mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
eee057297291d0f82553dbced882b95471abda62
1043 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
eee0572972 |
build(deps): bump @docsearch/react from 4.1.0 to 4.2.0 in /website (#10903)
Bumps [@docsearch/react](https://github.com/algolia/docsearch/tree/HEAD/packages/docsearch-react) from 4.1.0 to 4.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/algolia/docsearch/releases"><code>@docsearch/react</code>'s releases</a>.</em></p> <blockquote> <h2>v4.2.0</h2> <h1><a href="https://github.com/algolia/docsearch/compare/v4.1.0...v4.2.0">4.2.0</a> (2025-10-06)</h1> <h3>Bug Fixes</h3> <ul> <li><strong>askai:</strong> Fixes issue with askai state being outside DocSearchModal (<a href="https://redirect.github.com/algolia/docsearch/issues/2778">#2778</a>) (<a href=" |
||
|
Jamil
|
164f1976c7 |
fix(apple): queue path updates onto workQueue (#10896)
Path updates are received on a queue which can be (and is typically) on a different thread from the one the workQueue runs on. Since we are sharing instance properties across these two threads, we need to make sure reads and writes to all properties ideally happen on the same queue. Moving `Adapter` to an actor class could solve these issues, but that is a much larger refactor to be done in #10895 and we'd like to ship this fix in the next release to verify it fixes our issue. |
||
|
Jamil
|
2643492534 |
fix(website): update link to pwc study (#10894)
fixes #10812 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
dependabot[bot]
|
ba1b81ced0 |
build(deps): bump framer-motion from 12.23.22 to 12.23.24 in /website (#10837)
Bumps [framer-motion](https://github.com/motiondivision/motion) from 12.23.22 to 12.23.24. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[12.23.24] 2025-10-10</h2> <h3>Fixed</h3> <ul> <li>Ensure that when a component remounts, it continues to fire animations even when <code>initial={false}</code>.</li> </ul> <h2>[12.23.23] 2025-10-10</h2> <h3>Added</h3> <ul> <li>Exporting <code>PresenceChild</code> and <code>PopChild</code> type for internal use.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mariusz Klochowicz
|
bdffa3a697 |
fix(apple): prevent utun increments from IPC calls (#10855)
On macOS, IPC calls to the network extension can wake it whilst not connected, causing the system to create a utun device. If startTunnel() is not subsequently called, these devices persist and accumulate over time. The existing dryStartStopCycle() mechanism was introduced to wake the extension after upgrades, but other IPC operations (log management functions) could also wake the extension without proper cleanup. Solution -------- Add wrapper functions in IPCClient that automatically handle wake-up and cleanup lifecycle for IPC calls made whilst disconnected: - Check VPN connection status - If connected: execute IPC operation directly (utun already exists) - If disconnected: wake extension → wait 500ms → execute IPC → cleanup Implementation -------------- For async IPC operations (clearLogs, getLogFolderSize): Created free functions in IPCClient that wrap low-level IPC calls with wrapIPCCallIfNeeded(): - clearLogsWithCleanup(store:session:) - getLogFolderSizeWithCleanup(store:session:) For callback-based exportLogs: We cannot use wrapper because exportLogs returns immediately and uses callbacks for streaming chunks. Wrapper would call stop() before export finishes, killing the extension mid-stream. Solution: Manual wake-up/cleanup in LogExporter where we already have continuation that waits for chunk.done signal: 1. Check if extension needs waking (vpnStatus != .connected) 2. If yes: wake extension, wait 500ms 3. Start export with callbacks 4. When chunk.done=true: cleanup utun device, then resume continuation 5. On error: cleanup utun device, then resume with error Fixes #10580 --------- Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com> |
||
|
dependabot[bot]
|
64da55707f |
build(deps): bump @types/node from 24.5.2 to 24.7.2 in /website (#10835)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.5.2 to 24.7.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Thomas Eizinger
|
4a64ff889b |
fix(website): redirect to correct release (#10864)
Quick-fix to ensure Gateway upgrades work. Fix for the script will come later. Resolves: #10860 |
||
|
Thomas Eizinger
|
3e849ae852 |
fix(gui-client): use Wayland rendering backend on Linux (#10849)
Previously, we opted into the X11 GTK backend when rendering the GUI Client's window. This is causing issues on newer Linux distributions such as Fedora 43 where Wayland is now the only available compositor. Removing the X11 GTK requires us to draw our own CSDs such as titlebars and a close button. This PR does exactly that by adding a minimalistic title bar. To make better use of the space, we move the section headers into there. |Before|After| |---|---| |<img width="1900" height="1174" alt="Screenshot From 2025-11-11 11-14-11" src="https://github.com/user-attachments/assets/9439a69b-65ba-41d6-b1f8-4448e0f80728" />|<img width="1800" height="1000" alt="Screenshot From 2025-11-11 11-40-55" src="https://github.com/user-attachments/assets/7884b2cc-3d9c-4b47-9a1e-c6462aef36ab" />| |<img width="1900" height="1174" alt="Screenshot From 2025-11-11 11-14-16" src="https://github.com/user-attachments/assets/2cfea825-5c08-45a5-873c-5afcbc1dbf16" />|<img width="1800" height="1000" alt="Screenshot From 2025-11-11 11-40-58" src="https://github.com/user-attachments/assets/43ddd7c9-ce65-42f7-b972-28c6b172b70d" />| |<img width="1900" height="1174" alt="Screenshot From 2025-11-11 11-14-19" src="https://github.com/user-attachments/assets/446873a7-9023-4266-9377-ea7b8b4353ee" />|<img width="1800" height="1000" alt="Screenshot From 2025-11-11 11-41-01" src="https://github.com/user-attachments/assets/64439383-f33f-461d-9b4a-6b4138bd675b" />| |<img width="1900" height="1174" alt="Screenshot From 2025-11-11 11-14-22" src="https://github.com/user-attachments/assets/6c39e06c-1d77-471f-91f1-32a78b90a21c" />|<img width="1800" height="1000" alt="Screenshot From 2025-11-11 11-41-04" src="https://github.com/user-attachments/assets/b56912cb-9c85-4b5a-9295-dae6139b25c6" />| |<img width="1900" height="1174" alt="Screenshot From 2025-11-11 11-14-26" src="https://github.com/user-attachments/assets/5a5d638c-15bf-4523-8466-2e0977a03e22" />|<img width="1800" height="1000" alt="Screenshot From 2025-11-11 11-41-06" src="https://github.com/user-attachments/assets/ed169b52-ef86-4dc4-8f25-852da622eaa1" />| |
||
|
Thomas Eizinger
|
189c358975 |
feat(portal): add Debian/Ubuntu deployment tab (#10741)
Now that we have an APT repository for Debian / Ubuntu packages, we should also tell our users about it. We introduce a new "Debian / Ubuntu" tab on the deployments screen in the portal. The tab is selected by default as it should provide the best user experience for manually deployed Gateways: - Updates are as easy as `sudo apt upgrade` - The systemd file and token are fully managed in the background Here is what the new tab looks like: <img width="679" height="786" alt="image" src="https://github.com/user-attachments/assets/da69fc55-6a6a-476d-bed4-634dd05df8bc" /> Resolves: #10701 --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
dependabot[bot]
|
a982f0bafb |
build(deps-dev): bump typescript from 5.9.2 to 5.9.3 in /website (#10840)
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.2 to 5.9.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/TypeScript/releases">typescript's releases</a>.</em></p> <blockquote> <h2>TypeScript 5.9.3</h2> <p>Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.</p> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-9/">release announcement</a></p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.9.0%22+is%3Aclosed+">fixed issues query for Typescript 5.9.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.9.1%22+is%3Aclosed+">fixed issues query for Typescript 5.9.1 (RC)</a>.</li> <li><em>No specific changes for TypeScript 5.9.2 (Stable)</em></li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.9.3%22+is%3Aclosed+">fixed issues query for Typescript 5.9.3 (Stable)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c6aa971947 |
build(deps): bump fast-xml-parser from 5.2.5 to 5.3.0 in /website (#10841)
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.2.5 to 5.3.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p><strong>5.3.1 / 2025-11-03</strong></p> <ul> <li>Performance improvement for stopNodes (By <a href="https://github.com/macieklamberski">Maciek Lamberski</a>)</li> </ul> <p><strong>5.3.0 / 2025-10-03</strong></p> <ul> <li>Use <code>Uint8Array</code> in place of <code>Buffer</code> in Parser</li> </ul> <p><strong>5.2.5 / 2025-06-08</strong></p> <ul> <li>Inform user to use <a href="https://github.com/NaturalIntelligence/fxp-cli">fxp-cli</a> instead of in-built CLI feature</li> <li>Export typings for direct use</li> </ul> <p><strong>5.2.4 / 2025-06-06</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/747">#747</a>): fix EMPTY and ANY with ELEMENT in DOCTYPE</li> </ul> <p><strong>5.2.3 / 2025-05-11</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/747">#747</a>): support EMPTY and ANY with ELEMENT in DOCTYPE</li> </ul> <p><strong>5.2.2 / 2025-05-05</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/746">#746</a>): update strnum to fix parsing issues related to enotations</li> </ul> <p><strong>5.2.1 / 2025-04-22</strong></p> <ul> <li>fix: read DOCTYPE entity value correctly</li> <li>read DOCTYPE NOTATION, ELEMENT exp but not using read values</li> </ul> <p><strong>5.2.0 / 2025-04-03</strong></p> <ul> <li>feat: support metadata on nodes (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/593">#593</a>) (By <a href="https://github.com/srl295">Steven R. Loomis</a>)</li> </ul> <p><strong>5.1.0 / 2025-04-02</strong></p> <ul> <li>feat: declare package as side-effect free (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/738">#738</a>) (By <a href="https://github.com/tbouffard">Thomas Bouffard</a>)</li> <li>fix cjs build mode</li> <li>fix builder return type to string</li> <li></li> </ul> <p><strong>5.0.9 / 2025-03-14</strong></p> <ul> <li>fix: support numeric entities with values over 0xFFFF (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/726">#726</a>) (By <a href="https://github.com/mcdurdin">Marc Durdin</a>)</li> <li>fix: update strnum to fix parsing 0 if skiplike option is used</li> </ul> <p><strong>5.0.8 / 2025-02-27</strong></p> <ul> <li>fix parsing 0 if skiplike option is used. <ul> <li>updating strnum dependency</li> </ul> </li> </ul> <p><strong>5.0.7 / 2025-02-25</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/724">#724</a>) typings for cjs.</li> </ul> <p><strong>5.0.6 / 2025-02-20</strong></p> <ul> <li>fix cli output (By <a href="https://github.com/angeld7">Angel Delgado</a>) <ul> <li>remove multiple JSON parsing</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
bd2abbaae3 |
feat(apple): config to hide resource list (#10824)
Adds a configuration variable `hideResourceList` accessible by provisioning profile only to hide or show the Resource list. This is helpful when end-users need not be concerned with the resources available to their account. Also updates the associated ProfileManifests, docs, and a little bit of housekeeping around `configuration`, making it public for direct access. <img width="292" height="228" alt="Screenshot 2025-11-09 at 9 12 47 PM" src="https://github.com/user-attachments/assets/a4ce5586-bf92-4ebc-bc0d-51215e1efd61" /> Related: https://github.com/ProfileManifests/ProfileManifests/pull/839 Fixes: #10808 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Firezone Bot
|
5ae2707719 | chore: publish gateway 1.4.18 (#10823) | ||
|
Thomas Eizinger
|
602844ae4a |
fix(gateway): always update translation table from DNS response (#10796)
For DNS resources, the Gateway maintains a per-peer NAT table from the client-assigned proxy IPs to the real IPs of the domain. Whenever the Client re-queries a DNS resource domain locally, we asynchronously ping the Gateway to also re-query said domain. This allows us to detect changes in the DNS records of DNS resources. To avoid breaking existing connections, the mapping between proxy IPs and real IPs is currently not updated if there are any active UDP or TCP flows for a proxy IP. This logic turns out to be unnecessarily restrictive as TCP flows can linger around for up to 2h before they timeout if they are not closed with a TCP RST. What we really need to do is always update the mapping of proxy IP <> real IP but honor existing NAT table entries when we route packets before creating new ones. This ensures that an existing connection to a previously resolved IP remains intact, even if a later DNS response for the same domain updates the mapping. At the same time, new connections (i.e. with a different source port) will immediately use the new destination IP. |
||
|
Thomas Eizinger
|
804ef7a3fb |
fix(connlib): retain order of system/upstream DNS servers (#10773)
Right now, connlib hands out a `BiMap` of sentinel IPs <> upstream servers whenever it emits a `TunInterfaceUpdated` event. This `BiMap` internally uses two `HashMap`s. The iteration order of `HashMap`s is non-deterministic and therefore, we lose the order in which the upstream / system resolvers have been passed to us originally. To prevent that, we now emit a dedicated `DnsMapping` type that does not expose its internal data structure but only getters for retrieving the sentinel and upstream servers. Internally, it uses a `Vec` to store this mapping and thus retains the original order. This is asserted as part of our proptests by comparing the resulting `Vec`s. This fix is preceded by a few refactorings that encapsulate the code for creating and updating this DNS mapping. Resolves: #8439 |
||
|
Jamil
|
0f73ec18ab | fix(website): azure app id json structure (#10785) | ||
|
Jamil
|
20c40312dd | chore(website): add entra sync domain association (#10771) | ||
|
Thomas Eizinger
|
3308e3c010 |
fix(linux): introduce tiered routing tables (#10742)
With the fix of taking into account link-scoped routes in #10554 we introduced a bug: If a customer defines routes in Firezone that conflict with the link-scope ones, those currently take priority as they are usually more specific. To fix this, we introduce tiered routing tables controlled by a set of rules with different priority. 1. In the first "Firezone" routing table, we add all CIDR/IP routes that users define in Firezone. 2. In the second "Firezone" routing table, we sync in all link-scope routes from the system. 3. In the third "Firezone" routing table, we only add the Internet Resource if it is active. By evaluating the routing tables in this order, we effectively always prioritize Firezone-controlled routes over local ones but still allow access to LAN resources when the Internet Resource is active. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Jamil
|
39b2f61cfd |
fix(ci): ensure version markers are replaced across all files (#10752)
Upon moving the version string from PKG_VERSION and Cargo.toml, we lost the bump version automation. To avoid more bugs here in the future, we now check for the version marker across all Git-tracked files, regardless of their extension. Fixes #10748 --------- Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Firezone Bot
|
04f4415344 |
chore: publish android-client 1.5.6 (#10745)
Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
dependabot[bot]
|
d5c3c67dc4 |
build(deps-dev): bump eslint-config-next from 15.5.3 to 15.5.4 in /website (#10728)
Bumps
[eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)
from 15.5.3 to 15.5.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">eslint-config-next's
releases</a>.</em></p>
<blockquote>
<h2>v15.5.4</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>fix: ensure onRequestError is invoked when otel enabled (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83343">#83343</a>)</li>
<li>fix: devtools initial position should be from next config (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83571">#83571</a>)</li>
<li>[devtool] fix overlay styles are missing (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83721">#83721</a>)</li>
<li>Turbopack: don't match dynamic pattern for node_modules packages (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83176">#83176</a>)</li>
<li>Turbopack: don't treat metadata routes as RSC (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/82911">#82911</a>)</li>
<li>[turbopack] Improve handling of symlink resolution errors in
track_glob and read_glob (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83357">#83357</a>)</li>
<li>Turbopack: throw large static metadata error earlier (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/82939">#82939</a>)</li>
<li>fix: error overlay not closing when backdrop clicked (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83981">#83981</a>)</li>
<li>Turbopack: flush Node.js worker IPC on error (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/84077">#84077</a>)</li>
</ul>
<h3>Misc Changes</h3>
<ul>
<li>[CNA] use linter preference (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83194">#83194</a>)</li>
<li>CI: use KV for test timing data (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83745">#83745</a>)</li>
<li>docs: september improvements and fixes (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83997">#83997</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/yiminghe"><code>@yiminghe</code></a>, <a
href="https://github.com/huozhi"><code>@huozhi</code></a>, <a
href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>,
<a href="https://github.com/mischnic"><code>@mischnic</code></a>, <a
href="https://github.com/lukesandberg"><code>@lukesandberg</code></a>,
<a href="https://github.com/ztanner"><code>@ztanner</code></a>, <a
href="https://github.com/icyJoseph"><code>@icyJoseph</code></a>, <a
href="https://github.com/leerob"><code>@leerob</code></a>, <a
href="https://github.com/fufuShih"><code>@fufuShih</code></a>, <a
href="https://github.com/dwrth"><code>@dwrth</code></a>, <a
href="https://github.com/aymericzip"><code>@aymericzip</code></a>, <a
href="https://github.com/obendev"><code>@obendev</code></a>, <a
href="https://github.com/molebox"><code>@molebox</code></a>, <a
href="https://github.com/OoMNoO"><code>@OoMNoO</code></a>, <a
href="https://github.com/pontasan"><code>@pontasan</code></a>, <a
href="https://github.com/styfle"><code>@styfle</code></a>, <a
href="https://github.com/HondaYt"><code>@HondaYt</code></a>, <a
href="https://github.com/ryuapp"><code>@ryuapp</code></a>, <a
href="https://github.com/lpalmes"><code>@lpalmes</code></a>, and <a
href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="
|
||
|
dependabot[bot]
|
d11c5a6eab |
build(deps): bump framer-motion from 12.23.18 to 12.23.22 in /website (#10721)
Bumps [framer-motion](https://github.com/motiondivision/motion) from 12.23.18 to 12.23.22. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[12.23.22] 2025-09-25</h2> <h3>Added</h3> <ul> <li>Exporting <code>HTMLElements</code> and <code>useComposedRefs</code> type for internal use.</li> </ul> <h2>[12.23.21] 2025-09-24</h2> <h3>Fixed</h3> <ul> <li>Fixing main-thread <code>scroll</code> with animations that contain <code>delay</code>.</li> </ul> <h2>[12.23.20] 2025-09-24</h2> <h3>Fixed</h3> <ul> <li>Suppress non-animatable value warning for instant animations.</li> </ul> <h2>[12.23.19] 2025-09-23</h2> <h3>Fixed</h3> <ul> <li>Remove support for changing <code>ref</code> prop.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d2249a4898 |
build(deps): bump @next/mdx from 15.5.3 to 15.5.4 in /website (#10729)
Bumps
[@next/mdx](https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx)
from 15.5.3 to 15.5.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases"><code>@next/mdx</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v15.5.4</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>fix: ensure onRequestError is invoked when otel enabled (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83343">#83343</a>)</li>
<li>fix: devtools initial position should be from next config (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83571">#83571</a>)</li>
<li>[devtool] fix overlay styles are missing (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83721">#83721</a>)</li>
<li>Turbopack: don't match dynamic pattern for node_modules packages (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83176">#83176</a>)</li>
<li>Turbopack: don't treat metadata routes as RSC (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/82911">#82911</a>)</li>
<li>[turbopack] Improve handling of symlink resolution errors in
track_glob and read_glob (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83357">#83357</a>)</li>
<li>Turbopack: throw large static metadata error earlier (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/82939">#82939</a>)</li>
<li>fix: error overlay not closing when backdrop clicked (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83981">#83981</a>)</li>
<li>Turbopack: flush Node.js worker IPC on error (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/84077">#84077</a>)</li>
</ul>
<h3>Misc Changes</h3>
<ul>
<li>[CNA] use linter preference (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83194">#83194</a>)</li>
<li>CI: use KV for test timing data (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83745">#83745</a>)</li>
<li>docs: september improvements and fixes (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83997">#83997</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/yiminghe"><code>@yiminghe</code></a>, <a
href="https://github.com/huozhi"><code>@huozhi</code></a>, <a
href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>,
<a href="https://github.com/mischnic"><code>@mischnic</code></a>, <a
href="https://github.com/lukesandberg"><code>@lukesandberg</code></a>,
<a href="https://github.com/ztanner"><code>@ztanner</code></a>, <a
href="https://github.com/icyJoseph"><code>@icyJoseph</code></a>, <a
href="https://github.com/leerob"><code>@leerob</code></a>, <a
href="https://github.com/fufuShih"><code>@fufuShih</code></a>, <a
href="https://github.com/dwrth"><code>@dwrth</code></a>, <a
href="https://github.com/aymericzip"><code>@aymericzip</code></a>, <a
href="https://github.com/obendev"><code>@obendev</code></a>, <a
href="https://github.com/molebox"><code>@molebox</code></a>, <a
href="https://github.com/OoMNoO"><code>@OoMNoO</code></a>, <a
href="https://github.com/pontasan"><code>@pontasan</code></a>, <a
href="https://github.com/styfle"><code>@styfle</code></a>, <a
href="https://github.com/HondaYt"><code>@HondaYt</code></a>, <a
href="https://github.com/ryuapp"><code>@ryuapp</code></a>, <a
href="https://github.com/lpalmes"><code>@lpalmes</code></a>, and <a
href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="
|
||
|
dependabot[bot]
|
51ef2ad353 |
build(deps): bump next from 15.5.3 to 15.5.4 in /website (#10736)
Bumps [next](https://github.com/vercel/next.js) from 15.5.3 to 15.5.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.4</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: ensure onRequestError is invoked when otel enabled (<a href="https://redirect.github.com/vercel/next.js/issues/83343">#83343</a>)</li> <li>fix: devtools initial position should be from next config (<a href="https://redirect.github.com/vercel/next.js/issues/83571">#83571</a>)</li> <li>[devtool] fix overlay styles are missing (<a href="https://redirect.github.com/vercel/next.js/issues/83721">#83721</a>)</li> <li>Turbopack: don't match dynamic pattern for node_modules packages (<a href="https://redirect.github.com/vercel/next.js/issues/83176">#83176</a>)</li> <li>Turbopack: don't treat metadata routes as RSC (<a href="https://redirect.github.com/vercel/next.js/issues/82911">#82911</a>)</li> <li>[turbopack] Improve handling of symlink resolution errors in track_glob and read_glob (<a href="https://redirect.github.com/vercel/next.js/issues/83357">#83357</a>)</li> <li>Turbopack: throw large static metadata error earlier (<a href="https://redirect.github.com/vercel/next.js/issues/82939">#82939</a>)</li> <li>fix: error overlay not closing when backdrop clicked (<a href="https://redirect.github.com/vercel/next.js/issues/83981">#83981</a>)</li> <li>Turbopack: flush Node.js worker IPC on error (<a href="https://redirect.github.com/vercel/next.js/issues/84077">#84077</a>)</li> </ul> <h3>Misc Changes</h3> <ul> <li>[CNA] use linter preference (<a href="https://redirect.github.com/vercel/next.js/issues/83194">#83194</a>)</li> <li>CI: use KV for test timing data (<a href="https://redirect.github.com/vercel/next.js/issues/83745">#83745</a>)</li> <li>docs: september improvements and fixes (<a href="https://redirect.github.com/vercel/next.js/issues/83997">#83997</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/yiminghe"><code>@yiminghe</code></a>, <a href="https://github.com/huozhi"><code>@huozhi</code></a>, <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, <a href="https://github.com/mischnic"><code>@mischnic</code></a>, <a href="https://github.com/lukesandberg"><code>@lukesandberg</code></a>, <a href="https://github.com/ztanner"><code>@ztanner</code></a>, <a href="https://github.com/icyJoseph"><code>@icyJoseph</code></a>, <a href="https://github.com/leerob"><code>@leerob</code></a>, <a href="https://github.com/fufuShih"><code>@fufuShih</code></a>, <a href="https://github.com/dwrth"><code>@dwrth</code></a>, <a href="https://github.com/aymericzip"><code>@aymericzip</code></a>, <a href="https://github.com/obendev"><code>@obendev</code></a>, <a href="https://github.com/molebox"><code>@molebox</code></a>, <a href="https://github.com/OoMNoO"><code>@OoMNoO</code></a>, <a href="https://github.com/pontasan"><code>@pontasan</code></a>, <a href="https://github.com/styfle"><code>@styfle</code></a>, <a href="https://github.com/HondaYt"><code>@HondaYt</code></a>, <a href="https://github.com/ryuapp"><code>@ryuapp</code></a>, <a href="https://github.com/lpalmes"><code>@lpalmes</code></a>, and <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
f39abdfa74 |
chore(website): remove JumpCloud references (#10704)
With the refactoring coming up in #6294 we will be dropping production support for JumpCloud directory sync. In practice, this likely won't be an issue due to the better ergonomics / JIT provisioning that will be offered in the new system. Related: #2701 Related: #6294 Related: #3115 Related: #7834 |
||
|
Jamil
|
9ab599a065 |
chore(website): sla / device limits (#10684)
- Update to 99.9% SLA based on track record and customer feedback. - Mention sane limits of number of connected devices. Related: #10683 |
||
|
Thomas Eizinger
|
80331b4e93 |
feat(gateway): add option for outputting logs as JSON (#10620)
To enable customers to ingest flow logs (#8353) into various SIEMS, outputting structured logs is crucial. |
||
|
dependabot[bot]
|
f9ea98f367 |
build(deps): bump @docsearch/react from 3.9.0 to 4.1.0 in /website (#10670)
Bumps [@docsearch/react](https://github.com/algolia/docsearch/tree/HEAD/packages/docsearch-react) from 3.9.0 to 4.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/algolia/docsearch/releases"><code>@docsearch/react</code>'s releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <h1><a href="https://github.com/algolia/docsearch/compare/v4.0.1...v4.1.0">4.1.0</a> (2025-09-22)</h1> <h3>Bug Fixes</h3> <ul> <li>add docsearch 4 to website (<a href="https://redirect.github.com/algolia/docsearch/issues/2767">#2767</a>) (<a href=" |
||
|
Thomas Eizinger
|
66fcf8734c |
fix(android): handle exceptions when creating a new session (#10667)
The `Session.newAndroid` constructor can throw an exception. Unfortunately, the Kotlin compiler didn't warn us about that and thus, any errors when creating a new session caused the service process to crash. We fix this by wrapping the entire thing in a `try-catch-finally` block. Resolves: #10289 |
||
|
Jamil
|
9d640b52b4 |
feat(website): 09/2025 devlog (#10571)
First in a series of new monthly devlog posts to summarize what we've shipped over the previous month. Intentionally detailed and engineering focused - added a new `Engineering` section to the blog. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Firezone Bot
|
76d86545a6 | chore: publish apple-client 1.5.9 (#10654) | ||
|
dependabot[bot]
|
3c167cb60d |
build(deps-dev): bump eslint-config-next from 15.3.3 to 15.5.3 in /website (#10637)
Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 15.3.3 to 15.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">eslint-config-next's releases</a>.</em></p> <blockquote> <h2>v15.5.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: validation return types of pages API routes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83069">#83069</a>)</li> <li>fix: relative paths in dev in validator.ts (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83073">#83073</a>)</li> <li>fix: remove satisfies keyword from type validation to preserve old TS compatibility (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83071">#83071</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p> <h2>v15.5.1-canary.39</h2> <h3>Core Changes</h3> <ul> <li>[metadata] change the metadata routes params to promises: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83560">#83560</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/huozhi"><code>@huozhi</code></a> for helping!</p> <h2>v15.5.1-canary.38</h2> <h3>Core Changes</h3> <ul> <li>Ignore unhandledRejection events for promises that reject after a React render aborts: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83590">#83590</a></li> <li>Update font data: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83631">#83631</a></li> <li>[dev] Serve static metadata from filesystem: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83460">#83460</a></li> </ul> <h3>Misc Changes</h3> <ul> <li>Turbopack: run NFT unit test: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83233">#83233</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/gnoff"><code>@gnoff</code></a>, <a href="https://github.com/vercel-release-bot"><code>@vercel-release-bot</code></a>, <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, and <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v15.5.1-canary.37</h2> <h3>Core Changes</h3> <ul> <li>Development: Make 'ready in' 195ms faster: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83628">#83628</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/timneutkens"><code>@timneutkens</code></a> for helping!</p> <h2>v15.5.1-canary.36</h2> <h3>Core Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c089930f1b |
build(deps): bump framer-motion from 12.23.12 to 12.23.18 in /website (#10630)
Bumps [framer-motion](https://github.com/motiondivision/motion) from 12.23.12 to 12.23.18. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[12.23.18] 2025-09-19</h2> <h3>Fixed</h3> <ul> <li><code><motion /></code> components now support changing <code>ref</code> prop.</li> </ul> <h2>[12.23.17] 2025-09-19</h2> <h3>Fixed</h3> <ul> <li>Ensure <code>animate()</code> <code>onComplete</code> only fires once, when all values are complete.</li> </ul> <h2>[12.23.16] 2025-09-19</h2> <h3>Fixed</h3> <ul> <li>Fixing <code>ref</code> when passed to a child of <code>AnimatePresence</code> in <code>"popLayout"</code> mode.</li> </ul> <h2>[12.23.15] 2025-09-18</h2> <h3>Fixed</h3> <ul> <li>Fixing <code>export *</code> error in RSC.</li> </ul> <h2>[12.23.14] 2025-09-17</h2> <h3>Fixed</h3> <ul> <li>Fixing types of <code>Reorder.Item</code> and <code>Reorder.Group</code> so incorrect HTML props are correctly flagged.</li> <li>Reverting rehydration of <code>externalRef</code> when it switches.</li> </ul> <h2>[12.23.13] 2025-09-16</h2> <h3>Fixed</h3> <ul> <li>Fixed issue where motion components don't update refs when externalRef changes. The <code>useMotionRef</code> function now properly includes <code>externalRef</code> in the dependency array to ensure ref callbacks update when the external ref changes.</li> </ul> <h3>Changed</h3> <ul> <li>Stopped tracking yarn cache in the repo.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
e24f8cea3b |
build(deps): bump @types/node from 24.3.0 to 24.5.2 in /website (#10628)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.3.0 to 24.5.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
32a00647cf |
build(deps): bump @next/mdx from 15.3.3 to 15.5.3 in /website (#10625)
Bumps [@next/mdx](https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx) from 15.3.3 to 15.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases"><code>@next/mdx</code>'s releases</a>.</em></p> <blockquote> <h2>v15.5.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: validation return types of pages API routes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83069">#83069</a>)</li> <li>fix: relative paths in dev in validator.ts (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83073">#83073</a>)</li> <li>fix: remove satisfies keyword from type validation to preserve old TS compatibility (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83071">#83071</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p> <h2>v15.5.1-canary.39</h2> <h3>Core Changes</h3> <ul> <li>[metadata] change the metadata routes params to promises: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83560">#83560</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/huozhi"><code>@huozhi</code></a> for helping!</p> <h2>v15.5.1-canary.38</h2> <h3>Core Changes</h3> <ul> <li>Ignore unhandledRejection events for promises that reject after a React render aborts: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83590">#83590</a></li> <li>Update font data: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83631">#83631</a></li> <li>[dev] Serve static metadata from filesystem: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83460">#83460</a></li> </ul> <h3>Misc Changes</h3> <ul> <li>Turbopack: run NFT unit test: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83233">#83233</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/gnoff"><code>@gnoff</code></a>, <a href="https://github.com/vercel-release-bot"><code>@vercel-release-bot</code></a>, <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, and <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v15.5.1-canary.37</h2> <h3>Core Changes</h3> <ul> <li>Development: Make 'ready in' 195ms faster: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83628">#83628</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/timneutkens"><code>@timneutkens</code></a> for helping!</p> <h2>v15.5.1-canary.36</h2> <h3>Core Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Firezone Bot
|
9b6ebb01ed | chore: publish android-client 1.5.5 (#10614) | ||
|
Jamil
|
73576922ff |
fix(apple/macos): clean up utun on quit (#10603)
On macOS, because it uses the System Extension packaging type, the lifecycle of the tunnel provider process is not tied directly to connlib's session start and end, but rather managed by the system. The process is likely running at all times, even when the GUI is not open or signed in. The system will start the provider process upon the first IPC call to it, which allocates a `utun` interface. The tricky part is ensuring this interface gets removed when the GUI app quits. Otherwise, it's likely that upon the next launch of the GUI app, the system will allocate a _new_ utun interface, and the old one will linger until the next system reboot. Here's where things get strange. The system will only remove the `utun` interface when stopping the tunnel under the following conditions: - The provider is currently not in a `disconnected` state (so it needs to be in `reasserting`, `connecting`, or `connected` - The GUI side has called `stopTunnel`, thereby invoking the provider's `stopTunnel` override function, or - The provider side has called `cancelTunnelWithError`, or - The `startTunnel`'s completionHandler is called with an `Error` The problem we had is that we make various IPC calls throughout the lifecycle of the GUI app, for example, to gather logs, set tunnel configuration, and the like. If the GUI app was _not_ in a connected state when the user quit, the `utun` would linger, even though we were issuing a final `stopTunnel` upon quit in all circumstances. To fix the issue, we update the dry run `startTunnel` code path we added previously in two ways: 1. We add a `dryRun` error type to the `startTunnel`'s completionHandler 2. We implement the GUI app `applicationShouldTerminate` handler in order to trigger one final dryRun which briefly moves the provider to a connected state so the system will clean us up when its completionHandler is invoked. Tested under the following conditions: - Launch app in a signed-out state -> quit - Launch app in a signed-out state -> sign in -> quit - Launch app in a signed-out state -> sign in -> sign out -> quit - Launch app in a signed-in state -> quit - Launch app in a signed-in state -> sign out -> quit Notably, if the GUI app is killed with `SIGKILL`, our terminate hook is _not_ called, and the utun lingers. We'll have to accept this edge case for now. Along with the above, the janky `consumeStopReason` mechanism has been removed in favor of NE's `cancelTunnelWithError` to pass the error back to the GUI we can then use to show the signed out alert. Fixes #10580 |
||
|
Jamil
|
8a6f60a2ec |
build(deps): bump react from 18 to 19 (#10595)
Bumps the react family from 18 to 19 and fixes one type issue. Supersedes #10081 |
||
|
Jamil
|
bf91021e2e |
docs: update POP map and relay ips for azure (#10293)
Updates our list of potential Relay IPs and the regional map diagram for customer reference. |
||
|
Jamil
|
79a4aeb3a8 |
chore(website): add eslint (#9560)
- [x] Add eslint configured for NextJS - [x] Add lint before build - [x] Fix errors |
||
|
Jamil
|
be3ec74cdb |
chore(website): remove /dev.firezone.firezone.plist (#10594)
This seems to have been added mistakenly in #9233 and can be removed. |
||
|
Firezone Bot
|
5272e0c992 | chore: publish headless-client 1.5.4 (#10590) | ||
|
Firezone Bot
|
f78cccea1b | chore: publish gui-client 1.5.8 (#10591) | ||
|
Firezone Bot
|
e3bb2fb931 | chore: publish gateway 1.4.17 (#10584) | ||
|
dependabot[bot]
|
e30583de37 |
build(deps): bump react-syntax-highlighter from 15.6.1 to 15.6.6 in /website (#10555)
Bumps [react-syntax-highlighter](https://github.com/react-syntax-highlighter/react-syntax-highlighter) from 15.6.1 to 15.6.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/releases">react-syntax-highlighter's releases</a>.</em></p> <blockquote> <h2>v15.6.6</h2> <p>Updated <code>overrides</code> block attempting to solve transitive <code>prismjs</code> dependency issue:</p> <pre><code>"overrides": { "prismjs": "^1.30.0", "refractor": { "prismjs": "^1.30.0" } } </code></pre> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.5...v15.6.6">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.5...v15.6.6</a></p> <h2>v15.6.5</h2> <h2>What's Changed</h2> <ul> <li>Bump elliptic from 6.5.5 to 6.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/576">react-syntax-highlighter/react-syntax-highlighter#576</a></li> <li>Bump ws from 6.2.2 to 6.2.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/574">react-syntax-highlighter/react-syntax-highlighter#574</a></li> <li>Bump express from 4.19.2 to 4.21.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/572">react-syntax-highlighter/react-syntax-highlighter#572</a></li> <li>Bump send and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/571">react-syntax-highlighter/react-syntax-highlighter#571</a></li> <li>Bump cookie and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/570">react-syntax-highlighter/react-syntax-highlighter#570</a></li> <li>Bump serve-static and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/569">react-syntax-highlighter/react-syntax-highlighter#569</a></li> <li>Bump body-parser and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/568">react-syntax-highlighter/react-syntax-highlighter#568</a></li> <li>Add Boemly to the built with section of the readme by <a href="https://github.com/lukasbals"><code>@lukasbals</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/467">react-syntax-highlighter/react-syntax-highlighter#467</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lukasbals"><code>@lukasbals</code></a> made their first contribution in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/467">react-syntax-highlighter/react-syntax-highlighter#467</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.4...v15.6.5">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.4...v15.6.5</a></p> <h2>v15.6.4</h2> <h2>What's Changed</h2> <ul> <li>Override <code>refractor 3.6.0</code>'s <code>prismjs</code> dependency by <a href="https://github.com/simmerer"><code>@simmerer</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/605">react-syntax-highlighter/react-syntax-highlighter#605</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.3...v15.6.4">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.3...v15.6.4</a></p> <h2>v15.6.3</h2> <h2>What's Changed</h2> <ul> <li>fix line count error by <a href="https://github.com/bbbert"><code>@bbbert</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/583">react-syntax-highlighter/react-syntax-highlighter#583</a></li> <li>fix spelling error by <a href="https://github.com/BrianHung"><code>@BrianHung</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/579">react-syntax-highlighter/react-syntax-highlighter#579</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bbbert"><code>@bbbert</code></a> made their first contribution in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/583">react-syntax-highlighter/react-syntax-highlighter#583</a></li> <li><a href="https://github.com/BrianHung"><code>@BrianHung</code></a> made their first contribution in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/579">react-syntax-highlighter/react-syntax-highlighter#579</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.2...v15.6.3">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.2...v15.6.3</a></p> <h2>v15.6.2</h2> <h2>What's Changed</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/blob/master/CHANGELOG.MD">react-syntax-highlighter's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5a13295e59 |
build(deps): bump @next/third-parties from 15.4.4 to 15.5.3 in /website (#10559)
Bumps [@next/third-parties](https://github.com/vercel/next.js/tree/HEAD/packages/third-parties) from 15.4.4 to 15.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases"><code>@next/third-parties</code>'s releases</a>.</em></p> <blockquote> <h2>v15.5.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: validation return types of pages API routes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83069">#83069</a>)</li> <li>fix: relative paths in dev in validator.ts (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83073">#83073</a>)</li> <li>fix: remove satisfies keyword from type validation to preserve old TS compatibility (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83071">#83071</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p> <h2>v15.5.2</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: disable unknownatrules lint rule entirely (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83059">#83059</a>)</li> <li>revert: add ?dpl to fonts in /_next/static/media (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83062">#83062</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v15.5.1</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: aliased navigations should apply scroll handling (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82900">#82900</a>)</li> <li>Turbopack: fix invalid NFT entry with file behind symlink (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82887">#82887</a>)</li> <li>fix: typesafe linking to route handlers and pages API routes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82858">#82858</a>)</li> <li>fix: change "noUnknownAtRules" to "warn" for Biome (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82974">#82974</a>)</li> <li>fix: add path normalization to getRelativePath for Windows (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82918">#82918</a>)</li> <li>feat: add typesafety with config.typedRoutes to redirect() and permanentRedirect() (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82860">#82860</a>)</li> <li>fix: avoid importing types that will be unused (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82856">#82856</a>)</li> <li>fix: update the config.api.responseLimit type (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82852">#82852</a>)</li> <li>fix: update validation return types (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82854">#82854</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a>, <a href="https://github.com/mischnic"><code>@mischnic</code></a>, and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v15.5.1-canary.39</h2> <h3>Core Changes</h3> <ul> <li>[metadata] change the metadata routes params to promises: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83560">#83560</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mariusz Klochowicz
|
31f8f9980b |
chore: Upgrade flowbite-react from 0.10.2 to 0.12.9 (#10572)
Note: For this to work, we swapped to `bundler` for module resolution, which is recommended by TypeScript community. This upgrade addresses breaking changes in flowbite-react 0.12.x including the removal of compound components in favour of simple component imports. Breaking changes addressed: 1. Tailwind CSS configuration - Changed import from 'flowbite-react/tailwind' to 'flowbite-react/plugin/tailwindcss' - Updated plugin API: flowbite.plugin() → flowbite (direct export) - Replaced flowbite.content() with manual path './node_modules/flowbite-react/dist/**/*.js' 2. Component API changes (compound → simple components) - Accordion: Accordion.Panel → AccordionPanel, Accordion.Title → AccordionTitle, etc. - Tabs: Tabs.Item → TabItem - Sidebar: Sidebar.Item → SidebarItem, Sidebar.Items → SidebarItems, etc. - Clipboard: Clipboard.WithIcon → ClipboardWithIcon Additional fixes: - Adjusted clipboard icon positioning (increased top margin from top-2 to top-4) to properly align with code block borders as it was misaligned after the upgrade All components tested and verified working: - Accordion, Tabs, Sidebar, Clipboard, Tooltip, Navbar - Custom theming preserved and functioning correctly - No obvious regressions during side-by-side testing with online version |
||
|
Mariusz Klochowicz
|
8378819621 |
fix(apple): Ensure fetching resource state if already connected (#10567)
Fixes an issue where the Resources menu would not populate when launching the app while already connected by ensuring the initial VPN status triggers the resource loading handler. Fixes #9837 |
||
|
Thomas Eizinger
|
eb75cef467 |
fix(linux): allow LAN access when Internet Resource is on (#10554)
## Context On Linux, we create a dedicated routing table for all routes of the Firezone TUN device, including the `0.0.0.0/0` route. At a minimum, this routing table contains the following if the Internet Resource is active: ``` > ip route show table 539098368 default dev tun-firezone proto static 100.64.0.0/11 dev tun-firezone proto static 100.96.0.0/11 dev tun-firezone proto static 100.100.111.0/24 dev tun-firezone proto static ``` In addition, we also create a routing rule that bypasses this routing table for all packets that are tagged with the `0xfd002021` mark: ``` > ip rule list 0: from all lookup local 32765: not from all fwmark 0xfd002021 lookup 539098368 32766: from all lookup main 32767: from all lookup default ``` Firezone's internal UDP and TCP sockets are tagged with this mark and thus prevent routing loops where our own packets would otherwise get redirected back into the tunnel. Without the Internet Resource active, the rule `from all lookup main` triggers for local LAN traffic and correctly route the traffic out via that interface. For example, on my computer, the Linux kernel created the following route with the `link` scope in the main table: ``` 192.168.188.0/24 dev wlp192s0 proto kernel scope link src 192.168.188.112 metric 600 ``` ## The problem With the Internet Resource active, there is a problem. The default route matches ALL destinations, including those for local LAN destinations which should actually be sent out via a different interface. As a result, local LAN traffic is broken on Linux as soon as the Internet Resource is active. Instead of being sent out via the local interface, these packets get sent to `tun-firezone` where they get forwarded to the Gateway and then dropped because their source IP is not a Firezone Client IP. ## Solution Fixing this is unfortunately non-trivial. The best I could come up with is to create a copy of all link-scoped routes in the Firezone routing table and keep those in sync with all route changes that happen. For example, when we roam, the link-scoped routes obviously change because we join a new subnet. We therefore listen to change-events from netlink and create a debounced task that reads the current link-scoped routes from the main routing table, compares it to the ones in the Firezone table and adds any routes not present. We don't need to worry about removing routes as link-scoped routes automatically disappear once the resulting interface goes away. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Thomas Eizinger
|
4930aa7956 |
feat: allow setting Internet Resource from headless client (#10553)
Currently, the Internet Resource cannot be toggled on/off in the headless client. With #10509, the default state of the Internet Resource is now disabled, meaning users of the headless client are no longer able to use the Internet Resource. We fix this by introducing a new CLI argument `--activate-internet-resource` that can also be set via the env variable `FIREZONE_ACTIVATE_INTERNET_RESOURCE=true`. Resolves: #8342 |