mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
f8430d9cd2fe6f1b1eec4ba77da909913fe4fd08
1018 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jamil
|
9ab599a065 |
chore(website): sla / device limits (#10684)
- Update to 99.9% SLA based on track record and customer feedback. - Mention sane limits of number of connected devices. Related: #10683 |
||
|
Thomas Eizinger
|
80331b4e93 |
feat(gateway): add option for outputting logs as JSON (#10620)
To enable customers to ingest flow logs (#8353) into various SIEMS, outputting structured logs is crucial. |
||
|
dependabot[bot]
|
f9ea98f367 |
build(deps): bump @docsearch/react from 3.9.0 to 4.1.0 in /website (#10670)
Bumps [@docsearch/react](https://github.com/algolia/docsearch/tree/HEAD/packages/docsearch-react) from 3.9.0 to 4.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/algolia/docsearch/releases"><code>@docsearch/react</code>'s releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <h1><a href="https://github.com/algolia/docsearch/compare/v4.0.1...v4.1.0">4.1.0</a> (2025-09-22)</h1> <h3>Bug Fixes</h3> <ul> <li>add docsearch 4 to website (<a href="https://redirect.github.com/algolia/docsearch/issues/2767">#2767</a>) (<a href=" |
||
|
Thomas Eizinger
|
66fcf8734c |
fix(android): handle exceptions when creating a new session (#10667)
The `Session.newAndroid` constructor can throw an exception. Unfortunately, the Kotlin compiler didn't warn us about that and thus, any errors when creating a new session caused the service process to crash. We fix this by wrapping the entire thing in a `try-catch-finally` block. Resolves: #10289 |
||
|
Jamil
|
9d640b52b4 |
feat(website): 09/2025 devlog (#10571)
First in a series of new monthly devlog posts to summarize what we've shipped over the previous month. Intentionally detailed and engineering focused - added a new `Engineering` section to the blog. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Firezone Bot
|
76d86545a6 | chore: publish apple-client 1.5.9 (#10654) | ||
|
dependabot[bot]
|
3c167cb60d |
build(deps-dev): bump eslint-config-next from 15.3.3 to 15.5.3 in /website (#10637)
Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 15.3.3 to 15.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">eslint-config-next's releases</a>.</em></p> <blockquote> <h2>v15.5.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: validation return types of pages API routes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83069">#83069</a>)</li> <li>fix: relative paths in dev in validator.ts (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83073">#83073</a>)</li> <li>fix: remove satisfies keyword from type validation to preserve old TS compatibility (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83071">#83071</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p> <h2>v15.5.1-canary.39</h2> <h3>Core Changes</h3> <ul> <li>[metadata] change the metadata routes params to promises: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83560">#83560</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/huozhi"><code>@huozhi</code></a> for helping!</p> <h2>v15.5.1-canary.38</h2> <h3>Core Changes</h3> <ul> <li>Ignore unhandledRejection events for promises that reject after a React render aborts: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83590">#83590</a></li> <li>Update font data: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83631">#83631</a></li> <li>[dev] Serve static metadata from filesystem: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83460">#83460</a></li> </ul> <h3>Misc Changes</h3> <ul> <li>Turbopack: run NFT unit test: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83233">#83233</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/gnoff"><code>@gnoff</code></a>, <a href="https://github.com/vercel-release-bot"><code>@vercel-release-bot</code></a>, <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, and <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v15.5.1-canary.37</h2> <h3>Core Changes</h3> <ul> <li>Development: Make 'ready in' 195ms faster: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next/issues/83628">#83628</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/timneutkens"><code>@timneutkens</code></a> for helping!</p> <h2>v15.5.1-canary.36</h2> <h3>Core Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c089930f1b |
build(deps): bump framer-motion from 12.23.12 to 12.23.18 in /website (#10630)
Bumps [framer-motion](https://github.com/motiondivision/motion) from 12.23.12 to 12.23.18. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[12.23.18] 2025-09-19</h2> <h3>Fixed</h3> <ul> <li><code><motion /></code> components now support changing <code>ref</code> prop.</li> </ul> <h2>[12.23.17] 2025-09-19</h2> <h3>Fixed</h3> <ul> <li>Ensure <code>animate()</code> <code>onComplete</code> only fires once, when all values are complete.</li> </ul> <h2>[12.23.16] 2025-09-19</h2> <h3>Fixed</h3> <ul> <li>Fixing <code>ref</code> when passed to a child of <code>AnimatePresence</code> in <code>"popLayout"</code> mode.</li> </ul> <h2>[12.23.15] 2025-09-18</h2> <h3>Fixed</h3> <ul> <li>Fixing <code>export *</code> error in RSC.</li> </ul> <h2>[12.23.14] 2025-09-17</h2> <h3>Fixed</h3> <ul> <li>Fixing types of <code>Reorder.Item</code> and <code>Reorder.Group</code> so incorrect HTML props are correctly flagged.</li> <li>Reverting rehydration of <code>externalRef</code> when it switches.</li> </ul> <h2>[12.23.13] 2025-09-16</h2> <h3>Fixed</h3> <ul> <li>Fixed issue where motion components don't update refs when externalRef changes. The <code>useMotionRef</code> function now properly includes <code>externalRef</code> in the dependency array to ensure ref callbacks update when the external ref changes.</li> </ul> <h3>Changed</h3> <ul> <li>Stopped tracking yarn cache in the repo.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
e24f8cea3b |
build(deps): bump @types/node from 24.3.0 to 24.5.2 in /website (#10628)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.3.0 to 24.5.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
32a00647cf |
build(deps): bump @next/mdx from 15.3.3 to 15.5.3 in /website (#10625)
Bumps [@next/mdx](https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx) from 15.3.3 to 15.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases"><code>@next/mdx</code>'s releases</a>.</em></p> <blockquote> <h2>v15.5.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: validation return types of pages API routes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83069">#83069</a>)</li> <li>fix: relative paths in dev in validator.ts (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83073">#83073</a>)</li> <li>fix: remove satisfies keyword from type validation to preserve old TS compatibility (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83071">#83071</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p> <h2>v15.5.1-canary.39</h2> <h3>Core Changes</h3> <ul> <li>[metadata] change the metadata routes params to promises: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83560">#83560</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/huozhi"><code>@huozhi</code></a> for helping!</p> <h2>v15.5.1-canary.38</h2> <h3>Core Changes</h3> <ul> <li>Ignore unhandledRejection events for promises that reject after a React render aborts: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83590">#83590</a></li> <li>Update font data: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83631">#83631</a></li> <li>[dev] Serve static metadata from filesystem: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83460">#83460</a></li> </ul> <h3>Misc Changes</h3> <ul> <li>Turbopack: run NFT unit test: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83233">#83233</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/gnoff"><code>@gnoff</code></a>, <a href="https://github.com/vercel-release-bot"><code>@vercel-release-bot</code></a>, <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, and <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v15.5.1-canary.37</h2> <h3>Core Changes</h3> <ul> <li>Development: Make 'ready in' 195ms faster: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83628">#83628</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/timneutkens"><code>@timneutkens</code></a> for helping!</p> <h2>v15.5.1-canary.36</h2> <h3>Core Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Firezone Bot
|
9b6ebb01ed | chore: publish android-client 1.5.5 (#10614) | ||
|
Jamil
|
73576922ff |
fix(apple/macos): clean up utun on quit (#10603)
On macOS, because it uses the System Extension packaging type, the lifecycle of the tunnel provider process is not tied directly to connlib's session start and end, but rather managed by the system. The process is likely running at all times, even when the GUI is not open or signed in. The system will start the provider process upon the first IPC call to it, which allocates a `utun` interface. The tricky part is ensuring this interface gets removed when the GUI app quits. Otherwise, it's likely that upon the next launch of the GUI app, the system will allocate a _new_ utun interface, and the old one will linger until the next system reboot. Here's where things get strange. The system will only remove the `utun` interface when stopping the tunnel under the following conditions: - The provider is currently not in a `disconnected` state (so it needs to be in `reasserting`, `connecting`, or `connected` - The GUI side has called `stopTunnel`, thereby invoking the provider's `stopTunnel` override function, or - The provider side has called `cancelTunnelWithError`, or - The `startTunnel`'s completionHandler is called with an `Error` The problem we had is that we make various IPC calls throughout the lifecycle of the GUI app, for example, to gather logs, set tunnel configuration, and the like. If the GUI app was _not_ in a connected state when the user quit, the `utun` would linger, even though we were issuing a final `stopTunnel` upon quit in all circumstances. To fix the issue, we update the dry run `startTunnel` code path we added previously in two ways: 1. We add a `dryRun` error type to the `startTunnel`'s completionHandler 2. We implement the GUI app `applicationShouldTerminate` handler in order to trigger one final dryRun which briefly moves the provider to a connected state so the system will clean us up when its completionHandler is invoked. Tested under the following conditions: - Launch app in a signed-out state -> quit - Launch app in a signed-out state -> sign in -> quit - Launch app in a signed-out state -> sign in -> sign out -> quit - Launch app in a signed-in state -> quit - Launch app in a signed-in state -> sign out -> quit Notably, if the GUI app is killed with `SIGKILL`, our terminate hook is _not_ called, and the utun lingers. We'll have to accept this edge case for now. Along with the above, the janky `consumeStopReason` mechanism has been removed in favor of NE's `cancelTunnelWithError` to pass the error back to the GUI we can then use to show the signed out alert. Fixes #10580 |
||
|
Jamil
|
8a6f60a2ec |
build(deps): bump react from 18 to 19 (#10595)
Bumps the react family from 18 to 19 and fixes one type issue. Supersedes #10081 |
||
|
Jamil
|
bf91021e2e |
docs: update POP map and relay ips for azure (#10293)
Updates our list of potential Relay IPs and the regional map diagram for customer reference. |
||
|
Jamil
|
79a4aeb3a8 |
chore(website): add eslint (#9560)
- [x] Add eslint configured for NextJS - [x] Add lint before build - [x] Fix errors |
||
|
Jamil
|
be3ec74cdb |
chore(website): remove /dev.firezone.firezone.plist (#10594)
This seems to have been added mistakenly in #9233 and can be removed. |
||
|
Firezone Bot
|
5272e0c992 | chore: publish headless-client 1.5.4 (#10590) | ||
|
Firezone Bot
|
f78cccea1b | chore: publish gui-client 1.5.8 (#10591) | ||
|
Firezone Bot
|
e3bb2fb931 | chore: publish gateway 1.4.17 (#10584) | ||
|
dependabot[bot]
|
e30583de37 |
build(deps): bump react-syntax-highlighter from 15.6.1 to 15.6.6 in /website (#10555)
Bumps [react-syntax-highlighter](https://github.com/react-syntax-highlighter/react-syntax-highlighter) from 15.6.1 to 15.6.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/releases">react-syntax-highlighter's releases</a>.</em></p> <blockquote> <h2>v15.6.6</h2> <p>Updated <code>overrides</code> block attempting to solve transitive <code>prismjs</code> dependency issue:</p> <pre><code>"overrides": { "prismjs": "^1.30.0", "refractor": { "prismjs": "^1.30.0" } } </code></pre> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.5...v15.6.6">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.5...v15.6.6</a></p> <h2>v15.6.5</h2> <h2>What's Changed</h2> <ul> <li>Bump elliptic from 6.5.5 to 6.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/576">react-syntax-highlighter/react-syntax-highlighter#576</a></li> <li>Bump ws from 6.2.2 to 6.2.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/574">react-syntax-highlighter/react-syntax-highlighter#574</a></li> <li>Bump express from 4.19.2 to 4.21.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/572">react-syntax-highlighter/react-syntax-highlighter#572</a></li> <li>Bump send and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/571">react-syntax-highlighter/react-syntax-highlighter#571</a></li> <li>Bump cookie and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/570">react-syntax-highlighter/react-syntax-highlighter#570</a></li> <li>Bump serve-static and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/569">react-syntax-highlighter/react-syntax-highlighter#569</a></li> <li>Bump body-parser and express by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/568">react-syntax-highlighter/react-syntax-highlighter#568</a></li> <li>Add Boemly to the built with section of the readme by <a href="https://github.com/lukasbals"><code>@lukasbals</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/467">react-syntax-highlighter/react-syntax-highlighter#467</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lukasbals"><code>@lukasbals</code></a> made their first contribution in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/467">react-syntax-highlighter/react-syntax-highlighter#467</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.4...v15.6.5">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.4...v15.6.5</a></p> <h2>v15.6.4</h2> <h2>What's Changed</h2> <ul> <li>Override <code>refractor 3.6.0</code>'s <code>prismjs</code> dependency by <a href="https://github.com/simmerer"><code>@simmerer</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/605">react-syntax-highlighter/react-syntax-highlighter#605</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.3...v15.6.4">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.3...v15.6.4</a></p> <h2>v15.6.3</h2> <h2>What's Changed</h2> <ul> <li>fix line count error by <a href="https://github.com/bbbert"><code>@bbbert</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/583">react-syntax-highlighter/react-syntax-highlighter#583</a></li> <li>fix spelling error by <a href="https://github.com/BrianHung"><code>@BrianHung</code></a> in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/579">react-syntax-highlighter/react-syntax-highlighter#579</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bbbert"><code>@bbbert</code></a> made their first contribution in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/583">react-syntax-highlighter/react-syntax-highlighter#583</a></li> <li><a href="https://github.com/BrianHung"><code>@BrianHung</code></a> made their first contribution in <a href="https://redirect.github.com/react-syntax-highlighter/react-syntax-highlighter/pull/579">react-syntax-highlighter/react-syntax-highlighter#579</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.2...v15.6.3">https://github.com/react-syntax-highlighter/react-syntax-highlighter/compare/v15.6.2...v15.6.3</a></p> <h2>v15.6.2</h2> <h2>What's Changed</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/react-syntax-highlighter/react-syntax-highlighter/blob/master/CHANGELOG.MD">react-syntax-highlighter's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5a13295e59 |
build(deps): bump @next/third-parties from 15.4.4 to 15.5.3 in /website (#10559)
Bumps [@next/third-parties](https://github.com/vercel/next.js/tree/HEAD/packages/third-parties) from 15.4.4 to 15.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases"><code>@next/third-parties</code>'s releases</a>.</em></p> <blockquote> <h2>v15.5.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: validation return types of pages API routes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83069">#83069</a>)</li> <li>fix: relative paths in dev in validator.ts (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83073">#83073</a>)</li> <li>fix: remove satisfies keyword from type validation to preserve old TS compatibility (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83071">#83071</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p> <h2>v15.5.2</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: disable unknownatrules lint rule entirely (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83059">#83059</a>)</li> <li>revert: add ?dpl to fonts in /_next/static/media (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83062">#83062</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v15.5.1</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: aliased navigations should apply scroll handling (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82900">#82900</a>)</li> <li>Turbopack: fix invalid NFT entry with file behind symlink (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82887">#82887</a>)</li> <li>fix: typesafe linking to route handlers and pages API routes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82858">#82858</a>)</li> <li>fix: change "noUnknownAtRules" to "warn" for Biome (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82974">#82974</a>)</li> <li>fix: add path normalization to getRelativePath for Windows (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82918">#82918</a>)</li> <li>feat: add typesafety with config.typedRoutes to redirect() and permanentRedirect() (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82860">#82860</a>)</li> <li>fix: avoid importing types that will be unused (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82856">#82856</a>)</li> <li>fix: update the config.api.responseLimit type (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82852">#82852</a>)</li> <li>fix: update validation return types (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/82854">#82854</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a>, <a href="https://github.com/mischnic"><code>@mischnic</code></a>, and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v15.5.1-canary.39</h2> <h3>Core Changes</h3> <ul> <li>[metadata] change the metadata routes params to promises: <a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/83560">#83560</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mariusz Klochowicz
|
31f8f9980b |
chore: Upgrade flowbite-react from 0.10.2 to 0.12.9 (#10572)
Note: For this to work, we swapped to `bundler` for module resolution, which is recommended by TypeScript community. This upgrade addresses breaking changes in flowbite-react 0.12.x including the removal of compound components in favour of simple component imports. Breaking changes addressed: 1. Tailwind CSS configuration - Changed import from 'flowbite-react/tailwind' to 'flowbite-react/plugin/tailwindcss' - Updated plugin API: flowbite.plugin() → flowbite (direct export) - Replaced flowbite.content() with manual path './node_modules/flowbite-react/dist/**/*.js' 2. Component API changes (compound → simple components) - Accordion: Accordion.Panel → AccordionPanel, Accordion.Title → AccordionTitle, etc. - Tabs: Tabs.Item → TabItem - Sidebar: Sidebar.Item → SidebarItem, Sidebar.Items → SidebarItems, etc. - Clipboard: Clipboard.WithIcon → ClipboardWithIcon Additional fixes: - Adjusted clipboard icon positioning (increased top margin from top-2 to top-4) to properly align with code block borders as it was misaligned after the upgrade All components tested and verified working: - Accordion, Tabs, Sidebar, Clipboard, Tooltip, Navbar - Custom theming preserved and functioning correctly - No obvious regressions during side-by-side testing with online version |
||
|
Mariusz Klochowicz
|
8378819621 |
fix(apple): Ensure fetching resource state if already connected (#10567)
Fixes an issue where the Resources menu would not populate when launching the app while already connected by ensuring the initial VPN status triggers the resource loading handler. Fixes #9837 |
||
|
Thomas Eizinger
|
eb75cef467 |
fix(linux): allow LAN access when Internet Resource is on (#10554)
## Context On Linux, we create a dedicated routing table for all routes of the Firezone TUN device, including the `0.0.0.0/0` route. At a minimum, this routing table contains the following if the Internet Resource is active: ``` > ip route show table 539098368 default dev tun-firezone proto static 100.64.0.0/11 dev tun-firezone proto static 100.96.0.0/11 dev tun-firezone proto static 100.100.111.0/24 dev tun-firezone proto static ``` In addition, we also create a routing rule that bypasses this routing table for all packets that are tagged with the `0xfd002021` mark: ``` > ip rule list 0: from all lookup local 32765: not from all fwmark 0xfd002021 lookup 539098368 32766: from all lookup main 32767: from all lookup default ``` Firezone's internal UDP and TCP sockets are tagged with this mark and thus prevent routing loops where our own packets would otherwise get redirected back into the tunnel. Without the Internet Resource active, the rule `from all lookup main` triggers for local LAN traffic and correctly route the traffic out via that interface. For example, on my computer, the Linux kernel created the following route with the `link` scope in the main table: ``` 192.168.188.0/24 dev wlp192s0 proto kernel scope link src 192.168.188.112 metric 600 ``` ## The problem With the Internet Resource active, there is a problem. The default route matches ALL destinations, including those for local LAN destinations which should actually be sent out via a different interface. As a result, local LAN traffic is broken on Linux as soon as the Internet Resource is active. Instead of being sent out via the local interface, these packets get sent to `tun-firezone` where they get forwarded to the Gateway and then dropped because their source IP is not a Firezone Client IP. ## Solution Fixing this is unfortunately non-trivial. The best I could come up with is to create a copy of all link-scoped routes in the Firezone routing table and keep those in sync with all route changes that happen. For example, when we roam, the link-scoped routes obviously change because we join a new subnet. We therefore listen to change-events from netlink and create a debounced task that reads the current link-scoped routes from the main routing table, compares it to the ones in the Firezone table and adds any routes not present. We don't need to worry about removing routes as link-scoped routes automatically disappear once the resulting interface goes away. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Thomas Eizinger
|
4930aa7956 |
feat: allow setting Internet Resource from headless client (#10553)
Currently, the Internet Resource cannot be toggled on/off in the headless client. With #10509, the default state of the Internet Resource is now disabled, meaning users of the headless client are no longer able to use the Internet Resource. We fix this by introducing a new CLI argument `--activate-internet-resource` that can also be set via the env variable `FIREZONE_ACTIVATE_INTERNET_RESOURCE=true`. Resolves: #8342 |
||
|
dependabot[bot]
|
aaac95a0b6 |
build(deps): bump next from 15.5.2 to 15.5.3 in /website (#10556)
Bumps [next](https://github.com/vercel/next.js) from 15.5.2 to 15.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: validation return types of pages API routes (<a href="https://redirect.github.com/vercel/next.js/issues/83069">#83069</a>)</li> <li>fix: relative paths in dev in validator.ts (<a href="https://redirect.github.com/vercel/next.js/issues/83073">#83073</a>)</li> <li>fix: remove satisfies keyword from type validation to preserve old TS compatibility (<a href="https://redirect.github.com/vercel/next.js/issues/83071">#83071</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
562a140029 |
chore(website): verify firezone.dev for azure (#10544)
This verifies the firezone.dev domain for use in our prod Azure tenant. |
||
|
Thomas Eizinger
|
5b60d9d64d |
fix(gui-client): don't stop service after upgrade on Fedora (#10539)
On Fedora, when a package gets upgraded, the new package is installed first, followed by the uninstall of the old package. As a result, the `prerm` script is called after the `postinst` script of the new package. In our `prerm` script, we stop the tunnel service. On package upgrades, this results in us stopping the tunnel service after installing the new package, confronting the user with an error that the tunnel service is not running. `rpm` passes arguments to these maintenance scripts. In the case of `prerm`, we receive the count of how many other instances of this packages are installed. To fix this bug, we check whether the first argument to the script is "1", meaning that we are being upgraded and should not stop the tunnel service. |
||
|
Thomas Eizinger
|
1140f6ffa3 |
feat(clients): cache DNS responses (#10533)
Firezone Clients set themselves as the system-wide DNS resolver on startup. This is necessary to intercept queries for DNS resources which resolve to proxy IPs whilst Firezone is active. All DNS queries for non-resources are forwarded to either the resolver defined on the system or the ones defined in the portal (if any). These DNS servers can also be CIDR resources in which cases the queries get forwarded through the tunnel to a Gateway. Right now, the responses from these DNS servers are never cached. DNS is pretty heavily relied on on most systems and having DNS fail or be slow usually results in a bad user experience. To improve on this, we embed a small DNS cache into connlib where for each query, we first try to answer it from the cache. Queries otherwise forwarded to the system/upstream resolver or through the tunnel will see a much improved response time with this change. When serving responses from this cache, the TTL is decremented automatically based on how much time has passed since the entry was first added to the cache. Outside of the response time being ~1ms, this makes the cache fully transparent. Resolves: #10508 |
||
|
Thomas Eizinger
|
8fc2ef8ad1 |
fix(clients): set Internet Resource state on startup (#10509)
Building on top of #10507, setting the initial Internet Resource state is a piece of cake. All we need to do is thread a boolean variable through to all call-sites of `Session::connect`. Without the need for the Internet Resource's ID, we can simply pass in the boolean that is saved in the configuration of each client. Resolves: #10255 |
||
|
dependabot[bot]
|
9d37dda8af |
build(deps): bump @mdx-js/loader from 3.1.0 to 3.1.1 in /website (#10515)
Bumps [@mdx-js/loader](https://github.com/mdx-js/mdx/tree/HEAD/packages/loader) from 3.1.0 to 3.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mdx-js/mdx/releases"><code>@mdx-js/loader</code>'s releases</a>.</em></p> <blockquote> <h2>3.1.1</h2> <h4>Fix</h4> <ul> <li>3cad7d7e <code>@mdx-js/mdx</code>: add dependency on <code>acorn</code></li> <li>0dc4472f <code>@mdx-js/esbuild</code>: fix crash with esbuild loader and <code>jsx</code> option by <a href="https://github.com/egnor"><code>@egnor</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2593">mdx-js/mdx#2593</a></li> <li>84ec66ef <code>@mdx-js/esbuild</code>: refactor to improve error conversion in esbuild by <a href="https://github.com/egnor"><code>@egnor</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2595">mdx-js/mdx#2595</a></li> <li>2b3381a8 <code>@mdx-js/rollup</code>: fix support for query parameters in Vite by <a href="https://github.com/markdalgleish"><code>@markdalgleish</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2629">mdx-js/mdx#2629</a></li> </ul> <h4>Types</h4> <ul> <li>933ab444 <code>@mdx-js/mdx</code>: add <code>attributes</code> to export/import declarations</li> </ul> <h4>Docs</h4> <ul> <li>c156a1f6 Add <code>rehype-mdx-toc</code> to list of plugin by <a href="https://github.com/boning-w"><code>@boning-w</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2622">mdx-js/mdx#2622</a></li> <li>913659c8 Add <code>recma-module-to-function</code> to list of plugins by <a href="https://github.com/remcohaszing"><code>@remcohaszing</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2605">mdx-js/mdx#2605</a></li> <li>67fb1d07 Remove unneeded JSX type casting in docs, tests</li> <li>f0d20da8 Remove local use of <code>JSX</code> by <a href="https://github.com/remcohaszing"><code>@remcohaszing</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2604">mdx-js/mdx#2604</a></li> <li>63f39cea Remove references to twitter</li> <li>35ac59dd Refactor some docs regarding recma plugins</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/mdx-js/mdx/compare/3.1.0...3.1.1">https://github.com/mdx-js/mdx/compare/3.1.0...3.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b26af3f60a |
build(deps): bump mixpanel-browser from 2.69.1 to 2.70.0 in /website (#10521)
Bumps [mixpanel-browser](https://github.com/mixpanel/mixpanel-js) from 2.69.1 to 2.70.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mixpanel/mixpanel-js/releases">mixpanel-browser's releases</a>.</em></p> <blockquote> <h2>v2.8.0: misc. improvements</h2> <ul> <li><code>track_links()</code> and <code>track_forms()</code> can now take raw elements or element lists in addition to query selectors</li> <li>add <code>reset()</code> method to handle logout flow (thanks <a href="https://github.com/stefansedich"><code>@stefansedich</code></a>)</li> <li>catch exceptions during <code>_send_request()</code> (thanks <a href="https://github.com/feychenie"><code>@feychenie</code></a>)</li> <li>fix user agent detection/reporting for Chrome iOS and Firefox iOS</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mixpanel/mixpanel-js/blob/master/CHANGELOG.md">mixpanel-browser's changelog</a>.</em></p> <blockquote> <p><strong>2.70.0</strong> (4 Sep 2025)</p> <ul> <li>Feature flags requests now send params on query string with GET instead of POST for easier caching</li> </ul> <p><strong>2.68.0</strong> (11 Aug 2025)</p> <ul> <li>Initial rage-click detection support</li> <li>Block <code><audio></code> tags by default in Session Recording</li> <li>Add <code>flags.update_context()</code> method for updating context variables and refetching variants</li> </ul> <p><strong>2.67.0</strong> (17 Jul 2025)</p> <ul> <li>Use <code>get_api_host()</code> consistently across the SDK</li> <li>Include <code>device_id</code> in default Feature Flag context</li> <li>Track latency props in <code>$experiment_started</code> event</li> <li>Fix async behavior in <code>mixpanel.reset()</code> when a session recording is active</li> <li>Fix recorder integration test race conditions</li> </ul> <p><strong>2.66.0</strong> (8 Jul 2025)</p> <ul> <li>Add <code>api_host</code> configuration option to support different hosts/proxies for different endpoints (thanks <a href="https://github.com/chrisknu"><code>@chrisknu</code></a>)</li> <li>Add types.d.ts from existing public repo</li> <li>Fix race condition when calling <code>mixpanel.reset()</code> while a session recording is active</li> </ul> <p><strong>2.65.0</strong> (20 May 2025)</p> <ul> <li><code>mixpanel.people.track_charge()</code> (deprecated) no longer sets profile property</li> <li>Adds page height and width tracking to autocapture click tracking</li> <li>Session recording now stops when mixpanel.reset() is called</li> <li>Support for adding arbitrary query string params to tracking requests (thanks <a href="https://github.com/dylan-asos"><code>@dylan-asos</code></a>)</li> <li>Feature flagging API revisions</li> <li>Whale Browser detection</li> </ul> <p><strong>2.64.0</strong> (15 Apr 2025)</p> <ul> <li>Add <code>record_heatmap_data</code> init option for Session Recording to ensure click events are captured for Heat Maps</li> <li>Initial support for feature flagging</li> </ul> <p><strong>2.63.0</strong> (1 Apr 2025)</p> <ul> <li>Update rrweb to latest alpha version</li> <li>Refactor SDK build process to rely mainly on Rollup</li> </ul> <p><strong>2.62.0</strong> (26 Mar 2025)</p> <ul> <li>Replace UUID generator with UUIDv4 (using native API when available)</li> <li>Consistently use native JSON serialization when available</li> <li>Fix for session recording idle timeout race condition</li> </ul> <p><strong>2.61.2</strong> (14 Mar 2025)</p> <ul> <li>Revert 10ms throttle on enqueueing events to improve tracking reliability on page unload</li> </ul> <p><strong>2.61.1</strong> (11 Mar 2025)</p> <ul> <li>Session recording stops if initial DOM snapshot fails</li> <li>Errors triggered by rrweb's record function are now caught</li> <li>Fix for issue causing opt-out check error messages in <code>debug</code> mode</li> </ul> <p><strong>2.61.0</strong> (6 Mar 2025)</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/mixpanel/mixpanel-js/commits/v2.70.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
c34d316a7d |
build(deps): bump tailwindcss from 3.4.17 to 3.4.18 in /website (#10520)
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) from 3.4.17 to 3.4.18. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's releases</a>.</em></p> <blockquote> <h2>v3.4.18</h2> <h3>Fixed</h3> <ul> <li>Improve support for raw <code>supports-[…]</code> queries in arbitrary values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13605">#13605</a>)</li> <li>Fix <code>require.cache</code> error when loaded through a TypeScript file in Node 22.18+ (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18665">#18665</a>)</li> <li>Support <code>import.meta.resolve(…)</code> in configs for new enough Node.js versions (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18938">#18938</a>)</li> <li>Allow using newer versions of <code>postcss-load-config</code> for better ESM and TypeScript PostCSS config support with the CLI (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18938">#18938</a>)</li> <li>Remove irrelevant utility rules when matching important classes (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19030">#19030</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md">tailwindcss's changelog</a>.</em></p> <blockquote> <h2>[3.4.18] - 2024-10-01</h2> <h3>Fixed</h3> <ul> <li>Improve support for raw <code>supports-[…]</code> queries in arbitrary values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/13605">#13605</a>)</li> <li>Fix <code>require.cache</code> error when loaded through a TypeScript file in Node 22.18+ (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18665">#18665</a>)</li> <li>Support <code>import.meta.resolve(…)</code> in configs for new enough Node.js versions (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18938">#18938</a>)</li> <li>Allow using newer versions of <code>postcss-load-config</code> for better ESM and TypeScript PostCSS config support with the CLI (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18938">#18938</a>)</li> <li>Remove irrelevant utility rules when matching important classes (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19030">#19030</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/tailwindlabs/tailwindcss/commits/v3.4.18/packages/tailwindcss">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
06f02a809f |
build(deps): bump @mdx-js/react from 3.1.0 to 3.1.1 in /website (#10479)
Bumps [@mdx-js/react](https://github.com/mdx-js/mdx/tree/HEAD/packages/react) from 3.1.0 to 3.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mdx-js/mdx/releases"><code>@mdx-js/react</code>'s releases</a>.</em></p> <blockquote> <h2>3.1.1</h2> <h4>Fix</h4> <ul> <li>3cad7d7e <code>@mdx-js/mdx</code>: add dependency on <code>acorn</code></li> <li>0dc4472f <code>@mdx-js/esbuild</code>: fix crash with esbuild loader and <code>jsx</code> option by <a href="https://github.com/egnor"><code>@egnor</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2593">mdx-js/mdx#2593</a></li> <li>84ec66ef <code>@mdx-js/esbuild</code>: refactor to improve error conversion in esbuild by <a href="https://github.com/egnor"><code>@egnor</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2595">mdx-js/mdx#2595</a></li> <li>2b3381a8 <code>@mdx-js/rollup</code>: fix support for query parameters in Vite by <a href="https://github.com/markdalgleish"><code>@markdalgleish</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2629">mdx-js/mdx#2629</a></li> </ul> <h4>Types</h4> <ul> <li>933ab444 <code>@mdx-js/mdx</code>: add <code>attributes</code> to export/import declarations</li> </ul> <h4>Docs</h4> <ul> <li>c156a1f6 Add <code>rehype-mdx-toc</code> to list of plugin by <a href="https://github.com/boning-w"><code>@boning-w</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2622">mdx-js/mdx#2622</a></li> <li>913659c8 Add <code>recma-module-to-function</code> to list of plugins by <a href="https://github.com/remcohaszing"><code>@remcohaszing</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2605">mdx-js/mdx#2605</a></li> <li>67fb1d07 Remove unneeded JSX type casting in docs, tests</li> <li>f0d20da8 Remove local use of <code>JSX</code> by <a href="https://github.com/remcohaszing"><code>@remcohaszing</code></a> in <a href="https://redirect.github.com/mdx-js/mdx/pull/2604">mdx-js/mdx#2604</a></li> <li>63f39cea Remove references to twitter</li> <li>35ac59dd Refactor some docs regarding recma plugins</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/mdx-js/mdx/compare/3.1.0...3.1.1">https://github.com/mdx-js/mdx/compare/3.1.0...3.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2bc6fb2dea |
build(deps-dev): bump typescript from 5.8.3 to 5.9.2 in /website (#10480)
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.8.3 to 5.9.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/TypeScript/releases">typescript's releases</a>.</em></p> <blockquote> <h2>TypeScript 5.9</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-9/">release announcement</a></p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.9.0%22+is%3Aclosed+">fixed issues query for Typescript 5.9.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.9.1%22+is%3Aclosed+">fixed issues query for Typescript 5.9.1 (RC)</a>.</li> <li><em>No specific changes for TypeScript 5.9.2 (Stable)</em></li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> <h2>TypeScript 5.9 RC</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-9-rc/">release announcement</a></p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.9.0%22+is%3Aclosed+">fixed issues query for Typescript 5.9.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.9.1%22+is%3Aclosed+">fixed issues query for Typescript 5.9.1 (RC)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> <h2>TypeScript 5.9 Beta</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-9-beta/">release announcement</a>.</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=milestone%3A%22TypeScript+5.9.0%22+is%3Aclosed+">fixed issues query for Typescript 5.9.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
a297c6dbbd |
chore: differentiate between shutdown and shut down (#10494)
In a prior code review, CoPilot flagged that we were using the noun "shutdown" as a verb in certain places. Resolves: #10425 |
||
|
dependabot[bot]
|
81ea8af7f3 |
build(deps): bump @types/node from 24.1.0 to 24.3.0 in /website (#10436)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.1.0 to 24.3.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
f7e766f3d7 |
build(deps): bump next from 15.5.0 to 15.5.2 in /website (#10468)
Bumps [next](https://github.com/vercel/next.js) from 15.5.0 to 15.5.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.2</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: disable unknownatrules lint rule entirely (<a href="https://redirect.github.com/vercel/next.js/issues/83059">#83059</a>)</li> <li>revert: add ?dpl to fonts in /_next/static/media (<a href="https://redirect.github.com/vercel/next.js/issues/83062">#83062</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v15.5.1</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: aliased navigations should apply scroll handling (<a href="https://redirect.github.com/vercel/next.js/issues/82900">#82900</a>)</li> <li>Turbopack: fix invalid NFT entry with file behind symlink (<a href="https://redirect.github.com/vercel/next.js/issues/82887">#82887</a>)</li> <li>fix: typesafe linking to route handlers and pages API routes (<a href="https://redirect.github.com/vercel/next.js/issues/82858">#82858</a>)</li> <li>fix: change "noUnknownAtRules" to "warn" for Biome (<a href="https://redirect.github.com/vercel/next.js/issues/82974">#82974</a>)</li> <li>fix: add path normalization to getRelativePath for Windows (<a href="https://redirect.github.com/vercel/next.js/issues/82918">#82918</a>)</li> <li>feat: add typesafety with config.typedRoutes to redirect() and permanentRedirect() (<a href="https://redirect.github.com/vercel/next.js/issues/82860">#82860</a>)</li> <li>fix: avoid importing types that will be unused (<a href="https://redirect.github.com/vercel/next.js/issues/82856">#82856</a>)</li> <li>fix: update the config.api.responseLimit type (<a href="https://redirect.github.com/vercel/next.js/issues/82852">#82852</a>)</li> <li>fix: update validation return types (<a href="https://redirect.github.com/vercel/next.js/issues/82854">#82854</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a>, <a href="https://github.com/mischnic"><code>@mischnic</code></a>, and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v15.5.1-canary.39</h2> <h3>Core Changes</h3> <ul> <li>[metadata] change the metadata routes params to promises: <a href="https://redirect.github.com/vercel/next.js/issues/83560">#83560</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/huozhi"><code>@huozhi</code></a> for helping!</p> <h2>v15.5.1-canary.38</h2> <h3>Core Changes</h3> <ul> <li>Ignore unhandledRejection events for promises that reject after a React render aborts: <a href="https://redirect.github.com/vercel/next.js/issues/83590">#83590</a></li> <li>Update font data: <a href="https://redirect.github.com/vercel/next.js/issues/83631">#83631</a></li> <li>[dev] Serve static metadata from filesystem: <a href="https://redirect.github.com/vercel/next.js/issues/83460">#83460</a></li> </ul> <h3>Misc Changes</h3> <ul> <li>Turbopack: run NFT unit test: <a href="https://redirect.github.com/vercel/next.js/issues/83233">#83233</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
da768d6a70 |
chore(website): remove cust logo (#10464)
Due to contractual obligations |
||
|
Jamil
|
6147110198 |
feat(website): bump max team users to 500 (#10459)
Related: https://app.hubspot.com/live-messages/23723443/inbox/9728566686 |
||
|
dependabot[bot]
|
12986ebbcc |
build(deps): bump mixpanel-browser from 2.67.0 to 2.69.1 in /website (#10443)
Bumps [mixpanel-browser](https://github.com/mixpanel/mixpanel-js) from 2.67.0 to 2.69.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mixpanel/mixpanel-js/releases">mixpanel-browser's releases</a>.</em></p> <blockquote> <h2>rrweb upgrade and stricter disable_persistence</h2> <ul> <li>Upgraded rrweb to use a Mixpanel-maintained fork containing performance fixes from the rrweb team (<a href="https://github.com/mixpanel/rrweb">https://github.com/mixpanel/rrweb</a>)</li> <li>Added additional handling for <code>disable_persistence</code> so that sessionStorage and IndexedDB are not modified</li> <li>Fixed TypeScript imports for custom builds</li> </ul> <h2>Rage-Click detection and other updates</h2> <p>This release adds support for Rage-Click tracking as part of the Autocapture subsystem. It is enabled in the default autocapture config, and can also be controlled explicitly with the <code>rage_click</code> autocapture init option.</p> <p>Other updates include:</p> <ul> <li>Session Recording now blocks <code><audio></code> tags by default</li> <li>A new Feature-Flag method <code>flags.update_context()</code> facilitates updating context variables and refetching variants</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/mixpanel/mixpanel-js/commits">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~jakub.grz">jakub.grz</a>, a new releaser for mixpanel-browser since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
916b9ee51f |
build(deps): bump next from 15.4.7 to 15.5.0 in /website (#10441)
Bumps [next](https://github.com/vercel/next.js) from 15.4.7 to 15.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.0</h2> <h3>Core Changes</h3> <ul> <li>Use and enforce exhaustive switch statements for work unit store: <a href="https://redirect.github.com/vercel/next.js/issues/81577">#81577</a></li> <li>Enable <code>@typescript-eslint/switch-exhaustiveness-check</code> rule: <a href="https://redirect.github.com/vercel/next.js/issues/81583">#81583</a></li> <li>[dynamicIO] use RSC dynamicness to control partial vs complete PPR result: <a href="https://redirect.github.com/vercel/next.js/issues/81627">#81627</a></li> <li>[dynamicIO] Do not use <code>React.unstable_postpone()</code>: <a href="https://redirect.github.com/vercel/next.js/issues/81652">#81652</a></li> <li>feat: new detachable panel UI: <a href="https://redirect.github.com/vercel/next.js/issues/81483">#81483</a></li> <li>Turbopack: content-hash PageLoaderAsset: <a href="https://redirect.github.com/vercel/next.js/issues/81450">#81450</a></li> <li>[segment explorer] fix content overflow styling: <a href="https://redirect.github.com/vercel/next.js/issues/81649">#81649</a></li> <li>Improve reliability of owner stacks for async I/O errors: <a href="https://redirect.github.com/vercel/next.js/issues/81501">#81501</a></li> <li>fix(router): Prevent redirect loop on root data requests with basePath: <a href="https://redirect.github.com/vercel/next.js/issues/81096">#81096</a></li> <li>Ensure custom NextServer config is honored: <a href="https://redirect.github.com/vercel/next.js/issues/81681">#81681</a></li> <li>Fix before interactive incorrectly render css: <a href="https://redirect.github.com/vercel/next.js/issues/81146">#81146</a></li> <li>perf: memorize exclude function in webpack config: <a href="https://redirect.github.com/vercel/next.js/issues/81525">#81525</a></li> <li>Also enforce experimental features when there's no next config file: <a href="https://redirect.github.com/vercel/next.js/issues/81679">#81679</a></li> <li>feat(next/image): warn when <code>images.qualities</code> is undefined: <a href="https://redirect.github.com/vercel/next.js/issues/81690">#81690</a></li> <li>feat(build): optimize filterUniqueParamsCombinations to generate sub-combinations: <a href="https://redirect.github.com/vercel/next.js/issues/81321">#81321</a></li> <li>Update NextAdapter type and re-export: <a href="https://redirect.github.com/vercel/next.js/issues/81692">#81692</a></li> <li>upgrade to path-to-regexp@6.3.0: <a href="https://redirect.github.com/vercel/next.js/issues/80123">#80123</a></li> <li>[metadata] replace for initial body icon case: <a href="https://redirect.github.com/vercel/next.js/issues/81688">#81688</a></li> <li>[segment explorer] remove dev panel ui flag: <a href="https://redirect.github.com/vercel/next.js/issues/81670">#81670</a></li> <li>Simplify running test apps locally with <code>ppr</code> or <code>dynamicIO</code> enabled: <a href="https://redirect.github.com/vercel/next.js/issues/81668">#81668</a></li> <li>[turbopack] Return cached Promise from <code>__turbopack_load_by_url__ </code>: <a href="https://redirect.github.com/vercel/next.js/issues/81663">#81663</a></li> <li>Upgrade React from <code>97cdd5d3-20250710</code> to <code>2f0e7e57-20250715</code>: <a href="https://redirect.github.com/vercel/next.js/issues/81678">#81678</a></li> <li>Delete unused <code>renderToString</code> function: <a href="https://redirect.github.com/vercel/next.js/issues/81707">#81707</a></li> <li>Discard prerendered route handler data from FS cache after revalidation: <a href="https://redirect.github.com/vercel/next.js/issues/81611">#81611</a></li> <li>Upgrade React from <code>2f0e7e57-20250715</code> to <code>d85ec5f5-20250716</code>: <a href="https://redirect.github.com/vercel/next.js/issues/81708">#81708</a></li> <li>Ignore pending revalidations during prerendering: <a href="https://redirect.github.com/vercel/next.js/issues/81621">#81621</a></li> <li>[turbopack] Clear chunk cache on HMR instead of creating new <code>next-server</code> VM: <a href="https://redirect.github.com/vercel/next.js/issues/81664">#81664</a></li> <li>fix: rootParams should throw in client when fallbackParams are not present: <a href="https://redirect.github.com/vercel/next.js/issues/81711">#81711</a></li> <li>perf(build): optimize buildAppStaticPaths performance and add helper function: <a href="https://redirect.github.com/vercel/next.js/issues/81386">#81386</a></li> <li>Turbopack: Support string without options for <code>@next/mdx</code>: <a href="https://redirect.github.com/vercel/next.js/issues/81713">#81713</a></li> <li>[Segment Cache] Support dynamic head prefetching: <a href="https://redirect.github.com/vercel/next.js/issues/81677">#81677</a></li> <li>[sourcemaps] Consistent cursor columns: <a href="https://redirect.github.com/vercel/next.js/issues/81375">#81375</a></li> <li>fix: revert client segment route changes for sub shell generation: <a href="https://redirect.github.com/vercel/next.js/issues/81731">#81731</a></li> <li>fix: pages router metadata bugs with React 19: <a href="https://redirect.github.com/vercel/next.js/issues/81733">#81733</a></li> <li>Improve error handling for <code>headers</code>/<code>cookies</code>/<code>draftMode</code> in <code>'use cache'</code>: <a href="https://redirect.github.com/vercel/next.js/issues/81716">#81716</a></li> <li>[devtool] fix duplicate rendered indicator on server: <a href="https://redirect.github.com/vercel/next.js/issues/81729">#81729</a></li> <li>[devtool] enable segment explorer by default: <a href="https://redirect.github.com/vercel/next.js/issues/81737">#81737</a></li> <li>[turbopack] Stop exposing globals from Turbopack runtime: <a href="https://redirect.github.com/vercel/next.js/issues/81727">#81727</a></li> <li>Remove unnecessary await: <a href="https://redirect.github.com/vercel/next.js/issues/81761">#81761</a></li> <li>[chore] bump zod to latest v3: <a href="https://redirect.github.com/vercel/next.js/issues/81757">#81757</a></li> <li>feat(turbopack): Log anonymized internal error (panic) information to telemetry: <a href="https://redirect.github.com/vercel/next.js/issues/81272">#81272</a></li> <li>fix: revert client segment route changes for sub shell generation: <a href="https://redirect.github.com/vercel/next.js/issues/81740">#81740</a></li> <li>bugfix: static resources staleTime should be renewed once refetched: <a href="https://redirect.github.com/vercel/next.js/issues/81771">#81771</a></li> <li>[devtool] move font styling to global.css: <a href="https://redirect.github.com/vercel/next.js/issues/81782">#81782</a></li> <li>[devtool] copy decoded info of error details: <a href="https://redirect.github.com/vercel/next.js/issues/81735">#81735</a></li> <li>fix(build): add sourcePage context for PPR dynamic route lambda creation: <a href="https://redirect.github.com/vercel/next.js/issues/81781">#81781</a></li> <li>refactor: rename experimental.dynamicIO to experimental.cacheComponents: <a href="https://redirect.github.com/vercel/next.js/issues/81562">#81562</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
aa68029a33 |
feat(gateway): use hickory resolver to resolve A/AAAA queries (#10373)
At present, the Gateway performs DNS resolution for A & AAAA queries via `libc`. The `resolve` system call only provides us with the resolved IPs but not any of the metadata around the query such as TTL. As a result, we can only cache DNS queries for a static amount of time, currently 30s. It would be more correct to cache them for their TTL instead. To do so, we re-introduce `hickory-resolver` to our codebase. Deliberately, we only use it for resolving A and AAAA records on the Gateway for now. DNS resolution for SRV & TXT records happens one layer below and uses the same infrastructure as DNS resolution on the Client. Merging this is difficult however because the Gateway still supports the control protocol of 1.3.x clients. That one requires DNS resolution prior to setting up the connection of DNS resources which means it needs to happen in the event-loop of the Gateway binary and cannot be moved into the `Tunnel` where DNS resolution for Client and SRV/TXT records happen. Once we can drop support for 1.3.x clients, this Gateway's event-loop will simplify drastically which will allow us to refactor this to a more unified approach of DNS resolution. Until then, we can at least fix the hardcoded TTL by using `hickory-resolver` in the event-loop. The functionality is guarded behind a feature-flag which - as usual - is off by default (i.e. for as long as we haven't fetched the flags). The feature flag is already configured to `true` for staging and production so we can test the new behaviour. Resolves: #8232 Related: #10385 |
||
|
Firezone Bot
|
8f46007674 | chore: publish android-client 1.5.4 (#10374) | ||
|
Jamil
|
f2ff5dfeca |
fix(android): launch auth in CustomTab (#10371)
Unfortunately, Firefox on Android seems to have a bug where it only allows one tab to intercept the custom URI scheme handler for our auth redirect. This causes an issue where the first sign in works, but subsequent ones do not because that first tab is still open. Luckily the fix here is quite simple. By using Android's CustomTabs to launch the activity, only one, sandboxed instance is ever open and the URI intercept works reliably. Both Firefox and Chrome (and likely other browsers) support CustomTabs, which means the user's default browser is used, allowing cookies, password managers, etc to be used. Related to this, this PR also fixes a bug where dismissing the launched auth flow would result in it immediately relaunching, making it impossible to get back to the app unless you force quit or complete the sign in process. Fixes #10318 |
||
|
Thomas Eizinger
|
3e6094af8d |
feat(linux): try to set rmem_max and wmem_max on startup (#10349)
The default send and receive buffer sizes on Linux are too small (only ~200 KB). Checking `nstat` after an iperf run revealed that the number of dropped packets in the first interval directly correlates with the number of receive buffer errors reported by `nstat`. We already try to increase the send and receive buffer sizes for our UDP socket but unfortunately, we cannot increase them beyond what the system limits them to. To workaround this, we try to set `rmem_max` and `wmem_max` during startup of the Linux headless client and Gateway. This behaviour can be disabled by setting `FIREZONE_NO_INC_BUF=true`. This doesn't work in Docker unfortunately, so we set the values manually in the CI perf tests and verify after the test that we didn't encounter any send and receive buffer errors. It is yet to be determined how we should deal with this problem for all the GUI clients. See #10350 as an issue tracking that. Unfortunately, this doesn't fix all packet drops during the first iperf interval. With this PR, we now see packet drops on the interface itself. |
||
|
Thomas Eizinger
|
7222167b13 |
fix(connlib): limit the number of optimistic candidates (#10367)
To facilitate direct connections, `connlib` generates "optimistic" candidates that combine the port of the host candidate with the IP of the server-reflexive candidate. This allows sysadmins to port-forward the Firezone port 52625 on the Gateway, allowing for direct connections to happen behind symmetric NAT. This feature is only really useful for IPv4 as IPv6 doesn't need symmetric NAT due to the larger address space. It is also quite common that users have multiple IPv6 addresses on a single interface. The combination of the two can result in CPU spikes on the Gateway if a client connects and sends over e.g. 10 IPv6 host candidates and various IPv6 server-reflexive candidates. The Gateway then ends up in a loop where it creates an NxM matrix of all these candidates. To mitigate this, we disable optimistic candidates for IPv6 altogether and limit the number of IPv4 optimistic candidates to 2. |
||
|
Thomas Eizinger
|
a251383edb |
docs: update Gateway sizing recommendations (#10362)
Resolves: #8769 |
||
|
Jamil
|
bbe8916944 |
fix(website): clarify pentest report (#10332)
It needs to be clarified that we do not provide these services and instead offer only our reports. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Firezone Bot
|
d8079c869f | chore: publish apple-client 1.5.8 (#10323) |