Bumps
[telemetry_poller](https://github.com/beam-telemetry/telemetry_poller)
from 1.1.0 to 1.2.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/beam-telemetry/telemetry_poller/blob/main/CHANGELOG.md">telemetry_poller's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/beam-telemetry/telemetry_poller/tree/v1.2.0">1.2.0</a></h2>
<h3>Added</h3>
<ul>
<li>Support <code>persistent_term</code> measurements.</li>
<li>Require Erlang/OTP 24+.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/beam-telemetry/telemetry_poller/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [observer_cli](https://github.com/zhongwencool/observer_cli) from
1.8.1 to 1.8.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zhongwencool/observer_cli/releases">observer_cli's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix unit of fullsweep_after by <a
href="https://github.com/binaryseed"><code>@binaryseed</code></a> in <a
href="https://redirect.github.com/zhongwencool/observer_cli/pull/108">zhongwencool/observer_cli#108</a></li>
<li>chore: fix typo lable -> label by <a
href="https://github.com/zmstone"><code>@zmstone</code></a> in <a
href="https://redirect.github.com/zhongwencool/observer_cli/pull/109">zhongwencool/observer_cli#109</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/binaryseed"><code>@binaryseed</code></a> made
their first contribution in <a
href="https://redirect.github.com/zhongwencool/observer_cli/pull/108">zhongwencool/observer_cli#108</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zhongwencool/observer_cli/compare/1.8.1...v1.8.2">https://github.com/zhongwencool/observer_cli/compare/1.8.1...v1.8.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="854d5ab4fa"><code>854d5ab</code></a>
chore: bump to 1.8.2</li>
<li><a
href="d057cb3670"><code>d057cb3</code></a>
chore: fix typo lable -> label</li>
<li><a
href="13ec437b1f"><code>13ec437</code></a>
Fix unit of fullsweep_after</li>
<li>See full diff in <a
href="https://github.com/zhongwencool/observer_cli/compare/1.8.1...v1.8.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[ex_cldr_dates_times](https://github.com/elixir-cldr/cldr_dates_times)
from 2.20.3 to 2.22.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-cldr/cldr_dates_times/releases">ex_cldr_dates_times's
releases</a>.</em></p>
<blockquote>
<h2>Cldr Dates Times version 2.22.0</h2>
<h3>Breaking Data format changes</h3>
<p>There are some changes to the underlying locale data format that will
be a breaking change for results returned from:</p>
<ul>
<li><code>Cldr.DateTime.Format.time_formats/{1,2,3}</code></li>
<li><code>MyApp.Cldr.Calendar.day_periods/{0, 1, 2}</code></li>
</ul>
<p>The data changes are summarised as:</p>
<ul>
<li>Time formats now group the <code>:default</code> and
<code>:ascii</code> alternatives.</li>
<li>Day periods used for date/time formatting now group the alternatives
for <code>am</code> and <code>pm</code> where the data is
available.</li>
<li>Day period display names now group the alternatives for
<code>am</code> and <code>pm</code> where the data is available.</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li>Update to <a href="https://cldr.unicode.org/downloads/cldr-47">CLDR
47</a> data.</li>
</ul>
<h2>Cldr Dates Times version 2.21.0</h2>
<h3>Enhancements</h3>
<ul>
<li>Allow configuration of <code>ex_cldr_calendars</code> version 2.0
and later.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-cldr/cldr_dates_times/blob/main/CHANGELOG.md">ex_cldr_dates_times's
changelog</a>.</em></p>
<blockquote>
<h2>Cldr_Dates_Times v2.22.0</h2>
<p>This is the changelog for Cldr_Dates_Times v2.22.0 released on March
18th, 2025. For older changelogs please consult the release tag on <a
href="https://github.com/elixir-cldr/cldr_cldr_dates_times/tags">GitHub</a></p>
<h3>Breaking Data format changes</h3>
<p>There are some changes to the underlying locale data format that will
be a breaking change for results returned from:</p>
<ul>
<li><code>Cldr.DateTime.Format.time_formats/{1,2,3}</code></li>
<li><code>MyApp.Cldr.Calendar.day_periods/{0, 1, 2}</code></li>
</ul>
<p>The data changes are summarised as:</p>
<ul>
<li>Time formats now group the <code>:default</code> and
<code>:ascii</code> alternatives.</li>
<li>Day periods used for date/time formatting now group the alternatives
for <code>am</code> and <code>pm</code> where the data is
available.</li>
<li>Day period display names now group the alternatives for
<code>am</code> and <code>pm</code> where the data is available.</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li>Update to <a href="https://cldr.unicode.org/downloads/cldr-47">CLDR
47</a> data.</li>
</ul>
<h2>Cldr_Dates_Times v2.21.0</h2>
<p>This is the changelog for Cldr_Dates_Times v2.21.0 released on
January 31st, 2025. For older changelogs please consult the release tag
on <a
href="https://github.com/elixir-cldr/cldr_cldr_dates_times/tags">GitHub</a></p>
<h3>Enhancements</h3>
<ul>
<li>Allow configuration of <code>ex_cldr_calendars</code> version 2.0
and later.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c7042c4327"><code>c7042c4</code></a>
Update deps and changelog</li>
<li><a
href="0a0e56cd36"><code>0a0e56c</code></a>
Update version and changelog</li>
<li><a
href="b4dbc2cb55"><code>b4dbc2c</code></a>
Reflect CLDR 47 Beta 2 data</li>
<li><a
href="907fb8ef8d"><code>907fb8e</code></a>
Config test dependencies</li>
<li><a
href="930ad5686e"><code>930ad56</code></a>
Initial testing on CLDR47 Alpha 2</li>
<li><a
href="48aada48eb"><code>48aada4</code></a>
Support ex_cldr_calendars 2.0</li>
<li><a
href="04b4af8e67"><code>04b4af8</code></a>
Add back test locales</li>
<li><a
href="5a675305d6"><code>5a67530</code></a>
Merge pull request <a
href="https://redirect.github.com/elixir-cldr/cldr_dates_times/issues/53">#53</a>
from Munksgaard/fix-doc-comments</li>
<li><a
href="3a5a7c073f"><code>3a5a7c0</code></a>
Fix some doc comment warnings</li>
<li>See full diff in <a
href="https://github.com/elixir-cldr/cldr_dates_times/compare/v2.20.3...v2.22.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@fontsource/source-sans-3](https://github.com/fontsource/font-files/tree/HEAD/fonts/google/source-sans-3)
from 5.1.1 to 5.2.6.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/fontsource/font-files/commits/HEAD/fonts/google/source-sans-3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The `flows` table currently has `ON DELETE SET NULL` behavior for many
of its foreign key constraints. The problem is that if we try to delete
any of the associated entities, setting a null here causes the DB
operation to fail with:
```
ERROR: null value in column "policy_id" of relation "flows" violates not-null constraint
```
I can understand why it was originally architected like this to preserve
connection log data, but we'll be using another approach for that that
doesn't require maintaining relational data in perpetuity.
Related: #949
The Google API will often return a missing `members` key alongside a
`200` response from their members API. The documentation here isn't
clear whether this key is expected or not, but since the sync has been
working fine up until #8608, we can only surmise that the missing key in
fact means the group has no members.
This PR updates the Google API client so that a `default_if_missing` can
be passed in which is returned if the API response is missing the JSON
key to fetch.
For the users, groups, and organization units fetches, we consider a
missing key to be an error and we return `{:error, :invalid_response}`
since this most likely indicates an API problem.
For the members endpoint, we consider the missing key to be the empty
set.
Additionally, a bug is fixed that was introduced in #8608 whereupon we
returned `{:error, :retry_later}` for newly-accounted-for API responses,
which would have caused a "sync failed" email to be sent to the admins
on the instance.
Instead, we want to return `{:error, :invalid_response}` which will stop
the sync from progressing, and log it internally.
The previous migration only accounted for soft-deleted rows that have an
active counterpart.
This fails the new unique index if multiple soft-deleted rows exist for
the same `account_id, provider_id, provider_identifier` combination.
Instead, to appease the new index, we need to delete all soft-deleted
rows where these fields exist.
Related: #8615
After merging #8608, we discovered that we receive unexpected API
responses on the regular. This adds improved logging to uncover what
exactly these unexpected API responses are.
When syncing identities from an identity, we have logic in place that
resurrects any soft-deleted identities in order to maintain their
session history, group memberships and any other relevant data. Users
can be temporarily suspended from their identity provider and then
resumed.
Groups, however, based on cursory research, can never be temporarily
suspended at the identity provider. However, this doesn't mean that we
can't see the group disappear and reappear at a later point in time.
This can happen due to a temporary sync issue, or in the upcoming Group
Filters PR: #8381.
This PR adds more robust testing to ensure we can in fact resurrect
identities as expected.
It also updates the group sync logic to similarly resurrect soft-deleted
groups if they are seen again in a subsequent sync.
To achieve this, we need to update the `UNIQUE CONSTRAINT` used in the
upsert clause during the sync. Before, it was possible for two (or more)
groups to exist with the same provider_identifier and provider_id, if
`deleted_at IS NOT NULL`. Now, we need to ensure that only one group
with the same `account_id, provider_id, provider_identifier` can exist,
since we want to resurrect and not recreate these.
To do this, we use a migration that does the following:
1. Ensures any potentially problematic data is permanently deleted
2. Drops the existing unique constraint
3. Recreates it, omitting `WHERE DELETED_AT IS NULL` from the partial
index.
Based on exploring the production DB data, this should not cause any
issues, but it would be a good idea to double-check before rolling this
out to prod.
Lastly, the final missing piece to the resurrection story is Policies.
This is saved for a future PR since we need to first define the
difference between a policy that was soft-deleted via a sync job, and a
policy that was "perma" deleted by a user.
Related: #8187
When calling the various directory sync endpoints, we had error cases
that matched a few of the possible error scenarios in an appropriate way
by returning either `{:error, :retry_later}` or the `{:error, ...}`
tuples.
However, as we've recently learned in [this
thread](https://firezonehq.slack.com/archives/C069H865MHP/p1743521884037159),
it's possible for identity provider APIs to return all kinds of bogus
data here, and we need a more defensive approach.
The specific issue this PR addresses is the case where we receive a
`2xx` response, but without the expected JSON key in the response body.
That will result in the `list*` functions returning an empty list, which
the calling code paths then use to soft-delete all existing record types
in the DB.
This is wrong. If the JSON response is missing a key we're expecting, we
instead log a warning and return `{:error, :retry_later}`. It's
currently unknown when exactly this happens and why, but with better
monitoring here we'll have a much better picture as to why.
When reading through these modules, it's helpful to know that the actual
sync data update doesn't occur more often than 10 minutes due to a
database check.
The adapter itself isn't enabled in the UI on prod, but the background
job to sync mock data was. This prevents the job from being started and
emitting log noise into production logs.
When a customer signs up for Starter or Team, we don't enable tax
calculation by default. This means customers can upgrade to Team, start
paying invoices, and we won't collect taxes.
This creates a management issue and possible tax liability since I need
to manually reconcile these.
Instead, since we have Stripe Tax configured on our account, we can
enable automatic tax calculation when the subscription is created. Any
products (Starter/Team/Enterprise) therefore in the subscription will
automatically collect tax appropriately.
In most cases in the US, the tax rate is 0. In EU transactions, for B2B
sales, the tax rate for us is also 0 (reverse charge basis). If we sell
a Team subscription to an individual, however, we need to collect VAT.
There doesn't seem to be a way to block consumer EU transactions in
Stripe, so we'll likely need to register for VAT in the EU if we cross
the reporting threshold.
A regression was introduced in d0f0de0f8d
whereupon we started using the updated policy record for broadcasting
the `delete_policy` and `expire_flows` events. This caused a security
issue because if the actor group changed from `Everyone` to `thomas`,
for example, we'd only expire flows and broadcast policy removal (i.e.
resource removal) events for `thomas`, and `Everyone` would still have
access granted by the old policy.
To fix this, we broadcast the destructive events to the old policy, so
that its `actor_group_id` and `resource_id` are used, and not the new
policy's.
Fixes#8549
After removing some of the functionality for viewing the Internet
Resource, customer was confused where to find it again.
This places an `Internet` section in the Resources index page (similar
to Sites page) with a short help text and an action button to view the
Internet Resource.
This also adds a convenient helper that allows us to route to
`/#{account}/resources/internet` for a nicer-looking URL that users can
bookmark if needed.
<img width="1423" alt="Screenshot 2025-03-19 at 11 52 31 PM"
src="https://github.com/user-attachments/assets/f2da1c31-92b2-429e-832f-73ddd0524155"
/>
Fixes#8479
Why:
* This commit will allow account admins to send a request through the
Firezone portal to schedule a deletion of their account, rather than
having the account admins email their request manually. Doing this
through the portal allows us to verify that the request actually came
from an admin of the account.
I was debugging some of this just now and realized our naming / comments
are incorrect here, so thought I'd open a PR to tidy things up for the
next person reading this.
Resource CIDRs actually occupy the `100.96.0.0/11` range (and IPv6
equivalent), but the portal doesn't generate these.
Why:
* Previously, when running a directory sync with the Google Workspace
IdP adapter, if a service account had been configured but there was a
problem getting an access token for the service account, the sync job
would fall back to using a personal access token. We no longer want to
rely on any personal access token once a service account has been
configured. This commit will make sure that if a service account is
configured there is no way to fall back to any personal access token.
Fixes#8409
When deploying a Gateway from the admin portal UI, we show various
environment variables required for setup. Until now, we've relied on the
`/var/lib/firezone` persistence method for identifying the Gateway.
However, this can cause issues on some systems that don't have writeable
access to /var/lib/firezone, or old versions of systemd that don't
support sandboxed access to this directory.
This PR updates each deployment method to use `FIREZONE_ID` instead
everywhere. Additionally, since the Docker upgrade script needs to
reinvoke the new container using the same arguments (more or less) as
the install, we need to extract the old `/var/lib/firezone/gateway_id`
file out of the existing container if it exists, and try to insert it
into the upgraded container.
Tested both scripts, including upgrades for the Docker script.
Fixes: #8471
Finishes up the Internet Resource migration by enforcing:
- No internet resources in non-internet sites
- No regular resources in internet sites
- Removing the prompt to migrate
~~I've already migrated the existing internet resources in customer's
accounts. No one that was using the internet resource hadn't already
migrated.~~
Edit: I started to head down that path, then decided doing this here in
a data migration was going to be a better approach.
Fixes#8212
[Step
2](https://cloud.google.com/sql/docs/postgres/pg-audit#set-pgaudit-flag-values)
of the pgaudit setup guide for Google Cloud SQL. It would be good to
have detailed pg audit logs on the master application instance in case
things go wrong.
Notably, this prevents erroring out when the `pgaudit` is not available,
which by default, it is. Enabling the `pgaudit` extension for our dev
instance is left as a future endeavor.
Supersedes #5442
The submit button on the settings -> dns page has a couple UX issues
with the new search domain section:
- It's ambiguous what the `Save` is actually saving
- The spacing makes it look like it's only saving upstream resolvers
This PR introduces a simple fix that address the two issues by:
- Updating the button text to `Save DNS Settings`
- Increasing spacing between submit button and form elements
- Slightly decreasing spacing between the `search domain` and `upstream
resolvers` inputs
<img width="968" alt="Screenshot 2025-03-14 at 12 06 02 AM"
src="https://github.com/user-attachments/assets/651f54c8-3b5f-4747-ad3a-e2ae32eccbf0"
/>
Related #5248
Why:
* This commit updates the 500 error page in the portal to have the same
look and feel of the 404 error page in order to be consistent within the
portal UI.
- Adds a simple text input to configure search domains ("default DNS
suffix") in the Settings -> DNS page.
- Sends the `search_domain` field as part of the client's `init` message
- Fixes a minor UI alignment inconsistency for the upstream resolvers
field so that the total form width and `New resolver` button width are
the same.
<img width="1137" alt="Screenshot 2025-03-09 at 10 56 56 PM"
src="https://github.com/user-attachments/assets/a1d5a570-8eae-4aa9-8a1c-6aaeb9f4c33a"
/>
Fixes#8365
Introduces a simple `search_domain` field embed into our existing
`Accounts.Account.Config` embedded schema. This will be sent to clients
to append to single-label DNS queries.
UI and API changes will come in subsequent PRs: this one adds field and
(lots of) validations only.
Related: #8365
- Adds more actor groups to the existing `oidc_provider`
- Configures a rand seed so our seed data is reproducible across
machines
- Formats the seeds file to allow for some refactoring a later PR
- Adds a `Mock` identity provider adapter with sync enabled
Rather than the current behavior of raising a 500 when we receive
missing / invalid params in IdP auth callbacks, it would be helpful to
show the user which params were provided, in case the IdP has set
anything useful to aid the user.
For example, we recently received these params from `okta` for a pilot
account (and subsequently rendered them a 500):
```
%{"account_id_or_slug" => "<redacted>", "error" => "access_denied", "error_description" => "User is not assigned to the client application.", "provider_id" => "<redacted>", "state" => "<redacted>"}
```
Bumps [postgrex](https://github.com/elixir-ecto/postgrex) from 0.19.3 to
0.20.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-ecto/postgrex/blob/master/CHANGELOG.md">postgrex's
changelog</a>.</em></p>
<blockquote>
<h2>v0.20.0 (2025-02-05)</h2>
<ul>
<li>
<p>Deprecations</p>
<ul>
<li>Deprecate <code>:search_path</code> and use <code>:parameters</code>
option instead</li>
</ul>
</li>
<li>
<p>Bug fixes</p>
<ul>
<li>Ensure <code>Duration</code> type returns same units as
<code>Postgrex.Interval</code></li>
<li>Call disconnect on protocol when reconnecting in
<code>Postgrex.ReplicationConnection</code></li>
<li>Call disconnect only if there is protocol in
<code>Postgrex.SimpleConnection</code></li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c2af85d8eb"><code>c2af85d</code></a>
Release v0.20.0 (with Elixir v1.19 warnings fixed)</li>
<li><a
href="b50103a939"><code>b50103a</code></a>
Release v0.20.0</li>
<li><a
href="51ccbdd1d5"><code>51ccbdd</code></a>
Update postgrex.ex</li>
<li><a
href="34a57fe359"><code>34a57fe</code></a>
Deprecate <code>:search_path</code> and use <code>:parameters</code>
option instead (<a
href="https://redirect.github.com/elixir-ecto/postgrex/issues/729">#729</a>)</li>
<li><a
href="928e43a816"><code>928e43a</code></a>
Have Duration return same units as Postgrex.Interval (<a
href="https://redirect.github.com/elixir-ecto/postgrex/issues/728">#728</a>)</li>
<li><a
href="a6f20205a3"><code>a6f2020</code></a>
Call disconnect on protocol when reconnecting in Replication connection
(<a
href="https://redirect.github.com/elixir-ecto/postgrex/issues/726">#726</a>)</li>
<li><a
href="9748fcbbd7"><code>9748fcb</code></a>
Update dependencies with warnings (<a
href="https://redirect.github.com/elixir-ecto/postgrex/issues/723">#723</a>)</li>
<li><a
href="c3097f429a"><code>c3097f4</code></a>
More safety checks around comments (<a
href="https://redirect.github.com/elixir-ecto/postgrex/issues/722">#722</a>)</li>
<li><a
href="6d9e2ca81a"><code>6d9e2ca</code></a>
Minor link correction and moduledoc cleanup (<a
href="https://redirect.github.com/elixir-ecto/postgrex/issues/720">#720</a>)</li>
<li><a
href="cebb02f923"><code>cebb02f</code></a>
Disconnect only if there is a protocol</li>
<li>See full diff in <a
href="https://github.com/elixir-ecto/postgrex/compare/v0.19.3...v0.20.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Adds the following endpoints:
- `PUT /clients/:id` for updating the `name`
- `PUT /clients/:client_id/verify` for verifying a client
- `PUT /clients/:client_id/unverify` for unverifying a client
- `GET /clients` for listing clients in an account
- `GET /clients/:id` for getting a single client
- `DELETE /clients/:id` for deleting a client
Related: #8081
If the websocket connection between a relay and the portal experiences a
temporary network split, the portal will immediately send the
disconnected id of the relay to any connected clients and gateways, and
all relayed connections (and current allocations) will be immediately
revoked by connlib.
This tight coupling is needlessly disruptive. As we've seen in staging
and production logs, relay disconnects can happen randomly, and in the
vast majority of cases immediately reconnect. Currently we see about 1-2
dozen of these **per day**.
To better account for this, we introduce a debounce mechanism in the
portal for `relays_presence` disconnects that works as follows:
- When a relay disconnects, record its `stamp_secret` (this is somewhat
tricky as we don't get this at the time of disconnect - we need to cache
it by relay_id beforehand)
- If the same `relay_id` reconnects again with the same `stamp_secret`
within `relays_presence_debounce_timeout` -> no-op
- If the same `relay_id` reconnects again with a **different**
`stamp_secret` -> disconnect immediately
- If it doesn't reconnect, **then** send the `relays_presence` with the
disconnected_id after the `relays_presence_debounce_timeout`
There are several ways connlib detects a relay is down:
1. Binding requests time out. These happen every 25s, so on average we
don't know a Relay is down for 12.5s + backoff timer.
2. `relays_presence` - this is currently the fastest way to detect
relays are down. With this change, the caveat is we will now detect this
with a delay of `relays_presence_debounce_timer`.
Fixes#8301
Bumps [plug_cowboy](https://github.com/elixir-plug/plug_cowboy) from
2.7.2 to 2.7.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-plug/plug_cowboy/blob/master/CHANGELOG.md">plug_cowboy's
changelog</a>.</em></p>
<blockquote>
<h2>v2.7.3</h2>
<h3>Enhancements</h3>
<ul>
<li>Ensure errors from Cowboy 2.13 are correctly translated</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e5d5fd8057"><code>e5d5fd8</code></a>
Release: v2.7.3</li>
<li><a
href="cebf20c7bf"><code>cebf20c</code></a>
Translate errors for Cowboy 2.13.0</li>
<li><a
href="79b7bf8f26"><code>79b7bf8</code></a>
Improve docs (<a
href="https://redirect.github.com/elixir-plug/plug_cowboy/issues/104">#104</a>)</li>
<li>See full diff in <a
href="https://github.com/elixir-plug/plug_cowboy/compare/v2.7.2...v2.7.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [flowbite](https://github.com/themesberg/flowbite) from 3.1.1 to
3.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/themesberg/flowbite/releases">flowbite's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.2</h2>
<ul>
<li>create new theme file to move CSS variables</li>
<li>update quickstart guide to reflect this change</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4ffec1008a"><code>4ffec10</code></a>
refactor(flowbite): move color theme variables to css file</li>
<li><a
href="38984c12ae"><code>38984c1</code></a>
refactor(colors): move colors from plugin to theme file</li>
<li><a
href="23732fd518"><code>23732fd</code></a>
docs(datepicker): specify that you need to set source</li>
<li>See full diff in <a
href="https://github.com/themesberg/flowbite/compare/v3.1.1...v3.1.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [argon2_elixir](https://github.com/riverrun/argon2_elixir) from
4.0.0 to 4.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/riverrun/argon2_elixir/blob/master/CHANGELOG.md">argon2_elixir's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>,
and this project adheres to <a
href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2>v4.1.1 (2025-02-04)</h2>
<ul>
<li>Bug fixes
<ul>
<li>fixed unnecessary raise that results in warnings in Elixir 1.18</li>
</ul>
</li>
</ul>
<h2>v4.1.0 (2024-10-04)</h2>
<ul>
<li>Changes
<ul>
<li>Updated dependencies and made changes to silence warnings in Elixir
1.17</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f0e4a359f4"><code>f0e4a35</code></a>
update dependencies</li>
<li><a
href="bdc8be851e"><code>bdc8be8</code></a>
update to version 4.1.1</li>
<li><a
href="a390332029"><code>a390332</code></a>
Merge pull request <a
href="https://redirect.github.com/riverrun/argon2_elixir/issues/66">#66</a>
from flaviogrossi/fix_unnecessary_raise</li>
<li><a
href="db9a3f243e"><code>db9a3f2</code></a>
fix unnecessary raise</li>
<li><a
href="5b7a0757d5"><code>5b7a075</code></a>
update changelog</li>
<li><a
href="d3eb849c9f"><code>d3eb849</code></a>
update for Elixir 1.17</li>
<li>See full diff in <a
href="https://github.com/riverrun/argon2_elixir/compare/v4.0.0...v4.1.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [phoenix_html](https://github.com/phoenixframework/phoenix_html)
from 4.2.0 to 4.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/phoenixframework/phoenix_html/blob/main/CHANGELOG.md">phoenix_html's
changelog</a>.</em></p>
<blockquote>
<h2>4.2.1 (2025-02-21)</h2>
<ul>
<li>Enhancements
<ul>
<li>Add type to <code>Phoenix.HTML.FormField</code></li>
<li>Allow keyword lists in options to use nil as key/value</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="71430c1d32"><code>71430c1</code></a>
Release v4.2.1</li>
<li><a
href="1a9341e931"><code>1a9341e</code></a>
Expand documentation of options_for_select (<a
href="https://redirect.github.com/phoenixframework/phoenix_html/issues/460">#460</a>)</li>
<li><a
href="0d15b13c78"><code>0d15b13</code></a>
Update ci.yml (<a
href="https://redirect.github.com/phoenixframework/phoenix_html/issues/459">#459</a>)</li>
<li><a
href="1bea177dfb"><code>1bea177</code></a>
Add type to Phoenix.HTML.FormField (<a
href="https://redirect.github.com/phoenixframework/phoenix_html/issues/458">#458</a>)</li>
<li><a
href="0a11e96826"><code>0a11e96</code></a>
Merge pull request <a
href="https://redirect.github.com/phoenixframework/phoenix_html/issues/457">#457</a>
from phoenixframework/sd-makeup-syntect</li>
<li><a
href="7ccce864f5"><code>7ccce86</code></a>
use makeup_syntect for highlighting JS (and diff)</li>
<li><a
href="9007635b14"><code>9007635</code></a>
Allow keyword list options to use nil as key and/or value (<a
href="https://redirect.github.com/phoenixframework/phoenix_html/issues/456">#456</a>)</li>
<li><a
href="df2a3f6352"><code>df2a3f6</code></a>
Update ExDoc</li>
<li>See full diff in <a
href="https://github.com/phoenixframework/phoenix_html/compare/v4.2.0...v4.2.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Instead of crashing, it would make sense to log these and let the
connected entity maintain its WebSocket connection.
This should never happen in practice if we maintain our version
compatibility matrix properly, but it will help reduce the blast radius
of a channel message bug that happens to slip out into the wild.
Fixes#4679
