github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,240 Commits 1 Branch 0 Tags
d35cf445d48da9ac37605bda90af4734495aed87
Commit Graph

2792 Commits

Author SHA1 Message Date
Thomas Eizinger
d35cf445d4 fix(linux): don't sync link-scope routes of offline interfaces (#10583) 
In #10554, we added a syncing mechanism that would copy all link-scoped
routes of the `main` routing table over to the Firezone routing table.
Routes for interfaces that are currently offline cannot be added and
cause a netlink error of "Invalid argument".

To prevent unnecessary warnings from being logged to Sentry, we retrieve
the link state of each interface and skip routes for interfaces are not
online.
 2025-10-16 05:34:10 +00:00
Mariusz Klochowicz
e76daaaab3 refactor: remove JSON serialization from FFI boundary (#10575) 
This PR eliminates JSON-based communication across the FFI boundary,
replacing it with proper
uniffi-generated types for improved type safety, performance, and
reliability. We replace JSON string parameters with native uniffi types
for:
 - Resources (DNS, CIDR, Internet)
 - Device information
 - DNS server lists
 - Network routes (CIDR representation)
 
Also, get rid of JSON serialisation in Swift client IPC in favour of
PropertyList based serialisation.
 
 Fixes: https://github.com/firezone/firezone/issues/9548

---------

Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
 2025-10-16 05:15:31 +00:00
Thomas Eizinger
08f8e886f1 chore(connlib): tune down INFO logs (#10574) 
Several of these INFO logs are actually quite noisy, like exchanging
candidates with Gateways or updating the allocation. We barely look at
the INFO logs from customers and primarily investigate issues with DEBUG
logs streamed to Sentry.
 2025-10-15 05:52:43 +00:00
Thomas Eizinger
df601be538 chore(rust): ban keys and values from HashMap (#10569) 
In addition to the `iter` functions, `keys` and `values` also iterate
over the contents of a `HashMap` and are thus non-deterministic. This
can create problems where our test-suite is non-deterministic.
 2025-10-14 22:44:17 +00:00
Thomas Eizinger
eb75cef467 fix(linux): allow LAN access when Internet Resource is on (#10554) 
## Context

On Linux, we create a dedicated routing table for all routes of the
Firezone TUN device, including the `0.0.0.0/0` route. At a minimum, this
routing table contains the following if the Internet Resource is active:

```
> ip route show table 539098368
default dev tun-firezone proto static
100.64.0.0/11 dev tun-firezone proto static
100.96.0.0/11 dev tun-firezone proto static
100.100.111.0/24 dev tun-firezone proto static
```

In addition, we also create a routing rule that bypasses this routing
table for all packets that are tagged with the `0xfd002021` mark:

```
> ip rule list
0:      from all lookup local
32765:  not from all fwmark 0xfd002021 lookup 539098368
32766:  from all lookup main
32767:  from all lookup default
```

Firezone's internal UDP and TCP sockets are tagged with this mark and
thus prevent routing loops where our own packets would otherwise get
redirected back into the tunnel.

Without the Internet Resource active, the rule `from all lookup main`
triggers for local LAN traffic and correctly route the traffic out via
that interface.

For example, on my computer, the Linux kernel created the following
route with the `link` scope in the main table:

```
192.168.188.0/24 dev wlp192s0 proto kernel scope link src 192.168.188.112 metric 600
```

## The problem

With the Internet Resource active, there is a problem. The default route
matches ALL destinations, including those for local LAN destinations
which should actually be sent out via a different interface. As a
result, local LAN traffic is broken on Linux as soon as the Internet
Resource is active. Instead of being sent out via the local interface,
these packets get sent to `tun-firezone` where they get forwarded to the
Gateway and then dropped because their source IP is not a Firezone
Client IP.

## Solution

Fixing this is unfortunately non-trivial. The best I could come up with
is to create a copy of all link-scoped routes in the Firezone routing
table and keep those in sync with all route changes that happen. For
example, when we roam, the link-scoped routes obviously change because
we join a new subnet.

We therefore listen to change-events from netlink and create a debounced
task that reads the current link-scoped routes from the main routing
table, compares it to the ones in the Firezone table and adds any routes
not present.

We don't need to worry about removing routes as link-scoped routes
automatically disappear once the resulting interface goes away.

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-10-14 20:36:58 +00:00
dependabot[bot]
bb4a0deb8c build(deps): bump @types/node from 22.15.30 to 24.4.0 in /rust/gui-client (#10564) 
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 22.15.30 to 24.4.0.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/node&package-manager=npm_and_yarn&previous-version=22.15.30&new-version=24.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-14 02:42:32 +00:00
dependabot[bot]
10dc78f51f build(deps): bump @vitejs/plugin-react from 4.5.1 to 5.0.2 in /rust/gui-client (#10566) 
Bumps
[@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react)
from 4.5.1 to 5.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite-plugin-react/releases"><code>@​vitejs/plugin-react</code>'s
releases</a>.</em></p>
<blockquote>
<h2>plugin-react@5.0.2</h2>
<h3>Skip transform hook completely in rolldown-vite in dev if possible
(<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/783">#783</a>)</h3>
<h2>plugin-react@5.0.1</h2>
<h3>Set <code>optimizeDeps.rollupOptions.transform.jsx</code> instead of
<code>optimizeDeps.rollupOptions.jsx</code> for rolldown-vite (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/735">#735</a>)</h3>
<p><code>optimizeDeps.rollupOptions.jsx</code> is going to be deprecated
in favor of <code>optimizeDeps.rollupOptions.transform.jsx</code>.</p>
<h3>Perf: skip <code>babel-plugin-react-compiler</code> if code has no
<code>&quot;use memo&quot;</code> when <code>{ compilationMode:
&quot;annotation&quot; }</code> (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/734">#734</a>)</h3>
<h3>Respect tsconfig <code>jsxImportSource</code> (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/726">#726</a>)</h3>
<h3>Fix <code>reactRefreshHost</code> option on rolldown-vite (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/716">#716</a>)</h3>
<h3>Fix <code>RefreshRuntime</code> being injected twice for class
components on rolldown-vite (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/708">#708</a>)</h3>
<h3>Skip <code>babel-plugin-react-compiler</code> on non client
environment (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/689">689</a>)</h3>
<h2>plugin-react@5.0.0</h2>
<p>(Same content as v5.0.0-beta.0 <a
href="https://github.com/vitejs/vite-plugin-react/releases/tag/plugin-react%405.0.0-beta.0">https://github.com/vitejs/vite-plugin-react/releases/tag/plugin-react%405.0.0-beta.0</a>)</p>
<h3>Use Oxc for react refresh transform in rolldown-vite</h3>
<p>When used with rolldown-vite, this plugin now uses Oxc for react
refresh transform.</p>
<p>Since this behavior is what <code>@vitejs/plugin-react-oxc</code>
did, <code>@vitejs/plugin-react-oxc</code> is now deprecated and the
<code>disableOxcRecommendation</code> option is removed.</p>
<p>Also, while <code>@vitejs/plugin-react-oxc</code> used the production
JSX transform even for <code>NODE_ENV=development</code> build,
<code>@vitejs/plugin-react</code> uses the development JSX transform for
<code>NODE_ENV=development</code> build.</p>
<h3>Allow processing files in <code>node_modules</code></h3>
<p>The default value of <code>exclude</code> options is now
<code>[/\/node_modules\//]</code> to allow processing files in
<code>node_modules</code> directory. It was previously <code>[]</code>
and files in <code>node_modules</code> was always excluded regardless of
the value of <code>exclude</code> option.</p>
<h3><code>react</code> and <code>react-dom</code> is no longer added to
<a
href="https://vite.dev/config/#resolve-dedupe"><code>resolve.dedupe</code></a>
automatically</h3>
<p>Adding values to <code>resolve.dedupe</code> forces Vite to resolve
them differently from how Node.js does, which can be confusing and may
not be expected. This plugin no longer adds <code>react</code> and
<code>react-dom</code> to <code>resolve.dedupe</code> automatically.</p>
<p>If you encounter errors after upgrading, check your package.json for
version mismatches in <code>dependencies</code> or
<code>devDependencies</code>, as well as your package manager’s
configuration. If you prefer the previous behavior, you can manually add
<code>react</code> and <code>react-dom</code> to
<code>resolve.dedupe</code>.</p>
<h3>Remove old <code>babel-plugin-react-compiler</code> support that
requires <code>runtimeModule</code> option</h3>
<p><code>runtimeModule</code> option is no longer needed in newer
<code>babel-plugin-react-compiler</code> versions. Make sure to use a
newer version of <code>babel-plugin-react-compiler</code> that supports
<code>target</code> option.</p>
<h3>Require Node 20.19+, 22.12+</h3>
<p>This plugin now requires Node 20.19+ or 22.12+.</p>
<h2>plugin-react@5.0.0-beta.0</h2>
<h3>Use Oxc for react refresh transform in rolldown-vite</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md"><code>@​vitejs/plugin-react</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>5.0.2 (2025-08-28)</h2>
<h3>Skip transform hook completely in rolldown-vite in dev if possible
(<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/783">#783</a>)</h3>
<h2>5.0.1 (2025-08-19)</h2>
<h3>Set <code>optimizeDeps.rollupOptions.transform.jsx</code> instead of
<code>optimizeDeps.rollupOptions.jsx</code> for rolldown-vite (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/735">#735</a>)</h3>
<p><code>optimizeDeps.rollupOptions.jsx</code> is going to be deprecated
in favor of <code>optimizeDeps.rollupOptions.transform.jsx</code>.</p>
<h3>Perf: skip <code>babel-plugin-react-compiler</code> if code has no
<code>&quot;use memo&quot;</code> when <code>{ compilationMode:
&quot;annotation&quot; }</code> (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/734">#734</a>)</h3>
<h3>Respect tsconfig <code>jsxImportSource</code> (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/726">#726</a>)</h3>
<h3>Fix <code>reactRefreshHost</code> option on rolldown-vite (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/716">#716</a>)</h3>
<h3>Fix <code>RefreshRuntime</code> being injected twice for class
components on rolldown-vite (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/708">#708</a>)</h3>
<h3>Skip <code>babel-plugin-react-compiler</code> on non client
environment (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/689">689</a>)</h3>
<h2>5.0.0 (2025-08-07)</h2>
<h2>5.0.0-beta.0 (2025-07-28)</h2>
<h3>Use Oxc for react refresh transform in rolldown-vite</h3>
<p>When used with rolldown-vite, this plugin now uses Oxc for react
refresh transform.</p>
<p>Since this behavior is what <code>@vitejs/plugin-react-oxc</code>
did, <code>@vitejs/plugin-react-oxc</code> is now deprecated and the
<code>disableOxcRecommendation</code> option is removed.</p>
<p>Also, while <code>@vitejs/plugin-react-oxc</code> used the production
JSX transform even for <code>NODE_ENV=development</code> build,
<code>@vitejs/plugin-react</code> uses the development JSX transform for
<code>NODE_ENV=development</code> build.</p>
<h3>Allow processing files in <code>node_modules</code></h3>
<p>The default value of <code>exclude</code> options is now
<code>[/\/node_modules\//]</code> to allow processing files in
<code>node_modules</code> directory. It was previously <code>[]</code>
and files in <code>node_modules</code> was always excluded regardless of
the value of <code>exclude</code> option.</p>
<h3><code>react</code> and <code>react-dom</code> is no longer added to
<a
href="https://vite.dev/config/#resolve-dedupe"><code>resolve.dedupe</code></a>
automatically</h3>
<p>Adding values to <code>resolve.dedupe</code> forces Vite to resolve
them differently from how Node.js does, which can be confusing and may
not be expected. This plugin no longer adds <code>react</code> and
<code>react-dom</code> to <code>resolve.dedupe</code> automatically.</p>
<p>If you encounter errors after upgrading, check your package.json for
version mismatches in <code>dependencies</code> or
<code>devDependencies</code>, as well as your package manager’s
configuration. If you prefer the previous behavior, you can manually add
<code>react</code> and <code>react-dom</code> to
<code>resolve.dedupe</code>.</p>
<h3>Remove old <code>babel-plugin-react-compiler</code> support that
requires <code>runtimeModule</code> option</h3>
<p><code>runtimeModule</code> option is no longer needed in newer
<code>babel-plugin-react-compiler</code> versions. Make sure to use a
newer version of <code>babel-plugin-react-compiler</code> that supports
<code>target</code> option.</p>
<h3>Require Node 20.19+, 22.12+</h3>
<p>This plugin now requires Node 20.19+ or 22.12+.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1f4b4d9523"><code>1f4b4d9</code></a>
release: plugin-react@5.0.2</li>
<li><a
href="c719e5d97d"><code>c719e5d</code></a>
perf(react): skip transform hook completely in rolldown-vite in dev if
possib...</li>
<li><a
href="9989897fd1"><code>9989897</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/773">#773</a>)</li>
<li><a
href="1ab26664ad"><code>1ab2666</code></a>
build: watch <code>common</code> package (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/748">#748</a>)</li>
<li><a
href="efe4344175"><code>efe4344</code></a>
release: plugin-react@5.0.1</li>
<li><a
href="126bdb0051"><code>126bdb0</code></a>
feat: set <code>optimizeDeps.rollupOptions.transform.jsx</code> instead
of `optimizeDeps...</li>
<li><a
href="d3934ada6f"><code>d3934ad</code></a>
perf(react): skip react compiler when <code>compilationMode:
&quot;annotation&quot;</code> but no ...</li>
<li><a
href="e2f0c78a4f"><code>e2f0c78</code></a>
fix(react): respect tsconfig jsxImportSource by default (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/726">#726</a>)</li>
<li><a
href="ba0323cfcd"><code>ba0323c</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/729">#729</a>)</li>
<li><a
href="d33f37db05"><code>d33f37d</code></a>
refactor(react): simplify rolldown-vite only plugins (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/720">#720</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.0.2/packages/plugin-react">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@vitejs/plugin-react&package-manager=npm_and_yarn&previous-version=4.5.1&new-version=5.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-14 00:13:52 +00:00
dependabot[bot]
3ac2f27f83 build(deps): bump the react group in /rust/gui-client with 2 updates (#10565) 
Bumps the react group in /rust/gui-client with 2 updates:
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)
and
[react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router).

Updates `@types/react` from 19.1.12 to 19.1.13
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `react-router` from 7.8.2 to 7.9.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/releases">react-router's
releases</a>.</em></p>
<blockquote>
<h2>v7.9.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791</a></p>
<h2>v7.9.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's
changelog</a>.</em></p>
<blockquote>
<h2>7.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>Fix internal <code>Future</code> interface naming from
<code>middleware</code> -&gt; <code>v8_middleware</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/14327">#14327</a>)</li>
</ul>
<h2>7.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p>Stabilize middleware and context APIs. (<a
href="https://redirect.github.com/remix-run/react-router/pull/14215">#14215</a>)</p>
<p>We have removed the <code>unstable_</code> prefix from the following
APIs and they are now considered stable and ready for production
use:</p>
<ul>
<li><a
href="https://reactrouter.com/api/utils/RouterContextProvider"><code>RouterContextProvider</code></a></li>
<li><a
href="https://reactrouter.com/api/utils/createContext"><code>createContext</code></a></li>
<li><code>createBrowserRouter</code> <a
href="https://reactrouter.com/api/data-routers/createBrowserRouter#optsgetcontext"><code>getContext</code></a>
option</li>
<li><code>&lt;HydratedRouter&gt;</code> <a
href="https://reactrouter.com/api/framework-routers/HydratedRouter#getcontext"><code>getContext</code></a>
prop</li>
</ul>
<p>Please see the <a
href="https://reactrouter.com/how-to/middleware">Middleware Docs</a>,
the <a
href="https://github.com/remix-run/remix/discussions/7642">Middleware
RFC</a>, and the <a
href="https://github.com/remix-run/react-router/discussions/9856">Client-side
Context RFC</a> for more information.</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Escape HTML in <code>meta()</code> JSON-LD content (<a
href="https://redirect.github.com/remix-run/react-router/pull/14316">#14316</a>)</li>
<li>Add react-server Await component implementation (<a
href="https://redirect.github.com/remix-run/react-router/pull/14261">#14261</a>)</li>
<li>In RSC Data Mode when using a custom basename, fix hydration errors
for routes that only have client loaders (<a
href="https://redirect.github.com/remix-run/react-router/pull/14264">#14264</a>)</li>
<li>Make <code>href</code> function available in a react-server context
(<a
href="https://redirect.github.com/remix-run/react-router/pull/14262">#14262</a>)</li>
<li>decode each time <code>getPayload()</code> is called to allow for
&quot;in-context&quot; decoding and hoisting of contextual assets (<a
href="https://redirect.github.com/remix-run/react-router/pull/14248">#14248</a>)</li>
<li><code>href()</code> now correctly processes routes that have an
extension after the parameter or are a single optional parameter. (<a
href="https://redirect.github.com/remix-run/react-router/pull/13797">#13797</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4a9a2a3ef0"><code>4a9a2a3</code></a>
chore: Update version for release (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14330">#14330</a>)</li>
<li><a
href="20c1fda4ef"><code>20c1fda</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14328">#14328</a>)</li>
<li><a
href="d1e95ee9fd"><code>d1e95ee</code></a>
Fix internal Future v8_middleware field naming (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14327">#14327</a>)</li>
<li><a
href="166d23478c"><code>166d234</code></a>
chore: format</li>
<li><a
href="7bc922e59b"><code>7bc922e</code></a>
Merge branch 'release-next' into dev</li>
<li><a
href="e7299c0b51"><code>e7299c0</code></a>
chore: Update version for release (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14326">#14326</a>)</li>
<li><a
href="0c916ad3d2"><code>0c916ad</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14317">#14317</a>)</li>
<li><a
href="0e77485579"><code>0e77485</code></a>
Escape JSON LD content in &lt;Meta /&gt; (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14316">#14316</a>)</li>
<li><a
href="11e28a980f"><code>11e28a9</code></a>
Typegen server-first routes in RSC Framework Mode (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14309">#14309</a>)</li>
<li><a
href="21191ccc48"><code>21191cc</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14312">#14312</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/remix-run/react-router/commits/react-router@7.9.1/packages/react-router">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-14 00:08:50 +00:00
Thomas Eizinger
038aa6b590 feat(gateway): support systemd credentials (#10538) 
For more permanent Gateway installations, or ones that are managed
through something else other than our install script, it is useful to
define the Gateway's token outside the systemd unit file.

Systemd provides support for credentials via the `LoadCredential` and
`LoadCredentialEncrypted` instructions. We just need a tiny bit of glue
code in the Gateway to actually use that if it is set.

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
 2025-10-14 00:07:49 +00:00
Thomas Eizinger
4930aa7956 feat: allow setting Internet Resource from headless client (#10553) 
Currently, the Internet Resource cannot be toggled on/off in the
headless client. With #10509, the default state of the Internet Resource
is now disabled, meaning users of the headless client are no longer able
to use the Internet Resource.

We fix this by introducing a new CLI argument
`--activate-internet-resource` that can also be set via the env variable
`FIREZONE_ACTIVATE_INTERNET_RESOURCE=true`.

Resolves: #8342
 2025-10-13 23:32:05 +00:00
Mariusz Klochowicz
cb50800d52 refactor(apple): Migrate iOS/macOS clients to UniFFI (#10368) 
Replace callback-based Adapter with event polling-based AdapterUniFfi

This change improves reliability by eliminating callback lifetime
issues.
 2025-10-13 23:13:52 +00:00
Thomas Eizinger
039d0be7b8 fix(connlib): drop packets with bad source IP on clients (#10552) 
When using the Internet Resource, it can happen that Clients are still
receiving packets with a source IP that is different from the TUN IP.
Such packets are dropped on the Gateway already today and therefore have
never been routed to their destination.

The Gateway cannot route these packets because the reply packets would
have the original source address set as the destination and that one is
not unique across all Firezone Clients. Without a unique destination,
the Gateway cannot send the packet to the correct Client.

Today, these packets are filtered on the Gateway and thus trigger an
ICMP error. With the addition of #10462, we create a new flow for each
one of these packets. To prevent this spam, we drop such packets early
in the Client and don't even route them to the Gateway.
 2025-10-13 22:54:26 +00:00
dependabot[bot]
d4a3a7404f build(deps): bump the aya group in /rust with 5 updates (#10519) 
Bumps the aya group in /rust with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [aya](https://github.com/aya-rs/aya) | ``ec3eacc`` | ``fe99fa1`` |
| [aya-build](https://github.com/aya-rs/aya) | ``ec3eacc`` | ``fe99fa1``
|
| [aya-ebpf](https://github.com/aya-rs/aya) | ``ec3eacc`` | ``fe99fa1``
|
| [aya-log](https://github.com/aya-rs/aya) | ``ec3eacc`` | ``fe99fa1`` |
| [aya-log-ebpf](https://github.com/aya-rs/aya) | ``ec3eacc`` |
``fe99fa1`` |

Updates `aya` from `ec3eacc` to `fe99fa1`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe99fa1d2e"><code>fe99fa1</code></a>
ebpf: run clippy with target=bpf</li>
<li><a
href="552b69367f"><code>552b693</code></a>
xtask: remove outdated snippet</li>
<li><a
href="bb45904b08"><code>bb45904</code></a>
xtask: patch gen_init_cpio.c</li>
<li><a
href="8e31f5fa43"><code>8e31f5f</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1355">#1355</a> from
aya-rs/dependabot/cargo/cargo-crates-7838c61200</li>
<li><a
href="ace02870f2"><code>ace0287</code></a>
build(deps): update cargo_metadata requirement in the cargo-crates
group</li>
<li><a
href="5f5305c2a8"><code>5f5305c</code></a>
lint all crates; enable strict pointer lints</li>
<li>See full diff in <a
href="ec3eacc1d8...fe99fa1d2e">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-build` from `ec3eacc` to `fe99fa1`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe99fa1d2e"><code>fe99fa1</code></a>
ebpf: run clippy with target=bpf</li>
<li><a
href="552b69367f"><code>552b693</code></a>
xtask: remove outdated snippet</li>
<li><a
href="bb45904b08"><code>bb45904</code></a>
xtask: patch gen_init_cpio.c</li>
<li><a
href="8e31f5fa43"><code>8e31f5f</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1355">#1355</a> from
aya-rs/dependabot/cargo/cargo-crates-7838c61200</li>
<li><a
href="ace02870f2"><code>ace0287</code></a>
build(deps): update cargo_metadata requirement in the cargo-crates
group</li>
<li><a
href="5f5305c2a8"><code>5f5305c</code></a>
lint all crates; enable strict pointer lints</li>
<li>See full diff in <a
href="ec3eacc1d8...fe99fa1d2e">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-ebpf` from `ec3eacc` to `fe99fa1`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe99fa1d2e"><code>fe99fa1</code></a>
ebpf: run clippy with target=bpf</li>
<li><a
href="552b69367f"><code>552b693</code></a>
xtask: remove outdated snippet</li>
<li><a
href="bb45904b08"><code>bb45904</code></a>
xtask: patch gen_init_cpio.c</li>
<li><a
href="8e31f5fa43"><code>8e31f5f</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1355">#1355</a> from
aya-rs/dependabot/cargo/cargo-crates-7838c61200</li>
<li><a
href="ace02870f2"><code>ace0287</code></a>
build(deps): update cargo_metadata requirement in the cargo-crates
group</li>
<li><a
href="5f5305c2a8"><code>5f5305c</code></a>
lint all crates; enable strict pointer lints</li>
<li>See full diff in <a
href="ec3eacc1d8...fe99fa1d2e">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-log` from `ec3eacc` to `fe99fa1`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe99fa1d2e"><code>fe99fa1</code></a>
ebpf: run clippy with target=bpf</li>
<li><a
href="552b69367f"><code>552b693</code></a>
xtask: remove outdated snippet</li>
<li><a
href="bb45904b08"><code>bb45904</code></a>
xtask: patch gen_init_cpio.c</li>
<li><a
href="8e31f5fa43"><code>8e31f5f</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1355">#1355</a> from
aya-rs/dependabot/cargo/cargo-crates-7838c61200</li>
<li><a
href="ace02870f2"><code>ace0287</code></a>
build(deps): update cargo_metadata requirement in the cargo-crates
group</li>
<li><a
href="5f5305c2a8"><code>5f5305c</code></a>
lint all crates; enable strict pointer lints</li>
<li>See full diff in <a
href="ec3eacc1d8...fe99fa1d2e">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-log-ebpf` from `ec3eacc` to `fe99fa1`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe99fa1d2e"><code>fe99fa1</code></a>
ebpf: run clippy with target=bpf</li>
<li><a
href="552b69367f"><code>552b693</code></a>
xtask: remove outdated snippet</li>
<li><a
href="bb45904b08"><code>bb45904</code></a>
xtask: patch gen_init_cpio.c</li>
<li><a
href="8e31f5fa43"><code>8e31f5f</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1355">#1355</a> from
aya-rs/dependabot/cargo/cargo-crates-7838c61200</li>
<li><a
href="ace02870f2"><code>ace0287</code></a>
build(deps): update cargo_metadata requirement in the cargo-crates
group</li>
<li><a
href="5f5305c2a8"><code>5f5305c</code></a>
lint all crates; enable strict pointer lints</li>
<li>See full diff in <a
href="ec3eacc1d8...fe99fa1d2e">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-13 09:55:23 +00:00
dependabot[bot]
ea997146d3 build(deps): bump vite from 6.3.5 to 6.3.6 in /rust/gui-client in the npm_and_yarn group across 1 directory (#10545) 
Bumps the npm_and_yarn group with 1 update in the /rust/gui-client
directory:
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).

Updates `vite` from 6.3.5 to 6.3.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.6</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->6.3.6 (2025-09-08)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: apply <code>fs.strict</code> check to HTML files (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>)
(<a
href="0ab19ea9fc">0ab19ea</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/20736">#20736</a></li>
<li>fix: upgrade sirv to 3.0.2 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735">#20735</a>)
(<a
href="e11d24008b">e11d240</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/20735">#20735</a></li>
<li>test: detect ts support via <code>process.features</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544">#20544</a>)
(<a
href="7d9922972b">7d99229</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/20544">#20544</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3f337c5e24"><code>3f337c5</code></a>
release: v6.3.6</li>
<li><a
href="e11d24008b"><code>e11d240</code></a>
fix: upgrade sirv to 3.0.2 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735">#20735</a>)</li>
<li><a
href="0ab19ea9fc"><code>0ab19ea</code></a>
fix: apply <code>fs.strict</code> check to HTML files (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>)</li>
<li><a
href="7d9922972b"><code>7d99229</code></a>
test: detect ts support via <code>process.features</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544">#20544</a>)</li>
<li>See full diff in <a
href="https://github.com/vitejs/vite/commits/v6.3.6/packages/vite">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vite&package-manager=npm_and_yarn&previous-version=6.3.5&new-version=6.3.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-12 19:20:59 +00:00
dependabot[bot]
57970c56f1 build(deps): bump the tailwind group in /rust/gui-client with 3 updates (#10526) 
Bumps the tailwind group in /rust/gui-client with 3 updates:
[@tailwindcss/cli](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli),
[@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite)
and
[tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss).

Updates `@tailwindcss/cli` from 4.1.12 to 4.1.13
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases"><code>@​tailwindcss/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v4.1.13</h2>
<h3>Changed</h3>
<ul>
<li>Drop warning from browser build (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18731">#18731</a>)</li>
<li>Drop exact duplicate declarations when emitting CSS (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18809">#18809</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Don't transition <code>visibility</code> when using
<code>transition</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18795">#18795</a>)</li>
<li>Discard matched variants with unknown named values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Discard matched variants with non-string values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Show suggestions for known <code>matchVariant</code> values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18798">#18798</a>)</li>
<li>Replace deprecated <code>clip</code> with <code>clip-path</code> in
<code>sr-only</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18769">#18769</a>)</li>
<li>Hide internal fields from completions in <code>matchUtilities</code>
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18820">#18820</a>)</li>
<li>Ignore <code>.vercel</code> folders by default (can be overridden by
<code>@source …</code> rules) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18855">#18855</a>)</li>
<li>Consider variants starting with <code>@-</code> to be invalid (e.g.
<code>@-2xl:flex</code>) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18869">#18869</a>)</li>
<li>Do not allow custom variants to start or end with a <code>-</code>
or <code>_</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18867">#18867</a>,
<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18872">#18872</a>)</li>
<li>Upgrade: Migrate <code>aria</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18815">#18815</a>)</li>
<li>Upgrade: Migrate <code>data</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18816">#18816</a>)</li>
<li>Upgrade: Migrate <code>supports</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18817">#18817</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md"><code>@​tailwindcss/cli</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.13] - 2025-09-03</h2>
<h3>Changed</h3>
<ul>
<li>Drop warning from browser build (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18731">#18731</a>)</li>
<li>Drop exact duplicate declarations when emitting CSS (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18809">#18809</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Don't transition <code>visibility</code> when using
<code>transition</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18795">#18795</a>)</li>
<li>Discard matched variants with unknown named values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Discard matched variants with non-string values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Show suggestions for known <code>matchVariant</code> values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18798">#18798</a>)</li>
<li>Replace deprecated <code>clip</code> with <code>clip-path</code> in
<code>sr-only</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18769">#18769</a>)</li>
<li>Hide internal fields from completions in <code>matchUtilities</code>
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18820">#18820</a>)</li>
<li>Ignore <code>.vercel</code> folders by default (can be overridden by
<code>@source …</code> rules) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18855">#18855</a>)</li>
<li>Consider variants starting with <code>@-</code> to be invalid (e.g.
<code>@-2xl:flex</code>) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18869">#18869</a>)</li>
<li>Do not allow custom variants to start or end with a <code>-</code>
or <code>_</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18867">#18867</a>,
<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18872">#18872</a>)</li>
<li>Upgrade: Migrate <code>aria</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18815">#18815</a>)</li>
<li>Upgrade: Migrate <code>data</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18816">#18816</a>)</li>
<li>Upgrade: Migrate <code>supports</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18817">#18817</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1334c99db8"><code>1334c99</code></a>
Prepare v4.1.13 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli/issues/18868">#18868</a>)</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.13/packages/@tailwindcss-cli">compare
view</a></li>
</ul>
</details>
<br />

Updates `@tailwindcss/vite` from 4.1.12 to 4.1.13
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases"><code>@​tailwindcss/vite</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v4.1.13</h2>
<h3>Changed</h3>
<ul>
<li>Drop warning from browser build (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18731">#18731</a>)</li>
<li>Drop exact duplicate declarations when emitting CSS (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18809">#18809</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Don't transition <code>visibility</code> when using
<code>transition</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18795">#18795</a>)</li>
<li>Discard matched variants with unknown named values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Discard matched variants with non-string values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Show suggestions for known <code>matchVariant</code> values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18798">#18798</a>)</li>
<li>Replace deprecated <code>clip</code> with <code>clip-path</code> in
<code>sr-only</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18769">#18769</a>)</li>
<li>Hide internal fields from completions in <code>matchUtilities</code>
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18820">#18820</a>)</li>
<li>Ignore <code>.vercel</code> folders by default (can be overridden by
<code>@source …</code> rules) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18855">#18855</a>)</li>
<li>Consider variants starting with <code>@-</code> to be invalid (e.g.
<code>@-2xl:flex</code>) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18869">#18869</a>)</li>
<li>Do not allow custom variants to start or end with a <code>-</code>
or <code>_</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18867">#18867</a>,
<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18872">#18872</a>)</li>
<li>Upgrade: Migrate <code>aria</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18815">#18815</a>)</li>
<li>Upgrade: Migrate <code>data</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18816">#18816</a>)</li>
<li>Upgrade: Migrate <code>supports</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18817">#18817</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md"><code>@​tailwindcss/vite</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.13] - 2025-09-03</h2>
<h3>Changed</h3>
<ul>
<li>Drop warning from browser build (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18731">#18731</a>)</li>
<li>Drop exact duplicate declarations when emitting CSS (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18809">#18809</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Don't transition <code>visibility</code> when using
<code>transition</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18795">#18795</a>)</li>
<li>Discard matched variants with unknown named values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Discard matched variants with non-string values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Show suggestions for known <code>matchVariant</code> values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18798">#18798</a>)</li>
<li>Replace deprecated <code>clip</code> with <code>clip-path</code> in
<code>sr-only</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18769">#18769</a>)</li>
<li>Hide internal fields from completions in <code>matchUtilities</code>
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18820">#18820</a>)</li>
<li>Ignore <code>.vercel</code> folders by default (can be overridden by
<code>@source …</code> rules) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18855">#18855</a>)</li>
<li>Consider variants starting with <code>@-</code> to be invalid (e.g.
<code>@-2xl:flex</code>) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18869">#18869</a>)</li>
<li>Do not allow custom variants to start or end with a <code>-</code>
or <code>_</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18867">#18867</a>,
<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18872">#18872</a>)</li>
<li>Upgrade: Migrate <code>aria</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18815">#18815</a>)</li>
<li>Upgrade: Migrate <code>data</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18816">#18816</a>)</li>
<li>Upgrade: Migrate <code>supports</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18817">#18817</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1334c99db8"><code>1334c99</code></a>
Prepare v4.1.13 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/18868">#18868</a>)</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.13/packages/@tailwindcss-vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `tailwindcss` from 4.1.12 to 4.1.13
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.13</h2>
<h3>Changed</h3>
<ul>
<li>Drop warning from browser build (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18731">#18731</a>)</li>
<li>Drop exact duplicate declarations when emitting CSS (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18809">#18809</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Don't transition <code>visibility</code> when using
<code>transition</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18795">#18795</a>)</li>
<li>Discard matched variants with unknown named values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Discard matched variants with non-string values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Show suggestions for known <code>matchVariant</code> values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18798">#18798</a>)</li>
<li>Replace deprecated <code>clip</code> with <code>clip-path</code> in
<code>sr-only</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18769">#18769</a>)</li>
<li>Hide internal fields from completions in <code>matchUtilities</code>
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18820">#18820</a>)</li>
<li>Ignore <code>.vercel</code> folders by default (can be overridden by
<code>@source …</code> rules) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18855">#18855</a>)</li>
<li>Consider variants starting with <code>@-</code> to be invalid (e.g.
<code>@-2xl:flex</code>) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18869">#18869</a>)</li>
<li>Do not allow custom variants to start or end with a <code>-</code>
or <code>_</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18867">#18867</a>,
<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18872">#18872</a>)</li>
<li>Upgrade: Migrate <code>aria</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18815">#18815</a>)</li>
<li>Upgrade: Migrate <code>data</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18816">#18816</a>)</li>
<li>Upgrade: Migrate <code>supports</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18817">#18817</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md">tailwindcss's
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.13] - 2025-09-03</h2>
<h3>Changed</h3>
<ul>
<li>Drop warning from browser build (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18731">#18731</a>)</li>
<li>Drop exact duplicate declarations when emitting CSS (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/18809">#18809</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Don't transition <code>visibility</code> when using
<code>transition</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18795">#18795</a>)</li>
<li>Discard matched variants with unknown named values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Discard matched variants with non-string values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18799">#18799</a>)</li>
<li>Show suggestions for known <code>matchVariant</code> values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18798">#18798</a>)</li>
<li>Replace deprecated <code>clip</code> with <code>clip-path</code> in
<code>sr-only</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18769">#18769</a>)</li>
<li>Hide internal fields from completions in <code>matchUtilities</code>
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18820">#18820</a>)</li>
<li>Ignore <code>.vercel</code> folders by default (can be overridden by
<code>@source …</code> rules) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18855">#18855</a>)</li>
<li>Consider variants starting with <code>@-</code> to be invalid (e.g.
<code>@-2xl:flex</code>) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18869">#18869</a>)</li>
<li>Do not allow custom variants to start or end with a <code>-</code>
or <code>_</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18867">#18867</a>,
<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18872">#18872</a>)</li>
<li>Upgrade: Migrate <code>aria</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18815">#18815</a>)</li>
<li>Upgrade: Migrate <code>data</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18816">#18816</a>)</li>
<li>Upgrade: Migrate <code>supports</code> theme keys to
<code>@custom-variant</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18817">#18817</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1334c99db8"><code>1334c99</code></a>
Prepare v4.1.13 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18868">#18868</a>)</li>
<li><a
href="65dc530f05"><code>65dc530</code></a>
Do not allow variants to end with <code>-</code> or <code>_</code> (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18872">#18872</a>)</li>
<li><a
href="54c3f308e9"><code>54c3f30</code></a>
Do not allow variants to start with <code>-</code> (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18867">#18867</a>)</li>
<li><a
href="494051ca08"><code>494051c</code></a>
Consider variants starting with <code>@-</code> to be invalid (e.g.
<code>@-2xl:flex</code>) (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18869">#18869</a>)</li>
<li><a
href="c318329a1e"><code>c318329</code></a>
chore: remove redundant words (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18853">#18853</a>)</li>
<li><a
href="ddc84b079b"><code>ddc84b0</code></a>
update test after prettier change</li>
<li><a
href="f1331a857a"><code>f1331a8</code></a>
run prettier</li>
<li><a
href="e5513b6c75"><code>e5513b6</code></a>
Fix missing code block delimiters in comment blocks (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18837">#18837</a>)</li>
<li><a
href="5e2a160d8b"><code>5e2a160</code></a>
Drop exact duplicate declarations from output CSS within a style rule
(<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18809">#18809</a>)</li>
<li><a
href="b1fb02a2d7"><code>b1fb02a</code></a>
Hide internal fields from completions in <code>matchUtilities</code> (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18820">#18820</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.13/packages/tailwindcss">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-12 12:03:43 +00:00
dependabot[bot]
c5728d2ee6 build(deps): bump @fontsource-variable/source-sans-3 from 5.2.8 to 5.2.9 in /rust/gui-client (#10527) 
Bumps
[@fontsource-variable/source-sans-3](https://github.com/fontsource/font-files/tree/HEAD/fonts/variable/source-sans-3)
from 5.2.8 to 5.2.9.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/fontsource/font-files/commits/HEAD/fonts/variable/source-sans-3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@fontsource-variable/source-sans-3&package-manager=npm_and_yarn&previous-version=5.2.8&new-version=5.2.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-12 08:33:34 +00:00
dependabot[bot]
5d7a3d1628 build(deps): bump @tauri-apps/cli from 2.8.3 to 2.8.4 in /rust/gui-client in the tauri group (#10525) 
Bumps the tauri group in /rust/gui-client with 1 update:
[@tauri-apps/cli](https://github.com/tauri-apps/tauri).

Updates `@tauri-apps/cli` from 2.8.3 to 2.8.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/cli</code> v2.8.4</h2>
<h2>[2.8.4]</h2>
<h3>Enhancements</h3>
<ul>
<li><a
href="f70b28529d"><code>f70b28529</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14093">#14093</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Ensure Rust targets for mobile are installed when running the dev and
build commands (previously only checked on init).</li>
<li><a
href="a9b342125d"><code>a9b342125</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14114">#14114</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Fix iOS dev and build targeting the simulator on Intel machines.</li>
<li><a
href="61b9b681e8"><code>61b9b681e</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14111">#14111</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Retain <code>RUST_*</code> environment variables when running the mobile
commands.</li>
<li><a
href="c23bec62d6"><code>c23bec62d</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14083">#14083</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
Tauri now ignores <code>macOS.minimumSystemVersion</code> in <code>tauri
dev</code> to prevent forced rebuilds of macOS specific dependencies
when using something like <code>rust-analyzer</code> at the same time as
<code>tauri dev</code>.</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="c37a298331"><code>c37a29833</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14112">#14112</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Fix usage with Deno failing with <code>ReferenceError: require is not
defined</code>.</li>
<li><a
href="bcf000c0a8"><code>bcf000c0a</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14110">#14110</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Fixes running <code>ios</code> commands with <code>deno</code> crashing
due to incorrect current working directory resolution.</li>
<li><a
href="7db7142f9f"><code>7db7142f9</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14119">#14119</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Fixes empty device name when using an Android emulator causing the
emulator to never be detected as running.</li>
<li><a
href="956b4fd6ff"><code>956b4fd6f</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14106">#14106</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Use the correct export method on Xcode &lt; 15.4.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>tauri-cli@2.8.4</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="80eadb7387"><code>80eadb7</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14100">#14100</a>)</li>
<li><a
href="346a420812"><code>346a420</code></a>
docs: improve resources docs (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14136">#14136</a>)</li>
<li><a
href="5239d39149"><code>5239d39</code></a>
chore(deps): update dependency rollup to v4.50.0 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14127">#14127</a>)</li>
<li><a
href="0b1da30d28"><code>0b1da30</code></a>
chore(tauri): update documentation for home_dir on iOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14121">#14121</a>)</li>
<li><a
href="7db7142f9f"><code>7db7142</code></a>
fix(cli): empty Android emulator name (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14119">#14119</a>)</li>
<li><a
href="a9b342125d"><code>a9b3421</code></a>
fix(cli): iOS simulator dev/build on Apple Intel, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/13456">#13456</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14114">#14114</a>)</li>
<li><a
href="bcf000c0a8"><code>bcf000c</code></a>
fix(cli): ios command failing when running with deno, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/13547">#13547</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14110">#14110</a>)</li>
<li><a
href="61b9b681e8"><code>61b9b68</code></a>
feat(cli): retain all RUST_* env vars on mobile commands (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14111">#14111</a>)</li>
<li><a
href="c37a298331"><code>c37a298</code></a>
fix(cli): set package type for Deno (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14112">#14112</a>)</li>
<li><a
href="b8b866fcc7"><code>b8b866f</code></a>
fix(examples): update tauri-plugin-log</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v2.8.3...@tauri-apps/cli-v2.8.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@tauri-apps/cli&package-manager=npm_and_yarn&previous-version=2.8.3&new-version=2.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-12 08:30:24 +00:00
Thomas Eizinger
5600011d65 fix(connlib): patch mio to resolve panic bug on Windows (#10543) 
The `mio` library which underpins `tokio` has a bug on Windows in
regards to named pipes where under certain circumstances an "unreachable
code" section is entered. See
https://github.com/tokio-rs/mio/issues/1819 for the upstream bug report.

In this PR, we patch in a fork of `mio` that aims to fix these issues by
handling the state transitions more gracefully. I am not a Windows
expert by any means so this will need some rigorous testing to make sure
the IPC channel between GUI and Tunnel service still works reliably.

Related: https://github.com/tokio-rs/mio/pull/1903
 2025-10-12 08:00:36 +00:00
Thomas Eizinger
5b60d9d64d fix(gui-client): don't stop service after upgrade on Fedora (#10539) 
On Fedora, when a package gets upgraded, the new package is installed
first, followed by the uninstall of the old package. As a result, the
`prerm` script is called after the `postinst` script of the new package.

In our `prerm` script, we stop the tunnel service. On package upgrades,
this results in us stopping the tunnel service after installing the new
package, confronting the user with an error that the tunnel service is
not running.

`rpm` passes arguments to these maintenance scripts. In the case of
`prerm`, we receive the count of how many other instances of this
packages are installed. To fix this bug, we check whether the first
argument to the script is "1", meaning that we are being upgraded and
should not stop the tunnel service.
 2025-10-09 23:53:32 +00:00
Thomas Eizinger
8ccf8b90bc chore(tests): remove comments from regression seeds file (#10534) 
Whilst the regression seeds file itself is useful to have a fixed set of
tests that are always run, the comments what a specific seed samples to
quickly get outdated as the test suite evolves. Therefore, we remove the
comments to not confuse developers.
 2025-10-08 05:21:47 +00:00
Thomas Eizinger
1140f6ffa3 feat(clients): cache DNS responses (#10533) 
Firezone Clients set themselves as the system-wide DNS resolver on
startup. This is necessary to intercept queries for DNS resources which
resolve to proxy IPs whilst Firezone is active.

All DNS queries for non-resources are forwarded to either the resolver
defined on the system or the ones defined in the portal (if any). These
DNS servers can also be CIDR resources in which cases the queries get
forwarded through the tunnel to a Gateway.

Right now, the responses from these DNS servers are never cached. DNS is
pretty heavily relied on on most systems and having DNS fail or be slow
usually results in a bad user experience.

To improve on this, we embed a small DNS cache into connlib where for
each query, we first try to answer it from the cache. Queries otherwise
forwarded to the system/upstream resolver or through the tunnel will see
a much improved response time with this change.

When serving responses from this cache, the TTL is decremented
automatically based on how much time has passed since the entry was
first added to the cache. Outside of the response time being ~1ms, this
makes the cache fully transparent.

Resolves: #10508
 2025-10-08 03:26:27 +00:00
Thomas Eizinger
8fc2ef8ad1 fix(clients): set Internet Resource state on startup (#10509) 
Building on top of #10507, setting the initial Internet Resource state
is a piece of cake. All we need to do is thread a boolean variable
through to all call-sites of `Session::connect`. Without the need for
the Internet Resource's ID, we can simply pass in the boolean that is
saved in the configuration of each client.

Resolves: #10255
 2025-10-07 07:13:52 +00:00
Thomas Eizinger
36dfee2c42 refactor(connlib): explicitly enable/disable Internet Resource (#10507) 
Instead of the generic "disable any kind of resource"-functionality that
connlib currently exposes, we now provide an API to only enable /
disable the Internet Resource. This is a lot simpler to deal with and
reason about than the previous system, especially when it comes to the
proptests. Those need to model connlib's behaviour correctly across its
entire API surface which makes them unnecessarily complex if we only
ever use the `set_disabled_resources` API with a single resource.

In preparation for #4789, I want to extend the proptests to cover
traffic filters (#7126). This will make them a fair bit more
complicated, so any prior removal of complexity is appreciated.

Simplifying the implementation here is also a good starting point to fix
#10255. Not implicitly enabling the Internet Resource when it gets added
should be quite simple after this change.

Finally, resolving #8885 should also be quite easy. We just need to
store the state of the Internet Resource once per API URL instead of
globally.

Resolves: #8404

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-10-07 00:26:07 +00:00
Thomas Eizinger
531a84268f fix(connlib): always process all errors from tunnel (#10500) 
In #10347, we made sure that we always return all errors that happen
during a single tick of the event-loop. What we overlooked is that as
part of handling the errors, we need to use `continue` to jump to the
next one instead of returning directly from the function.

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
 2025-10-06 17:07:53 +00:00
Thomas Eizinger
e9e8792512 feat(connlib): tune down logs for recently disconnected clients (#10501) 
When a Client disconnects from a Gateway, we might still be receiving
packets that are either in-flight or are still being sent by the
resource. For some amount of time after a disconnect, this is expected
and not worth logging a warning for.

With this PR, we define this time to be 60s. If we cannot look up a
connection either by ID, session index or public key but the peer has
disconnected within the last 60s, we will now only print a DEBUG log
instead of a WARN.

Resolves: #10175
 2025-10-03 13:08:06 +00:00
Thomas Eizinger
2cc13cea24 refactor(connlib): set ECN bits directly on Transmit (#10497) 
Instead of mirroring the ECN bits of an IP packet on the resulting UDP
packet in the event-loop, we can extend `Transmit` with an `ecn` field
and directly set it every time we construct a `Transmit`, mirroring the
ECN bits from the inner IP packet if the UDP packet contains an
encapsulated IP packet.

Extracted from #10485
 2025-10-03 13:02:17 +00:00
Thomas Eizinger
881514edfc fix(connlib): log fragmented IP packets on debug (#10488) 
When an application sends UDP packets that are larger than the MTU of
the underlying interface, the kernel fragments the packet at the IP
level. Firezone does not support fragmented IP packets because we need
to pack each IP packet into a UDP packet.

Right now, we don't check for fragmented IP packets which results in
packet parsing errors because the slice we are trying to parse the
packet from is not long enough.

To avoid spamming Sentry in these cases, we explicitly check for
fragmented IP packets and only log those on DEBUG.

Resolves: #10335
 2025-10-02 05:03:12 +00:00
dependabot[bot]
815add151f build(deps): bump zbus from 5.9.0 to 5.11.0 in /rust (#10453) 
Bumps [zbus](https://github.com/dbus2/zbus) from 5.9.0 to 5.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dbus2/zbus/releases">zbus's
releases</a>.</em></p>
<blockquote>
<h2>🔖 zbus 5.11.0</h2>
<ul>
<li> API to specify timeouts for method calls. Add a way to specify an
timeout for method calls. If
set, the method calls will timeout after the specified duration,
returning an error. This can be
used to handle the issues with non-answering D-Bus services.</li>
<li>🩹 Add <code>connection::socket::Split::new</code> method, allowing
<code>Socket</code> trait impls outside zbus.</li>
<li>📝 Mention receive_X_changes in <code>proxy</code> docs.</li>
</ul>
<h2>🔖 zbus 5.10.0</h2>
<ul>
<li> Property stream will now first yield the current value.</li>
<li>🐛 Fall back to no groups rather than erroring out for peer
creds.</li>
<li>📝 Fix wrong documentation in blocking <code>Proxy</code>
methods.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="edd9a3c3d3"><code>edd9a3c</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1494">#1494</a> from
zeenix/prep-zb-5.11</li>
<li><a
href="ee3fb1b4f7"><code>ee3fb1b</code></a>
🔖 zb,zm: Release 5.11.0</li>
<li><a
href="9f85ee4b3d"><code>9f85ee4</code></a>
 zb: Much shorter timeout in method timeout test</li>
<li><a
href="000039a7d8"><code>000039a</code></a>
♻️ zb: Micro simplification</li>
<li><a
href="dbd853e3be"><code>dbd853e</code></a>
⬆️ micro: Update chrono to v0.4.42 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1493">#1493</a>)</li>
<li><a
href="bd4d5c722e"><code>bd4d5c7</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1491">#1491</a> from
dbus2/security-policy</li>
<li><a
href="29825e74cc"><code>29825e7</code></a>
🔒️ Add comprehensive security policy</li>
<li><a
href="e46151c9ad"><code>e46151c</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1477">#1477</a> from
sergeyfd/main</li>
<li><a
href="979f5f9030"><code>979f5f9</code></a>
 zb: API to specify timeouts for method calls</li>
<li><a
href="442063d295"><code>442063d</code></a>
⬆️ micro: Update time to v0.3.43 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1490">#1490</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/dbus2/zbus/compare/zbus-5.9.0...zbus-5.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zbus&package-manager=cargo&previous-version=5.9.0&new-version=5.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-02 05:02:51 +00:00
Thomas Eizinger
cfbdc30123 refactor(connlib): move log into state (#10498) 
Instead of logging this inside the event-loop, it is better to move it
into the corresponding handler function to free up the event-loop from
as much "logic" as possible. It should ideally only be concerned with
linking the state machine with the IO components that actually cause the
side-effects.
 2025-10-01 04:16:41 +00:00
Thomas Eizinger
a297c6dbbd chore: differentiate between shutdown and shut down (#10494) 
In a prior code review, CoPilot flagged that we were using the noun
"shutdown" as a verb in certain places.

Resolves: #10425
 2025-10-01 02:55:22 +00:00
dependabot[bot]
1baf1f3a6e build(deps): bump known-folders from 1.2.0 to 1.3.1 in /rust (#10452) 
Bumps [known-folders](https://github.com/artichoke/known-folders-rs)
from 1.2.0 to 1.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/artichoke/known-folders-rs/releases">known-folders's
releases</a>.</em></p>
<blockquote>
<h2>v1.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>packaging: ensure READMEs in node_modules don't get uploaded to
crate… by <a
href="https://github.com/lopopolo"><code>@​lopopolo</code></a> in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/84">artichoke/known-folders-rs#84</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/artichoke/known-folders-rs/compare/v1.3.0...v1.3.1">https://github.com/artichoke/known-folders-rs/compare/v1.3.0...v1.3.1</a></p>
<h2>v1.3.0</h2>
<h2>windows-sys</h2>
<p>This release upgrades <code>known-folders</code>'s
<code>windows-sys</code> version constraint to 0.60.0.</p>
<h2>What's Changed</h2>
<ul>
<li>Bump the bundler-deps group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/53">artichoke/known-folders-rs#53</a></li>
<li>Bump the gha-deps group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/52">artichoke/known-folders-rs#52</a></li>
<li>Bump the gha-deps group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/55">artichoke/known-folders-rs#55</a></li>
<li>Bump rubocop from 1.66.0 to 1.66.1 in the bundler-deps group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/54">artichoke/known-folders-rs#54</a></li>
<li>Bump rubocop from 1.66.1 to 1.68.0 in the bundler-deps group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/57">artichoke/known-folders-rs#57</a></li>
<li>Bump the gha-deps group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/56">artichoke/known-folders-rs#56</a></li>
<li>Bump the gha-deps group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/59">artichoke/known-folders-rs#59</a></li>
<li>Bump rubocop from 1.68.0 to 1.69.0 in the bundler-deps group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/58">artichoke/known-folders-rs#58</a></li>
<li>Remove markdown link check by <a
href="https://github.com/lopopolo"><code>@​lopopolo</code></a> in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/60">artichoke/known-folders-rs#60</a></li>
<li>Update Ruby, Bundler to latest by <a
href="https://github.com/lopopolo"><code>@​lopopolo</code></a> in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/61">artichoke/known-folders-rs#61</a></li>
<li>Bump the gha-deps group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/63">artichoke/known-folders-rs#63</a></li>
<li>Bump rubocop from 1.69.0 to 1.69.2 in the bundler-deps group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/62">artichoke/known-folders-rs#62</a></li>
<li>Bump rubocop from 1.69.2 to 1.71.1 in the bundler-deps group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/65">artichoke/known-folders-rs#65</a></li>
<li>Bump ruby/setup-ruby from 1.207.0 to 1.215.0 in the gha-deps group
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/64">artichoke/known-folders-rs#64</a></li>
<li>Bump artichoke/setup-rust from 1.12.1 to 2.0.0 in the gha-deps group
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/66">artichoke/known-folders-rs#66</a></li>
<li>Bump the gha-deps group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/67">artichoke/known-folders-rs#67</a></li>
<li>Bump the gha-deps group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/68">artichoke/known-folders-rs#68</a></li>
<li>Address clippy lint violations on macOS and Windows by <a
href="https://github.com/lopopolo"><code>@​lopopolo</code></a> in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/70">artichoke/known-folders-rs#70</a></li>
<li>Update rubocop config to use rake as a plugin by <a
href="https://github.com/lopopolo"><code>@​lopopolo</code></a> in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/71">artichoke/known-folders-rs#71</a></li>
<li>Bump the bundler-deps group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/69">artichoke/known-folders-rs#69</a></li>
<li>Bump ruby/setup-ruby from 1.229.0 to 1.237.0 in the gha-deps group
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/73">artichoke/known-folders-rs#73</a></li>
<li>Bump rubocop from 1.75.1 to 1.75.4 in the bundler-deps group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/72">artichoke/known-folders-rs#72</a></li>
<li>Pin prettier and node deps, pin GitHub Actions by SHA by <a
href="https://github.com/lopopolo"><code>@​lopopolo</code></a> in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/74">artichoke/known-folders-rs#74</a></li>
<li>Bump rubocop from 1.75.4 to 1.75.7 in the bundler-deps group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/75">artichoke/known-folders-rs#75</a></li>
<li>Bump the gha-deps group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/76">artichoke/known-folders-rs#76</a></li>
<li>Bump the bundler-deps group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/78">artichoke/known-folders-rs#78</a></li>
<li>Remove deprecated windows-2019 CI image by <a
href="https://github.com/lopopolo"><code>@​lopopolo</code></a> in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/77">artichoke/known-folders-rs#77</a></li>
<li>Upgrade Ruby toolchain by <a
href="https://github.com/lopopolo"><code>@​lopopolo</code></a> in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/79">artichoke/known-folders-rs#79</a></li>
<li>Bump rubocop from 1.75.8 to 1.77.0 in the bundler-deps group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/82">artichoke/known-folders-rs#82</a></li>
<li>Bump the gha-deps group with 5 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/80">artichoke/known-folders-rs#80</a></li>
<li>Bump prettier from 3.5.3 to 3.6.2 in the npm-deps group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/83">artichoke/known-folders-rs#83</a></li>
<li>Update windows-sys requirement from 0.59.0 to 0.60.2 in the
cargo-deps group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/artichoke/known-folders-rs/pull/81">artichoke/known-folders-rs#81</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/artichoke/known-folders-rs/compare/v1.2.0...v1.3.0">https://github.com/artichoke/known-folders-rs/compare/v1.2.0...v1.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bd17e5bae8"><code>bd17e5b</code></a>
Merge pull request <a
href="https://redirect.github.com/artichoke/known-folders-rs/issues/84">#84</a>
from artichoke/dev/lopopolo-packaging-error</li>
<li><a
href="de0058dfd8"><code>de0058d</code></a>
packaging: ensure READMEs in node_modules don't get uploaded to
crates.io</li>
<li><a
href="4da7bd6afb"><code>4da7bd6</code></a>
Merge pull request <a
href="https://redirect.github.com/artichoke/known-folders-rs/issues/81">#81</a>
from artichoke/dependabot/cargo/cargo-deps-2a7afd87f2</li>
<li><a
href="48d45b6a67"><code>48d45b6</code></a>
Prepare for v1.3.0 release</li>
<li><a
href="fd6fc17951"><code>fd6fc17</code></a>
Merge pull request <a
href="https://redirect.github.com/artichoke/known-folders-rs/issues/83">#83</a>
from artichoke/dependabot/npm_and_yarn/npm-deps-200b40...</li>
<li><a
href="396e9170f1"><code>396e917</code></a>
Merge pull request <a
href="https://redirect.github.com/artichoke/known-folders-rs/issues/80">#80</a>
from artichoke/dependabot/github_actions/gha-deps-93e2...</li>
<li><a
href="d40c993a56"><code>d40c993</code></a>
Merge pull request <a
href="https://redirect.github.com/artichoke/known-folders-rs/issues/82">#82</a>
from artichoke/dependabot/bundler/bundler-deps-0f5777c4c7</li>
<li><a
href="d3c624167d"><code>d3c6241</code></a>
Bump prettier from 3.5.3 to 3.6.2 in the npm-deps group</li>
<li><a
href="79086eab8b"><code>79086ea</code></a>
Bump rubocop from 1.75.8 to 1.77.0 in the bundler-deps group</li>
<li><a
href="15673bb3e2"><code>15673bb</code></a>
Update windows-sys requirement in the cargo-deps group</li>
<li>Additional commits viewable in <a
href="https://github.com/artichoke/known-folders-rs/compare/v1.2.0...v1.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=known-folders&package-manager=cargo&previous-version=1.2.0&new-version=1.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-30 12:54:17 +00:00
dependabot[bot]
ec93cfb834 build(deps): bump keyring from 3.6.2 to 3.6.3 in /rust (#10451) 
Bumps [keyring](https://github.com/hwchen/keyring-rs) from 3.6.2 to
3.6.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hwchen/keyring-rs/releases">keyring's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.3: Likely final release of v3</h2>
<p>This release integrates a few important bug fixes (thanks <a
href="https://github.com/vermiculus"><code>@​vermiculus</code></a>, <a
href="https://github.com/unkcpz"><code>@​unkcpz</code></a>) that have
come in since the release of v3.6.2, and is the last release expected
for the v3 series. The release of v4 is expected in about a month, and
it will bring significant changes:</p>
<ul>
<li>the cross-platform API will become its own crate: keyring-core.</li>
<li>each credential store will become its own store.</li>
<li>this crate will become an example of how to write a keyring-based
application.</li>
</ul>
<p>PLEASE NOTE: with this release, the main branch has changed
significantly. What was on the main branch has moved to be a v4 branch,
and the main branch was reverted to v3.6.2 and then had bug fix commits
added on. If you have an existing fork of this repository, you should
immediately sync your repo by choosing the &quot;discard commits&quot;
option, which will take your repo back to v3.6.2 and then pull the newer
commits. Then, if you have development work on one of your other
branches, you should rebase that work onto the updated main.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="315cbdf6c6"><code>315cbdf</code></a>
Credits for v3.6.3 release.</li>
<li><a
href="edee747db0"><code>edee747</code></a>
Merge pull request <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/260">#260</a>
from open-source-cooperative/dependabot/cargo/windows...</li>
<li><a
href="a3470f1260"><code>a3470f1</code></a>
Update windows-sys requirement from 0.59 to 0.60</li>
<li><a
href="f38b5e9afa"><code>f38b5e9</code></a>
Cherry pick all contributions since 3.6.2.</li>
<li><a
href="b9af61dc5a"><code>b9af61d</code></a>
Zero out credential passwords before dealloc.</li>
<li><a
href="19ec928f2b"><code>19ec928</code></a>
Don't clone returned passwords.</li>
<li><a
href="46eebf5688"><code>46eebf5</code></a>
windows: use static value for 'comment' attribute</li>
<li><a
href="7b408eddc7"><code>7b408ed</code></a>
Revert variable renaming</li>
<li><a
href="88a3d6c01d"><code>88a3d6c</code></a>
Cosmetic fix: remove blank lines</li>
<li><a
href="afcc3148ca"><code>afcc314</code></a>
Implement default byte -&gt; password conversion methods.</li>
<li>Additional commits viewable in <a
href="https://github.com/hwchen/keyring-rs/compare/v3.6.2...v3.6.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=keyring&package-manager=cargo&previous-version=3.6.2&new-version=3.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-30 12:09:45 +00:00
dependabot[bot]
9647c67a6b build(deps): bump the aya group in /rust with 5 updates (#10478) 
Bumps the aya group in /rust with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [aya](https://github.com/aya-rs/aya) | ``3018246`` | ``ec3eacc`` |
| [aya-build](https://github.com/aya-rs/aya) | ``3018246`` | ``ec3eacc``
|
| [aya-ebpf](https://github.com/aya-rs/aya) | ``3018246`` | ``ec3eacc``
|
| [aya-log](https://github.com/aya-rs/aya) | ``3018246`` | ``ec3eacc`` |
| [aya-log-ebpf](https://github.com/aya-rs/aya) | ``3018246`` |
``ec3eacc`` |

Updates `aya` from `3018246` to `ec3eacc`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3eacc1d8"><code>ec3eacc</code></a>
Increase VM memory</li>
<li><a
href="d1bb7bcc38"><code>d1bb7bc</code></a>
deny clippy::unnecessary_cast</li>
<li><a
href="be4d74fd06"><code>be4d74f</code></a>
deny clippy::fn_to_numeric_cast{,_with_truncation}</li>
<li><a
href="fa03dbdb46"><code>fa03dbd</code></a>
deny clippy::char_lit_as_u8</li>
<li><a
href="a7206b9098"><code>a7206b9</code></a>
deny clippy::cast_precision_loss</li>
<li><a
href="72104c4076"><code>72104c4</code></a>
deny clippy::cast_lossless</li>
<li><a
href="82e72a14ad"><code>82e72a1</code></a>
Remove unused import</li>
<li><a
href="d1fdbb9930"><code>d1fdbb9</code></a>
Update to macOS 15 (<a
href="https://redirect.github.com/aya-rs/aya/issues/1351">#1351</a>)</li>
<li><a
href="e2a68ee384"><code>e2a68ee</code></a>
aya-log: add <code>#[must_use]</code> attribute to
<code>EbpfLogger</code></li>
<li>See full diff in <a
href="30182463bd...ec3eacc1d8">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-build` from `3018246` to `ec3eacc`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3eacc1d8"><code>ec3eacc</code></a>
Increase VM memory</li>
<li><a
href="d1bb7bcc38"><code>d1bb7bc</code></a>
deny clippy::unnecessary_cast</li>
<li><a
href="be4d74fd06"><code>be4d74f</code></a>
deny clippy::fn_to_numeric_cast{,_with_truncation}</li>
<li><a
href="fa03dbdb46"><code>fa03dbd</code></a>
deny clippy::char_lit_as_u8</li>
<li><a
href="a7206b9098"><code>a7206b9</code></a>
deny clippy::cast_precision_loss</li>
<li><a
href="72104c4076"><code>72104c4</code></a>
deny clippy::cast_lossless</li>
<li><a
href="82e72a14ad"><code>82e72a1</code></a>
Remove unused import</li>
<li><a
href="d1fdbb9930"><code>d1fdbb9</code></a>
Update to macOS 15 (<a
href="https://redirect.github.com/aya-rs/aya/issues/1351">#1351</a>)</li>
<li><a
href="e2a68ee384"><code>e2a68ee</code></a>
aya-log: add <code>#[must_use]</code> attribute to
<code>EbpfLogger</code></li>
<li>See full diff in <a
href="30182463bd...ec3eacc1d8">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-ebpf` from `3018246` to `ec3eacc`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3eacc1d8"><code>ec3eacc</code></a>
Increase VM memory</li>
<li><a
href="d1bb7bcc38"><code>d1bb7bc</code></a>
deny clippy::unnecessary_cast</li>
<li><a
href="be4d74fd06"><code>be4d74f</code></a>
deny clippy::fn_to_numeric_cast{,_with_truncation}</li>
<li><a
href="fa03dbdb46"><code>fa03dbd</code></a>
deny clippy::char_lit_as_u8</li>
<li><a
href="a7206b9098"><code>a7206b9</code></a>
deny clippy::cast_precision_loss</li>
<li><a
href="72104c4076"><code>72104c4</code></a>
deny clippy::cast_lossless</li>
<li><a
href="82e72a14ad"><code>82e72a1</code></a>
Remove unused import</li>
<li><a
href="d1fdbb9930"><code>d1fdbb9</code></a>
Update to macOS 15 (<a
href="https://redirect.github.com/aya-rs/aya/issues/1351">#1351</a>)</li>
<li><a
href="e2a68ee384"><code>e2a68ee</code></a>
aya-log: add <code>#[must_use]</code> attribute to
<code>EbpfLogger</code></li>
<li>See full diff in <a
href="30182463bd...ec3eacc1d8">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-log` from `3018246` to `ec3eacc`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3eacc1d8"><code>ec3eacc</code></a>
Increase VM memory</li>
<li><a
href="d1bb7bcc38"><code>d1bb7bc</code></a>
deny clippy::unnecessary_cast</li>
<li><a
href="be4d74fd06"><code>be4d74f</code></a>
deny clippy::fn_to_numeric_cast{,_with_truncation}</li>
<li><a
href="fa03dbdb46"><code>fa03dbd</code></a>
deny clippy::char_lit_as_u8</li>
<li><a
href="a7206b9098"><code>a7206b9</code></a>
deny clippy::cast_precision_loss</li>
<li><a
href="72104c4076"><code>72104c4</code></a>
deny clippy::cast_lossless</li>
<li><a
href="82e72a14ad"><code>82e72a1</code></a>
Remove unused import</li>
<li><a
href="d1fdbb9930"><code>d1fdbb9</code></a>
Update to macOS 15 (<a
href="https://redirect.github.com/aya-rs/aya/issues/1351">#1351</a>)</li>
<li><a
href="e2a68ee384"><code>e2a68ee</code></a>
aya-log: add <code>#[must_use]</code> attribute to
<code>EbpfLogger</code></li>
<li>See full diff in <a
href="30182463bd...ec3eacc1d8">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-log-ebpf` from `3018246` to `ec3eacc`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3eacc1d8"><code>ec3eacc</code></a>
Increase VM memory</li>
<li><a
href="d1bb7bcc38"><code>d1bb7bc</code></a>
deny clippy::unnecessary_cast</li>
<li><a
href="be4d74fd06"><code>be4d74f</code></a>
deny clippy::fn_to_numeric_cast{,_with_truncation}</li>
<li><a
href="fa03dbdb46"><code>fa03dbd</code></a>
deny clippy::char_lit_as_u8</li>
<li><a
href="a7206b9098"><code>a7206b9</code></a>
deny clippy::cast_precision_loss</li>
<li><a
href="72104c4076"><code>72104c4</code></a>
deny clippy::cast_lossless</li>
<li><a
href="82e72a14ad"><code>82e72a1</code></a>
Remove unused import</li>
<li><a
href="d1fdbb9930"><code>d1fdbb9</code></a>
Update to macOS 15 (<a
href="https://redirect.github.com/aya-rs/aya/issues/1351">#1351</a>)</li>
<li><a
href="e2a68ee384"><code>e2a68ee</code></a>
aya-log: add <code>#[must_use]</code> attribute to
<code>EbpfLogger</code></li>
<li>See full diff in <a
href="30182463bd...ec3eacc1d8">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-30 08:54:10 +00:00
dependabot[bot]
08090baa8d build(deps): bump the react group in /rust/gui-client with 3 updates (#10470) 
Bumps the react group in /rust/gui-client with 3 updates:
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react),
[@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom)
and
[react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router).

Updates `@types/react` from 19.1.9 to 19.1.12
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `@types/react-dom` from 19.1.7 to 19.1.9
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom">compare
view</a></li>
</ul>
</details>
<br />

Updates `react-router` from 7.7.1 to 7.8.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/releases">react-router's
releases</a>.</em></p>
<blockquote>
<h2>v7.8.2</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782</a></p>
<h2>v7.8.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781</a></p>
<h2>v7.8.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's
changelog</a>.</em></p>
<blockquote>
<h2>7.8.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>[UNSTABLE] Remove Data Mode <code>future.unstable_middleware</code>
flag from <code>createBrowserRouter</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/14213">#14213</a>)</p>
<ul>
<li>This is only needed as a Framework Mode flag because of the route
modules and the <code>getLoadContext</code> type behavior change</li>
<li>In Data Mode, it's an opt-in feature because it's just a new
property on a route object, so there's no behavior changes that
necessitate a flag</li>
</ul>
</li>
<li>
<p>[UNSTABLE] Add <code>&lt;RouterProvider
unstable_onError&gt;</code>/<code>&lt;HydratedRouter
unstable_onError&gt;</code> prop for client side error reporting (<a
href="https://redirect.github.com/remix-run/react-router/pull/14162">#14162</a>)</p>
</li>
<li>
<p>server action revalidation opt out via $SKIP_REVALIDATION field (<a
href="https://redirect.github.com/remix-run/react-router/pull/14154">#14154</a>)</p>
</li>
<li>
<p>Properly escape interpolated param values in
<code>generatePath()</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/13530">#13530</a>)</p>
</li>
<li>
<p>Maintain <code>ReadonlyMap</code> and <code>ReadonlySet</code> types
in server response data. (<a
href="https://redirect.github.com/remix-run/react-router/pull/13092">#13092</a>)</p>
</li>
<li>
<p>[UNSTABLE] Delay serialization of <code>.data</code> redirects to 202
responses until after middleware chain (<a
href="https://redirect.github.com/remix-run/react-router/pull/14205">#14205</a>)</p>
</li>
<li>
<p>Fix <code>TypeError</code> if you throw from
<code>patchRoutesOnNavigation</code> when no partial matches exist (<a
href="https://redirect.github.com/remix-run/react-router/pull/14198">#14198</a>)</p>
</li>
<li>
<p>Fix <code>basename</code> usage without a leading slash in data
routers (<a
href="https://redirect.github.com/remix-run/react-router/pull/11671">#11671</a>)</p>
</li>
<li>
<p>[UNSTABLE] Update client middleware so it returns the data strategy
results allowing for more advanced post-processing middleware (<a
href="https://redirect.github.com/remix-run/react-router/pull/14151">#14151</a>)</p>
</li>
</ul>
<h2>7.8.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>Fix usage of optional path segments in nested routes defined using
absolute paths (<a
href="https://redirect.github.com/remix-run/react-router/pull/14135">#14135</a>)</li>
<li>Bubble client pre-next middleware error to the shallowest ancestor
that needs to load, not strictly the shallowest ancestor with a loader
(<a
href="https://redirect.github.com/remix-run/react-router/pull/14150">#14150</a>)</li>
<li>Fix optional static segment matching in <code>matchPath</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/11813">#11813</a>)</li>
<li>Fix prerendering when a <code>basename</code> is set with
<code>ssr:false</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/13791">#13791</a>)</li>
<li>Provide <code>isRouteErrorResponse</code> utility in
<code>react-server</code> environments (<a
href="https://redirect.github.com/remix-run/react-router/pull/14166">#14166</a>)</li>
<li>Propagate non-redirect Responses thrown from middleware to the error
boundary on document/data requests (<a
href="https://redirect.github.com/remix-run/react-router/pull/14182">#14182</a>)</li>
<li>Handle <code>meta</code> and <code>links</code> Route Exports in RSC
Data Mode (<a
href="https://redirect.github.com/remix-run/react-router/pull/14136">#14136</a>)</li>
<li>Properly convert returned/thrown <code>data()</code> values to
<code>Response</code> instances via <code>Response.json()</code> in
resource routes and middleware (<a
href="https://redirect.github.com/remix-run/react-router/pull/14159">#14159</a>,
<a
href="https://redirect.github.com/remix-run/react-router/pull/14181">#14181</a>)</li>
</ul>
<h2>7.8.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>Add <code>nonce</code> prop to <code>Links</code> &amp;
<code>PrefetchPageLinks</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/14048">#14048</a>)</li>
<li>Add <code>loaderData</code> arguments/properties alongside existing
<code>data</code> arguments/properties to provide consistency and
clarity between <code>loaderData</code> and <code>actionData</code>
across the board (<a
href="https://redirect.github.com/remix-run/react-router/pull/14047">#14047</a>)
<ul>
<li>Updated types: <code>Route.MetaArgs</code>,
<code>Route.MetaMatch</code>, <code>MetaArgs</code>,
<code>MetaMatch</code>, <code>Route.ComponentProps.matches</code>,
<code>UIMatch</code></li>
<li><code>@deprecated</code> warnings have been added to the existing
<code>data</code> properties to point users to new
<code>loaderData</code> properties, in preparation for removing the
<code>data</code> properties in a future major release</li>
</ul>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Prevent <em>&quot;Did not find corresponding fetcher
result&quot;</em> console error when navigating during a
<code>fetcher.submit</code> revalidation (<a
href="https://redirect.github.com/remix-run/react-router/pull/14114">#14114</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eade1de2db"><code>eade1de</code></a>
chore: Update version for release (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14223">#14223</a>)</li>
<li><a
href="27eed3ae91"><code>27eed3a</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14214">#14214</a>)</li>
<li><a
href="935fb25f65"><code>935fb25</code></a>
fix(react-router/router): remove unused client side middleware future
flag (#...</li>
<li><a
href="bebb46c5b6"><code>bebb46c</code></a>
feat(react-router): server action revalidation opt out via
`$SKIP_REVALIDATIO...</li>
<li><a
href="d10c7efe73"><code>d10c7ef</code></a>
Update missed type for clientMiddleware (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14212">#14212</a>)</li>
<li><a
href="ef3016c11a"><code>ef3016c</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14211">#14211</a>)</li>
<li><a
href="4dfb883c69"><code>4dfb883</code></a>
Delay turbo-stream serialization of .data redirects (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14205">#14205</a>)</li>
<li><a
href="e9a17ed8ee"><code>e9a17ed</code></a>
feat(react-router): add <code>unstable_onError</code> prop to
<code>RouterProvider</code> for clien...</li>
<li><a
href="06519e286c"><code>06519e2</code></a>
Serialize ReadonlyMap and ReadonlySet types (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/13092">#13092</a>)</li>
<li><a
href="d7eb048aea"><code>d7eb048</code></a>
chore: format</li>
<li>Additional commits viewable in <a
href="https://github.com/remix-run/react-router/commits/react-router@7.8.2/packages/react-router">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-30 08:49:12 +00:00
Thomas Eizinger
b11adfcfe4 feat(connlib): create flow on ICMP error "prohibited" (#10462) 
In Firezone, a Client requests an "access authorization" for a Resource
on the fly when it sees the first packet for said Resource going through
the tunnel. If we don't have a connection to the Gateway yet, this is
also where we will establish a connection and create the WireGuard
tunnel.

In order for this to work, the access authorization state between the
Client and the Gateway MUST NOT get out of sync. If the Client thinks it
has access to a Resource, it will just route the traffic to the Gateway.
If the access authorization on the Gateway has expired or vanished
otherwise, the packets will be black-holed.

Starting with #9816, the Gateway sends ICMP errors back to the
application whenever it filters a packet. This can happen either because
the access authorization is gone or because the traffic wasn't allowed
by the specific filter rules on the Resource.

With this patch, the Client will attempt to create a new flow (i.e.
re-authorize) traffic for this resource whenever it sees such an ICMP
error, therefore acting as a way of synchronizing the view of the world
between Client and Gateway should they ever run out of sync.

Testing turned out to be a bit tricky. If we let the authorization on
the Gateway lapse naturally, we portal will also toggle the Resource off
and on on the Client, resulting in "flushing" the current
authorizations. Additionally, it the Client had only access to one
Resource, then the Gateway will gracefully close the connection, also
resulting in the Client creating a new flow for the next packet.

To actually trigger this new behaviour we need to:

- Access at least two resources via the same Gateway
- Directly send `reject_access` to the Gateway for this particular
resource

To achieve this, we dynamically eval some code on the API node and
instruct the Gateway channel to send `reject_access`. The connection
stays intact because there is still another active access authorization
but packets for the other resource are answered with ICMP errors.

To achieve a safe roll-out, the new behaviour is feature-flagged. In
order to still test it, we now also allow feature flags to be set via
env variables.

Resolves: #10074

---------

Co-authored-by: Mariusz Klochowicz <mariusz@klochowicz.com>
 2025-09-30 08:23:39 +00:00
dependabot[bot]
fb2194e2b3 build(deps): bump the tauri group in /rust/gui-client with 2 updates (#10439) 
Bumps the tauri group in /rust/gui-client with 2 updates:
[@tauri-apps/api](https://github.com/tauri-apps/tauri) and
[@tauri-apps/cli](https://github.com/tauri-apps/tauri).

Updates `@tauri-apps/api` from 2.7.0 to 2.8.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/api</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/api</code> v2.8.0</h2>
<!-- raw HTML omitted -->
<pre><code>No known vulnerabilities found
</code></pre>
<!-- raw HTML omitted -->
<h2>[2.8.0]</h2>
<h3>New Features</h3>
<ul>
<li><a
href="68874c68c5"><code>68874c68c</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13564">#13564</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../robertrpf"><code>@​robertrpf</code></a>)
Add window focusable attribute and set_focusable API.</li>
<li><a
href="5110a762e9"><code>5110a762e</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13830">#13830</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../Sky-walkerX"><code>@​Sky-walkerX</code></a>)
Added <code>Window::setSimpleFullscreen</code>.</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li>
<p><a
href="5ba1c3faa4"><code>5ba1c3faa</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13722">#13722</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../s00d"><code>@​s00d</code></a>)
Added icon (icon and nativeIcon) support for Submenu:</p>
<ul>
<li>In the Rust API (<code>tauri</code>), you can now set an icon for
submenus via the builder and dedicated methods.</li>
<li>In the JS/TS API (<code>@tauri-apps/api</code>),
<code>SubmenuOptions</code> now has an <code>icon</code> field, and the
<code>Submenu</code> class provides <code>setIcon</code> and
<code>setNativeIcon</code> methods.</li>
<li>Usage examples are added to the documentation and demo app.</li>
</ul>
<p>This is a backwards-compatible feature. Submenus can now display
icons just like regular menu items.</p>
</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>&gt; @tauri-apps/api@2.8.0 npm-publish
/home/runner/work/tauri/tauri/packages/api
&gt; pnpm build &amp;&amp; cd ./dist &amp;&amp; pnpm publish --access
public --loglevel silly --no-git-checks
<p>&gt; <code>@​tauri-apps/api</code><a
href="https://github.com/2"><code>@​2</code></a>.8.0 build
/home/runner/work/tauri/tauri/packages/api
&gt; rollup -c --configPlugin typescript</p>
<p>
./src/app.ts, ./src/core.ts, ./src/dpi.ts, ./src/event.ts,
./src/image.ts, ./src/index.ts, ./src/menu.ts, ./src/mocks.ts,
./src/path.ts, ./src/tray.ts, ./src/webview.ts, ./src/webviewWindow.ts,
./src/window.ts → ./dist, ./dist...
created ./dist, ./dist in 1.7s

src/index.ts →
../../crates/tauri/scripts/bundle.global.js...
created ../../crates/tauri/scripts/bundle.global.js in
1.9s
npm verbose cli /opt/hostedtoolcache/node/20.19.4/x64/bin/node
/opt/hostedtoolcache/node/20.19.4/x64/bin/npm
npm info using npm@10.8.2
npm info using node@v20.19.4
npm silly config
load:file:/opt/hostedtoolcache/node/20.19.4/x64/lib/node_modules/npm/npmrc
npm silly config load:file:/tmp/dae4d7dba587bf04d8f1d71cbc53f9eb/.npmrc
npm silly config load:file:/home/runner/work/_temp/.npmrc
&lt;/tr&gt;&lt;/table&gt;
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b4abb6cae8"><code>b4abb6c</code></a>
Apply Version Updates From Current Changes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13887">#13887</a>)</li>
<li><a
href="1a3d1a024e"><code>1a3d1a0</code></a>
fix(ios): Tauri iOS build with binary XCFramework dependencies (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13995">#13995</a>)</li>
<li><a
href="37154ebdcd"><code>37154eb</code></a>
chore(deps): update dependency rollup to v4.46.3 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14027">#14027</a>)</li>
<li><a
href="380656874e"><code>3806568</code></a>
Remove <code>AsRef\&lt;Window&gt;</code> on <code>WebviewWindow</code>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14026">#14026</a>)</li>
<li><a
href="bc4afe7dd4"><code>bc4afe7</code></a>
feat(cli): check plugin versions for incompatibilities (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13993">#13993</a>)</li>
<li><a
href="7c2eb31c83"><code>7c2eb31</code></a>
feat: add <code>PluginHandle::run_mobile_plugin_async</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13895">#13895</a>)</li>
<li><a
href="737364b8d3"><code>737364b</code></a>
fix: a few regressions from previous PRs (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14020">#14020</a>)</li>
<li><a
href="68874c68c5"><code>68874c6</code></a>
feat(core): webview window focusable property, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11130">#11130</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13564">#13564</a>)</li>
<li><a
href="dfadcb764b"><code>dfadcb7</code></a>
feat: add <code>WebView::set_cookie</code> and
<code>WebView::delete_cookie</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13661">#13661</a>)</li>
<li><a
href="22d6bcacbb"><code>22d6bca</code></a>
feat(tauri): impl <code>App::set_device_event_filter</code> for
<code>AppHandle</code> also (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14008">#14008</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/api-v2.7.0...@tauri-apps/api-v2.8.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `@tauri-apps/cli` from 2.7.1 to 2.8.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/cli</code> v2.8.3</h2>
<h2>[2.8.3]</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="0ac89d3b6c"><code>0ac89d3b6</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14078">#14078</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
Updated <code>cargo-mobile2</code> to allow running on iOS simulators
that have a higher version than the XCode SDK. This fixes compatiblity
issues with Apple's recent &quot;iOS 18.5 + iOS 18.6 Simulator&quot;
platform support component.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>tauri-cli@2.8.2</code></li>
</ul>
<h2><code>@​tauri-apps/cli</code> v2.8.2</h2>
<h2>[2.8.2]</h2>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>tauri-cli@2.8.1</code></li>
</ul>
<h2><code>@​tauri-apps/cli</code> v2.8.1</h2>
<h2>[2.8.1]</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="f0172a454a"><code>f0172a454</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14038">#14038</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../KushalMeghani1644"><code>@​KushalMeghani1644</code></a>)
Fixes <code>removeDataStore</code> return type.</li>
</ul>
<h2><code>@​tauri-apps/cli</code> v2.8.0</h2>
<h2>[2.8.0]</h2>
<h3>New Features</h3>
<ul>
<li><a
href="91508c0b8d"><code>91508c0b8</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13881">#13881</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../pepperoni505"><code>@​pepperoni505</code></a>)
Introduces a new configuration option that allows you to specify custom
folders to watch for changes when running <code>tauri dev</code>.</li>
<li><a
href="bc4afe7dd4"><code>bc4afe7dd</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13993">#13993</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Check installed plugin NPM/crate versions for incompatible
releases.</li>
<li><a
href="0c402bfb6b"><code>0c402bfb6</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13997">#13997</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Increase default iOS deployment target iOS to 14.0.</li>
<li><a
href="d6d5f37077"><code>d6d5f3707</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13358">#13358</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Added <code>--root-certificate-path</code> option to <code>android
dev</code> and <code>ios dev</code> to be able to connect to HTTPS dev
servers.</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li><a
href="8b465a12ba"><code>8b465a12b</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13913">#13913</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
The bundler now pulls the latest AppImage linuxdeploy plugin instead of
using the built-in one. This should remove the libfuse requirement.</li>
<li><a
href="390cb9c36a"><code>390cb9c36</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13953">#13953</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
Reduced the log level of the binary patcher crate <code>goblin</code> to
only show its debug logs in <code>-vv</code> and above.</li>
<li><a
href="4475e93e13"><code>4475e93e1</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13824">#13824</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
The bundler and cli will now read TLS Certificates installed on the
system when downloading tools and checking versions.</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="f0dcf9637c"><code>f0dcf9637</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13980">#13980</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../Legend-Master"><code>@​Legend-Master</code></a>)
Fix the generated plugin init code of <code>tauri add</code> for
<code>tauri-plugin-autostart</code> and
<code>tauri-plugin-single-instance</code></li>
<li><a
href="4d270a96a8"><code>4d270a96a</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13943">#13943</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../acx0"><code>@​acx0</code></a>)
Fix codesigning verification failures caused by binary-patching during
bundling</li>
<li><a
href="b21d86a8a3"><code>b21d86a8a</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13981">#13981</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../Legend-Master"><code>@​Legend-Master</code></a>)
Fix <code>tauri permission add</code> could add duplicated permissions
to the capability files</li>
<li><a
href="9c938be452"><code>9c938be45</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13912">#13912</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../takecchi"><code>@​takecchi</code></a>)
Properly migrate svelte to v5 in the plugin example template</li>
</ul>
<h3>Dependencies</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e81635aa3d"><code>e81635a</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14079">#14079</a>)</li>
<li><a
href="0ac89d3b6c"><code>0ac89d3</code></a>
chore(deps): Update cargo-mobile2 for ios 18.6 sim support (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14078">#14078</a>)</li>
<li><a
href="4791d09a0a"><code>4791d09</code></a>
chore(deps): update dependency rollup to v4.48.1 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14077">#14077</a>)</li>
<li><a
href="bc829ee24d"><code>bc829ee</code></a>
chore(deps): update dependency rollup to v4.48.0 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14053">#14053</a>)</li>
<li><a
href="11800a0071"><code>11800a0</code></a>
chore(deps): update rust crate jsonschema to 0.33 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14074">#14074</a>)</li>
<li><a
href="662b39adb3"><code>662b39a</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14070">#14070</a>)</li>
<li><a
href="2aaa801c35"><code>2aaa801</code></a>
Improve documentation of <code>app &gt; windows</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14058">#14058</a>)</li>
<li><a
href="5349984064"><code>5349984</code></a>
fix: set webview2 path before initializing runtime (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14054">#14054</a>)</li>
<li><a
href="5f535b4150"><code>5f535b4</code></a>
fix(bench): lint warnings</li>
<li><a
href="f3df96fb38"><code>f3df96f</code></a>
fix(windows): binary patching 32 bit updater type (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14065">#14065</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v2.7.1...@tauri-apps/cli-v2.8.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 20:53:32 +00:00
dependabot[bot]
001a0b83c7 build(deps): bump the tailwind group in /rust/gui-client with 3 updates (#10445) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps the tailwind group in /rust/gui-client with 3 updates:
[@tailwindcss/cli](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli),
[@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite)
and
[tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss).

Updates `@tailwindcss/cli` from 4.1.11 to 4.1.12
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases"><code>@​tailwindcss/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v4.1.12</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md"><code>@​tailwindcss/cli</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.12] - 2025-08-13</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6791e8133c"><code>6791e81</code></a>
Prepare v4.1.12 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli/issues/18728">#18728</a>)</li>
<li><a
href="42d2433ab8"><code>42d2433</code></a>
Update enhanced-resolve 5.18.2 → 5.18.3 (patch) (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli/issues/18726">#18726</a>)</li>
<li><a
href="9169d73aad"><code>9169d73</code></a>
update READMEs</li>
<li><a
href="f307c31d45"><code>f307c31</code></a>
Update enhanced-resolve 5.18.1 → 5.18.2 (patch) (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli/issues/18423">#18423</a>)</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.12/packages/@tailwindcss-cli">compare
view</a></li>
</ul>
</details>
<br />

Updates `@tailwindcss/vite` from 4.1.11 to 4.1.12
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases"><code>@​tailwindcss/vite</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v4.1.12</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md"><code>@​tailwindcss/vite</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.12] - 2025-08-13</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6791e8133c"><code>6791e81</code></a>
Prepare v4.1.12 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/18728">#18728</a>)</li>
<li><a
href="9169d73aad"><code>9169d73</code></a>
update READMEs</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.12/packages/@tailwindcss-vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `tailwindcss` from 4.1.11 to 4.1.12
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.12</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md">tailwindcss's
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.12] - 2025-08-13</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6791e8133c"><code>6791e81</code></a>
Prepare v4.1.12 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18728">#18728</a>)</li>
<li><a
href="1855d68cd7"><code>1855d68</code></a>
Add --border-color to divide theme keys (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18704">#18704</a>)</li>
<li><a
href="8e8a2d6efc"><code>8e8a2d6</code></a>
update <code>@ampproject/remapping</code> to
<code>@jridgewell/remapping</code> (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18716">#18716</a>)</li>
<li><a
href="68a79b159c"><code>68a79b1</code></a>
Suggest bare values for <code>flex-*</code> utilities (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18642">#18642</a>)</li>
<li><a
href="fa3f45f02c"><code>fa3f45f</code></a>
Don’t output CSS objects with <code>false</code> or
<code>undefined</code> in the AST (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18571">#18571</a>)</li>
<li><a
href="939fda6f4e"><code>939fda6</code></a>
Show more specific error for functional-like but invalid utility names
(<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18568">#18568</a>)</li>
<li><a
href="88b9f15b65"><code>88b9f15</code></a>
Center the dropdown icon added to an input with a paired datalist in
Chrome (...</li>
<li><a
href="798a7bf905"><code>798a7bf</code></a>
Ignore consecutive semicolons in the CSS parser (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18532">#18532</a>)</li>
<li><a
href="2941a7b5c2"><code>2941a7b</code></a>
Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18329">#18329</a>)</li>
<li><a
href="9169d73aad"><code>9169d73</code></a>
update READMEs</li>
<li>Additional commits viewable in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.12/packages/tailwindcss">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 09:39:21 +00:00
Thomas Eizinger
685acdac3a feat: add more specific component type to user-agent header (#10457) 
In order to allow the portal to more easily classify, what kind of
component is connecting, we extend the `get_user_agent` header to
include a component type instead of the generic `connlib/`.

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
 2025-09-26 00:18:36 +00:00
Thomas Eizinger
9865e03343 ci: fix double symmetric NAT test failure (#10410) 
As it turns out, the flaky test was caused by a bug in the eBPF kernel where we read the old channel data header from the wrong offset. This made us essentially read garbage data for the channel number, causing us to:

a. Compute a bad checksum
b. Send the packet on a completely wrong channel

The reason this caused a flaky test is that it requires on side to pick IPv4 to talk to the relay and the other side IPv6. The happy-eyeballs approach of the `allocation` module made that non-deterministic, only exposing this bug occasionally.

To ensure these kind of things are detected earlier in the future, I am adding an additional CI step that checks all packets emitted by the eBPF kernel for checksum errors.

Fixes: #10404

Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
 2025-09-25 17:53:17 +10:00
Thomas Eizinger
94a56fc6bc build(deps): update aya to latest main (#10424) 
We haven't updated `aya` in a while. Unfortunately, the update is not without problems. For one, the logging infrastructure changed, requiring us to drop the error details from `xdp_adjust_head`. See https://github.com/aya-rs/aya/issues/1348. Two, the `tokio` feature flag got removed but luckily that can be worked around quite easily.

Resolves: #10344
 2025-09-23 17:45:59 +10:00
Thomas Eizinger
aa68029a33 feat(gateway): use hickory resolver to resolve A/AAAA queries (#10373) 
At present, the Gateway performs DNS resolution for A & AAAA queries via
`libc`. The `resolve` system call only provides us with the resolved IPs
but not any of the metadata around the query such as TTL. As a result,
we can only cache DNS queries for a static amount of time, currently
30s. It would be more correct to cache them for their TTL instead.

To do so, we re-introduce `hickory-resolver` to our codebase.
Deliberately, we only use it for resolving A and AAAA records on the
Gateway for now. DNS resolution for SRV & TXT records happens one layer
below and uses the same infrastructure as DNS resolution on the Client.

Merging this is difficult however because the Gateway still supports the
control protocol of 1.3.x clients. That one requires DNS resolution
prior to setting up the connection of DNS resources which means it needs
to happen in the event-loop of the Gateway binary and cannot be moved
into the `Tunnel` where DNS resolution for Client and SRV/TXT records
happen.

Once we can drop support for 1.3.x clients, this Gateway's event-loop
will simplify drastically which will allow us to refactor this to a more
unified approach of DNS resolution. Until then, we can at least fix the
hardcoded TTL by using `hickory-resolver` in the event-loop.

The functionality is guarded behind a feature-flag which - as usual - is
off by default (i.e. for as long as we haven't fetched the flags). The
feature flag is already configured to `true` for staging and production
so we can test the new behaviour.

Resolves: #8232
Related: #10385
 2025-09-23 06:00:16 +00:00
Thomas Eizinger
683a190855 chore: install xdpdump in relay container (#10423) 
Instead of the additional dockerfile, we can simply install the xdptools
from the repository and have them available right in the relay
container.
 2025-09-23 04:03:27 +00:00
Thomas Eizinger
0310bafbcd feat(clients): gracefully close connections on shutdown (#10400) 
In #10076, connlib gained the ability to gracefully close connections
between peers. The Gateway already uses this when it is being gracefully
shutdown such as during an upgrade. This allows Clients to immediately
fail-over to a different Gateway instead of waiting for an ICE timeout.

When a Client signs out, we currently just drop all the state, resulting
in an ICE timeout on the Gateway ~15 seconds later. This makes it
difficult for us to analyze, whether an ICE timeout in the logs presents
an actual problem where a network connection got cut or whether the
Client simply signed out.

Whilst not water-tight, attempting to gracefully close our connections
when the Client signs out is better than nothing so we implement this
here.

All Clients use the `Session` abstraction from `client-shared` which
spawns the event-loop into a dedicated task.

- For the Linux and Windows GUI client, the already present tokio
runtime instance of the tunnel service is used for this.
- For Android and Apple, we create a dedicated, single-threaded runtime
instance for connlib.
- For the headless client, we also reuse the already existing tokio
runtime instance of the binary.

In case of Android, Apple and the headless client, this means we need to
ensure the tokio runtime instances stays alive long enough to actually
complete the graceful shutdown task. We achieve this by draining the
`EventStream` returned from `Session`. The `EventStream` is a wrapper
around a channel connected to the event-loop. This stream only finishes
once the event-loop is entirely dropped (and therefore completed the
graceful shutdown) as it holds the sender-end of the channel.

In case of the Linux and Windows GUI client, the runtime outlives the
`Session` because it is scoped to the entire tunnel process. Therefore,
no additional measures are necessary there to ensure the graceful
shutdown task completes.
 2025-09-23 03:40:52 +00:00
Thomas Eizinger
8e00870942 refactor(gateway): close connections on error (#10401) 
Previously, the Gateway would only proactively close connections to its
peers when it was shutdown gracefully via a SIGTERM or SIGINT signal. By
copying the same design for the event-loop as I've implemented in
#10400, we can now also initiate the graceful shutdown in case the
event-loop exits with an error.
 2025-09-20 20:55:48 +00:00
Thomas Eizinger
7c326e003e fix(connlib): fuse event-loop future inside client session (#10399) 
A `Future` in Rust should not be polled once it has been completed as
that may lead to panics or otherwise undesirable behaviour. To avoid
this, a `Future` can be `fuse`d which will make it return
`Poll::Pending` indefinitely after it has returned `Ready`.

We have received several Sentry alerts of poll-after-completion panics
that I believe are all stemming from this particular code.
 2025-09-20 12:35:32 +00:00
Thomas Eizinger
88e801ad97 fix(gateway): re-join topic in phoenix-channel on error (#10397) 
For whatever reason, we seem to sometimes lose the association with the
"room" we are meant to be in in order to send messages to the portal.
Without joining the right room, messages get dropped silently.

To fix this, we re-join the room on such errors. Long-term, this will be
fixed by ditching phoenix-channel in favor of simple HTTP requests.

Related: #9649
 2025-09-20 05:14:12 +00:00
Thomas Eizinger
e20929ad73 build(deps): bump Rust version to 1.90 (#10380) 
One of the more quiet Rust releases with no new clippy lints that would
require code updates.
 2025-09-20 04:28:03 +00:00
Thomas Eizinger
9c8101a3ee chore: render contextual information more Sentry-friendly (#10386) 
Sentry can group issues together that have unique identifiers in their
message. Unfortunately, it does that only well for integers and UUIDs
and not so much for hex-values. To avoid alert fatigue, we render the
public key as a u256 which hopefully allows Sentry to group these
together.
 2025-09-20 12:08:03 +10:00
Thomas Eizinger
90d10a8634 refactor(connlib): improve fairness of event-loop (#10347) 
The event-loop inside `Tunnel` processes input according to a certain
priority. We only take input from lower priority sources when the higher
priority sources are not ready. The current priorities are:

- Flush all buffers
- Read from UDP sockets
- Read from TUN device
- Read from DNS servers
- Process recursive DNS queries
- Check timeout

The idea of this priority ordering is to keep all kinds of processing
bounded and "finish" any kind of work that is on-going before taking on
new work. Anything that sits in a buffer is basically done with
processing and just needs to be written out to the network / device.
Arriving UDP packets have already traversed the network and been
encrypted on the other end, meaning they are higher priority than
reading from the TUN device. Packets from the TUN device still need to
be encrypted and sent to the remote.

Whilst there is merit in this design, it also bears the potential of
starving input sources further down if the top ones are extremely busy.
To prevent this, we refactor `Io` to read from all input sources and
present it to the event-loop as a batch, allowing all sources to make
progress before looping around. Since this event-loop has first been
conceived, we have refactored `Io` to use background threads for the UDP
sockets and TUN device, meaning they will make progress by themselves
anyway until the channels to the main-thread fill up. As such, there
shouldn't be any latency increase in processing packets even though we
are performing slightly more work per event-loop tick.

This kind of batch-processing highlights a problem: Bailing out with an
error midway through processing a batch leaves the remainder of the
batch unprocessed, essentially dropping packets. To fix this, we
introduce a new `TunnelError` type that presents a collection of errors
that we encountered while processing the batch. This might actually also
be a problem with what is currently in `main` because we are already
batch-processing packets there but possibly are bailing out midway
through the batch.

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Mariusz Klochowicz <mariusz@klochowicz.com>
 2025-09-17 23:28:36 +00:00
Thomas Eizinger
3e6094af8d feat(linux): try to set rmem_max and wmem_max on startup (#10349) 
The default send and receive buffer sizes on Linux are too small (only
~200 KB). Checking `nstat` after an iperf run revealed that the number
of dropped packets in the first interval directly correlates with the
number of receive buffer errors reported by `nstat`.

We already try to increase the send and receive buffer sizes for our UDP
socket but unfortunately, we cannot increase them beyond what the system
limits them to. To workaround this, we try to set `rmem_max` and
`wmem_max` during startup of the Linux headless client and Gateway. This
behaviour can be disabled by setting `FIREZONE_NO_INC_BUF=true`.

This doesn't work in Docker unfortunately, so we set the values manually
in the CI perf tests and verify after the test that we didn't encounter
any send and receive buffer errors.

It is yet to be determined how we should deal with this problem for all
the GUI clients. See #10350 as an issue tracking that.

Unfortunately, this doesn't fix all packet drops during the first iperf
interval. With this PR, we now see packet drops on the interface itself.
 2025-09-17 23:05:01 +00:00