mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
a07dfc98699edc048ac8fab70335fedffdd6e357
8262 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Thomas Eizinger
|
a07dfc9869 |
test(connlib): workaround DNS cache in proptests (#10602)
With the introduction of the DNS cache for Clients in #10533, we now enable a behaviour where we don't necessarily need to establish a connection to a Gateway to resolve a DNS query if we still have a valid entry in the DNS cache. In particular, the proptests discovered that: - a DNS query for an upstream resolver - which happens to be a resource - and has a valid entry in the DNS cache - but (no longer) a connection to the corresponding Gateway will now serve the cached DNS records instead of establishing a new connection to the Gateway. As a result, the site status which we assert in the proptests remains in "unknown" instead of the expected "online". Modelling the caching behaviour in the tests is rather tedious. To avoid that, we set the TTL of all simulated upstream DNS responses to 1 which effectively bypasses the cache. Whilst not an ideal solution, it ensures that CI is consistently green without flaky tests. The DNS cache itself is already unit-tested. |
||
|
Jamil
|
97895c499a |
fix(apple): call completionHandler only after initialized (#10606)
Apple's [docs state](https://developer.apple.com/documentation/networkextension/nepackettunnelprovider/starttunnel(options:completionhandler:)#Discussion) that we should only call the PacketTunnelProvider's `completionHandler` once the tunnel is ready to route packets. Calling it prematurely, while shouldn't cause packets to get routed to us (we haven't added the routes yet), will however cause the system to think our VPN is "online", which disconnects other VPNs and communicates to the user Firezone is "connected". If the portal is then slow to send us the init, we will be stuck in this quasi-connected state for more than a brief moment of time. To fix this, we thread `completionHandler` through to `Adapter` and call this if we are configuring the tun interface for the first time. This way, we remain in the `connecting` state until the tunnel is fully configured. |
||
|
Jamil
|
fbade40e66 |
fix(apple): don't return Data() to fetchResources (#10605)
When the tunnel first comes up, the first call to `fetchResources` was returning an empty `Data()` instance that the receiver would fail to decode properly because it assumes if a `Data` is non-nil, it is a list of Resources. This resulted in a decode error each time the tunnel was started. Related: https://github.com/firezone/firezone/pull/10603#discussion_r2438472011 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Jamil
|
73576922ff |
fix(apple/macos): clean up utun on quit (#10603)
On macOS, because it uses the System Extension packaging type, the lifecycle of the tunnel provider process is not tied directly to connlib's session start and end, but rather managed by the system. The process is likely running at all times, even when the GUI is not open or signed in. The system will start the provider process upon the first IPC call to it, which allocates a `utun` interface. The tricky part is ensuring this interface gets removed when the GUI app quits. Otherwise, it's likely that upon the next launch of the GUI app, the system will allocate a _new_ utun interface, and the old one will linger until the next system reboot. Here's where things get strange. The system will only remove the `utun` interface when stopping the tunnel under the following conditions: - The provider is currently not in a `disconnected` state (so it needs to be in `reasserting`, `connecting`, or `connected` - The GUI side has called `stopTunnel`, thereby invoking the provider's `stopTunnel` override function, or - The provider side has called `cancelTunnelWithError`, or - The `startTunnel`'s completionHandler is called with an `Error` The problem we had is that we make various IPC calls throughout the lifecycle of the GUI app, for example, to gather logs, set tunnel configuration, and the like. If the GUI app was _not_ in a connected state when the user quit, the `utun` would linger, even though we were issuing a final `stopTunnel` upon quit in all circumstances. To fix the issue, we update the dry run `startTunnel` code path we added previously in two ways: 1. We add a `dryRun` error type to the `startTunnel`'s completionHandler 2. We implement the GUI app `applicationShouldTerminate` handler in order to trigger one final dryRun which briefly moves the provider to a connected state so the system will clean us up when its completionHandler is invoked. Tested under the following conditions: - Launch app in a signed-out state -> quit - Launch app in a signed-out state -> sign in -> quit - Launch app in a signed-out state -> sign in -> sign out -> quit - Launch app in a signed-in state -> quit - Launch app in a signed-in state -> sign out -> quit Notably, if the GUI app is killed with `SIGKILL`, our terminate hook is _not_ called, and the utun lingers. We'll have to accept this edge case for now. Along with the above, the janky `consumeStopReason` mechanism has been removed in favor of NE's `cancelTunnelWithError` to pass the error back to the GUI we can then use to show the signed out alert. Fixes #10580 |
||
|
Thomas Eizinger
|
928d8a2512 |
fix(connlib): handle resources changing site (#10604)
Similar to how resources can be edited to change their address, IP stack or other properties, they can also be moved between different sites. Currently, `connlib` requires the portal to explicitly remove the resource and then re-add it for this to work. Our system gets more robust if we also detect that the sites of a resource have changed and handle it like other addressability changes. To ensure that this works correctly, we also extend the proptests to simulate addressability changes of resources. Resolves: #9881 Related: #10593 |
||
|
Thomas Eizinger
|
fba904d570 |
chore(apple): always build client-ffi on debug (#10601)
Incorporating feedback from Copilot in #10600. |
||
|
Thomas Eizinger
|
b70865564d |
chore(apple): allow generating UniFFI bindings on Linux (#10600)
To generate the UniFFI bindings, we don't actually need to be on an Apple device. To make cross-platform development a bit easier, we extract the binding generation step into the Makefile. |
||
|
Jamil
|
8a6f60a2ec |
build(deps): bump react from 18 to 19 (#10595)
Bumps the react family from 18 to 19 and fixes one type issue. Supersedes #10081 |
||
|
Jamil
|
8ff29c52a3 |
chore(android): bump firebase-bom from 33.16.0 to 34.4.0 (#10596)
Bumps the firebase-bom from 33.16.0 to 34.4.0 and fixes an issue due to some of the bundled libraries changing. Namely, all of the `ktx` libraries (representing Kotlin versions) have been included in the core libraries and `ktx` is no longer a thing. Supersedes #10558 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
7e5ec7c2d7 |
ci: upload .deb from releases to APT repository (#10587)
This PR creates the necessary CI infrastructure to copy `.deb` packages from releases to our APT repository. Re-generation of the index is separated out into a dedicated workflow to avoid concurrency issues and so we can re-generate it without making a release. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Mariusz Klochowicz
|
a27676a903 |
fix(portal): support dark mode in outbound emails (#10493)
Ensure that users with dark mode enabled system-wide get nice experience whilst reading the emails. Add a `mix test_emails` task to send all the emails and quickly inspect them locally. Before: <img width="767" height="924" alt="image" src="https://github.com/user-attachments/assets/aaac75bd-67ad-4fd8-82e8-6726ffea6bae" /> After (viewed via `mix test_emails`): <img width="1063" height="928" alt="image" src="https://github.com/user-attachments/assets/57d3a4d9-5b8f-4a45-8546-7615e15422d8" /> --------- Signed-off-by: Mariusz Klochowicz <mariusz@klochowicz.com> Co-authored-by: Brian Manifold <bmanifold@users.noreply.github.com> |
||
|
Jamil
|
bf91021e2e |
docs: update POP map and relay ips for azure (#10293)
Updates our list of potential Relay IPs and the regional map diagram for customer reference. |
||
|
Jamil
|
79a4aeb3a8 |
chore(website): add eslint (#9560)
- [x] Add eslint configured for NextJS - [x] Add lint before build - [x] Fix errors |
||
|
Jamil
|
be3ec74cdb |
chore(website): remove /dev.firezone.firezone.plist (#10594)
This seems to have been added mistakenly in #9233 and can be removed. |
||
|
Jamil
|
4d43d2cb77 |
fix(portal): trigger email for Okta 4xx errors (#10578)
When Okta returned a 4xx status code from the API, we had updated error handler to grab the errors from body or headers and return these. However, the caller was expecting an explicit empty string for 401 and 403 errors in order to trigger the email send behavior. Since that wasn't being matched, we were logging the error internally only, and continuing to retry the sync indefinitely without sending the user an email. Fixes #8744 Fixes #9825 |
||
|
Jamil
|
e81b4dbdac |
build(deps): bump floki from 0.37.1 to 0.38.0 in /elixir (#10585)
Bumps floki and updates calls to `Floki.find` and `Floki.attribute` to use the new API. Supersedes #9758 |
||
|
Thomas Eizinger
|
6b3f2a32ce |
feat(gateway): associate packets with resource ID (#10588)
In order to support flow logs, we need to associate each IP packet that gets routed with its corresponding resource ID. Currently, we only track what is necessary for the actual routing behaviour: The IP addresses and the filters. Therefore, we extend the data structures in `peer` to also track the `ResourceId` now. The entire code within `peer` became a bit hard to manage so I took this opportunity to split it out into two dedicated modules. This PR forms the base for recording flows logs in #10576. |
||
|
Thomas Eizinger
|
17ab1a6d04 |
ci: remove jitter from docker-compose (#10589)
Jitter causes packets to get re-ordered which makes it really hard to get predictable performance results. With jitter disabled, we get more consistent performance numbers. |
||
|
Firezone Bot
|
5272e0c992 | chore: publish headless-client 1.5.4 (#10590) | ||
|
Firezone Bot
|
f78cccea1b | chore: publish gui-client 1.5.8 (#10591) | ||
|
Jamil
|
37472fee49 |
build(deps): Bump nodejs to 22 (#10586)
Bumps node from the now-unsupported 20 LTS to the currently active 22 LTS which fixes a few compile warnings for the website. |
||
|
Firezone Bot
|
e3bb2fb931 | chore: publish gateway 1.4.17 (#10584) | ||
|
Thomas Eizinger
|
d35cf445d4 |
fix(linux): don't sync link-scope routes of offline interfaces (#10583)
In #10554, we added a syncing mechanism that would copy all link-scoped routes of the `main` routing table over to the Firezone routing table. Routes for interfaces that are currently offline cannot be added and cause a netlink error of "Invalid argument". To prevent unnecessary warnings from being logged to Sentry, we retrieve the link state of each interface and skip routes for interfaces are not online. |
||
|
Mariusz Klochowicz
|
e76daaaab3 |
refactor: remove JSON serialization from FFI boundary (#10575)
This PR eliminates JSON-based communication across the FFI boundary, replacing it with proper uniffi-generated types for improved type safety, performance, and reliability. We replace JSON string parameters with native uniffi types for: - Resources (DNS, CIDR, Internet) - Device information - DNS server lists - Network routes (CIDR representation) Also, get rid of JSON serialisation in Swift client IPC in favour of PropertyList based serialisation. Fixes: https://github.com/firezone/firezone/issues/9548 --------- Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Mariusz Klochowicz
|
97f3979fa6 |
fix(apple): Explicitly hide network extension from the UI (#10581)
Apparently if we set the CFBundleDisplayName we hint by default that we *do* want to show it on newer macOS versions. This seems to have been uncovered by Xcode 26 build recently. Fixes #10579 |
||
|
Jamil
|
ad69864e41 |
chore(ci): use bin/ prefix for binary artifacts (#10582)
We'll be using a consistent `artifacts` storage account for these built binaries, so we've renamed the container to `binaries`. The apt packages would be under the `apt` container at `artifacts.firezone.dev/apt/` accordingly. Related: firezone/infra#182 |
||
|
dependabot[bot]
|
e30583de37 |
build(deps): bump react-syntax-highlighter from 15.6.1 to 15.6.6 in /website (#10555)
Bumps [react-syntax-highlighter](https://github.com/react-syntax-highlighter/react-syntax-highlighter) from 15.6.1 to 15.6.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/releases">react-syntax-highlighter's releases</a>.</em></p> <blockquote> <h2>v15.6.6</h2> <p>Updated <code>overrides</code> block attempting to solve transitive <code>prismjs</code> dependency issue:</p> <pre><code>"overrides": { "prismjs": "^1.30.0", "refractor": { "prismjs": "^1.30.0" } } </code></pre> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.5...v15.6.6">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.5...v15.6.6</a></p> <h2>v15.6.5</h2> <h2>What's Changed</h2> <ul> <li>Bump elliptic from 6.5.5 to 6.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/576">react-syntax-highlighter/react-syntax-highlighter#576</a></li> <li>Bump ws from 6.2.2 to 6.2.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/574">react-syntax-highlighter/react-syntax-highlighter#574</a></li> <li>Bump express from 4.19.2 to 4.21.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/572">react-syntax-highlighter/react-syntax-highlighter#572</a></li> <li>Bump send and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/571">react-syntax-highlighter/react-syntax-highlighter#571</a></li> <li>Bump cookie and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/570">react-syntax-highlighter/react-syntax-highlighter#570</a></li> <li>Bump serve-static and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/569">react-syntax-highlighter/react-syntax-highlighter#569</a></li> <li>Bump body-parser and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/568">react-syntax-highlighter/react-syntax-highlighter#568</a></li> <li>Add Boemly to the built with section of the readme by <a href="https://github.com/lukasbals"><code>@lukasbals</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/467">react-syntax-highlighter/react-syntax-highlighter#467</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lukasbals"><code>@lukasbals</code></a> made their first contribution in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/467">react-syntax-highlighter/react-syntax-highlighter#467</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.4...v15.6.5">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.4...v15.6.5</a></p> <h2>v15.6.4</h2> <h2>What's Changed</h2> <ul> <li>Override <code>refractor 3.6.0</code>'s <code>prismjs</code> dependency by <a href="https://github.com/simmerer"><code>@simmerer</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/605">react-syntax-highlighter/react-syntax-highlighter#605</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.3...v15.6.4">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.3...v15.6.4</a></p> <h2>v15.6.3</h2> <h2>What's Changed</h2> <ul> <li>fix line count error by <a href="https://github.com/bbbert"><code>@bbbert</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/583">react-syntax-highlighter/react-syntax-highlighter#583</a></li> <li>fix spelling error by <a href="https://github.com/BrianHung"><code>@BrianHung</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/579">react-syntax-highlighter/react-syntax-highlighter#579</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bbbert"><code>@bbbert</code></a> made their first contribution in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/583">react-syntax-highlighter/react-syntax-highlighter#583</a></li> <li><a href="https://github.com/BrianHung"><code>@BrianHung</code></a> made their first contribution in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/579">react-syntax-highlighter/react-syntax-highlighter#579</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.2...v15.6.3">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.2...v15.6.3</a></p> <h2>v15.6.2</h2> <h2>What's Changed</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/blob/master/CHANGELOG.MD">react-syntax-highlighter's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5a13295e59 |
build(deps): bump @next/third-parties from 15.4.4 to 15.5.3 in /website (#10559)
Bumps [@next/third-parties](https://github.com/vercel/next.js/tree/HEAD/packages/third-parties) from 15.4.4 to 15.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases"><code>@next/third-parties</code>'s releases</a>.</em></p> <blockquote> <h2>v15.5.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: validation return types of pages API routes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83069">#83069</a>)</li> <li>fix: relative paths in dev in validator.ts (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83073">#83073</a>)</li> <li>fix: remove satisfies keyword from type validation to preserve old TS compatibility (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83071">#83071</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p> <h2>v15.5.2</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: disable unknownatrules lint rule entirely (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83059">#83059</a>)</li> <li>revert: add ?dpl to fonts in /_next/static/media (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83062">#83062</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v15.5.1</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: aliased navigations should apply scroll handling (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82900">#82900</a>)</li> <li>Turbopack: fix invalid NFT entry with file behind symlink (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82887">#82887</a>)</li> <li>fix: typesafe linking to route handlers and pages API routes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82858">#82858</a>)</li> <li>fix: change "noUnknownAtRules" to "warn" for Biome (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82974">#82974</a>)</li> <li>fix: add path normalization to getRelativePath for Windows (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82918">#82918</a>)</li> <li>feat: add typesafety with config.typedRoutes to redirect() and permanentRedirect() (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82860">#82860</a>)</li> <li>fix: avoid importing types that will be unused (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82856">#82856</a>)</li> <li>fix: update the config.api.responseLimit type (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82852">#82852</a>)</li> <li>fix: update validation return types (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82854">#82854</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a>, <a href="https://github.com/mischnic"><code>@mischnic</code></a>, and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v15.5.1-canary.39</h2> <h3>Core Changes</h3> <ul> <li>[metadata] change the metadata routes params to promises: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83560">#83560</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mariusz Klochowicz
|
31f8f9980b |
chore: Upgrade flowbite-react from 0.10.2 to 0.12.9 (#10572)
Note: For this to work, we swapped to `bundler` for module resolution, which is recommended by TypeScript community. This upgrade addresses breaking changes in flowbite-react 0.12.x including the removal of compound components in favour of simple component imports. Breaking changes addressed: 1. Tailwind CSS configuration - Changed import from 'flowbite-react/tailwind' to 'flowbite-react/plugin/tailwindcss' - Updated plugin API: flowbite.plugin() → flowbite (direct export) - Replaced flowbite.content() with manual path './node_modules/flowbite-react/dist/**/*.js' 2. Component API changes (compound → simple components) - Accordion: Accordion.Panel → AccordionPanel, Accordion.Title → AccordionTitle, etc. - Tabs: Tabs.Item → TabItem - Sidebar: Sidebar.Item → SidebarItem, Sidebar.Items → SidebarItems, etc. - Clipboard: Clipboard.WithIcon → ClipboardWithIcon Additional fixes: - Adjusted clipboard icon positioning (increased top margin from top-2 to top-4) to properly align with code block borders as it was misaligned after the upgrade All components tested and verified working: - Accordion, Tabs, Sidebar, Clipboard, Tooltip, Navbar - Custom theming preserved and functioning correctly - No obvious regressions during side-by-side testing with online version |
||
|
Thomas Eizinger
|
08f8e886f1 |
chore(connlib): tune down INFO logs (#10574)
Several of these INFO logs are actually quite noisy, like exchanging candidates with Gateways or updating the allocation. We barely look at the INFO logs from customers and primarily investigate issues with DEBUG logs streamed to Sentry. |
||
|
Mariusz Klochowicz
|
8378819621 |
fix(apple): Ensure fetching resource state if already connected (#10567)
Fixes an issue where the Resources menu would not populate when launching the app while already connected by ensuring the initial VPN status triggers the resource loading handler. Fixes #9837 |
||
|
Thomas Eizinger
|
df601be538 |
chore(rust): ban keys and values from HashMap (#10569)
In addition to the `iter` functions, `keys` and `values` also iterate over the contents of a `HashMap` and are thus non-deterministic. This can create problems where our test-suite is non-deterministic. |
||
|
Thomas Eizinger
|
eb75cef467 |
fix(linux): allow LAN access when Internet Resource is on (#10554)
## Context On Linux, we create a dedicated routing table for all routes of the Firezone TUN device, including the `0.0.0.0/0` route. At a minimum, this routing table contains the following if the Internet Resource is active: ``` > ip route show table 539098368 default dev tun-firezone proto static 100.64.0.0/11 dev tun-firezone proto static 100.96.0.0/11 dev tun-firezone proto static 100.100.111.0/24 dev tun-firezone proto static ``` In addition, we also create a routing rule that bypasses this routing table for all packets that are tagged with the `0xfd002021` mark: ``` > ip rule list 0: from all lookup local 32765: not from all fwmark 0xfd002021 lookup 539098368 32766: from all lookup main 32767: from all lookup default ``` Firezone's internal UDP and TCP sockets are tagged with this mark and thus prevent routing loops where our own packets would otherwise get redirected back into the tunnel. Without the Internet Resource active, the rule `from all lookup main` triggers for local LAN traffic and correctly route the traffic out via that interface. For example, on my computer, the Linux kernel created the following route with the `link` scope in the main table: ``` 192.168.188.0/24 dev wlp192s0 proto kernel scope link src 192.168.188.112 metric 600 ``` ## The problem With the Internet Resource active, there is a problem. The default route matches ALL destinations, including those for local LAN destinations which should actually be sent out via a different interface. As a result, local LAN traffic is broken on Linux as soon as the Internet Resource is active. Instead of being sent out via the local interface, these packets get sent to `tun-firezone` where they get forwarded to the Gateway and then dropped because their source IP is not a Firezone Client IP. ## Solution Fixing this is unfortunately non-trivial. The best I could come up with is to create a copy of all link-scoped routes in the Firezone routing table and keep those in sync with all route changes that happen. For example, when we roam, the link-scoped routes obviously change because we join a new subnet. We therefore listen to change-events from netlink and create a debounced task that reads the current link-scoped routes from the main routing table, compares it to the ones in the Firezone table and adds any routes not present. We don't need to worry about removing routes as link-scoped routes automatically disappear once the resulting interface goes away. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Thomas Eizinger
|
b3b92faf45 |
ci: merge publish workflows (#10568)
All of these jobs should run every time we publish a release. It makes sense to merge them into one workflow. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Thomas Eizinger
|
35a53ae675 |
ci: add workflow inputs for _build-data-plane.yml (#10570)
In #10542, we split out a dedicated workflow for building the data plane artifacts. Unfortunately, we forgot to add an input section to the `workflow_dispatch` trigger. This is necessary to correctly build the artifacts for e.g. an upcoming release. Here is a test-run: https://github.com/firezone/firezone/actions/runs/18485551622 |
||
|
dependabot[bot]
|
bb4a0deb8c |
build(deps): bump @types/node from 22.15.30 to 24.4.0 in /rust/gui-client (#10564)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.15.30 to 24.4.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
276622191a |
build(deps): bump com.google.code.gson:gson from 2.13.1 to 2.13.2 in /kotlin/android (#10560)
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.13.1 to 2.13.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/gson/releases">com.google.code.gson:gson's releases</a>.</em></p> <blockquote> <h2>Gson 2.13.2</h2> <p>The main changes in this release are just newer dependencies.</p> <h2>What's Changed</h2> <ul> <li>Improved packaging of JPMS module declaration in Gson jar<br /> This fixes an issue where Eclipse and VS Code users could not refer to the Gson module name <code>com.google.gson</code>. See issue <a href="https://redirect.github.com/google/gson/issues/2679">google/gson#2679</a>.</li> <li>Remove internal class <code>GsonPreconditions</code> by <a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a> in <a href="https://redirect.github.com/google/gson/pull/2879">google/gson#2879</a></li> <li>Switch to using central-publishing-maven-plugin by <a href="https://github.com/eamonnmcmanus"><code>@eamonnmcmanus</code></a> in <a href="https://redirect.github.com/google/gson/pull/2900">google/gson#2900</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/MukjepScarlet"><code>@MukjepScarlet</code></a> made their first contribution in <a href="https://redirect.github.com/google/gson/pull/2852">google/gson#2852</a></li> <li><a href="https://github.com/ChrisCraik"><code>@ChrisCraik</code></a> made their first contribution in <a href="https://redirect.github.com/google/gson/pull/2856">google/gson#2856</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/gson/compare/gson-parent-2.13.1...gson-parent-2.13.2">https://github.com/google/gson/compare/gson-parent-2.13.1...gson-parent-2.13.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bc0ae5c89c |
build(deps): bump com.google.gms.google-services from 4.4.3 to 4.4.4 in /kotlin/android (#10563)
Bumps com.google.gms.google-services from 4.4.3 to 4.4.4. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
0fa5c45585 |
build(deps): bump com.google.android.material:material from 1.12.0 to 1.13.0 in /kotlin/android (#10562)
Bumps [com.google.android.material:material](https://github.com/material-components/material-components-android) from 1.12.0 to 1.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/material-components/material-components-android/releases">com.google.android.material:material's releases</a>.</em></p> <blockquote> <h2>1.13.0</h2> <h1>New in 1.13.0!</h1> <ul> <li><code>DockedToolbarLayout</code> (<a href="https://github.com/material-components/material-components-android/blob/master/lib/java/com/google/android/material/dockedtoolbar/DockedToolbarLayout.java">source</a>, <a href="https://github.com/material-components/material-components-android/blob/master/docs/components/DockedToolbar.md">doc</a>, <a href="https://m3.material.io/components/toolbars/overview">spec</a>)</li> <li><code>FloatingToolbarLayout</code> (<a href="https://github.com/material-components/material-components-android/blob/master/lib/java/com/google/android/material/floatingtoolbar/FloatingToolbarLayout.java">source</a>, <a href="https://github.com/material-components/material-components-android/blob/master/docs/components/FloatingToolbar.md">doc</a>, <a href="https://m3.material.io/components/toolbars/overview">spec</a>)</li> <li><code>LoadingIndicator</code> (<a href="https://github.com/material-components/material-components-android/blob/master/lib/java/com/google/android/material/loadingindicator/LoadingIndicator.java">source</a>, <a href="https://github.com/material-components/material-components-android/blob/master/docs/components/LoadingIndicator.md">doc</a>, <a href="https://m3.material.io/components/loading-indicator/overview">spec</a>)</li> <li><code>MaterialSplitButton</code> (<a href="https://github.com/material-components/material-components-android/blob/master/lib/java/com/google/android/material/button/MaterialSplitButton.java">source</a>, <a href="https://github.com/material-components/material-components-android/blob/master/docs/components/SplitButton.md">doc</a>, <a href="https://m3.material.io/components/split-button/overview">spec</a>)</li> <li><code>MaterialButtonGroup</code> (<a href="https://github.com/material-components/material-components-android/blob/master/lib/java/com/google/android/material/button/MaterialButtonGroup.java">source</a>, <a href="https://github.com/material-components/material-components-android/blob/master/docs/components/ButtonGroup.md">doc</a>, <a href="https://m3.material.io/components/button-groups/overview">spec</a>)</li> </ul> <h2>Important</h2> <ul> <li>Required <code>minSdkVersion</code> is now 21 or higher, for Material and <a href="https://developer.android.com/jetpack/androidx/versions#version-table">AndroidX</a>.</li> <li>Now built with <code>compileSdkVersion</code> 35, Android Gradle Plugin (AGP) 8.7.3, Gradle 8.9, and <code>android.nonTransitiveRClass=true</code>. <ul> <li>This means that <a href="https://developer.android.com/build/optimize-your-build#use-non-transitive-r-classes">R classes are no longer transitive</a> and resources must be fully qualified with their library path when used programmatically (see the <a href="https://github.com/material-components/material-components-android/blob/master/docs/getting-started.md#non-transitive-r-classes-referencing-library-resources-programmatically">Getting Started guide</a> for more info).</li> </ul> </li> <li>Material 3 Expressive has moved to the 1.14.0 versions of the library. To get a sneak peak, update to version <a href="https://github.com/material-components/material-components-android/releases/tag/1.14.0-alpha04">1.14.0-alpha04</a> and use the <code>Material3Expressive</code> themes/styles in conjunction with new components mentioned above.</li> </ul> <h2>Dependency Updates</h2> <table> <thead> <tr> <th>Dependency</th> <th>Previous version</th> <th>New version</th> </tr> </thead> <tbody> <tr> <td>androidx.appcompat:appcompat</td> <td>1.6.1</td> <td>1.7.0</td> </tr> <tr> <td>androidx.constraintlayout:constraintlayout</td> <td>2.0.1</td> <td>2.1.0</td> </tr> <tr> <td>androidx.dynamicanimation:dynamicanimation</td> <td>1.0.0</td> <td>1.1.0</td> </tr> <tr> <td>androidx.graphics:graphics-shapes</td> <td>N/A</td> <td>1.0.1</td> </tr> <tr> <td>com.android.tools.build:gradle</td> <td>7.4.2</td> <td>8.7.3</td> </tr> </tbody> </table> <h2>Library Updates</h2> <ul> <li><code>A11y</code> <ul> <li>Include "hour" and "minute" in announcements. For example: "Not checked, Hour - 11'0 clock. double tap to select Hour". (960bb4cb825c607c244d51ed4f302752912e37cc)</li> <li>Move responsibility of disabling hide on scroll to HideViewOnScrollBehavior and BottomAppBar (9c33476db68ffc15151b742516da2f7e8c4a98f7)</li> <li>Prevent hide on scroll when Talkback is on (d56070586102b66486f7f8697de077c3d7689922)</li> <li>Add missing 'button' mention to Talkback output for close icon. (79bd7d7b1ba46b0593c7758a81b02bdb5a1dbf67)</li> </ul> </li> <li><code>BottomNavigationView</code> <ul> <li>Update catalog demo to demonstrate adaptive bottom navigation bar (76936c42c43164b9930f616266f215bf7045003a)</li> <li>Fix early return in setItemGravity() (8a4d3c695117c46cf1c7235744d81196fb97110f)</li> </ul> </li> <li><code>BottomSheet</code> <ul> <li>Prevent ACTION_DOWN events on the BottomSheetHandleDragView from setting touchingScrollChild to true. (af7f254bf660704368d46e630d34a81c479fa1c7)</li> <li>Fix keyboard animation on Android 14 (a0b4dfa8769f98851efe97569c900f75eb0d5ef2)</li> <li>Fixed main catalog demo cutting off content when screen size is too small. (005687d1b64ea5542168183511861f7d023682da)</li> <li>Remove disruptive announcement "Drag handle double tapped"for BottomSheetDragHandleView. (95025c6728e49946c55d4b2688f97fa1d321cd02)</li> </ul> </li> <li><code>Carousel</code> <ul> <li>Recyclerview children do not inherit layout direction (ca0b870a344ef6e8f5fadc1ec417ef11f5b23340)</li> <li>Update keyline state if necessary if item size changes (52228c1b3bd50dd1a81bdaae40aeb93ef4d9ea9b)</li> <li>Update multi-browse strategy to always have at least 1 medium item (916e9085f9ca66704f907fd6af14d7e55df5d411)</li> <li>Recalculate keyline state if it doesn't match the current container size (d0f5d721a1f83b3b115d7f20bf865fb1df9063a3)</li> </ul> </li> <li><code>Checkbox</code> <ul> <li>Update translations. (771119111e58d101f2540f0bbbb572073ff9c053)</li> </ul> </li> <li><code>Chip</code> <ul> <li>Get default minTouchTargetSize from material attributes (436437a6fbf2d28658fea46320a350db33c7a455)</li> <li>Add a <code>show all</code> Chip for a11y (8e334213fc806b399ec014bdf68a3778064de308)</li> <li>Updated flow layout to correctly layout padding when in RTL. (1eaf483fc94f522546d349e6984e24c15d226d18)</li> <li>Fix close icon focus ripple (a7ff8c9006b69cbfcc346f74ed8a9ebad6661346)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
10dc78f51f |
build(deps): bump @vitejs/plugin-react from 4.5.1 to 5.0.2 in /rust/gui-client (#10566)
Bumps [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) from 4.5.1 to 5.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite-plugin-react/releases"><code>@vitejs/plugin-react</code>'s releases</a>.</em></p> <blockquote> <h2>plugin-react@5.0.2</h2> <h3>Skip transform hook completely in rolldown-vite in dev if possible (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/783">#783</a>)</h3> <h2>plugin-react@5.0.1</h2> <h3>Set <code>optimizeDeps.rollupOptions.transform.jsx</code> instead of <code>optimizeDeps.rollupOptions.jsx</code> for rolldown-vite (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/735">#735</a>)</h3> <p><code>optimizeDeps.rollupOptions.jsx</code> is going to be deprecated in favor of <code>optimizeDeps.rollupOptions.transform.jsx</code>.</p> <h3>Perf: skip <code>babel-plugin-react-compiler</code> if code has no <code>"use memo"</code> when <code>{ compilationMode: "annotation" }</code> (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/734">#734</a>)</h3> <h3>Respect tsconfig <code>jsxImportSource</code> (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/726">#726</a>)</h3> <h3>Fix <code>reactRefreshHost</code> option on rolldown-vite (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/716">#716</a>)</h3> <h3>Fix <code>RefreshRuntime</code> being injected twice for class components on rolldown-vite (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/708">#708</a>)</h3> <h3>Skip <code>babel-plugin-react-compiler</code> on non client environment (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/689">689</a>)</h3> <h2>plugin-react@5.0.0</h2> <p>(Same content as v5.0.0-beta.0 <a href="https://github.com/vitejs/vite-plugin-react/releases/tag/plugin-react%405.0.0-beta.0">https://github.com/vitejs/vite-plugin-react/releases/tag/plugin-react%405.0.0-beta.0</a>)</p> <h3>Use Oxc for react refresh transform in rolldown-vite</h3> <p>When used with rolldown-vite, this plugin now uses Oxc for react refresh transform.</p> <p>Since this behavior is what <code>@vitejs/plugin-react-oxc</code> did, <code>@vitejs/plugin-react-oxc</code> is now deprecated and the <code>disableOxcRecommendation</code> option is removed.</p> <p>Also, while <code>@vitejs/plugin-react-oxc</code> used the production JSX transform even for <code>NODE_ENV=development</code> build, <code>@vitejs/plugin-react</code> uses the development JSX transform for <code>NODE_ENV=development</code> build.</p> <h3>Allow processing files in <code>node_modules</code></h3> <p>The default value of <code>exclude</code> options is now <code>[/\/node_modules\//]</code> to allow processing files in <code>node_modules</code> directory. It was previously <code>[]</code> and files in <code>node_modules</code> was always excluded regardless of the value of <code>exclude</code> option.</p> <h3><code>react</code> and <code>react-dom</code> is no longer added to <a href="https://vite.dev/config/#resolve-dedupe"><code>resolve.dedupe</code></a> automatically</h3> <p>Adding values to <code>resolve.dedupe</code> forces Vite to resolve them differently from how Node.js does, which can be confusing and may not be expected. This plugin no longer adds <code>react</code> and <code>react-dom</code> to <code>resolve.dedupe</code> automatically.</p> <p>If you encounter errors after upgrading, check your package.json for version mismatches in <code>dependencies</code> or <code>devDependencies</code>, as well as your package manager’s configuration. If you prefer the previous behavior, you can manually add <code>react</code> and <code>react-dom</code> to <code>resolve.dedupe</code>.</p> <h3>Remove old <code>babel-plugin-react-compiler</code> support that requires <code>runtimeModule</code> option</h3> <p><code>runtimeModule</code> option is no longer needed in newer <code>babel-plugin-react-compiler</code> versions. Make sure to use a newer version of <code>babel-plugin-react-compiler</code> that supports <code>target</code> option.</p> <h3>Require Node 20.19+, 22.12+</h3> <p>This plugin now requires Node 20.19+ or 22.12+.</p> <h2>plugin-react@5.0.0-beta.0</h2> <h3>Use Oxc for react refresh transform in rolldown-vite</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md"><code>@vitejs/plugin-react</code>'s changelog</a>.</em></p> <blockquote> <h2>5.0.2 (2025-08-28)</h2> <h3>Skip transform hook completely in rolldown-vite in dev if possible (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/783">#783</a>)</h3> <h2>5.0.1 (2025-08-19)</h2> <h3>Set <code>optimizeDeps.rollupOptions.transform.jsx</code> instead of <code>optimizeDeps.rollupOptions.jsx</code> for rolldown-vite (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/735">#735</a>)</h3> <p><code>optimizeDeps.rollupOptions.jsx</code> is going to be deprecated in favor of <code>optimizeDeps.rollupOptions.transform.jsx</code>.</p> <h3>Perf: skip <code>babel-plugin-react-compiler</code> if code has no <code>"use memo"</code> when <code>{ compilationMode: "annotation" }</code> (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/734">#734</a>)</h3> <h3>Respect tsconfig <code>jsxImportSource</code> (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/726">#726</a>)</h3> <h3>Fix <code>reactRefreshHost</code> option on rolldown-vite (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/716">#716</a>)</h3> <h3>Fix <code>RefreshRuntime</code> being injected twice for class components on rolldown-vite (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/708">#708</a>)</h3> <h3>Skip <code>babel-plugin-react-compiler</code> on non client environment (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/689">689</a>)</h3> <h2>5.0.0 (2025-08-07)</h2> <h2>5.0.0-beta.0 (2025-07-28)</h2> <h3>Use Oxc for react refresh transform in rolldown-vite</h3> <p>When used with rolldown-vite, this plugin now uses Oxc for react refresh transform.</p> <p>Since this behavior is what <code>@vitejs/plugin-react-oxc</code> did, <code>@vitejs/plugin-react-oxc</code> is now deprecated and the <code>disableOxcRecommendation</code> option is removed.</p> <p>Also, while <code>@vitejs/plugin-react-oxc</code> used the production JSX transform even for <code>NODE_ENV=development</code> build, <code>@vitejs/plugin-react</code> uses the development JSX transform for <code>NODE_ENV=development</code> build.</p> <h3>Allow processing files in <code>node_modules</code></h3> <p>The default value of <code>exclude</code> options is now <code>[/\/node_modules\//]</code> to allow processing files in <code>node_modules</code> directory. It was previously <code>[]</code> and files in <code>node_modules</code> was always excluded regardless of the value of <code>exclude</code> option.</p> <h3><code>react</code> and <code>react-dom</code> is no longer added to <a href="https://vite.dev/config/#resolve-dedupe"><code>resolve.dedupe</code></a> automatically</h3> <p>Adding values to <code>resolve.dedupe</code> forces Vite to resolve them differently from how Node.js does, which can be confusing and may not be expected. This plugin no longer adds <code>react</code> and <code>react-dom</code> to <code>resolve.dedupe</code> automatically.</p> <p>If you encounter errors after upgrading, check your package.json for version mismatches in <code>dependencies</code> or <code>devDependencies</code>, as well as your package manager’s configuration. If you prefer the previous behavior, you can manually add <code>react</code> and <code>react-dom</code> to <code>resolve.dedupe</code>.</p> <h3>Remove old <code>babel-plugin-react-compiler</code> support that requires <code>runtimeModule</code> option</h3> <p><code>runtimeModule</code> option is no longer needed in newer <code>babel-plugin-react-compiler</code> versions. Make sure to use a newer version of <code>babel-plugin-react-compiler</code> that supports <code>target</code> option.</p> <h3>Require Node 20.19+, 22.12+</h3> <p>This plugin now requires Node 20.19+ or 22.12+.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5cff6f840a |
build(deps): bump the okhttp group in /kotlin/android with 2 updates (#10561)
Bumps the okhttp group in /kotlin/android with 2 updates: [com.squareup.okhttp3:okhttp](https://github.com/square/okhttp) and [com.squareup.okhttp3:logging-interceptor](https://github.com/square/okhttp). Updates `com.squareup.okhttp3:okhttp` from 5.1.0 to 5.2.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/square/okhttp/blob/master/CHANGELOG.md">com.squareup.okhttp3:okhttp's changelog</a>.</em></p> <blockquote> <h2>Version 5.2.1</h2> <p><em>2025-10-09</em></p> <ul> <li> <p>Fix: Don't crash when calling <code>Socket.shutdownOutput()</code> or <code>shutdownInput()</code> on an <code>SSLSocket</code> on Android API 21 through 23. This method throws an <code>UnsupportedOperationException</code>, so we now catch that and close the underlying stream instead.</p> </li> <li> <p>Upgrade: [Okio 3.16.1][okio_3_16_1].</p> </li> </ul> <h2>Version 5.2.0</h2> <p><em>2025-10-07</em></p> <ul> <li> <p>New: Support [HTTP 101] responses with <code>Response.socket</code>. This mechanism is only supported on HTTP/1.1. We also reimplemented our websocket client to use this new mechanism.</p> </li> <li> <p>New: The <code>okhttp-zstd</code> module negotiates [Zstandard (zstd)][zstd] compression with servers that support it. It integrates a new (unstable) [ZSTD-KMP] library, also from Square. Enable it like this:</p> <pre lang="kotlin"><code>val client = OkHttpClient.Builder() .addInterceptor(CompressionInterceptor(Zstd, Gzip)) .build() </code></pre> </li> <li> <p>New: Support the <code>QUERY</code> HTTP method. You will need to set the <code>Request.cacheUrlOverride</code> property to cache calls made with this method. The <code>RequestBody.sha256()</code> may be helpful here; use it to compose a cache URL from the query body.</p> </li> <li> <p>New: Publish events when calls must wait to execute. <code>EventListener.dispatcherQueueStart()</code> is invoked when a call starts waiting, and <code>dispatcherQueueEnd()</code> is invoked when it's done.</p> </li> <li> <p>New: <code>Request.toCurl()</code> returns a copy-pasteable [curl] command consistent with Chrome’s and Firefox’s ‘copy as cURL’ features.</p> </li> <li> <p>New: Support [JPMS]. We replaced our <code>Automatic-Module-Name</code> metadata with proper <code>module-info.java</code> files.</p> </li> <li> <p>Fix: Recover gracefully when worker threads are interrupted. When we introduced fast fallback in OkHttp 5.0, we started using background threads while connecting. Sadly that code didn't handle interruptions well. This is now fixed.</p> </li> <li> <p>Upgrade: [Kotlin 2.2.20][kotlin_2_2_20].</p> </li> <li> <p>Upgrade: [Okio 3.16.0][okio_3_16_0].</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3ac2f27f83 |
build(deps): bump the react group in /rust/gui-client with 2 updates (#10565)
Bumps the react group in /rust/gui-client with 2 updates: [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) and [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router). Updates `@types/react` from 19.1.12 to 19.1.13 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare view</a></li> </ul> </details> <br /> Updates `react-router` from 7.8.2 to 7.9.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/releases">react-router's releases</a>.</em></p> <blockquote> <h2>v7.9.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791</a></p> <h2>v7.9.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's changelog</a>.</em></p> <blockquote> <h2>7.9.1</h2> <h3>Patch Changes</h3> <ul> <li>Fix internal <code>Future</code> interface naming from <code>middleware</code> -> <code>v8_middleware</code> (<a href="https://redirect.github.com/remix-run/react-router/pull/14327">#14327</a>)</li> </ul> <h2>7.9.0</h2> <h3>Minor Changes</h3> <ul> <li> <p>Stabilize middleware and context APIs. (<a href="https://redirect.github.com/remix-run/react-router/pull/14215">#14215</a>)</p> <p>We have removed the <code>unstable_</code> prefix from the following APIs and they are now considered stable and ready for production use:</p> <ul> <li><a href="https://reactrouter.com/api/utils/RouterContextProvider"><code>RouterContextProvider</code></a></li> <li><a href="https://reactrouter.com/api/utils/createContext"><code>createContext</code></a></li> <li><code>createBrowserRouter</code> <a href="https://reactrouter.com/api/data-routers/createBrowserRouter#optsgetcontext"><code>getContext</code></a> option</li> <li><code><HydratedRouter></code> <a href="https://reactrouter.com/api/framework-routers/HydratedRouter#getcontext"><code>getContext</code></a> prop</li> </ul> <p>Please see the <a href="https://reactrouter.com/how-to/middleware">Middleware Docs</a>, the <a href="https://github.com/remix-run/remix/discussions/7642">Middleware RFC</a>, and the <a href="https://github.com/remix-run/react-router/discussions/9856">Client-side Context RFC</a> for more information.</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li>Escape HTML in <code>meta()</code> JSON-LD content (<a href="https://redirect.github.com/remix-run/react-router/pull/14316">#14316</a>)</li> <li>Add react-server Await component implementation (<a href="https://redirect.github.com/remix-run/react-router/pull/14261">#14261</a>)</li> <li>In RSC Data Mode when using a custom basename, fix hydration errors for routes that only have client loaders (<a href="https://redirect.github.com/remix-run/react-router/pull/14264">#14264</a>)</li> <li>Make <code>href</code> function available in a react-server context (<a href="https://redirect.github.com/remix-run/react-router/pull/14262">#14262</a>)</li> <li>decode each time <code>getPayload()</code> is called to allow for "in-context" decoding and hoisting of contextual assets (<a href="https://redirect.github.com/remix-run/react-router/pull/14248">#14248</a>)</li> <li><code>href()</code> now correctly processes routes that have an extension after the parameter or are a single optional parameter. (<a href="https://redirect.github.com/remix-run/react-router/pull/13797">#13797</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
038aa6b590 |
feat(gateway): support systemd credentials (#10538)
For more permanent Gateway installations, or ones that are managed through something else other than our install script, it is useful to define the Gateway's token outside the systemd unit file. Systemd provides support for credentials via the `LoadCredential` and `LoadCredentialEncrypted` instructions. We just need a tiny bit of glue code in the Gateway to actually use that if it is set. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
4930aa7956 |
feat: allow setting Internet Resource from headless client (#10553)
Currently, the Internet Resource cannot be toggled on/off in the headless client. With #10509, the default state of the Internet Resource is now disabled, meaning users of the headless client are no longer able to use the Internet Resource. We fix this by introducing a new CLI argument `--activate-internet-resource` that can also be set via the env variable `FIREZONE_ACTIVATE_INTERNET_RESOURCE=true`. Resolves: #8342 |
||
|
Mariusz Klochowicz
|
cb50800d52 |
refactor(apple): Migrate iOS/macOS clients to UniFFI (#10368)
Replace callback-based Adapter with event polling-based AdapterUniFfi This change improves reliability by eliminating callback lifetime issues. |
||
|
Thomas Eizinger
|
039d0be7b8 |
fix(connlib): drop packets with bad source IP on clients (#10552)
When using the Internet Resource, it can happen that Clients are still receiving packets with a source IP that is different from the TUN IP. Such packets are dropped on the Gateway already today and therefore have never been routed to their destination. The Gateway cannot route these packets because the reply packets would have the original source address set as the destination and that one is not unique across all Firezone Clients. Without a unique destination, the Gateway cannot send the packet to the correct Client. Today, these packets are filtered on the Gateway and thus trigger an ICMP error. With the addition of #10462, we create a new flow for each one of these packets. To prevent this spam, we drop such packets early in the Client and don't even route them to the Gateway. |
||
|
Jamil
|
cfc410626c |
chore(portal): remove unused nimble_csv dep (#10548)
This was added I believe to export certain live tables as CSV and won't be used soon. |
||
|
dependabot[bot]
|
aaac95a0b6 |
build(deps): bump next from 15.5.2 to 15.5.3 in /website (#10556)
Bumps [next](https://github.com/vercel/next.js) from 15.5.2 to 15.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: validation return types of pages API routes (<a href="https://redirect.github.com/vercel/next.js/issues/83069">#83069</a>)</li> <li>fix: relative paths in dev in validator.ts (<a href="https://redirect.github.com/vercel/next.js/issues/83073">#83073</a>)</li> <li>fix: remove satisfies keyword from type validation to preserve old TS compatibility (<a href="https://redirect.github.com/vercel/next.js/issues/83071">#83071</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
d329880ec8 |
fix(portal): don't use Web functions from Domain (#10546)
Fixes an issue introduced in #10510 where Web functions (like VerifiedRoutes) cannot be called from Domain because they are not available in the release. This happens to work in dev mode because everything is available under the same dev context. |
||
|
Jamil
|
b61fd20de8 |
chore(portal): remove Jason in favor of JSON (#10550)
Since Elixir 1.18, json encoding and decoding support is included in the standard library. This is built on OTP's native json support which is often faster than other implementations. It mostly has the same API as the popular Jason library, differing mainly in the format of the error responses returned when decoding fails. To minimize dependence on external libraries, we remove the Jason lib in favor of this external dependency. Fixes #8011 |