github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,161 Commits 1 Branch 0 Tags
ec93cfb834e2a643c070e6b3dee9340827495ab5
Commit Graph

2761 Commits

Author SHA1 Message Date
dependabot[bot]
ec93cfb834 build(deps): bump keyring from 3.6.2 to 3.6.3 in /rust (#10451) 
Bumps [keyring](https://github.com/hwchen/keyring-rs) from 3.6.2 to
3.6.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hwchen/keyring-rs/releases">keyring's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.3: Likely final release of v3</h2>
<p>This release integrates a few important bug fixes (thanks <a
href="https://github.com/vermiculus"><code>@​vermiculus</code></a>, <a
href="https://github.com/unkcpz"><code>@​unkcpz</code></a>) that have
come in since the release of v3.6.2, and is the last release expected
for the v3 series. The release of v4 is expected in about a month, and
it will bring significant changes:</p>
<ul>
<li>the cross-platform API will become its own crate: keyring-core.</li>
<li>each credential store will become its own store.</li>
<li>this crate will become an example of how to write a keyring-based
application.</li>
</ul>
<p>PLEASE NOTE: with this release, the main branch has changed
significantly. What was on the main branch has moved to be a v4 branch,
and the main branch was reverted to v3.6.2 and then had bug fix commits
added on. If you have an existing fork of this repository, you should
immediately sync your repo by choosing the &quot;discard commits&quot;
option, which will take your repo back to v3.6.2 and then pull the newer
commits. Then, if you have development work on one of your other
branches, you should rebase that work onto the updated main.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="315cbdf6c6"><code>315cbdf</code></a>
Credits for v3.6.3 release.</li>
<li><a
href="edee747db0"><code>edee747</code></a>
Merge pull request <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/260">#260</a>
from open-source-cooperative/dependabot/cargo/windows...</li>
<li><a
href="a3470f1260"><code>a3470f1</code></a>
Update windows-sys requirement from 0.59 to 0.60</li>
<li><a
href="f38b5e9afa"><code>f38b5e9</code></a>
Cherry pick all contributions since 3.6.2.</li>
<li><a
href="b9af61dc5a"><code>b9af61d</code></a>
Zero out credential passwords before dealloc.</li>
<li><a
href="19ec928f2b"><code>19ec928</code></a>
Don't clone returned passwords.</li>
<li><a
href="46eebf5688"><code>46eebf5</code></a>
windows: use static value for 'comment' attribute</li>
<li><a
href="7b408eddc7"><code>7b408ed</code></a>
Revert variable renaming</li>
<li><a
href="88a3d6c01d"><code>88a3d6c</code></a>
Cosmetic fix: remove blank lines</li>
<li><a
href="afcc3148ca"><code>afcc314</code></a>
Implement default byte -&gt; password conversion methods.</li>
<li>Additional commits viewable in <a
href="https://github.com/hwchen/keyring-rs/compare/v3.6.2...v3.6.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=keyring&package-manager=cargo&previous-version=3.6.2&new-version=3.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-30 12:09:45 +00:00
dependabot[bot]
9647c67a6b build(deps): bump the aya group in /rust with 5 updates (#10478) 
Bumps the aya group in /rust with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [aya](https://github.com/aya-rs/aya) | ``3018246`` | ``ec3eacc`` |
| [aya-build](https://github.com/aya-rs/aya) | ``3018246`` | ``ec3eacc``
|
| [aya-ebpf](https://github.com/aya-rs/aya) | ``3018246`` | ``ec3eacc``
|
| [aya-log](https://github.com/aya-rs/aya) | ``3018246`` | ``ec3eacc`` |
| [aya-log-ebpf](https://github.com/aya-rs/aya) | ``3018246`` |
``ec3eacc`` |

Updates `aya` from `3018246` to `ec3eacc`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3eacc1d8"><code>ec3eacc</code></a>
Increase VM memory</li>
<li><a
href="d1bb7bcc38"><code>d1bb7bc</code></a>
deny clippy::unnecessary_cast</li>
<li><a
href="be4d74fd06"><code>be4d74f</code></a>
deny clippy::fn_to_numeric_cast{,_with_truncation}</li>
<li><a
href="fa03dbdb46"><code>fa03dbd</code></a>
deny clippy::char_lit_as_u8</li>
<li><a
href="a7206b9098"><code>a7206b9</code></a>
deny clippy::cast_precision_loss</li>
<li><a
href="72104c4076"><code>72104c4</code></a>
deny clippy::cast_lossless</li>
<li><a
href="82e72a14ad"><code>82e72a1</code></a>
Remove unused import</li>
<li><a
href="d1fdbb9930"><code>d1fdbb9</code></a>
Update to macOS 15 (<a
href="https://redirect.github.com/aya-rs/aya/issues/1351">#1351</a>)</li>
<li><a
href="e2a68ee384"><code>e2a68ee</code></a>
aya-log: add <code>#[must_use]</code> attribute to
<code>EbpfLogger</code></li>
<li>See full diff in <a
href="30182463bd...ec3eacc1d8">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-build` from `3018246` to `ec3eacc`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3eacc1d8"><code>ec3eacc</code></a>
Increase VM memory</li>
<li><a
href="d1bb7bcc38"><code>d1bb7bc</code></a>
deny clippy::unnecessary_cast</li>
<li><a
href="be4d74fd06"><code>be4d74f</code></a>
deny clippy::fn_to_numeric_cast{,_with_truncation}</li>
<li><a
href="fa03dbdb46"><code>fa03dbd</code></a>
deny clippy::char_lit_as_u8</li>
<li><a
href="a7206b9098"><code>a7206b9</code></a>
deny clippy::cast_precision_loss</li>
<li><a
href="72104c4076"><code>72104c4</code></a>
deny clippy::cast_lossless</li>
<li><a
href="82e72a14ad"><code>82e72a1</code></a>
Remove unused import</li>
<li><a
href="d1fdbb9930"><code>d1fdbb9</code></a>
Update to macOS 15 (<a
href="https://redirect.github.com/aya-rs/aya/issues/1351">#1351</a>)</li>
<li><a
href="e2a68ee384"><code>e2a68ee</code></a>
aya-log: add <code>#[must_use]</code> attribute to
<code>EbpfLogger</code></li>
<li>See full diff in <a
href="30182463bd...ec3eacc1d8">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-ebpf` from `3018246` to `ec3eacc`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3eacc1d8"><code>ec3eacc</code></a>
Increase VM memory</li>
<li><a
href="d1bb7bcc38"><code>d1bb7bc</code></a>
deny clippy::unnecessary_cast</li>
<li><a
href="be4d74fd06"><code>be4d74f</code></a>
deny clippy::fn_to_numeric_cast{,_with_truncation}</li>
<li><a
href="fa03dbdb46"><code>fa03dbd</code></a>
deny clippy::char_lit_as_u8</li>
<li><a
href="a7206b9098"><code>a7206b9</code></a>
deny clippy::cast_precision_loss</li>
<li><a
href="72104c4076"><code>72104c4</code></a>
deny clippy::cast_lossless</li>
<li><a
href="82e72a14ad"><code>82e72a1</code></a>
Remove unused import</li>
<li><a
href="d1fdbb9930"><code>d1fdbb9</code></a>
Update to macOS 15 (<a
href="https://redirect.github.com/aya-rs/aya/issues/1351">#1351</a>)</li>
<li><a
href="e2a68ee384"><code>e2a68ee</code></a>
aya-log: add <code>#[must_use]</code> attribute to
<code>EbpfLogger</code></li>
<li>See full diff in <a
href="30182463bd...ec3eacc1d8">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-log` from `3018246` to `ec3eacc`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3eacc1d8"><code>ec3eacc</code></a>
Increase VM memory</li>
<li><a
href="d1bb7bcc38"><code>d1bb7bc</code></a>
deny clippy::unnecessary_cast</li>
<li><a
href="be4d74fd06"><code>be4d74f</code></a>
deny clippy::fn_to_numeric_cast{,_with_truncation}</li>
<li><a
href="fa03dbdb46"><code>fa03dbd</code></a>
deny clippy::char_lit_as_u8</li>
<li><a
href="a7206b9098"><code>a7206b9</code></a>
deny clippy::cast_precision_loss</li>
<li><a
href="72104c4076"><code>72104c4</code></a>
deny clippy::cast_lossless</li>
<li><a
href="82e72a14ad"><code>82e72a1</code></a>
Remove unused import</li>
<li><a
href="d1fdbb9930"><code>d1fdbb9</code></a>
Update to macOS 15 (<a
href="https://redirect.github.com/aya-rs/aya/issues/1351">#1351</a>)</li>
<li><a
href="e2a68ee384"><code>e2a68ee</code></a>
aya-log: add <code>#[must_use]</code> attribute to
<code>EbpfLogger</code></li>
<li>See full diff in <a
href="30182463bd...ec3eacc1d8">compare
view</a></li>
</ul>
</details>
<br />

Updates `aya-log-ebpf` from `3018246` to `ec3eacc`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3eacc1d8"><code>ec3eacc</code></a>
Increase VM memory</li>
<li><a
href="d1bb7bcc38"><code>d1bb7bc</code></a>
deny clippy::unnecessary_cast</li>
<li><a
href="be4d74fd06"><code>be4d74f</code></a>
deny clippy::fn_to_numeric_cast{,_with_truncation}</li>
<li><a
href="fa03dbdb46"><code>fa03dbd</code></a>
deny clippy::char_lit_as_u8</li>
<li><a
href="a7206b9098"><code>a7206b9</code></a>
deny clippy::cast_precision_loss</li>
<li><a
href="72104c4076"><code>72104c4</code></a>
deny clippy::cast_lossless</li>
<li><a
href="82e72a14ad"><code>82e72a1</code></a>
Remove unused import</li>
<li><a
href="d1fdbb9930"><code>d1fdbb9</code></a>
Update to macOS 15 (<a
href="https://redirect.github.com/aya-rs/aya/issues/1351">#1351</a>)</li>
<li><a
href="e2a68ee384"><code>e2a68ee</code></a>
aya-log: add <code>#[must_use]</code> attribute to
<code>EbpfLogger</code></li>
<li>See full diff in <a
href="30182463bd...ec3eacc1d8">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-30 08:54:10 +00:00
dependabot[bot]
08090baa8d build(deps): bump the react group in /rust/gui-client with 3 updates (#10470) 
Bumps the react group in /rust/gui-client with 3 updates:
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react),
[@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom)
and
[react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router).

Updates `@types/react` from 19.1.9 to 19.1.12
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `@types/react-dom` from 19.1.7 to 19.1.9
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom">compare
view</a></li>
</ul>
</details>
<br />

Updates `react-router` from 7.7.1 to 7.8.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/releases">react-router's
releases</a>.</em></p>
<blockquote>
<h2>v7.8.2</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782</a></p>
<h2>v7.8.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781</a></p>
<h2>v7.8.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's
changelog</a>.</em></p>
<blockquote>
<h2>7.8.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>[UNSTABLE] Remove Data Mode <code>future.unstable_middleware</code>
flag from <code>createBrowserRouter</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/14213">#14213</a>)</p>
<ul>
<li>This is only needed as a Framework Mode flag because of the route
modules and the <code>getLoadContext</code> type behavior change</li>
<li>In Data Mode, it's an opt-in feature because it's just a new
property on a route object, so there's no behavior changes that
necessitate a flag</li>
</ul>
</li>
<li>
<p>[UNSTABLE] Add <code>&lt;RouterProvider
unstable_onError&gt;</code>/<code>&lt;HydratedRouter
unstable_onError&gt;</code> prop for client side error reporting (<a
href="https://redirect.github.com/remix-run/react-router/pull/14162">#14162</a>)</p>
</li>
<li>
<p>server action revalidation opt out via $SKIP_REVALIDATION field (<a
href="https://redirect.github.com/remix-run/react-router/pull/14154">#14154</a>)</p>
</li>
<li>
<p>Properly escape interpolated param values in
<code>generatePath()</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/13530">#13530</a>)</p>
</li>
<li>
<p>Maintain <code>ReadonlyMap</code> and <code>ReadonlySet</code> types
in server response data. (<a
href="https://redirect.github.com/remix-run/react-router/pull/13092">#13092</a>)</p>
</li>
<li>
<p>[UNSTABLE] Delay serialization of <code>.data</code> redirects to 202
responses until after middleware chain (<a
href="https://redirect.github.com/remix-run/react-router/pull/14205">#14205</a>)</p>
</li>
<li>
<p>Fix <code>TypeError</code> if you throw from
<code>patchRoutesOnNavigation</code> when no partial matches exist (<a
href="https://redirect.github.com/remix-run/react-router/pull/14198">#14198</a>)</p>
</li>
<li>
<p>Fix <code>basename</code> usage without a leading slash in data
routers (<a
href="https://redirect.github.com/remix-run/react-router/pull/11671">#11671</a>)</p>
</li>
<li>
<p>[UNSTABLE] Update client middleware so it returns the data strategy
results allowing for more advanced post-processing middleware (<a
href="https://redirect.github.com/remix-run/react-router/pull/14151">#14151</a>)</p>
</li>
</ul>
<h2>7.8.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>Fix usage of optional path segments in nested routes defined using
absolute paths (<a
href="https://redirect.github.com/remix-run/react-router/pull/14135">#14135</a>)</li>
<li>Bubble client pre-next middleware error to the shallowest ancestor
that needs to load, not strictly the shallowest ancestor with a loader
(<a
href="https://redirect.github.com/remix-run/react-router/pull/14150">#14150</a>)</li>
<li>Fix optional static segment matching in <code>matchPath</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/11813">#11813</a>)</li>
<li>Fix prerendering when a <code>basename</code> is set with
<code>ssr:false</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/13791">#13791</a>)</li>
<li>Provide <code>isRouteErrorResponse</code> utility in
<code>react-server</code> environments (<a
href="https://redirect.github.com/remix-run/react-router/pull/14166">#14166</a>)</li>
<li>Propagate non-redirect Responses thrown from middleware to the error
boundary on document/data requests (<a
href="https://redirect.github.com/remix-run/react-router/pull/14182">#14182</a>)</li>
<li>Handle <code>meta</code> and <code>links</code> Route Exports in RSC
Data Mode (<a
href="https://redirect.github.com/remix-run/react-router/pull/14136">#14136</a>)</li>
<li>Properly convert returned/thrown <code>data()</code> values to
<code>Response</code> instances via <code>Response.json()</code> in
resource routes and middleware (<a
href="https://redirect.github.com/remix-run/react-router/pull/14159">#14159</a>,
<a
href="https://redirect.github.com/remix-run/react-router/pull/14181">#14181</a>)</li>
</ul>
<h2>7.8.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>Add <code>nonce</code> prop to <code>Links</code> &amp;
<code>PrefetchPageLinks</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/14048">#14048</a>)</li>
<li>Add <code>loaderData</code> arguments/properties alongside existing
<code>data</code> arguments/properties to provide consistency and
clarity between <code>loaderData</code> and <code>actionData</code>
across the board (<a
href="https://redirect.github.com/remix-run/react-router/pull/14047">#14047</a>)
<ul>
<li>Updated types: <code>Route.MetaArgs</code>,
<code>Route.MetaMatch</code>, <code>MetaArgs</code>,
<code>MetaMatch</code>, <code>Route.ComponentProps.matches</code>,
<code>UIMatch</code></li>
<li><code>@deprecated</code> warnings have been added to the existing
<code>data</code> properties to point users to new
<code>loaderData</code> properties, in preparation for removing the
<code>data</code> properties in a future major release</li>
</ul>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Prevent <em>&quot;Did not find corresponding fetcher
result&quot;</em> console error when navigating during a
<code>fetcher.submit</code> revalidation (<a
href="https://redirect.github.com/remix-run/react-router/pull/14114">#14114</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eade1de2db"><code>eade1de</code></a>
chore: Update version for release (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14223">#14223</a>)</li>
<li><a
href="27eed3ae91"><code>27eed3a</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14214">#14214</a>)</li>
<li><a
href="935fb25f65"><code>935fb25</code></a>
fix(react-router/router): remove unused client side middleware future
flag (#...</li>
<li><a
href="bebb46c5b6"><code>bebb46c</code></a>
feat(react-router): server action revalidation opt out via
`$SKIP_REVALIDATIO...</li>
<li><a
href="d10c7efe73"><code>d10c7ef</code></a>
Update missed type for clientMiddleware (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14212">#14212</a>)</li>
<li><a
href="ef3016c11a"><code>ef3016c</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14211">#14211</a>)</li>
<li><a
href="4dfb883c69"><code>4dfb883</code></a>
Delay turbo-stream serialization of .data redirects (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14205">#14205</a>)</li>
<li><a
href="e9a17ed8ee"><code>e9a17ed</code></a>
feat(react-router): add <code>unstable_onError</code> prop to
<code>RouterProvider</code> for clien...</li>
<li><a
href="06519e286c"><code>06519e2</code></a>
Serialize ReadonlyMap and ReadonlySet types (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/13092">#13092</a>)</li>
<li><a
href="d7eb048aea"><code>d7eb048</code></a>
chore: format</li>
<li>Additional commits viewable in <a
href="https://github.com/remix-run/react-router/commits/react-router@7.8.2/packages/react-router">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-30 08:49:12 +00:00
Thomas Eizinger
b11adfcfe4 feat(connlib): create flow on ICMP error "prohibited" (#10462) 
In Firezone, a Client requests an "access authorization" for a Resource
on the fly when it sees the first packet for said Resource going through
the tunnel. If we don't have a connection to the Gateway yet, this is
also where we will establish a connection and create the WireGuard
tunnel.

In order for this to work, the access authorization state between the
Client and the Gateway MUST NOT get out of sync. If the Client thinks it
has access to a Resource, it will just route the traffic to the Gateway.
If the access authorization on the Gateway has expired or vanished
otherwise, the packets will be black-holed.

Starting with #9816, the Gateway sends ICMP errors back to the
application whenever it filters a packet. This can happen either because
the access authorization is gone or because the traffic wasn't allowed
by the specific filter rules on the Resource.

With this patch, the Client will attempt to create a new flow (i.e.
re-authorize) traffic for this resource whenever it sees such an ICMP
error, therefore acting as a way of synchronizing the view of the world
between Client and Gateway should they ever run out of sync.

Testing turned out to be a bit tricky. If we let the authorization on
the Gateway lapse naturally, we portal will also toggle the Resource off
and on on the Client, resulting in "flushing" the current
authorizations. Additionally, it the Client had only access to one
Resource, then the Gateway will gracefully close the connection, also
resulting in the Client creating a new flow for the next packet.

To actually trigger this new behaviour we need to:

- Access at least two resources via the same Gateway
- Directly send `reject_access` to the Gateway for this particular
resource

To achieve this, we dynamically eval some code on the API node and
instruct the Gateway channel to send `reject_access`. The connection
stays intact because there is still another active access authorization
but packets for the other resource are answered with ICMP errors.

To achieve a safe roll-out, the new behaviour is feature-flagged. In
order to still test it, we now also allow feature flags to be set via
env variables.

Resolves: #10074

---------

Co-authored-by: Mariusz Klochowicz <mariusz@klochowicz.com>
 2025-09-30 08:23:39 +00:00
dependabot[bot]
fb2194e2b3 build(deps): bump the tauri group in /rust/gui-client with 2 updates (#10439) 
Bumps the tauri group in /rust/gui-client with 2 updates:
[@tauri-apps/api](https://github.com/tauri-apps/tauri) and
[@tauri-apps/cli](https://github.com/tauri-apps/tauri).

Updates `@tauri-apps/api` from 2.7.0 to 2.8.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/api</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/api</code> v2.8.0</h2>
<!-- raw HTML omitted -->
<pre><code>No known vulnerabilities found
</code></pre>
<!-- raw HTML omitted -->
<h2>[2.8.0]</h2>
<h3>New Features</h3>
<ul>
<li><a
href="68874c68c5"><code>68874c68c</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13564">#13564</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../robertrpf"><code>@​robertrpf</code></a>)
Add window focusable attribute and set_focusable API.</li>
<li><a
href="5110a762e9"><code>5110a762e</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13830">#13830</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../Sky-walkerX"><code>@​Sky-walkerX</code></a>)
Added <code>Window::setSimpleFullscreen</code>.</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li>
<p><a
href="5ba1c3faa4"><code>5ba1c3faa</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13722">#13722</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../s00d"><code>@​s00d</code></a>)
Added icon (icon and nativeIcon) support for Submenu:</p>
<ul>
<li>In the Rust API (<code>tauri</code>), you can now set an icon for
submenus via the builder and dedicated methods.</li>
<li>In the JS/TS API (<code>@tauri-apps/api</code>),
<code>SubmenuOptions</code> now has an <code>icon</code> field, and the
<code>Submenu</code> class provides <code>setIcon</code> and
<code>setNativeIcon</code> methods.</li>
<li>Usage examples are added to the documentation and demo app.</li>
</ul>
<p>This is a backwards-compatible feature. Submenus can now display
icons just like regular menu items.</p>
</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>&gt; @tauri-apps/api@2.8.0 npm-publish
/home/runner/work/tauri/tauri/packages/api
&gt; pnpm build &amp;&amp; cd ./dist &amp;&amp; pnpm publish --access
public --loglevel silly --no-git-checks
<p>&gt; <code>@​tauri-apps/api</code><a
href="https://github.com/2"><code>@​2</code></a>.8.0 build
/home/runner/work/tauri/tauri/packages/api
&gt; rollup -c --configPlugin typescript</p>
<p>
./src/app.ts, ./src/core.ts, ./src/dpi.ts, ./src/event.ts,
./src/image.ts, ./src/index.ts, ./src/menu.ts, ./src/mocks.ts,
./src/path.ts, ./src/tray.ts, ./src/webview.ts, ./src/webviewWindow.ts,
./src/window.ts → ./dist, ./dist...
created ./dist, ./dist in 1.7s

src/index.ts →
../../crates/tauri/scripts/bundle.global.js...
created ../../crates/tauri/scripts/bundle.global.js in
1.9s
npm verbose cli /opt/hostedtoolcache/node/20.19.4/x64/bin/node
/opt/hostedtoolcache/node/20.19.4/x64/bin/npm
npm info using npm@10.8.2
npm info using node@v20.19.4
npm silly config
load:file:/opt/hostedtoolcache/node/20.19.4/x64/lib/node_modules/npm/npmrc
npm silly config load:file:/tmp/dae4d7dba587bf04d8f1d71cbc53f9eb/.npmrc
npm silly config load:file:/home/runner/work/_temp/.npmrc
&lt;/tr&gt;&lt;/table&gt;
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b4abb6cae8"><code>b4abb6c</code></a>
Apply Version Updates From Current Changes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13887">#13887</a>)</li>
<li><a
href="1a3d1a024e"><code>1a3d1a0</code></a>
fix(ios): Tauri iOS build with binary XCFramework dependencies (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13995">#13995</a>)</li>
<li><a
href="37154ebdcd"><code>37154eb</code></a>
chore(deps): update dependency rollup to v4.46.3 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14027">#14027</a>)</li>
<li><a
href="380656874e"><code>3806568</code></a>
Remove <code>AsRef\&lt;Window&gt;</code> on <code>WebviewWindow</code>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14026">#14026</a>)</li>
<li><a
href="bc4afe7dd4"><code>bc4afe7</code></a>
feat(cli): check plugin versions for incompatibilities (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13993">#13993</a>)</li>
<li><a
href="7c2eb31c83"><code>7c2eb31</code></a>
feat: add <code>PluginHandle::run_mobile_plugin_async</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13895">#13895</a>)</li>
<li><a
href="737364b8d3"><code>737364b</code></a>
fix: a few regressions from previous PRs (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14020">#14020</a>)</li>
<li><a
href="68874c68c5"><code>68874c6</code></a>
feat(core): webview window focusable property, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11130">#11130</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13564">#13564</a>)</li>
<li><a
href="dfadcb764b"><code>dfadcb7</code></a>
feat: add <code>WebView::set_cookie</code> and
<code>WebView::delete_cookie</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13661">#13661</a>)</li>
<li><a
href="22d6bcacbb"><code>22d6bca</code></a>
feat(tauri): impl <code>App::set_device_event_filter</code> for
<code>AppHandle</code> also (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14008">#14008</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/api-v2.7.0...@tauri-apps/api-v2.8.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `@tauri-apps/cli` from 2.7.1 to 2.8.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/cli</code> v2.8.3</h2>
<h2>[2.8.3]</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="0ac89d3b6c"><code>0ac89d3b6</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14078">#14078</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
Updated <code>cargo-mobile2</code> to allow running on iOS simulators
that have a higher version than the XCode SDK. This fixes compatiblity
issues with Apple's recent &quot;iOS 18.5 + iOS 18.6 Simulator&quot;
platform support component.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>tauri-cli@2.8.2</code></li>
</ul>
<h2><code>@​tauri-apps/cli</code> v2.8.2</h2>
<h2>[2.8.2]</h2>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>tauri-cli@2.8.1</code></li>
</ul>
<h2><code>@​tauri-apps/cli</code> v2.8.1</h2>
<h2>[2.8.1]</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="f0172a454a"><code>f0172a454</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/14038">#14038</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../KushalMeghani1644"><code>@​KushalMeghani1644</code></a>)
Fixes <code>removeDataStore</code> return type.</li>
</ul>
<h2><code>@​tauri-apps/cli</code> v2.8.0</h2>
<h2>[2.8.0]</h2>
<h3>New Features</h3>
<ul>
<li><a
href="91508c0b8d"><code>91508c0b8</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13881">#13881</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../pepperoni505"><code>@​pepperoni505</code></a>)
Introduces a new configuration option that allows you to specify custom
folders to watch for changes when running <code>tauri dev</code>.</li>
<li><a
href="bc4afe7dd4"><code>bc4afe7dd</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13993">#13993</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Check installed plugin NPM/crate versions for incompatible
releases.</li>
<li><a
href="0c402bfb6b"><code>0c402bfb6</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13997">#13997</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Increase default iOS deployment target iOS to 14.0.</li>
<li><a
href="d6d5f37077"><code>d6d5f3707</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13358">#13358</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Added <code>--root-certificate-path</code> option to <code>android
dev</code> and <code>ios dev</code> to be able to connect to HTTPS dev
servers.</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li><a
href="8b465a12ba"><code>8b465a12b</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13913">#13913</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
The bundler now pulls the latest AppImage linuxdeploy plugin instead of
using the built-in one. This should remove the libfuse requirement.</li>
<li><a
href="390cb9c36a"><code>390cb9c36</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13953">#13953</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
Reduced the log level of the binary patcher crate <code>goblin</code> to
only show its debug logs in <code>-vv</code> and above.</li>
<li><a
href="4475e93e13"><code>4475e93e1</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13824">#13824</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../FabianLars"><code>@​FabianLars</code></a>)
The bundler and cli will now read TLS Certificates installed on the
system when downloading tools and checking versions.</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="f0dcf9637c"><code>f0dcf9637</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13980">#13980</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../Legend-Master"><code>@​Legend-Master</code></a>)
Fix the generated plugin init code of <code>tauri add</code> for
<code>tauri-plugin-autostart</code> and
<code>tauri-plugin-single-instance</code></li>
<li><a
href="4d270a96a8"><code>4d270a96a</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13943">#13943</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../acx0"><code>@​acx0</code></a>)
Fix codesigning verification failures caused by binary-patching during
bundling</li>
<li><a
href="b21d86a8a3"><code>b21d86a8a</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13981">#13981</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../Legend-Master"><code>@​Legend-Master</code></a>)
Fix <code>tauri permission add</code> could add duplicated permissions
to the capability files</li>
<li><a
href="9c938be452"><code>9c938be45</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/13912">#13912</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../takecchi"><code>@​takecchi</code></a>)
Properly migrate svelte to v5 in the plugin example template</li>
</ul>
<h3>Dependencies</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e81635aa3d"><code>e81635a</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14079">#14079</a>)</li>
<li><a
href="0ac89d3b6c"><code>0ac89d3</code></a>
chore(deps): Update cargo-mobile2 for ios 18.6 sim support (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14078">#14078</a>)</li>
<li><a
href="4791d09a0a"><code>4791d09</code></a>
chore(deps): update dependency rollup to v4.48.1 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14077">#14077</a>)</li>
<li><a
href="bc829ee24d"><code>bc829ee</code></a>
chore(deps): update dependency rollup to v4.48.0 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14053">#14053</a>)</li>
<li><a
href="11800a0071"><code>11800a0</code></a>
chore(deps): update rust crate jsonschema to 0.33 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14074">#14074</a>)</li>
<li><a
href="662b39adb3"><code>662b39a</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14070">#14070</a>)</li>
<li><a
href="2aaa801c35"><code>2aaa801</code></a>
Improve documentation of <code>app &gt; windows</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14058">#14058</a>)</li>
<li><a
href="5349984064"><code>5349984</code></a>
fix: set webview2 path before initializing runtime (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14054">#14054</a>)</li>
<li><a
href="5f535b4150"><code>5f535b4</code></a>
fix(bench): lint warnings</li>
<li><a
href="f3df96fb38"><code>f3df96f</code></a>
fix(windows): binary patching 32 bit updater type (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14065">#14065</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v2.7.1...@tauri-apps/cli-v2.8.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 20:53:32 +00:00
dependabot[bot]
001a0b83c7 build(deps): bump the tailwind group in /rust/gui-client with 3 updates (#10445) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps the tailwind group in /rust/gui-client with 3 updates:
[@tailwindcss/cli](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli),
[@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite)
and
[tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss).

Updates `@tailwindcss/cli` from 4.1.11 to 4.1.12
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases"><code>@​tailwindcss/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v4.1.12</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md"><code>@​tailwindcss/cli</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.12] - 2025-08-13</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6791e8133c"><code>6791e81</code></a>
Prepare v4.1.12 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli/issues/18728">#18728</a>)</li>
<li><a
href="42d2433ab8"><code>42d2433</code></a>
Update enhanced-resolve 5.18.2 → 5.18.3 (patch) (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli/issues/18726">#18726</a>)</li>
<li><a
href="9169d73aad"><code>9169d73</code></a>
update READMEs</li>
<li><a
href="f307c31d45"><code>f307c31</code></a>
Update enhanced-resolve 5.18.1 → 5.18.2 (patch) (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli/issues/18423">#18423</a>)</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.12/packages/@tailwindcss-cli">compare
view</a></li>
</ul>
</details>
<br />

Updates `@tailwindcss/vite` from 4.1.11 to 4.1.12
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases"><code>@​tailwindcss/vite</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v4.1.12</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md"><code>@​tailwindcss/vite</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.12] - 2025-08-13</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6791e8133c"><code>6791e81</code></a>
Prepare v4.1.12 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/18728">#18728</a>)</li>
<li><a
href="9169d73aad"><code>9169d73</code></a>
update READMEs</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.12/packages/@tailwindcss-vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `tailwindcss` from 4.1.11 to 4.1.12
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.12</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md">tailwindcss's
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.12] - 2025-08-13</h2>
<h3>Fixed</h3>
<ul>
<li>Don't consider the global important state in <code>@apply</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18404">#18404</a>)</li>
<li>Add missing suggestions for <code>flex-&lt;number&gt;</code>
utilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18642">#18642</a>)</li>
<li>Fix trailing <code>)</code> from interfering with extraction in
Clojure keywords (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Detect classes inside Elixir charlist, word list, and string sigils
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18432">#18432</a>)</li>
<li>Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18345">#18345</a>)</li>
<li>Allow boolean values of <code>process.env.DEBUG</code> in
<code>@tailwindcss/node</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18485">#18485</a>)</li>
<li>Ignore consecutive semicolons in the CSS parser (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18532">#18532</a>)</li>
<li>Center the dropdown icon added to an input with a paired datalist by
default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18511">#18511</a>)</li>
<li>Extract candidates in Slang templates (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18565">#18565</a>)</li>
<li>Improve error messages when encountering invalid functional utility
names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18568">#18568</a>)</li>
<li>Discard CSS AST objects with <code>false</code> or
<code>undefined</code> properties (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18571">#18571</a>)</li>
<li>Allow users to disable URL rebasing in
<code>@tailwindcss/postcss</code> via <code>transformAssetUrls:
false</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18321">#18321</a>)</li>
<li>Fix false-positive migrations in <code>addEventListener</code> and
JavaScript variable names (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18718">#18718</a>)</li>
<li>Fix Standalone CLI showing default Bun help when run via symlink on
Windows (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18723">#18723</a>)</li>
<li>Read from <code>--border-color-*</code> theme keys in
<code>divide-*</code> utilities for backwards compatibility (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18704/">#18704</a>)</li>
<li>Don't scan <code>.hdr</code> and <code>.exr</code> files for classes
by default (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18734">#18734</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6791e8133c"><code>6791e81</code></a>
Prepare v4.1.12 release (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18728">#18728</a>)</li>
<li><a
href="1855d68cd7"><code>1855d68</code></a>
Add --border-color to divide theme keys (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18704">#18704</a>)</li>
<li><a
href="8e8a2d6efc"><code>8e8a2d6</code></a>
update <code>@ampproject/remapping</code> to
<code>@jridgewell/remapping</code> (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18716">#18716</a>)</li>
<li><a
href="68a79b159c"><code>68a79b1</code></a>
Suggest bare values for <code>flex-*</code> utilities (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18642">#18642</a>)</li>
<li><a
href="fa3f45f02c"><code>fa3f45f</code></a>
Don’t output CSS objects with <code>false</code> or
<code>undefined</code> in the AST (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18571">#18571</a>)</li>
<li><a
href="939fda6f4e"><code>939fda6</code></a>
Show more specific error for functional-like but invalid utility names
(<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18568">#18568</a>)</li>
<li><a
href="88b9f15b65"><code>88b9f15</code></a>
Center the dropdown icon added to an input with a paired datalist in
Chrome (...</li>
<li><a
href="798a7bf905"><code>798a7bf</code></a>
Ignore consecutive semicolons in the CSS parser (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18532">#18532</a>)</li>
<li><a
href="2941a7b5c2"><code>2941a7b</code></a>
Track source locations through <code>@plugin</code> and
<code>@config</code> (<a
href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss/issues/18329">#18329</a>)</li>
<li><a
href="9169d73aad"><code>9169d73</code></a>
update READMEs</li>
<li>Additional commits viewable in <a
href="https://github.com/tailwindlabs/tailwindcss/commits/v4.1.12/packages/tailwindcss">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 09:39:21 +00:00
Thomas Eizinger
685acdac3a feat: add more specific component type to user-agent header (#10457) 
In order to allow the portal to more easily classify, what kind of
component is connecting, we extend the `get_user_agent` header to
include a component type instead of the generic `connlib/`.

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
 2025-09-26 00:18:36 +00:00
Thomas Eizinger
9865e03343 ci: fix double symmetric NAT test failure (#10410) 
As it turns out, the flaky test was caused by a bug in the eBPF kernel where we read the old channel data header from the wrong offset. This made us essentially read garbage data for the channel number, causing us to:

a. Compute a bad checksum
b. Send the packet on a completely wrong channel

The reason this caused a flaky test is that it requires on side to pick IPv4 to talk to the relay and the other side IPv6. The happy-eyeballs approach of the `allocation` module made that non-deterministic, only exposing this bug occasionally.

To ensure these kind of things are detected earlier in the future, I am adding an additional CI step that checks all packets emitted by the eBPF kernel for checksum errors.

Fixes: #10404

Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
 2025-09-25 17:53:17 +10:00
Thomas Eizinger
94a56fc6bc build(deps): update aya to latest main (#10424) 
We haven't updated `aya` in a while. Unfortunately, the update is not without problems. For one, the logging infrastructure changed, requiring us to drop the error details from `xdp_adjust_head`. See https://github.com/aya-rs/aya/issues/1348. Two, the `tokio` feature flag got removed but luckily that can be worked around quite easily.

Resolves: #10344
 2025-09-23 17:45:59 +10:00
Thomas Eizinger
aa68029a33 feat(gateway): use hickory resolver to resolve A/AAAA queries (#10373) 
At present, the Gateway performs DNS resolution for A & AAAA queries via
`libc`. The `resolve` system call only provides us with the resolved IPs
but not any of the metadata around the query such as TTL. As a result,
we can only cache DNS queries for a static amount of time, currently
30s. It would be more correct to cache them for their TTL instead.

To do so, we re-introduce `hickory-resolver` to our codebase.
Deliberately, we only use it for resolving A and AAAA records on the
Gateway for now. DNS resolution for SRV & TXT records happens one layer
below and uses the same infrastructure as DNS resolution on the Client.

Merging this is difficult however because the Gateway still supports the
control protocol of 1.3.x clients. That one requires DNS resolution
prior to setting up the connection of DNS resources which means it needs
to happen in the event-loop of the Gateway binary and cannot be moved
into the `Tunnel` where DNS resolution for Client and SRV/TXT records
happen.

Once we can drop support for 1.3.x clients, this Gateway's event-loop
will simplify drastically which will allow us to refactor this to a more
unified approach of DNS resolution. Until then, we can at least fix the
hardcoded TTL by using `hickory-resolver` in the event-loop.

The functionality is guarded behind a feature-flag which - as usual - is
off by default (i.e. for as long as we haven't fetched the flags). The
feature flag is already configured to `true` for staging and production
so we can test the new behaviour.

Resolves: #8232
Related: #10385
 2025-09-23 06:00:16 +00:00
Thomas Eizinger
683a190855 chore: install xdpdump in relay container (#10423) 
Instead of the additional dockerfile, we can simply install the xdptools
from the repository and have them available right in the relay
container.
 2025-09-23 04:03:27 +00:00
Thomas Eizinger
0310bafbcd feat(clients): gracefully close connections on shutdown (#10400) 
In #10076, connlib gained the ability to gracefully close connections
between peers. The Gateway already uses this when it is being gracefully
shutdown such as during an upgrade. This allows Clients to immediately
fail-over to a different Gateway instead of waiting for an ICE timeout.

When a Client signs out, we currently just drop all the state, resulting
in an ICE timeout on the Gateway ~15 seconds later. This makes it
difficult for us to analyze, whether an ICE timeout in the logs presents
an actual problem where a network connection got cut or whether the
Client simply signed out.

Whilst not water-tight, attempting to gracefully close our connections
when the Client signs out is better than nothing so we implement this
here.

All Clients use the `Session` abstraction from `client-shared` which
spawns the event-loop into a dedicated task.

- For the Linux and Windows GUI client, the already present tokio
runtime instance of the tunnel service is used for this.
- For Android and Apple, we create a dedicated, single-threaded runtime
instance for connlib.
- For the headless client, we also reuse the already existing tokio
runtime instance of the binary.

In case of Android, Apple and the headless client, this means we need to
ensure the tokio runtime instances stays alive long enough to actually
complete the graceful shutdown task. We achieve this by draining the
`EventStream` returned from `Session`. The `EventStream` is a wrapper
around a channel connected to the event-loop. This stream only finishes
once the event-loop is entirely dropped (and therefore completed the
graceful shutdown) as it holds the sender-end of the channel.

In case of the Linux and Windows GUI client, the runtime outlives the
`Session` because it is scoped to the entire tunnel process. Therefore,
no additional measures are necessary there to ensure the graceful
shutdown task completes.
 2025-09-23 03:40:52 +00:00
Thomas Eizinger
8e00870942 refactor(gateway): close connections on error (#10401) 
Previously, the Gateway would only proactively close connections to its
peers when it was shutdown gracefully via a SIGTERM or SIGINT signal. By
copying the same design for the event-loop as I've implemented in
#10400, we can now also initiate the graceful shutdown in case the
event-loop exits with an error.
 2025-09-20 20:55:48 +00:00
Thomas Eizinger
7c326e003e fix(connlib): fuse event-loop future inside client session (#10399) 
A `Future` in Rust should not be polled once it has been completed as
that may lead to panics or otherwise undesirable behaviour. To avoid
this, a `Future` can be `fuse`d which will make it return
`Poll::Pending` indefinitely after it has returned `Ready`.

We have received several Sentry alerts of poll-after-completion panics
that I believe are all stemming from this particular code.
 2025-09-20 12:35:32 +00:00
Thomas Eizinger
88e801ad97 fix(gateway): re-join topic in phoenix-channel on error (#10397) 
For whatever reason, we seem to sometimes lose the association with the
"room" we are meant to be in in order to send messages to the portal.
Without joining the right room, messages get dropped silently.

To fix this, we re-join the room on such errors. Long-term, this will be
fixed by ditching phoenix-channel in favor of simple HTTP requests.

Related: #9649
 2025-09-20 05:14:12 +00:00
Thomas Eizinger
e20929ad73 build(deps): bump Rust version to 1.90 (#10380) 
One of the more quiet Rust releases with no new clippy lints that would
require code updates.
 2025-09-20 04:28:03 +00:00
Thomas Eizinger
9c8101a3ee chore: render contextual information more Sentry-friendly (#10386) 
Sentry can group issues together that have unique identifiers in their
message. Unfortunately, it does that only well for integers and UUIDs
and not so much for hex-values. To avoid alert fatigue, we render the
public key as a u256 which hopefully allows Sentry to group these
together.
 2025-09-20 12:08:03 +10:00
Thomas Eizinger
90d10a8634 refactor(connlib): improve fairness of event-loop (#10347) 
The event-loop inside `Tunnel` processes input according to a certain
priority. We only take input from lower priority sources when the higher
priority sources are not ready. The current priorities are:

- Flush all buffers
- Read from UDP sockets
- Read from TUN device
- Read from DNS servers
- Process recursive DNS queries
- Check timeout

The idea of this priority ordering is to keep all kinds of processing
bounded and "finish" any kind of work that is on-going before taking on
new work. Anything that sits in a buffer is basically done with
processing and just needs to be written out to the network / device.
Arriving UDP packets have already traversed the network and been
encrypted on the other end, meaning they are higher priority than
reading from the TUN device. Packets from the TUN device still need to
be encrypted and sent to the remote.

Whilst there is merit in this design, it also bears the potential of
starving input sources further down if the top ones are extremely busy.
To prevent this, we refactor `Io` to read from all input sources and
present it to the event-loop as a batch, allowing all sources to make
progress before looping around. Since this event-loop has first been
conceived, we have refactored `Io` to use background threads for the UDP
sockets and TUN device, meaning they will make progress by themselves
anyway until the channels to the main-thread fill up. As such, there
shouldn't be any latency increase in processing packets even though we
are performing slightly more work per event-loop tick.

This kind of batch-processing highlights a problem: Bailing out with an
error midway through processing a batch leaves the remainder of the
batch unprocessed, essentially dropping packets. To fix this, we
introduce a new `TunnelError` type that presents a collection of errors
that we encountered while processing the batch. This might actually also
be a problem with what is currently in `main` because we are already
batch-processing packets there but possibly are bailing out midway
through the batch.

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Mariusz Klochowicz <mariusz@klochowicz.com>
 2025-09-17 23:28:36 +00:00
Thomas Eizinger
3e6094af8d feat(linux): try to set rmem_max and wmem_max on startup (#10349) 
The default send and receive buffer sizes on Linux are too small (only
~200 KB). Checking `nstat` after an iperf run revealed that the number
of dropped packets in the first interval directly correlates with the
number of receive buffer errors reported by `nstat`.

We already try to increase the send and receive buffer sizes for our UDP
socket but unfortunately, we cannot increase them beyond what the system
limits them to. To workaround this, we try to set `rmem_max` and
`wmem_max` during startup of the Linux headless client and Gateway. This
behaviour can be disabled by setting `FIREZONE_NO_INC_BUF=true`.

This doesn't work in Docker unfortunately, so we set the values manually
in the CI perf tests and verify after the test that we didn't encounter
any send and receive buffer errors.

It is yet to be determined how we should deal with this problem for all
the GUI clients. See #10350 as an issue tracking that.

Unfortunately, this doesn't fix all packet drops during the first iperf
interval. With this PR, we now see packet drops on the interface itself.
 2025-09-17 23:05:01 +00:00
Thomas Eizinger
7222167b13 fix(connlib): limit the number of optimistic candidates (#10367) 
To facilitate direct connections, `connlib` generates "optimistic"
candidates that combine the port of the host candidate with the IP of
the server-reflexive candidate. This allows sysadmins to port-forward
the Firezone port 52625 on the Gateway, allowing for direct connections
to happen behind symmetric NAT.

This feature is only really useful for IPv4 as IPv6 doesn't need
symmetric NAT due to the larger address space. It is also quite common
that users have multiple IPv6 addresses on a single interface. The
combination of the two can result in CPU spikes on the Gateway if a
client connects and sends over e.g. 10 IPv6 host candidates and various
IPv6 server-reflexive candidates. The Gateway then ends up in a loop
where it creates an NxM matrix of all these candidates.

To mitigate this, we disable optimistic candidates for IPv6 altogether
and limit the number of IPv4 optimistic candidates to 2.
 2025-09-17 19:52:29 +00:00
Thomas Eizinger
69afe71215 refactor(connlib): remove concept of "ReplyMessages" (#10361) 
In earlier versions of Firezone, the WebSocket protocol with the portal
was using the request-response semantics built into Phoenix. This
however is quite cumbersome to work with to due to the polymorphic
nature of the protocol design.

We ended up moving away from it and instead only use one-way messages
where each event directly corresponds to a message type. However, we
have never removed the capability reply messages from the
`phoenix-channel` module, instead all usages just set it to `()`.

We can simplify the code here by always setting this to `()`.

Resolves: #7091
 2025-09-17 04:10:56 +00:00
Mariusz Klochowicz
b1ed2f8a5e chore: improve macos dev experience (#10363) 
Quality of life improvements for macOS devs, mostly relevant when not
using Xcode as daily driver - although some convenience functions &
explicit sentry dependency should make it better there too.
 2025-09-17 02:17:36 +00:00
dependabot[bot]
cc6b748942 build(deps): bump tempfile from 3.21.0 to 3.22.0 in /rust (#10354) 
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.21.0 to
3.22.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's
changelog</a>.</em></p>
<blockquote>
<h2>3.22.0</h2>
<ul>
<li>Updated <code>windows-sys</code> requirement to allow version
0.61.x</li>
<li>Remove <code>unstable-windows-keep-open-tempfile</code>
feature.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f720dbe098"><code>f720dbe</code></a>
chore: release 3.22.0</li>
<li><a
href="55d742cb5d"><code>55d742c</code></a>
chore: remove deprecated unstable feature flag</li>
<li><a
href="bc41a0b586"><code>bc41a0b</code></a>
build(deps): update windows-sys requirement from &gt;=0.52, &lt;0.61 to
&gt;=0.52, &lt;0....</li>
<li><a
href="3c55387ede"><code>3c55387</code></a>
test: make sure we don't drop tempdirs early (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/373">#373</a>)</li>
<li><a
href="17bf644406"><code>17bf644</code></a>
doc(builder): clarify permissions (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/372">#372</a>)</li>
<li><a
href="c7423f1761"><code>c7423f1</code></a>
doc(env): document the alternative to setting the tempdir (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/371">#371</a>)</li>
<li><a
href="5af60ca9e3"><code>5af60ca</code></a>
test(wasi): run a few tests that shouldn't have been disabled (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/370">#370</a>)</li>
<li><a
href="6c0c56198a"><code>6c0c561</code></a>
fix(doc): temp_dir doesn't check if writable</li>
<li>See full diff in <a
href="https://github.com/Stebalien/tempfile/compare/v3.21.0...v3.22.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tempfile&package-manager=cargo&previous-version=3.21.0&new-version=3.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 11:49:42 +00:00
dependabot[bot]
50831db410 build(deps): bump serde_json from 1.0.143 to 1.0.145 in /rust (#10358) 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.143 to
1.0.145.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/json/releases">serde_json's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.145</h2>
<ul>
<li>Raise serde version requirement to &gt;=1.0.220</li>
</ul>
<h2>v1.0.144</h2>
<ul>
<li>Switch serde dependency to serde_core (<a
href="https://redirect.github.com/serde-rs/json/issues/1285">#1285</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="efa66e3a1d"><code>efa66e3</code></a>
Release 1.0.145</li>
<li><a
href="23679e2b9d"><code>23679e2</code></a>
Add serde version constraint</li>
<li><a
href="fc27bafbf7"><code>fc27baf</code></a>
Release 1.0.144</li>
<li><a
href="caef3c6ea6"><code>caef3c6</code></a>
Ignore uninlined_format_args pedantic clippy lint</li>
<li><a
href="81ba3aaaff"><code>81ba3aa</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1285">#1285</a>
from dtolnay/serdecore</li>
<li><a
href="d21e8ce7a7"><code>d21e8ce</code></a>
Switch serde dependency to serde_core</li>
<li><a
href="6beb6cd596"><code>6beb6cd</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1286">#1286</a>
from dtolnay/up</li>
<li><a
href="1dbc803749"><code>1dbc803</code></a>
Raise required compiler to Rust 1.61</li>
<li><a
href="0bf5d87003"><code>0bf5d87</code></a>
Enforce trybuild &gt;= 1.0.108</li>
<li><a
href="d12e943590"><code>d12e943</code></a>
Update actions/checkout@v4 -&gt; v5</li>
<li>See full diff in <a
href="https://github.com/serde-rs/json/compare/v1.0.143...v1.0.145">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde_json&package-manager=cargo&previous-version=1.0.143&new-version=1.0.145)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 11:39:55 +00:00
dependabot[bot]
5fdc467924 build(deps): bump semver from 1.0.26 to 1.0.27 in /rust (#10357) 
Bumps [semver](https://github.com/dtolnay/semver) from 1.0.26 to 1.0.27.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/semver/releases">semver's
releases</a>.</em></p>
<blockquote>
<h2>1.0.27</h2>
<ul>
<li>Switch serde dependency to serde_core (<a
href="https://redirect.github.com/dtolnay/semver/issues/333">#333</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6ed8561154"><code>6ed8561</code></a>
Release 1.0.27</li>
<li><a
href="6967bba0e2"><code>6967bba</code></a>
Add serde version constraint</li>
<li><a
href="84d30574ff"><code>84d3057</code></a>
Exclude build.rs from crates.io package</li>
<li><a
href="b09aac935d"><code>b09aac9</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/semver/issues/343">#343</a>
from dtolnay/up</li>
<li><a
href="49b8570e34"><code>49b8570</code></a>
Delete backport module</li>
<li><a
href="9b04afee2f"><code>9b04afe</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/semver/issues/342">#342</a>
from dtolnay/up</li>
<li><a
href="83a8e91dba"><code>83a8e91</code></a>
Delete no_nonzero_bitscan configuration</li>
<li><a
href="e606a17855"><code>e606a17</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/semver/issues/341">#341</a>
from dtolnay/up</li>
<li><a
href="ebe7cf1897"><code>ebe7cf1</code></a>
Delete no_unsafe_op_in_unsafe_fn_lint configuration</li>
<li><a
href="a381bff044"><code>a381bff</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/semver/issues/340">#340</a>
from dtolnay/up</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/semver/compare/1.0.26...1.0.27">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=semver&package-manager=cargo&previous-version=1.0.26&new-version=1.0.27)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 11:39:12 +00:00
dependabot[bot]
4a83383b61 build(deps): bump humantime from 2.2.0 to 2.3.0 in /rust (#10355) 
Bumps [humantime](https://github.com/chronotope/humantime) from 2.2.0 to
2.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chronotope/humantime/releases">humantime's
releases</a>.</em></p>
<blockquote>
<h2>2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add 'wk', 'wks' for weeks and 'yr', 'yrs' for years by <a
href="https://github.com/ryo1kato"><code>@​ryo1kato</code></a> in <a
href="https://redirect.github.com/chronotope/humantime/pull/50">chronotope/humantime#50</a></li>
<li>Allow parsing zero durations with no units by <a
href="https://github.com/RobertGauld"><code>@​RobertGauld</code></a> in
<a
href="https://redirect.github.com/chronotope/humantime/pull/43">chronotope/humantime#43</a></li>
<li>Use µs not us by <a
href="https://github.com/RobertGauld"><code>@​RobertGauld</code></a> in
<a
href="https://redirect.github.com/chronotope/humantime/pull/45">chronotope/humantime#45</a></li>
<li>feat: parse_duration(&quot;0&quot;) by <a
href="https://github.com/aatifsyed"><code>@​aatifsyed</code></a> in <a
href="https://redirect.github.com/chronotope/humantime/pull/55">chronotope/humantime#55</a></li>
<li>Support fractional durations (with precision safeguards, without any
new dependency) by <a
href="https://github.com/TheElectronWill"><code>@​TheElectronWill</code></a>
in <a
href="https://redirect.github.com/chronotope/humantime/pull/56">chronotope/humantime#56</a></li>
<li>feat: Accept &quot;+00:00&quot; as an alternative way to specify the
UTC timezone by <a
href="https://github.com/TheElectronWill"><code>@​TheElectronWill</code></a>
in <a
href="https://redirect.github.com/chronotope/humantime/pull/59">chronotope/humantime#59</a></li>
<li>Fractional tweaks by <a
href="https://github.com/djc"><code>@​djc</code></a> in <a
href="https://redirect.github.com/chronotope/humantime/pull/60">chronotope/humantime#60</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7994b71298"><code>7994b71</code></a>
ci: disable for non-main pushes</li>
<li><a
href="1b590684c7"><code>1b59068</code></a>
Bump version to 2.3.0</li>
<li><a
href="cacdb9378f"><code>cacdb93</code></a>
ci: add audit job</li>
<li><a
href="5cc8dc59ba"><code>5cc8dc5</code></a>
ci: add job to check semver compatibility</li>
<li><a
href="0d5fe2d655"><code>0d5fe2d</code></a>
Bump version to 2.2.1</li>
<li><a
href="fc0e7ea366"><code>fc0e7ea</code></a>
duration: move current value out of Parser</li>
<li><a
href="1febd5251a"><code>1febd52</code></a>
duration: track current value as Duration</li>
<li><a
href="0adba1266e"><code>0adba12</code></a>
duration: track current nanoseconds as u32</li>
<li><a
href="786218f340"><code>786218f</code></a>
Extract unit parsing</li>
<li><a
href="9ff48bf9d0"><code>9ff48bf</code></a>
Re-order duration parser methods in top-down order</li>
<li>Additional commits viewable in <a
href="https://github.com/chronotope/humantime/compare/v2.2.0...v2.3.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=humantime&package-manager=cargo&previous-version=2.2.0&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 11:38:14 +00:00
dependabot[bot]
1045a7b255 build(deps): bump resolv-conf from 0.7.4 to 0.7.5 in /rust (#10356) 
Bumps [resolv-conf](https://github.com/hickory-dns/resolv-conf) from
0.7.4 to 0.7.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hickory-dns/resolv-conf/releases">resolv-conf's
releases</a>.</em></p>
<blockquote>
<h2>0.7.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Add support for no-aaaa option by <a
href="https://github.com/djc"><code>@​djc</code></a> in <a
href="https://redirect.github.com/hickory-dns/resolv-conf/pull/53">hickory-dns/resolv-conf#53</a></li>
<li>Change to allow for easy linking with jemalloc for downstream crates
by <a href="https://github.com/savyajha"><code>@​savyajha</code></a> in
<a
href="https://redirect.github.com/hickory-dns/resolv-conf/pull/55">hickory-dns/resolv-conf#55</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3573bed392"><code>3573bed</code></a>
Bump version to 0.7.5</li>
<li><a
href="c43f155386"><code>c43f155</code></a>
Change to allow for easy linking with jemalloc for downstream
crates</li>
<li><a
href="393a0e89c0"><code>393a0e8</code></a>
Add support for no-aaaa option</li>
<li><a
href="d9275ff9fa"><code>d9275ff</code></a>
Make Display implementation exhaustive</li>
<li><a
href="0e0807df4b"><code>0e0807d</code></a>
Move Config into crate root</li>
<li><a
href="a1bf309e9a"><code>a1bf309</code></a>
Combine v4/v6 network parsers into a single function</li>
<li><a
href="39b4846103"><code>39b4846</code></a>
Enable warnings for clippy::use_self</li>
<li><a
href="d381a76ffa"><code>d381a76</code></a>
Enable warnings for unreachable_pub</li>
<li><a
href="4de9829a54"><code>4de9829</code></a>
Move default Config value to Default impl</li>
<li><a
href="eb7fbfced5"><code>eb7fbfc</code></a>
Move simple items down</li>
<li>Additional commits viewable in <a
href="https://github.com/hickory-dns/resolv-conf/compare/v0.7.4...v0.7.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=resolv-conf&package-manager=cargo&previous-version=0.7.4&new-version=0.7.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 11:34:10 +00:00
Thomas Eizinger
a66a18782e chore(connlib): add context to IP packet parse errors (#10337) 
We are seeing some very strange IP packet parse errors coming from MacOS
devices. To better understand these, we extend the error messages with
the src and dst IP as well as the L4 header.

Related: #10335
 2025-09-12 14:11:12 +00:00
Jamil
1f130ad562 fix(relay): XDP_PASS DNS replies (#10330) 
DNS replies are UDP packets often arriving to our ephemeral range. As
such, these get dropped because we attempt to look up a channel map for
them and fail to find anything.

To fix this, we assume all UDP packets arriving with a source port of 53
are DNS packets, and pass them up the stack.

There are likely other types of UDP traffic this could be problematic
for (QUIC comes to mind), but this fixes the immediate issue at hand for
now, as detecting STUN probes is somewhat complex.

Fixes #10329
 2025-09-11 21:52:53 +00:00
Thomas Eizinger
0b89959354 fix(relay): handle relay-relay candidate pairs in eBPF (#10286) 
Currently, the eBPF module can translate from channel data messages to
UDP packets and vice versa. It can even do that across IP stacks, i.e.
translate from an IPv6 UDP packet to an IPv4 channel data messages.

What it cannot do is handle packets to itself. This can happen if both -
Client and Gateway - pick the same relay to make an allocation. When
exchanging candidates, ICE will then form pairs between both relay
candidates, essentially requiring the relay to loop packets back to
itself.

In eBPF, we cannot do that. When sending a packet back out with
`XDP_TX`, it will actually go out on the wire without an additional
check whether they are for our own IP.

Properly handling this in eBPF (by comparing the destination IP to our
public IP) adds more cases we need to handle. The current module
structure where everything is one file makes this quite hard to
understand, which is why I opted to create four sub-modules:

- `from_ipv4_channel`
- `from_ipv4_udp`
- `from_ipv6_channel`
- `from_ipv6_udp`

For traffic arriving via a data-channel, it is possible that we also
need to send it back out via a data-channel if the peer address we are
sending to is the relay itself. Therefore, the `from_ipX_channel`
modules have four sub-modules:

- `to_ipv4_channel`
- `to_ipv4_udp`
- `to_ipv6_channel`
- `to_ipv6_udp`

For the traffic arriving on an allocation port (`from_ipX_udp`), we
always map to a data-channel and therefore can never get into a routing
loop, resulting in only two modules:

- `to_ipv4_channel`
- `to_ipv6_channel`

The actual implementation of the new code paths is rather simple and
mostly copied from the existing ones. For half of them, we don't need to
make any adjustments to the buffer size (i.e. IPv4 channel to IPv4
channel). For the other half, we need to adjust for the difference in
the IP header size.

To test these changes, we add a new integration test that makes use of
the new docker-compose setup added in #10301 and configures masquerading
for both Client and Gateway. To make this more useful, we also remove
the `direct-` prefix from all tests as the test script itself no longer
makes any decisions as to whether it is operating over a direct or
relayed connection.

Resolves: #7518
 2025-09-11 07:19:23 +00:00
Firezone Bot
d8079c869f chore: publish apple-client 1.5.8 (#10323) 2025-09-10 17:06:40 +00:00
Thomas Eizinger
f96cc3d583 feat(relay): remove graceful shutdown (#10322) 
Initially, we added the graceful shutdown functionality to the relay to
better deal with deploys and achieve as minimal downtime as possible.
With the split of app and infrastructure that we now have, this
functionality is no longer necessary as portal deploys don't touch the
relay infra at all.

Thus, we can remove this functionality which will actually speed-up
deploys of the relays as systemd no longer has to time-out after sending
the SIGTERM to the binary.
 2025-09-10 07:00:20 +00:00
Firezone Bot
af7f4c9992 chore: publish headless-client 1.5.3 (#10320) 2025-09-10 05:25:24 +00:00
Firezone Bot
cacef44b4b chore: publish gateway 1.4.16 (#10321) 2025-09-10 04:50:43 +00:00
Firezone Bot
ff8781b7b6 chore: publish gui-client 1.5.7 (#10319) 2025-09-10 04:22:09 +00:00
dependabot[bot]
0f17b5d4a3 build(deps): bump chrono from 0.4.41 to 0.4.42 in /rust (#10308) 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.41 to
0.4.42.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chronotope/chrono/releases">chrono's
releases</a>.</em></p>
<blockquote>
<h2>0.4.42</h2>
<h2>What's Changed</h2>
<ul>
<li>Add fuzzer for DateTime::parse_from_str by <a
href="https://github.com/tyler92"><code>@​tyler92</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1700">chronotope/chrono#1700</a></li>
<li>Fix wrong amount of micro/milliseconds by <a
href="https://github.com/nmlt"><code>@​nmlt</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1703">chronotope/chrono#1703</a></li>
<li>Add warning about MappedLocalTime and wasm by <a
href="https://github.com/lutzky"><code>@​lutzky</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1702">chronotope/chrono#1702</a></li>
<li>Fix incorrect parsing of fixed-length second fractions by <a
href="https://github.com/chris-leach"><code>@​chris-leach</code></a> in
<a
href="https://redirect.github.com/chronotope/chrono/pull/1705">chronotope/chrono#1705</a></li>
<li>Fix cfgs for <code>wasm32-linux</code> support by <a
href="https://github.com/arjunr2"><code>@​arjunr2</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1707">chronotope/chrono#1707</a></li>
<li>Fix OpenHarmony's <code>tzdata</code> parsing by <a
href="https://github.com/ldm0"><code>@​ldm0</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1679">chronotope/chrono#1679</a></li>
<li>Convert NaiveDate to/from days since unix epoch by <a
href="https://github.com/findepi"><code>@​findepi</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1715">chronotope/chrono#1715</a></li>
<li>Add <code>?Sized</code> bound to related methods of
<code>DelayedFormat::write_to</code> by <a
href="https://github.com/Huliiiiii"><code>@​Huliiiiii</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1721">chronotope/chrono#1721</a></li>
<li>Add <code>from_timestamp_secs</code> method to <code>DateTime</code>
by <a href="https://github.com/jasonaowen"><code>@​jasonaowen</code></a>
in <a
href="https://redirect.github.com/chronotope/chrono/pull/1719">chronotope/chrono#1719</a></li>
<li>Migrate to core::error::Error by <a
href="https://github.com/benbrittain"><code>@​benbrittain</code></a> in
<a
href="https://redirect.github.com/chronotope/chrono/pull/1704">chronotope/chrono#1704</a></li>
<li>Upgrade to windows-bindgen 0.63 by <a
href="https://github.com/djc"><code>@​djc</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1730">chronotope/chrono#1730</a></li>
<li>strftime: simplify error handling by <a
href="https://github.com/djc"><code>@​djc</code></a> in <a
href="https://redirect.github.com/chronotope/chrono/pull/1731">chronotope/chrono#1731</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f3fd15f976"><code>f3fd15f</code></a>
Bump version to 0.4.42</li>
<li><a
href="5cf5603500"><code>5cf5603</code></a>
strftime: add regression test case</li>
<li><a
href="a6231701ee"><code>a623170</code></a>
strftime: simplify error handling</li>
<li><a
href="36fbfb1221"><code>36fbfb1</code></a>
strftime: move specifier handling out of match to reduce rightward
drift</li>
<li><a
href="7f413c363b"><code>7f413c3</code></a>
strftime: yield None early</li>
<li><a
href="9d5dfe1640"><code>9d5dfe1</code></a>
strftime: outline constants</li>
<li><a
href="e5f6be7db4"><code>e5f6be7</code></a>
strftime: move error() method below caller</li>
<li><a
href="d516c2764d"><code>d516c27</code></a>
strftime: merge impl blocks</li>
<li><a
href="0ee2172fb9"><code>0ee2172</code></a>
strftime: re-order items to keep impls together</li>
<li><a
href="757a8b0226"><code>757a8b0</code></a>
Upgrade to windows-bindgen 0.63</li>
<li>Additional commits viewable in <a
href="https://github.com/chronotope/chrono/compare/v0.4.41...v0.4.42">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chrono&package-manager=cargo&previous-version=0.4.41&new-version=0.4.42)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
 2025-09-10 03:49:51 +00:00
dependabot[bot]
5f73627eb7 build(deps): bump uuid from 1.18.0 to 1.18.1 in /rust (#10305) 
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.18.0 to 1.18.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/uuid-rs/uuid/releases">uuid's
releases</a>.</em></p>
<blockquote>
<h2>v1.18.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Unsafe cleanup by <a
href="https://github.com/KodrAus"><code>@​KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/841">uuid-rs/uuid#841</a></li>
<li>Prepare for 1.18.1 release by <a
href="https://github.com/KodrAus"><code>@​KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/842">uuid-rs/uuid#842</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1">https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="50d8e797ed"><code>50d8e79</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/842">#842</a> from
uuid-rs/cargo/v1.18.1</li>
<li><a
href="79485925e9"><code>7948592</code></a>
prepare for 1.18.1 release</li>
<li><a
href="6d847c79d0"><code>6d847c7</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/841">#841</a> from
uuid-rs/chore/unsafe-cleanup</li>
<li><a
href="675cccc829"><code>675cccc</code></a>
re-gate zerocopy behind unstable feature flag</li>
<li><a
href="4dd5828060"><code>4dd5828</code></a>
Remove some unsafe; stabilize zerocopy</li>
<li>See full diff in <a
href="https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uuid&package-manager=cargo&previous-version=1.18.0&new-version=1.18.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-10 03:37:03 +00:00
Thomas Eizinger
33a75f6fee chore(headless-client): don't make failures look like crashes (#10290) 
Returning an error from `main` by default prints a backtrace. This may
lead users to believe that the program is crashing when in fact it is
exiting in a controlled way but with an error (such as when we don't
have Internet during startup).

Printing the chain of errors ourselves resolves this.
 2025-09-10 01:08:32 +00:00
Thomas Eizinger
4a612da189 fix(relay): filter traces by log filter (#10317) 
We want to control which traces are collected and sent to OTEL with the
log filter. To do that, we need to also apply the supplied log filter to
the tracer.
 2025-09-09 23:32:57 +00:00
dependabot[bot]
46eb118a46 build(deps): bump time from 0.3.41 to 0.3.43 in /rust (#10309) 
Bumps [time](https://github.com/time-rs/time) from 0.3.41 to 0.3.43.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/time-rs/time/releases">time's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.43</h2>
<p>See the <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog</a>
for details.</p>
<h2>v0.3.42</h2>
<p>See the <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">time's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.43 [2025-09-02]</h2>
<h3>Added</h3>
<ul>
<li>Support for <code>rand</code> 0.9</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>In the <code>convert</code> module, any use of <code>per</code> with
types that were not the same (such as
<code>Nanosecond::per(Second)</code>) would not compile due to a bug.
This has been fixed.</li>
</ul>
<h2>0.3.42 [2025-08-31]</h2>
<h3>Added</h3>
<ul>
<li><code>Time::duration_until</code></li>
<li><code>Time::duration_since</code></li>
<li><code>per_t</code> method for all types in
<code>time::convert</code>. This is similar to the existing
<code>per</code> method, but
can return any of the primitive numeric types that can represent the
result. This will cut down on
<code>as</code> casts while ensuring correctness. Type inference isn't
perfect, so you may need to provide a
type annotation in some situations.</li>
<li><code>impl PartialOrd for Month</code> and <code>impl Ord for
Month</code>; this assumes the months are in the same year</li>
<li><code>SystemTimeExt</code> trait, adding methods for checked
arithmetic with <code>time::Duration</code> and obtaining
the difference between two <code>SystemTime</code>s as a
<code>time::Duration</code></li>
<li>Permit using <code>UtcDateTime</code> with <code>rand</code> (this
was inadvertently omitted previously)</li>
<li><code>impl core::error::Error</code> for all error types (now
available when the <code>std</code> feature is disabled)</li>
<li>MacOS can now obtain the local UTC offset in multi-threaded programs
as the system APIs are
thread-safe.</li>
<li><code>#[track_caller]</code> has been added to all relevant
methods.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The minimum supported Rust version is now 1.81.0.</li>
<li>The dependency on <code>itoa</code> has been removed, as the
standard library now has similar functionality
by default.</li>
<li>Formatting a component that involves a floating point number is now
guaranteed to be
deterministic, avoiding any subtle differences between platforms or
compiler versions.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Serializing timestamps with nanosecond precision <em>should</em>
always emit the correct value.
Previously, it could be off by one nanosecond due to floating point
imprecision.</li>
<li>A previously unknown bug in <code>OffsetDateTime::to_offset</code>
and <code>UtcDateTime::to_offset</code> has been
fixed. The bug could result in a value that was invalid. It was unlikely
to ever occur in
real-world code, as it involved passing a UTC offset that has never been
used in any location.</li>
</ul>
<h3>Miscellaneous</h3>
<ul>
<li>The amount of code generated by macros has been massively reduced,
on the order of 65-70% for
typical use cases of <code>format_description!</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="45b9932e57"><code>45b9932</code></a>
v0.3.43 release</li>
<li><a
href="8cbf0dbff0"><code>8cbf0db</code></a>
Fix bug with <code>convert</code></li>
<li><a
href="3343e85826"><code>3343e85</code></a>
Add support for rand 0.9</li>
<li><a
href="afb2574f94"><code>afb2574</code></a>
Add note about MSRV</li>
<li><a
href="ed2852e3b2"><code>ed2852e</code></a>
v0.3.42 release</li>
<li><a
href="1067543c7f"><code>1067543</code></a>
Fix copied comment</li>
<li><a
href="f45bff514c"><code>f45bff5</code></a>
Use <code>const</code> block for readability</li>
<li><a
href="b38c118d3d"><code>b38c118</code></a>
Add <code>#[inline]</code> to most methods</li>
<li><a
href="f410951557"><code>f410951</code></a>
Add <code>#[track_caller]</code> to numerous methods</li>
<li><a
href="d30f3d0f12"><code>d30f3d0</code></a>
Optimize <code>Time::sub</code></li>
<li>Additional commits viewable in <a
href="https://github.com/time-rs/time/compare/v0.3.41...v0.3.43">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=time&package-manager=cargo&previous-version=0.3.41&new-version=0.3.43)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-09 22:09:24 +00:00
dependabot[bot]
c16918116c build(deps): bump clap from 4.5.45 to 4.5.47 in /rust (#10307) 
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.45 to 4.5.47.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/releases">clap's
releases</a>.</em></p>
<blockquote>
<h2>v4.5.47</h2>
<h2>[4.5.47] - 2025-09-02</h2>
<h3>Features</h3>
<ul>
<li>Added <code>impl FromArgMatches for ()</code></li>
<li>Added <code>impl Args for ()</code></li>
<li>Added <code>impl Subcommand for ()</code></li>
<li>Added <code>impl FromArgMatches for Infallible</code></li>
<li>Added <code>impl Subcommand for Infallible</code></li>
</ul>
<h3>Fixes</h3>
<ul>
<li><em>(derive)</em> Update runtime error text to match
<code>clap</code></li>
</ul>
<h2>v4.5.46</h2>
<h2>[4.5.46] - 2025-08-26</h2>
<h3>Features</h3>
<ul>
<li>Expose <code>StyledStr::push_str</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's
changelog</a>.</em></p>
<blockquote>
<h2>[4.5.47] - 2025-09-02</h2>
<h3>Features</h3>
<ul>
<li>Added <code>impl FromArgMatches for ()</code></li>
<li>Added <code>impl Args for ()</code></li>
<li>Added <code>impl Subcommand for ()</code></li>
<li>Added <code>impl FromArgMatches for Infallible</code></li>
<li>Added <code>impl Subcommand for Infallible</code></li>
</ul>
<h3>Fixes</h3>
<ul>
<li><em>(derive)</em> Update runtime error text to match
<code>clap</code></li>
</ul>
<h2>[4.5.46] - 2025-08-26</h2>
<h3>Features</h3>
<ul>
<li>Expose <code>StyledStr::push_str</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f046ca6a2b"><code>f046ca6</code></a>
chore: Release</li>
<li><a
href="436949dde1"><code>436949d</code></a>
docs: Update changelog</li>
<li><a
href="1ddab84c32"><code>1ddab84</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5954">#5954</a>
from epage/tests</li>
<li><a
href="8a66dbf7c2"><code>8a66dbf</code></a>
test(complete): Add more native cases</li>
<li><a
href="76465cf223"><code>76465cf</code></a>
test(complete): Make things more consistent</li>
<li><a
href="232cedbe76"><code>232cedb</code></a>
test(complete): Remove redundant index</li>
<li><a
href="02244a69a3"><code>02244a6</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5949">#5949</a>
from krobelus/option-name-completions-after-positionals</li>
<li><a
href="2e13847533"><code>2e13847</code></a>
fix(complete): Missing options in multi-val arg</li>
<li><a
href="74388d784b"><code>74388d7</code></a>
test(complete): Multi-valued, unbounded positional</li>
<li><a
href="5b3d45f72c"><code>5b3d45f</code></a>
refactor(complete): Extract function for options</li>
<li>Additional commits viewable in <a
href="https://github.com/clap-rs/clap/compare/clap_complete-v4.5.45...clap_complete-v4.5.47">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=clap&package-manager=cargo&previous-version=4.5.45&new-version=4.5.47)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-09 22:09:16 +00:00
dependabot[bot]
a8f76aea30 build(deps): bump log from 0.4.27 to 0.4.28 in /rust (#10306) 
Bumps [log](https://github.com/rust-lang/log) from 0.4.27 to 0.4.28.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/log/releases">log's
releases</a>.</em></p>
<blockquote>
<h2>0.4.28</h2>
<h2>What's Changed</h2>
<ul>
<li>ci: drop really old trick and ensure MSRV for all feature combo by
<a href="https://github.com/tisonkun"><code>@​tisonkun</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/676">rust-lang/log#676</a></li>
<li>chore: fix some typos in comment by <a
href="https://github.com/xixishidibei"><code>@​xixishidibei</code></a>
in <a
href="https://redirect.github.com/rust-lang/log/pull/677">rust-lang/log#677</a></li>
<li>Unhide <code>#[derive(Debug)]</code> in example by <a
href="https://github.com/ZylosLumen"><code>@​ZylosLumen</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/688">rust-lang/log#688</a></li>
<li>Chore: delete compare_exchange method for AtomicUsize on platforms
without atomics by <a
href="https://github.com/HaoliangXu"><code>@​HaoliangXu</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li>
<li>Add <code>increment_severity()</code> and
<code>decrement_severity()</code> methods for <code>Level</code> and
<code>LevelFilter</code> by <a
href="https://github.com/nebkor"><code>@​nebkor</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li>
<li>Prepare for 0.4.28 release by <a
href="https://github.com/KodrAus"><code>@​KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/695">rust-lang/log#695</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/xixishidibei"><code>@​xixishidibei</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/677">rust-lang/log#677</a></li>
<li><a
href="https://github.com/ZylosLumen"><code>@​ZylosLumen</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/688">rust-lang/log#688</a></li>
<li><a
href="https://github.com/HaoliangXu"><code>@​HaoliangXu</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li>
<li><a href="https://github.com/nebkor"><code>@​nebkor</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.27...0.4.28">https://github.com/rust-lang/log/compare/0.4.27...0.4.28</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/log/blob/master/CHANGELOG.md">log's
changelog</a>.</em></p>
<blockquote>
<h2>[0.4.28] - 2025-09-02</h2>
<h2>What's Changed</h2>
<ul>
<li>ci: drop really old trick and ensure MSRV for all feature combo by
<a href="https://github.com/tisonkun"><code>@​tisonkun</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/676">rust-lang/log#676</a></li>
<li>Chore: delete compare_exchange method for AtomicUsize on platforms
without atomics by <a
href="https://github.com/HaoliangXu"><code>@​HaoliangXu</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li>
<li>Add <code>increment_severity()</code> and
<code>decrement_severity()</code> methods for <code>Level</code> and
<code>LevelFilter</code> by <a
href="https://github.com/nebkor"><code>@​nebkor</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/xixishidibei"><code>@​xixishidibei</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/677">rust-lang/log#677</a></li>
<li><a
href="https://github.com/ZylosLumen"><code>@​ZylosLumen</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/688">rust-lang/log#688</a></li>
<li><a
href="https://github.com/HaoliangXu"><code>@​HaoliangXu</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li>
<li><a href="https://github.com/nebkor"><code>@​nebkor</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.27...0.4.28">https://github.com/rust-lang/log/compare/0.4.27...0.4.28</a></p>
<h3>Notable Changes</h3>
<ul>
<li>MSRV is bumped to 1.61.0 in <a
href="https://redirect.github.com/rust-lang/log/pull/676">rust-lang/log#676</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e1735597b"><code>6e17355</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/695">#695</a>
from rust-lang/cargo/0.4.28</li>
<li><a
href="57719dbef5"><code>57719db</code></a>
focus on user-facing source changes in the changelog</li>
<li><a
href="e0630c6485"><code>e0630c6</code></a>
prepare for 0.4.28 release</li>
<li><a
href="60829b11f5"><code>60829b1</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/692">#692</a>
from nebkor/up-and-down</li>
<li><a
href="95d44f8af5"><code>95d44f8</code></a>
change names of log-level-changing methods to be more descriptive</li>
<li><a
href="2b63dfada6"><code>2b63dfa</code></a>
Add <code>up()</code> and <code>down()</code> methods for
<code>Level</code> and <code>LevelFilter</code></li>
<li><a
href="3aa1359e92"><code>3aa1359</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/690">#690</a>
from HaoliangXu/master</li>
<li><a
href="1091f2cbd2"><code>1091f2c</code></a>
Chore:delete compare_exchange method for AtomicUsize on platforms</li>
<li><a
href="24c5f44efd"><code>24c5f44</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/688">#688</a>
from ZylosLumen/patch-1</li>
<li><a
href="4498495467"><code>4498495</code></a>
Unhide <code>#[derive(Debug)]</code> in example</li>
<li>Additional commits viewable in <a
href="https://github.com/rust-lang/log/compare/0.4.27...0.4.28">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=log&package-manager=cargo&previous-version=0.4.27&new-version=0.4.28)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-09 22:09:05 +00:00
dependabot[bot]
68c1ce25ba build(deps): bump the tauri group in /rust with 4 updates (#10304) 
Bumps the tauri group in /rust with 4 updates:
[tauri](https://github.com/tauri-apps/tauri),
[tauri-build](https://github.com/tauri-apps/tauri),
[tauri-plugin-dialog](https://github.com/tauri-apps/plugins-workspace)
and
[tauri-plugin-shell](https://github.com/tauri-apps/plugins-workspace).

Updates `tauri` from 2.8.3 to 2.8.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri's
releases</a>.</em></p>
<blockquote>
<h2>tauri v2.8.4</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
    Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
     Locking 1037 packages to latest compatible versions
      Adding apple-codesign v0.27.0 (available: v0.29.0)
      Adding borsh v1.3.0 (available: v1.5.7)
      Adding borsh-derive v1.3.0 (available: v1.5.7)
      Adding cargo_metadata v0.19.2 (available: v0.22.0)
      Adding colored v2.2.0 (available: v3.0.0)
      Adding ctor v0.2.9 (available: v0.5.0)
      Adding dialoguer v0.11.0 (available: v0.12.0)
      Adding elf v0.7.4 (available: v0.8.0)
      Adding goblin v0.9.3 (available: v0.10.1)
      Adding html5ever v0.29.1 (available: v0.35.0)
      Adding itertools v0.13.0 (available: v0.14.0)
      Adding json-patch v3.0.1 (available: v4.0.0)
      Adding jsonrpsee v0.24.9 (available: v0.26.0)
      Adding jsonrpsee-client-transport v0.24.9 (available: v0.26.0)
      Adding jsonrpsee-core v0.24.9 (available: v0.26.0)
      Adding jsonrpsee-ws-client v0.24.9 (available: v0.26.0)
      Adding matchit v0.8.4 (available: v0.8.6)
      Adding minisign v0.7.3 (available: v0.7.9)
      Adding object v0.36.7 (available: v0.37.3)
      Adding oxc_allocator v0.36.0 (available: v0.82.3)
      Adding oxc_ast v0.36.0 (available: v0.82.3)
      Adding oxc_parser v0.36.0 (available: v0.82.3)
      Adding oxc_span v0.36.0 (available: v0.82.3)
      Adding phf v0.11.3 (available: v0.13.1)
      Adding rpm v0.16.1 (available: v0.17.1)
      Adding schemars v0.8.22 (available: v1.0.4)
      Adding tiny_http v0.11.0 (available: v0.12.0)
      Adding toml v0.8.2 (available: v0.8.23)
      Adding toml_datetime v0.6.3 (available: v0.6.11)
      Adding toml_edit v0.20.2 (available: v0.20.7)
      Adding x509-certificate v0.23.1 (available: v0.25.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 797 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1062 crate dependencies)
Crate:     atk
Version:   0.18.2
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="df61fac2b5"><code>df61fac</code></a>
fix(ci): bump tauri-cli to 2.8.3 to match
<code>@​tauri-apps/cli</code></li>
<li><a
href="16348ac2bd"><code>16348ac</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14081">#14081</a>)</li>
<li><a
href="03e7c11932"><code>03e7c11</code></a>
fix(tauri-runtime-wry): ignore about:blank initial URL (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14080">#14080</a>)</li>
<li><a
href="e81635aa3d"><code>e81635a</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14079">#14079</a>)</li>
<li><a
href="0ac89d3b6c"><code>0ac89d3</code></a>
chore(deps): Update cargo-mobile2 for ios 18.6 sim support (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14078">#14078</a>)</li>
<li><a
href="4791d09a0a"><code>4791d09</code></a>
chore(deps): update dependency rollup to v4.48.1 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14077">#14077</a>)</li>
<li><a
href="bc829ee24d"><code>bc829ee</code></a>
chore(deps): update dependency rollup to v4.48.0 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14053">#14053</a>)</li>
<li><a
href="11800a0071"><code>11800a0</code></a>
chore(deps): update rust crate jsonschema to 0.33 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14074">#14074</a>)</li>
<li>See full diff in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-v2.8.3...tauri-v2.8.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `tauri-build` from 2.4.0 to 2.4.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-build's
releases</a>.</em></p>
<blockquote>
<h2>tauri-build v2.4.1</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
    Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
     Locking 1042 packages to latest compatible versions
      Adding apple-codesign v0.27.0 (available: v0.29.0)
      Adding borsh v1.3.0 (available: v1.5.7)
      Adding borsh-derive v1.3.0 (available: v1.5.7)
      Adding cargo_metadata v0.19.2 (available: v0.22.0)
      Adding colored v2.2.0 (available: v3.0.0)
      Adding ctor v0.2.9 (available: v0.5.0)
      Adding dialoguer v0.11.0 (available: v0.12.0)
      Adding elf v0.7.4 (available: v0.8.0)
      Adding goblin v0.9.3 (available: v0.10.1)
      Adding html5ever v0.29.1 (available: v0.35.0)
      Adding itertools v0.13.0 (available: v0.14.0)
      Adding json-patch v3.0.1 (available: v4.0.0)
      Adding jsonrpsee v0.24.9 (available: v0.26.0)
      Adding jsonrpsee-client-transport v0.24.9 (available: v0.26.0)
      Adding jsonrpsee-core v0.24.9 (available: v0.26.0)
      Adding jsonrpsee-ws-client v0.24.9 (available: v0.26.0)
      Adding matchit v0.8.4 (available: v0.8.6)
      Adding minisign v0.7.3 (available: v0.7.9)
      Adding object v0.36.7 (available: v0.37.3)
      Adding oxc_allocator v0.36.0 (available: v0.86.0)
      Adding oxc_ast v0.36.0 (available: v0.86.0)
      Adding oxc_parser v0.36.0 (available: v0.86.0)
      Adding oxc_span v0.36.0 (available: v0.86.0)
      Adding phf v0.11.3 (available: v0.13.1)
      Adding png v0.17.16 (available: v0.18.0)
      Adding rpm v0.16.1 (available: v0.18.0)
      Adding schemars v0.8.22 (available: v1.0.4)
      Adding tiny_http v0.11.0 (available: v0.12.0)
      Adding toml v0.8.2 (available: v0.8.23)
      Adding toml_datetime v0.6.3 (available: v0.6.11)
      Adding toml_edit v0.20.2 (available: v0.20.7)
      Adding x509-certificate v0.23.1 (available: v0.25.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 801 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1067 crate dependencies)
Crate:     atk
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="80eadb7387"><code>80eadb7</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14100">#14100</a>)</li>
<li><a
href="346a420812"><code>346a420</code></a>
docs: improve resources docs (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14136">#14136</a>)</li>
<li><a
href="5239d39149"><code>5239d39</code></a>
chore(deps): update dependency rollup to v4.50.0 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14127">#14127</a>)</li>
<li><a
href="0b1da30d28"><code>0b1da30</code></a>
chore(tauri): update documentation for home_dir on iOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14121">#14121</a>)</li>
<li><a
href="7db7142f9f"><code>7db7142</code></a>
fix(cli): empty Android emulator name (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14119">#14119</a>)</li>
<li><a
href="a9b342125d"><code>a9b3421</code></a>
fix(cli): iOS simulator dev/build on Apple Intel, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/13456">#13456</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14114">#14114</a>)</li>
<li><a
href="bcf000c0a8"><code>bcf000c</code></a>
fix(cli): ios command failing when running with deno, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/13547">#13547</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14110">#14110</a>)</li>
<li><a
href="61b9b681e8"><code>61b9b68</code></a>
feat(cli): retain all RUST_* env vars on mobile commands (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14111">#14111</a>)</li>
<li><a
href="c37a298331"><code>c37a298</code></a>
fix(cli): set package type for Deno (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/14112">#14112</a>)</li>
<li><a
href="b8b866fcc7"><code>b8b866f</code></a>
fix(examples): update tauri-plugin-log</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-build-v2.4.0...tauri-build-v2.4.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `tauri-plugin-dialog` from 2.3.3 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-dialog's
releases</a>.</em></p>
<blockquote>
<h2>cli-js v2.4.0</h2>
<h2>[2.4.0]</h2>
<ul>
<li><a
href="f209b2f23c"><code>f209b2f2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2804">#2804</a>
by <a
href="https://github.com/tauri-apps/plugins-workspace/../../renovate"><code>@​renovate</code></a>)
Updated tauri to 2.6</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run &quot;npm pkg fix&quot; to
address these errors.
npm warn publish errors corrected:
npm warn publish &quot;repository&quot; was changed from a string to an
object
npm warn publish &quot;repository.url&quot; was normalized to
&quot;git+https://github.com/tauri-apps/plugins-workspace.git&quot;
npm notice
npm notice 📦  @tauri-apps/plugin-cli@2.4.0
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 3.4kB README.md
npm notice 1.1kB dist-js/index.cjs
npm notice 1.3kB dist-js/index.d.ts
npm notice 1.0kB dist-js/index.js
npm notice 653B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-cli
npm notice version: 2.4.0
npm notice filename: tauri-apps-plugin-cli-2.4.0.tgz
npm notice package size: 2.9 kB
npm notice unpacked size: 8.4 kB
npm notice shasum: 8d6eacb113a377bb690a36676c63c7b426212f46
npm notice integrity: sha512-3AUUaaqj3Pkac[...]WBNAL4I4iIZRg==
npm notice total files: 6
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=249977649
+ @tauri-apps/plugin-cli@2.4.0
</code></pre>
<!-- raw HTML omitted -->
<h2>cli v2.4.0</h2>
<h2>[2.4.0]</h2>
<ul>
<li><a
href="f209b2f23c"><code>f209b2f2</code></a>
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/2804">#2804</a>
by <a
href="https://github.com/tauri-apps/plugins-workspace/../../renovate"><code>@​renovate</code></a>)
Updated tauri to 2.6</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>Updating crates.io index
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adc23d6c4f"><code>adc23d6</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2808">#2808</a>)</li>
<li><a
href="fc573b35a7"><code>fc573b3</code></a>
chore(deps): update rust crate tokio-tungstenite to 0.27 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2768">#2768</a>)</li>
<li><a
href="901ddfb73d"><code>901ddfb</code></a>
ci: enable create-pull-request sign commits (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2809">#2809</a>)</li>
<li><a
href="f209b2f23c"><code>f209b2f</code></a>
chore(deps): update tauri monorepo to v2.6.0 (v2) (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2804">#2804</a>)</li>
<li><a
href="19ed1bd3cc"><code>19ed1bd</code></a>
chore(deps): update dependency prettier to v3.6.1 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2806">#2806</a>)</li>
<li><a
href="5779099688"><code>5779099</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2780">#2780</a>)</li>
<li><a
href="2aec8ff4c4"><code>2aec8ff</code></a>
feat(opener): add <code>inAppBrowser</code> option for iOS and Android
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2803">#2803</a>)</li>
<li><a
href="9799f0dbab"><code>9799f0d</code></a>
fix(log): iOS simulator freezing due to early logging (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2802">#2802</a>)</li>
<li><a
href="8cdaacdc6e"><code>8cdaacd</code></a>
chore(examples): update API example mobile projects</li>
<li><a
href="d46778e80b"><code>d46778e</code></a>
chore(deps): update dependency typescript-eslint to v8.35.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2794">#2794</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/dialog-v2.3.3...fs-v2.4.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tauri-plugin-shell` from 2.3.0 to 2.3.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-shell's
releases</a>.</em></p>
<blockquote>
<h2>dialog-js v2.3.1</h2>
<h2>[2.3.1]</h2>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>fs-js@2.4.1</code></li>
</ul>
<!-- raw HTML omitted -->
<pre><code>npm warn publish npm auto-corrected some errors in your
package.json when publishing. Please run &quot;npm pkg fix&quot; to
address these errors.
npm warn publish errors corrected:
npm warn publish &quot;repository&quot; was changed from a string to an
object
npm warn publish &quot;repository.url&quot; was normalized to
&quot;git+https://github.com/tauri-apps/plugins-workspace.git&quot;
npm notice
npm notice 📦  @tauri-apps/plugin-dialog@2.3.1
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 2.9kB README.md
npm notice 5.8kB dist-js/index.cjs
npm notice 7.8kB dist-js/index.d.ts
npm notice 5.6kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 656B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-dialog
npm notice version: 2.3.1
npm notice filename: tauri-apps-plugin-dialog-2.3.1.tgz
npm notice package size: 4.3 kB
npm notice unpacked size: 23.7 kB
npm notice shasum: ae29fdc9346fce2e4a54dd0a80a35a1ba86c05f0
npm notice integrity: sha512-B7jvyhycV8SI/[...]4QPonYahoYnZQ==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and
public access
npm notice publish Signed provenance statement with source and build
information from GitHub Actions
npm notice publish Provenance statement published to transparency log:
https://search.sigstore.dev/?logIndex=296203362
+ @tauri-apps/plugin-dialog@2.3.1
</code></pre>
<!-- raw HTML omitted -->
<h2>dialog v2.3.1</h2>
<h2>[2.3.1]</h2>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>fs-js@2.4.1</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2371804172"><code>2371804</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2888">#2888</a>)</li>
<li><a
href="90f9b9310a"><code>90f9b93</code></a>
chore: fix cli version in deep-link package.json</li>
<li><a
href="1c58f3372c"><code>1c58f33</code></a>
chore(deps): update dependency rollup to v4.46.4 (v2) (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2935">#2935</a>)</li>
<li><a
href="75617a6a92"><code>75617a6</code></a>
fix(mobile): deeplinks (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2870">#2870</a>)</li>
<li><a
href="5a963a0496"><code>5a963a0</code></a>
chore(deps): update dependency <code>@​tauri-apps/cli</code> to v2.8.1
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2930">#2930</a>)</li>
<li><a
href="76f4e7bb84"><code>76f4e7b</code></a>
chore(deps): update eslint monorepo to v9.33.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2903">#2903</a>)</li>
<li><a
href="670ac1d7c1"><code>670ac1d</code></a>
chore(deps): update dependency typescript-eslint to v8.40.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2923">#2923</a>)</li>
<li><a
href="ed0deef2cf"><code>ed0deef</code></a>
chore(deps): update dependency <code>@​tauri-apps/api</code> to v2.8.0
(<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2929">#2929</a>)</li>
<li><a
href="50cebdb6d5"><code>50cebdb</code></a>
chore(deps): update to tauri 2.8.0 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2925">#2925</a>)</li>
<li><a
href="dd2ea9cfa5"><code>dd2ea9c</code></a>
chore(deps): update dependency rollup to v4.46.3 (<a
href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2920">#2920</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/plugins-workspace/compare/os-v2.3.0...os-v2.3.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-09 22:08:53 +00:00
Thomas Eizinger
03ac73ac00 fix(gateway): reset DNS resource NAT if proxy IPs change (#10310) 
In #10040, we decided to persist a peer's routing state on the Gateway
across ICE sessions. This routing state also includes the DNS resource
NAT.

Prior to #10104 (which is not released yet), when a Client signs out and
back in, it resets the proxy IP mapping for DNS resources and will start
numbering them again from the front, i.e. starting from 100.96.0.1. With
the state still being preserved on the Gateway, this represents a
problem: We keep existing mappings around if there is still a NAT
session for this proxy IP. However, if the proxy IP is actually for a
different domain, this NAT session is meaningless. In fact, not
replacing the IP is problematic as we will now route packets for the new
proxy IP to the wrong destination.

The persistent DNS resource mapping from #10104 fixes this. In this PR,
we add an additional check to the Gateway where we detect whether the
Client has started to re-assign proxy IPs and if so, we completely reset
the DNS resource NAT state including all existing NAT sessions.

Fixes #10268
 2025-09-09 02:08:26 +00:00
Jamil
5e0ca45c67 fix(relay): XDP_PASS non-STUN UDP traffic (#10292) 
To prevent userspace relaying, all traffic that seemingly looked like
STUN/TURN but we couldn't handle via the eBPF codepath we would
`XDP_DROP`.

This turned out to be too heavy-handed of an approach since it end up
matching DNS query responses as well due to them arriving within the
TURN ephemeral port range.

To fix this, we `XDP_PASS` the traffic up the stack so that the kernel
is able to match it to existing conntrack entries.

We've identified a minor race condition where the first few channel data
packets might be dropped when a channel is first being bound, but fixing
this will be saved for a later PR.

Related: https://github.com/firezone/infra/pull/132
 2025-09-05 13:24:02 -07:00
Jamil
b8e0cf9b53 fix(ci): temporarily suppress fxhash unmaintained (#10298) 
Ignoring for now to get CI to pass, since this isn't an urgent problem.

Related: #10297
 2025-09-05 13:23:01 -07:00
Thomas Eizinger
c891d9c864 fix(relay): re-add eBPF channel map entry on refresh (#10291) 
TURN channels have a 5 minute cooldown period after they expire where
they cannot be rebound to another peer but can be refreshed and thus
"reactivated".

To stop routing packets when the channel expires, we remove it from the
channel map of the eBPF code. The client however knows that it still has
a channel that it can reactivate for another 5min. In case it chooses to
do so, we refresh the channel in userspace but until now, forget to
re-populate the eBPF map. This effectively blocks this communication
path from working because the relay reports the channel from being
refreshed successfully, yet the new eBPF kernel drops all packets
without a map entry.
 2025-09-05 01:29:50 +00:00
Thomas Eizinger
ead1f40101 chore(gateway): only log skipped NAT entry if IP differs (#10285) 
When we resolve a DNS resource domain name on the Gateway, we establish
the mapping between proxy IPs and resolved IPs in order to correctly NAT
traffic. These domains are re-resolved every time the Client sees a DNS
query for it. Thus, established connections could be interrupted if the
IPs returned by consecutive DNS queries are different.

Many SaaS products (GitHub for example) use DNS to load balance between
different IPs. In order to not interrupt those connections, we check
whether we have an open NAT session for an existing mapping every time
we re-resolve DNS.

This log is currently printed too often though because it doesn't take
into account whether the IPs actually changed. If the IP is the same, we
don't need to print this because the update is a no-op.
 2025-09-04 21:12:46 +00:00
Thomas Eizinger
ec0c7c148b chore(eBPF): minor polish (#10282) 
Some follow-up polish for the eBPF module:

- Changes the cfg's to also include Linux, allowing rust-analyzer to
assist with auto-complete etc.
- Moves code to sub-modules of `try_handle_turn`, removing the need for
making them conditional.
- Move all maps to sub-modules to allow for a single place to put
comments: In the module documentation at the top.
- Removes interface IP learning, these are now configured via env
variables.
 2025-09-03 03:18:46 +00:00
Thomas Eizinger
fb7b001cbf chore(rust): fix unused variable warning (#10283) 2025-09-03 01:17:11 +00:00