mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
d4e9384a080ae6e97b1c4aaa047731cde876e1c0
5661 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Thomas Eizinger
|
d4e9384a08 |
fix(connlib): don't add new relays after nomination (#6876)
When relays reboot or get redeployed, the portal sends us new relays to use and or relays we should discontinue using. To be more efficient with battery and network usage, `connlib` only ever samples a single relay out of all existing ones for a particular connection. In case of a network topology where we need to use relays, there are situations we can end up in: - The client connects to the gateway's relay, i.e. to the port the gateway allocated on the relay. - The gateway connects to the client's relay, i.e to the port the client allocated on the relay. When we detect that a relay is down, the party that allocated the port will now immediately (once #6666 is merged). The other party needs to wait until it receives the invalidated candidates from its peer. Invalidating that candidate will also invalidate the currently nominated socket and fail the connection. In theory at least. That only works if there are no other candidates available to try. This is where this patch becomes important. Say we have the following setup: - Client samples relay A. - Gateway samples relay B. - The nominated candidate pair is "client server-reflexive <=> relay B", i.e. the client talks to the allocated port on the gateway. Next: 1. Client and portal get network-partitioned. 2. Relay B disappears. 3. Relay C appears. 4. Relay A reboots. 5. Client reconnects. At this point, the client is told by the portal to use relays A & C. Note that relay A rebooted and thus the allocation previously present on the client is no longer valid. With #6666, we will detect this by comparing credentials & IPs. The gateway is being told about the same relays and as part of that, tests that relay B is still there. It learns that it isn't, invalidates the candidates which fails the connection to the client (but only locally!). Meanwhile, as part of the regular `init` procedure, the client made a new allocation with relays A & C. Because it had previously selected relay A for the connection with the gateway, the new candidates are added to the agent, forming new pairs. The gateway has already given up on this connection however so it won't ever answer these STUN requests. Concurrently, the gateway's invalidated candidates arrive the client. They however don't fail the connection because the client is probing the newly added candidates. This creates a state mismatch between the client and gateway that is only resolved after the candidates start timing out, adding an additional delay during which the connection isn't working. With this PR, we prevent this from happening by only ever adding new candidates while we are still in the nomination process of a socket. In theory, there exists a race condition in which we nominate a relay candidate first and then miss out on a server-reflexive candidate not being added. In practice, this won't happen because: - Our host candidates are always available first. - We learn server-reflexive candidates already as part of the initial BINDING, before creating the allocation. - We learn server-reflexive candidates from all relays, not just the one that has been assigned. Related: #6666. |
||
|
Andrew Dryga
|
14544b27cc |
feat(portal): Allow connection-time conditions for internet resources (#6899)
Closes #6848 |
||
|
Andrew Dryga
|
759e944729 |
fix(portal): Change provider_identifier type to citext (#6901)
Closes #6872 |
||
|
dependabot[bot]
|
0f2326f504 |
build(deps): Bump androidx.navigation:navigation-safe-args-gradle-plugin from 2.7.7 to 2.8.1 in /kotlin/android (#6892)
Bumps androidx.navigation:navigation-safe-args-gradle-plugin from 2.7.7 to 2.8.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
f2fa222509 |
build(deps-dev): Bump typescript from 5.5.4 to 5.6.2 in /rust/gui-client (#6881)
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.5.4 to 5.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/TypeScript/releases">typescript's releases</a>.</em></p> <blockquote> <h2>TypeScript 5.6</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-6/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.6.0%22+is%3Aclosed+">fixed issues query for Typescript 5.6.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.6.1%22+is%3Aclosed+">fixed issues query for Typescript 5.6.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.6.2%22+is%3Aclosed+">fixed issues query for Typescript 5.6.2 (Stable)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> <h2>TypeScript 5.6 RC</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-6-rc/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&milestone%3A%22TypeScript+5.6.1%22+is%3Aclosed+">fixed issues query for TypeScript v5.6.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&milestone%3A%22TypeScript+5.6.0%22+is%3Aclosed+">fixed issues query for TypeScript v5.6.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> <h2>TypeScript 5.6 Beta</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-6-beta/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.6.0%22+is%3Aclosed+">fixed issues query for Typescript 5.6.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3404b886de |
build(deps): Bump fast-xml-parser from 4.4.1 to 4.5.0 in /website (#6894)
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.4.1 to 4.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p><strong>4.5.0 / 2024-09-03</strong></p> <ul> <li>feat <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/666">#666</a>: ignoreAttributes support function, and array of string or regex (By <a href="https://github.com/mav-rik">ArtemM</a>)</li> </ul> <p><strong>4.4.1 / 2024-07-28</strong></p> <ul> <li>v5 fix: maximum length limit to currency value</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/634">#634</a>: build attributes with oneListGroup and attributesGroupName (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/653">#653</a>)(By <a href="https://github.com/a-rasin">Andreas Naziris</a>)</li> <li>fix: get oneListGroup to work as expected for array of strings (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/662">#662</a>)(By <a href="https://github.com/a-rasin">Andreas Naziris</a>)</li> </ul> <p><strong>4.4.0 / 2024-05-18</strong></p> <ul> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/654">#654</a>: parse attribute list correctly for self closing stop node.</li> <li>fix: validator bug when closing tag is not opened. (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/647">#647</a>) (By <a href="https://github.com/RyosukeFukatani">Ryosuke Fukatani</a>)</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/581">#581</a>: typings; return type of <code>tagValueProcessor</code> & <code>attributeValueProcessor</code> (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/582">#582</a>) (By <a href="">monholm</a>)</li> </ul> <p><strong>4.3.6 / 2024-03-16</strong></p> <ul> <li>Add support for parsing HTML numeric entities (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/645">#645</a>) (By <a href="https://github.com/DerZade">Jonas Schade </a>)</li> </ul> <p><strong>4.3.5 / 2024-02-24</strong></p> <ul> <li>code for v5 is added for experimental use</li> </ul> <p><strong>4.3.4 / 2024-01-10</strong></p> <ul> <li>fix: Don't escape entities in CDATA sections (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/633">#633</a>) (By <a href="https://github.com/wackbyte">wackbyte</a>)</li> </ul> <p><strong>4.3.3 / 2024-01-10</strong></p> <ul> <li>Remove unnecessary regex</li> </ul> <p><strong>4.3.2 / 2023-10-02</strong></p> <ul> <li>fix <code>jObj.hasOwnProperty</code> when give input is null (By <a href="https://github.com/ardatan">Arda TANRIKULU</a>)</li> </ul> <p><strong>4.3.1 / 2023-09-24</strong></p> <ul> <li>revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.</li> </ul> <p><strong>4.3.0 / 2023-09-20</strong></p> <ul> <li>Fix stopNodes to work with removeNSPrefix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/607">#607</a>) (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/608">#608</a>) (By [Craig Andrews]<a href="https://github.com/candrews">https://github.com/candrews</a>))</li> <li>Fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/610">#610</a> ignore properties set to Object.prototype</li> <li>Fix typings for builder and parser to make return type generic (By <a href="https://github.com/sarahdayan">Sarah Dayan</a>)</li> </ul> <p><strong>4.2.7 / 2023-07-30</strong></p> <ul> <li>Fix: builder should set text node correctly when only textnode is present (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/589">#589</a>) (By <a href="https://github.com/joneqian">qianqing</a>)</li> <li>Fix: Fix for null and undefined attributes when building xml (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/585">#585</a>) (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/598">#598</a>). A null or undefined value should be ignored. (By <a href="https://github.com/cecia234">Eugenio Ceschia</a>)</li> </ul> <p><strong>4.2.6 / 2023-07-17</strong></p> <ul> <li>Fix: Remove trailing slash from jPath for self-closing tags (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/595">#595</a>) (By <a href="https://github.com/m-radzikowski">Maciej Radzikowski</a>)</li> </ul> <p><strong>4.2.5 / 2023-06-22</strong></p> <ul> <li>change code implementation</li> </ul> <p><strong>4.2.4 / 2023-06-06</strong></p> <ul> <li>fix security bug</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
66f8693884 |
build(deps): Bump framer-motion from 11.3.31 to 11.9.0 in /website (#6896)
Bumps [framer-motion](https://github.com/framer/motion) from 11.3.31 to 11.9.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/framer/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[11.9.0] 2024-09-27</h2> <h3>Added</h3> <ul> <li>Mini <code>animate</code> and <code>useAnimate</code> functions.</li> </ul> <h2>[11.8.0] 2024-09-25</h2> <h3>Added</h3> <ul> <li>Easing functions now get compiled into <code>linear()</code> easings when animating via WAAPI.</li> </ul> <h2>[11.7.0] 2024-09-25</h2> <h3>Added</h3> <ul> <li>Added support for custom animation generators via <code>type</code>.</li> </ul> <h2>[11.6.0] 2024-09-24</h2> <h3>Added</h3> <ul> <li>Added <code>info</code> and element tracking to <code>scroll</code>.</li> <li>Added <code>steps</code> easing.</li> </ul> <h3>Changed</h3> <ul> <li>Values added to <code>will-change</code> now stay there for their lifespan to prevent GPU thrashing and weird Safari subpixel jitters.</li> </ul> <h2>[11.5.6] 2024-09-20</h2> <h3>Fixed</h3> <ul> <li>Ensuring updating motion values during <code>render</code> doesn't lock rendering for an element.</li> </ul> <h2>[11.5.5] 2024-09-19</h2> <h3>Fixed</h3> <ul> <li>Changed values of child variants now animate even when the parent variant name hasn't changed.</li> </ul> <h2>[11.5.4] 2024-09-05</h2> <h3>Fixed</h3> <ul> <li>Improving tree-shakability.</li> </ul> <h2>[11.5.3] 2024-09-05</h2> <h3>Fixed</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
46da994012 |
build(deps): Bump @types/react from 18.3.3 to 18.3.10 in /website (#6897)
Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 18.3.3 to 18.3.10. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
efe546ea3c |
build(deps): Bump @tauri-apps/cli from 1.6.1 to 1.6.2 in /rust/gui-client (#6880)
Bumps [@tauri-apps/cli](https://github.com/tauri-apps/tauri) from 1.6.1 to 1.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases"><code>@tauri-apps/cli</code>'s releases</a>.</em></p> <blockquote> <h2><code>@tauri-apps/cli</code> v1.6.2</h2> <h2>[1.6.2]</h2> <h3>Dependencies</h3> <ul> <li>Upgraded to <code>tauri-cli@1.6.2</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4705b2debb |
build(deps-dev): Bump tailwindcss from 3.4.10 to 3.4.13 in /rust/gui-client (#6882)
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from 3.4.10 to 3.4.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's releases</a>.</em></p> <blockquote> <h2>v3.4.13</h2> <h3>Fixed</h3> <ul> <li>Improve source glob verification performance (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14481">#14481</a>)</li> </ul> <h2>v3.4.12</h2> <h3>Fixed</h3> <ul> <li>Ensure using <code>@apply</code> with utilities that use <code>@defaults</code> works with rules defined in the base layer when using <code>optimizeUniversalDefaults</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14427">#14427</a>)</li> </ul> <h2>v3.4.11</h2> <h3>Fixed</h3> <ul> <li>Allow <code>anchor-size(…)</code> in arbitrary values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14393">#14393</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/v3.4.13/CHANGELOG.md">tailwindcss's changelog</a>.</em></p> <blockquote> <h2>[3.4.13] - 2024-09-23</h2> <h3>Fixed</h3> <ul> <li>Improve source glob verification performance (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14481">#14481</a>)</li> </ul> <h2>[3.4.12] - 2024-09-17</h2> <h3>Fixed</h3> <ul> <li>Ensure using <code>@apply</code> with utilities that use <code>@defaults</code> works with rules defined in the base layer when using <code>optimizeUniversalDefaults</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14427">#14427</a>)</li> </ul> <h2>[3.4.11] - 2024-09-11</h2> <h3>Fixed</h3> <ul> <li>Allow <code>anchor-size(…)</code> in arbitrary values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14393">#14393</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
ed34da50e9 |
build(deps-dev): Bump @types/node from 22.5.2 to 22.7.4 in /rust/gui-client (#6883)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.5.2 to 22.7.4. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
46091b1336 |
build(deps): Bump flowbite from 2.5.1 to 2.5.2 in /rust/gui-client (#6884)
Bumps [flowbite](https://github.com/themesberg/flowbite) from 2.5.1 to 2.5.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/themesberg/flowbite/releases">flowbite's releases</a>.</em></p> <blockquote> <h2>v2.5.2</h2> <ul> <li>release new <a href="https://flowbite.com/docs/plugins/wysiwyg/">WYSIWYG text editor</a> component</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
153aa160d7 |
build(deps): Bump the lifecycle group in /kotlin/android with 3 updates (#6890)
Bumps the lifecycle group in /kotlin/android with 3 updates: androidx.lifecycle:lifecycle-runtime-ktx, androidx.lifecycle:lifecycle-viewmodel-ktx and androidx.lifecycle:lifecycle-livedata-ktx. Updates `androidx.lifecycle:lifecycle-runtime-ktx` from 2.8.4 to 2.8.6 Updates `androidx.lifecycle:lifecycle-viewmodel-ktx` from 2.8.4 to 2.8.6 Updates `androidx.lifecycle:lifecycle-livedata-ktx` from 2.8.4 to 2.8.6 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
fe37f489a7 |
build(deps): Bump the navigation group in /kotlin/android with 2 updates (#6891)
Bumps the navigation group in /kotlin/android with 2 updates: androidx.navigation:navigation-fragment-ktx and androidx.navigation:navigation-ui-ktx. Updates `androidx.navigation:navigation-fragment-ktx` from 2.7.7 to 2.8.1 Updates `androidx.navigation:navigation-ui-ktx` from 2.7.7 to 2.8.1 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
0fc8d2c43b |
build(deps): Bump com.android.application from 8.6.0 to 8.6.1 in /kotlin/android in the com-android group (#6889)
Bumps the com-android group in /kotlin/android with 1 update: com.android.application. Updates `com.android.application` from 8.6.0 to 8.6.1 [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
5cb1f2994d |
build(deps): Bump androidx.navigation:navigation-testing from 2.7.7 to 2.8.1 in /kotlin/android (#6893)
Bumps androidx.navigation:navigation-testing from 2.7.7 to 2.8.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
17aba4873f |
build(deps): Bump @docsearch/react from 3.6.1 to 3.6.2 in /website (#6898)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [@docsearch/react](https://github.com/algolia/docsearch) from 3.6.1 to 3.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/algolia/docsearch/releases"><code>@docsearch/react</code>'s releases</a>.</em></p> <blockquote> <h2>v3.6.2</h2> <h2><a href="https://github.com/algolia/docsearch/compare/v3.6.1...v3.6.2">3.6.2</a> (2024-09-27)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>email:</strong> <a href="mailto:docsearch@algolia.com">docsearch@algolia.com</a> is being retired (<a href="https://redirect.github.com/algolia/docsearch/issues/2280">#2280</a>) (<a href=" |
||
|
dependabot[bot]
|
b9dbc0b697 |
build(deps): Bump @next/mdx from 14.2.5 to 14.2.13 in /website (#6895)
Bumps [@next/mdx](https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx) from 14.2.5 to 14.2.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases"><code>@next/mdx</code>'s releases</a>.</em></p> <blockquote> <h2>v14.2.13</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Fix missing cache-control on SSR app route (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/70265">#70265</a>)</li> <li>feat: add polyfill of URL.canParse for browser compatibility (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/70228">#70228</a>)</li> <li>Fix vercel og package memory leak (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/70214">#70214</a>)</li> <li>Fix startTime error on Android 9 with Chrome 74 (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/67391">#67391</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/raeyoung-kim"><code>@raeyoung-kim</code></a>, <a href="https://github.com/huozhi"><code>@huozhi</code></a>, <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, and <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> <h2>v14.2.12</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>update prefetching jsdoc & documentation (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/68047">#68047</a>)</li> <li>Ensure we chunk revalidate tag requests (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/70189">#70189</a>)</li> <li>(backport) fix(eslint): allow typescript-eslint v8 (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/70090">#70090</a>)</li> <li>[ppr] Don't mark RSC requests as /_next/data requests (backport of <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/66249">#66249</a>) (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/70083">#70083</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/alvarlagerlof"><code>@alvarlagerlof</code></a>, <a href="https://github.com/wyattjoh"><code>@wyattjoh</code></a>, <a href="https://github.com/delbaoliveira"><code>@delbaoliveira</code></a>, and <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> <h2>v14.2.11</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: correct metadata url suffix (<a href="https://redirect.github.com/vercel/next.js/pull/69959">vercel/next.js#69959</a>)</li> <li>fix: setting assetPrefix to URL format breaks HMR (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/70040">#70040</a>)</li> <li>Update revalidateTag to batch tags in one request (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/65296">#65296</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/huozhi"><code>@huozhi</code></a>, <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, and <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> <h2>v14.2.10</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Remove invalid fallback revalidate value (<a href="https://redirect.github.com/vercel/next.js/pull/69990">vercel/next.js#69990</a>)</li> <li>Revert server action optimization (<a href="https://redirect.github.com/vercel/next.js/pull/69925">vercel/next.js#69925</a>)</li> <li>Add ability to customize Cache-Control (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/69802">#69802</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/huozhi"><code>@huozhi</code></a> and <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
b298e79d06 |
fix(portal): Minor UI consistency fixes for resource/group select (#6860)
- [x] Spacing consistency - [x] Border radius consistency - [x] Minor grammar - [x] Dismiss select when item is selected - [x] Add shadow to stand out from rest of form - [x] Prevent from opening when disabled - [x] Use `cursor-not-allowed` when disabled for consistency with other form elements Before <img width="670" alt="Screenshot 2024-09-27 at 5 01 38 PM" src="https://github.com/user-attachments/assets/79e3a4c6-4d23-4edd-93b2-149acc58c37b"> After <img width="677" alt="Screenshot 2024-09-27 at 5 11 48 PM" src="https://github.com/user-attachments/assets/e1453c05-fed7-4d87-a176-6f6ce1267488"> --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Andrew Dryga <a@firezone.dev> |
||
|
Reactor Scram
|
05acdd5a03 |
fix(gui-client): defer GUI exit until tunnel closes (#6874)
Closes #6873 The issue seems to be a race between flushing Sentry in the GUI process and shutting down Firezone in the tunnel daemon (IPC service). With this change, the GUI waits to hear `DisconnectedGracefully` from the tunnel daemon before flushing Sentry, and the issue is prevented. Adding the new state and new IPC message required small changes in several places --------- Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com> Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
dependabot[bot]
|
2e8cc2471a |
build(deps): Bump derive_more from 0.99.18 to 1.0.0 in /rust (#6870)
Bumps [derive_more](https://github.com/JelteF/derive_more) from 0.99.18 to 1.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/JelteF/derive_more/releases">derive_more's releases</a>.</em></p> <blockquote> <h2>v1.0.0 - Finally a stable release</h2> <p><code>derive_more</code> is a library that adds derives for many of the standard library traits. By using this library the following code just works:</p> <pre lang="rust"><code>use derive_more::{Add, Display, From, Into}; <p>#[derive(PartialEq, From, Add)] struct MyInt(i32);</p> <p>#[derive(PartialEq, From, Into)] struct Point2D { x: i32, y: i32, }</p> <p>#[derive(PartialEq, From, Add, Display)] enum MyEnum { #[display("int: {_0}")] Int(i32), Uint(u32), #[display("nothing")] Nothing, }</p> <p>assert!(MyInt(11) == MyInt(5) + 6.into()); assert!((5, 6) == Point2D { x: 5, y: 6 }.into()); assert!(MyEnum::Int(15) == (MyEnum::Int(8) + 7.into()).unwrap()); assert!(MyEnum::Int(15).to_string() == "int: 15"); assert!(MyEnum::Uint(42).to_string() == "42"); assert!(MyEnum::Nothing.to_string() == "nothing"); </code></pre></p> <p>Now, more than 8 years after the first commit and almost 5 years after the 0.99.0 release, <code>derive_more</code> has finally reached its 1.0.0 release. This release contains a lot of changes (including some breaking ones) to make it easier to use the derives and make it possible to extend them without having to break backwards compatibility again. There are five major changes that I would like to call out, but there are many more changes that are documented below:</p> <ol> <li>There is a new <code>Debug</code> derive that can be used to easily customize <code>Debug</code> formatting.</li> <li>A greatly improved <code>Display</code> derive, which allows you to do anything that <a href="https://github.com/dtolnay/thiserror"><code>thiserror</code></a> provides, but it works for any type not just errors. And by combining the <code>Display</code> derive with the <code>Error</code> and <code>From</code> derives, there shouldn't really be any need to use <code>thiserror</code> anymore (if you are missing a feature/behaviour from <code>thiserror</code> please report an issue).</li> <li>Traits that can return errors now return a type that implements <code>Error</code> when an error occurs instead of a <code>&'static str</code>.</li> <li>When using <code>use derive_more::SomeTrait</code> the actual trait is also imported not just the derive macro. This is especially useful for <code>Error</code> and <code>Display</code></li> <li>The docs are now rendered on docs.rs and are much better overall.</li> </ol> <h3>Breaking changes</h3> <ul> <li>The minimum supported Rust version (MSRV) is now Rust 1.75.</li> <li>Add the <code>std</code> feature which should be disabled in <code>no_std</code> environments.</li> <li>All Cargo features, except <code>std</code>, are now disabled by default. The <code>full</code> feature can be used to get the old behavior of supporting all possible derives.</li> <li>The <code>TryFrom</code>, <code>Add</code>, <code>Sub</code>, <code>BitAnd</code>, <code>BitOr</code>, <code>BitXor</code>, <code>Not</code> and <code>Neg</code> derives now return a dedicated error type instead of a <code>&'static str</code> on error.</li> <li>The <code>FromStr</code> derive now uses a dedicated <code>FromStrError</code> error type instead of generating unique one each time.</li> <li>The <code>Display</code> derive (and other <code>fmt</code>-like ones) now uses <code>#[display("...", (<expr>),*)]</code> syntax instead of <code>#[display(fmt = "...", ("<expr>"),*)]</code>, and <code>#[display(bound(<bound>))]</code> instead of <code>#[display(bound = "<bound>")]</code>. So without the double quotes around the expressions and bounds.</li> <li>The <code>Debug</code> and <code>Display</code> derives (and other <code>fmt</code>-like ones) now transparently delegate to the inner type when <code>#[display("...", (<expr>),*)]</code> attribute is trivially substitutable with a transparent call. (<a href="https://redirect.github.com/JelteF/derive_more/pull/322">#322</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/JelteF/derive_more/blob/master/CHANGELOG.md">derive_more's changelog</a>.</em></p> <blockquote> <h2>1.0.0 - 2024-08-07</h2> <p>More than 8 years after the first commit and almost 5 years after the 0.99.0 release, <code>derive_more</code> has finally reached its 1.0.0 release. This release contains a lot of changes (including some breaking ones) to make it easier to use the derives and make it possible to extend them without having to break backwards compatibility again. There are five major changes that I would like to call out, but there are many more changes that are documented below:</p> <ol> <li>There is a new <code>Debug</code> derive that can be used to easily customize <code>Debug</code> formatting.</li> <li>A greatly improved <code>Display</code> derive, which allows you to do anything that <a href="https://github.com/dtolnay/thiserror"><code>thiserror</code></a> provides, but it works for any type not just errors. And by combining the <code>Display</code> derive with the <code>Error</code> and <code>From</code> derives, there shouldn't really be any need to use <code>thiserror</code> anymore (if you are missing a feature/behaviour from <code>thiserror</code> please report an issue).</li> <li>Traits that can return errors now return a type that implements <code>Error</code> when an error occurs instead of a <code>&'static str</code>.</li> <li>When using <code>use derive_more::SomeTrait</code> the actual trait is also imported not just the derive macro. This is especially useful for <code>Error</code> and <code>Display</code></li> <li>The docs are now rendered on docs.rs and are much better overall.</li> </ol> <h3>Breaking changes</h3> <ul> <li>The minimum supported Rust version (MSRV) is now Rust 1.75.</li> <li>Add the <code>std</code> feature which should be disabled in <code>no_std</code> environments.</li> <li>All Cargo features, except <code>std</code>, are now disabled by default. The <code>full</code> feature can be used to get the old behavior of supporting all possible derives.</li> <li>The <code>TryFrom</code>, <code>Add</code>, <code>Sub</code>, <code>BitAnd</code>, <code>BitOr</code>, <code>BitXor</code>, <code>Not</code> and <code>Neg</code> derives now return a dedicated error type instead of a <code>&'static str</code> on error.</li> <li>The <code>FromStr</code> derive now uses a dedicated <code>FromStrError</code> error type instead of generating unique one each time.</li> <li>The <code>Display</code> derive (and other <code>fmt</code>-like ones) now uses <code>#[display("...", (<expr>),*)]</code> syntax instead of <code>#[display(fmt = "...", ("<expr>"),*)]</code>, and <code>#[display(bound(<bound>))]</code> instead of <code>#[display(bound = "<bound>")]</code>. So without the double quotes around the expressions and bounds.</li> <li>The <code>Debug</code> and <code>Display</code> derives (and other <code>fmt</code>-like ones) now transparently delegate to the inner type when <code>#[display("...", (<expr>),*)]</code> attribute is trivially substitutable with a transparent call. (<a href="https://redirect.github.com/JelteF/derive_more/pull/322">#322</a>)</li> <li>The <code>DebugCustom</code> derive is renamed to just <code>Debug</code> (gated now under a separate <code>debug</code> feature), and its semantics were changed to be a superset of <code>std</code> variant of <code>Debug</code>.</li> <li>The <code>From</code> derive doesn't derive <code>From<()></code> for enum variants without any fields anymore. This feature was removed because it was considered useless in</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
21bdfcb163 |
build(deps): Bump sadness-generator from 0.5.0 to 0.6.0 in /rust (#6869)
Bumps [sadness-generator](https://github.com/EmbarkStudios/crash-handling) from 0.5.0 to 0.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/EmbarkStudios/crash-handling/releases">sadness-generator's releases</a>.</em></p> <blockquote> <h2>sadness-generator-0.6.0</h2> <h3>Changed</h3> <ul> <li>Update MSRV to 1.62.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Reactor Scram
|
d2a8155ba7 |
fix(rust/client): set sentry release version and environment correctly (#6855)
Closes #6854 - Sets release version from the GUI Client / Headless Client version instead of the `firezone-telemetry` version - Set environment to "production" and "staging" for well-known API URLs, and "self-hosted" for others, since environments in Sentry can't have slashes in them - Sets API URL as a tag - Sets release to `unit test` for unit testing `firezone-telemetry` itself, since it has no good version number <img width="398" alt="image" src="https://github.com/user-attachments/assets/86f71193-2511-45c1-8304-413db8e5ef90"> |
||
|
Thomas Eizinger
|
9644b0c0b1 |
chore(snownet): unset parent span (#6865)
When constructing a span, any currently set span will automatically be set as the parent. In the case of the `connection` span, this was the `accept_answer` or `new_connection` span from the client / gateway. Those are not meant to be re-activated every time we enter the `connection` span. By setting an explicit parent, we avoid that. Unfortunately, this means that this span will never have a parent, even if other spans are active whilst we enter this one. We enter this one in the hot-path, which is why it is being constructed ahead of time. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Thomas Eizinger
|
86262a5f66 |
chore(rust): add tracing-macros dependency (#6866)
This crate contains a useful macro `dbg!` which acts mostly like `std::dbg!` but logs to `tracing` instead. Having it easily available as a dependency during development makes debugging easier, especially with `tunnel_test` which produces log-files per test-run. |
||
|
Thomas Eizinger
|
b8828f50e7 |
chore(rust): remove hickory dependencies (#6867)
These were still defined from a time when we made use of `hickory` for DNS resolution. |
||
|
Jamil
|
c10a457672 |
docs: Add note on resource address match order (#6818)
Documents how overlapping addresses are matched. Draft until #6809 is merged and published. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Thomas Eizinger
|
6736bb7866 |
feat(connlib): always-on, low-power connections (#6845)
Within `snownet` - `connlib`'s connectivity library - we use ICE to set up a UDP "connection" between a client and a gateway. UDP is an unreliable transport, meaning the only way how can detect that the connection is broken is for both parties to constantly send messages and acknowledgements back and forth. ICE uses STUN binding requests for this. In the default configuration of `str0m`, a STUN binding is sent every 3s, and we tolerate at most 9 missing responses before we consider the connection broken. As these responses go missing, `str0m` halves this interval, which results in a total ICE timeout of around 17 seconds. We already tweak these values by reducing the number of requests to 8 and setting the interval to 1.5s. This results in a total ICE timeout of ~10s which effectively means that there is at most a 10s lag between the connection breaking and us considering it broken at which point new packets arriving at the TUN interface can trigger the setup of a new connection with the gateway. Lowering these timeouts improves the user experience in case of a broken connection because the user doesn't have to wait as long before they can access their resources again. The downside of lowering these timeouts is that we generate a lot of background noise. Especially on mobile devices, this is bad because it prevents the CPU from going to sleep and thus simply being signed into Firezone will drain your battery, even if you don't use it. Note that this doesn't apply at all if the client application on top detects a network change. In that case, we hard-reset all connections and instantly create new ones. We attempted to fix this in #5576 by closing idle connections after 5 minutes. This however created new problems such as #6778. The original problem here is that we send too many STUN messages as soon as a connection is established. Simply increasing the timeout is not an option because it would make the user experience really bad in case the connection actually drops for reasons that the client app can't detect. In this patch, we attempt to solve this in a different way: Detecting a broken connection is only critical if the user is actively using the tunnel (i.e. sending traffic). If there is no traffic, it doesn't matter if we need longer to detect a broken connection. The user won't notice because their phone is probably in their pocket or something. With this patch, we now implement the following behaviour: - A connection is considered idle after 10s of no application traffic. - On idle connections, we send a STUN requests every 60s - On idle connections, we wait for at most 4 missing responses before considering the connection broken. - Every connection will perform a client-initiated WireGuard keep-alive every 25s, unless there is application traffic. These values have been chosen while considering the following sources: 1. [RFC4787, REQ-5](https://www.rfc-editor.org/rfc/rfc4787.html#section-12) requires NATs to keep UDP NAT mappings alive for at least 2 minutes. 2. [`conntrack`](https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.rst) adopts this requirement via the `nf_conntrack_udp_timeout_stream` configuration. 3. 25s is the default keep-alive of the WireGuard kernel module. In theory the WireGuard keep-alive itself should be good enough to keep all NAT bindings alive. In practice, missed keep-alives are not exposed by boringtun (the WireGuard implementation we rely on) and thus we need the additional STUN keep-alives to detect broken connections. We set those somewhat conservatively to 60s. As soon as the user triggers new application traffic, these values are reverted back to their defaults, meaning even if the connection died just before the user is starting to use it again, we will know within the usual 10s because we are triggering new STUN requests more often. Note that existing gateways still implement the "close idle connections after 5 minutes" behaviour. Customers will need to upgrade to a new gateway version to fully benefit from these new always-on, low-power connections. Resolves: #6778. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Reactor Scram
|
7e55e7de1a |
chore(rust): remove unused deps from workspace (#6852)
These crates are leaves and don't need to be deps |
||
|
Andrew Dryga
|
c2b8633914 |
feat(portal): Allow searching for resources and groups while creating and editing policies (#6840)
Closes #4186 Video:  |
||
|
Reactor Scram
|
05a2b28d9f |
feat(rust/gui-client): add sentry.io error reporting (#6782)
Refs #6138 Sentry is always enabled for now. In the near future we'll make it opt-out per device and opt-in per org (see #6138 for details) - Replaces the `crash_handling` module - Catches panics in GUI process, tunnel daemon, and Headless Client - Added a couple "breadcrumbs" to play with that feature - User ID is not set yet - Environment is set to the API URL, e.g. `wss://api.firezone.dev` - Reports panics from the connlib async task - Release should be automatically pulled from the Cargo version which we automatically set in the version Makefile Example screenshot of sentry.io with a caught panic: <img width="861" alt="image" src="https://github.com/user-attachments/assets/c5188d86-10d0-4d94-b503-3fba51a21a90"> |
||
|
Jamil
|
d35a9c4615 |
fix(apple): Fix position of indicator dot on macOS (#6851)
This was a bit out of place on normal menubars. <img width="155" alt="Screenshot 2024-09-27 at 7 53 35 AM" src="https://github.com/user-attachments/assets/04deef1b-7098-4553-b228-44b43631b92c"> |
||
|
Thomas Eizinger
|
7209060c42 |
test(connlib): assert determinism of strategies in unit-test (#6846)
In the past, we struggled a lot of the reproducibility of `tunnel_test` failures because our input state and transition strategies were not deterministic. In the end, we found out that it was due to the iteration order of `HashMap`s. To make sure this doesn't regress, we added a check to CI at the time that compares the debug output of all regression seeds against a 2nd run and ensures they are the same. That is overall a bit wonky. We can do better by simple sampling a value from the strategy twice from a test runner with the same seed. If the strategy is deterministic, those need to be the same. We still rely on the debug output being identical because: a. Deriving `PartialEq` on everything is somewhat cumbersome b. We actually care about the iteration order which a fancy `PartialEq` implementation might ignore |
||
|
Reactor Scram
|
ab66a8fec7 |
refactor(rust/gui-client): use builder pattern for Controller (#6825)
This makes it easy to add more fields to `Controller` without making them all public. This is factored out from https://github.com/firezone/firezone/pull/6782 --------- Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com> |
||
|
Reactor Scram
|
e8d23ac881 |
refactor(rust/gui-client): change how default settings are initialized (#6826)
This makes it easier to add more fields to the settings without writing them twice This is factored out from https://github.com/firezone/firezone/pull/6782 |
||
|
Reactor Scram
|
6e90a7f007 |
refactor(headless-client): re-arrange main (#6835)
Extracted from #6782 This moves more of `main` inside the async block, which makes it easier to set up telemetry in the future. We also log errors for the DNS notifier, which was overlooked before. |
||
|
Jamil
|
2d2945ab27 |
fix(cd): sed doesn't like dealing with multiple files (#6847)
This was preventing versions from being updated. Strange issue. |
||
|
Jamil
|
8b81711d19 | docs: Add Changelog for #6733 (#6844) | ||
|
Thomas Eizinger
|
20cea883c4 | docs: add changelog entry for #6831 (#6843) | ||
|
Thomas Eizinger
|
e901d51550 |
refactor(gateway): split proxy IP assignment from authorisation (#6812)
At the moment, the mapping of proxy IPs to the resolved IPs of a DNS resource happens at the same time as the "authorisation" that the client is allowed to talk to that resource. This is somewhat convoluted because: - Mapping proxy IPs to resolved IPs only needs to happen for DNS resources, yet it is called for all resources (and internally skipped). - Wildcard DNS resources only need to be authorised once, after which the client is allowed to communicate with any domain matching the wildcard address. - The code that models resources within `ClientOnGateway` doesn't differentiate between resource types at all. With #6461, the authorisation of a resource will be completely decoupled from the domain resolution for a particular domain of a DNS resource. To make that easier to implement, we re-model the internals of `ClientOnGateway` to differentiate the various resource types. Instead of holding a single vec of addresses, the IPs are now indexed by the respective domain. For CIDR resources, we only hold a single address anyway and for the Internet Resource, the IP networks are static. This new model now implies that allowing a resource that has already been allowed essentially implies an update and the filters get re-calculated. |
||
|
Jamil
|
9a5d87739a |
fix(website): Sign in -> Admin portal and fix mobile safari SVG crash (#6839)
- Address customer feedback re: sign in link - Mobile safari crash fixed with simplified/optimized SVG |
||
|
Reactor Scram
|
8ae1eb7721 |
chore(ci): alphabetize Windows packages (#6824)
Also add `firezone-logging` which slipped through This is factored out from #6782 |
||
|
Thomas Eizinger
|
81564e270b |
fix(connlib): answer use-application-dns.net with NXDOMAIN (#6831)
Firefox uses this so-called canary domain `use-application-dns.net` to detect, whether it should use DoH for its DNS queries. If answered with a server error or without records, Firefox disables DoH as long as it only its "Default protection" is enabled. If a user forces DoH, this hint from the network is ignored. See https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet for details. I tested this on MacOS and Firefox does indeed instantly disable DoH. A default installation of Chrome doesn't use DoH for me. Related: #6375. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Jamil
|
e7dddee78f |
ci: bump android apple dns match (#6833)
Bumps Android -> 1.3.4, Apple -> 1.3.5 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Reactor Scram
|
d6128db353 |
chore(rust/gui-client): fix missing favicon and make GUI logs quieter (#6823)
Closes #6821 Before <img width="570" alt="image" src="https://github.com/user-attachments/assets/1a86b828-3416-43e9-a70c-dc50d112b2d9"> After <img width="566" alt="image" src="https://github.com/user-attachments/assets/9fc6fd66-70aa-4305-8a67-d77517d040ae"> |
||
|
Jamil
|
62f99bd2a4 |
fix(ci): Reduce log level for android upload release workflow (#6830)
Reduces the likelihood we log something sensitive. |
||
|
Thomas Eizinger
|
e38bb4bbe5 |
refactor(website): better changelog writing UX (#6827)
Currently, our changelog components have a lot of duplication. Additionally, keeping a "commented out" `Entry` around leads to many merge conflicts because the formatter doesn't pick up code within comments. To fix this, we introduce an `Unreleased` components that doesn't render its children. Furthermore, we move the `<ul>` into the `Entry` components to avoid duplicating it for every changelog entry. |
||
|
Jamil
|
c5561163e1 |
ci: Bump GUI and Headless for DNS ambiguity fix (#6829)
Bump gui/headless clients for #6809 |
||
|
Thomas Eizinger
|
29bc276bf2 |
refactor(connlib): parallelise TUN operations (#6673)
Currently, `connlib` is entirely single-threaded. This allows us to reuse a single buffer for processing IP packets and makes reasoning of the packet processing code very simple. Being single-threaded also means we can only make use of a single CPU core and all operations have to be sequential. Analyzing `connlib` using `perf` shows that we spend 26% of our CPU time writing packets to the TUN interface [0]. Because we are single-threaded, `connlib` cannot do anything else during this time. If we could offload the writing of these packets to a different thread, `connlib` could already process the next packet while the current one is writing. Packets that we send to the TUN interface arrived as an encrypted WG packet over UDP and get decrypted into a - currently - shared buffer. Moving the writing to a different thread implies that we have to have more of these buffer that the next packet(s) can be decrypted into. To avoid IP fragmentation, we set the maximum IP MTU to 1280 bytes on the TUN interface. That actually isn't very big and easily fits into a stackframe. The default stack size for threads is 2MB [1]. Instead of creating more buffers and cycling through them, we can also simply stack-allocate our IP packets. This incurs some overhead from copying packets but it is only ~3.5% [2] (This was measured without a separate thread). With stack-allocated packets, almost all lifetime-annotations go away which in itself is already a welcome ergonomics boost. Stack-allocated packets also means we can simply spawn a new thread for the packet processing. This thread is connected with two channel to connlib's main thread. The capacity of 1000 packets will at most consume an additional 3.5 MB of memory which is fine even on our most-constrained devices such as iOS. [0]: https://share.firefox.dev/3z78CzD [1]: https://doc.rust-lang.org/std/thread/#stack-size [2]: https://share.firefox.dev/3Bf4zla Resolves: #6653. Resolves: #5541. |
||
|
Thomas Eizinger
|
42a13789b1 |
fix(connlib): match exact domains before wildcard ones (#6809)
Currently, the order in which connlib matches against the patterns of DNS resources is not specified. We simply iterate over all patterns and take the first one that matches. Due to the iteration order of `HashMap`s, this also isn't deterministic. With this patch, we introduce a defined order in which we attempt to match a particular domain against the defined DNS resources: - Resources without wildcards are always prioritised over wildcard domains - Single-char wildcards (`?`) take priority over label wildcards (`*`) - Label wildcards (`*`) take priority over catch-all wildcards (`**`) By matching against the DNS resources in a defined order, we ensure that DNS resources that overlap always resolve to the most specific resource. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com> |