.8.3 in /rust/gui-client (#8855) 
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.7.3
to 5.8.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/microsoft/TypeScript/releases">typescript's
releases</a>.</em></p>
<blockquote>
<h2>TypeScript 5.8.3</h2>
<p>For release notes, check out the <a
href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-8/">release
announcement</a>.</p>
<ul>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.8.0%22+is%3Aclosed+">fixed
issues query for Typescript 5.8.0 (Beta)</a>.</li>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.8.1%22+is%3Aclosed+">fixed
issues query for Typescript 5.8.1 (RC)</a>.</li>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.8.2%22+is%3Aclosed+">fixed
issues query for Typescript 5.8.2 (Stable)</a>.</li>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.8.3%22+is%3Aclosed+">fixed
issues query for Typescript 5.8.3 (Stable)</a>.</li>
</ul>
<p>Downloads are available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/typescript">npm</a></li>
</ul>
<h2>TypeScript 5.8</h2>
<p>For release notes, check out the <a
href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-8/">release
announcement</a>.</p>
<ul>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.8.0%22+is%3Aclosed+">fixed
issues query for Typescript 5.8.0 (Beta)</a>.</li>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.8.1%22+is%3Aclosed+">fixed
issues query for Typescript 5.8.1 (RC)</a>.</li>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.8.2%22+is%3Aclosed+">fixed
issues query for Typescript 5.8.2 (Stable)</a>.</li>
</ul>
<p>Downloads are available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/typescript">npm</a></li>
</ul>
<h2>TypeScript 5.8 RC</h2>
<p>For release notes, check out the <a
href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-8-rc/">release
announcement</a>.</p>
<ul>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.8.0%22+is%3Aclosed+">fixed
issues query for Typescript 5.8.0 (Beta)</a>.</li>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.8.1%22+is%3Aclosed+">fixed
issues query for Typescript 5.8.1 (RC)</a>.</li>
</ul>
<p>Downloads are available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/typescript">npm</a></li>
</ul>
<h2>TypeScript 5.8 Beta</h2>
<p>For release notes, check out the <a
href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-8-beta/">release
announcement</a>.</p>
<ul>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.8.0%22+is%3Aclosed+">fixed
issues query for Typescript 5.8.0 (Beta)</a>.</li>
</ul>
<p>Downloads are available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/typescript">npm</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="83dc0bb2ed"><code>83dc0bb</code></a>
Convert release publishing inputs into parameters (<a
href="https://redirect.github.com/microsoft/TypeScript/issues/61523">#61523</a>)</li>
<li><a
href="ba663f6ac2"><code>ba663f6</code></a>
Exclude completions of binding pattern variable initializers (<a
href="https://redirect.github.com/microsoft/TypeScript/issues/52723">#52723</a>)</li>
<li><a
href="7205eda454"><code>7205eda</code></a>
Bump github/codeql-action from 3.28.12 to 3.28.13 in the github-actions
group...</li>
<li><a
href="89c572ca0c"><code>89c572c</code></a>
Fixed a symbol display crash on expando members write locations (<a
href="https://redirect.github.com/microsoft/TypeScript/issues/55478">#55478</a>)</li>
<li><a
href="7b26d2eba5"><code>7b26d2e</code></a>
Fix incorrect name in new release pipeline (<a
href="https://redirect.github.com/microsoft/TypeScript/issues/61514">#61514</a>)</li>
<li><a
href="c7a559eeae"><code>c7a559e</code></a>
Add new release publisher yaml (<a
href="https://redirect.github.com/microsoft/TypeScript/issues/61491">#61491</a>)</li>
<li><a
href="29e6d6689d"><code>29e6d66</code></a>
Fix <code>lib.includes('dom')</code> check in
<code>containerSeemsToBeEmptyDomElement</code> (<a
href="https://redirect.github.com/microsoft/TypeScript/issues/61481">#61481</a>)</li>
<li><a
href="19b777260b"><code>19b7772</code></a>
Bump the github-actions group with 4 updates (<a
href="https://redirect.github.com/microsoft/TypeScript/issues/61474">#61474</a>)</li>
<li><a
href="4dc677b292"><code>4dc677b</code></a>
Fix errors on type assertions in erasableSyntaxOnly (<a
href="https://redirect.github.com/microsoft/TypeScript/issues/61452">#61452</a>)</li>
<li><a
href="ee3dd7264b"><code>ee3dd72</code></a>
fix(60908): Unexpected &quot;'Type' is declared but its value is never
read.&quot; erro...</li>
<li>Additional commits viewable in <a
href="https://github.com/microsoft/TypeScript/compare/v5.7.3...v5.8.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript&package-manager=npm_and_yarn&previous-version=5.7.3&new-version=5.8.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-19 21:02:27 +00:00
dependabot[bot]
a3c221d7c2 build(deps): bump the tauri group in /rust/gui-client with 2 updates (#8825) 
Bumps the tauri group in /rust/gui-client with 2 updates:
[@tauri-apps/api](https://github.com/tauri-apps/tauri) and
[@tauri-apps/cli](https://github.com/tauri-apps/tauri).

Updates `@tauri-apps/api` from 2.4.1 to 2.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/api</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/api</code> v2.5.0</h2>
<!-- raw HTML omitted -->
<pre><code>No known vulnerabilities found
</code></pre>
<!-- raw HTML omitted -->
<h2>[2.5.0]</h2>
<h3>New Features</h3>
<ul>
<li>
<p><a
href="66e6325f43"><code>66e6325f4</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13136">#13136</a>)
Allow passing the callback as the parameter of constructor of
<code>Channel</code> so you can use it like this <code>new
Channel((message) =&gt; console.log(message))</code></p>
</li>
<li>
<p><a
href="ea36294cbc"><code>ea36294cb</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13208">#13208</a>)
Added <code>disableInputAccessoryView: bool</code> config for iOS.</p>
</li>
<li>
<p><a
href="c1cd0a2ddb"><code>c1cd0a2dd</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13090">#13090</a>)
macOS/iOS: add option to disable or enable link previews when building a
webview (the webkit api has it enabled by default)</p>
<ul>
<li><code>WindowOptions::allowLinkPreview</code></li>
<li><code>WebviewOptions::allowLinkPreview</code></li>
</ul>
</li>
<li>
<p><a
href="b072e2b296"><code>b072e2b29</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/9687">#9687</a>)
Add <code>preventOverflow</code> config option to prevent the window
from overflowing the monitor size on creation</p>
</li>
<li>
<p><a
href="dd4f13ce4b"><code>dd4f13ce4</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13185">#13185</a>)
Added <code>app.setDockVisibility</code> for macOS.</p>
</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li><a
href="b8f86669ab"><code>b8f86669a</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13145">#13145</a>)
<code>core.isTauri</code> now leverages <code>globalThis</code> instead
of <code>window</code> in order to be used in unit tests.</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="66e6325f43"><code>66e6325f4</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13136">#13136</a>)
Fix <code>Channel</code>'s callback attached to <code>window</code>
never cleaned up</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>&gt; @tauri-apps/api@2.5.0 npm-publish
/home/runner/work/tauri/tauri/packages/api
&gt; pnpm build &amp;&amp; cd ./dist &amp;&amp; pnpm publish --access
public --loglevel silly --no-git-checks
<p>&gt; <code>@​tauri-apps/api</code><a
href="https://github.com/2"><code>@​2</code></a>.5.0 build
/home/runner/work/tauri/tauri/packages/api
&gt; rollup -c --configPlugin typescript</p>
<p>
./src/app.ts, ./src/core.ts, ./src/dpi.ts, ./src/event.ts,
./src/image.ts, ./src/index.ts, ./src/menu.ts, ./src/mocks.ts,
./src/path.ts, ./src/tray.ts, ./src/webview.ts, ./src/webviewWindow.ts,
./src/window.ts → ./dist, ./dist...
created ./dist, ./dist in 1.7s

src/index.ts →
../../crates/tauri/scripts/bundle.global.js...
created ../../crates/tauri/scripts/bundle.global.js in
1.9s
npm verbose cli /opt/hostedtoolcache/node/20.19.0/x64/bin/node
/opt/hostedtoolcache/node/20.19.0/x64/bin/npm
npm info using npm@10.8.2
&lt;/tr&gt;&lt;/table&gt;
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/api-v2.4.1...@tauri-apps/api-v2.5.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `@tauri-apps/cli` from 2.4.1 to 2.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/cli</code> v2.5.0</h2>
<h2>[2.5.0]</h2>
<h3>New Features</h3>
<ul>
<li><a
href="0aa48fb9e4"><code>0aa48fb9e</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13030">#13030</a>)
Added <code>bundleVersion</code> to iOS and macOS configuration to
support specifying a <code>CFBundleVersion</code>.</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li><a
href="ad3fd3890f"><code>ad3fd3890</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13152">#13152</a>)
Detect package manager from environment variable
<code>npm_config_user_agent</code> first</li>
<li><a
href="82406c61e0"><code>82406c61e</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13231">#13231</a>)
Improve iOS simulator usage, checking if Xcode iOS SDK is installed and
allowing usage of Simulator for older iOS releases (previously only
supported when running on Xcode via <code>ios dev --open</code>).</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="2dccfab532"><code>2dccfab53</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13236">#13236</a>)
Fix <code>fileAssociations</code> missing <code>LSHandlerRank</code> on
macOS.</li>
<li><a
href="0802529031"><code>080252903</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13210">#13210</a>)
Fixes iOS dev not working on Xcode 16.3 simulators. To apply the fix,
either regenerate the Xcode project with <code>rm -r src-tauri/gen/apple
&amp;&amp; tauri ios init</code> or remove the <code>arm64-sim</code>
architecture from the Xcode project.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>tauri-cli@2.5.0</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v2.4.1...@tauri-apps/cli-v2.5.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-19 13:41:04 +00:00
Thomas Eizinger
a41395a165 feat(eBPF): embed BTF information in eBPF kernel (#8842) 
It turns out that the Rust compiler doesn't always say that it is adding
debug information to a binary even when it does! The build output only
displays `[optimized]` when in fact it does actually emit debug
information. Adding an additional linker flag configures `bpf-linker` to
include the necessary BTF information in our kernel.

This makes debugging verifier errors much easier as the program output
contains source code annotiations. It also should make it easier to
debug issues using `xdpdump` which relies on BTF information.

Resolves: #8503
 2025-04-19 12:38:59 +00:00
dependabot[bot]
024b0b36ed build(deps): bump the tauri group across 1 directory with 5 updates (#8841) 
Bumps the tauri group with 2 updates in the /rust directory:
[tauri](https://github.com/tauri-apps/tauri) and
[tauri-winrt-notification](https://github.com/tauri-apps/winrt-notification).

Updates `tauri` from 2.4.1 to 2.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.5.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
    Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
     Locking 1020 packages to latest compatible versions
      Adding apple-codesign v0.27.0 (available: v0.29.0)
      Adding axum v0.7.9 (available: v0.8.1)
      Adding colored v2.2.0 (available: v3.0.0)
      Adding ctor v0.2.9 (available: v0.4.1)
      Adding getrandom v0.2.15 (available: v0.3.2)
      Adding html5ever v0.26.0 (available: v0.30.0)
      Adding itertools v0.13.0 (available: v0.14.0)
      Adding json-patch v3.0.1 (available: v4.0.0)
      Adding minisign v0.7.3 (available: v0.7.9)
      Adding oxc_allocator v0.36.0 (available: v0.61.0)
      Adding oxc_ast v0.36.0 (available: v0.61.0)
      Adding oxc_parser v0.36.0 (available: v0.61.0)
      Adding oxc_span v0.36.0 (available: v0.61.0)
      Adding proc-macro-crate v2.0.0 (available: v2.0.2)
      Adding rand v0.8.5 (available: v0.9.0)
      Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
      Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
      Adding tauri-utils v1.6.0 (available: v1.6.2)
      Adding tiny_http v0.11.0 (available: v0.12.0)
      Adding webview2-com v0.36.0 (available: v0.37.0)
      Adding windows v0.60.0 (available: v0.61.1)
      Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 742 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1045 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
    ├── wry 0.50.5
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-v2.4.1...tauri-v2.5.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tauri-build` from 2.1.1 to 2.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-build's
releases</a>.</em></p>
<blockquote>
<h2>tauri-build v2.2.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
    Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
     Locking 1021 packages to latest compatible versions
      Adding apple-codesign v0.27.0 (available: v0.29.0)
      Adding axum v0.7.9 (available: v0.8.3)
      Adding colored v2.2.0 (available: v3.0.0)
      Adding ctor v0.2.9 (available: v0.4.1)
      Adding getrandom v0.2.15 (available: v0.3.2)
      Adding html5ever v0.26.0 (available: v0.31.0)
      Adding itertools v0.13.0 (available: v0.14.0)
      Adding json-patch v3.0.1 (available: v4.0.0)
      Adding minisign v0.7.3 (available: v0.7.9)
      Adding oxc_allocator v0.36.0 (available: v0.63.0)
      Adding oxc_ast v0.36.0 (available: v0.63.0)
      Adding oxc_parser v0.36.0 (available: v0.63.0)
      Adding oxc_span v0.36.0 (available: v0.63.0)
      Adding proc-macro-crate v2.0.0 (available: v2.0.2)
      Adding rand v0.8.5 (available: v0.9.0)
      Adding rpm v0.16.0 (available: v0.17.0)
      Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
      Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
      Adding tauri-utils v1.6.0 (available: v1.6.2)
      Adding tiny_http v0.11.0 (available: v0.12.0)
      Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 752 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
    ├── wry 0.51.2
    │   └── tauri-runtime-wry 2.6.0
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-build-v2.1.1...tauri-build-v2.2.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tauri-runtime` from 2.5.1 to 2.6.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-runtime's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.6.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
    Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
     Locking 1021 packages to latest compatible versions
      Adding apple-codesign v0.27.0 (available: v0.29.0)
      Adding axum v0.7.9 (available: v0.8.3)
      Adding colored v2.2.0 (available: v3.0.0)
      Adding ctor v0.2.9 (available: v0.4.1)
      Adding getrandom v0.2.15 (available: v0.3.2)
      Adding html5ever v0.26.0 (available: v0.31.0)
      Adding itertools v0.13.0 (available: v0.14.0)
      Adding json-patch v3.0.1 (available: v4.0.0)
      Adding minisign v0.7.3 (available: v0.7.9)
      Adding oxc_allocator v0.36.0 (available: v0.63.0)
      Adding oxc_ast v0.36.0 (available: v0.63.0)
      Adding oxc_parser v0.36.0 (available: v0.63.0)
      Adding oxc_span v0.36.0 (available: v0.63.0)
      Adding proc-macro-crate v2.0.0 (available: v2.0.2)
      Adding rand v0.8.5 (available: v0.9.0)
      Adding rpm v0.16.0 (available: v0.17.0)
      Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
      Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
      Adding tauri-utils v1.6.0 (available: v1.6.2)
      Adding tiny_http v0.11.0 (available: v0.12.0)
      Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 752 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
    ├── wry 0.51.2
    │   └── tauri-runtime-wry 2.6.0
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-runtime-v2.5.1...tauri-runtime-v2.6.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tauri-utils` from 2.3.1 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-utils's
releases</a>.</em></p>
<blockquote>
<h2>tauri-utils v2.4.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
    Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
     Locking 1021 packages to latest compatible versions
      Adding apple-codesign v0.27.0 (available: v0.29.0)
      Adding axum v0.7.9 (available: v0.8.3)
      Adding colored v2.2.0 (available: v3.0.0)
      Adding ctor v0.2.9 (available: v0.4.1)
      Adding getrandom v0.2.15 (available: v0.3.2)
      Adding html5ever v0.26.0 (available: v0.31.0)
      Adding itertools v0.13.0 (available: v0.14.0)
      Adding json-patch v3.0.1 (available: v4.0.0)
      Adding minisign v0.7.3 (available: v0.7.9)
      Adding oxc_allocator v0.36.0 (available: v0.63.0)
      Adding oxc_ast v0.36.0 (available: v0.63.0)
      Adding oxc_parser v0.36.0 (available: v0.63.0)
      Adding oxc_span v0.36.0 (available: v0.63.0)
      Adding proc-macro-crate v2.0.0 (available: v2.0.2)
      Adding rand v0.8.5 (available: v0.9.0)
      Adding rpm v0.16.0 (available: v0.17.0)
      Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
      Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
      Adding tauri-utils v1.6.0 (available: v1.6.2)
      Adding tiny_http v0.11.0 (available: v0.12.0)
      Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 752 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
    ├── wry 0.51.2
    │   └── tauri-runtime-wry 2.6.0
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-utils-v2.3.1...tauri-utils-v2.4.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tauri-winrt-notification` from 0.7.1 to 0.7.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/winrt-notification/releases">tauri-winrt-notification's
releases</a>.</em></p>
<blockquote>
<h2>tauri-winrt-notification v0.7.2</h2>
<p>Updating crates.io index
Locking 20 packages to latest compatible versions</p>
<!-- raw HTML omitted -->
<pre><code>Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 751 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (21 crate dependencies)
</code></pre>
<!-- raw HTML omitted -->
<h2>[0.7.2]</h2>
<ul>
<li><a
href="a7ec5622c4"><code>a7ec562</code></a>
(<a
href="https://redirect.github.com/tauri-apps/winrt-notification/pull/46">#46</a>
by <a
href="https://github.com/tauri-apps/winrt-notification/../../renovate"><code>@​renovate</code></a>)
Update <code>windows</code> crate to <code>0.61</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>Updating crates.io index
Packaging tauri-winrt-notification v0.7.2
(/home/runner/work/winrt-notification/winrt-notification)
    Updating crates.io index
    Packaged 33 files, 100.8KiB (45.7KiB compressed)
Uploading tauri-winrt-notification v0.7.2
(/home/runner/work/winrt-notification/winrt-notification)
    Uploaded tauri-winrt-notification v0.7.2 to registry `crates-io`
note: waiting for `tauri-winrt-notification v0.7.2` to be available at
registry `crates-io`.
You may press ctrl-c to skip waiting; the crate should be available
shortly.
   Published tauri-winrt-notification v0.7.2 at registry `crates-io`
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/winrt-notification/blob/dev/CHANGELOG.md">tauri-winrt-notification's
changelog</a>.</em></p>
<blockquote>
<h2>[0.7.2]</h2>
<ul>
<li><a
href="a7ec5622c4"><code>a7ec562</code></a>
(<a
href="https://redirect.github.com/tauri-apps/winrt-notification/pull/46">#46</a>
by <a
href="https://github.com/tauri-apps/winrt-notification/../../renovate"><code>@​renovate</code></a>)
Update <code>windows</code> crate to <code>0.61</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1cbe2d98ec"><code>1cbe2d9</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/48">#48</a>)</li>
<li><a
href="b835cab9e6"><code>b835cab</code></a>
ci: Update action dependencies</li>
<li><a
href="a7ec5622c4"><code>a7ec562</code></a>
chore(deps): update rust crate windows to 0.61 (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/46">#46</a>)</li>
<li><a
href="2893beae07"><code>2893bea</code></a>
ci: Create renovate.json</li>
<li><a
href="f25d9114a1"><code>f25d911</code></a>
ci: Delete renovate.json</li>
<li><a
href="daeb2631ab"><code>daeb263</code></a>
chore: Add <code>unpackaged-app</code> example (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/45">#45</a>)</li>
<li>See full diff in <a
href="https://github.com/tauri-apps/winrt-notification/compare/tauri-winrt-notification-v0.7.1...tauri-winrt-notification-v0.7.2">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
 2025-04-19 12:33:24 +00:00
Thomas Eizinger
34f28e2ae6 feat(rust): use jemalloc for Gateway and Relay (#8846) 
`jemalloc` is a modern allocator that is designed for multi-threaded
systems and can better handle smaller allocations that may otherwise
fragment the heap. Firezone's components, especially Relays and Gateways
are intended to operate with a long uptime and therefore need to handle
memory efficiently.
 2025-04-19 12:25:46 +00:00
dependabot[bot]
54f04108b2 build(deps-dev): bump vite from 6.2.6 to 6.3.2 in /rust/gui-client (#8829) 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite)
from 6.2.6 to 6.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.2</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v6.3.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@6.3.1</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@6.3.1/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v6.3.1</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v6.3.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@6.3.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@6.3.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v6.3.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v6.3.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v6.3.0-beta.2</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v6.3.0-beta.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v6.3.0-beta.1</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v6.3.0-beta.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v6.3.0-beta.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v6.3.0-beta.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->6.3.2 (2025-04-18)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: match default asserts case insensitive (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19852">#19852</a>)
(<a
href="cbdab1d6a3">cbdab1d</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19852">#19852</a></li>
<li>fix: open first url if host does not match any urls (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19886">#19886</a>)
(<a
href="6abbdce3d7">6abbdce</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19886">#19886</a></li>
<li>fix(css): respect <code>css.lightningcss</code> option in css
minification process (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19879">#19879</a>)
(<a
href="b5055e0dd4">b5055e0</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19879">#19879</a></li>
<li>fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19698">#19698</a>)
(<a
href="bab4cb9224">bab4cb9</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19698">#19698</a></li>
<li>feat(css): improve lightningcss messages (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19880">#19880</a>)
(<a
href="c713f79b5a">c713f79</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19880">#19880</a></li>
</ul>
<h2><!-- raw HTML omitted -->6.3.1 (2025-04-17)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: avoid using <code>Promise.allSettled</code> in preload function
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19805">#19805</a>)
(<a
href="35c7f35e2b">35c7f35</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19805">#19805</a></li>
<li>fix: backward compat for internal plugin <code>transform</code>
calls (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19878">#19878</a>)
(<a
href="a152b7cbac">a152b7c</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19878">#19878</a></li>
</ul>
<h2>6.3.0 (2025-04-16)</h2>
<ul>
<li>fix(hmr): avoid infinite loop happening with
<code>hot.invalidate</code> in circular deps (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19870">#19870</a>)
(<a
href="d4ee5e8655">d4ee5e8</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19870">#19870</a></li>
<li>fix(preview): use host url to open browser (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19836">#19836</a>)
(<a
href="5003434040">5003434</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19836">#19836</a></li>
</ul>
<h2>6.3.0-beta.2 (2025-04-11)</h2>
<ul>
<li>fix: addWatchFile doesn't work if base is specified (fixes <a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19792">#19792</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19794">#19794</a>)
(<a
href="8bed1de571">8bed1de</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19792">#19792</a>
<a
href="https://redirect.github.com/vitejs/vite/issues/19794">#19794</a></li>
<li>fix: correct the behavior when multiple transform filter options are
specified (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19818">#19818</a>)
(<a
href="7200deec91">7200dee</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19818">#19818</a></li>
<li>fix: fs check with svg and relative paths (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19782">#19782</a>)
(<a
href="62d7e81ee1">62d7e81</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19782">#19782</a></li>
<li>fix: keep entry asset files imported by other files (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19779">#19779</a>)
(<a
href="2fa1495801">2fa1495</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19779">#19779</a></li>
<li>fix: reject requests with <code>#</code> in request-target (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830">#19830</a>)
(<a
href="175a83909f">175a839</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19830">#19830</a></li>
<li>fix: unbundle <code>fdir</code> to fix
<code>commonjsOptions.dynamicRequireTargets</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19791">#19791</a>)
(<a
href="71227be9aa">71227be</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19791">#19791</a></li>
<li>fix(css): remove empty chunk imports correctly when chunk file name
contained special characters (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/1">#1</a>
(<a
href="b1251720d4">b125172</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19814">#19814</a></li>
<li>fix(dev): make query selector regexes more inclusive (fix <a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19213">#19213</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19767">#19767</a>)
(<a
href="f530a72246">f530a72</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19213">#19213</a>
<a
href="https://redirect.github.com/vitejs/vite/issues/19767">#19767</a></li>
<li>fix(hmr): run HMR handler sequentially (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19793">#19793</a>)
(<a
href="380c10e665">380c10e</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19793">#19793</a></li>
<li>fix(module-runner): allow already resolved id as entry (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19768">#19768</a>)
(<a
href="e2e11b15a6">e2e11b1</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19768">#19768</a></li>
<li>fix(types): remove the <code>keepProcessEnv</code> from the
<code>DefaultEnvironmentOptions</code> type (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19796">#19796</a>)
(<a
href="36935b58ea">36935b5</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19796">#19796</a></li>
<li>refactor: simplify pluginFilter implementation (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19828">#19828</a>)
(<a
href="0a0c50a7ed">0a0c50a</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19828">#19828</a></li>
<li>perf(css): avoid constructing <code>renderedModules</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19775">#19775</a>)
(<a
href="59d0b35b30">59d0b35</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19775">#19775</a></li>
<li>test: tweak generateCodeFrame test (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19812">#19812</a>)
(<a
href="8fe3538d90">8fe3538</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19812">#19812</a></li>
<li>docs(vite): fix description of <code>transformIndexHtml</code> hook
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19799">#19799</a>)
(<a
href="a0e1a04026">a0e1a04</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19799">#19799</a></li>
<li>chore: remove unused eslint directive (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19781">#19781</a>)
(<a
href="cb4f5b4b6b">cb4f5b4</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19781">#19781</a></li>
</ul>
<h2>6.3.0-beta.1 (2025-04-03)</h2>
<ul>
<li>fix: align plugin hook filter behavior with pluginutils (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19736">#19736</a>)
(<a
href="0bbdd2c133">0bbdd2c</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19736">#19736</a></li>
<li>fix: fs check in transform middleware (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761">#19761</a>)
(<a
href="59673137c4">5967313</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19761">#19761</a></li>
<li>fix(hmr): throw non-standard error info causes logical error (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19776">#19776</a>)
(<a
href="6b648c73ae">6b648c7</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19776">#19776</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4bc17b4683"><code>4bc17b4</code></a>
release: v6.3.2</li>
<li><a
href="b5055e0dd4"><code>b5055e0</code></a>
fix(css): respect <code>css.lightningcss</code> option in css
minification process (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19879">#19879</a>)</li>
<li><a
href="c713f79b5a"><code>c713f79</code></a>
feat(css): improve lightningcss messages (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19880">#19880</a>)</li>
<li><a
href="cbdab1d6a3"><code>cbdab1d</code></a>
fix: match default asserts case insensitive (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19852">#19852</a>)</li>
<li><a
href="6abbdce3d7"><code>6abbdce</code></a>
fix: open first url if host does not match any urls (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19886">#19886</a>)</li>
<li><a
href="bab4cb9224"><code>bab4cb9</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19698">#19698</a>)</li>
<li><a
href="a7349ef31e"><code>a7349ef</code></a>
release: v6.3.1</li>
<li><a
href="a152b7cbac"><code>a152b7c</code></a>
fix: backward compat for internal plugin <code>transform</code> calls
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19878">#19878</a>)</li>
<li><a
href="35c7f35e2b"><code>35c7f35</code></a>
fix: avoid using <code>Promise.allSettled</code> in preload function (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19805">#19805</a>)</li>
<li><a
href="5fdcfe77a9"><code>5fdcfe7</code></a>
release: v6.3.0</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v6.3.2/packages/vite">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vite&package-manager=npm_and_yarn&previous-version=6.2.6&new-version=6.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-19 12:17:01 +00:00
dependabot[bot]
5698e5167e build(deps): bump @tailwindcss/cli from 4.1.3 to 4.1.4 in /rust/gui-client (#8832) 
Bumps
[@tailwindcss/cli](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli)
from 4.1.3 to 4.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases"><code>@​tailwindcss/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v4.1.4</h2>
<h3>Added</h3>
<ul>
<li>Add experimental <code>@tailwindcss/oxide-wasm32-wasi</code> target
for running Tailwind in browser environments like StackBlitz (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17558">#17558</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Ensure <code>color-mix(…)</code> polyfills do not cause used CSS
variables to be removed (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17555">#17555</a>)</li>
<li>Ensure <code>color-mix(…)</code> polyfills create fallbacks for
theme variables that reference other theme variables (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17562">#17562</a>)</li>
<li>Fix brace expansion in declining ranges like <code>{10..0..5}</code>
and <code>{0..10..-5}</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17591">#17591</a>)</li>
<li>Work around a Chrome rendering bug when using the
<code>skew-*</code> utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17627">#17627</a>)</li>
<li>Ensure container query variant names can contain hyphens (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17628">#17628</a>)</li>
<li>Ensure <code>shadow-inherit</code>,
<code>inset-shadow-inherit</code>, <code>drop-shadow-inherit</code>, and
<code>text-shadow-inherit</code> inherit the shadow color (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17647">#17647</a>)</li>
<li>Ensure compatibility with array tuples used in <code>fontSize</code>
JS theme keys (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17630">#17630</a>)</li>
<li>Ensure folders with binary file extensions in their names are
scanned for utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17595">#17595</a>)</li>
<li>Upgrade: Convert <code>fontSize</code> array tuple syntax to CSS
theme variables (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17630">#17630</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md"><code>@​tailwindcss/cli</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.4] - 2025-04-14</h2>
<h3>Added</h3>
<ul>
<li>Add experimental <code>@tailwindcss/oxide-wasm32-wasi</code> target
for running Tailwind in browser environments like StackBlitz (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17558">#17558</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Ensure <code>color-mix(…)</code> polyfills do not cause used CSS
variables to be removed (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17555">#17555</a>)</li>
<li>Ensure <code>color-mix(…)</code> polyfills create fallbacks for
theme variables that reference other theme variables (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17562">#17562</a>)</li>
<li>Fix brace expansion in declining ranges like <code>{10..0..5}</code>
and <code>{0..10..-5}</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17591">#17591</a>)</li>
<li>Work around a Chrome rendering bug when using the
<code>skew-*</code> utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17627">#17627</a>)</li>
<li>Ensure container query variant names can contain hyphens (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17628">#17628</a>)</li>
<li>Ensure <code>shadow-inherit</code>,
<code>inset-shadow-inherit</code>, <code>drop-shadow-inherit</code>, and
<code>text-shadow-inherit</code> inherit the shadow color (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17647">#17647</a>)</li>
<li>Ensure compatibility with array tuples used in <code>fontSize</code>
JS theme keys (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17630">#17630</a>)</li>
<li>Ensure folders with binary file extensions in their names are
scanned for utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17595">#17595</a>)</li>
<li>Upgrade: Convert <code>fontSize</code> array tuple syntax to CSS
theme variables (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17630">#17630</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="aa836d3442"><code>aa836d3</code></a>
Prepare v4.1.4 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli/issues/17669">#17669</a>)</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.4/packages/@tailwindcss-cli">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@tailwindcss/cli&package-manager=npm_and_yarn&previous-version=4.1.3&new-version=4.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-19 12:16:43 +00:00
dependabot[bot]
ddf460b55f build(deps-dev): bump tailwindcss from 4.1.3 to 4.1.4 in /rust/gui-client (#8835) 
Bumps
[tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss)
from 4.1.3 to 4.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.4</h2>
<h3>Added</h3>
<ul>
<li>Add experimental <code>@tailwindcss/oxide-wasm32-wasi</code> target
for running Tailwind in browser environments like StackBlitz (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17558">#17558</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Ensure <code>color-mix(…)</code> polyfills do not cause used CSS
variables to be removed (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17555">#17555</a>)</li>
<li>Ensure <code>color-mix(…)</code> polyfills create fallbacks for
theme variables that reference other theme variables (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17562">#17562</a>)</li>
<li>Fix brace expansion in declining ranges like <code>{10..0..5}</code>
and <code>{0..10..-5}</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17591">#17591</a>)</li>
<li>Work around a Chrome rendering bug when using the
<code>skew-*</code> utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17627">#17627</a>)</li>
<li>Ensure container query variant names can contain hyphens (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17628">#17628</a>)</li>
<li>Ensure <code>shadow-inherit</code>,
<code>inset-shadow-inherit</code>, <code>drop-shadow-inherit</code>, and
<code>text-shadow-inherit</code> inherit the shadow color (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17647">#17647</a>)</li>
<li>Ensure compatibility with array tuples used in <code>fontSize</code>
JS theme keys (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17630">#17630</a>)</li>
<li>Ensure folders with binary file extensions in their names are
scanned for utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17595">#17595</a>)</li>
<li>Upgrade: Convert <code>fontSize</code> array tuple syntax to CSS
theme variables (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17630">#17630</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md">tailwindcss's
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.4] - 2025-04-14</h2>
<h3>Added</h3>
<ul>
<li>Add experimental <code>@tailwindcss/oxide-wasm32-wasi</code> target
for running Tailwind in browser environments like StackBlitz (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17558">#17558</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Ensure <code>color-mix(…)</code> polyfills do not cause used CSS
variables to be removed (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17555">#17555</a>)</li>
<li>Ensure <code>color-mix(…)</code> polyfills create fallbacks for
theme variables that reference other theme variables (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17562">#17562</a>)</li>
<li>Fix brace expansion in declining ranges like <code>{10..0..5}</code>
and <code>{0..10..-5}</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17591">#17591</a>)</li>
<li>Work around a Chrome rendering bug when using the
<code>skew-*</code> utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17627">#17627</a>)</li>
<li>Ensure container query variant names can contain hyphens (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17628">#17628</a>)</li>
<li>Ensure <code>shadow-inherit</code>,
<code>inset-shadow-inherit</code>, <code>drop-shadow-inherit</code>, and
<code>text-shadow-inherit</code> inherit the shadow color (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17647">#17647</a>)</li>
<li>Ensure compatibility with array tuples used in <code>fontSize</code>
JS theme keys (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17630">#17630</a>)</li>
<li>Ensure folders with binary file extensions in their names are
scanned for utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17595">#17595</a>)</li>
<li>Upgrade: Convert <code>fontSize</code> array tuple syntax to CSS
theme variables (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17630">#17630</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="aa836d3442"><code>aa836d3</code></a>
Prepare v4.1.4 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17669">#17669</a>)</li>
<li><a
href="6e1f53348d"><code>6e1f533</code></a>
Workaround Chrome rendering bug for <code>skew-*</code> utilities (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17627">#17627</a>)</li>
<li><a
href="3bea760ff2"><code>3bea760</code></a>
Add test coverage for property-specific colors (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17436">#17436</a>)</li>
<li><a
href="6d8dd82c40"><code>6d8dd82</code></a>
Fix <code>shadow-inherit</code>, <code>inset-shadow-inherit</code>,
<code>drop-shadow-inherit</code>, and `tex...</li>
<li><a
href="c0af1e2129"><code>c0af1e2</code></a>
Fix <code>fontSize</code> array upgrade (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17630">#17630</a>)</li>
<li><a
href="3ab7f12563"><code>3ab7f12</code></a>
Fix container names with hyphens (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17628">#17628</a>)</li>
<li><a
href="f66d287436"><code>f66d287</code></a>
Fix brace expansion with range going down (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17591">#17591</a>)</li>
<li><a
href="3e9cf87adf"><code>3e9cf87</code></a>
Make polyfill work when the theme variable resolves to another var (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17562">#17562</a>)</li>
<li><a
href="811e97d61a"><code>811e97d</code></a>
Fix polyfill in combination with unused CSS variable removal (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17555">#17555</a>)</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.4/packages/tailwindcss">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tailwindcss&package-manager=npm_and_yarn&previous-version=4.1.3&new-version=4.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-19 12:13:48 +00:00
dependabot[bot]
81d2246593 build(deps): bump the aya group in /rust with 5 updates (#8844) 
Bumps the aya group in /rust with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [aya](https://github.com/aya-rs/aya) | ``6d36fe1`` | ``0237e36`` |
| [aya-build](https://github.com/aya-rs/aya) | ``6d36fe1`` | ``0237e36``
|
| [aya-ebpf](https://github.com/aya-rs/aya) | ``6d36fe1`` | ``0237e36``
|
| [aya-log](https://github.com/aya-rs/aya) | ``6d36fe1`` | ``0237e36`` |
| [aya-log-ebpf](https://github.com/aya-rs/aya) | ``6d36fe1`` |
``0237e36`` |

Updates `aya` from `6d36fe1` to `0237e36`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0237e36dbe"><code>0237e36</code></a>
ci: test against 6.12 rather than 6.10</li>
<li><a
href="5732b2c203"><code>5732b2c</code></a>
test-distro: build without cross toolchain</li>
<li><a
href="edae5cd676"><code>edae5cd</code></a>
test-distro: reduce indentation</li>
<li><a
href="35279b7c7b"><code>35279b7</code></a>
test-distro: extract common decompression code</li>
<li><a
href="680402be0c"><code>680402b</code></a>
Revert &quot;ci: download gen_init_cpio with authentication&quot;</li>
<li><a
href="e967d0aea2"><code>e967d0a</code></a>
Use nul bytes as delimiters</li>
<li><a
href="e692e5ffc5"><code>e692e5f</code></a>
Remove stale comments</li>
<li><a
href="fe8e1c48b0"><code>fe8e1c4</code></a>
Remove getrandom patch</li>
<li><a
href="4c5fbef869"><code>4c5fbef</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1240">#1240</a> from
dave-tucker/use-gen-bpf-add</li>
<li><a
href="11e9dcc179"><code>11e9dcc</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1241">#1241</a> from
aya-rs/dependabot/cargo/cargo-crates-cb2c366dd6</li>
<li>Additional commits viewable in <a
href="6d36fe13d3...0237e36dbe">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-build` from `6d36fe1` to `0237e36`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0237e36dbe"><code>0237e36</code></a>
ci: test against 6.12 rather than 6.10</li>
<li><a
href="5732b2c203"><code>5732b2c</code></a>
test-distro: build without cross toolchain</li>
<li><a
href="edae5cd676"><code>edae5cd</code></a>
test-distro: reduce indentation</li>
<li><a
href="35279b7c7b"><code>35279b7</code></a>
test-distro: extract common decompression code</li>
<li><a
href="680402be0c"><code>680402b</code></a>
Revert &quot;ci: download gen_init_cpio with authentication&quot;</li>
<li><a
href="e967d0aea2"><code>e967d0a</code></a>
Use nul bytes as delimiters</li>
<li><a
href="e692e5ffc5"><code>e692e5f</code></a>
Remove stale comments</li>
<li><a
href="fe8e1c48b0"><code>fe8e1c4</code></a>
Remove getrandom patch</li>
<li><a
href="4c5fbef869"><code>4c5fbef</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1240">#1240</a> from
dave-tucker/use-gen-bpf-add</li>
<li><a
href="11e9dcc179"><code>11e9dcc</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1241">#1241</a> from
aya-rs/dependabot/cargo/cargo-crates-cb2c366dd6</li>
<li>Additional commits viewable in <a
href="6d36fe13d3...0237e36dbe">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-ebpf` from `6d36fe1` to `0237e36`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0237e36dbe"><code>0237e36</code></a>
ci: test against 6.12 rather than 6.10</li>
<li><a
href="5732b2c203"><code>5732b2c</code></a>
test-distro: build without cross toolchain</li>
<li><a
href="edae5cd676"><code>edae5cd</code></a>
test-distro: reduce indentation</li>
<li><a
href="35279b7c7b"><code>35279b7</code></a>
test-distro: extract common decompression code</li>
<li><a
href="680402be0c"><code>680402b</code></a>
Revert &quot;ci: download gen_init_cpio with authentication&quot;</li>
<li><a
href="e967d0aea2"><code>e967d0a</code></a>
Use nul bytes as delimiters</li>
<li><a
href="e692e5ffc5"><code>e692e5f</code></a>
Remove stale comments</li>
<li><a
href="fe8e1c48b0"><code>fe8e1c4</code></a>
Remove getrandom patch</li>
<li><a
href="4c5fbef869"><code>4c5fbef</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1240">#1240</a> from
dave-tucker/use-gen-bpf-add</li>
<li><a
href="11e9dcc179"><code>11e9dcc</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1241">#1241</a> from
aya-rs/dependabot/cargo/cargo-crates-cb2c366dd6</li>
<li>Additional commits viewable in <a
href="6d36fe13d3...0237e36dbe">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-log` from `6d36fe1` to `0237e36`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0237e36dbe"><code>0237e36</code></a>
ci: test against 6.12 rather than 6.10</li>
<li><a
href="5732b2c203"><code>5732b2c</code></a>
test-distro: build without cross toolchain</li>
<li><a
href="edae5cd676"><code>edae5cd</code></a>
test-distro: reduce indentation</li>
<li><a
href="35279b7c7b"><code>35279b7</code></a>
test-distro: extract common decompression code</li>
<li><a
href="680402be0c"><code>680402b</code></a>
Revert &quot;ci: download gen_init_cpio with authentication&quot;</li>
<li><a
href="e967d0aea2"><code>e967d0a</code></a>
Use nul bytes as delimiters</li>
<li><a
href="e692e5ffc5"><code>e692e5f</code></a>
Remove stale comments</li>
<li><a
href="fe8e1c48b0"><code>fe8e1c4</code></a>
Remove getrandom patch</li>
<li><a
href="4c5fbef869"><code>4c5fbef</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1240">#1240</a> from
dave-tucker/use-gen-bpf-add</li>
<li><a
href="11e9dcc179"><code>11e9dcc</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1241">#1241</a> from
aya-rs/dependabot/cargo/cargo-crates-cb2c366dd6</li>
<li>Additional commits viewable in <a
href="6d36fe13d3...0237e36dbe">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-log-ebpf` from `6d36fe1` to `0237e36`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0237e36dbe"><code>0237e36</code></a>
ci: test against 6.12 rather than 6.10</li>
<li><a
href="5732b2c203"><code>5732b2c</code></a>
test-distro: build without cross toolchain</li>
<li><a
href="edae5cd676"><code>edae5cd</code></a>
test-distro: reduce indentation</li>
<li><a
href="35279b7c7b"><code>35279b7</code></a>
test-distro: extract common decompression code</li>
<li><a
href="680402be0c"><code>680402b</code></a>
Revert &quot;ci: download gen_init_cpio with authentication&quot;</li>
<li><a
href="e967d0aea2"><code>e967d0a</code></a>
Use nul bytes as delimiters</li>
<li><a
href="e692e5ffc5"><code>e692e5f</code></a>
Remove stale comments</li>
<li><a
href="fe8e1c48b0"><code>fe8e1c4</code></a>
Remove getrandom patch</li>
<li><a
href="4c5fbef869"><code>4c5fbef</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1240">#1240</a> from
dave-tucker/use-gen-bpf-add</li>
<li><a
href="11e9dcc179"><code>11e9dcc</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1241">#1241</a> from
aya-rs/dependabot/cargo/cargo-crates-cb2c366dd6</li>
<li>Additional commits viewable in <a
href="6d36fe13d3...0237e36dbe">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-19 12:10:47 +00:00
Thomas Eizinger
b4afd0bffb refactor(eBPF): reduce size of maps (#8849) 
Whilst developing the eBPF module for the relay, I needed to manually
add padding within the key and value structs used in the maps in order
for the kernel to be able to correctly retrieve the data.

For some reason, this seems no longer necessary as the integration test
now passes without this as well.

Being able to remove the padding drastically reduces the size of these
maps for the current number of entries that we allow. This brings the
overall memory usage of the relay down.

Resolves: #8682
 2025-04-19 11:46:58 +00:00
Jamil
5669c83835 ci: Bump Apple clients to 1.4.11 (#8848) 
Includes a fix for auto-starting on launch when other VPN clients have
been connected previously.
 2025-04-19 11:45:42 +00:00
Thomas Eizinger
50d3edccd7 feat(apple): re-enable quinn-udps fast data path feature (#8818) 
Now that https://github.com/quinn-rs/quinn/pull/2208 is merged, we can
re-enable the `apple-fast-datapath` feature again on Apple platforms.
Even if we cannot yet measure a speed-increase yet, this should at least
make UDP operations more efficient and thus reduce CPU and battery
usage.
 2025-04-19 10:37:37 +00:00
Thomas Eizinger
f51fd53708 chore(eBPF): use RangeInclusive::contains again (#8812) 
Now that we have figured out what the problem was with the eBPF kernel
not routing certain packets, we can undo the manual implementation of
the allocation range checking again and use the more concise
`RangeInclusive::contains`.

Related: #8809
Related: #8807
 2025-04-18 15:49:23 +00:00
Thomas Eizinger
492e54efaa build(rust): bump network-types to v0.0.8 (#8811) 
This new release includes several patches we have made upstream that
allow us to remove some of the vendored types from the crate. All fields
that we access from `network-types` are now stored as byte-arrays and
thus retain the big-endian byte ordering from the network.

Resolves: #8686
Related: https://github.com/vadorovsky/network-types/pull/34
Related: https://github.com/vadorovsky/network-types/pull/36
Related: https://github.com/vadorovsky/network-types/pull/38
 2025-04-18 15:21:14 +00:00
Thomas Eizinger
c52d88f421 fix(relay): stateless encoding/decoding (#8810) 
The STUN message encoder & decoder from `stun_codec` are stateful
operations. However, they only operate on one datagram at the time. If
encoding or decoding fails, their internal state is corrupted and must
be discarded. At present, this doesn't happen which leads to further
failures down the line because new datagrams coming in cannot be
correctly decoded.

To fix this, we scope the stateful nature of these encoders and decoders
to their respective functions.

Resolves: #8808
 2025-04-18 15:12:46 +00:00
Thomas Eizinger
96e739439b fix(relay): remove Config caching (#8809) 
In #8650, we originally added a feature-flag for toggling the eBPF TURN
router on and off at runtime. This later got removed again in #8681.
What remained was a "caching system" of the config that the eBPF kernel
and user space share with each other.
This config was initialised to the default configuration. If the
to-be-set config was the same as the current config, the config would
not actually apply to the array that was shared with the eBPF kernel.

At the time, we assumed that, if the config was not set in the kernel,
the lookup in the array would yield `None` and we would fall back to the
`Default` implementation of `Config`. This assumption was wrong. It
appears that look-ups in the array always yield an element: all zeros.
Initialising our config with all zeros yields the following:


![image](https://github.com/user-attachments/assets/6556f32d-8cff-4fba-aa29-f9ac7349ace6)

Of course, if this range is not initialised correctly, we can never
actually route packets arriving on allocation ports and with UDP
checksumming turned off, all packets routed the other way will have an
invalid checksum and therefore be dropped by the receiving host.

Our integration test did not catch this because in there, we purposely
disable UDP checksumming. That meant that the "caching" check in the
`ebpf::Program` did not trigger and we actually did set a `Config` in
the array, therefore initialising the allocation port range correctly
and allowing the packet to be routed.

To fix this, we remove this caching check again which means every
`Config` we set on the eBPF program actually gets copied to the shared
array. Originally, this caching check was introduced to avoid a syscall
on every event-loop iteration as part of checking the feature-flag. Now
that the feature-flag has been removed, we don't need to have this cache
anymore.
 2025-04-18 13:50:42 +00:00
Thomas Eizinger
4ade88b1b1 fix(eBPF): implement "is port in allocation range" ourselves (#8807) 
I am suspecting that something is wrong with the check that a port is
indeed within that range. Thus, we now implemented this ourselves with
two simple conditions.
 2025-04-18 06:43:33 +00:00
Thomas Eizinger
c5c195f282 chore(eBPF): change error log-levels (#8805) 
Neither of the moved error cases should happen very often so it is fine
to log them on debug.

- `Error::NotTurn` only happens if we receive a UDP packet that isn't
STUN traffic (port 3478) or not in the allocation-port range. I am
suspecting there to be a bug that I am aiming to fix in #8804.
- `Error::NotAChannelDataMessage` will happen for all STUN control
traffic, like channel bindings, allocation requests, etc. Those only
happen occasionally so won't spam too much.
- `Ipv4PacketWithOptions` should basically not happen at all because -
as far as I know - IPv4 options aren't used a lot.

In any case, when debugging, it is useful to see when we do hit these
cases to know, why a packet was offloaded to user space.
 2025-04-18 04:55:43 +00:00
Thomas Eizinger
0079f76ebd fix(eBPF): store allocation port-range in big-endian (#8804) 
Any communication between user-space and the eBPF kernel happens via
maps. The keys and values in these maps are serialised to bytes, meaning
the endianness of how these values are encoded matters!

When debugging why the eBPF kernels were not performing as much as we
thought they would, I noticed that only very small packets were getting
relayed. In particular, only packets encoded as channel-data packets
were getting unwrapped correctly. The reverse didn't happen at all.
Turning the log-level up to TRACE did reveal that we do in fact see
these packets but they don't get handled.

Here is the relevant section that handles these packets:


74ccf8e0b2/rust/relay/ebpf-turn-router/src/main.rs (L127-L151)

We can see the `trace!` log in the logs and we know that it should be
handled by the first `if`. But for some reason it doesn't.

x86 systems like the machines running in GCP are typically
little-endian. Network-byte ordering is big-endian. My current theory is
that we are comparing the port range with the wrong endianness and
therefore, this branch never gets hit, causing the relaying to be
offloaded to user space.

By storing the fields within `Config` in byte-arrays, we can take
explicit control over which endianness is used to store these fields.
 2025-04-18 04:51:40 +00:00
Jamil
a2e32a4918 ci: Bump apple to 1.4.10 to ship PKG (#8797) 
This publishes the 1.4.10 permalinks for the PKG download.
 2025-04-17 15:13:44 +00:00
Thomas Eizinger
38dedb8275 feat(relay): allow controlling log-level at runtime (#8800) 
When debugging issues with the relays on GCP, it is useful to be able to
change the log-level at runtime without having to redeploy them. We can
achieve this by running an additional HTTP server as part of the relay
that response to HTTP POST requests that contain new logging directives.

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
 2025-04-17 13:22:12 +00:00
Thomas Eizinger
4a39d5eafb chore(connlib): log malformed IP packets (#8799) 
When determining, how to NAT a certain packet, we need to identify
whether it is a UDP, TCP or ICMP packet and extract the relevant port or
identifier from it. When parsing these packets, we may run into a
situation where the IP number says that the packet is TCP but it is
actually malformed and we cannot parse the port from it.

In such situations, we end up constructing a `UnsupportedProtocol` error
that then confusingly states the we don't support the TCP protocol (or
UDP / ICMP if those are malformed).

The parsing error here is currently silently discarded as part of the
`.ok()` combinator when constructing the relevant slice. To make these
logs easier to understand, we now add an `inspect_err` call prior to
this the prints, why the packet could not be parsed.

Long-term, I am planning to refactor our IP packet model to eagerly
parse the layer 3 + 4 headers. This will also be necessary to implement
segmentation offloading on the TUN device. Doing so will improve
situations like because we will either pass through the malformed packet
(if at least the header is intact) or drop it much earlier already. In
either case, accessing things like port numbers will be infallible as
part of the processing code.
 2025-04-17 04:27:21 +00:00