mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
96e68bc64e9bc0643231befd46d5ea30d8d0ad07
6331 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Thomas Eizinger
|
96e68bc64e |
fix: enable tauri's native-tls feature to fix offline builds (#7808)
Resolves: #7799. --------- Co-authored-by: oddlama <oddlama@oddlama.org> |
||
|
Thomas Eizinger
|
943dbf9712 |
test(connlib): assert resource status as part of tunnel_test (#7772)
In order to ensure that the "site status" in the UIs is always up-to-date, we model the resource status as part of `tunnel_test`. This should cover even the most bizarre combinations of adding, removing, disabling and enabling resources interleaved with sending packets, resetting connections etc. Fixes: #7761. |
||
|
Thomas Eizinger
|
14ed7c40cb |
test(windows): increase grace-period for timer Io timer (#7821)
Windows' timer granularity isn't as good as the one from Unix platforms. To ensure this test isn't flaky, we increase the grace-period for Windows runners. See https://github.com/firezone/firezone/actions/runs/12862968520/job/35858749736?pr=7808. |
||
|
Jamil
|
787eac86ac |
fix(apple): Use Task.detached when loading sysex and vpn config (#7815)
When the app starts, we perform various checks in the `AppViewModel.init` which read and write to disk, which can potentially be slow (a few seconds), especially for busy rotational hard drives. These were performed inside a regular `Task` closure, but since AppViewModel is annotated `@MainActor`, that meant this Task blocked the main UI thread until the operations completed. In practice this wasn't an issue because it simply manifested as the app taking a couple seconds to launch under these conditions. We fix this by simply using a `Task.detached` which will run the operations on another thread. Now, the first window will pop up sooner and immediately show the `ProgressView()` (i.e. a loading spinner icon) until these operations complete. A few minor reorganizing of the `os()` macro was also performed because some of the variables now need to be `await`ed because they live on the main thread. refs #7798 |
||
|
Jamil
|
8e39a4140f |
fix(ci): Run PR title check on PR edit (#7817)
If the PR title violates the length check, editing it and re-running the job wouldn't fix it because the original title was still referenced. To fix this, we introduce a trigger for this check that runs specifically on PR edit. |
||
|
Jamil
|
8c9427b7b1 |
revert: Add tauri release build to CI (#7801)
Reverts the portion of #7795 that removed Tauri release builds from running in PRs. |
||
|
Jamil
|
4c5f72d53f |
fix(apple): Use Task.detached to open URLs (#7798)
Opening URLs using `NSWorkspace.shared.open(url)` (which potentially launches the browser) is a blocking operation on Apple platforms. This will cause the UI to hang if called from a UI thread, so we need to avoid that with a Task. |
||
|
Jamil
|
7d322d52db |
ci: Only upload Tauri builds on workflow_dispatch (#7795)
Similar to the Apple and Android clients, this PR updates the Linux and Windows GUI clients to upload to the GitHub drafted release on manual workflow triggers only. This should save a few minutes off `main` builds as the extra package testing steps will now be skipped there. Notably, the Gateway and Headless Client workflows are unchanged because (a) they are much faster to build / test and (b) we use the release builds for performance testing connlib, so we need them to run on `main`. |
||
|
Jamil
|
4cab2b5296 |
docs: Add support link to main README.md
Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
dependabot[bot]
|
01a90e3117 |
build(deps): Bump phoenix_ecto from 4.6.2 to 4.6.3 in /elixir (#7790)
Bumps [phoenix_ecto](https://github.com/phoenixframework/phoenix_ecto) from 4.6.2 to 4.6.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix_ecto/blob/main/CHANGELOG.md">phoenix_ecto's changelog</a>.</em></p> <blockquote> <h2>v4.6.3</h2> <ul> <li> <p>Enhancements</p> <ul> <li>Add prefix option to check repo status plug</li> </ul> </li> <li> <p>Bug fix</p> <ul> <li>Fix map.field notation warning on Elixir 1.17</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
3f3a908bd2 |
chore(portal): Bump opentelemetry versions (#7794)
Dependabot is having issues figuring out the opentelemetry bumps due to a [package pull](https://github.com/firezone/firezone/pull/7788), so this PR aims to alleviate that as a one-off fix. This bumps a few deps' major versions. Nothing jumped out at first glance when I reviewed the changelogs, but I figured we'll have a better idea when this goes out to staging since OTLP is basically disabled in dev/test. |
||
|
Brian Manifold
|
eea7079776 |
fix(portal): Catch seat limit error in API fallback controller (#7783)
Why:
* The fallback controller in the API was not catching `{:error,
:seat_limit_reached}` being returned and was then generating a 500
response when this happened. This commit adds the condition in the
fallback controller and adds a new template for a more specific error
message in the returned JSON.
|
||
|
Jamil
|
6670741dee |
chore: Bump apple clients to 1.4.0 (#7785)
Bumps Apple clients to the 1.4.0 release. They're already live. |
||
|
dependabot[bot]
|
9ae9f7e341 |
build(deps): Bump phoenix_html from 4.1.1 to 4.2.0 in /elixir (#7789)
Bumps [phoenix_html](https://github.com/phoenixframework/phoenix_html) from 4.1.1 to 4.2.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix_html/blob/main/CHANGELOG.md">phoenix_html's changelog</a>.</em></p> <blockquote> <h2>4.2.0 (2024-12-28)</h2> <ul> <li> <p>Enhancements</p> <ul> <li>Add <code>Phoenix.HTML.css_escape/1</code> to escape strings for use inside CSS selectors</li> <li>Add the ability to pass <code>:hr</code> to <code>options_for_select/2</code> to render a horizontal rule</li> </ul> </li> <li> <p>Bug fixes</p> <ul> <li>Pass form action through in FormData implementation</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bd4ae08a79 |
build(deps): Bump serde_json from 1.0.133 to 1.0.135 in /rust (#7792)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.133 to 1.0.135. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.135</h2> <ul> <li>Add serde_json::Map::into_values method (<a href="https://redirect.github.com/serde-rs/json/issues/1226">#1226</a>, thanks <a href="https://github.com/tisonkun"><code>@tisonkun</code></a>)</li> </ul> <h2>v1.0.134</h2> <ul> <li>Add <code>RawValue</code> associated constants for literal <code>null</code>, <code>true</code>, <code>false</code> (<a href="https://redirect.github.com/serde-rs/json/issues/1221">#1221</a>, thanks <a href="https://github.com/bheylin"><code>@bheylin</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0e6b811902 |
build(deps): Bump reqwest from 0.12.8 to 0.12.9 in /rust (#7793)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.12.8 to 0.12.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/releases">reqwest's releases</a>.</em></p> <blockquote> <h2>v0.12.9</h2> <h2>What's Changed</h2> <ul> <li>Add <code>tls::CertificateRevocationLists</code> support (by <a href="https://github.com/ksenia-vazhdaeva"><code>@ksenia-vazhdaeva</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2433">seanmonstar/reqwest#2433</a>)</li> <li>Add crate features to enable webpki roots without selecting a rustls provider (by <a href="https://github.com/stevefan1999-personal"><code>@stevefan1999-personal</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2447">seanmonstar/reqwest#2447</a>)</li> <li>Fix <code>multipart::Part::file()</code> to automatically include content-length (by <a href="https://github.com/Mr-Pine"><code>@Mr-Pine</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2459">seanmonstar/reqwest#2459</a>)</li> <li>Fix proxy to internally no longer cache system proxy settings (by <a href="https://github.com/lanyeeee"><code>@lanyeeee</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2442">seanmonstar/reqwest#2442</a>)</li> <li>Fix <code>connection_verbose()</code> to output read logs (by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2454">seanmonstar/reqwest#2454</a>)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lanyeeee"><code>@lanyeeee</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2442">seanmonstar/reqwest#2442</a></li> <li><a href="https://github.com/ksenia-vazhdaeva"><code>@ksenia-vazhdaeva</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2433">seanmonstar/reqwest#2433</a></li> <li><a href="https://github.com/Mr-Pine"><code>@Mr-Pine</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2459">seanmonstar/reqwest#2459</a></li> <li><a href="https://github.com/stevefan1999-personal"><code>@stevefan1999-personal</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2447">seanmonstar/reqwest#2447</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.8...v0.12.9">https://github.com/seanmonstar/reqwest/compare/v0.12.8...v0.12.9</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's changelog</a>.</em></p> <blockquote> <h2>v0.12.9</h2> <ul> <li>Add <code>tls::CertificateRevocationLists</code> support.</li> <li>Add crate features to enable webpki roots without selecting a rustls provider.</li> <li>Fix <code>connection_verbose()</code> to output read logs.</li> <li>Fix <code>multipart::Part::file()</code> to automatically include content-length.</li> <li>Fix proxy to internally no longer cache system proxy settings.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3bb97c4513 |
build(deps): Bump floki from 0.36.3 to 0.37.0 in /elixir (#7787)
Bumps [floki](https://github.com/philss/floki) from 0.36.3 to 0.37.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/philss/floki/releases">floki's releases</a>.</em></p> <blockquote> <h2>v0.37.0</h2> <h2>Added</h2> <ul> <li>Add <a href="https://hexdocs.pm/floki/0.37.0/Floki.html#css_escape/1"><code>Floki.css_escape/1</code></a> - thanks <a href="https://github.com/SteffenDE"><code>@SteffenDE</code></a>.</li> </ul> <h2>Fixed</h2> <ul> <li>Fix bug propagating identity encoder in <code>raw_html/2</code> - thanks <a href="https://github.com/andyleclair"><code>@andyleclair</code></a>.</li> </ul> <h2>Removed</h2> <ul> <li>Remove support for Elixir 1.13 and OTP 22.</li> </ul> <h2>Pull requests</h2> <ul> <li>Drop support for Elixir 1.13 by <a href="https://github.com/philss"><code>@philss</code></a> in <a href="https://redirect.github.com/philss/floki/pull/595">philss/floki#595</a></li> <li>Bump credo from 1.7.8 to 1.7.9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/philss/floki/pull/596">philss/floki#596</a></li> <li>Bump credo from 1.7.9 to 1.7.10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/philss/floki/pull/597">philss/floki#597</a></li> <li>Bump fast_html from 2.3.0 to 2.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/philss/floki/pull/599">philss/floki#599</a></li> <li>Bump dialyxir from 1.4.4 to 1.4.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/philss/floki/pull/600">philss/floki#600</a></li> <li>Bump ex_doc from 0.34.2 to 0.35.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/philss/floki/pull/602">philss/floki#602</a></li> <li>Fix bug propagating identity encoder in <code>raw_html/2</code> by <a href="https://github.com/andyleclair"><code>@andyleclair</code></a> in <a href="https://redirect.github.com/philss/floki/pull/603">philss/floki#603</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/andyleclair"><code>@andyleclair</code></a> made their first contribution in <a href="https://redirect.github.com/philss/floki/pull/603">philss/floki#603</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/philss/floki/compare/v0.36.3...v0.37.0">https://github.com/philss/floki/compare/v0.36.3...v0.37.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/philss/floki/blob/main/CHANGELOG.md">floki's changelog</a>.</em></p> <blockquote> <h2>[0.37.0] - 2024-12-06</h2> <h3>Added</h3> <ul> <li>Add <code>Floki.css_escape/1</code> - thanks <a href="https://github.com/SteffenDE"><code>@SteffenDE</code></a>.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix bug propagating identity encoder in <code>raw_html/2</code> - thanks <a href="https://github.com/andyleclair"><code>@andyleclair</code></a>.</li> </ul> <h3>Removed</h3> <ul> <li>Remove support for Elixir 1.13 and OTP 22.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0b2fdac500 |
build(deps-dev): Bump dialyxir from 1.4.3 to 1.4.5 in /elixir (#7786)
Bumps [dialyxir](https://github.com/jeremyjh/dialyxir) from 1.4.3 to 1.4.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jeremyjh/dialyxir/releases">dialyxir's releases</a>.</em></p> <blockquote> <h2>1.4.5</h2> <h3>Fixed</h3> <ul> <li>Crash when default ignore file missing and custom file specified</li> <li>Revert format option ignore_file_string to ignore_file_strict</li> </ul> <h2>1.4.4</h2> <h3>Fixed</h3> <ul> <li>Invalid contract formatting failed on OTP 26 & later.</li> <li>Empty ignore files are ignored.</li> <li>Several improvements and corrections to documentation.</li> </ul> <h3>Changed</h3> <ul> <li>Updated Erlex minimum version to 0.27, bringing in several fixes and improvements.</li> </ul> <h3>Added</h3> <ul> <li>Multiple formatters can be used in the same invocation.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jeremyjh/dialyxir/blob/master/CHANGELOG.md">dialyxir's changelog</a>.</em></p> <blockquote> <h2>Unreleased changes post [1.4.5]</h2> <h2>[1.4.5] - 2024-11-17</h2> <h3>Fixed</h3> <ul> <li>Crash when default ignore file missing and custom file specified</li> <li>Revert format option ignore_file_string to ignore_file_strict</li> </ul> <h2>[1.4.4] - 2024-09-28</h2> <h3>Fixed</h3> <ul> <li>Invalid contract formatting failed on OTP 26 & later.</li> <li>Empty ignore files are ignored.</li> <li>Several improvements and corrections to documentation.</li> </ul> <h3>Changed</h3> <ul> <li>Updated Erlex minimum version to 0.27, bringing in several fixes and improvements.</li> </ul> <h3>Added</h3> <ul> <li>Multiple formatters can be used in the same invocation.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bdc4711fd7 |
build(deps): Bump the google group in /terraform/environments/staging with 2 updates (#7775)
Bumps the google group in /terraform/environments/staging with 2 updates: [hashicorp/google](https://github.com/hashicorp/terraform-provider-google) and [hashicorp/google-beta](https://github.com/hashicorp/terraform-provider-google-beta). Updates `hashicorp/google` from 6.12.0 to 6.16.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/terraform-provider-google/releases">hashicorp/google's releases</a>.</em></p> <blockquote> <h2>v6.16.0</h2> <p>FEATURES:</p> <ul> <li><strong>New Resource:</strong> <code>google_beyondcorp_security_gateway</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20844">#20844</a>)</li> <li><strong>New Resource:</strong> <code>google_developer_connect_connection</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20823">#20823</a>)</li> <li><strong>New Resource:</strong> <code>google_developer_connect_git_repository_link</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20823">#20823</a>)</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>compute: promoted <code>standby_policy</code>, <code>target_suspended_size</code>, and <code>target_stopped_size</code> fields in <code>google_compute_region_instance_group_manager</code> and <code>google_compute_instance_group_manager</code> resource from beta to ga (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20821">#20821</a>)</li> <li>dns: added <code>health_check</code> and <code>external_endpoints</code> fields to <code>google_dns_record_set</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20843">#20843</a>)</li> <li>sql: added <code>server_ca_pool</code> field to <code>google_sql_database_instance</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20834">#20834</a>)</li> <li>vmwareengine: allowed import of non-STANDARD private clouds in <code>google_vmwareengine_private_cloud</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20832">#20832</a>)</li> </ul> <p>BUG FIXES:</p> <ul> <li>dataproc: fixed boolean fields in <code>shielded_instance_config</code> in the <code>google_dataproc_cluster</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20828">#20828</a>)</li> <li>gkeonprem: fixed permadiff on <code>vcenter</code> field in <code>google_gkeonprem_vmware_cluster</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20837">#20837</a>)</li> <li>networkservices: fixed <code>google_network_services_gateway</code> resource so that it correctly waits for the router to be deleted on <code>terraform destroy</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20817">#20817</a>)</li> <li>provider: fixed issue where <code>GOOGLE_CLOUD_QUOTA_PROJECT</code> env var would override explicit <code>billing_project</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20839">#20839</a>)</li> </ul> <h2>v6.15.0</h2> <p>NOTES:</p> <ul> <li>compute: <code>google_compute_firewall_policy_association</code> now uses MMv1 engine instead of DCL. (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20744">#20744</a>)</li> </ul> <p>DEPRECATIONS:</p> <ul> <li>compute: deprecated <code>numeric_id</code> (string) field in <code>google_compute_network</code> resource. Use the new <code>network_id</code> (integer) field instead (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20698">#20698</a>)</li> </ul> <p>FEATURES:</p> <ul> <li><strong>New Data Source:</strong> <code>google_gke_hub_feature</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20721">#20721</a>)</li> <li><strong>New Resource:</strong> <code>google_storage_folder</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20767">#20767</a>)</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>artifactregistry: added <code>vulnerability_scanning_config</code> field to <code>google_artifact_registry_repository</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20726">#20726</a>)</li> <li>backupdr: promoted datasource <code>google_backup_dr_backup</code> to ga (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20677">#20677</a>)</li> <li>backupdr: promoted datasource <code>google_backup_dr_data_source</code> to ga (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20677">#20677</a>)</li> <li>bigquery: added <code>condition</code> field to <code>google_bigquery_dataset_access</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20707">#20707</a>)</li> <li>bigquery: added <code>condition</code> field to <code>google_bigquery_dataset</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20707">#20707</a>)</li> <li>composer: added <code>airflow_metadata_retention_config</code> field to <code>google_composer_environment</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20769">#20769</a>)</li> <li>compute: added back the validation for <code>target_service</code> field on the <code>google_compute_service_attachment</code> resource to validade a <code>ForwardingRule</code> or <code>Gateway</code> URL (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20711">#20711</a>)</li> <li>compute: added <code>availability_domain</code> field to <code>google_compute_instance</code>, <code>google_compute_instance_template</code> and <code>google_compute_region_instance_template</code> resources (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20694">#20694</a>)</li> <li>compute: added <code>network_id</code> (integer) field to <code>google_compute_network</code> resource and data source (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20698">#20698</a>)</li> <li>compute: added <code>preset_topology</code> field to <code>google_network_connectivity_hub</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20720">#20720</a>)</li> <li>compute: added <code>subnetwork_id</code> field to <code>google_compute_subnetwork</code> data source (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20666">#20666</a>)</li> <li>compute: made setting resource policies for <code>google_compute_instance</code> outside of terraform or using <code>google_compute_disk_resource_policy_attachment</code> no longer affect the <code>boot_disk.initialize_params.resource_policies</code> field (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20764">#20764</a>)</li> <li>container: changed <code>google_container_cluster</code> to apply maintenance policy updates after upgrades during cluster update (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20708">#20708</a>)</li> <li>container: made nodepool concurrent operations scale better for <code>google_container_cluster</code> and <code>google_container_node_pool</code> resources (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20738">#20738</a>)</li> <li>datastream: added <code>gtid</code> and <code>binary_log_position</code> fields to <code>google_datastream_stream</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20777">#20777</a>)</li> <li>developerconnect: added support for setting up a <code>google_developer_connect_connection</code> resource without specifying the <code>authorizer_credentials</code> field (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20756">#20756</a>)</li> <li>filestore: added <code>tags</code> field to <code>google_filestore_backup</code> to allow setting tags for backups at creation time (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20718">#20718</a>)</li> <li>networkconnectivity: added <code>group</code> field to <code>google_network_connectivity_spoke</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20689">#20689</a>)</li> <li>networkmanagement: promoted <code>google_network_management_vpc_flow_logs_config</code> resource to ga (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20701">#20701</a>)</li> <li>parallelstore: added <code>deployment_type</code> field to <code>google_parallelstore_instance</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20785">#20785</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md">hashicorp/google's changelog</a>.</em></p> <blockquote> <h2>6.16.0 (January 13, 2025)</h2> <p>FEATURES:</p> <ul> <li><strong>New Resource:</strong> <code>google_beyondcorp_security_gateway</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20844">#20844</a>)</li> <li><strong>New Resource:</strong> <code>google_developer_connect_connection</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20823">#20823</a>)</li> <li><strong>New Resource:</strong> <code>google_developer_connect_git_repository_link</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20823">#20823</a>)</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>compute: promoted <code>standby_policy</code>, <code>target_suspended_size</code>, and <code>target_stopped_size</code> fields in <code>google_compute_region_instance_group_manager</code> and <code>google_compute_instance_group_manager</code> resource from beta to ga (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20821">#20821</a>)</li> <li>dns: added <code>health_check</code> and <code>external_endpoints</code> fields to <code>google_dns_record_set</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20843">#20843</a>)</li> <li>sql: added <code>server_ca_pool</code> field to <code>google_sql_database_instance</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20834">#20834</a>)</li> <li>vmwareengine: allowed import of non-STANDARD private clouds in <code>google_vmwareengine_private_cloud</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20832">#20832</a>)</li> </ul> <p>BUG FIXES:</p> <ul> <li>dataproc: fixed boolean fields in <code>shielded_instance_config</code> in the <code>google_dataproc_cluster</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20828">#20828</a>)</li> <li>gkeonprem: fixed permadiff on <code>vcenter</code> field in <code>google_gkeonprem_vmware_cluster</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20837">#20837</a>)</li> <li>networkservices: fixed <code>google_network_services_gateway</code> resource so that it correctly waits for the router to be deleted on <code>terraform destroy</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20817">#20817</a>)</li> <li>provider: fixed issue where <code>GOOGLE_CLOUD_QUOTA_PROJECT</code> env var would override explicit <code>billing_project</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20839">#20839</a>)</li> </ul> <h2>6.15.0 (January 6, 2025)</h2> <p>NOTES:</p> <ul> <li>compute: <code>google_compute_firewall_policy_association</code> now uses MMv1 engine instead of DCL. (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20744">#20744</a>)</li> </ul> <p>DEPRECATIONS:</p> <ul> <li>compute: deprecated <code>numeric_id</code> (string) field in <code>google_compute_network</code> resource. Use the new <code>network_id</code> (integer) field instead (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20698">#20698</a>)</li> </ul> <p>FEATURES:</p> <ul> <li><strong>New Data Source:</strong> <code>google_gke_hub_feature</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20721">#20721</a>)</li> <li><strong>New Resource:</strong> <code>google_storage_folder</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20767">#20767</a>)</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>artifactregistry: added <code>vulnerability_scanning_config</code> field to <code>google_artifact_registry_repository</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20726">#20726</a>)</li> <li>backupdr: promoted datasource <code>google_backup_dr_backup</code> to ga (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20677">#20677</a>)</li> <li>backupdr: promoted datasource <code>google_backup_dr_data_source</code> to ga (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20677">#20677</a>)</li> <li>bigquery: added <code>condition</code> field to <code>google_bigquery_dataset_access</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20707">#20707</a>)</li> <li>bigquery: added <code>condition</code> field to <code>google_bigquery_dataset</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20707">#20707</a>)</li> <li>composer: added <code>airflow_metadata_retention_config</code> field to <code>google_composer_environment</code> (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20769">#20769</a>)</li> <li>compute: added back the validation for <code>target_service</code> field on the <code>google_compute_service_attachment</code> resource to validade a <code>ForwardingRule</code> or <code>Gateway</code> URL (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20711">#20711</a>)</li> <li>compute: added <code>availability_domain</code> field to <code>google_compute_instance</code>, <code>google_compute_instance_template</code> and <code>google_compute_region_instance_template</code> resources (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20694">#20694</a>)</li> <li>compute: added <code>network_id</code> (integer) field to <code>google_compute_network</code> resource and data source (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20698">#20698</a>)</li> <li>compute: added <code>preset_topology</code> field to <code>google_network_connectivity_hub</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20720">#20720</a>)</li> <li>compute: added <code>subnetwork_id</code> field to <code>google_compute_subnetwork</code> data source (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20666">#20666</a>)</li> <li>compute: made setting resource policies for <code>google_compute_instance</code> outside of terraform or using <code>google_compute_disk_resource_policy_attachment</code> no longer affect the <code>boot_disk.initialize_params.resource_policies</code> field (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20764">#20764</a>)</li> <li>container: changed <code>google_container_cluster</code> to apply maintenance policy updates after upgrades during cluster update (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20708">#20708</a>)</li> <li>container: made nodepool concurrent operations scale better for <code>google_container_cluster</code> and <code>google_container_node_pool</code> resources (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20738">#20738</a>)</li> <li>datastream: added <code>gtid</code> and <code>binary_log_position</code> fields to <code>google_datastream_stream</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20777">#20777</a>)</li> <li>developerconnect: added support for setting up a <code>google_developer_connect_connection</code> resource without specifying the <code>authorizer_credentials</code> field (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20756">#20756</a>)</li> <li>filestore: added <code>tags</code> field to <code>google_filestore_backup</code> to allow setting tags for backups at creation time (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20718">#20718</a>)</li> <li>networkconnectivity: added <code>group</code> field to <code>google_network_connectivity_spoke</code> resource (<a href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20689">#20689</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
87d44518e2 |
build(deps): Bump cyrilgdn/postgresql from 1.24.0 to 1.25.0 in /terraform/environments/staging (#7778)
Bumps [cyrilgdn/postgresql](https://github.com/cyrilgdn/terraform-provider-postgresql) from 1.24.0 to 1.25.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cyrilgdn/terraform-provider-postgresql/releases">cyrilgdn/postgresql's releases</a>.</em></p> <blockquote> <h2>v1.25.0</h2> <h2>What's Changed</h2> <h3>Features</h3> <ul> <li><strong>New resource</strong>: <code>postgresql_security_label</code> by <a href="https://github.com/stanleyz"><code>@stanleyz</code></a> in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/482">cyrilgdn/terraform-provider-postgresql#482</a></li> <li><strong>Provider configuration</strong>: Add support for assuming an AWS IAM role from the provider. by <a href="https://github.com/zizzencs"><code>@zizzencs</code></a> in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/486">cyrilgdn/terraform-provider-postgresql#486</a></li> </ul> <h3>Fixes</h3> <ul> <li><code>postgresql_grant</code>: Fix cyrilgdn#321 replaces postgresql_grant all the time. by <a href="https://github.com/PabloAzNR"><code>@PabloAzNR</code></a> in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/476">cyrilgdn/terraform-provider-postgresql#476</a></li> <li><code>postgresql_grant</code> / <code>postgresql_default_privileges</code>: Fix <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/issues/32">#32</a> <code>ALL</code> privileges by <a href="https://github.com/talbx"><code>@talbx</code></a> in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/339">cyrilgdn/terraform-provider-postgresql#339</a></li> </ul> <h3>Documentation / Development</h3> <ul> <li>Tests: Remove Postrges 11 from tests matrix by <a href="https://github.com/cyrilgdn"><code>@cyrilgdn</code></a> in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/485">cyrilgdn/terraform-provider-postgresql#485</a></li> <li>Update documentation for postgresql_default_privileges resource by <a href="https://github.com/caodangtinh"><code>@caodangtinh</code></a> in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/468">cyrilgdn/terraform-provider-postgresql#468</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/PabloAzNR"><code>@PabloAzNR</code></a> made their first contribution in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/476">cyrilgdn/terraform-provider-postgresql#476</a></li> <li><a href="https://github.com/talbx"><code>@talbx</code></a> made their first contribution in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/339">cyrilgdn/terraform-provider-postgresql#339</a></li> <li><a href="https://github.com/stanleyz"><code>@stanleyz</code></a> made their first contribution in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/482">cyrilgdn/terraform-provider-postgresql#482</a></li> <li><a href="https://github.com/zizzencs"><code>@zizzencs</code></a> made their first contribution in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/486">cyrilgdn/terraform-provider-postgresql#486</a></li> <li><a href="https://github.com/caodangtinh"><code>@caodangtinh</code></a> made their first contribution in <a href="https://redirect.github.com/cyrilgdn/terraform-provider-postgresql/pull/468">cyrilgdn/terraform-provider-postgresql#468</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/cyrilgdn/terraform-provider-postgresql/compare/v1.24.0...v1.25.0">https://github.com/cyrilgdn/terraform-provider-postgresql/compare/v1.24.0...v1.25.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
603a64435e |
chore(portal): use appropriate sha in dev (#7782)
Not a huge deal, but this doesn't actually need to be a valid SHA and this is more clear / has no risk of collision with an actual git sha. |
||
|
Jamil
|
d07ef17b52 |
fix(website): Use relative hrefs for downloads on changelog (#7784)
These weren't being loaded correctly for Android and Apple, and are now updated to use relative paths. |
||
|
Jamil
|
53032fcbe1 |
fix(ci): Populate elixir vsn from env at build time (#7773)
Dependabot's workflow is set up in such a way it seems that it can't find our `sha.exs` file. This is a cleaner approach that doesn't rely on using external files for the application version. Interesting note: `mix compile` will happily use the cached `version` even though it's computed from an env var, because `mix compile` uses file hash and mtime to know when to recompile. See https://github.com/firezone/firezone/network/updates/942719116 |
||
|
dependabot[bot]
|
ce2de2ec8d |
build(deps): Bump tauri from 2.2.1 to 2.2.2 in /rust in the tauri group (#7776)
Bumps the tauri group in /rust with 1 update: [tauri](https://github.com/tauri-apps/tauri). Updates `tauri` from 2.2.1 to 2.2.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri-cli v2.2.2</h2> <!-- raw HTML omitted --> <pre><code>Updating git repository `https://github.com/tauri-apps/schemars.git` Updating crates.io index Locking 1041 packages to latest compatible versions Adding apple-codesign v0.27.0 (available: v0.29.0) Adding axum v0.7.9 (available: v0.8.1) Adding cargo_toml v0.17.2 (available: v0.21.0) Adding html5ever v0.26.0 (available: v0.29.0) Adding hyper v0.14.32 (available: v1.5.2) Adding itertools v0.13.0 (available: v0.14.0) Adding minisign v0.7.3 (available: v0.7.9) Adding oxc_allocator v0.36.0 (available: v0.44.0) Adding oxc_ast v0.36.0 (available: v0.44.0) Adding oxc_parser v0.36.0 (available: v0.44.0) Adding oxc_span v0.36.0 (available: v0.44.0) Adding proc-macro-crate v2.0.0 (available: v2.0.2) Adding serialize-to-javascript v0.1.1 (available: v0.1.2) Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2) Adding tauri-utils v1.6.0 (available: v1.6.1) Adding tiny_http v0.11.0 (available: v0.12.0) Adding x509-certificate v0.23.1 (available: v0.24.0) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 724 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1066 crate dependencies) Crate: atk Version: 0.18.2 Warning: unmaintained Title: gtk-rs GTK3 bindings - no longer maintained Date: 2024-03-04 ID: RUSTSEC-2024-0413 URL: https://rustsec.org/advisories/RUSTSEC-2024-0413 Dependency tree: atk 0.18.2 └── gtk 0.18.2 ├── wry 0.48.0 │ └── tauri-runtime-wry 2.3.0 │ └── tauri 2.2.0 │ ├── tauri-plugin-sample 0.1.0 │ │ └── api 0.1.0 │ ├── tauri-plugin-log 2.2.0 │ │ └── api 0.1.0 │ ├── tauri-file-associations-demo 0.1.0 │ ├── tauri 2.2.0 │ ├── restart 0.1.0 │ ├── resources 0.1.0 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
81cbaefc84 |
build(deps): Bump glob from 0.3.1 to 0.3.2 in /rust (#7779)
Bumps [glob](https://github.com/rust-lang/glob) from 0.3.1 to 0.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/glob/releases">glob's releases</a>.</em></p> <blockquote> <h2>v0.3.2</h2> <h2>What's Changed</h2> <ul> <li>Add fs::symlink_metadata to detect broken symlinks by <a href="https://github.com/kyoheiu"><code>@kyoheiu</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/105">rust-lang/glob#105</a></li> <li>Add support for windows verbatim disk paths by <a href="https://github.com/nico-abram"><code>@nico-abram</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/112">rust-lang/glob#112</a></li> <li>Respect <code>require_literal_leading_dot</code> option in <code>glob_with</code> method for path components by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/128">rust-lang/glob#128</a></li> <li>Harden tests for symlink by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/127">rust-lang/glob#127</a></li> <li>Remove "extern crate" directions from README by <a href="https://github.com/zmitchell"><code>@zmitchell</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/131">rust-lang/glob#131</a></li> <li>Add FIXME for tempdir by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/126">rust-lang/glob#126</a></li> <li>Cache information about file type by <a href="https://github.com/Kobzol"><code>@Kobzol</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/135">rust-lang/glob#135</a></li> <li>Document the behaviour of ** with files by <a href="https://github.com/Wilfred"><code>@Wilfred</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/138">rust-lang/glob#138</a></li> <li>Add dependabot by <a href="https://github.com/oriontvv"><code>@oriontvv</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/139">rust-lang/glob#139</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/140">rust-lang/glob#140</a></li> <li>Check only (no longer test) at the MSRV by <a href="https://github.com/tgross35"><code>@tgross35</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/151">rust-lang/glob#151</a></li> <li>Add release-plz for automated releases by <a href="https://github.com/tgross35"><code>@tgross35</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/150">rust-lang/glob#150</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/kyoheiu"><code>@kyoheiu</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/105">rust-lang/glob#105</a></li> <li><a href="https://github.com/nico-abram"><code>@nico-abram</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/112">rust-lang/glob#112</a></li> <li><a href="https://github.com/zmitchell"><code>@zmitchell</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/131">rust-lang/glob#131</a></li> <li><a href="https://github.com/Kobzol"><code>@Kobzol</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/135">rust-lang/glob#135</a></li> <li><a href="https://github.com/Wilfred"><code>@Wilfred</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/138">rust-lang/glob#138</a></li> <li><a href="https://github.com/oriontvv"><code>@oriontvv</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/139">rust-lang/glob#139</a></li> <li><a href="https://github.com/dependabot"><code>@dependabot</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/140">rust-lang/glob#140</a></li> <li><a href="https://github.com/tgross35"><code>@tgross35</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/151">rust-lang/glob#151</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/glob/compare/0.3.1...v0.3.2">https://github.com/rust-lang/glob/compare/0.3.1...v0.3.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/glob/blob/master/CHANGELOG.md">glob's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/rust-lang/glob/compare/v0.3.1...v0.3.2">0.3.2</a> - 2024-12-28</h2> <h2>What's Changed</h2> <ul> <li>Add fs::symlink_metadata to detect broken symlinks by <a href="https://github.com/kyoheiu"><code>@kyoheiu</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/105">rust-lang/glob#105</a></li> <li>Add support for windows verbatim disk paths by <a href="https://github.com/nico-abram"><code>@nico-abram</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/112">rust-lang/glob#112</a></li> <li>Respect <code>require_literal_leading_dot</code> option in <code>glob_with</code> method for path components by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/128">rust-lang/glob#128</a></li> <li>Harden tests for symlink by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/127">rust-lang/glob#127</a></li> <li>Remove "extern crate" directions from README by <a href="https://github.com/zmitchell"><code>@zmitchell</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/131">rust-lang/glob#131</a></li> <li>Add FIXME for tempdir by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/126">rust-lang/glob#126</a></li> <li>Cache information about file type by <a href="https://github.com/Kobzol"><code>@Kobzol</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/135">rust-lang/glob#135</a></li> <li>Document the behaviour of ** with files by <a href="https://github.com/Wilfred"><code>@Wilfred</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/138">rust-lang/glob#138</a></li> <li>Add dependabot by <a href="https://github.com/oriontvv"><code>@oriontvv</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/139">rust-lang/glob#139</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/140">rust-lang/glob#140</a></li> <li>Check only (no longer test) at the MSRV by <a href="https://github.com/tgross35"><code>@tgross35</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/151">rust-lang/glob#151</a></li> <li>Add release-plz for automated releases by <a href="https://github.com/tgross35"><code>@tgross35</code></a> in <a href="https://redirect.github.com/rust-lang/glob/pull/150">rust-lang/glob#150</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/kyoheiu"><code>@kyoheiu</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/105">rust-lang/glob#105</a></li> <li><a href="https://github.com/nico-abram"><code>@nico-abram</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/112">rust-lang/glob#112</a></li> <li><a href="https://github.com/zmitchell"><code>@zmitchell</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/131">rust-lang/glob#131</a></li> <li><a href="https://github.com/Kobzol"><code>@Kobzol</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/135">rust-lang/glob#135</a></li> <li><a href="https://github.com/Wilfred"><code>@Wilfred</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/138">rust-lang/glob#138</a></li> <li><a href="https://github.com/oriontvv"><code>@oriontvv</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/139">rust-lang/glob#139</a></li> <li><a href="https://github.com/dependabot"><code>@dependabot</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/140">rust-lang/glob#140</a></li> <li><a href="https://github.com/tgross35"><code>@tgross35</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/glob/pull/151">rust-lang/glob#151</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/glob/compare/0.3.1...0.3.2">https://github.com/rust-lang/glob/compare/0.3.1...0.3.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d47a1fb633 |
build(deps): Bump env_logger from 0.11.5 to 0.11.6 in /rust (#7780)
Bumps [env_logger](https://github.com/rust-cli/env_logger) from 0.11.5 to 0.11.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-cli/env_logger/releases">env_logger's releases</a>.</em></p> <blockquote> <h2>v0.11.6</h2> <h2>[0.11.6] - 2024-12-20</h2> <h3>Features</h3> <ul> <li>Opt-in file and line rendering</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-cli/env_logger/blob/main/CHANGELOG.md">env_logger's changelog</a>.</em></p> <blockquote> <h2>[0.11.6] - 2024-12-20</h2> <h3>Features</h3> <ul> <li>Opt-in file and line rendering</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
2d0fafbc59 |
chore(ci): Use consistent casing for Docker directives (#7781)
``` => WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 258) ``` |
||
|
Thomas Eizinger
|
081216a929 |
fix(connlib): don't drop unsent datagrams (#7768)
We introduced a regression in `connlib` in #7749 whereby queued but
unsent datagrams got dropped in case the socket was not ready to send
more data.
This happens because within `Io`, we pull each datagram one by one from
the iterator:
|
||
|
Jamil
|
10847fd549 |
fix(apple): Use Task.detached when starting from MainActor (#7766)
When starting a Task, by default it's launched with the same priority as the calling code. In the UI these are run on the `MainActor` with highest priority by default. If the worker thread running the Task closure gets blocked, it will cause the UI to hang. To fix this, we use `Task.detached` which runs the closure without a specific priority, which is lower than the UI thread. Furthermore, `weak self` is used to prevent retain cycles if the parent thread `deinit`s. This was causing an issue primarily when making IPC calls because those will sometimes hang until the XPC service is launched for the first time. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
dependabot[bot]
|
e4cfe6d5a2 |
build(deps): Bump keyring from 3.4.0 to 3.6.1 in /rust (#7744)
Bumps [keyring](https://github.com/hwchen/keyring-rs) from 3.4.0 to 3.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hwchen/keyring-rs/releases">keyring's releases</a>.</em></p> <blockquote> <h2>v3.6.1: Update dependencies</h2> <p>Two of the dependencies (<code>openssl</code> and <code>whoami</code>) were discovered to have vulnerabilities which were fixed in minor or patch releases. This crate has been updated to insist that the minor/patch release number of these dependencies is high enough to ensure use of a patched version.</p> <p>There is no reason to think that the vulnerabilities in these dependencies could have been exercised through this crate. In addition, builds of clients done after the dependencies were patched would have already picked up the non-vulnerable versions. So this change is simply to ensure that future builds cannot use the vulnerable versions.</p> <p>There are no code changes in this release.</p> <h2>v3.6.0: Add new combination keystore</h2> <p>This release contains a new credential store for Linux: a combination of keyutils (for use by headless processes) and secret service (for persistence of credentials beyond reboot). Thanks very much to <a href="https://github.com/soywod"><code>@soywod</code></a> for the contribution!</p> <h2>v3.5.0: Add debug logging of internal operations</h2> <ul> <li>Add debug logging of internal operations (thanks to <a href="https://github.com/soywod"><code>@soywod</code></a>).</li> <li>Revert iOS security-framework dependency to v2 (see <a href="https://redirect.github.com/hwchen/keyring-rs/issues/225">#225</a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hwchen/keyring-rs/blob/master/CHANGELOG.md">keyring's changelog</a>.</em></p> <blockquote> <h2>Version 3.6.0</h2> <ul> <li>Add combination keystore of keyutils and secret service (thanks to <a href="https://github.com/soywod"><code>@soywod</code></a>).</li> </ul> <h2>Version 3.5.0</h2> <ul> <li>Add debug logging of internal operations (thanks to <a href="https://github.com/soywod"><code>@soywod</code></a>).</li> <li>Revert iOS security-framework dependency to v2 (see <a href="https://redirect.github.com/hwchen/keyring-rs/issues/225">#225</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
81615dfef8 |
Revert "refactor(apple): Use kSecUseDataProtectionKeychain for token" (#7765)
After reading through this [Apple technical note](https://developer.apple.com/documentation/technotes/tn3137-on-mac-keychains), it's clear that we want to actually omit this key from our keychain queries. The reason is because: - on iOS, this will be already set (there is no other option) - on macOS, the data protection keychain is *unavailable* from system extensions After testing, it appears that the original issue that PR sought to fix was actually fixed by always installing the correct system extension version: #7759. Reverts firezone/firezone#7756 |
||
|
Jamil
|
854436b1a0 |
fix(apple): Don't log certain security errors in debug (#7764)
When building / testing the Apple clients locally, OS code signing and security requirements can cause certain types of errors to throw. We still want to see these in the console, but not necessary capture them to Sentry. |
||
|
Brian Manifold
|
430b32324a |
fix(portal): Update IDP sync error email threshold (#7757)
Why: * An IdP sync can fail for different reasons and because of this we previously put a threshold on when to send the first 'IdP sync failed' email, which was set at 10 failed sync attempts. One thing that was accidentally overlooked was that on one specific failure type (i.e. 401 - Unauthorized) the Firezone sync was automatically disabled and not tried from that point forward. Unfortunately, that meant an email did not get sent out because the threshold was not met. This PR resolves that by making sure the 401 error will send out an email immediately, while keeping the 10 failed sync threshold for all other errors. Closes: #7725 |
||
|
Jamil
|
55485c71e6 |
fix(apple/macOS): Don't log notificationsNotAllowed (#7762)
This can happen if the user hasn't granted notifications and isn't worth reporting. |
||
|
Thomas Eizinger
|
01c1e629d2 |
test(connlib): ensure that we never want a time in the past (#7760)
In #7758, we fix `connlib`s event-loop to always provide the current time to the state machine rather than the one that was requested (which may be in the past). Even though this is already fairly resilient, we should never request a time in the past. This patch adds this as an assertion to our test suite. |
||
|
Thomas Eizinger
|
1ebee00699 |
fix(connlib): prevent time from going backwards (#7758)
On a high level, `connlib` is a state machine that gets driven by a custom event-loop. For time-related actions, the state machine computes, when it would like to be woken next. The event-loop sets a timer for that value and emits this value when the timer fires. There is an edge-case where this may result in the time going backwards within the state machine. Specifically, if - for whatever reason - the state machine emits a time value that is in the past, the timer in the `Io` component will fire right away **but the `deadline` will point to the time in the past**. The only thing we are actually interested in is that the timer fires at all. Instead of passing back the deadline of the timer, we fetch the _current_ time and pass that back to the state machine as the current input. This ensures that we never jump back in time because Rust guarantees for calls to `Instant::now` to be monotonic. (https://doc.rust-lang.org/std/time/struct.Instant.html#:~:text=a%20measurement%20of%20a%20monotonically%20nondecreasing%20clock.) |
||
|
dependabot[bot]
|
17af9bc28f |
build(deps): Bump socket2 from 0.5.7 to 0.5.8 in /rust (#7743)
Bumps [socket2](https://github.com/rust-lang/socket2) from 0.5.7 to 0.5.8. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/socket2/blob/master/CHANGELOG.md">socket2's changelog</a>.</em></p> <blockquote> <h1>0.5.8</h1> <ul> <li>Added <code>Socket::(set_)header_included_v4</code> and <code>Socket::(set_)header_included_v6</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/518">rust-lang/socket2#518</a>).</li> <li>Added support for <code>Socket::original_dst</code> and <code>Socket::original_dst_ipv6</code> on Windows (<a href="https://redirect.github.com/rust-lang/socket2/pull/529">rust-lang/socket2#529</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/rust-lang/socket2/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
46795da7b6 |
build(deps): Bump the tauri group in /rust with 2 updates (#7741)
Bumps the tauri group in /rust with 2 updates: [tauri](https://github.com/tauri-apps/tauri) and [tauri-build](https://github.com/tauri-apps/tauri). Updates `tauri` from 2.2.0 to 2.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri-cli v2.2.1</h2> <!-- raw HTML omitted --> <pre><code>Updating git repository `https://github.com/tauri-apps/schemars.git` Updating crates.io index Locking 1040 packages to latest compatible versions Adding apple-codesign v0.27.0 (available: v0.29.0) Adding axum v0.7.9 (available: v0.8.1) Adding cargo_toml v0.17.2 (available: v0.21.0) Adding html5ever v0.26.0 (available: v0.29.0) Adding hyper v0.14.32 (available: v1.5.2) Adding itertools v0.13.0 (available: v0.14.0) Adding minisign v0.7.3 (available: v0.7.9) Adding oxc_allocator v0.36.0 (available: v0.44.0) Adding oxc_ast v0.36.0 (available: v0.44.0) Adding oxc_parser v0.36.0 (available: v0.44.0) Adding oxc_span v0.36.0 (available: v0.44.0) Adding proc-macro-crate v2.0.0 (available: v2.0.2) Adding serialize-to-javascript v0.1.1 (available: v0.1.2) Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2) Adding tauri-utils v1.6.0 (available: v1.6.1) Adding tiny_http v0.11.0 (available: v0.12.0) Adding which v4.4.2 (available: v7.0.1) Adding x509-certificate v0.23.1 (available: v0.24.0) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 722 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1065 crate dependencies) Crate: atk Version: 0.18.2 Warning: unmaintained Title: gtk-rs GTK3 bindings - no longer maintained Date: 2024-03-04 ID: RUSTSEC-2024-0413 URL: https://rustsec.org/advisories/RUSTSEC-2024-0413 Dependency tree: atk 0.18.2 └── gtk 0.18.2 ├── wry 0.48.0 │ └── tauri-runtime-wry 2.3.0 │ └── tauri 2.2.0 │ ├── tauri-plugin-sample 0.1.0 │ │ └── api 0.1.0 │ ├── tauri-plugin-log 2.2.0 │ │ └── api 0.1.0 │ ├── tauri-file-associations-demo 0.1.0 │ ├── tauri 2.2.0 │ ├── restart 0.1.0 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
3722c81eca |
fix(apple/macOS): Handle outdated system extensions (#7759)
When a user launches the macOS app, we check if the system extension is installed. If it was, we assumed it would function properly. However, an older version of the extension can be installed from our current app version, so we would erroneously consider the extension as "installed" even though it needed to be updated. To fix this, we introduced an enum for tracking the system extension state with `installed`, `needsReplacement`, and `needsInstall` states. These track whether the extension is up-to-date, needs upgrade (or downgrade), or needs to be approved and enabled by the user altogether respectively. Importantly, this also gracefully handles downgrades, not just upgrades since we already return a `.replace` action in our request callback that the system calls when installing an extension with the same bundle ID as one that exists. |
||
|
Jamil
|
ed6350d34a |
refactor(apple): Rename VPN "Profile" to VPN "Configuration" (#7755)
Apple actually calls these `VPN Configuration`s throughout the OS, so I thought it would be good to be consistent. Draft because stacked. |
||
|
Jamil
|
c349353600 |
refactor(apple): Use kSecUseDataProtectionKeychain for token (#7756)
This will force the macOS Keychain to behave like the iOS Keychain. To be honest, Apple's documentation is very much lacking in this regard, but some research suggests this is both heavily recommended by Apple and that it enables the Keychain operation to benefit from Apple's security hardware in their Macs. In my local testing, it also seems to make keychain operations more reliable when SIP is disabled, but that could be a fluke given the number of variables at play. https://developer.apple.com/documentation/security/ksecusedataprotectionkeychain Draft because stacked. |
||
|
Jamil
|
0288d7e698 |
refactor(apple): Update Adapter instance vars to lets (#7754)
These don't change and are initialized in the `init()`. Draft because stacked. |
||
|
Jamil
|
f206925446 |
refactor(apple): Adapter.start doesn't need async (#7753)
This function is called from `PacketTunnelProvider.startTunnel`, which already uses the `completionHandler` approach for returning to the caller when the tunnel start operation is completed. Thus `async / await` here is redundant and unnecessary. |
||
|
Jamil
|
64876fffa3 |
fix(apple): Don't rely on Keychain for critical functions (#7752)
The Keychain on Apple platforms, while secure, is not always available. It can be unavailable if the user has changed its permissions accidentally, the keychain database is corrupt, there is an issue with the secure enclave, or any number of other system-related or Apple account-related reasons. There are only two things we use the Keychain for: - Storing the `firezone-id`. This is actually not a secret. - Persisting the `token` upon sign in so that: - the iOS system can keep the tunnel alive without the GUI running - the macOS app can relaunch after `Disconnect & Quit` without having to sign in again For the first case, we move back to persisting this to a file (see #7464). For the second case, we simply don't care too much if the Keychain can't be saved to. We simply move on with activating the tunnel and logging the error so we know how often these edge cases occur. |
||
|
Jamil
|
6c2181d850 |
chore(infra): Bump terraform to 1.10 (#7751)
Caught some [weird CI errors](https://github.com/firezone/firezone/actions/runs/12754884373/job/35551006515) about terraform 1.9.8 cache being corrupted, so I thought I'd go ahead and bump TF to the latest stable version. |
||
|
Thomas Eizinger
|
b313f2a349 |
fix(connlib): don't spam if relay disconnects during ICE (#7750)
When `snownet` is tasked to establish a new connection, it first randomly samples one of its relays that is used as an additional source of candidates in case a direct connection is not possible. We (try to) maintain an allocation on each relay throughout the lifetime of a `connlib` session. In case a relay doesn't respond to the initial binding message at all (even after several retries), we consider the relay offline and remove all state associated to it. It is possible that we sampled a relay for use in a connection and only then realise that it is offline. In that case, we print a message to the log: > Selected relay disconnected during ICE; connection may fail The condition for when we print this log is: "we are in `Connecting` and the sampled relay does no longer exist". This results in log spam in case that condition is actually hit because no state is being changed as part of this check and thus, on the next call to `handle_timeout`, this condition is still true! To fix this, we change the `rid` field of `Connecting` to an `Option`. In case we detect that a relay is no longer present, we print the log and then clear the option. As a result, the log is only printed once. |
||
|
Jamil
|
ef35b1ecd6 |
docs: Remove me-central2 from availability (#7732)
This region is blocked from use. |
||
|
Thomas Eizinger
|
46cdbbcc23 |
fix(connlib): use a buffer pool for the GSO queue (#7749)
Within `connlib`, we read batches of IP packets and process them at once. Each encrypted packet is appended to a buffer shared with other packets of the same length. Once the batch is successfully processed, all of these buffers are written out using GSO to the network. This allows UDP operations to be much more efficient because not every packet has to traverse the entire syscall hierarchy of the operating system. Until now, these buffers got re-allocated on every batch. This is pretty wasteful and leads to a lot of repeated allocations. Measurements show that most of the time, we only have a handful of packets with different segments lengths _per batch_. For example, just booting up the headless-client and running a speedtest showed that only 5 of these buffers are were needed at one time. By introducing a buffer pool, we can reuse these buffers between batches and avoid reallocating them. Related: #7747. |
||
|
Thomas Eizinger
|
f5afea6f0d |
refactor(connlib): reset authorized resources on roaming (#7746)
When a Firezone client roams, the host app sends a "reset" command to `connlib`. At present, this "reset" command clears the network connection state and therefore restarts ICE. As part of that, the tunnel key also gets rotated yet which resources have already been authorized is retained. This isn't a problem per se because the client's identity is determined by the "Firezone ID" which persists even across restarts of a Client. For the Gateway however, a roamed Client and a restarted Client are indistinguishable as in both cases, the tunnel public key and ICE credentials change. Instead of only clearing the connection-specific state, we now also throw away all the ACL state that is associated with connections, i.e. which Resource already got authorized on the Gateway. As a result - with this change - Clients will emit another "connection intent" to the portal upon roaming, triggering a new authorization of this flow with a Gateway. There isn't any particular need for doing this except that lingering state can be a nasty source of bugs. With the now idempotent control protocol, it is pretty easy to re-request these authorisations. Overall, this makes `connlib` more resilient and easier to reason about. |
||
|
Thomas Eizinger
|
088273f009 |
feat(clients): reduce memory usage of background logger thread (#7748)
In order to not block the main thread, `connlib` uses a background thread to write log files to disk. By default, the channel with this background thread can hold 128_000 items (https://docs.rs/tracing-appender/latest/tracing_appender/non_blocking/constant.DEFAULT_BUFFERED_LINES_LIMIT.html). This results in a significant chunk of memory being allocated that we don't necessarily need. |