mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
62c3dd93707ac937e9d781699efc2d47015c538a
7535 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jamil
|
62c3dd9370 |
fix(portal): don't add service accounts to everyone group (#9530)
In #9513 a bug was introduced that added all service accounts to the Everyone group. This fixes that by ensuring the `insert_all` query only cross joins where actor type is `:account_user, :account_admin_user`. Staging data will be manually fixed after this goes in. I briefly considered updating the delete clause of this query to "clean things up" by removing any found service accounts but that is a bit too defensive in my opinion - if there's no way a service account should make it into this group, then we shouldn't have code to expect it. This will all be going away in #8750 which should be much less brittle. |
||
|
Jamil
|
cbe33cd108 |
refactor(portal): move policy events to WAL (#9521)
Moves all of the policy lifecycle events to be broadcasted from the WAL consumer. #### Test - [x] Enable policy - [x] Disable policy - [x] Delete policy - [x] Non-breaking change - [x] Breaking change Related: #6294 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Jamil
|
817eeff19f |
refactor(portal): simplify managed groups (#9513)
In many places throughout the portal codebase, we called a function "update_dynamic_group_memberships/1" which recomputed all of the dynamic/managed memberships for a particular account, and reapplied them to each affected group. Since the `has_many :memberships` relationship used `on_replace: :delete`, this caused Ecto to delete _all_ the `Everyone` group memberships, and reinsert them on each sync. Since each membership change triggers a policy re-evaluation for all policies to the affected actor (`Policies.broadcast_access_events_for/3`), this in effect was causing a massive amount of queries to be triggered upon each sync job as each membership deletion and insertion triggered a lookup for all resources available to that particular actor. To fix this, we introduce the following changes: - Remove `dynamic` group type. This will never be used as it will create an immense amount of complexity for any organization trying to manage groups this way - Refactor `update_dynamic_group_memberships/1` to use a smarter query that first gathers all the _needed_ changes and applies them within a transaction using Ecto.Multi. Previously all memberships would be rolled over unconditionally due to the `on_replace: :delete` option on the relationship. Note that the option is still there, but we generally don't set memberships on groups any longer unless editing the affected group directly, where the everyone group doesn't apply. Resolves: #8407 Resolves: #8408 Related: #6294 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Jamil
|
5e3c240501 | chore: publish gui 1.5.2 (#9516) | ||
|
Jamil
|
5e146054f5 |
fix(ci): use fixed bash conditional (#9509)
This is preventing the relevant jobs from running, causing staging deploys to fail. |
||
|
Thomas Eizinger
|
60bdbb39cb |
refactor(gui-client): move change listeners to tunnel service (#8160)
At present, listening for DNS server change and network change events is handled in the GUI client. Upon an event, a message is sent to the tunnel service which then applies the new state to `connlib`. We can avoid some of this boilerplate by moving these listeners to the tunnel service as part of the handler. As a result, we get a few improvements: - We don't need to ignore these events if we don't have a session because the lifetime of these listeners is tied to the IPC handler on the service side. - We need fewer IPC messages - We can retry the connection directly from within the tunnel service in case we have no Internet at the time of startup - We can more easily model out the state machine of a connlib session in the tunnel service - On Linux, this means we no longer shell out to `resolvectl` from the GUI process, unifying access to the "resolvers" from the tunnel service - On Windows, we no longer need admin privileges on the GUI client for optimized network-change detection. This now happens in the Tunnel process which already runs as admin. Resolves: #9465 |
||
|
Jamil
|
1295adc727 |
fix(gui-client): fix minor frontend issues in app window (#9505)
- removes `NavLink` in favor of using the `href` prop on `SidebarItem`. This fixes vertical spacing between sidebar items (it was inconsistent) and DOM structure issues caused by setting `NavLink` as a direct child of `<SidebarItemGroup>`. - adds `cursor-pointer` to all `<Button>`s - adds `cursor-pointer` to the `<SidebarCollapse>` ### Before <img width="1238" alt="Screenshot 2025-06-10 at 7 57 37 PM" src="https://github.com/user-attachments/assets/2e5e66f2-d4c1-48b7-b81d-1803de2442fc" /> ### After <img width="1238" alt="Screenshot 2025-06-10 at 7 57 55 PM" src="https://github.com/user-attachments/assets/aa676fc1-124a-4e33-859d-da8f3eaad211" /> |
||
|
Jamil
|
015d427ad2 |
fix(ci): don't require required-check to finish from itself (#9507)
When this workflow is called from `cd.yml`, its name is `ci / required-check`, causing this match to fail and forever wait. |
||
|
Jamil
|
e1ac9e4912 |
fix(rust): relax assertion on cloudflare tcp response (#9506)
In #9498, the Cloudflare response was updated to match what appears to be a transient change on their end. It looks like this has changed again, so to prevent this from breaking CI in the future we relax the assertion. |
||
|
Jamil
|
82ac72b9c0 |
chore(ci): show not completed required-checks jobs (#9503)
Seems we are still getting a hang on this workflow. Adding more output to see which job is hanging. |
||
|
Jamil
|
c31f51d138 |
refactor(portal): move resource events to WAL (#9406)
We move the resource events to the WAL system. Notably, we no longer
need `fetch_and_update_breakable` for resource updates, so a bit of
refactoring is included to update the call sites for those.
Additionally, we need to add a `Flow.expire_flows_for_resource_id/1`
function to expire flows from the WAL system. This is now being called
in the WAL event handler. To prevent this from blocking the WAL
consumer/broadcaster, we wrap it with a Task.async. These will be
cleaned up when the lookup table for access is implemented next.
Another thing to note is that we lose the `subject` when moving from
`Flows.expire_flows_for(%Resource{}, subject)` to
`Flows.expire_flows_for_resource_id(resource_id)` when a resource is
deleted or updated by an actor since we respond to this event in the WAL
where that data isn't available. However, we don't actually _use_ the
subject when expiring flows (other than authorize the initial resource
update), so this isn't an issue.
Related: #9501
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Brian Manifold <bmanifold@users.noreply.github.com>
|
||
|
Brian Manifold
|
d4c7b48754 |
refactor(portal): update asset config in portal (#9504)
Why: * This commit brings our web app inline with how new Phoenix applications manage and configure js/css/font assets. Along with that this commit updates our Tailwind and esbuild tools. |
||
|
Jamil
|
c76d884fde |
fix(ci): require all jobs on main branch runs (#9502)
- Adds a timeout to the required_checks workflow - Expects all jobs to run, exiting the script early for main branch runs - Adds `set -xe` so we catch script errors going forward This CI run is running for over an hour, not sure which job it's waiting on: https://github.com/firezone/firezone/actions/runs/15565464294 |
||
|
Jamil
|
be446a3d75 |
fix(ci): fetch depth 20 for merge group CI runs (#9500)
When a CI job is running as part of a merge group, it's possible the base ref is a few commits away if the merge queue has items in it. So we update the fetch depth to 20. |
||
|
dependabot[bot]
|
c3760e371c |
build(deps): bump androidx.security:security-crypto from 1.1.0-alpha07 to 1.1.0-beta01 in /kotlin/android (#9426)
Bumps androidx.security:security-crypto from 1.1.0-alpha07 to 1.1.0-beta01. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Brian Manifold
|
ec6107b967 |
chore(portal): Update Elixir README (#9496)
Why: * The current README in the `/elixir` directory is a circular reference that does not explain much. This commit updates the README to give the basics of how to get started with Firezone Elixir development. |
||
|
Thomas Eizinger
|
182a560091 |
fix(telemetry): don't log events for local and CI env (#9492)
Avoids spamming PostHog with events from our CI or other instances of the docker-compose setup. |
||
|
Thomas Eizinger
|
1fa345aa5e |
test(rust): adapt response from Cloudflare proxy (#9498)
It appears that Cloudflare changed the response that it is sending for the 1.1.1.1 IP so we need to adapt our integration test for packet loops in order to make CI pass. |
||
|
Thomas Eizinger
|
a78b4a29f1 |
chore(android): update README instructions (#9497)
While setting up Android Studio on my Mac, I noticed that these instructions are slightly out of date and can be improved. |
||
|
Thomas Eizinger
|
dce7ffe4f0 |
fix(apple): drop Session in a new task (#9478)
Until we implement #3959 for the Apple client, we need to be careful around how we de-initialise the Rust session. Callback-based designs are difficult to get right across boundaries because they enable re-entrances which then lead to runtime errors. Specifically, freeing the session needs to cleanup the tokio runtime but that is impossible if the callback is still executed from that exact runtime. To workaround this, we need to free the session pointer from a new task. Moving to #3959 will solve this in a much more intuitive way because we can ditch the callbacks and instead move to a stream of events that the host app can consume. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Jamil
|
f58176a447 |
chore: remove docs writer (#9494)
This was added in an earlier era and will be just too cumbersome to maintain going forward. We have OpenAPI docs which are more flexible. |
||
|
Brian Manifold
|
6d425d5677 |
refactor(portal): add retry logic to Stripe API client (#9466)
Why: * We've seen some Stripe API requests come back with 429 responses, which likely could be retried and succeed. This commit adds some basic retry logic to our Stripe API client. |
||
|
Jamil
|
0e5e2296a8 |
chore(website): update wording for pricing plan (#9493)
This isn't strictly true - in most cases we actually do set this limit and enforce it, which is what I think is the correct thing to do. Related: #8668 |
||
|
Thomas Eizinger
|
4e99d00e77 |
ci: fix lychee errors (#9491)
It turns out that the link checker was failing because it is matching those URLs via regex and that the `?` in the URL was interpreted as a regex control character. |
||
|
Thomas Eizinger
|
1747f8fdd5 |
ci: run Tauri builds if rust/gui-client changes (#9481)
We don't need to rebuild the Tauri clients every time we change Rust code but we almost certainly want to rebuild them if we change any code in the client itself so we can smoke test them. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Thomas Eizinger
|
05c94278ea |
ci: ensure all jobs are successful (#9486)
When evaluating the status of all required checks, we currently only look at the very first one. This is error prone and may result in `required-check` to be marked as successful too early. Instead of iterating through the list of jobs we have scheduled, we now instead look at all jobs that are running as part of the CI run. The idea here is: - Any job that got started need to complete (one way or another) - If _any_ job fails, we fail the required check - If all jobs complete without a single failure, we pass the check This plays well with "skipped" jobs which we sometimes have as part of CI. |
||
|
dependabot[bot]
|
5a04405212 |
build(deps): bump smallvec from 1.15.0 to 1.15.1 in /rust (#9483)
Bumps [smallvec](https://github.com/servo/rust-smallvec) from 1.15.0 to 1.15.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/servo/rust-smallvec/releases">smallvec's releases</a>.</em></p> <blockquote> <h2>v1.15.1</h2> <h2>What's Changed</h2> <ul> <li>Shrink code produced by <code>smallvec![]</code>. by <a href="https://github.com/nnethercote"><code>@nnethercote</code></a> in <a href="https://redirect.github.com/servo/rust-smallvec/pull/386">servo/rust-smallvec#386</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/servo/rust-smallvec/compare/v1.15.0...v1.15.1">https://github.com/servo/rust-smallvec/compare/v1.15.0...v1.15.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c7a720957a |
build(deps): bump os_info from 3.11.0 to 3.12.0 in /rust (#9484)
Bumps [os_info](https://github.com/stanislav-tkach/os_info) from 3.11.0 to 3.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stanislav-tkach/os_info/releases">os_info's releases</a>.</em></p> <blockquote> <h2>os_info 3.12.0</h2> <ul> <li> <p>Cygwin support has been added. (<a href="https://redirect.github.com/stanislav-tkach/os_info/issues/405">#405</a>)</p> </li> <li> <p>macOS version detection has been updated to read the <code>SystemVersion.plist</code> file. (<a href="https://redirect.github.com/stanislav-tkach/os_info/issues/406">#406</a>)</p> </li> <li> <p>macOS bitness detection has been updated to avoid using the <code>getconf</code> command. (<a href="https://redirect.github.com/stanislav-tkach/os_info/issues/407">#407</a>)</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stanislav-tkach/os_info/blob/master/CHANGELOG.md">os_info's changelog</a>.</em></p> <blockquote> <h2>[3.12.0] (2025-06-08)</h2> <ul> <li> <p>Cygwin support has been added. (<a href="https://redirect.github.com/stanislav-tkach/os_info/issues/405">#405</a>)</p> </li> <li> <p>macOS version detection has been updated to read the <code>SystemVersion.plist</code> file. (<a href="https://redirect.github.com/stanislav-tkach/os_info/issues/406">#406</a>)</p> </li> <li> <p>macOS bitness detection has been updated to avoid using the <code>getconf</code> command. (<a href="https://redirect.github.com/stanislav-tkach/os_info/issues/407">#407</a>)</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
ae4816d2a6 | refactor(gui-client): reduce duplication for sending requests (#9476) | ||
|
Thomas Eizinger
|
9210ed2a97 |
fix(gui-client): don't say "signed in" without a connlib session (#9477)
With the introduction of the "connect on start" configuration option, we introduced a bug where the GUI client said "Signed in as ..." even though we did not have a `connlib` session. The tray-menu handles this state correctly and clicking sign out and sign in restores Firezone to a functional state. This disparity happened because we assumed that having a token means we must have a session. To fix this, we introduce a new `SessionViewModel` that combines the state of the auth session and the `connlib` state. Only if we have both do we infer that we are "signed in". This also requires us to introduce an intermediary state where we are "loading". This is represented as a spinner in the UI. Last but not least, this also removes the automated hiding of the client window. In a prior design, the only job of this window was to show the "Sign in" button so it wasn't useful beyond clicking that. Now that we show more things in this window, automatically hiding it might confuse the user. Here is what this new design looks like: [Login flow](https://github.com/user-attachments/assets/276e390b-4837-48e2-aaf1-eea007472816) As a result of other improvements around "zero-click sign-in", the user often doesn't even have to switch to the browser window because sign-in happens in the background. Unfortunately, the tab still remains open but that is outside of our control (at least on Linux). |
||
|
Thomas Eizinger
|
04846c5b8a | docs(website): add changelog entry (#9470) | ||
|
Thomas Eizinger
|
0c7f06db03 |
ci: only run workflows for changed files (#9467)
This PR optimises our CI pipeline to only run workflows when certain files change. To achieve this, we introduce a top-level `planner` job that all other jobs primarily depend on. The `planner` job then computes which other jobs to run and creates an output with a list of those. Running only certain jobs is only the first half of the problem. The second half is creating a dedicated job that we can mark as "required" in GitHub. Without such a "required" check, the merge queue wouldn't know, when a PR is good to be merged. Jobs cannot have dynamic dependencies on other jobs. We therefore need to emulate this by creating a polling loop that hits the GitHub API every 10s and evaluates, whether all "required" jobs, i.e. the ones we planned to run, have finished successfully. --------- Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
490e9c1dde |
refactor(gui-client): tidy up app startup (#9468)
As part of investigating #9400, I refactored the startup code of the GUI client to play around with the initialization order of the runtime and other parts. After finding the root cause (fixed in #9469), I figured it would still be nice to land these improvements. This refactors the app startup: - Only initialize what is absolutely necessary outside of `try_main`: The runtime and the telemetry instance. - Settings are loaded earlier - Telemetry is initializer earlier - Add a bootstrap logger that logs to stdout whilst we are booting - Re-order some code inside `gui::run` to bundle the initialization of Tauri into a single command chain --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Thomas Eizinger
|
e15dde6648 |
fix(gui-client): remove timeout from opening deep-link (#9475)
This timeout seems to be problematic as deep-links don't open with it at all. This is a regression from #9445. |
||
|
Thomas Eizinger
|
113f8fd0d7 |
chore: delete .gitmodules (#9473)
We no longer have any submodules so we can delete this file 🎉
|
||
|
Jamil
|
f937139e36 |
fix(docs): fix broken links (#9471)
Fixes #9464 |
||
|
Thomas Eizinger
|
ac5fdde10b |
ci: remove duplicate login actions (#9456)
Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
88cda1c6ad |
fix(telemetry): negate filters for spammy events (#9469)
Boolean logic is hard. Instead of filtering _out_ these spammy events on a certain level, we accidentally configured the `SentryLayer` such that only events on level ERROR would be sent to Sentry. To fix this, we rewrite the filter such that it is phrased in an affirmative manner, i.e. it only allows an event if it matches all of the given criteria. This filter this then applied in a **negated** way, i.e. we don't want to see events that match these criteria. Resolves: #9400 |
||
|
dependabot[bot]
|
da19df5da6 |
build(deps): bump actions/setup-java from 4.6.0 to 4.7.1 in /.github/actions/setup-android (#9461)
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.6.0 to 4.7.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-java/releases">actions/setup-java's releases</a>.</em></p> <blockquote> <h2>v4.7.1</h2> <h2>What's Changed</h2> <h3>Documentation changes</h3> <ul> <li>Add Documentation to Recommend Using GraalVM JDK 17 Version to 17.0.12 to Align with GFTC License Terms by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/704">actions/setup-java#704</a></li> <li>Remove duplicated GraalVM section in documentation by <a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/716">actions/setup-java#716</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.2 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/766">actions/setup-java#766</a></li> <li>Upgrade <code>@actions/glob</code> from 0.4.0 to 0.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/744">actions/setup-java#744</a></li> <li>Upgrade ts-jest from 29.1.2 to 29.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/743">actions/setup-java#743</a></li> <li>Upgrade <code>@action/cache</code> to 4.0.3 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/773">actions/setup-java#773</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-java/compare/v4...v4.7.1">https://github.com/actions/setup-java/compare/v4...v4.7.1</a></p> <h2>v4.7.0</h2> <h2>What's Changed</h2> <ul> <li>Configure Dependabot settings by <a href="https://github.com/HarithaVattikuti"><code>@HarithaVattikuti</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/722">actions/setup-java#722</a></li> <li>README Update: Added a permissions section by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/723">actions/setup-java#723</a></li> <li>Upgrade <code>cache</code> from version 3.2.4 to 4.0.0 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/724">actions/setup-java#724</a></li> <li>Upgrade <code>@actions/http-client</code> from 2.2.1 to 2.2.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/728">actions/setup-java#728</a></li> <li>Upgrade <code>actions/publish-immutable-action</code> from 0.0.3 to 0.0.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/727">actions/setup-java#727</a></li> <li>Upgrade <code>@types/jest</code> from 29.5.12 to 29.5.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/729">actions/setup-java#729</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/benwells"><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-java/pull/723">actions/setup-java#723</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-java/compare/v4...v4.7.0">https://github.com/actions/setup-java/compare/v4...v4.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5aa64dae6c |
build(deps): bump fast-xml-parser from 5.2.3 to 5.2.4 in /website (#9463)
Bumps
[fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser)
from 5.2.3 to 5.2.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's
changelog</a>.</em></p>
<blockquote>
<p><!-- raw HTML omitted -->Note: If you find missing information about
particular minor version, that version must have been changed without
any functional change in this library.<!-- raw HTML omitted --></p>
<p><strong>5.2.4 / 2025-06-06</strong></p>
<ul>
<li>fix (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/747">#747</a>):
fix EMPTY and ANY with ELEMENT in DOCTYPE</li>
</ul>
<p><strong>5.2.3 / 2025-05-11</strong></p>
<ul>
<li>fix (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/747">#747</a>):
support EMPTY and ANY with ELEMENT in DOCTYPE</li>
</ul>
<p><strong>5.2.2 / 2025-05-05</strong></p>
<ul>
<li>fix (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/746">#746</a>):
update strnum to fix parsing issues related to enotations</li>
</ul>
<p><strong>5.2.1 / 2025-04-22</strong></p>
<ul>
<li>fix: read DOCTYPE entity value correctly</li>
<li>read DOCTYPE NOTATION, ELEMENT exp but not using read values</li>
</ul>
<p><strong>5.2.0 / 2025-04-03</strong></p>
<ul>
<li>feat: support metadata on nodes (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/593">#593</a>)
(By <a href="https://github.com/srl295">Steven R. Loomis</a>)</li>
</ul>
<p><strong>5.1.0 / 2025-04-02</strong></p>
<ul>
<li>feat: declare package as side-effect free (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/738">#738</a>)
(By <a href="https://github.com/tbouffard">Thomas Bouffard</a>)</li>
<li>fix cjs build mode</li>
<li>fix builder return type to string</li>
<li></li>
</ul>
<p><strong>5.0.9 / 2025-03-14</strong></p>
<ul>
<li>fix: support numeric entities with values over 0xFFFF (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/726">#726</a>)
(By <a href="https://github.com/mcdurdin">Marc Durdin</a>)</li>
<li>fix: update strnum to fix parsing 0 if skiplike option is used</li>
</ul>
<p><strong>5.0.8 / 2025-02-27</strong></p>
<ul>
<li>fix parsing 0 if skiplike option is used.
<ul>
<li>updating strnum dependency</li>
</ul>
</li>
</ul>
<p><strong>5.0.7 / 2025-02-25</strong></p>
<ul>
<li>fix (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/724">#724</a>)
typings for cjs.</li>
</ul>
<p><strong>5.0.6 / 2025-02-20</strong></p>
<ul>
<li>fix cli output (By <a href="https://github.com/angeld7">Angel
Delgado</a>)
<ul>
<li>remove multiple JSON parsing</li>
</ul>
</li>
</ul>
<p><strong>5.0.5 / 2025-02-20</strong></p>
<ul>
<li>fix parsing of string starting with 'e' or 'E' by updating
strnum</li>
</ul>
<p><strong>5.0.4 / 2025-02-20</strong></p>
<ul>
<li>fix CLI to support all the versions of node js when displaying
library version.</li>
<li>fix CJS import in v5
<ul>
<li>by fixing webpack config</li>
</ul>
</li>
</ul>
<p><strong>5.0.3 / 2025-02-20</strong></p>
<ul>
<li>Using strnum ESM module</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="
|
||
|
dependabot[bot]
|
a089fda43e |
build(deps): bump gradle/actions from 4.2.2 to 4.4.0 in /.github/actions/setup-android (#9460)
Bumps [gradle/actions](https://github.com/gradle/actions) from 4.2.2 to 4.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.4.0</h2> <p>This release updates 2 downstream components:</p> <ul> <li>Develocity injection has been updated to <a href="https://github.com/gradle/develocity-ci-injection/releases/tag/v2.0">v2.0</a> <ul> <li>Some environment variables related to Develocity injection have been renamed. All vars now being with <code>DEVELOCITY_INJECTION_</code>. Check <a href="https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#configuring-develocity-injection">the docs</a> for more details.</li> </ul> </li> <li>Dependency-graph plugin has been updated to <a href="https://github.com/gradle/github-dependency-graph-gradle-plugin/releases/tag/v1.4.0">v1.4.0</a> <ul> <li>The 'detector' values included in the generated graph can now be configured via environment variables.</li> </ul> </li> </ul> <h2>What's Changed</h2> <ul> <li>Update develocity-injection init script to v1.3 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/592">gradle/actions#592</a></li> <li>Update develocity-injection init script to v2.0 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/593">gradle/actions#593</a></li> <li>[StepSecurity] ci: Harden GitHub Actions by <a href="https://github.com/step-security-bot"><code>@step-security-bot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/597">gradle/actions#597</a></li> <li>Use v1.4.0 of dependency graph plugin by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/638">gradle/actions#638</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/step-security-bot"><code>@step-security-bot</code></a> made their first contribution in <a href="https://redirect.github.com/gradle/actions/pull/597">gradle/actions#597</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.3.1...v4.4.0">https://github.com/gradle/actions/compare/v4.3.1...v4.4.0</a></p> <h2>v4.3.1</h2> <p>This release fixes a couple of minor issues, as well as keeping dependencies up to date.</p> <h2>Fixed issues</h2> <ul> <li>The develocity-allow-untrusted-server parameter should be honoured when fetching short-lived access tokens <a href="https://redirect.github.com/gradle/actions/issues/583">#583</a></li> <li>Build summary may incorrectly report build success <a href="https://redirect.github.com/gradle/actions/issues/415">#415</a></li> </ul> <h2>What's Changed</h2> <ul> <li>Update develocity-injection init script to v1.1.1 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/545">gradle/actions#545</a></li> <li>Bump the github-actions group across 2 directories with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/547">gradle/actions#547</a></li> <li>Bump the npm-dependencies group in /sources with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/548">gradle/actions#548</a></li> <li>Update develocity-injection init script to v1.2 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/550">gradle/actions#550</a></li> <li>Bump the github-actions group across 1 directory with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/552">gradle/actions#552</a></li> <li>Bump the npm-dependencies group across 1 directory with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/558">gradle/actions#558</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/560">gradle/actions#560</a></li> <li>Bump references to Develocity Gradle plugin from 3.19.1 to 3.19.2 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/561">gradle/actions#561</a></li> <li>Catch more build failures in job summary by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/571">gradle/actions#571</a></li> <li>Scope captured build failures by <a href="https://github.com/erichaagdev"><code>@erichaagdev</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/574">gradle/actions#574</a></li> <li>Ignore SSL certificate validation when fetching Develocity short-lived access token if <code>develocity-allow-untrusted-server</code> is enabled by <a href="https://github.com/remcomokveld"><code>@remcomokveld</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/575">gradle/actions#575</a></li> <li>Dependency updates by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/579">gradle/actions#579</a></li> <li>Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/580">gradle/actions#580</a></li> <li>Bump the github-actions group across 2 directories with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/582">gradle/actions#582</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/erichaagdev"><code>@erichaagdev</code></a> made their first contribution in <a href="https://redirect.github.com/gradle/actions/pull/574">gradle/actions#574</a></li> <li><a href="https://github.com/remcomokveld"><code>@remcomokveld</code></a> made their first contribution in <a href="https://redirect.github.com/gradle/actions/pull/575">gradle/actions#575</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.3.0...v4.3.1">https://github.com/gradle/actions/compare/v4.3.0...v4.3.1</a></p> <h2>v4.3.0</h2> <p>This release brings some significant improvements to cache-cleanup and dependency-submission:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c1e3e07431 |
build(deps): bump getsentry/action-release from 1.8.0 to 3.1.1 in /.github/actions/create-sentry-release (#9457)
Bumps [getsentry/action-release](https://github.com/getsentry/action-release) from 1.8.0 to 3.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/action-release/releases">getsentry/action-release's releases</a>.</em></p> <blockquote> <h2>3.1.1</h2> <ul> <li>fix: Only pass <code>urlPrefix</code> to sentry-cli if it's not empty (<a href="https://redirect.github.com/getsentry/action-release/issues/275">#275</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <h2>3.1.0</h2> <ul> <li>feat: Add <code>release</code> and <code>release_prefix</code> in favor of <code>version</code> and <code>version_prefix</code> (<a href="https://redirect.github.com/getsentry/action-release/issues/273">#273</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <p>Input parameter <code>version</code> has been deprecated and will be removed in a future version in favor of a newly introduced <code>release</code> parameter.</p> <p>Input parameter <code>version_prefix</code> has been deprecated and will be removed in a future version in favor of a newly introduced <code>release_prefix</code> parameter.</p> <h2>3.0.0</h2> <p>Version <code>3.0.0</code> contains breaking changes:</p> <ul> <li>feat(sourcemaps)!: Enable injecting debug ids by default (<a href="https://redirect.github.com/getsentry/action-release/issues/272">#272</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <p>The action now automatically injects Debug IDs into your JavaScript source files and source maps to ensure your stacktraces can be properly un-minified.</p> <p>This is a <strong>breaking change as it modifies your source files</strong>. You can disable this behavior by setting <code>inject: false</code>:</p> <pre lang="yaml"><code>- uses: getsentry/action-release@v3 with: environment: 'production' sourcemaps: './dist' inject: false </code></pre> <p>Read more about <a href="https://docs.sentry.io/platforms/javascript/sourcemaps/troubleshooting_js/artifact-bundles/">Artifact Bundles and Debug IDs here</a>.</p> <h2>2.0.0</h2> <blockquote> <p>[!NOTE]<br /> This release contains no changes over <code>v1.10.4</code> and is just meant to unblock users that have upgraded to <code>v2</code> before.</p> <p>We <strong>recommend</strong> pinning to <code>v1</code>.</p> </blockquote> <p>Last week we pushed a <code>v2</code> branch that triggered dependabot which treated it as a release. This was not meant to be a release, but many users have upgraded to <code>v2</code>.</p> <p>This release will help unblock users that have upgraded to <code>v2</code>.</p> <p>Please see: <a href="https://redirect.github.com/getsentry/action-release/issues/258">#258</a></p> <h2>1.11.0</h2> <ul> <li>feat: Use hybrid docker/composite action approach (<a href="https://redirect.github.com/getsentry/action-release/issues/265">#265</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <p>After receiving user feedback both on runtime and compatibility issues for <code>1.10.0</code> the action has been reworked to use a Docker based approach on Linux runners, mimicking <code>< 1.9.0</code> versions, while Mac OS and Windows runners will follow the <code>1.10.0</code> approach of installing <code>@sentry/cli</code> in the run step.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/action-release/blob/master/CHANGELOG.md">getsentry/action-release's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>3.1.1</h2> <ul> <li>fix: Only pass <code>urlPrefix</code> to sentry-cli if it's not empty (<a href="https://redirect.github.com/getsentry/action-release/issues/275">#275</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <h2>3.1.0</h2> <ul> <li>feat: Add <code>release</code> and <code>release_prefix</code> in favor of <code>version</code> and <code>version_prefix</code> (<a href="https://redirect.github.com/getsentry/action-release/issues/273">#273</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <p>Input parameter <code>version</code> has been deprecated and will be removed in a future version in favor of a newly introduced <code>release</code> parameter.</p> <p>Input parameter <code>version_prefix</code> has been deprecated and will be removed in a future version in favor of a newly introduced <code>release_prefix</code> parameter.</p> <h2>3.0.0</h2> <p>Version <code>3.0.0</code> contains breaking changes:</p> <ul> <li>feat(sourcemaps)!: Enable injecting debug ids by default (<a href="https://redirect.github.com/getsentry/action-release/issues/272">#272</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <p>The action now automatically injects Debug IDs into your JavaScript source files and source maps to ensure your stacktraces can be properly un-minified.</p> <p>This is a <strong>breaking change as it modifies your source files</strong>. You can disable this behavior by setting <code>inject: false</code>:</p> <pre lang="yaml"><code>- uses: getsentry/action-release@v3 with: environment: 'production' sourcemaps: './dist' inject: false </code></pre> <p>Read more about <a href="https://docs.sentry.io/platforms/javascript/sourcemaps/troubleshooting_js/artifact-bundles/">Artifact Bundles and Debug IDs here</a>.</p> <h2>1.11.0</h2> <ul> <li>feat: Use hybrid docker/composite action approach (<a href="https://redirect.github.com/getsentry/action-release/issues/265">#265</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <p>After receiving user feedback both on runtime and compatibility issues for <code>1.10.0</code> the action has been reworked to use a Docker based approach on Linux runners, mimicking <code>< 1.9.0</code> versions, while Mac OS and Windows runners will follow the <code>1.10.0</code> approach of installing <code>@sentry/cli</code> in the run step.</p> <h2>1.10.5</h2> <h3>Various fixes & improvements</h3> <ul> <li>fix: Mark <code>GITHUB_WORKSPACE</code> a safe git directory (<a href="https://redirect.github.com/getsentry/action-release/issues/260">#260</a>) by <a href="https://github.com/andreiborza"><code>@andreiborza</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
00485ca589 |
build(deps): bump google-github-actions/auth from 2.1.7 to 2.1.10 in /.github/actions/setup-rust (#9462)
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 2.1.7 to 2.1.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google-github-actions/auth/releases">google-github-actions/auth's releases</a>.</em></p> <blockquote> <h2>v2.1.10</h2> <h2>What's Changed</h2> <ul> <li>Declare workflow permissions by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/482">google-github-actions/auth#482</a></li> <li>Document that the OIDC token expires in 5min by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/483">google-github-actions/auth#483</a></li> <li>Release: v2.1.10 by <a href="https://github.com/google-github-actions-bot"><code>@google-github-actions-bot</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/484">google-github-actions/auth#484</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google-github-actions/auth/compare/v2.1.9...v2.1.10">https://github.com/google-github-actions/auth/compare/v2.1.9...v2.1.10</a></p> <h2>v2.1.9</h2> <h2>What's Changed</h2> <ul> <li>Use our custom boolean parsing by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/478">google-github-actions/auth#478</a></li> <li>Update deps by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/479">google-github-actions/auth#479</a></li> <li>Release: v2.1.9 by <a href="https://github.com/google-github-actions-bot"><code>@google-github-actions-bot</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/480">google-github-actions/auth#480</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google-github-actions/auth/compare/v2.1.8...v2.1.9">https://github.com/google-github-actions/auth/compare/v2.1.8...v2.1.9</a></p> <h2>v2.1.8</h2> <h2>What's Changed</h2> <ul> <li>Update TROUBLESHOOTING.md by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/457">google-github-actions/auth#457</a></li> <li>fix: add runs-on to README.md example by <a href="https://github.com/lbarthon"><code>@lbarthon</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/460">google-github-actions/auth#460</a></li> <li>security: bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/463">google-github-actions/auth#463</a></li> <li>Update deps by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/466">google-github-actions/auth#466</a></li> <li>Release: v2.1.8 by <a href="https://github.com/google-github-actions-bot"><code>@google-github-actions-bot</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/467">google-github-actions/auth#467</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lbarthon"><code>@lbarthon</code></a> made their first contribution in <a href="https://redirect.github.com/google-github-actions/auth/pull/460">google-github-actions/auth#460</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google-github-actions/auth/compare/v2...v2.1.8">https://github.com/google-github-actions/auth/compare/v2...v2.1.8</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
7ac47cf92d |
build(deps): bump docker/login-action from 3.3.0 to 3.4.0 in /.github/actions/gcp-docker-login (#9458)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.3.0 to 3.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.4.0</h2> <ul> <li>Bump <code>@actions/core</code> from 1.10.1 to 1.11.1 in <a href="https://redirect.github.com/docker/login-action/pull/791">docker/login-action#791</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.766.0 in <a href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a> <a href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.758.0 in <a href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a> <a href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.35.0 to 0.57.0 in <a href="https://redirect.github.com/docker/login-action/pull/801">docker/login-action#801</a> <a href="https://redirect.github.com/docker/login-action/pull/806">docker/login-action#806</a> <a href="https://redirect.github.com/docker/login-action/pull/858">docker/login-action#858</a></li> <li>Bump cross-spawn from 7.0.3 to 7.0.6 in <a href="https://redirect.github.com/docker/login-action/pull/814">docker/login-action#814</a></li> <li>Bump https-proxy-agent from 7.0.5 to 7.0.6 in <a href="https://redirect.github.com/docker/login-action/pull/823">docker/login-action#823</a></li> <li>Bump path-to-regexp from 6.2.2 to 6.3.0 in <a href="https://redirect.github.com/docker/login-action/pull/777">docker/login-action#777</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.3.0...v3.4.0">https://github.com/docker/login-action/compare/v3.3.0...v3.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eda67d2fd0 |
build(deps): bump google-github-actions/auth from 2.1.7 to 2.1.10 in /.github/actions/gcp-docker-login (#9459)
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 2.1.7 to 2.1.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google-github-actions/auth/releases">google-github-actions/auth's releases</a>.</em></p> <blockquote> <h2>v2.1.10</h2> <h2>What's Changed</h2> <ul> <li>Declare workflow permissions by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/482">google-github-actions/auth#482</a></li> <li>Document that the OIDC token expires in 5min by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/483">google-github-actions/auth#483</a></li> <li>Release: v2.1.10 by <a href="https://github.com/google-github-actions-bot"><code>@google-github-actions-bot</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/484">google-github-actions/auth#484</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google-github-actions/auth/compare/v2.1.9...v2.1.10">https://github.com/google-github-actions/auth/compare/v2.1.9...v2.1.10</a></p> <h2>v2.1.9</h2> <h2>What's Changed</h2> <ul> <li>Use our custom boolean parsing by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/478">google-github-actions/auth#478</a></li> <li>Update deps by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/479">google-github-actions/auth#479</a></li> <li>Release: v2.1.9 by <a href="https://github.com/google-github-actions-bot"><code>@google-github-actions-bot</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/480">google-github-actions/auth#480</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google-github-actions/auth/compare/v2.1.8...v2.1.9">https://github.com/google-github-actions/auth/compare/v2.1.8...v2.1.9</a></p> <h2>v2.1.8</h2> <h2>What's Changed</h2> <ul> <li>Update TROUBLESHOOTING.md by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/457">google-github-actions/auth#457</a></li> <li>fix: add runs-on to README.md example by <a href="https://github.com/lbarthon"><code>@lbarthon</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/460">google-github-actions/auth#460</a></li> <li>security: bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/463">google-github-actions/auth#463</a></li> <li>Update deps by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/466">google-github-actions/auth#466</a></li> <li>Release: v2.1.8 by <a href="https://github.com/google-github-actions-bot"><code>@google-github-actions-bot</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/467">google-github-actions/auth#467</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lbarthon"><code>@lbarthon</code></a> made their first contribution in <a href="https://redirect.github.com/google-github-actions/auth/pull/460">google-github-actions/auth#460</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google-github-actions/auth/compare/v2...v2.1.8">https://github.com/google-github-actions/auth/compare/v2...v2.1.8</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c488037fcf |
build(deps): bump esbuild from 0.9.0 to 0.10.0 in /elixir (#9425)
Bumps [esbuild](https://github.com/phoenixframework/esbuild) from 0.9.0 to 0.10.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/esbuild/blob/main/CHANGELOG.md">esbuild's changelog</a>.</em></p> <blockquote> <h2>v0.10.0 (2025-05-27)</h2> <ul> <li>Automatically join environment variables specified as lists using the correct <code>PATH</code> separator. For example: <pre lang="elixir"><code>config :esbuild, my_profile: [ ... env: %{ "NODE_PATH" => [Path.expand("../deps", __DIR__), Mix.Project.build_path()] } ] </code></pre> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5d9342eca8 |
build(deps): bump com.google.firebase:firebase-bom from 33.14.0 to 33.15.0 in /kotlin/android (#9447)
Bumps com.google.firebase:firebase-bom from 33.14.0 to 33.15.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
827651b480 |
build(deps): bump framer-motion from 12.15.0 to 12.16.0 in /website (#9435)
Bumps [framer-motion](https://github.com/motiondivision/motion) from 12.15.0 to 12.16.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[12.16.0] 2025-06-03</h2> <h3>Added</h3> <ul> <li><code>resize()</code>.</li> </ul> <h2>[12.15.1] 2025-05-30</h2> <h3>Fixed</h3> <ul> <li>Explicitly set layout animation velocity to zero to prevent persistent <code>MotionValue</code> carrying through velocity.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0cf67649eb |
build(deps): bump phoenix_live_view from 1.0.14 to 1.0.17 in /elixir (#9431)
Bumps [phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view) from 1.0.14 to 1.0.17. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix_live_view/blob/v1.0.17/CHANGELOG.md">phoenix_live_view's changelog</a>.</em></p> <blockquote> <h2>1.0.17 (2025-06-04)</h2> <h3>Bug fixes</h3> <ul> <li>Fix <code><select></code> elements not being included in form recovery (regression in 1.0.14; <a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3831">#3831</a>)</li> <li>Fix events from destroyed child LiveViews being accidentally sent to the parent LiveView instead</li> </ul> <h2>1.0.16 (2025-06-04)</h2> <h3>Bug fixes</h3> <ul> <li>Fix <code>Phoenix.Component.focus_wrap/1</code> running into an infinite JavaScript recursion (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3828">#3828</a>)</li> </ul> <h2>1.0.15 (2025-06-02)</h2> <h3>Bug fixes</h3> <ul> <li>Fix accumulation of empty text nodes inside <code>phx-update="stream"</code> containers (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3784">#3784</a>). This could lead to exponential memory growth when the stream container was part of a form with concurrent updates.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3c69ebc67a |
build(deps): bump @types/node from 22.15.3 to 22.15.30 in /website (#9437)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.15.3 to 22.15.30. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |