mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-28 02:18:50 +00:00
8e8beae96b8eea318aba00ebb4e0147d9c895f13
1947 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jamil
|
7e231c6b10 | chore: Release Android 1.4.1 (#7911) | ||
|
Thomas Eizinger
|
f5779ff921 |
chore: release Gateway, headless-client and GUI client (#7903)
This bumps the versions of Gateway, headless-client and the GUI client as well as updates the respective changelogs. These have been released today: - https://github.com/firezone/firezone/releases/tag/gui-client-1.4.1 - https://github.com/firezone/firezone/releases/tag/gateway-1.4.3 - https://github.com/firezone/firezone/releases/tag/headless-client-1.4.1 It is all done in one PR to avoid merge conflicts within the updates of the Makefile. |
||
|
Thomas Eizinger
|
416e320319 |
revert: bump netlink-packet-route and rtnetlink (#7899)
Reverts: #6694 Related: https://github.com/rust-netlink/netlink-packet-route/issues/140 |
||
|
dependabot[bot]
|
0779757646 |
build(deps): netlink-packet-route and rtnetlink (#6694)
`rtnetlink` has some breaking changes in their latest version. To avoid waiting until they actually cut a release, we temporarily depend on their `main` branch. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Thomas Eizinger
|
3daac8730f |
fix(connlib): limit batch size on mobile platforms to 25 (#7889)
The batch size effects how many packets we process one at a time. It also effects the worst-case size of a single buffer as all packets may be of the same size and thus need to be appended to the same buffer. On mobile, we can't afford to allocate all of these so we reduce the batch-size there. |
||
|
Thomas Eizinger
|
6789b0b377 |
fix(connlib): always return buffers to pool after sending (#7891)
Within the `GsoQueue` data structure, we keep a hash map indexed by source, destination and segment length of UDP packets pointing to a buffer for those payloads. What we intended to do here is to return the buffer to the pool after we sent the payload. What we failed to realise is that putting another buffer into the hash map means we have a buffer allocated for a certain destination address and segment length! This buffer would only get reused for the exact same address and segment length, causing memory usage to balloon over time. To fix this, we wrap the `DatagramBuffer` in an additional `Option`. This allows us to actually remove it from the hash map and return the buffer for future use to the buffer pool. Resolves: #7866. Resolves: #7747. |
||
|
Thomas Eizinger
|
c6492d4832 |
fix(rust): don't start all log files with connlib. (#7853)
At present, the file logger for all Rust code starts each logfile with `connlib.`. This is very confusing when exporting the logs from the GUI client because even the logs from the client itself will start with `connlib.`. To fix this, we make the base file name of the log file configurable. |
||
|
Thomas Eizinger
|
3887a7b690 |
fix(connlib): don't pull new GSO buffer unless we need it (#7888)
When we are queuing a new UDP payload for sending, we always immediately pulled a new buffer even though we might already have on allocated for this particular segment length. This causes an unnecessary spike in memory when we are under load. |
||
|
Thomas Eizinger
|
6188efd1e6 |
refactor(gateway): improve logging for filtered traffic (#7887)
When the Gateway's filter-engine drops a packet, we currently only log "destination not allowed". This could happen either because we don't have a filter (i.e. the resource is not allowed) or because the TCP / UDP port or ICMP traffic is not allowed. To make debugging easier, we now include that information in the error message. Resolves: #7875. |
||
|
Thomas Eizinger
|
a5086af352 |
chore(rust): remove JSON logging (#7854)
Nobody looks at these logs, writing them uses unnecessary CPU + storage on users devices. It also means we have 1 background thread less because we need one less non-blocking writer. |
||
|
Thomas Eizinger
|
e78ef04e6c |
chore(snownet): don't log missing attribute for binding requests (#7852)
STUN binding requests & responses are not authenticated on purpose because they are so easy to fulfill that having to perform the computational work to check the authentication is more work than actually just sending the request. With #7819, we send STUN binding requests more often because they are used as keep-alives to the relay. This spams the debug log because we see > Message does not have a `MessageIntegrity` attribute for every BINDING response. This information isn't interesting for BINDING responses because those will never have a `MessageIntegrity` attribute. |
||
|
Thomas Eizinger
|
88c3e228ba |
feat(snownet): log which packets resume a connection (#7850)
In order to debug connection wake-ups, it is useful to know, which
packet is the first one that gets sent on an idle connection. With this
PR, we do exactly that for incoming and outgoing packets through the
tunnel. The resulting log looks something like this:
```
2025-01-24T02:52:51.818Z DEBUG snownet::node: Connection is idle cid=65f149ea-96a4-4eee-ac70-62a1a2590821
2025-01-24T02:52:57.312Z DEBUG firezone_tunnel::client: Cleared DNS resource NAT domain=speed.cloudflare.com
2025-01-24T02:52:57.312Z DEBUG firezone_tunnel::client: Setting up DNS resource NAT gid=65f149ea-96a4-4eee-ac70-62a1a2590821 domain=speed.cloudflare.com
2025-01-24T02:52:57.312Z DEBUG snownet::node: Connection resumed packet=Packet { src: ::, dst: ::, protocol: "Reserved" } cid=65f149ea-96a4-4eee-ac70-62a1a2590821
```
Here, the connection got resumed because we locally received a DNS query
for a DNS resource which triggers a new control protocol message through
the tunnel. For this, we use the unspecified IPv6 address for src and
dst and the 0x255 protocol identifier which here renders as "Reserved".
|
||
|
Thomas Eizinger
|
e2b48561d1 |
fix(gui-client): don't fail on missing update-desktop-database (#7822)
Currently the GUI Client exits if `update-desktop-database` cannot be executed after deep-links were registered. On non-Ubuntu systems (or more generally non-Debian) this will fail since the command does not exist and prevent the GUI Client from starting. This PR just ignores any command-not-found error, ensuring the command still has to succeed on Debian/Ubuntu machines. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: oddlama <oddlama@oddlama.org> |
||
|
Thomas Eizinger
|
71b1edfb70 |
test(connlib): fix race condition of WireGuard handshakes (#7839)
The committed regression seeds trigger a scenario where the WireGuard sessions of the peers expire in a way where by the time the Client sends the packet, it is still active (179.xx seconds old) and with the latency to the Gateway, the 180s mark is reached and the Gateway clears the session and discards the packet as a result. In order to fix this, I opted to patch WireGuard by introducing a new timer that does not allow the initiator to use a session that is almost expired: https://github.com/firezone/boringtun/pull/68. Resolves: #7832. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Jamil
|
1e5599e5fc |
refactor(connlib): only log actual updates to the allocation (#7826)
With #7819, these log messages appear at a ~10x higher rate than before - a day's worth of these would be over 3,000 messages. For BINDING requests, these only matter if the candidates change, therefore we can make the logging conditional to that. --------- Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Thomas Eizinger
|
8c11d9b728 |
chore(rust): fmt Cargo.toml (#7848)
Unfortunately, we don't have a formatter for the manifest other than sorting the dependencies alphabetically so some things need to be taken care of manually. |
||
|
Thomas Eizinger
|
e2c1ef8f09 |
chore: remove WireGuard keepalive (#7840)
Contrary to my prior belief, we don't actually need the WireGuard _persistent_ keep-alive. The in-built timers from WireGuard will automatically send keep-alive messages in case no organic reply is sent for a particular request. All NAT bindings along the network path are already kept open using the STUN bindings sent on all candidate pairs. Even on idle connections, we send those every 60s. Well-behaved NATs are meant to keep confirmed UDP bindings open for at least 120s. Even if not, the worst-case here is that a connection which does not send any(!) application traffic is cut. |
||
|
Thomas Eizinger
|
f10f29c03b | refactor(connlib): only log cleared nat status if we do (#7841) | ||
|
dependabot[bot]
|
c13a5de770 |
build(deps-dev): Bump vite from 6.0.7 to 6.0.9 in /rust/gui-client in the npm_and_yarn group (#7828)
Bumps the npm_and_yarn group in /rust/gui-client with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.0.7 to 6.0.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v6.0.9</h2> <p>This version contains a breaking change due to security fixes. See <a href="https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6">https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6</a> for more details.</p> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.0.9/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.0.8</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.0.8/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->6.0.9 (2025-01-20)<!-- raw HTML omitted --></h2> <ul> <li>fix!: check host header to prevent DNS rebinding attacks and introduce <code>server.allowedHosts</code> (<a href=" |
||
|
Jamil
|
83102c7cc8 |
fix: Add openssl-dev build req to rust Dockerfile (#7824)
#7808 introduced a minor bug that prevented the rust Docker images from building locally, in `debug` builds. Adding `openssl-dev` to the builder's container fixes the issue. ``` cargo:warning=Could not find directory of OpenSSL installation, and this `-sys` crate cannot proceed without this knowledge. If OpenSSL is installed and this crate had trouble finding it, you can set the `OPENSSL_DIR` environment variable for the compilation process. See stderr section below for further information. ``` |
||
|
Jamil
|
ac77fc7ab0 |
fix(dev): Update tokens in local docker dev env (#7825)
These have drifted and are no longer working, so they've been updated from a fresh `mix ecto.seed` output. |
||
|
Jamil
|
0dcde7ffee |
fix(connlib): Filter 'dual socket' log for keepalives (#7827)
#7819 triggers this log every 25s which isn't exactly describing the correct condition any longer. This PR updates the log to only fire when we're determining which socket to use for communicating with the Relay, and not at each keepalive interval. |
||
|
Thomas Eizinger
|
e50b719d5c |
refactor(headless-client): remove FIREZONE_TOKEN CLI arg (#7770)
The current CLI of the headless-client allows passing the token as a positional parameter in addition to an env variable. This can be very confusing if you make a spelling error in the _command_ that you are trying to pass to the CLI, i.e. `standalone`. A misspelled command will be interpreted as the token to use to connect to the portal without any warning that it is similar to a command. The env variable `FIREZONE_TOKEN` is completely ignored in that case. To fix this, we remove the ability to pass the token via stdin. The token should instead be set via en env variable or read from a file at `FIREZONE_TOKEN_PATH`. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
8c2d15b8d7 |
fix(snownet): implement STUN keepalive with relays (#7819)
Firezone Clients and Gateways create an allocation with a given set of Relays as soon as they start up. If no traffic is being secured and thus no connections are established between them, NAT bindings between Clients / Gateways and the Relays may expire. Typically, these bindings last for 120s. Allocations are only refreshed every 5 min (after 50% of their lifetime has passed). After a NAT binding is expired, the next UDP message passing through the NAT may allocate a new port, thus changing the 3-tuple of the sender. TURN identifies clients by their 3-tuple. Therefore, without a proactive keepalive, TURN clients lose access to their allocation and need to create one under the new port. To fix this, we implement a scheduled STUN binding request every 25s once we have chosen a socket (IPv4 or IPv6) for a given relay. Resolves: #7802. |
||
|
Thomas Eizinger
|
b568592e52 |
fix: avoid spurious rekey in boringtun (#7767)
For a while now, I've known that `boringtun` may perform spurious rekeys but I didn't fully understand why. After spending some time refactoring the internals of `boringtun` and re-reading the whitepaper, I know understand the reason. https://github.com/firezone/boringtun/pull/66 fixes the problem. The proptests have since also discovered the same issue: https://github.com/firezone/firezone/actions/runs/12790301854/job/35655764072. |
||
|
dependabot[bot]
|
fd02340ed4 |
build(deps): Bump rustls from 0.23.19 to 0.23.21 in /rust (#7810)
Bumps [rustls](https://github.com/rustls/rustls) from 0.23.19 to 0.23.21. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bd17ff8e7b |
build(deps): Bump tauri from 2.2.2 to 2.2.3 in /rust in the tauri group (#7809)
Bumps the tauri group in /rust with 1 update: [tauri](https://github.com/tauri-apps/tauri). Updates `tauri` from 2.2.2 to 2.2.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri-cli v2.2.3</h2> <!-- raw HTML omitted --> <pre><code>Updating git repository `https://github.com/tauri-apps/schemars.git` Updating crates.io index Locking 1051 packages to latest compatible versions Adding apple-codesign v0.27.0 (available: v0.29.0) Adding axum v0.7.9 (available: v0.8.1) Adding colored v2.2.0 (available: v3.0.0) Adding html5ever v0.26.0 (available: v0.29.0) Adding itertools v0.13.0 (available: v0.14.0) Adding minisign v0.7.3 (available: v0.7.9) Adding notify v7.0.0 (available: v8.0.0) Adding notify-debouncer-full v0.4.0 (available: v0.5.0) Adding oxc_allocator v0.36.0 (available: v0.44.0) Adding oxc_ast v0.36.0 (available: v0.44.0) Adding oxc_parser v0.36.0 (available: v0.44.0) Adding oxc_span v0.36.0 (available: v0.44.0) Adding proc-macro-crate v2.0.0 (available: v2.0.2) Adding serialize-to-javascript v0.1.1 (available: v0.1.2) Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2) Adding specta v2.0.0-rc.20 (available: v2.0.0-rc.21) Adding specta-macros v2.0.0-rc.17 (available: v2.0.0-rc.18) Adding specta-util v0.0.7 (available: v0.0.8) Adding tauri-utils v1.6.0 (available: v1.6.1) Adding tiny_http v0.11.0 (available: v0.12.0) Adding windows v0.58.0 (available: v0.59.0) Adding x509-certificate v0.23.1 (available: v0.24.0) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 724 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1076 crate dependencies) Crate: atk Version: 0.18.2 Warning: unmaintained Title: gtk-rs GTK3 bindings - no longer maintained Date: 2024-03-04 ID: RUSTSEC-2024-0413 URL: https://rustsec.org/advisories/RUSTSEC-2024-0413 Dependency tree: atk 0.18.2 └── gtk 0.18.2 ├── wry 0.48.0 │ └── tauri-runtime-wry 2.3.0 │ └── tauri 2.2.1 │ ├── tauri-plugin-sample 0.1.0 │ │ └── api 0.1.0 │ ├── tauri-plugin-log 2.2.0 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
96e68bc64e |
fix: enable tauri's native-tls feature to fix offline builds (#7808)
Resolves: #7799. --------- Co-authored-by: oddlama <oddlama@oddlama.org> |
||
|
Thomas Eizinger
|
943dbf9712 |
test(connlib): assert resource status as part of tunnel_test (#7772)
In order to ensure that the "site status" in the UIs is always up-to-date, we model the resource status as part of `tunnel_test`. This should cover even the most bizarre combinations of adding, removing, disabling and enabling resources interleaved with sending packets, resetting connections etc. Fixes: #7761. |
||
|
Thomas Eizinger
|
14ed7c40cb |
test(windows): increase grace-period for timer Io timer (#7821)
Windows' timer granularity isn't as good as the one from Unix platforms. To ensure this test isn't flaky, we increase the grace-period for Windows runners. See https://github.com/firezone/firezone/actions/runs/12862968520/job/35858749736?pr=7808. |
||
|
Jamil
|
6670741dee |
chore: Bump apple clients to 1.4.0 (#7785)
Bumps Apple clients to the 1.4.0 release. They're already live. |
||
|
dependabot[bot]
|
bd4ae08a79 |
build(deps): Bump serde_json from 1.0.133 to 1.0.135 in /rust (#7792)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.133 to 1.0.135. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.135</h2> <ul> <li>Add serde_json::Map::into_values method (<a href="https://redirect.github.com/serde-rs/json/issues/1226">#1226</a>, thanks <a href="https://github.com/tisonkun"><code>@tisonkun</code></a>)</li> </ul> <h2>v1.0.134</h2> <ul> <li>Add <code>RawValue</code> associated constants for literal <code>null</code>, <code>true</code>, <code>false</code> (<a href="https://redirect.github.com/serde-rs/json/issues/1221">#1221</a>, thanks <a href="https://github.com/bheylin"><code>@bheylin</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0e6b811902 |
build(deps): Bump reqwest from 0.12.8 to 0.12.9 in /rust (#7793)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.12.8 to 0.12.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/releases">reqwest's releases</a>.</em></p> <blockquote> <h2>v0.12.9</h2> <h2>What's Changed</h2> <ul> <li>Add <code>tls::CertificateRevocationLists</code> support (by <a href="https://github.com/ksenia-vazhdaeva"><code>@ksenia-vazhdaeva</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2433">seanmonstar/reqwest#2433</a>)</li> <li>Add crate features to enable webpki roots without selecting a rustls provider (by <a href="https://github.com/stevefan1999-personal"><code>@stevefan1999-personal</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2447">seanmonstar/reqwest#2447</a>)</li> <li>Fix <code>multipart::Part::file()</code> to automatically include content-length (by <a href="https://github.com/Mr-Pine"><code>@Mr-Pine</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2459">seanmonstar/reqwest#2459</a>)</li> <li>Fix proxy to internally no longer cache system proxy settings (by <a href="https://github.com/lanyeeee"><code>@lanyeeee</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2442">seanmonstar/reqwest#2442</a>)</li> <li>Fix <code>connection_verbose()</code> to output read logs (by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2454">seanmonstar/reqwest#2454</a>)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lanyeeee"><code>@lanyeeee</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2442">seanmonstar/reqwest#2442</a></li> <li><a href="https://github.com/ksenia-vazhdaeva"><code>@ksenia-vazhdaeva</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2433">seanmonstar/reqwest#2433</a></li> <li><a href="https://github.com/Mr-Pine"><code>@Mr-Pine</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2459">seanmonstar/reqwest#2459</a></li> <li><a href="https://github.com/stevefan1999-personal"><code>@stevefan1999-personal</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2447">seanmonstar/reqwest#2447</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.8...v0.12.9">https://github.com/seanmonstar/reqwest/compare/v0.12.8...v0.12.9</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's changelog</a>.</em></p> <blockquote> <h2>v0.12.9</h2> <ul> <li>Add <code>tls::CertificateRevocationLists</code> support.</li> <li>Add crate features to enable webpki roots without selecting a rustls provider.</li> <li>Fix <code>connection_verbose()</code> to output read logs.</li> <li>Fix <code>multipart::Part::file()</code> to automatically include content-length.</li> <li>Fix proxy to internally no longer cache system proxy settings.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
ce2de2ec8d |
build(deps): Bump tauri from 2.2.1 to 2.2.2 in /rust in the tauri group (#7776)
Bumps the tauri group in /rust with 1 update: [tauri](https://github.com/tauri-apps/tauri). Updates `tauri` from 2.2.1 to 2.2.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri-cli v2.2.2</h2> <!-- raw HTML omitted --> <pre><code>Updating git repository `https://github.com/tauri-apps/schemars.git` Updating crates.io index Locking 1041 packages to latest compatible versions Adding apple-codesign v0.27.0 (available: v0.29.0) Adding axum v0.7.9 (available: v0.8.1) Adding cargo_toml v0.17.2 (available: v0.21.0) Adding html5ever v0.26.0 (available: v0.29.0) Adding hyper v0.14.32 (available: v1.5.2) Adding itertools v0.13.0 (available: v0.14.0) Adding minisign v0.7.3 (available: v0.7.9) Adding oxc_allocator v0.36.0 (available: v0.44.0) Adding oxc_ast v0.36.0 (available: v0.44.0) Adding oxc_parser v0.36.0 (available: v0.44.0) Adding oxc_span v0.36.0 (available: v0.44.0) Adding proc-macro-crate v2.0.0 (available: v2.0.2) Adding serialize-to-javascript v0.1.1 (available: v0.1.2) Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2) Adding tauri-utils v1.6.0 (available: v1.6.1) Adding tiny_http v0.11.0 (available: v0.12.0) Adding x509-certificate v0.23.1 (available: v0.24.0) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 724 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1066 crate dependencies) Crate: atk Version: 0.18.2 Warning: unmaintained Title: gtk-rs GTK3 bindings - no longer maintained Date: 2024-03-04 ID: RUSTSEC-2024-0413 URL: https://rustsec.org/advisories/RUSTSEC-2024-0413 Dependency tree: atk 0.18.2 └── gtk 0.18.2 ├── wry 0.48.0 │ └── tauri-runtime-wry 2.3.0 │ └── tauri 2.2.0 │ ├── tauri-plugin-sample 0.1.0 │ │ └── api 0.1.0 │ ├── tauri-plugin-log 2.2.0 │ │ └── api 0.1.0 │ ├── tauri-file-associations-demo 0.1.0 │ ├── tauri 2.2.0 │ ├── restart 0.1.0 │ ├── resources 0.1.0 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
81cbaefc84 |
build(deps): Bump glob from 0.3.1 to 0.3.2 in /rust (#7779)
Bumps [glob](https://github.com/rust-lang/glob) from 0.3.1 to 0.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/glob/releases">glob's releases</a>.</em></p> <blockquote> <h2>v0.3.2</h2> <h2>What's Changed</h2> <ul> <li>Add fs::symlink_metadata to detect broken symlinks by <a href="https://github.com/kyoheiu"><code>@kyoheiu</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/105">rust-lang/glob#105</a></li> <li>Add support for windows verbatim disk paths by <a href="https://github.com/nico-abram"><code>@nico-abram</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/112">rust-lang/glob#112</a></li> <li>Respect <code>require_literal_leading_dot</code> option in <code>glob_with</code> method for path components by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/128">rust-lang/glob#128</a></li> <li>Harden tests for symlink by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/127">rust-lang/glob#127</a></li> <li>Remove "extern crate" directions from README by <a href="https://github.com/zmitchell"><code>@zmitchell</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/131">rust-lang/glob#131</a></li> <li>Add FIXME for tempdir by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/126">rust-lang/glob#126</a></li> <li>Cache information about file type by <a href="https://github.com/Kobzol"><code>@Kobzol</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/135">rust-lang/glob#135</a></li> <li>Document the behaviour of ** with files by <a href="https://github.com/Wilfred"><code>@Wilfred</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/138">rust-lang/glob#138</a></li> <li>Add dependabot by <a href="https://github.com/oriontvv"><code>@oriontvv</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/139">rust-lang/glob#139</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/140">rust-lang/glob#140</a></li> <li>Check only (no longer test) at the MSRV by <a href="https://github.com/tgross35"><code>@tgross35</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/151">rust-lang/glob#151</a></li> <li>Add release-plz for automated releases by <a href="https://github.com/tgross35"><code>@tgross35</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/150">rust-lang/glob#150</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/kyoheiu"><code>@kyoheiu</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/105">rust-lang/glob#105</a></li> <li><a href="https://github.com/nico-abram"><code>@nico-abram</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/112">rust-lang/glob#112</a></li> <li><a href="https://github.com/zmitchell"><code>@zmitchell</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/131">rust-lang/glob#131</a></li> <li><a href="https://github.com/Kobzol"><code>@Kobzol</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/135">rust-lang/glob#135</a></li> <li><a href="https://github.com/Wilfred"><code>@Wilfred</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/138">rust-lang/glob#138</a></li> <li><a href="https://github.com/oriontvv"><code>@oriontvv</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/139">rust-lang/glob#139</a></li> <li><a href="https://github.com/dependabot"><code>@dependabot</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/140">rust-lang/glob#140</a></li> <li><a href="https://github.com/tgross35"><code>@tgross35</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/151">rust-lang/glob#151</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/glob/compare/0.3.1...v0.3.2">https://github.com/rust-lang/glob/compare/0.3.1...v0.3.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/glob/blob/master/CHANGELOG.md">glob's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/rust-lang/glob/compare/v0.3.1...v0.3.2">0.3.2</a> - 2024-12-28</h2> <h2>What's Changed</h2> <ul> <li>Add fs::symlink_metadata to detect broken symlinks by <a href="https://github.com/kyoheiu"><code>@kyoheiu</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/105">rust-lang/glob#105</a></li> <li>Add support for windows verbatim disk paths by <a href="https://github.com/nico-abram"><code>@nico-abram</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/112">rust-lang/glob#112</a></li> <li>Respect <code>require_literal_leading_dot</code> option in <code>glob_with</code> method for path components by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/128">rust-lang/glob#128</a></li> <li>Harden tests for symlink by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/127">rust-lang/glob#127</a></li> <li>Remove "extern crate" directions from README by <a href="https://github.com/zmitchell"><code>@zmitchell</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/131">rust-lang/glob#131</a></li> <li>Add FIXME for tempdir by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/126">rust-lang/glob#126</a></li> <li>Cache information about file type by <a href="https://github.com/Kobzol"><code>@Kobzol</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/135">rust-lang/glob#135</a></li> <li>Document the behaviour of ** with files by <a href="https://github.com/Wilfred"><code>@Wilfred</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/138">rust-lang/glob#138</a></li> <li>Add dependabot by <a href="https://github.com/oriontvv"><code>@oriontvv</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/139">rust-lang/glob#139</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/140">rust-lang/glob#140</a></li> <li>Check only (no longer test) at the MSRV by <a href="https://github.com/tgross35"><code>@tgross35</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/151">rust-lang/glob#151</a></li> <li>Add release-plz for automated releases by <a href="https://github.com/tgross35"><code>@tgross35</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/150">rust-lang/glob#150</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/kyoheiu"><code>@kyoheiu</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/105">rust-lang/glob#105</a></li> <li><a href="https://github.com/nico-abram"><code>@nico-abram</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/112">rust-lang/glob#112</a></li> <li><a href="https://github.com/zmitchell"><code>@zmitchell</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/131">rust-lang/glob#131</a></li> <li><a href="https://github.com/Kobzol"><code>@Kobzol</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/135">rust-lang/glob#135</a></li> <li><a href="https://github.com/Wilfred"><code>@Wilfred</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/138">rust-lang/glob#138</a></li> <li><a href="https://github.com/oriontvv"><code>@oriontvv</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/139">rust-lang/glob#139</a></li> <li><a href="https://github.com/dependabot"><code>@dependabot</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/140">rust-lang/glob#140</a></li> <li><a href="https://github.com/tgross35"><code>@tgross35</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/151">rust-lang/glob#151</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/glob/compare/0.3.1...0.3.2">https://github.com/rust-lang/glob/compare/0.3.1...0.3.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d47a1fb633 |
build(deps): Bump env_logger from 0.11.5 to 0.11.6 in /rust (#7780)
Bumps [env_logger](https://github.com/rust-cli/env_logger) from 0.11.5 to 0.11.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-cli/env_logger/releases">env_logger's releases</a>.</em></p> <blockquote> <h2>v0.11.6</h2> <h2>[0.11.6] - 2024-12-20</h2> <h3>Features</h3> <ul> <li>Opt-in file and line rendering</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-cli/env_logger/blob/main/CHANGELOG.md">env_logger's changelog</a>.</em></p> <blockquote> <h2>[0.11.6] - 2024-12-20</h2> <h3>Features</h3> <ul> <li>Opt-in file and line rendering</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
081216a929 |
fix(connlib): don't drop unsent datagrams (#7768)
We introduced a regression in `connlib` in #7749 whereby queued but
unsent datagrams got dropped in case the socket was not ready to send
more data.
This happens because within `Io`, we pull each datagram one by one from
the iterator:
|
||
|
dependabot[bot]
|
e4cfe6d5a2 |
build(deps): Bump keyring from 3.4.0 to 3.6.1 in /rust (#7744)
Bumps [keyring](https://github.com/hwchen/keyring-rs) from 3.4.0 to 3.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hwchen/keyring-rs/releases">keyring's releases</a>.</em></p> <blockquote> <h2>v3.6.1: Update dependencies</h2> <p>Two of the dependencies (<code>openssl</code> and <code>whoami</code>) were discovered to have vulnerabilities which were fixed in minor or patch releases. This crate has been updated to insist that the minor/patch release number of these dependencies is high enough to ensure use of a patched version.</p> <p>There is no reason to think that the vulnerabilities in these dependencies could have been exercised through this crate. In addition, builds of clients done after the dependencies were patched would have already picked up the non-vulnerable versions. So this change is simply to ensure that future builds cannot use the vulnerable versions.</p> <p>There are no code changes in this release.</p> <h2>v3.6.0: Add new combination keystore</h2> <p>This release contains a new credential store for Linux: a combination of keyutils (for use by headless processes) and secret service (for persistence of credentials beyond reboot). Thanks very much to <a href="https://github.com/soywod"><code>@soywod</code></a> for the contribution!</p> <h2>v3.5.0: Add debug logging of internal operations</h2> <ul> <li>Add debug logging of internal operations (thanks to <a href="https://github.com/soywod"><code>@soywod</code></a>).</li> <li>Revert iOS security-framework dependency to v2 (see <a href="https://redirect.github.com/hwchen/keyring-rs/issues/225">#225</a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hwchen/keyring-rs/blob/master/CHANGELOG.md">keyring's changelog</a>.</em></p> <blockquote> <h2>Version 3.6.0</h2> <ul> <li>Add combination keystore of keyutils and secret service (thanks to <a href="https://github.com/soywod"><code>@soywod</code></a>).</li> </ul> <h2>Version 3.5.0</h2> <ul> <li>Add debug logging of internal operations (thanks to <a href="https://github.com/soywod"><code>@soywod</code></a>).</li> <li>Revert iOS security-framework dependency to v2 (see <a href="https://redirect.github.com/hwchen/keyring-rs/issues/225">#225</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
01c1e629d2 |
test(connlib): ensure that we never want a time in the past (#7760)
In #7758, we fix `connlib`s event-loop to always provide the current time to the state machine rather than the one that was requested (which may be in the past). Even though this is already fairly resilient, we should never request a time in the past. This patch adds this as an assertion to our test suite. |
||
|
Thomas Eizinger
|
1ebee00699 |
fix(connlib): prevent time from going backwards (#7758)
On a high level, `connlib` is a state machine that gets driven by a custom event-loop. For time-related actions, the state machine computes, when it would like to be woken next. The event-loop sets a timer for that value and emits this value when the timer fires. There is an edge-case where this may result in the time going backwards within the state machine. Specifically, if - for whatever reason - the state machine emits a time value that is in the past, the timer in the `Io` component will fire right away **but the `deadline` will point to the time in the past**. The only thing we are actually interested in is that the timer fires at all. Instead of passing back the deadline of the timer, we fetch the _current_ time and pass that back to the state machine as the current input. This ensures that we never jump back in time because Rust guarantees for calls to `Instant::now` to be monotonic. (https://doc.rust-lang.org/std/time/struct.Instant.html#:~:text=a%20measurement%20of%20a%20monotonically%20nondecreasing%20clock.) |
||
|
dependabot[bot]
|
17af9bc28f |
build(deps): Bump socket2 from 0.5.7 to 0.5.8 in /rust (#7743)
Bumps [socket2](https://github.com/rust-lang/socket2) from 0.5.7 to 0.5.8. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/socket2/blob/master/CHANGELOG.md">socket2's changelog</a>.</em></p> <blockquote> <h1>0.5.8</h1> <ul> <li>Added <code>Socket::(set_)header_included_v4</code> and <code>Socket::(set_)header_included_v6</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/518">rust-lang/socket2#518</a>).</li> <li>Added support for <code>Socket::original_dst</code> and <code>Socket::original_dst_ipv6</code> on Windows (<a href="https://redirect.github.com/rust-lang/socket2/pull/529">rust-lang/socket2#529</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/rust-lang/socket2/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
46795da7b6 |
build(deps): Bump the tauri group in /rust with 2 updates (#7741)
Bumps the tauri group in /rust with 2 updates: [tauri](https://github.com/tauri-apps/tauri) and [tauri-build](https://github.com/tauri-apps/tauri). Updates `tauri` from 2.2.0 to 2.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri-cli v2.2.1</h2> <!-- raw HTML omitted --> <pre><code>Updating git repository `https://github.com/tauri-apps/schemars.git` Updating crates.io index Locking 1040 packages to latest compatible versions Adding apple-codesign v0.27.0 (available: v0.29.0) Adding axum v0.7.9 (available: v0.8.1) Adding cargo_toml v0.17.2 (available: v0.21.0) Adding html5ever v0.26.0 (available: v0.29.0) Adding hyper v0.14.32 (available: v1.5.2) Adding itertools v0.13.0 (available: v0.14.0) Adding minisign v0.7.3 (available: v0.7.9) Adding oxc_allocator v0.36.0 (available: v0.44.0) Adding oxc_ast v0.36.0 (available: v0.44.0) Adding oxc_parser v0.36.0 (available: v0.44.0) Adding oxc_span v0.36.0 (available: v0.44.0) Adding proc-macro-crate v2.0.0 (available: v2.0.2) Adding serialize-to-javascript v0.1.1 (available: v0.1.2) Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2) Adding tauri-utils v1.6.0 (available: v1.6.1) Adding tiny_http v0.11.0 (available: v0.12.0) Adding which v4.4.2 (available: v7.0.1) Adding x509-certificate v0.23.1 (available: v0.24.0) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 722 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1065 crate dependencies) Crate: atk Version: 0.18.2 Warning: unmaintained Title: gtk-rs GTK3 bindings - no longer maintained Date: 2024-03-04 ID: RUSTSEC-2024-0413 URL: https://rustsec.org/advisories/RUSTSEC-2024-0413 Dependency tree: atk 0.18.2 └── gtk 0.18.2 ├── wry 0.48.0 │ └── tauri-runtime-wry 2.3.0 │ └── tauri 2.2.0 │ ├── tauri-plugin-sample 0.1.0 │ │ └── api 0.1.0 │ ├── tauri-plugin-log 2.2.0 │ │ └── api 0.1.0 │ ├── tauri-file-associations-demo 0.1.0 │ ├── tauri 2.2.0 │ ├── restart 0.1.0 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
b313f2a349 |
fix(connlib): don't spam if relay disconnects during ICE (#7750)
When `snownet` is tasked to establish a new connection, it first randomly samples one of its relays that is used as an additional source of candidates in case a direct connection is not possible. We (try to) maintain an allocation on each relay throughout the lifetime of a `connlib` session. In case a relay doesn't respond to the initial binding message at all (even after several retries), we consider the relay offline and remove all state associated to it. It is possible that we sampled a relay for use in a connection and only then realise that it is offline. In that case, we print a message to the log: > Selected relay disconnected during ICE; connection may fail The condition for when we print this log is: "we are in `Connecting` and the sampled relay does no longer exist". This results in log spam in case that condition is actually hit because no state is being changed as part of this check and thus, on the next call to `handle_timeout`, this condition is still true! To fix this, we change the `rid` field of `Connecting` to an `Option`. In case we detect that a relay is no longer present, we print the log and then clear the option. As a result, the log is only printed once. |
||
|
Thomas Eizinger
|
46cdbbcc23 |
fix(connlib): use a buffer pool for the GSO queue (#7749)
Within `connlib`, we read batches of IP packets and process them at once. Each encrypted packet is appended to a buffer shared with other packets of the same length. Once the batch is successfully processed, all of these buffers are written out using GSO to the network. This allows UDP operations to be much more efficient because not every packet has to traverse the entire syscall hierarchy of the operating system. Until now, these buffers got re-allocated on every batch. This is pretty wasteful and leads to a lot of repeated allocations. Measurements show that most of the time, we only have a handful of packets with different segments lengths _per batch_. For example, just booting up the headless-client and running a speedtest showed that only 5 of these buffers are were needed at one time. By introducing a buffer pool, we can reuse these buffers between batches and avoid reallocating them. Related: #7747. |
||
|
Thomas Eizinger
|
f5afea6f0d |
refactor(connlib): reset authorized resources on roaming (#7746)
When a Firezone client roams, the host app sends a "reset" command to `connlib`. At present, this "reset" command clears the network connection state and therefore restarts ICE. As part of that, the tunnel key also gets rotated yet which resources have already been authorized is retained. This isn't a problem per se because the client's identity is determined by the "Firezone ID" which persists even across restarts of a Client. For the Gateway however, a roamed Client and a restarted Client are indistinguishable as in both cases, the tunnel public key and ICE credentials change. Instead of only clearing the connection-specific state, we now also throw away all the ACL state that is associated with connections, i.e. which Resource already got authorized on the Gateway. As a result - with this change - Clients will emit another "connection intent" to the portal upon roaming, triggering a new authorization of this flow with a Gateway. There isn't any particular need for doing this except that lingering state can be a nasty source of bugs. With the now idempotent control protocol, it is pretty easy to re-request these authorisations. Overall, this makes `connlib` more resilient and easier to reason about. |
||
|
Thomas Eizinger
|
088273f009 |
feat(clients): reduce memory usage of background logger thread (#7748)
In order to not block the main thread, `connlib` uses a background thread to write log files to disk. By default, the channel with this background thread can hold 128_000 items (https://docs.rs/tracing-appender/latest/tracing_appender/non_blocking/constant.DEFAULT_BUFFERED_LINES_LIMIT.html). This results in a significant chunk of memory being allocated that we don't necessarily need. |
||
|
Thomas Eizinger
|
42bacad277 |
chore: remove Git-dependency on sentry (#7720)
|
||
|
Thomas Eizinger
|
7ece89b517 | chore: bump Rust to 1.84 (#7719) | ||
|
Thomas Eizinger
|
5f5007edb8 |
refactor(connlib): remove "known hosts" feature (#7723)
Ever since #7289, we no longer issue any DNS queries to `connlib` when we reconnect to the portal. Thus, the back-then conceived feature of "known hosts" that allowed us to resolve that DNS query without having an upstream receiver is no longer needed. |
||
|
Thomas Eizinger
|
dab6789c64 |
chore: remove Git-dependency on proptest (#7722)
|