github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,898 Commits 1 Branch 0 Tags
dce5ab91789c6bf470fb1502b34fe77d51ffe057
Commit Graph

6898 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Eizinger
dce5ab9178 build(deps): bump Rust to 1.86 (#8636) 2025-04-03 21:14:08 +00:00
dependabot[bot]
b318dd060f build(deps): bump tauri-plugin-shell from 2.2.0 to 2.2.1 in /rust in the cargo group (#8625) 
Bumps the cargo group in /rust with 1 update:
[tauri-plugin-shell](https://github.com/tauri-apps/plugins-workspace).

Updates `tauri-plugin-shell` from 2.2.0 to 2.2.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-shell's
releases</a>.</em></p>
<blockquote>
<h2>opener-js v2.2.1</h2>
<h2>[2.2.1]</h2>
<ul>
<li><a
href="18dffc9dfe"><code>18dffc9d</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2189">#2189</a>
by <a
href="https://github.com/tauri-apps/plugins-workspace/../../lucasfernog"><code>@​lucasfernog</code></a>)
Fix usage on iOS.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run &quot;npm pkg fix&quot; to
address these errors.
npm warn publish errors corrected:
npm warn publish &quot;repository&quot; was changed from a string to an
object
npm warn publish &quot;repository.url&quot; was normalized to
&quot;git+https://github.com/tauri-apps/plugins-workspace.git&quot;
npm notice
npm notice 📦  @tauri-apps/plugin-opener@2.2.1
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 3.9kB README.md
npm notice 2.8kB dist-js/index.cjs
npm notice 1.8kB dist-js/index.d.ts
npm notice 2.7kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 729B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-opener
npm notice version: 2.2.1
npm notice filename: tauri-apps-plugin-opener-2.2.1.tgz
npm notice package size: 3.3 kB
npm notice unpacked size: 12.8 kB
npm notice shasum: cf0d74f683171d0cb31657baa417ad7b75cef4c0
npm notice integrity: sha512-zloo4xzBqeh36[...]S65GLVkeXTHPg==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=154516065
+ @tauri-apps/plugin-opener@2.2.1
</code></pre>
<!-- raw HTML omitted -->
<h2>opener v2.2.1</h2>
<h2>[2.2.1]</h2>
<ul>
<li><a
href="18dffc9dfe"><code>18dffc9d</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2189">#2189</a>
by <a
href="https://github.com/tauri-apps/plugins-workspace/../../lucasfernog"><code>@​lucasfernog</code></a>)
Fix usage on iOS.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b40a02c525"><code>b40a02c</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2477">#2477</a>)</li>
<li><a
href="a1b3fa27f1"><code>a1b3fa2</code></a>
fix: Re-export api structs (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2515">#2515</a>)</li>
<li><a
href="e54cfcb261"><code>e54cfcb</code></a>
fix(updater): should be <code>log::debug</code> not <code>println</code>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2514">#2514</a>)</li>
<li><a
href="22ba197b80"><code>22ba197</code></a>
chore(deps): update eslint monorepo to v9.22.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2508">#2508</a>)</li>
<li><a
href="77520a3587"><code>77520a3</code></a>
chore(deps): update dependency rollup to v4.35.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2511">#2511</a>)</li>
<li><a
href="dbc5fe120a"><code>dbc5fe1</code></a>
chore(deps): update dependency eslint-config-prettier to v10.1.1 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2503">#2503</a>)</li>
<li><a
href="faefcc9fd8"><code>faefcc9</code></a>
feat(updater): add <code>configure_client</code> to
<code>UpdaterBuilder</code> (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2430">#2430</a>)</li>
<li><a
href="ac60d589ec"><code>ac60d58</code></a>
feat(updater): improve tracing and error logging (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2513">#2513</a>)</li>
<li><a
href="cb38f54f4a"><code>cb38f54</code></a>
HTTP add stream support (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2479">#2479</a>)</li>
<li><a
href="d37bbdef8d"><code>d37bbde</code></a>
fix(clipboard-manager): Wayland support (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2507">#2507</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/os-v2.2.0...os-v2.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tauri-plugin-shell&package-manager=cargo&previous-version=2.2.0&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-03 21:11:11 +00:00
Jamil
27a1d59451 chore(relay): Add xdp-tools debug Docker image build script (#8591) 
This contains useful utilities like `xdpdump` which can be used on the
Relays to debug eBPF codepaths.

Build this on the Relays themselves can take prohibitively long, so this
image has been pushed to
`us-east1-docker.pkg.dev/firezone-staging/firezone/xdp-tools:latest`.
 2025-04-03 18:17:23 +00:00
Jamil
fb9f132a49 fix(portal): Interpret missing members as empty list (#8640) 
The Google API will often return a missing `members` key alongside a
`200` response from their members API. The documentation here isn't
clear whether this key is expected or not, but since the sync has been
working fine up until #8608, we can only surmise that the missing key in
fact means the group has no members.

This PR updates the Google API client so that a `default_if_missing` can
be passed in which is returned if the API response is missing the JSON
key to fetch.

For the users, groups, and organization units fetches, we consider a
missing key to be an error and we return `{:error, :invalid_response}`
since this most likely indicates an API problem.

For the members endpoint, we consider the missing key to be the empty
set.

Additionally, a bug is fixed that was introduced in #8608 whereupon we
returned `{:error, :retry_later}` for newly-accounted-for API responses,
which would have caused a "sync failed" email to be sent to the admins
on the instance.

Instead, we want to return `{:error, :invalid_response}` which will stop
the sync from progressing, and log it internally.
 2025-04-03 11:27:39 -07:00
Thomas Eizinger
634c5ee38f refactor(eBPF): reuse CdHdr struct (#8635) 
Instead of passing just a 4-byte array, we can pass a `CdHdr` struct
that we have already defined. This is more type-safe and correctly
captures the invariant of the order of fields in the header.
 2025-04-03 14:22:38 +00:00
dependabot[bot]
0f6abf074c build(deps): bump next from 14.2.25 to 14.2.26 in /website in the npm_and_yarn group (#8624) 
Bumps the npm_and_yarn group in /website with 1 update:
[next](https://github.com/vercel/next.js).

Updates `next` from 14.2.25 to 14.2.26
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v14.2.26</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Match subrequest handling for edge and node (<a
href="https://redirect.github.com/vercel/next.js/issues/77476">#77476</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="10a042cdca"><code>10a042c</code></a>
v14.2.26</li>
<li><a
href="8a511d6a22"><code>8a511d6</code></a>
Match subrequest handling for edge and node (<a
href="https://redirect.github.com/vercel/next.js/issues/77476">#77476</a>)</li>
<li>See full diff in <a
href="https://github.com/vercel/next.js/compare/v14.2.25...v14.2.26">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=14.2.25&new-version=14.2.26)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-03 14:15:46 +00:00
Thomas Eizinger
2b1527b48c chore(eBPF): warn when dropping packets (#8630) 
When we decide to drop a packet, it means something is seriously off and
we should look into it. These warnings will propagate to userspace and
trigger a warning that gets reported to Sentry (if telemetry is
enabled).
 2025-04-03 14:14:27 +00:00
Thomas Eizinger
b863febac8 chore(eBPF): fix bad error message (#8629) 
Not sure how this one snuck in there. Must have made a mistake with my
multi-line cursors.
 2025-04-03 14:14:07 +00:00
Thomas Eizinger
6a83b06f9e feat(eBPF): log Ethernet header update (#8632) 
Similar to IPv4, IPv6 and UDP, this adds a debug log describing how we
are updating the Ethernet header of a packet.

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-04-03 14:09:47 +00:00
Jamil
2f7598c648 fix(portal): Delete soft-deleted synced actor_groups (#8638) 
The previous migration only accounted for soft-deleted rows that have an
active counterpart.

This fails the new unique index if multiple soft-deleted rows exist for
the same `account_id, provider_id, provider_identifier` combination.

Instead, to appease the new index, we need to delete all soft-deleted
rows where these fields exist.

Related: #8615
 2025-04-03 07:21:06 -07:00
Thomas Eizinger
0ecb8c7f6b build(deps): use released version of arboard (#8637) 2025-04-03 13:46:55 +00:00
Thomas Eizinger
8ee1cb9e89 feat(telemetry): include environment in decide request (#8616) 
This allows us to toggle feature-flags based on environments.
 2025-04-03 11:25:03 +00:00
dependabot[bot]
7f0bb08225 build(deps-dev): bump tailwindcss from 4.0.9 to 4.0.17 in /rust/gui-client (#8576) 
Bumps
[tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss)
from 4.0.9 to 4.0.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.17</h2>
<h3>Fixed</h3>
<ul>
<li>Fix an issue causing the CLI to hang when processing Ruby files (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17383">#17383</a>)</li>
</ul>
<h2>v4.0.16</h2>
<h3>Added</h3>
<ul>
<li>Add support for literal values in <code>--value('…')</code> and
<code>--modifier('…')</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17304">#17304</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix class extraction followed by <code>(</code> in Pug (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17320">#17320</a>)</li>
<li>Ensure <code>@keyframes</code> for theme animations are emitted if
they are referenced following a comma (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17352">#17352</a>)</li>
<li>Vite: Ensure that updates to an imported CSS file are properly
propagated after updating source files (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17347">#17347</a>)</li>
<li>Pre process <code>Slim</code> templates embedded in Ruby files (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17336">#17336</a>)</li>
<li>Error when input and output files resolve to the same file when
using the CLI (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17311">#17311</a>)</li>
<li>Add missing suggestions when <code>--spacing(--value(integer,
number))</code> is used (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17308">#17308</a>)</li>
<li>Add <code>::-webkit-details-marker</code> pseudo to
<code>marker</code> variant (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17362">#17362</a>)</li>
</ul>
<h2>v4.0.15</h2>
<h3>Fixed</h3>
<ul>
<li>Fix incorrect angle in <code>-bg-conic-*</code> utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17174">#17174</a>)</li>
<li>Fix <code>border-[12px_4px]</code> being interpreted as a
<code>border-color</code> instead of a <code>border-width</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17248">#17248</a>)</li>
<li>Work around a crash in Safari 16.4 and 16.5 when using the default
Preflight styles (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17306">#17306</a>)</li>
<li>Pre-process <code>\&lt;template lang=&quot;…&quot;&gt;</code> in Vue
files (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17252">#17252</a>)</li>
<li>Ensure that all CSS variables used by Preflight are prefixed (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17036">#17036</a>)</li>
<li>Prevent segfault when loaded in a worker thread on Linux (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17276">#17276</a>)</li>
<li>Ensure multiple <code>--value(…)</code> or
<code>--modifier(…)</code> calls don't delete subsequent declarations
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17273">#17273</a>)</li>
<li>Fix class extraction followed by <code>(</code> in Slim (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17278">#17278</a>)</li>
<li>Export <code>PluginUtils</code> from <code>tailwindcss/plugin</code>
for compatibility with v3 (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17299">#17299</a>)</li>
<li>Remove redundant <code>line-height: initial</code> from Preflight
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/15212">#15212</a>)</li>
<li>Increase Standalone hardware compatibility on macOS x64 builds (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17267">#17267</a>)</li>
<li>Ensure that the CSS file rebuilds if a new CSS variable is used from
templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17301">#17301</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>--theme(…)</code> function now returns CSS variables from
your theme variables unless used inside positions where CSS variables
are invalid (e.g. inside <code>@media</code> queries) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17036">#17036</a>)</li>
</ul>
<h2>v4.0.14</h2>
<h3>Fixed</h3>
<ul>
<li>Do not extract candidates with JS string interpolation
<code>${</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17142">#17142</a>)</li>
<li>Fix extraction of variants containing <code>.</code> character (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17153">#17153</a>)</li>
<li>Fix extracting candidates in Clojure/ClojureScript (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17087">#17087</a>)</li>
</ul>
<h2>v4.0.13</h2>
<h3>Fixed</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md">tailwindcss's
changelog</a>.</em></p>
<blockquote>
<h2>[4.0.17] - 2025-03-26</h2>
<h3>Fixed</h3>
<ul>
<li>Fix an issue causing the CLI to hang when processing Ruby files (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17383">#17383</a>)</li>
</ul>
<h2>[4.0.16] - 2025-03-25</h2>
<h3>Added</h3>
<ul>
<li>Add support for literal values in <code>--value('…')</code> and
<code>--modifier('…')</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17304">#17304</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix class extraction followed by <code>(</code> in Pug (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17320">#17320</a>)</li>
<li>Ensure <code>@keyframes</code> for theme animations are emitted if
they are referenced following a comma (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17352">#17352</a>)</li>
<li>Vite: Ensure that updates to an imported CSS file are properly
propagated after updating source files (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17347">#17347</a>)</li>
<li>Pre process <code>Slim</code> templates embedded in Ruby files (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17336">#17336</a>)</li>
<li>Error when input and output files resolve to the same file when
using the CLI (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17311">#17311</a>)</li>
<li>Add missing suggestions when <code>--spacing(--value(integer,
number))</code> is used (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17308">#17308</a>)</li>
<li>Add <code>::-webkit-details-marker</code> pseudo to
<code>marker</code> variant (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17362">#17362</a>)</li>
</ul>
<h2>[4.0.15] - 2025-03-20</h2>
<h3>Fixed</h3>
<ul>
<li>Fix incorrect angle in <code>-bg-conic-*</code> utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17174">#17174</a>)</li>
<li>Fix <code>border-[12px_4px]</code> being interpreted as a
<code>border-color</code> instead of a <code>border-width</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17248">#17248</a>)</li>
<li>Work around a crash in Safari 16.4 and 16.5 when using the default
Preflight styles (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17306">#17306</a>)</li>
<li>Pre-process <code>\&lt;template lang=&quot;…&quot;&gt;</code> in Vue
files (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17252">#17252</a>)</li>
<li>Ensure that all CSS variables used by Preflight are prefixed (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17036">#17036</a>)</li>
<li>Prevent segfault when loaded in a worker thread on Linux (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17276">#17276</a>)</li>
<li>Ensure multiple <code>--value(…)</code> or
<code>--modifier(…)</code> calls don't delete subsequent declarations
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17273">#17273</a>)</li>
<li>Fix class extraction followed by <code>(</code> in Slim (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17278">#17278</a>)</li>
<li>Export <code>PluginUtils</code> from <code>tailwindcss/plugin</code>
for compatibility with v3 (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17299">#17299</a>)</li>
<li>Remove redundant <code>line-height: initial</code> from Preflight
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/15212">#15212</a>)</li>
<li>Increase Standalone hardware compatibility on macOS x64 builds (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17267">#17267</a>)</li>
<li>Ensure that the CSS file rebuilds if a new CSS variable is used from
templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17301">#17301</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>--theme(…)</code> function now returns CSS variables from
your theme variables unless used inside positions where CSS variables
are invalid (e.g. inside <code>@media</code> queries) (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17036">#17036</a>)</li>
</ul>
<h2>[4.0.14] - 2025-03-13</h2>
<h3>Fixed</h3>
<ul>
<li>Do not extract candidates with JS string interpolation
<code>${</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17142">#17142</a>)</li>
<li>Fix extraction of variants containing <code>.</code> character (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17153">#17153</a>)</li>
<li>Fix extracting candidates in Clojure/ClojureScript (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17087">#17087</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6b1c650410"><code>6b1c650</code></a>
Prepare v4.0.17 release</li>
<li><a
href="1c50b5c16c"><code>1c50b5c</code></a>
Prepare v4.0.16 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17372">#17372</a>)</li>
<li><a
href="bd501e8511"><code>bd501e8</code></a>
Add <code>::-webkit-details-marker</code> pseudo to <code>marker</code>
variant (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17362">#17362</a>)</li>
<li><a
href="e8715d081e"><code>e8715d0</code></a>
Extract keyframe name when followed by comma (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17352">#17352</a>)</li>
<li><a
href="91c0d56d0f"><code>91c0d56</code></a>
Revert &quot;Temporarily revert changes to `@utility&quot;</li>
<li><a
href="1aab04cebf"><code>1aab04c</code></a>
Temporarily revert changes to `@utility</li>
<li><a
href="250c843341"><code>250c843</code></a>
Add suggestions when <code>--spacing(--value(integer, number))</code> is
used (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17308">#17308</a>)</li>
<li><a
href="a3316f2ef4"><code>a3316f2</code></a>
Add support for literal values in <code>--value('…')</code> and
<code>--modifier('…')</code> (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17304">#17304</a>)</li>
<li><a
href="4c57d9f734"><code>4c57d9f</code></a>
Prepare v4.0.15 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17302">#17302</a>)</li>
<li><a
href="40a76e3380"><code>40a76e3</code></a>
Revert &quot;Don't use <code>color-mix(…)</code> on
<code>currentColor</code> (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/17247">#17247</a>)&quot;
and work around ...</li>
<li>Additional commits viewable in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.0.17/packages/tailwindcss">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tailwindcss&package-manager=npm_and_yarn&previous-version=4.0.9&new-version=4.0.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-03 11:19:10 +00:00
dependabot[bot]
af220119f2 build(deps-dev): bump vite from 6.2.3 to 6.2.4 in /rust/gui-client (#8577) 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite)
from 6.2.3 to 6.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.4</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v6.2.4/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/v6.2.4/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->6.2.4 (2025-03-31)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: fs check in transform middleware (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761">#19761</a>)
(<a
href="7a4fabab6a">7a4faba</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19761">#19761</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="037f801075"><code>037f801</code></a>
release: v6.2.4</li>
<li><a
href="7a4fabab6a"><code>7a4faba</code></a>
fix: fs check in transform middleware (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761">#19761</a>)</li>
<li>See full diff in <a
href="https://github.com/vitejs/vite/commits/v6.2.4/packages/vite">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vite&package-manager=npm_and_yarn&previous-version=6.2.3&new-version=6.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-03 11:16:12 +00:00
dependabot[bot]
b65ec02cde build(deps): bump actions/setup-node from 4.2.0 to 4.3.0 (#8561) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from
4.2.0 to 4.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<h3>Dependency updates</h3>
<ul>
<li>Upgrade <code>@​actions/glob</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1200">actions/setup-node#1200</a></li>
<li>Upgrade <code>@​action/cache</code> from 4.0.0 to 4.0.2 by <a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a> in
<a
href="https://redirect.github.com/actions/setup-node/pull/1251">actions/setup-node#1251</a></li>
<li>Upgrade <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1203">actions/setup-node#1203</a></li>
<li>Upgrade <code>@​actions/tool-cache</code> from 2.0.1 to 2.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1220">actions/setup-node#1220</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1251">actions/setup-node#1251</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v4...v4.3.0">https://github.com/actions/setup-node/compare/v4...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cdca7365b2"><code>cdca736</code></a>
Bump <code>@​actions/tool-cache</code> from 2.0.1 to 2.0.2 (<a
href="https://redirect.github.com/actions/setup-node/issues/1220">#1220</a>)</li>
<li><a
href="22c0e7494f"><code>22c0e74</code></a>
Bump <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3 (<a
href="https://redirect.github.com/actions/setup-node/issues/1203">#1203</a>)</li>
<li><a
href="a7c2d9473e"><code>a7c2d94</code></a>
actions/cache upgrade (<a
href="https://redirect.github.com/actions/setup-node/issues/1251">#1251</a>)</li>
<li><a
href="802632921f"><code>8026329</code></a>
Bump <code>@​actions/glob</code> from 0.4.0 to 0.5.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1200">#1200</a>)</li>
<li>See full diff in <a
href="1d0ff469b7...cdca7365b2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=4.2.0&new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-03 11:15:56 +00:00
dependabot[bot]
aba3ab87d8 build(deps): bump the tauri group in /rust/gui-client with 2 updates (#8573) 
Bumps the tauri group in /rust/gui-client with 2 updates:
[@tauri-apps/api](https://github.com/tauri-apps/tauri) and
[@tauri-apps/cli](https://github.com/tauri-apps/tauri).

Updates `@tauri-apps/api` from 2.3.0 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/api</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/api</code> v2.4.0</h2>
<!-- raw HTML omitted -->
<pre><code>No known vulnerabilities found
</code></pre>
<!-- raw HTML omitted -->
<h2>[2.4.0]</h2>
<h3>New Features</h3>
<ul>
<li><a
href="d8059bad3c"><code>d8059bad3</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12900">#12900</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../Simon-Laux"><code>@​Simon-Laux</code></a>)
add <code>AppHandle.fetch_data_store_identifiers</code> and
<code>AppHandle.remove_data_store</code> (macOS and iOS only)</li>
<li><a
href="20c1906912"><code>20c190691</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12821">#12821</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../Simon-Laux"><code>@​Simon-Laux</code></a>)
Added <code>WindowOptions::javascriptDisabled</code> and
<code>WebviewOptions::javascriptDisabled</code>.</li>
<li><a
href="060de5bbdd"><code>060de5bbd</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12837">#12837</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../niladrix719"><code>@​niladrix719</code></a>)
Added <code>getIdentifier()</code> function to get the application
identifier configured in tauri.conf.json</li>
<li><a
href="be2e6b85fe"><code>be2e6b85f</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12944">#12944</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../Simon-Laux"><code>@​Simon-Laux</code></a>)
Added <code>Window#isAlwaysOnTop</code> and
<code>WebviewWindow#isAlwaysOnTop</code> methods.</li>
<li><a
href="bcdd510254"><code>bcdd51025</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13012">#13012</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
The <code>path</code> basename and extname APIs now accept Android
content URIs, such as the paths returned by the dialog plugin.</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="3a74dc8f34"><code>3a74dc8f3</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12935">#12935</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../tk103331"><code>@​tk103331</code></a>)
Fix <code>Webview.close</code> always fail with command not found</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>&gt; @tauri-apps/api@2.4.0 npm-publish
/home/runner/work/tauri/tauri/packages/api
&gt; pnpm build &amp;&amp; cd ./dist &amp;&amp; pnpm publish --access
public --loglevel silly --no-git-checks
<p>&gt; <code>@​tauri-apps/api</code><a
href="https://github.com/2"><code>@​2</code></a>.4.0 build
/home/runner/work/tauri/tauri/packages/api
&gt; rollup -c --configPlugin typescript</p>
<p>
./src/app.ts, ./src/core.ts, ./src/dpi.ts, ./src/event.ts,
./src/image.ts, ./src/index.ts, ./src/menu.ts, ./src/mocks.ts,
./src/path.ts, ./src/tray.ts, ./src/webview.ts, ./src/webviewWindow.ts,
./src/window.ts → ./dist, ./dist...
created ./dist, ./dist in 1.5s

src/index.ts →
../../crates/tauri/scripts/bundle.global.js...
created ../../crates/tauri/scripts/bundle.global.js in
1.9s
npm verbose cli /opt/hostedtoolcache/node/20.19.0/x64/bin/node
/opt/hostedtoolcache/node/20.19.0/x64/bin/npm
npm info using npm@10.8.2
npm info using node@v20.19.0
npm silly config
load:file:/opt/hostedtoolcache/node/20.19.0/x64/lib/node_modules/npm/npmrc
npm silly config load:file:/tmp/72821e3a5f1577c84d7d9498bee4667c/.npmrc
npm silly config load:file:/home/runner/work/_temp/.npmrc
npm silly config
load:file:/opt/hostedtoolcache/node/20.19.0/x64/etc/npmrc
npm verbose title npm publish tauri-apps-api-2.4.0.tgz
npm verbose argv &quot;publish&quot; &quot;--ignore-scripts&quot;
&quot;tauri-apps-api-2.4.0.tgz&quot; &quot;--access&quot;
&quot;public&quot; &quot;--loglevel&quot; &quot;silly&quot;
&quot;--no-git-checks&quot;
&lt;/tr&gt;&lt;/table&gt;
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="be3a79c864"><code>be3a79c</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12856">#12856</a>)</li>
<li><a
href="ba42a1f553"><code>ba42a1f</code></a>
chore: pin tao and wry to latest patch versions</li>
<li><a
href="1cd8f55eed"><code>1cd8f55</code></a>
fix: don't ship global api bundle if withGlobalTauri is false (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13033">#13033</a>)</li>
<li><a
href="8603e42a6b"><code>8603e42</code></a>
fix: channel no longer being always allowed (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13032">#13032</a>)</li>
<li><a
href="c32bd722d3"><code>c32bd72</code></a>
prettify: Remove beta tag and alert users that tauri for android
currently do...</li>
<li><a
href="bcdd510254"><code>bcdd510</code></a>
feat(core): resolve file names from Android content URIs (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13012">#13012</a>)</li>
<li><a
href="71cb1e26d7"><code>71cb1e2</code></a>
docs: update <code>.disable_javascript()</code> docs (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13013">#13013</a>)</li>
<li><a
href="b459f1d405"><code>b459f1d</code></a>
docs: improve Capability docs: mention webviews (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13015">#13015</a>)</li>
<li><a
href="8cc0067165"><code>8cc0067</code></a>
chore(deps): bump zip from 2.2.2 to 2.3.0 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13016">#13016</a>)</li>
<li><a
href="f2c94aaca0"><code>f2c94aa</code></a>
feat(core): add startIntentSenderForResult Android API for plugins (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12682">#12682</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/api-v2.3.0...@tauri-apps/api-v2.4.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `@tauri-apps/cli` from 2.3.1 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/cli</code> v2.4.0</h2>
<h2>[2.4.0]</h2>
<h3>New Features</h3>
<ul>
<li><a
href="d91bfa5cb9"><code>d91bfa5cb</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12970">#12970</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Allow merging multiple configuration values on <code>tauri dev</code>,
<code>tauri build</code>, <code>tauri bundle</code>, <code>tauri android
dev</code>, <code>tauri android build</code>, <code>tauri ios dev</code>
and <code>tauri ios build</code>.</li>
<li><a
href="30f5a1553d"><code>30f5a1553</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12366">#12366</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
Added <code>trafficLightPosition</code> window configuration to set the
traffic light buttons position on macOS.</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li><a
href="f981a5ee8b"><code>f981a5ee8</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12602">#12602</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../kxxt"><code>@​kxxt</code></a>)
Add basic support for linux riscv64 platform.</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="0c4700e990"><code>0c4700e99</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12985">#12985</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
The cli will now accept <code>--bundles updater</code> again. It's still
no-op as it has been for all v2 versions. If you want to build updater
artifacts, enable <code>createUpdaterArtifacts</code> in
<code>tauri.conf.json</code>.</li>
<li><a
href="b83921226c"><code>b83921226</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12977">#12977</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Fix <code>tauri ios</code> commands using the wrong working directory
with <code>bun@&gt;1.2</code>.</li>
<li><a
href="f268b3dbdf"><code>f268b3dbd</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/12871">#12871</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Ignore parent .gitignore files on the Tauri project path detection.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>tauri-cli@2.4.0</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="be3a79c864"><code>be3a79c</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12856">#12856</a>)</li>
<li><a
href="ba42a1f553"><code>ba42a1f</code></a>
chore: pin tao and wry to latest patch versions</li>
<li><a
href="1cd8f55eed"><code>1cd8f55</code></a>
fix: don't ship global api bundle if withGlobalTauri is false (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13033">#13033</a>)</li>
<li><a
href="8603e42a6b"><code>8603e42</code></a>
fix: channel no longer being always allowed (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13032">#13032</a>)</li>
<li><a
href="c32bd722d3"><code>c32bd72</code></a>
prettify: Remove beta tag and alert users that tauri for android
currently do...</li>
<li><a
href="bcdd510254"><code>bcdd510</code></a>
feat(core): resolve file names from Android content URIs (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13012">#13012</a>)</li>
<li><a
href="71cb1e26d7"><code>71cb1e2</code></a>
docs: update <code>.disable_javascript()</code> docs (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13013">#13013</a>)</li>
<li><a
href="b459f1d405"><code>b459f1d</code></a>
docs: improve Capability docs: mention webviews (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13015">#13015</a>)</li>
<li><a
href="8cc0067165"><code>8cc0067</code></a>
chore(deps): bump zip from 2.2.2 to 2.3.0 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13016">#13016</a>)</li>
<li><a
href="f2c94aaca0"><code>f2c94aa</code></a>
feat(core): add startIntentSenderForResult Android API for plugins (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/12682">#12682</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v2.3.1...@tauri-apps/cli-v2.4.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-03 11:15:40 +00:00
dependabot[bot]
c03f840969 build(deps): bump actions/download-artifact from 4.1.8 to 4.2.1 (#8596) 
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 4.1.8 to 4.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Add unit tests by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/392">actions/download-artifact#392</a></li>
<li>Fix bug introduced in 4.2.0 by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/391">actions/download-artifact#391</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1">https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1</a></p>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README.md by <a
href="https://github.com/lkfortuna"><code>@​lkfortuna</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/384">actions/download-artifact#384</a></li>
<li>Bump artifact version, do digest check by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/383">actions/download-artifact#383</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/lkfortuna"><code>@​lkfortuna</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/384">actions/download-artifact#384</a></li>
<li><a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/383">actions/download-artifact#383</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.1.9...v4.2.0">https://github.com/actions/download-artifact/compare/v4.1.9...v4.2.0</a></p>
<h2>v4.1.9</h2>
<h2>What's Changed</h2>
<ul>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/354">actions/download-artifact#354</a></li>
<li>docs: small migration fix by <a
href="https://github.com/froblesmartin"><code>@​froblesmartin</code></a>
in <a
href="https://redirect.github.com/actions/download-artifact/pull/370">actions/download-artifact#370</a></li>
<li>Update MIGRATION.md by <a
href="https://github.com/andyfeller"><code>@​andyfeller</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/372">actions/download-artifact#372</a></li>
<li>Update artifact package to 2.2.2 by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/380">actions/download-artifact#380</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/354">actions/download-artifact#354</a></li>
<li><a
href="https://github.com/froblesmartin"><code>@​froblesmartin</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/370">actions/download-artifact#370</a></li>
<li><a
href="https://github.com/andyfeller"><code>@​andyfeller</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/372">actions/download-artifact#372</a></li>
<li><a href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/380">actions/download-artifact#380</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.1.8...v4.1.9">https://github.com/actions/download-artifact/compare/v4.1.8...v4.1.9</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="95815c38cf"><code>95815c3</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/391">#391</a>
from GhadimiR/main</li>
<li><a
href="278fca438a"><code>278fca4</code></a>
Move log statements</li>
<li><a
href="68909842a1"><code>6890984</code></a>
Merge branch 'main' into main</li>
<li><a
href="f9415c0ec3"><code>f9415c0</code></a>
Run unit tests in CI</li>
<li><a
href="76a6eb5cbc"><code>76a6eb5</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/392">#392</a>
from GhadimiR/add_unit_tests</li>
<li><a
href="a2426d7c45"><code>a2426d7</code></a>
Merge branch 'main' into add_unit_tests</li>
<li><a
href="3ffa694f6f"><code>3ffa694</code></a>
lint</li>
<li><a
href="53f6aa5f93"><code>53f6aa5</code></a>
Add extra assertion to download single artifact test</li>
<li><a
href="b456700053"><code>b456700</code></a>
lint</li>
<li><a
href="9eab798a98"><code>9eab798</code></a>
Configure tsconfig</li>
<li>Additional commits viewable in <a
href="fa0a91b85d...95815c38cf">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=4.1.8&new-version=4.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-03 11:15:09 +00:00
Thomas Eizinger
40fb7d0565 fix(eBPF): explicitly attach in SKB mode (#8628) 
It appears that the gVNIC driver in Google Cloud doesn't give us enough
headroom to use `bpf_xdp_adjust_head` with a delta of 4 bytes.
Currently, we are loading the XDP program with default flags. By loading
it explicitly in SKB mode, we should be able to bypass these driver
limitations at the expense of some performance (which should still be
better than userspace!).

Related:
https://github.com/GoogleCloudPlatform/compute-virtual-ethernet-linux/issues/70
 2025-04-03 07:51:45 +00:00
Thomas Eizinger
8c55c2a46a chore(eBPF): include return value in errors (#8626) 
At present, we only check for the return value of the various helper
functions and bail out if they fail. What we don't learn is what the
actual return code is. To further help with debugging, we include the
return code in the error so we can print it later.

We can't use the formatting macro within the `write` function so we need
to stitch the message together ourselves.
 2025-04-03 01:21:47 +00:00
Thomas Eizinger
d00995a91e fix(eBPF): drop messed up packets (#8618) 
In case any of the xdp store/adjust/load functions fail, we need to drop
the packet. By the time we get to these functions, we have already
overwrote the Ethernet, IP and UDP headers and would only need to copy
them either forwards or backwards to get rid of or add the channel data
header. Forwarding these packets to userspace is pointless.
 2025-04-03 00:27:44 +00:00
Jamil
4afcdf1c53 test(windows): Expect 80 Mbps on slow actions runners (#8621) 
These are still failing a good portion of the time:


https://github.com/firezone/firezone/actions/runs/14226461996/job/39867070540?pr=8620
 2025-04-02 22:22:20 +00:00
dependabot[bot]
5d65622133 build(deps): bump react-markdown from 10.0.1 to 10.1.0 in /website (#8581) 
Bumps [react-markdown](https://github.com/remarkjs/react-markdown) from
10.0.1 to 10.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remarkjs/react-markdown/releases">react-markdown's
releases</a>.</em></p>
<blockquote>
<h2>10.1.0</h2>
<h4>Add</h4>
<ul>
<li>939c667 Add <code>fallback</code> prop to <code>MarkdownHooks</code>
by <a
href="https://github.com/remcohaszing"><code>@​remcohaszing</code></a>
in <a
href="https://redirect.github.com/remarkjs/react-markdown/pull/897">remarkjs/react-markdown#897</a></li>
</ul>
<h4>Fix</h4>
<ul>
<li>a40ae2e Fix race condition in <code>MarkdownHooks</code>
by <a
href="https://github.com/remcohaszing"><code>@​remcohaszing</code></a>
in <a
href="https://redirect.github.com/remarkjs/react-markdown/pull/896">remarkjs/react-markdown#896</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/remarkjs/react-markdown/compare/10.0.1...10.1.0">https://github.com/remarkjs/react-markdown/compare/10.0.1...10.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="44d2e4a44b"><code>44d2e4a</code></a>
10.1.0</li>
<li><a
href="f2369cd7b7"><code>f2369cd</code></a>
Refactor docs</li>
<li><a
href="26fdfe0375"><code>26fdfe0</code></a>
Update docs</li>
<li><a
href="544bff69fb"><code>544bff6</code></a>
Refactor code-style</li>
<li><a
href="939c6671c9"><code>939c667</code></a>
Add <code>fallback</code> prop to <code>MarkdownHooks</code></li>
<li><a
href="a40ae2e313"><code>a40ae2e</code></a>
Fix race condition in <code>MarkdownHooks</code></li>
<li><a
href="ad7f37f0b4"><code>ad7f37f</code></a>
Add lifecycle tests for <code>MarkdownHooks</code></li>
<li>See full diff in <a
href="https://github.com/remarkjs/react-markdown/compare/10.0.1...10.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=react-markdown&package-manager=npm_and_yarn&previous-version=10.0.1&new-version=10.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-02 22:16:07 +00:00
dependabot[bot]
484289717d build(deps): bump @types/node from 22.13.0 to 22.13.15 in /website (#8594) 
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 22.13.0 to 22.13.15.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/node&package-manager=npm_and_yarn&previous-version=22.13.0&new-version=22.13.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-02 22:15:34 +00:00
dependabot[bot]
3a627e3439 build(deps): bump docker/setup-qemu-action from 3.3.0 to 3.6.0 (#8595) 
Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 3.3.0 to 3.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.0</h2>
<ul>
<li>Display binfmt version by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/202">docker/setup-qemu-action#202</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0">https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0</a></p>
<h2>v3.5.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.54.0 to 0.56.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/205">docker/setup-qemu-action#205</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0">https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0</a></p>
<h2>v3.4.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.49.0 to 0.54.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/193">docker/setup-qemu-action#193</a>
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/197">docker/setup-qemu-action#197</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.3.0...v3.4.0">https://github.com/docker/setup-qemu-action/compare/v3.3.0...v3.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="29109295f8"><code>2910929</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/202">#202</a>
from crazy-max/binfmt-version</li>
<li><a
href="7ffe24aa9a"><code>7ffe24a</code></a>
chore: update generated content</li>
<li><a
href="17bc18bb05"><code>17bc18b</code></a>
display binfmt version</li>
<li><a
href="5964de0df5"><code>5964de0</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/205">#205</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="862b6633f8"><code>862b663</code></a>
chore: update generated content</li>
<li><a
href="138de3b646"><code>138de3b</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.54.0 to
0.56.0</li>
<li><a
href="4574d27a47"><code>4574d27</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/195">#195</a>
from radarhere/patch-1</li>
<li><a
href="7a38281c35"><code>7a38281</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/197">#197</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="7a1c63f9e5"><code>7a1c63f</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.53.0 to
0.54.0</li>
<li><a
href="2825a1268f"><code>2825a12</code></a>
Fixed typo</li>
<li>Additional commits viewable in <a
href="53851d1459...29109295f8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=3.3.0&new-version=3.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-02 22:15:11 +00:00
dependabot[bot]
14a4d12ceb build(deps): bump taiki-e/install-action from 2.49.9 to 2.49.40 (#8597) 
Bumps
[taiki-e/install-action](https://github.com/taiki-e/install-action) from
2.49.9 to 2.49.40.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's
releases</a>.</em></p>
<blockquote>
<h2>2.49.40</h2>
<ul>
<li>Update <code>typos@latest</code> to 1.31.1.</li>
</ul>
<h2>2.49.39</h2>
<ul>
<li>Downgrade <code>cargo-lambda@latest</code> to 1.8.0. (<a
href="https://redirect.github.com/taiki-e/install-action/pull/923">#923</a>)</li>
</ul>
<h2>2.49.38</h2>
<ul>
<li>
<p>Update <code>cargo-lambda@latest</code> to 1.8.1.</p>
</li>
<li>
<p>Update <code>typos@latest</code> to 1.31.0.</p>
</li>
<li>
<p>Update <code>trunk@latest</code> to 0.21.12.</p>
</li>
</ul>
<h2>2.49.37</h2>
<ul>
<li>Update <code>trunk@latest</code> to 0.21.11.</li>
</ul>
<h2>2.49.36</h2>
<ul>
<li>
<p>Update <code>release-plz@latest</code> to 0.3.129.</p>
</li>
<li>
<p>Update <code>protoc@latest</code> to 3.30.2.</p>
</li>
</ul>
<h2>2.49.35</h2>
<ul>
<li>
<p>Update <code>cargo-nextest@latest</code> to 0.9.93.</p>
</li>
<li>
<p>Update <code>typos@latest</code> to 1.30.3.</p>
</li>
<li>
<p>Update <code>wash@latest</code> to 0.41.0.</p>
</li>
</ul>
<h2>2.49.34</h2>
<ul>
<li>Update <code>knope@latest</code> to 0.19.0.</li>
</ul>
<h2>2.49.33</h2>
<ul>
<li>Update <code>release-plz@latest</code> to 0.3.128.</li>
</ul>
<h2>2.49.32</h2>
<ul>
<li>Update <code>wasmtime@latest</code> to 31.0.0.</li>
</ul>
<h2>2.49.31</h2>
<ul>
<li>
<p>Update <code>cargo-hack@latest</code> to 0.6.36.</p>
</li>
<li>
<p>Update <code>cargo-binstall@latest</code> to 1.12.2.</p>
</li>
</ul>
<h2>2.49.30</h2>
<ul>
<li>Update <code>dprint@latest</code> to 0.49.1.</li>
</ul>
<h2>2.49.29</h2>
<ul>
<li>
<p>Update <code>syft@latest</code> to 1.21.0.</p>
</li>
<li>
<p>Update <code>release-plz@latest</code> to 0.3.127.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>This project adheres to <a href="https://semver.org">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased]</h2>
<ul>
<li>Update <code>mdbook@latest</code> to 0.4.48.</li>
</ul>
<h2>[2.49.40] - 2025-03-31</h2>
<ul>
<li>Update <code>typos@latest</code> to 1.31.1.</li>
</ul>
<h2>[2.49.39] - 2025-03-30</h2>
<ul>
<li>Downgrade <code>cargo-lambda@latest</code> to 1.8.0. (<a
href="https://redirect.github.com/taiki-e/install-action/pull/923">#923</a>)</li>
</ul>
<h2>[2.49.38] - 2025-03-29</h2>
<ul>
<li>
<p>Update <code>cargo-lambda@latest</code> to 1.8.1.</p>
</li>
<li>
<p>Update <code>typos@latest</code> to 1.31.0.</p>
</li>
<li>
<p>Update <code>trunk@latest</code> to 0.21.12.</p>
</li>
</ul>
<h2>[2.49.37] - 2025-03-27</h2>
<ul>
<li>Update <code>trunk@latest</code> to 0.21.11.</li>
</ul>
<h2>[2.49.36] - 2025-03-27</h2>
<ul>
<li>
<p>Update <code>release-plz@latest</code> to 0.3.129.</p>
</li>
<li>
<p>Update <code>protoc@latest</code> to 3.30.2.</p>
</li>
</ul>
<h2>[2.49.35] - 2025-03-25</h2>
<ul>
<li>
<p>Update <code>cargo-nextest@latest</code> to 0.9.93.</p>
</li>
<li>
<p>Update <code>typos@latest</code> to 1.30.3.</p>
</li>
<li>
<p>Update <code>wash@latest</code> to 0.41.0.</p>
</li>
</ul>
<h2>[2.49.34] - 2025-03-24</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="daa3c1f1f9"><code>daa3c1f</code></a>
Release 2.49.40</li>
<li><a
href="f51cb331c7"><code>f51cb33</code></a>
Update <code>typos@latest</code> to 1.31.1</li>
<li><a
href="6aca1cfa12"><code>6aca1cf</code></a>
Release 2.49.39</li>
<li><a
href="afd4ec3cf7"><code>afd4ec3</code></a>
Update changelog</li>
<li><a
href="3aab944b2c"><code>3aab944</code></a>
codegen: Mark cargo-lambda 1.8.1 as broken</li>
<li><a
href="9cd3d1b2b5"><code>9cd3d1b</code></a>
Update cargo-lambda manifest</li>
<li><a
href="1c861c252b"><code>1c861c2</code></a>
Release 2.49.38</li>
<li><a
href="ec15fa7ca8"><code>ec15fa7</code></a>
Update cspell dictionary</li>
<li><a
href="7b00681e7b"><code>7b00681</code></a>
Revert &quot;tools: Pin cspell to 8.17.5&quot;</li>
<li><a
href="0e9faa0611"><code>0e9faa0</code></a>
Update <code>cargo-lambda@latest</code> to 1.8.1</li>
<li>Additional commits viewable in <a
href="0b63bc859f...daa3c1f1f9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=taiki-e/install-action&package-manager=github_actions&previous-version=2.49.9&new-version=2.49.40)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-02 22:14:17 +00:00
Jamil
713ff1e7de chore(portal): Log problematic identity api responses (#8623) 
After merging #8608, we discovered that we receive unexpected API
responses on the regular. This adds improved logging to uncover what
exactly these unexpected API responses are.
 2025-04-02 14:59:16 -07:00
Jamil
f275bf70d9 fix(portal): Resurrect deleted identities and groups (#8615) 
When syncing identities from an identity, we have logic in place that
resurrects any soft-deleted identities in order to maintain their
session history, group memberships and any other relevant data. Users
can be temporarily suspended from their identity provider and then
resumed.

Groups, however, based on cursory research, can never be temporarily
suspended at the identity provider. However, this doesn't mean that we
can't see the group disappear and reappear at a later point in time.
This can happen due to a temporary sync issue, or in the upcoming Group
Filters PR: #8381.

This PR adds more robust testing to ensure we can in fact resurrect
identities as expected.

It also updates the group sync logic to similarly resurrect soft-deleted
groups if they are seen again in a subsequent sync.

To achieve this, we need to update the `UNIQUE CONSTRAINT` used in the
upsert clause during the sync. Before, it was possible for two (or more)
groups to exist with the same provider_identifier and provider_id, if
`deleted_at IS NOT NULL`. Now, we need to ensure that only one group
with the same `account_id, provider_id, provider_identifier` can exist,
since we want to resurrect and not recreate these.

To do this, we use a migration that does the following:

1. Ensures any potentially problematic data is permanently deleted
2. Drops the existing unique constraint
3. Recreates it, omitting `WHERE DELETED_AT IS NULL` from the partial
index.

Based on exploring the production DB data, this should not cause any
issues, but it would be a good idea to double-check before rolling this
out to prod.


Lastly, the final missing piece to the resurrection story is Policies.
This is saved for a future PR since we need to first define the
difference between a policy that was soft-deleted via a sync job, and a
policy that was "perma" deleted by a user.

Related: #8187
 2025-04-02 21:12:44 +00:00
Jamil
3c99040c86 chore(infra): bump terraform for Stripe DNS record update (#8620) 
Related: https://github.com/firezone/environments/pull/13
 2025-04-02 13:44:17 -07:00
Jamil
88c4e723a6 fix(portal): Gracefully handle dir sync error responses (#8608) 
When calling the various directory sync endpoints, we had error cases
that matched a few of the possible error scenarios in an appropriate way
by returning either `{:error, :retry_later}` or the `{:error, ...}`
tuples.

However, as we've recently learned in [this
thread](https://firezonehq.slack.com/archives/C069H865MHP/p1743521884037159),
it's possible for identity provider APIs to return all kinds of bogus
data here, and we need a more defensive approach.

The specific issue this PR addresses is the case where we receive a
`2xx` response, but without the expected JSON key in the response body.
That will result in the `list*` functions returning an empty list, which
the calling code paths then use to soft-delete all existing record types
in the DB.

This is wrong. If the JSON response is missing a key we're expecting, we
instead log a warning and return `{:error, :retry_later}`. It's
currently unknown when exactly this happens and why, but with better
monitoring here we'll have a much better picture as to why.
 2025-04-02 19:04:43 +00:00
Thomas Eizinger
e7cf00eb53 chore(relay): log when encountering unsupported channel mappings (#8617) 
Currently, the relays eBPF module only supports routing from IPv4 to
IPv4 as well as IPv6 to IPv6. In general, TURN servers can also route
from IPv4 to IPv6 and vice versa. Our userspace routing supports that
but doing the same in the eBPF code is a bit more involved. We'd need to
move around the headers a bit more (IPv4 and IPv6 headers are different
in size), as well as configure the respective "source" address for each
interface. Currently, we simply take the destination address of the
incoming packet as the new source address. When routing across IP
versions, that doesn't work.

To gain some more insight into how often this happens, we add these
additional maps and populate them. This allows us to emit a dedicated
log message whenever we encounter a packet for such a mapping.

First, we always do check for an entry in the maps that we can handle.
If we can't we check the other map and special-case the error.
Otherwise, we fall back to the previous "no entry" error. We shouldn't
really see these "no entry" errors anymore now, unless someone starts
probing our relays for active channels.
 2025-04-02 12:07:59 +00:00
Thomas Eizinger
bac5cfa4cb fix(connlib): set idle timer to be longer than ICE timeout (#8612) 
Our idle connection detection works based on incoming and outgoing
packets, whichever one happened later. If we have not received or sent
packets for longer than `MAX_IDLE`, we transition into idle mode where
we configure our ICE agent to only send binding requests every 60
seconds.

Our ICE timeout in non-idle mode is just north of 10 seconds (the
formula is a bit tricky so don't have the accurate number). This can
cause a problem whenever a Gateway disappears. We leave the idle mode as
soon as we send a packet through the Gateway. Thus, what we intended to
happen is that, as long as you keep trying to connect to the Gateway, we
will leave the idle mode, increase our rate of STUN bindings through the
ICE agent and detect within ~10s that the Gateway is gone.

What actually happens is that, IF whatever resource you are trying to
talk to is a DNS resource (which is very likely) and the application
starts off with a DNS query, then we will reset the local DNS resource
NAT state and ping the Gateway to set up the NAT again (we do this to
ensure we don't have stale DNS entries on the Gateway). This message is
only sent once and all other packets are buffered. Thus, the connection
will go back to idle before the newly sent STUN binding requests can
determine that the connection is actually broken.

Resolves: #8551
 2025-04-02 07:03:35 +00:00
Thomas Eizinger
4695f289a0 chore(relay): add more logs to eBPF stats reporting (#8613) 2025-04-02 06:50:01 +00:00
Jamil
12c2984906 chore: Bump staging to relay log level (#8614) 
Need `debug` level on staging.
 2025-04-01 23:47:02 -07:00
Thomas Eizinger
59453bd063 chore(eBPF): improve log messages (#8611) 2025-04-02 04:52:45 +00:00
Thomas Eizinger
fb1311991a fix(eBPF): correctly set Ethernet addresses (#8601) 
At present, the eBPF code assumes that the incoming packet needs to be
sent back to the same MAC address that it came from. This is only true
if there is at least one IP layer hop in-between the relay and the
Client / Gateway. When setting up Firezone in my local LAN to debug the
eBPF code, all components are within the same subnet and thus can send
packets directly to each other, without having to go through the router.
In such a scenario, simply swapping the Ethernet addresses is not
correct.

As part of witnessing traffic coming in via the network, we can build up
a mapping of IP to MAC address. This mapping can then later be used to
set the correct MAC address for a given destination IP. All of this
functions entirely without interaction from userspace.

Unless you are running in a LAN environment, most if not all IPs will
point to the same MAC address (the one of the next IP layer hop, i.e.
the router). For the very first packet that we want to relay, we will
not have a MAC address for the destination IP. This doesn't matter
though, we simply pass that packet up to userspace and handle it there.
Pretty much all communication on the Internet is bi-directional because
you need some kind of ACK. As soon as we receive the first ACK, e.g. the
response to a binding request, we will learn the MAC address for the
given target IP and the eBPF router can kick in for all packets going
forward.

Related: #7518
 2025-04-02 03:20:37 +00:00
Thomas Eizinger
42d742e3df chore: add bpftools to nix shell env (#8609) 2025-04-02 03:05:24 +00:00
Jamil
8805d906aa chore(portal): Leave notes around sync frequency (#8605) 
When reading through these modules, it's helpful to know that the actual
sync data update doesn't occur more often than 10 minutes due to a
database check.
 2025-04-01 18:25:33 +00:00
Jamil
ce82859cd4 fix(portal): Disable mock sync job in prod (#8606) 
The adapter itself isn't enabled in the UI on prod, but the background
job to sync mock data was. This prevents the job from being started and
emitting log noise into production logs.
 2025-04-01 18:24:48 +00:00
Thomas Eizinger
f71995f7a5 fix(eBPF): incorporate change in UDP payload into checksum (#8603) 
The UDP checksum also includes the entire payload. Removing and adding
bytes to the payload therefore needs to be reflected in the checksum
update that we perform. When we add the channel data header, we need to
add the bytes to the checksum and when we remove them, they need to be
removed.

Related: #7518
 2025-04-01 16:23:44 +00:00
dependabot[bot]
45340c8276 build(deps): bump lycheeverse/lychee-action from 2.3.0 to 2.4.0 (#8598) 
Bumps
[lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action)
from 2.3.0 to 2.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lycheeverse/lychee-action/releases">lycheeverse/lychee-action's
releases</a>.</em></p>
<blockquote>
<h2>Version 2.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>
<p>lychee now has a new task output, which allows to track which links
got fixed more easily.
It looks like this:</p>
<p>[test.html]:</p>
<ul>
<li>[X] [404] <a
href="https://en.wikipedia.org/wiki/foo">https://en.wikipedia.org/wiki/foo</a>
| Network error: Not Found</li>
<li>[ ] [404] <a
href="https://en.wikipedia.org/wiki/bar">https://en.wikipedia.org/wiki/bar</a>
| Network error: Not Found</li>
<li>[ ] [ERROR] <a
href="https://example.com/baz">https://example.com/baz</a> | Network
error: error sending request for url (<a
href="https://example.com/baz">https://example.com/baz</a>) Maybe a
certificate error?</li>
</ul>
<p>Each broken link has a checkbox that can be ticked off once fixed.
Credit goes to <a
href="https://github.com/Arteiii"><code>@​Arteiii</code></a> for the
idea and the implementation.
See <a
href="https://redirect.github.com/lycheeverse/lychee-action/issues/274">#274</a>
for more information.</p>
</li>
<li>
<p>Update To latest lychee Release by <a
href="https://github.com/Arteiii"><code>@​Arteiii</code></a> in <a
href="https://redirect.github.com/lycheeverse/lychee-action/pull/279">lycheeverse/lychee-action#279</a></p>
</li>
<li>
<p>Add <code>workingDirectory</code> argument by <a
href="https://github.com/mre"><code>@​mre</code></a> in <a
href="https://redirect.github.com/lycheeverse/lychee-action/pull/283">lycheeverse/lychee-action#283</a></p>
</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Arteiii"><code>@​Arteiii</code></a> made
their first contribution in <a
href="https://redirect.github.com/lycheeverse/lychee-action/pull/279">lycheeverse/lychee-action#279</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/lycheeverse/lychee-action/compare/v2...v2.4.0">https://github.com/lycheeverse/lychee-action/compare/v2...v2.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1d97d84f0b"><code>1d97d84</code></a>
Add <code>workingDirectory</code> argument (<a
href="https://redirect.github.com/lycheeverse/lychee-action/issues/283">#283</a>)</li>
<li><a
href="a99389aeff"><code>a99389a</code></a>
Update To latest Release and add Checkbox Option (fixes <a
href="https://redirect.github.com/lycheeverse/lychee-action/issues/274">#274</a>)
(<a
href="https://redirect.github.com/lycheeverse/lychee-action/issues/279">#279</a>)</li>
<li>See full diff in <a
href="https://github.com/lycheeverse/lychee-action/compare/v2.3.0...1d97d84f0bc547f7b25f4c2170d87d810dc2fb2c">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lycheeverse/lychee-action&package-manager=github_actions&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 15:28:38 +00:00
Thomas Eizinger
e58ec73bbc refactor(eBPF): imply XDP_TX from Ok(()) (#8604) 
Currently, the eBPF code isn't consistent in how it handles XDP actions.
For some cases, we return errors and then map them to `XDP_PASS` or
`XDP_DROP`. For others, we return `Ok(XDP_PASS)`. This is unnecessarily
hard to understand.

We refactor the eBPF kernel to ALWAYS use `Error`s for all code-paths
that don't end in `XDP_TX`, i.e. when we successfully modified the
packet and want to send it back out.

In addition, we also change the way we log these errors. Not all errors
are equal and most `XDP_PASS` actions don't need to be logged. Those
packets are simply passing through.

Finally, we also introduce new checks in case any calls to the eBPF
helper functions fail.

Related: #7518
 2025-04-01 13:42:00 +00:00
Thomas Eizinger
cff14b3da0 feat(relay): make interface for eBPF program configurable (#8592) 2025-04-01 08:20:27 +00:00
Thomas Eizinger
a942dee723 chore(eBPF): don't count channel data header as relayed bytes (#8590) 2025-04-01 04:31:06 +00:00
Thomas Eizinger
42e63fdcc5 ci: move .lycheeignore to website/ (#8589) 
The lychee action now has a `workingDirectory` argument that makes it
search for a `.lycheeignore` file in that directory. We can use this to
remove the `.lycheeignore` file from our top-level repository tree,
uncluttering that a bit.
 2025-04-01 00:14:42 +00:00
Thomas Eizinger
bb36156ea8 chore(eBPF): remove commented out codeblock (#8588) 
This is a leftover from debugging trying to make the verifier happy.
 2025-04-01 00:10:36 +00:00
Thomas Eizinger
db76cc3844 fix(relay): reduce memory usage of eBPF program to < 100MB (#8587) 
At present, the eBPF program would try to pre-allocate around 800MB of
memory for all entries in the maps. This would allow for 1 million
channel mappings. We don't need that many to begin with. Reducing the
max number of channels down to 65536 reduces our memory usage to less
than 100MB.

Related: #7518

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-04-01 00:08:07 +00:00
dependabot[bot]
8326210015 build(deps): bump autoprefixer from 10.4.20 to 10.4.21 in /website (#8584) 
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from
10.4.20 to 10.4.21.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/autoprefixer/releases">autoprefixer's
releases</a>.</em></p>
<blockquote>
<h2>10.4.21</h2>
<ul>
<li>Fixed old <code>-moz-</code> prefix for
<code>:placeholder-shown</code> (by <a
href="https://github.com/Marukome0743"><code>@​Marukome0743</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md">autoprefixer's
changelog</a>.</em></p>
<blockquote>
<h2>10.4.21</h2>
<ul>
<li>Fixed old <code>-moz-</code> prefix for
<code>:placeholder-shown</code> (by <a
href="https://github.com/Marukome0743"><code>@​Marukome0743</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="541295c0e6"><code>541295c</code></a>
Release 10.4.21 version</li>
<li><a
href="8d555f7e5e"><code>8d555f7</code></a>
Update dependencies and sort imports</li>
<li><a
href="5c2421e82a"><code>5c2421e</code></a>
Update Node.js and pnpm on CI</li>
<li><a
href="af9cb5f365"><code>af9cb5f</code></a>
fix: replace <code>:-moz-placeholder-shown</code> with
<code>:-moz-placeholder</code> (<a
href="https://redirect.github.com/postcss/autoprefixer/issues/1532">#1532</a>)</li>
<li>See full diff in <a
href="https://github.com/postcss/autoprefixer/compare/10.4.20...10.4.21">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=autoprefixer&package-manager=npm_and_yarn&previous-version=10.4.20&new-version=10.4.21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-31 22:39:44 +00:00
Thomas Eizinger
1d0ecf94b8 feat(relay): record metrics about bytes relayed via eBPF (#8556) 
Perf events are designed to be an extremely efficient way of
transferring data from an eBPF kernel to the user-space program. In
order to monitor, how much traffic we are actually relaying via eBPF, we
introduce a dedicated `STATS` map that is a `PerfEventArray`.

The events from that array are read asynchronously in user-space and fed
into our OTEL metrics. They will show up in our Google Cloud metrics as
`data_relayed_ebpf_bytes`. We already have a metric for the total
relayed bytes. That counter is renamed to `data_relayed_userspace_bytes`
so we can clearly differentiate the two.
 2025-03-31 21:57:31 +00:00
Thomas Eizinger
b51a68def0 feat(relay): implement eBPF routing for IPv6 (#8554) 
This fills in the boilerplate for handling IPv6 packets in the eBPF
code. Unfortunately, we cannot add an integration test for this because
IPv6 doesn't have a checksum and thus doesn't allow the UDP checksum to
be set to 0. Because Linux (and other OSs too I'd assume) offload UDP
checksumming to the NIC yet on the loopback interface, the packets never
get to the NIC, our eBPF code sees only a partial checksum and can thus
updates the checksum incorrectly.

Related: #7518
Related: #8502

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-03-31 21:22:11 +00:00
dependabot[bot]
9999027bc1 build(deps): bump resolv-conf from 0.7.0 to 0.7.1 in /rust (#8559) 
Bumps [resolv-conf](https://github.com/hickory-dns/resolv-conf) from
0.7.0 to 0.7.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/hickory-dns/resolv-conf/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=resolv-conf&package-manager=cargo&previous-version=0.7.0&new-version=0.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-31 21:03:14 +00:00