Several aspects of the Gateway's Debian package depend on `systemd`
being present. Without it, we don't have the necessary users and files
in place for the Gateway to function. With that specified, we can fail
the `postinst` script (and therefore the installation) if anything in
there goes wrong.
By checking various environment variables, we can automatically add the
current user to the `firezone-client` group which allows them to connect
to the IPC socket of the tunnel process. Unfortunately, they still have
to create a new login session / reboot for that to be reflected.
The docs update for this will follow once we have cut a release with
this code in it.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Prompted by Xcode warning at project startup.
Most of the changes are simple migrations from entitlements files
to build settings, which is the recommended approach, and were done
automatically by Xcode.
new settings:
- REGISTER_APP_GROUPS - Automatically registers app groups with
provisioning
profile (I had to set this manually when setting up, so it's a welcome
change)
- STRING_CATALOG_GENERATE_SYMBOLS - type-safe localization (no
regression, we're not doing any localization currently)
- ENABLE_USER_SCRIPT_SANDBOXING - sandboxing all the build scripts
Note: I had to turn off the recommended `ENABLE_USER_SCRIPT_SANDBOXING`
as it
would interfere with our building of connlib during the build.
Also: make Makefile more ergonomic to use (setup LSP config during first
build)
For DNS resources, the Gateway maintains a per-peer NAT table from the
client-assigned proxy IPs to the real IPs of the domain. Whenever the
Client re-queries a DNS resource domain locally, we asynchronously ping
the Gateway to also re-query said domain. This allows us to detect
changes in the DNS records of DNS resources.
To avoid breaking existing connections, the mapping between proxy IPs
and real IPs is currently not updated if there are any active UDP or TCP
flows for a proxy IP.
This logic turns out to be unnecessarily restrictive as TCP flows can
linger around for up to 2h before they timeout if they are not closed
with a TCP RST. What we really need to do is always update the mapping
of proxy IP <> real IP but honor existing NAT table entries when we
route packets before creating new ones. This ensures that an existing
connection to a previously resolved IP remains intact, even if a later
DNS response for the same domain updates the mapping. At the same time,
new connections (i.e. with a different source port) will immediately use
the new destination IP.
Refactors IPCClient from an actor to a stateless enum with static
methods, removing unnecessary actor isolation and instance management.
- IPCClient: Actor → enum with static methods taking session parameter
- Store: Removed IPCClient instance caching, added resource list caching
- Store: Moved resource fetching logic from IPCClient into Store
- All call sites: Updated to pass session directly to static methods
Store now directly manages resource list hashing and caching via
fetchResources() method, using SHA256 hash optimisation to avoid
redundant updates when resource lists haven't changed.
Enables SWIFT_APPROACHABLE_CONCURRENCY build setting which activates
a few key Swift 6.2 concurrency features, including:
1. NonisolatedNonsendingByDefault - Makes nonisolated async functions
run
on the caller's executor instead of the global executor, providing
more predictable performance and behaviour
2. InferIsolatedConformances - Protocol conformances automatically
inherit global actor isolation, reducing annotation burden
Read more:
https://www.donnywals.com/what-is-approachable-concurrency-in-xcode-26/
Also bumps swift-tools-version from 6.0 to 6.2 in Package.swift to
enable newer Package Manager manifest APIs.
As a result of better type inference, removes 1 redundant @Sendable
annotation in Store.swift:
- vpnStatusChangeHandler: @MainActor closures are implicitly Sendable
This PR upgrades the Swift client from Swift 5 to Swift 6.2, addressing
all
concurrency-related warnings and runtime crashes that come with Swift
6's
strict concurrency checking.
## Swift 6 Concurrency Primer
**`actor`** - A new reference type that provides thread-safe, serialised
access to mutable state. Unlike classes, actors ensure that only one
piece of
code can access their mutable properties at a time. Access to actor
methods/properties requires await and automatically hops to the actor's
isolated executor.
**`@MainActor`** - An attribute that marks code to run on the main
thread.
Essential for UI updates and anything that touches UIKit/AppKit. When a
class/function is marked @MainActor, all its methods and properties
inherit
this isolation.
**`@Sendable`** - A protocol indicating that a type can be safely passed
across concurrency domains (between actors, tasks, etc.). Value types
(structs, enums) with Sendable stored properties are automatically
Sendable.
Reference types (classes) need explicit @unchecked Sendable if they
manage
thread-safety manually.
**`nonisolated`** - Opts out of the containing type's actor isolation.
For
example, a nonisolated method in a @MainActor class can be called from
any
thread without await. Useful for static methods or thread-safe
operations.
**`@concurrent`** - Used on closure parameters in delegate methods.
Indicates
the closure may be called from any thread, preventing the closure from
inheriting the surrounding context's actor isolation. Critical for
callbacks
from system frameworks that call from background threads.
**Data Races** - Swift 6 enforces at compile-time (and optionally at
runtime)
that mutable state cannot be accessed concurrently from multiple
threads. This
eliminates entire classes of bugs that were previously only caught
through
testing or production crashes.
## Swift Language Upgrade
- **Bump Swift 5 → 6.2**: Enabled strict concurrency checking throughout
the
codebase
- **Enable ExistentialAny (SE-0335)**: Adds compile-time safety by
making
protocol type erasure explicit (e.g., any Protocol instead of implicit
Protocol)
- **Runtime safety configuration**: Added environment variables to log
concurrency violations during development instead of crashing, allowing
gradual migration
## Concurrency Fixes
### Actor Isolation
- **TelemetryState actor** (Telemetry.swift:10): Extracted mutable
telemetry
state into a dedicated actor to eliminate data races from concurrent
access
- **SessionNotification @MainActor isolation**
(SessionNotification.swift:25):
Properly isolated the class to MainActor since it manages UI-related
callbacks
- **IPCClient caching** (IPCClient.swift): Fixed actor re-entrance
issues and
resource hash-based optimisation by caching the client instance in Store
### Thread-Safe Callbacks
- **WebAuthSession @concurrent delegate** (WebAuthSession.swift:46): The
authentication callback is invoked from a background thread by
ASWebAuthenticationSession. Marked the wrapper function as @concurrent
to
prevent MainActor inference on the completion handler closure, then
explicitly hopped back to MainActor for the session.start() call. This
fixes EXC_BAD_INSTRUCTION crashes at _dispatch_assert_queue_fail.
- **SessionNotification @concurrent delegate**
(SessionNotification.swift:131): Similarly marked the notification
delegate
method as @concurrent and used Task { @MainActor in } to safely invoke
the
MainActor-isolated signInHandler
### Sendable Conformances
- Added Sendable to Resource, Site, Token, Configuration, and other
model
types that are passed between actors and tasks
- **LogWriter immutability** (Log.swift): Made jsonData immutable to
prevent
capturing mutable variables in @Sendable closures
### Nonisolated Methods
- **Static notification display** (SessionNotification.swift:73): Marked
showSignedOutNotificationiOS() as nonisolated since it's called from the
Network Extension (different process) and only uses thread-safe APIs
Fixes#10674Fixes#10675
Firezone's ability to tunnel all traffic on a particular Client (i.e.
the Internet Resource) means we have to ensure that traffic originating
from within the Firezone process does not get routed back into the
tunnel. On MacOS and iOS, this is automatically taken care of for us. On
all other platforms, we need to take steps to prevent these routing
loops.
This functionality is abstracted away using our `SocketFactory`. A
socket created with such a factory is guaranteed to route its traffic
outside of the tunnel. These sockets are used for the WebSocket
connection to the portal, as well as for recursive UDP and TCP DNS
queries.
In order to support DoH, we need to also be able to send HTTPS requests
without causing packet loops.
This PR adds a new crate `http-client` that does exactly that. It
composes together `hyper` and `rustls` such that the configured
`SocketFactory` is used to create the TCP socket for the underlying
HTTP2 connection. Consequently, HTTPS requests made with this library
will automatically be routed outside of the tunnel, assuming the
`SocketFactory` is adequately configured.
Right now, this crate just stands by itself. It will be integrated into
connlib at a later point.
Resolves: #10774
Related: #4668
Related: #10272
DNS servers are standarised to be contacted on port 53. This is also
hard-coded within `connlib` when we contact an upstream server. As such,
we should disallow users inputting any custom port for upstream DNS
servers. Luckily - or perhaps because it doesn't presently work - no
users in production have actually put in a port.
Resolves: #8330
Within Firezone, there are multiple components that deal with DNS
queries. Two of those components are the `l4-udp-dns-server` and
`l4-tcp-dns-server`. Both of them are responsible for receiving DNS
queries on layer 4, i.e. UDP or TCP. In other words, they do _not_
operate on an IP level (which would be layer 3) but instead use
`UdpSocket` and `TcpListener` to receive queries and sent back
responses.
Right now, the interfaces of these crates are designed for the usecase
of receiving forwarded DNS queries from the CLient on the Gateway's TUN
device. This is a special-case of DNS resolution. When receiving a TXT
or SRV query for a domain that is covered by a DNS resources, Firezone
Client's will forward that query to the corresponding Gateway and
resolve it in its network context. SRV and TXT records are commonly used
for service discovery and as such, should be resolved in the network
context of the service, i.e. the site that assigned to the resource.
For that usecase, it made sense to allow each DNS server to listen on 1
IPv4 and 1 IPv6 address. Since then, our event-loop has evolved a bit,
being able to handle multiple inputs at once. As such, we can simplify
the API of these crates to only listen on a single address and instead
create multiple instances of them inside `Io`. Depending on how the
design of our DNS implementation for the Clients evolves, this may be
used to listen on multiple IPs later (e.g. from the `127.0.0.0/8`
subnet).
Related: #8263
Right now, connlib hands out a `BiMap` of sentinel IPs <> upstream
servers whenever it emits a `TunInterfaceUpdated` event. This `BiMap`
internally uses two `HashMap`s. The iteration order of `HashMap`s is
non-deterministic and therefore, we lose the order in which the upstream
/ system resolvers have been passed to us originally.
To prevent that, we now emit a dedicated `DnsMapping` type that does not
expose its internal data structure but only getters for retrieving the
sentinel and upstream servers. Internally, it uses a `Vec` to store this
mapping and thus retains the original order. This is asserted as part of
our proptests by comparing the resulting `Vec`s.
This fix is preceded by a few refactorings that encapsulate the code for
creating and updating this DNS mapping.
Resolves: #8439
With #8263, we will stop receiving UDP and TCP DNS queries on the tunnel
but use regular sockets instead. This means that for UDP DNS queries
that need to be sent _through_ the tunnel, we actually need to make new
IP packets again. For TCP, we already have a crate that does this for us
because there, we need to manage an entire TCP stack.
For UDP, the story is a bit simpler but there are still a few things
involved. In particular, we need to set a source address for the packets
and we need to sample a new random port for each query.
The crate added in this PR does exactly that. It is not yet used
anywhere but split out into a separate PR to reduce the reviewing burden
of the larger refactor.
Related: #8263
Related: #10758
On Ubuntu, this should be the default anyway and already be installed
but to be correct, we should list this dependency in the `depends`
section of our `.deb`. That way, it will automatically get installed
again if a user chooses to install the GUI client from our repository
and doesn't have `systemd-resolved` installed.
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.14.0 to
3.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jonasbb/serde_with/releases">serde_with's
releases</a>.</em></p>
<blockquote>
<h2>serde_with v3.15.0</h2>
<h3>Added</h3>
<ul>
<li>
<p>Added error inspection to <code>VecSkipError</code> and
<code>MapSkipError</code> by <a
href="https://github.com/michelhe"><code>@michelhe</code></a> (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/878">#878</a>)
This allows interacting with the previously hidden error, for example
for logging.
Checkout the newly added example to both types.</p>
</li>
<li>
<p>Allow documenting the types generated by <code>serde_conv!</code>.
The <code>serde_conv!</code> macro now acceps outer attributes before
the optional visibility modifier.
This allow adding doc comments in the shape of <code>#[doc =
"..."]</code> or any other attributes, such as lint
modifiers.</p>
<pre lang="rust"><code>serde_conv!(
#[doc = "Serialize bools as string"]
#[allow(dead_code)]
pub BoolAsString,
bool,
|x: &bool| ::std::string::ToString::to_string(x),
|x: ::std::string::String| x.parse()
);
</code></pre>
</li>
<li>
<p>Add support for <code>hashbrown</code> v0.16 (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/877">#877</a>)</p>
<p>This extends the existing support for <code>hashbrown</code> v0.14
and v0.15 to the newly released version.</p>
</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Bump MSRV to 1.76, since that is required for <code>toml</code>
dev-dependency.</li>
</ul>
<h2>serde_with v3.14.1</h2>
<h3>Fixed</h3>
<ul>
<li>Show macro expansion in the docs.rs generated rustdoc.
Since macros are used to generate trait implementations, this is useful
to understand the exact generated code.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ea38dce3a6"><code>ea38dce</code></a>
Bump version to 3.15.0 (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/892">#892</a>)</li>
<li><a
href="a3da8e643f"><code>a3da8e6</code></a>
Bump version to 3.15.0</li>
<li><a
href="c36e692de3"><code>c36e692</code></a>
Bump dev-dependencies (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/891">#891</a>)</li>
<li><a
href="ae8466dd31"><code>ae8466d</code></a>
Bump dev-dependencies</li>
<li><a
href="f7337ff7ec"><code>f7337ff</code></a>
Support <code>serde_core</code> and remove dependencies on
<code>serde_derive</code> (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/889">#889</a>)</li>
<li><a
href="c1d73b3c31"><code>c1d73b3</code></a>
Replace serde with serde_core in all files</li>
<li><a
href="320d292f23"><code>320d292</code></a>
Remove dependency on serde_derive</li>
<li><a
href="dca6df8083"><code>dca6df8</code></a>
Remove version-sync crate and reimplement needed functionality with
regex and...</li>
<li><a
href="6c6e53f0b1"><code>6c6e53f</code></a>
Remove version-sync crate and reimplement needed functionality with
regex and...</li>
<li><a
href="f64ea4035c"><code>f64ea40</code></a>
Add support for <code>hashbrown</code> v0.16 (<a
href="https://redirect.github.com/jonasbb/serde_with/issues/888">#888</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jonasbb/serde_with/compare/v3.14.0...v3.15.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[gat-lending-iterator](https://github.com/Crazytieguy/gat-lending-iterator)
from 0.1.6 to 0.1.7.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Crazytieguy/gat-lending-iterator/commits/v0.1.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps com.google.firebase.appdistribution from 5.1.1 to 5.2.0.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps com.google.firebase:firebase-bom from 34.4.0 to 34.5.0.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Rust 1.91 has been released and brings with it a few new lints that we
need to tidy up. In addition, it also stabilizes `BTreeMap::extract_if`:
A really nifty std-lib function that allows us to conditionally take
elements from a map. We need that in a bunch of places.
Bumps the sentry group in /rust with 2 updates:
[sentry](https://github.com/getsentry/sentry-rust) and
[sentry-tracing](https://github.com/getsentry/sentry-rust).
Updates `sentry` from 0.42.0 to 0.43.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-rust/releases">sentry's
releases</a>.</em></p>
<blockquote>
<h2>0.43.0</h2>
<h3>Breaking changes</h3>
<ul>
<li>ref(tracing): rework tracing to Sentry span name/op conversion (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>The <code>tracing</code> integration now uses the tracing span name
as the Sentry span name by default.</li>
<li>Before this change, the span name would be set based on the
<code>tracing</code> span target
(<code><module>::<function></code> when using the
<code>tracing::instrument</code> macro).</li>
<li>The <code>tracing</code> integration now uses <code><span
target>::<span name></code> as the default Sentry span op (i.e.
<code><module>::<function></code> when using
<code>tracing::instrument</code>).</li>
<li>Before this change, the span op would be set based on the
<code>tracing</code> span name.</li>
<li>Read below to learn how to customize the span name and op.</li>
<li>When upgrading, please ensure to adapt any queries, metrics or
dashboards to use the new span names/ops.</li>
</ul>
</li>
<li>ref(tracing): use standard code attributes (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/899">#899</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>Logs now carry the attributes <code>code.module.name</code>,
<code>code.file.path</code> and <code>code.line.number</code>
standardized in OTEL to surface the respective information, in contrast
with the previously sent <code>tracing.module_path</code>,
<code>tracing.file</code> and <code>tracing.line</code>.</li>
</ul>
</li>
<li>fix(actix): capture only server errors (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/877">#877</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>The Actix integration now properly honors the
<code>capture_server_errors</code> option (enabled by default),
capturing errors returned by middleware only if they are server errors
(HTTP status code 5xx).</li>
<li>Previously, if a middleware were to process the request after the
Sentry middleware and return an error, our middleware would always
capture it and send it to Sentry, regardless if it was a client, server
or some other kind of error.</li>
<li>With this change, we capture errors returned by middleware only if
those errors can be classified as server errors.</li>
<li>There is no change in behavior when it comes to errors returned by
services, in which case the Sentry middleware only captures server
errors exclusively.</li>
</ul>
</li>
<li>fix: send trace origin correctly (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/906">#906</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li><code>TraceContext</code> now has an additional field
<code>origin</code>, used to report which integration created a
transaction.</li>
</ul>
</li>
</ul>
<h3>Behavioral changes</h3>
<ul>
<li>feat(tracing): send both breadcrumbs and logs by default (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/878">#878</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>If the <code>logs</code> feature flag is enabled, and
<code>enable_logs: true</code> is set on your client options, the
default Sentry <code>tracing</code> layer now sends logs for all events
at or above INFO.</li>
</ul>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>
<p>ref(tracing): rework tracing to Sentry span name/op conversion (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a></p>
<ul>
<li>Additional special fields have been added that allow overriding
certain data on the Sentry span:
<ul>
<li><code>sentry.op</code>: override the Sentry span op.</li>
<li><code>sentry.name</code>: override the Sentry span name.</li>
<li><code>sentry.trace</code>: given a string matching a valid
<code>sentry-trace</code> header (sent automatically by client SDKs),
continues the distributed trace instead of starting a new one. If the
value is not a valid <code>sentry-trace</code> header or a trace is
already started, this value is ignored.</li>
</ul>
</li>
<li><code>sentry.op</code> and <code>sentry.name</code> can also be
applied retroactively by declaring fields with value
<code>tracing::field::Empty</code> and then recorded using
<code>tracing::Span::record</code>.</li>
<li>Example usage:
<pre lang="rust"><code>#[tracing::instrument(skip_all, fields(
sentry.op = "http.server",
sentry.name = "GET /payments",
sentry.trace =
headers.get("sentry-trace").unwrap_or(&"".to_owned()),
))]
async fn handle_request(headers: std::collections::HashMap<String,
String>) {
// ...
}
</code></pre>
</li>
<li>Additional attributes are sent along with each span by default:
<ul>
<li><code>sentry.tracing.target</code>: corresponds to the
<code>tracing</code> span's <code>metadata.target()</code></li>
<li><code>code.module.name</code>, <code>code.file.path</code>,
<code>code.line.number</code></li>
</ul>
</li>
</ul>
</li>
<li>
<p>feat(core): add Response context (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/874">#874</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a></p>
<ul>
<li>The <code>Response</code> context can now be attached to events, to
include information about HTTP responses such as headers, cookies and
status code.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-rust/blob/master/CHANGELOG.md">sentry's
changelog</a>.</em></p>
<blockquote>
<h2>0.43.0</h2>
<h3>Breaking changes</h3>
<ul>
<li>ref(tracing): rework tracing to Sentry span name/op conversion (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>The <code>tracing</code> integration now uses the tracing span name
as the Sentry span name by default.</li>
<li>Before this change, the span name would be set based on the
<code>tracing</code> span target
(<code><module>::<function></code> when using the
<code>tracing::instrument</code> macro).</li>
<li>The <code>tracing</code> integration now uses <code><span
target>::<span name></code> as the default Sentry span op (i.e.
<code><module>::<function></code> when using
<code>tracing::instrument</code>).</li>
<li>Before this change, the span op would be set based on the
<code>tracing</code> span name.</li>
<li>Read below to learn how to customize the span name and op.</li>
<li>When upgrading, please ensure to adapt any queries, metrics or
dashboards to use the new span names/ops.</li>
</ul>
</li>
<li>ref(tracing): use standard code attributes (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/899">#899</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>Logs now carry the attributes <code>code.module.name</code>,
<code>code.file.path</code> and <code>code.line.number</code>
standardized in OTEL to surface the respective information, in contrast
with the previously sent <code>tracing.module_path</code>,
<code>tracing.file</code> and <code>tracing.line</code>.</li>
</ul>
</li>
<li>fix(actix): capture only server errors (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/877">#877</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>The Actix integration now properly honors the
<code>capture_server_errors</code> option (enabled by default),
capturing errors returned by middleware only if they are server errors
(HTTP status code 5xx).</li>
<li>Previously, if a middleware were to process the request after the
Sentry middleware and return an error, our middleware would always
capture it and send it to Sentry, regardless if it was a client, server
or some other kind of error.</li>
<li>With this change, we capture errors returned by middleware only if
those errors can be classified as server errors.</li>
<li>There is no change in behavior when it comes to errors returned by
services, in which case the Sentry middleware only captures server
errors exclusively.</li>
</ul>
</li>
<li>fix: send trace origin correctly (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/906">#906</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li><code>TraceContext</code> now has an additional field
<code>origin</code>, used to report which integration created a
transaction.</li>
</ul>
</li>
</ul>
<h3>Behavioral changes</h3>
<ul>
<li>feat(tracing): send both breadcrumbs and logs by default (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/878">#878</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>If the <code>logs</code> feature flag is enabled, and
<code>enable_logs: true</code> is set on your client options, the
default Sentry <code>tracing</code> layer now sends logs for all events
at or above INFO.</li>
</ul>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>
<p>ref(tracing): rework tracing to Sentry span name/op conversion (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a></p>
<ul>
<li>Additional special fields have been added that allow overriding
certain data on the Sentry span:
<ul>
<li><code>sentry.op</code>: override the Sentry span op.</li>
<li><code>sentry.name</code>: override the Sentry span name.</li>
<li><code>sentry.trace</code>: given a string matching a valid
<code>sentry-trace</code> header (sent automatically by client SDKs),
continues the distributed trace instead of starting a new one. If the
value is not a valid <code>sentry-trace</code> header or a trace is
already started, this value is ignored.</li>
</ul>
</li>
<li><code>sentry.op</code> and <code>sentry.name</code> can also be
applied retroactively by declaring fields with value
<code>tracing::field::Empty</code> and then recorded using
<code>tracing::Span::record</code>.</li>
<li>Example usage:
<pre lang="rust"><code>#[tracing::instrument(skip_all, fields(
sentry.op = "http.server",
sentry.name = "GET /payments",
sentry.trace =
headers.get("sentry-trace").unwrap_or(&"".to_owned()),
))]
async fn handle_request(headers: std::collections::HashMap<String,
String>) {
// ...
}
</code></pre>
</li>
<li>Additional attributes are sent along with each span by default:
<ul>
<li><code>sentry.tracing.target</code>: corresponds to the
<code>tracing</code> span's <code>metadata.target()</code></li>
<li><code>code.module.name</code>, <code>code.file.path</code>,
<code>code.line.number</code></li>
</ul>
</li>
</ul>
</li>
<li>
<p>feat(core): add Response context (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/874">#874</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b08b24a057"><code>b08b24a</code></a>
release: 0.43.0</li>
<li><a
href="1c08ca8671"><code>1c08ca8</code></a>
ref(tracing): keep old span name as op instead of default (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/905">#905</a>)</li>
<li><a
href="75aff83c65"><code>75aff83</code></a>
fix(tracing): skip default span attributes when propagating to event (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/904">#904</a>)</li>
<li><a
href="6b61b31367"><code>6b61b31</code></a>
fix: send trace origin correctly (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/906">#906</a>)</li>
<li><a
href="75a8c03de7"><code>75a8c03</code></a>
ref(tracing): use standard code attributes (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/899">#899</a>)</li>
<li><a
href="bbd667ab00"><code>bbd667a</code></a>
meta: add pull request template (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/898">#898</a>)</li>
<li><a
href="5c8ab31b61"><code>5c8ab31</code></a>
ref(tracing): rework <code>tracing</code> to Sentry span name/op
conversion (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/887">#887</a>)</li>
<li><a
href="045c2e2fed"><code>045c2e2</code></a>
feat(tracing): send both breadcrumbs and logs by default (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/878">#878</a>)</li>
<li><a
href="a5932c0295"><code>a5932c0</code></a>
fix(transport): add rate limit for logs (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/894">#894</a>)</li>
<li><a
href="280dab99be"><code>280dab9</code></a>
build(deps): bump tracing-subscriber from 0.3.19 to 0.3.20 (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/891">#891</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/getsentry/sentry-rust/compare/0.42.0...0.43.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `sentry-tracing` from 0.42.0 to 0.43.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-rust/releases">sentry-tracing's
releases</a>.</em></p>
<blockquote>
<h2>0.43.0</h2>
<h3>Breaking changes</h3>
<ul>
<li>ref(tracing): rework tracing to Sentry span name/op conversion (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>The <code>tracing</code> integration now uses the tracing span name
as the Sentry span name by default.</li>
<li>Before this change, the span name would be set based on the
<code>tracing</code> span target
(<code><module>::<function></code> when using the
<code>tracing::instrument</code> macro).</li>
<li>The <code>tracing</code> integration now uses <code><span
target>::<span name></code> as the default Sentry span op (i.e.
<code><module>::<function></code> when using
<code>tracing::instrument</code>).</li>
<li>Before this change, the span op would be set based on the
<code>tracing</code> span name.</li>
<li>Read below to learn how to customize the span name and op.</li>
<li>When upgrading, please ensure to adapt any queries, metrics or
dashboards to use the new span names/ops.</li>
</ul>
</li>
<li>ref(tracing): use standard code attributes (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/899">#899</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>Logs now carry the attributes <code>code.module.name</code>,
<code>code.file.path</code> and <code>code.line.number</code>
standardized in OTEL to surface the respective information, in contrast
with the previously sent <code>tracing.module_path</code>,
<code>tracing.file</code> and <code>tracing.line</code>.</li>
</ul>
</li>
<li>fix(actix): capture only server errors (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/877">#877</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>The Actix integration now properly honors the
<code>capture_server_errors</code> option (enabled by default),
capturing errors returned by middleware only if they are server errors
(HTTP status code 5xx).</li>
<li>Previously, if a middleware were to process the request after the
Sentry middleware and return an error, our middleware would always
capture it and send it to Sentry, regardless if it was a client, server
or some other kind of error.</li>
<li>With this change, we capture errors returned by middleware only if
those errors can be classified as server errors.</li>
<li>There is no change in behavior when it comes to errors returned by
services, in which case the Sentry middleware only captures server
errors exclusively.</li>
</ul>
</li>
<li>fix: send trace origin correctly (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/906">#906</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li><code>TraceContext</code> now has an additional field
<code>origin</code>, used to report which integration created a
transaction.</li>
</ul>
</li>
</ul>
<h3>Behavioral changes</h3>
<ul>
<li>feat(tracing): send both breadcrumbs and logs by default (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/878">#878</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>If the <code>logs</code> feature flag is enabled, and
<code>enable_logs: true</code> is set on your client options, the
default Sentry <code>tracing</code> layer now sends logs for all events
at or above INFO.</li>
</ul>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>
<p>ref(tracing): rework tracing to Sentry span name/op conversion (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a></p>
<ul>
<li>Additional special fields have been added that allow overriding
certain data on the Sentry span:
<ul>
<li><code>sentry.op</code>: override the Sentry span op.</li>
<li><code>sentry.name</code>: override the Sentry span name.</li>
<li><code>sentry.trace</code>: given a string matching a valid
<code>sentry-trace</code> header (sent automatically by client SDKs),
continues the distributed trace instead of starting a new one. If the
value is not a valid <code>sentry-trace</code> header or a trace is
already started, this value is ignored.</li>
</ul>
</li>
<li><code>sentry.op</code> and <code>sentry.name</code> can also be
applied retroactively by declaring fields with value
<code>tracing::field::Empty</code> and then recorded using
<code>tracing::Span::record</code>.</li>
<li>Example usage:
<pre lang="rust"><code>#[tracing::instrument(skip_all, fields(
sentry.op = "http.server",
sentry.name = "GET /payments",
sentry.trace =
headers.get("sentry-trace").unwrap_or(&"".to_owned()),
))]
async fn handle_request(headers: std::collections::HashMap<String,
String>) {
// ...
}
</code></pre>
</li>
<li>Additional attributes are sent along with each span by default:
<ul>
<li><code>sentry.tracing.target</code>: corresponds to the
<code>tracing</code> span's <code>metadata.target()</code></li>
<li><code>code.module.name</code>, <code>code.file.path</code>,
<code>code.line.number</code></li>
</ul>
</li>
</ul>
</li>
<li>
<p>feat(core): add Response context (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/874">#874</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a></p>
<ul>
<li>The <code>Response</code> context can now be attached to events, to
include information about HTTP responses such as headers, cookies and
status code.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-rust/blob/master/CHANGELOG.md">sentry-tracing's
changelog</a>.</em></p>
<blockquote>
<h2>0.43.0</h2>
<h3>Breaking changes</h3>
<ul>
<li>ref(tracing): rework tracing to Sentry span name/op conversion (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>The <code>tracing</code> integration now uses the tracing span name
as the Sentry span name by default.</li>
<li>Before this change, the span name would be set based on the
<code>tracing</code> span target
(<code><module>::<function></code> when using the
<code>tracing::instrument</code> macro).</li>
<li>The <code>tracing</code> integration now uses <code><span
target>::<span name></code> as the default Sentry span op (i.e.
<code><module>::<function></code> when using
<code>tracing::instrument</code>).</li>
<li>Before this change, the span op would be set based on the
<code>tracing</code> span name.</li>
<li>Read below to learn how to customize the span name and op.</li>
<li>When upgrading, please ensure to adapt any queries, metrics or
dashboards to use the new span names/ops.</li>
</ul>
</li>
<li>ref(tracing): use standard code attributes (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/899">#899</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>Logs now carry the attributes <code>code.module.name</code>,
<code>code.file.path</code> and <code>code.line.number</code>
standardized in OTEL to surface the respective information, in contrast
with the previously sent <code>tracing.module_path</code>,
<code>tracing.file</code> and <code>tracing.line</code>.</li>
</ul>
</li>
<li>fix(actix): capture only server errors (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/877">#877</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>The Actix integration now properly honors the
<code>capture_server_errors</code> option (enabled by default),
capturing errors returned by middleware only if they are server errors
(HTTP status code 5xx).</li>
<li>Previously, if a middleware were to process the request after the
Sentry middleware and return an error, our middleware would always
capture it and send it to Sentry, regardless if it was a client, server
or some other kind of error.</li>
<li>With this change, we capture errors returned by middleware only if
those errors can be classified as server errors.</li>
<li>There is no change in behavior when it comes to errors returned by
services, in which case the Sentry middleware only captures server
errors exclusively.</li>
</ul>
</li>
<li>fix: send trace origin correctly (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/906">#906</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li><code>TraceContext</code> now has an additional field
<code>origin</code>, used to report which integration created a
transaction.</li>
</ul>
</li>
</ul>
<h3>Behavioral changes</h3>
<ul>
<li>feat(tracing): send both breadcrumbs and logs by default (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/878">#878</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a>
<ul>
<li>If the <code>logs</code> feature flag is enabled, and
<code>enable_logs: true</code> is set on your client options, the
default Sentry <code>tracing</code> layer now sends logs for all events
at or above INFO.</li>
</ul>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>
<p>ref(tracing): rework tracing to Sentry span name/op conversion (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/887">#887</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a></p>
<ul>
<li>Additional special fields have been added that allow overriding
certain data on the Sentry span:
<ul>
<li><code>sentry.op</code>: override the Sentry span op.</li>
<li><code>sentry.name</code>: override the Sentry span name.</li>
<li><code>sentry.trace</code>: given a string matching a valid
<code>sentry-trace</code> header (sent automatically by client SDKs),
continues the distributed trace instead of starting a new one. If the
value is not a valid <code>sentry-trace</code> header or a trace is
already started, this value is ignored.</li>
</ul>
</li>
<li><code>sentry.op</code> and <code>sentry.name</code> can also be
applied retroactively by declaring fields with value
<code>tracing::field::Empty</code> and then recorded using
<code>tracing::Span::record</code>.</li>
<li>Example usage:
<pre lang="rust"><code>#[tracing::instrument(skip_all, fields(
sentry.op = "http.server",
sentry.name = "GET /payments",
sentry.trace =
headers.get("sentry-trace").unwrap_or(&"".to_owned()),
))]
async fn handle_request(headers: std::collections::HashMap<String,
String>) {
// ...
}
</code></pre>
</li>
<li>Additional attributes are sent along with each span by default:
<ul>
<li><code>sentry.tracing.target</code>: corresponds to the
<code>tracing</code> span's <code>metadata.target()</code></li>
<li><code>code.module.name</code>, <code>code.file.path</code>,
<code>code.line.number</code></li>
</ul>
</li>
</ul>
</li>
<li>
<p>feat(core): add Response context (<a
href="https://redirect.github.com/getsentry/sentry-rust/pull/874">#874</a>)
by <a href="https://github.com/lcian"><code>@lcian</code></a></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b08b24a057"><code>b08b24a</code></a>
release: 0.43.0</li>
<li><a
href="1c08ca8671"><code>1c08ca8</code></a>
ref(tracing): keep old span name as op instead of default (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/905">#905</a>)</li>
<li><a
href="75aff83c65"><code>75aff83</code></a>
fix(tracing): skip default span attributes when propagating to event (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/904">#904</a>)</li>
<li><a
href="6b61b31367"><code>6b61b31</code></a>
fix: send trace origin correctly (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/906">#906</a>)</li>
<li><a
href="75a8c03de7"><code>75a8c03</code></a>
ref(tracing): use standard code attributes (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/899">#899</a>)</li>
<li><a
href="bbd667ab00"><code>bbd667a</code></a>
meta: add pull request template (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/898">#898</a>)</li>
<li><a
href="5c8ab31b61"><code>5c8ab31</code></a>
ref(tracing): rework <code>tracing</code> to Sentry span name/op
conversion (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/887">#887</a>)</li>
<li><a
href="045c2e2fed"><code>045c2e2</code></a>
feat(tracing): send both breadcrumbs and logs by default (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/878">#878</a>)</li>
<li><a
href="a5932c0295"><code>a5932c0</code></a>
fix(transport): add rate limit for logs (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/894">#894</a>)</li>
<li><a
href="280dab99be"><code>280dab9</code></a>
build(deps): bump tracing-subscriber from 0.3.19 to 0.3.20 (<a
href="https://redirect.github.com/getsentry/sentry-rust/issues/891">#891</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/getsentry/sentry-rust/compare/0.42.0...0.43.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [lru](https://github.com/jeromefroe/lru-rs) from 0.12.5 to 0.16.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md">lru's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/jeromefroe/lru-rs/tree/0.16.1">v0.16.1</a> -
2025-09-08</h2>
<ul>
<li>Fix <code>Clone</code> for unbounded cache.</li>
</ul>
<h2><a
href="https://github.com/jeromefroe/lru-rs/tree/0.16.0">v0.16.0</a> -
2025-07-02</h2>
<ul>
<li>Implement <code>Clone</code> for caches with custom hashers.</li>
</ul>
<h2><a
href="https://github.com/jeromefroe/lru-rs/tree/0.15.0">v0.15.0</a> -
2025-06-26</h2>
<ul>
<li>Return bool from <code>promote</code> and <code>demote</code> to
indicate whether key was found.</li>
</ul>
<h2><a
href="https://github.com/jeromefroe/lru-rs/tree/0.14.0">v0.14.0</a> -
2025-04-12</h2>
<ul>
<li>Use <code>NonZeroUsize::MAX</code> instead of <code>unwrap()</code>,
and update MSRV to 1.70.0.</li>
</ul>
<h2><a
href="https://github.com/jeromefroe/lru-rs/tree/0.13.0">v0.13.0</a> -
2025-01-27</h2>
<ul>
<li>Add <code>peek_mru</code> and <code>pop_mru</code> methods, upgrade
dependency on <code>hashbrown</code> to 0.15.2, and update MSRV to
1.65.0.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c699209232"><code>c699209</code></a>
Merge pull request <a
href="https://redirect.github.com/jeromefroe/lru-rs/issues/220">#220</a>
from jeromefroe/jerome/prepare-0-16-1-release</li>
<li><a
href="2bd8207030"><code>2bd8207</code></a>
Prepare 0.16.1 release</li>
<li><a
href="1b21bf1c59"><code>1b21bf1</code></a>
Merge pull request <a
href="https://redirect.github.com/jeromefroe/lru-rs/issues/219">#219</a>
from wqfish/bk</li>
<li><a
href="3ec42b6369"><code>3ec42b6</code></a>
Fix clone implementation for unbounded cache</li>
<li><a
href="e2e3e47c33"><code>e2e3e47</code></a>
Merge pull request <a
href="https://redirect.github.com/jeromefroe/lru-rs/issues/218">#218</a>
from jeromefroe/jerome/prepare-0-16-0-release</li>
<li><a
href="17fe4f328a"><code>17fe4f3</code></a>
Prepare 0.16.0 release</li>
<li><a
href="b1b974ba35"><code>b1b974b</code></a>
Merge pull request <a
href="https://redirect.github.com/jeromefroe/lru-rs/issues/217">#217</a>
from kralverde/clone</li>
<li><a
href="20bdf9831a"><code>20bdf98</code></a>
clone all hashers</li>
<li><a
href="5ef01d3e1d"><code>5ef01d3</code></a>
Merge pull request <a
href="https://redirect.github.com/jeromefroe/lru-rs/issues/216">#216</a>
from atouchet/codecov</li>
<li><a
href="6d35290666"><code>6d35290</code></a>
Remove Codecov badge</li>
<li>Additional commits viewable in <a
href="https://github.com/jeromefroe/lru-rs/compare/0.12.5...0.16.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fixes
[APPLE-CLIENT-7S](https://sentry.io/organizations/firezone-inc/issues/6812982801/).
The issue was that: Synchronous access to
`Adapter.systemConfigurationResolvers` during concurrent deallocation
causes an EXC_BAD_ACCESS crash.
- Moves the `reset` command execution to the `workQueue` to prevent
potential deadlocks or race conditions when accessing shared resources
or interacting with the network extension's internal state.
This fix was generated by Seer in Sentry, triggered by
jamil@firezone.dev. 👁️ Run ID: 2183818
Not quite right? [Click here to continue debugging with
Seer.](https://sentry.io/organizations/firezone-inc/issues/6812982801/?seerDrawer=true)
Fixes#10195
---------
Co-authored-by: seer-by-sentry[bot] <157164994+seer-by-sentry[bot]@users.noreply.github.com>
Co-authored-by: Mariusz Klochowicz <mariusz@klochowicz.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
With the fix of taking into account link-scoped routes in #10554 we
introduced a bug: If a customer defines routes in Firezone that conflict
with the link-scope ones, those currently take priority as they are
usually more specific.
To fix this, we introduce tiered routing tables controlled by a set of
rules with different priority.
1. In the first "Firezone" routing table, we add all CIDR/IP routes that
users define in Firezone.
2. In the second "Firezone" routing table, we sync in all link-scope
routes from the system.
3. In the third "Firezone" routing table, we only add the Internet
Resource if it is active.
By evaluating the routing tables in this order, we effectively always
prioritize Firezone-controlled routes over local ones but still allow
access to LAN resources when the Internet Resource is active.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Bumps the hilt group in /kotlin/android with 4 updates:
[com.google.dagger.hilt.android](https://github.com/google/dagger),
[com.google.dagger:hilt-android](https://github.com/google/dagger),
[com.google.dagger:hilt-android-compiler](https://github.com/google/dagger)
and
[com.google.dagger:hilt-android-testing](https://github.com/google/dagger).
Updates `com.google.dagger.hilt.android` from 2.57.1 to 2.57.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/dagger/releases">com.google.dagger.hilt.android's
releases</a>.</em></p>
<blockquote>
<h2>Dagger 2.57.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed <a
href="https://redirect.github.com/google/dagger/issues/4847">#4847</a>:
Fixed an issue with the Hilt Gradle Plugin registered transforms on
projects using Gradle 9.0.0 (ea570e7)</li>
<li>Fixes <a
href="https://redirect.github.com/google/dagger/issues/4898">#4898</a>:
Fixed an issue with backwards compatibility handling for libraries that
export Hilt roots. (85c470ca4)</li>
<li>Fixes <a
href="https://redirect.github.com/google/dagger/issues/4937">#4937</a>:
Fixed the incorrectly declared version of the Kotlin stdlib dependency
in the Hilt Gradle Plugin. (deefd9a2d)</li>
<li>Updated ASM dependency to 9.8 (365bc499d)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="438334a32d"><code>438334a</code></a>
2.57.2 release</li>
<li><a
href="365bc499de"><code>365bc49</code></a>
Update ASM dependency to 9.8</li>
<li><a
href="6f82a2b1c9"><code>6f82a2b</code></a>
Automated Code Change</li>
<li><a
href="ff49b3daf5"><code>ff49b3d</code></a>
Automated Code Change</li>
<li><a
href="f60dccae05"><code>f60dcca</code></a>
Fix issue with
DaggerSuperficialValidation#validateTypeHierarchyOf().</li>
<li><a
href="9319e8125d"><code>9319e81</code></a>
Add a test suite to group our generated functional tests.</li>
<li><a
href="9053b3ba88"><code>9053b3b</code></a>
Inline MultibindingTest sources into the test for better
encapsulation.</li>
<li><a
href="55b0311eba"><code>55b0311</code></a>
Adds DaggerSuperficialValidationTest test case for missing super
interface ty...</li>
<li><a
href="ee59ebdb1b"><code>ee59ebd</code></a>
Remove unnecessary workaround for b/242569252.</li>
<li><a
href="5426d64c93"><code>5426d64</code></a>
Add more info to error messages for cases reported in <a
href="https://redirect.github.com/google/dagger/issues/3450">#3450</a>.</li>
<li>Additional commits viewable in <a
href="https://github.com/google/dagger/compare/dagger-2.57.1...dagger-2.57.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `com.google.dagger:hilt-android` from 2.57.1 to 2.57.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/dagger/releases">com.google.dagger:hilt-android's
releases</a>.</em></p>
<blockquote>
<h2>Dagger 2.57.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed <a
href="https://redirect.github.com/google/dagger/issues/4847">#4847</a>:
Fixed an issue with the Hilt Gradle Plugin registered transforms on
projects using Gradle 9.0.0 (ea570e7)</li>
<li>Fixes <a
href="https://redirect.github.com/google/dagger/issues/4898">#4898</a>:
Fixed an issue with backwards compatibility handling for libraries that
export Hilt roots. (85c470ca4)</li>
<li>Fixes <a
href="https://redirect.github.com/google/dagger/issues/4937">#4937</a>:
Fixed the incorrectly declared version of the Kotlin stdlib dependency
in the Hilt Gradle Plugin. (deefd9a2d)</li>
<li>Updated ASM dependency to 9.8 (365bc499d)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="438334a32d"><code>438334a</code></a>
2.57.2 release</li>
<li><a
href="365bc499de"><code>365bc49</code></a>
Update ASM dependency to 9.8</li>
<li><a
href="6f82a2b1c9"><code>6f82a2b</code></a>
Automated Code Change</li>
<li><a
href="ff49b3daf5"><code>ff49b3d</code></a>
Automated Code Change</li>
<li><a
href="f60dccae05"><code>f60dcca</code></a>
Fix issue with
DaggerSuperficialValidation#validateTypeHierarchyOf().</li>
<li><a
href="9319e8125d"><code>9319e81</code></a>
Add a test suite to group our generated functional tests.</li>
<li><a
href="9053b3ba88"><code>9053b3b</code></a>
Inline MultibindingTest sources into the test for better
encapsulation.</li>
<li><a
href="55b0311eba"><code>55b0311</code></a>
Adds DaggerSuperficialValidationTest test case for missing super
interface ty...</li>
<li><a
href="ee59ebdb1b"><code>ee59ebd</code></a>
Remove unnecessary workaround for b/242569252.</li>
<li><a
href="5426d64c93"><code>5426d64</code></a>
Add more info to error messages for cases reported in <a
href="https://redirect.github.com/google/dagger/issues/3450">#3450</a>.</li>
<li>Additional commits viewable in <a
href="https://github.com/google/dagger/compare/dagger-2.57.1...dagger-2.57.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `com.google.dagger:hilt-android-compiler` from 2.57.1 to 2.57.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/dagger/releases">com.google.dagger:hilt-android-compiler's
releases</a>.</em></p>
<blockquote>
<h2>Dagger 2.57.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed <a
href="https://redirect.github.com/google/dagger/issues/4847">#4847</a>:
Fixed an issue with the Hilt Gradle Plugin registered transforms on
projects using Gradle 9.0.0 (ea570e7)</li>
<li>Fixes <a
href="https://redirect.github.com/google/dagger/issues/4898">#4898</a>:
Fixed an issue with backwards compatibility handling for libraries that
export Hilt roots. (85c470ca4)</li>
<li>Fixes <a
href="https://redirect.github.com/google/dagger/issues/4937">#4937</a>:
Fixed the incorrectly declared version of the Kotlin stdlib dependency
in the Hilt Gradle Plugin. (deefd9a2d)</li>
<li>Updated ASM dependency to 9.8 (365bc499d)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="438334a32d"><code>438334a</code></a>
2.57.2 release</li>
<li><a
href="365bc499de"><code>365bc49</code></a>
Update ASM dependency to 9.8</li>
<li><a
href="6f82a2b1c9"><code>6f82a2b</code></a>
Automated Code Change</li>
<li><a
href="ff49b3daf5"><code>ff49b3d</code></a>
Automated Code Change</li>
<li><a
href="f60dccae05"><code>f60dcca</code></a>
Fix issue with
DaggerSuperficialValidation#validateTypeHierarchyOf().</li>
<li><a
href="9319e8125d"><code>9319e81</code></a>
Add a test suite to group our generated functional tests.</li>
<li><a
href="9053b3ba88"><code>9053b3b</code></a>
Inline MultibindingTest sources into the test for better
encapsulation.</li>
<li><a
href="55b0311eba"><code>55b0311</code></a>
Adds DaggerSuperficialValidationTest test case for missing super
interface ty...</li>
<li><a
href="ee59ebdb1b"><code>ee59ebd</code></a>
Remove unnecessary workaround for b/242569252.</li>
<li><a
href="5426d64c93"><code>5426d64</code></a>
Add more info to error messages for cases reported in <a
href="https://redirect.github.com/google/dagger/issues/3450">#3450</a>.</li>
<li>Additional commits viewable in <a
href="https://github.com/google/dagger/compare/dagger-2.57.1...dagger-2.57.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `com.google.dagger:hilt-android-testing` from 2.57.1 to 2.57.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/dagger/releases">com.google.dagger:hilt-android-testing's
releases</a>.</em></p>
<blockquote>
<h2>Dagger 2.57.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed <a
href="https://redirect.github.com/google/dagger/issues/4847">#4847</a>:
Fixed an issue with the Hilt Gradle Plugin registered transforms on
projects using Gradle 9.0.0 (ea570e7)</li>
<li>Fixes <a
href="https://redirect.github.com/google/dagger/issues/4898">#4898</a>:
Fixed an issue with backwards compatibility handling for libraries that
export Hilt roots. (85c470ca4)</li>
<li>Fixes <a
href="https://redirect.github.com/google/dagger/issues/4937">#4937</a>:
Fixed the incorrectly declared version of the Kotlin stdlib dependency
in the Hilt Gradle Plugin. (deefd9a2d)</li>
<li>Updated ASM dependency to 9.8 (365bc499d)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="438334a32d"><code>438334a</code></a>
2.57.2 release</li>
<li><a
href="365bc499de"><code>365bc49</code></a>
Update ASM dependency to 9.8</li>
<li><a
href="6f82a2b1c9"><code>6f82a2b</code></a>
Automated Code Change</li>
<li><a
href="ff49b3daf5"><code>ff49b3d</code></a>
Automated Code Change</li>
<li><a
href="f60dccae05"><code>f60dcca</code></a>
Fix issue with
DaggerSuperficialValidation#validateTypeHierarchyOf().</li>
<li><a
href="9319e8125d"><code>9319e81</code></a>
Add a test suite to group our generated functional tests.</li>
<li><a
href="9053b3ba88"><code>9053b3b</code></a>
Inline MultibindingTest sources into the test for better
encapsulation.</li>
<li><a
href="55b0311eba"><code>55b0311</code></a>
Adds DaggerSuperficialValidationTest test case for missing super
interface ty...</li>
<li><a
href="ee59ebdb1b"><code>ee59ebd</code></a>
Remove unnecessary workaround for b/242569252.</li>
<li><a
href="5426d64c93"><code>5426d64</code></a>
Add more info to error messages for cases reported in <a
href="https://redirect.github.com/google/dagger/issues/3450">#3450</a>.</li>
<li>Additional commits viewable in <a
href="https://github.com/google/dagger/compare/dagger-2.57.1...dagger-2.57.2">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.223 to
1.0.228.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/serde/releases">serde's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.228</h2>
<ul>
<li>Allow building documentation with
<code>RUSTDOCFLAGS='--cfg=docsrs'</code> set for the whole dependency
graph (<a
href="https://redirect.github.com/serde-rs/serde/issues/2995">#2995</a>)</li>
</ul>
<h2>v1.0.227</h2>
<ul>
<li>Documentation improvements (<a
href="https://redirect.github.com/serde-rs/serde/issues/2991">#2991</a>)</li>
</ul>
<h2>v1.0.226</h2>
<ul>
<li>Deduplicate variant matching logic inside generated Deserialize impl
for adjacently tagged enums (<a
href="https://redirect.github.com/serde-rs/serde/issues/2935">#2935</a>,
thanks <a
href="https://github.com/Mingun"><code>@Mingun</code></a>)</li>
</ul>
<h2>v1.0.225</h2>
<ul>
<li>Avoid triggering a deprecation warning in derived Serialize and
Deserialize impls for a data structure that contains its own
deprecations (<a
href="https://redirect.github.com/serde-rs/serde/issues/2879">#2879</a>,
thanks <a
href="https://github.com/rcrisanti"><code>@rcrisanti</code></a>)</li>
</ul>
<h2>v1.0.224</h2>
<ul>
<li>Remove private types being suggested in rustc diagnostics (<a
href="https://redirect.github.com/serde-rs/serde/issues/2979">#2979</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a866b336f1"><code>a866b33</code></a>
Release 1.0.228</li>
<li><a
href="5adc9e816c"><code>5adc9e8</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2995">#2995</a>
from dtolnay/rustdocflags</li>
<li><a
href="ab581789f4"><code>ab58178</code></a>
Workaround for RUSTDOCFLAGS='--cfg=docsrs'</li>
<li><a
href="415d9fc560"><code>415d9fc</code></a>
Release 1.0.227</li>
<li><a
href="7c58427e12"><code>7c58427</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2991">#2991</a>
from dtolnay/inlinecoredoc</li>
<li><a
href="9d3410e3f4"><code>9d3410e</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2992">#2992</a>
from dtolnay/inplaceseed</li>
<li><a
href="2fb6748bf1"><code>2fb6748</code></a>
Remove InPlaceSeed public re-export</li>
<li><a
href="f8137c79a2"><code>f8137c7</code></a>
Inline serde_core into serde in docsrs mode</li>
<li><a
href="b7dbf7e3cb"><code>b7dbf7e</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2990">#2990</a>
from dtolnay/integer128</li>
<li><a
href="7c836915fc"><code>7c83691</code></a>
No longer macro_use integer128 module</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/serde/compare/v1.0.223...v1.0.228">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
In order to make the flow logs emitted by the Gateway more useful and
self-contained, we extend the `authorize_flow` message sent to the
Gateway with some more context around the Client and Actor of that flow.
In particular, we now also send the following to the Gateway:
- `client_version`
- `device_os_version`
- `device_os_name`
- `device_serial`
- `device_uuid`
- `device_identifier_for_vendor`
- `device_firebase_installation_id`
- `identity_id`
- `identity_name`
- `actor_id`
- `actor_email`
We only extend the `authorize_flow` message with these additional
properties. The legacy messages for 1.3.x Clients remain as is. For
those Clients, the above properties will be empty in the flow logs.
Resolves: #10690
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps the netlink group in /rust with 3 updates:
[netlink-packet-core](https://github.com/rust-netlink/netlink-packet-core),
[netlink-packet-route](https://github.com/rust-netlink/netlink-packet-route)
and [rtnetlink](https://github.com/rust-netlink/rtnetlink).
Updates `netlink-packet-core` from 0.7.0 to 0.8.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-netlink/netlink-packet-core/releases">netlink-packet-core's
releases</a>.</em></p>
<blockquote>
<h2>New release 0.8.1</h2>
<h3>Breaking changes</h3>
<ul>
<li>N/A</li>
</ul>
<h3>New features</h3>
<ul>
<li>N/A</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Revert back to paste dependency. (4447216)</li>
</ul>
<h2>New release 0.8.0</h2>
<h3>Breaking changes</h3>
<ul>
<li>Changed <code>DecodeError</code> from enum to struct. (f55d7b7,
63da36a)</li>
<li>Merged <code>netlink-packet-utils</code> into
<code>netlink-packet-core</code>. (f55d7b7, 0951455,
ba127bf, a232478, 8027f63, 41fe03d, 260e596, cc6bf08, 63da36a,
410c61d)</li>
<li>Remove dependency of byteorder crate. (16d63fb)</li>
</ul>
<h3>New features</h3>
<ul>
<li>Support zero sized done message. (100413a)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>N/A</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-netlink/netlink-packet-core/blob/main/CHANGELOG">netlink-packet-core's
changelog</a>.</em></p>
<blockquote>
<h2>[0.8.1] - 2025-09-18</h2>
<h3>Breaking changes</h3>
<ul>
<li>N/A</li>
</ul>
<h3>New features</h3>
<ul>
<li>N/A</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Revert back to paste dependency. (4447216)</li>
</ul>
<h2>[0.8.0] - 2025-08-27</h2>
<h3>Breaking changes</h3>
<ul>
<li>Changed <code>DecodeError</code> from enum to struct. (f55d7b7,
63da36a)</li>
<li>Merged <code>netlink-packet-utils</code> into
<code>netlink-packet-core</code>. (f55d7b7, 0951455,
ba127bf, a232478, 8027f63, 41fe03d, 260e596, cc6bf08, 63da36a,
410c61d)</li>
<li>Remove dependency of byteorder crate. (16d63fb)</li>
</ul>
<h3>New features</h3>
<ul>
<li>Support zero sized done message. (100413a)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>N/A</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e34595f54f"><code>e34595f</code></a>
New release 0.8.1</li>
<li><a
href="44472161c5"><code>4447216</code></a>
Revert back to paste dependency</li>
<li><a
href="b40f3d616f"><code>b40f3d6</code></a>
New release 0.8.0</li>
<li><a
href="46a3fee30b"><code>46a3fee</code></a>
Run cargo fmt</li>
<li><a
href="100413a1b7"><code>100413a</code></a>
Support zero sized done message</li>
<li><a
href="81b2d0f406"><code>81b2d0f</code></a>
CI: Fail to test for clippy warnings</li>
<li><a
href="663310a04c"><code>663310a</code></a>
Revert "ci: add code coverage support"</li>
<li><a
href="16d63fb0a8"><code>16d63fb</code></a>
Remove dependency of byteorder crate</li>
<li><a
href="410c61db71"><code>410c61d</code></a>
Changed Parseable to raise DecodeError</li>
<li><a
href="63da36a2fc"><code>63da36a</code></a>
Extend ErrorContext to accept <code>std::fmt::Display</code></li>
<li>Additional commits viewable in <a
href="https://github.com/rust-netlink/netlink-packet-core/compare/v0.7.0...v0.8.1">compare
view</a></li>
</ul>
</details>
<br />
Updates `netlink-packet-route` from 0.24.0 to 0.25.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-netlink/netlink-packet-route/releases">netlink-packet-route's
releases</a>.</em></p>
<blockquote>
<h2>New release 0.25.1</h2>
<h3>Breaking changes</h3>
<ul>
<li>Set minimum supported rust version to 1.77. (6bd5418)</li>
</ul>
<h3>New features</h3>
<ul>
<li>N/A</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Fix compiling error on rust 1.77. (6bd5418)</li>
</ul>
<h2>New release 0.25.0</h2>
<h3>Breaking changes</h3>
<ul>
<li>Drop the dependency on <code>netlink-packet-utils</code>.
(e09acbd)</li>
<li>Add <code>non_exhaustive</code> to these bond options: (eacf67f)
<ul>
<li><code>BondArpValidate</code></li>
<li><code>BondPrimaryReselect</code></li>
<li><code>BondXmitHashPolicy</code></li>
<li><code>BondArpAllTargets</code></li>
<li><code>BondFailOverMac</code></li>
</ul>
</li>
<li>Changed <code>AfSpecInet6::AddrGenMode</code> to enum.
(7daf895)</li>
<li>Changed <code>LinkAttribute::Mode</code> to enum. (be2796c)</li>
</ul>
<h3>New features</h3>
<ul>
<li>Support <code>LWTUNNEL_ENCAP_IP6</code>. (0e49453)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Expose In6AddrGenMode. (faf9d39)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-netlink/netlink-packet-route/blob/main/CHANGELOG">netlink-packet-route's
changelog</a>.</em></p>
<blockquote>
<h2>[0.25.1] - 2025-08-29</h2>
<h3>Breaking changes</h3>
<ul>
<li>Set minimum supported rust version to 1.77. (6bd5418)</li>
</ul>
<h3>New features</h3>
<ul>
<li>N/A</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Fix compiling error on rust 1.77. (6bd5418)</li>
</ul>
<h2>[0.25.0] - 2025-08-27</h2>
<h3>Breaking changes</h3>
<ul>
<li>Drop the dependency on <code>netlink-packet-utils</code>.
(e09acbd)</li>
<li>Add <code>non_exhaustive</code> to these bond options: (eacf67f)
<ul>
<li><code>BondArpValidate</code></li>
<li><code>BondPrimaryReselect</code></li>
<li><code>BondXmitHashPolicy</code></li>
<li><code>BondArpAllTargets</code></li>
<li><code>BondFailOverMac</code></li>
</ul>
</li>
<li>Changed <code>AfSpecInet6::AddrGenMode</code> to enum.
(7daf895)</li>
<li>Changed <code>LinkAttribute::Mode</code> to enum. (be2796c)</li>
</ul>
<h3>New features</h3>
<ul>
<li>Support <code>LWTUNNEL_ENCAP_IP6</code>. (0e49453)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Expose In6AddrGenMode. (faf9d39)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e3dc02da86"><code>e3dc02d</code></a>
New release 0.25.1</li>
<li><a
href="4dfe87d7cb"><code>4dfe87d</code></a>
CI: Change MSRV test not using metric</li>
<li><a
href="6bd5418da9"><code>6bd5418</code></a>
Set minimum supported rust version to 1.77</li>
<li><a
href="a473cca426"><code>a473cca</code></a>
New release 0.25.0</li>
<li><a
href="e09acbd440"><code>e09acbd</code></a>
Use netlink-packet-core 0.8.0</li>
<li><a
href="faf9d390f2"><code>faf9d39</code></a>
Fix private In6AddrGenMode</li>
<li><a
href="eacf67f90f"><code>eacf67f</code></a>
link: Add <code>non_exhaustive</code> to bond classes</li>
<li><a
href="eef9be7e7c"><code>eef9be7</code></a>
Add example code of dumping routes</li>
<li><a
href="0e49453468"><code>0e49453</code></a>
Add support for LWTUNNEL_ENCAP_IP6</li>
<li><a
href="7daf895552"><code>7daf895</code></a>
Change AddrGenMode into enum</li>
<li>Additional commits viewable in <a
href="https://github.com/rust-netlink/netlink-packet-route/compare/v0.24.0...v0.25.1">compare
view</a></li>
</ul>
</details>
<br />
Updates `rtnetlink` from 0.17.0 to 0.18.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-netlink/rtnetlink/releases">rtnetlink's
releases</a>.</em></p>
<blockquote>
<h2>New release 0.18.1</h2>
<h3>Breaking changes</h3>
<ul>
<li>N/A</li>
</ul>
<h3>New features</h3>
<ul>
<li>route: Support defining ECMP weight. (7fcba62)</li>
<li>route: Support defining ECMP flags. (18c4331)</li>
<li>route: allow IPv6 gateway in IPv4 route. (e1784a3)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>N/A</li>
</ul>
<h2>New release 0.18.0</h2>
<h3>Breaking changes</h3>
<ul>
<li>Please check <code>netlink-packet-route</code> 0.25.0 breaking
changes.</li>
<li>Please check <code>netlink-packet-core</code> 0.8.0 breaking
changes.</li>
<li>Please check <code>netlink-proto</code> 0.12.0 breaking
changes.</li>
<li>Removed <code>rtnetlink::packet_utils</code>. (9373d77)</li>
</ul>
<h3>New features</h3>
<ul>
<li>ip: Introduced <code>AddressMessageBuilder</code>. (1fe2569)</li>
<li>macsec: Introduced <code>LinkMacSec</code>. (b9dd9d9)</li>
<li>Allow the user to specify their own socket. (6547f22)</li>
<li>Allow <code>TrafficGetFilterRequest</code> to get ingress or egress
filters. (45f9206)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Replace <code>impl TryStream</code> with <code>impl Stream</code>.
(513e8c3)</li>
<li>Fix android build. (3e270c6)</li>
<li>Should not set <code>NLM_F_EXCL</code> when deleting alt-name.
(7dd58dd)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-netlink/rtnetlink/blob/main/CHANGELOG">rtnetlink's
changelog</a>.</em></p>
<blockquote>
<h2>[0.18.1] - 2025-09-09</h2>
<h3>Breaking changes</h3>
<ul>
<li>N/A</li>
</ul>
<h3>New features</h3>
<ul>
<li>route: Support defining ECMP weight. (7fcba62)</li>
<li>route: Support defining ECMP flags. (18c4331)</li>
<li>route: allow IPv6 gateway in IPv4 route. (e1784a3)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>N/A</li>
</ul>
<h2>[0.18.0] - 2025-08-27</h2>
<h3>Breaking changes</h3>
<ul>
<li>Please check <code>netlink-packet-route</code> 0.25.0 breaking
changes.</li>
<li>Please check <code>netlink-packet-core</code> 0.8.0 breaking
changes.</li>
<li>Please check <code>netlink-proto</code> 0.12.0 breaking
changes.</li>
<li>Removed <code>rtnetlink::packet_utils</code>. (9373d77)</li>
</ul>
<h3>New features</h3>
<ul>
<li>ip: Introduced <code>AddressMessageBuilder</code>. (1fe2569)</li>
<li>macsec: Introduced <code>LinkMacSec</code>. (b9dd9d9)</li>
<li>Allow the user to specify their own socket. (6547f22)</li>
<li>Allow <code>TrafficGetFilterRequest</code> to get ingress or egress
filters. (45f9206)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Replace <code>impl TryStream</code> with <code>impl Stream</code>.
(513e8c3)</li>
<li>Fix android build. (3e270c6)</li>
<li>Should not set <code>NLM_F_EXCL</code> when deleting alt-name.
(7dd58dd)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e28f321f40"><code>e28f321</code></a>
New release 0.18.1</li>
<li><a
href="18c433148d"><code>18c4331</code></a>
rotue: Add <code>RouteNextHopBuilder::flags()</code></li>
<li><a
href="e1784a308b"><code>e1784a3</code></a>
route: allow IPv6 gateway in IPv4 route</li>
<li><a
href="7fcba62c1c"><code>7fcba62</code></a>
route: Support defining ECMP weight</li>
<li><a
href="e1184c005f"><code>e1184c0</code></a>
New release 0.18.0</li>
<li><a
href="9373d773d9"><code>9373d77</code></a>
Use latest rust-netlink crates</li>
<li><a
href="96d381efa8"><code>96d381e</code></a>
Fix cargo fmt and cargo clippy warnings</li>
<li><a
href="1fe25698f4"><code>1fe2569</code></a>
Create AddressMessageBuilder</li>
<li><a
href="6485710c84"><code>6485710</code></a>
Fix document code for Macsec</li>
<li><a
href="c7598bef13"><code>c7598be</code></a>
fix format</li>
<li>Additional commits viewable in <a
href="https://github.com/rust-netlink/rtnetlink/compare/v0.17.0...v0.18.1">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [secrecy](https://github.com/iqlusioninc/crates) from 0.8.0 to
0.10.3.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/iqlusioninc/crates/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [proptest-state-machine](https://github.com/proptest-rs/proptest)
from 0.4.0 to 0.5.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2885bc2f3d"><code>2885bc2</code></a>
new releases for proptest, proptest-macro, and state-machine</li>
<li><a
href="a85563f3cc"><code>a85563f</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/584">#584</a>
from wojciech-graj/main</li>
<li><a
href="5331517f52"><code>5331517</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/596">#596</a>
from alexanderkjall/fix-arithmetic-overflow</li>
<li><a
href="157f3c083f"><code>157f3c0</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/595">#595</a>
from ebegumisa/main</li>
<li><a
href="02fa1fcc45"><code>02fa1fc</code></a>
changelog: add <a
href="https://redirect.github.com/proptest-rs/proptest/issues/595">#595</a></li>
<li><a
href="27fd76fbbc"><code>27fd76f</code></a>
fix for 32 bit processors</li>
<li><a
href="d1716ca7b4"><code>d1716ca</code></a>
Add <code>ReferenceStateMachine</code> arg to
<code>SystemUnderTest::teardown</code></li>
<li><a
href="ea4ddeb0a8"><code>ea4ddeb</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/594">#594</a>
from proptest-rs/attr-macro-preserve-arg-names</li>
<li><a
href="f80c1e6e8d"><code>f80c1e6</code></a>
fix shorthand struct initialization lint</li>
<li><a
href="b7590fa642"><code>b7590fa</code></a>
add new test for complex patterns</li>
<li>Additional commits viewable in <a
href="https://github.com/proptest-rs/proptest/compare/proptest-state-machine-0.4.0...proptest-state-machine-0.5.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [tokio-tungstenite](https://github.com/snapview/tokio-tungstenite)
from 0.27.0 to 0.28.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/snapview/tokio-tungstenite/blob/master/CHANGELOG.md">tokio-tungstenite's
changelog</a>.</em></p>
<blockquote>
<h1>0.28.0</h1>
<ul>
<li>Update <code>tungstenite</code> to <code>0.18.0</code>. See <a
href="https://github.com/snapview/tungstenite-rs/blob/master/CHANGELOG.md"><code>tungstenite</code>
release</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="35d110c24c"><code>35d110c</code></a>
Implement into_inner to get the underlying stream (<a
href="https://redirect.github.com/snapview/tokio-tungstenite/issues/367">#367</a>)</li>
<li><a
href="f3ae75d1de"><code>f3ae75d</code></a>
Update <code>tungstenite</code> version and fix bugs</li>
<li><a
href="25b544e43f"><code>25b544e</code></a>
Allow getting a reference to the shared inner stream (<a
href="https://redirect.github.com/snapview/tokio-tungstenite/issues/363">#363</a>)</li>
<li>See full diff in <a
href="https://github.com/snapview/tokio-tungstenite/compare/v0.27.0...v0.28.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[getsentry/action-release](https://github.com/getsentry/action-release)
from 3.2.0 to 3.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/action-release/releases">getsentry/action-release's
releases</a>.</em></p>
<blockquote>
<h2>3.3.0</h2>
<h3>Various fixes & improvements</h3>
<ul>
<li>chore: pin cache action (<a
href="https://redirect.github.com/getsentry/action-release/issues/290">#290</a>)
by <a href="https://github.com/saibotk"><code>@saibotk</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/action-release/blob/master/CHANGELOG.md">getsentry/action-release's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>3.3.0</h2>
<h3>Various fixes & improvements</h3>
<ul>
<li>chore: pin cache action (<a
href="https://redirect.github.com/getsentry/action-release/issues/290">#290</a>)
by <a href="https://github.com/saibotk"><code>@saibotk</code></a></li>
<li>chore: Set docker tag for master [skip ci] (ae1d1cd5) by <a
href="https://github.com/getsantry"><code>@getsantry</code></a>[bot]</li>
</ul>
<h2>3.2.0</h2>
<h3>Various fixes & improvements</h3>
<ul>
<li>chore: Set docker tag for master [skip ci] (e8340952) by <a
href="https://github.com/getsantry"><code>@getsantry</code></a>[bot]</li>
<li>feat: Bump to node 20.19.2 (<a
href="https://redirect.github.com/getsentry/action-release/issues/284">#284</a>)
by <a
href="https://github.com/andreiborza"><code>@andreiborza</code></a></li>
<li>chore: Set docker tag for master [skip ci] (ec695e24) by <a
href="https://github.com/getsantry"><code>@getsantry</code></a>[bot]</li>
</ul>
<h2>3.1.2</h2>
<ul>
<li>fix: Preserve existing Node version on macOS and Windows runners (<a
href="https://redirect.github.com/getsentry/action-release/issues/280">#280</a>)
by <a
href="https://github.com/andreiborza"><code>@andreiborza</code></a></li>
</ul>
<h2>3.1.1</h2>
<ul>
<li>fix: Only pass <code>urlPrefix</code> to sentry-cli if it's not
empty (<a
href="https://redirect.github.com/getsentry/action-release/issues/275">#275</a>)
by <a
href="https://github.com/andreiborza"><code>@andreiborza</code></a></li>
</ul>
<h2>3.1.0</h2>
<ul>
<li>feat: Add <code>release</code> and <code>release_prefix</code> in
favor of <code>version</code> and <code>version_prefix</code> (<a
href="https://redirect.github.com/getsentry/action-release/issues/273">#273</a>)
by <a
href="https://github.com/andreiborza"><code>@andreiborza</code></a></li>
</ul>
<p>Input parameter <code>version</code> has been deprecated and will be
removed in a future version in favor of a newly introduced
<code>release</code> parameter.</p>
<p>Input parameter <code>version_prefix</code> has been deprecated and
will be removed in a future version in favor of a newly introduced
<code>release_prefix</code> parameter.</p>
<h2>3.0.0</h2>
<p>Version <code>3.0.0</code> contains breaking changes:</p>
<ul>
<li>feat(sourcemaps)!: Enable injecting debug ids by default (<a
href="https://redirect.github.com/getsentry/action-release/issues/272">#272</a>)
by <a
href="https://github.com/andreiborza"><code>@andreiborza</code></a></li>
</ul>
<p>The action now automatically injects Debug IDs into your JavaScript
source files and source maps to ensure your stacktraces can be
properly un-minified.</p>
<p>This is a <strong>breaking change as it modifies your source
files</strong>. You can disable this behavior by setting <code>inject:
false</code>:</p>
<pre lang="yaml"><code>- uses: getsentry/action-release@v3
with:
environment: 'production'
sourcemaps: './dist'
inject: false
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4f502acc1d"><code>4f502ac</code></a>
release: 3.3.0</li>
<li><a
href="d0134c84e8"><code>d0134c8</code></a>
chore: pin cache action (<a
href="https://redirect.github.com/getsentry/action-release/issues/290">#290</a>)</li>
<li><a
href="ae1d1cd5d6"><code>ae1d1cd</code></a>
chore: Set docker tag for master [skip ci]</li>
<li><a
href="b81cc2efe1"><code>b81cc2e</code></a>
Merge branch 'release/3.2.0'</li>
<li>See full diff in <a
href="526942b682...4f502acc1d">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Upon moving the version string from PKG_VERSION and Cargo.toml, we lost
the bump version automation. To avoid more bugs here in the future, we
now check for the version marker across all Git-tracked files,
regardless of their extension.
Fixes#10748
---------
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Skip `setConfiguration()` IPC call when not in connected state; this was
observed as the root cause of the utun interface increments which we've
seen
recently.
Note: `utun` increments can still happen during other IPC calls when not
signed in,
notably during log export when signed out of Firezone. This is not a
major issue though,
as other IPC calls happen only as a result of user interaction between
network extension sleeps.
To fully get rid of the problem, we should address #10754.
To ensure we still are able to pass on configuration before sign in, we
are now
passing configuration directly in the startTunnel() options dictionary.
Fixes#10603
Setting `fail-fast: false` unsurprisingly makes our CI fail pretty
slowly. This is especially noticable in the merge queue where a
long-running job could still hold up the entire queue even though a
different job has failed already and the PR is never going to make it in
anyway.
To avoid this scenario, we set `fail-fast: true` whenever we are in the
merge queue.
Thomas Eizinger