In #7163, we introduced a shared cache of server-reflexive candidates
within a `snownet::Node`. What we unfortunately overlooked is that if a
node (i.e. a client or a gateway) is behind symmetric NAT, then we will
repeatedly create "new" server-reflexive candiates, thereby filling up
this cache.
This cache is used to initialise the agents with local candidates, which
manifests in us sending dozens if not hundreds of candidates to the
other party. Whilst not harmful in itself, it does create quite a lot of
spam. To fix this, we introduce a limit of only keeping around 1
server-reflexive candidate per IP version, i.e. only 1 IPv4 and IPv6
address.
At present, `connlib` only supports a single egress interface meaning
for now, we are fine with making this assumption.
In case we encounter a new candidate of the same kind and same IP
version, we evict the old one and replace it with the new one. Thus, for
subsequent connections, only the new candidate is used.
This ensure that we run prettier across all supported filetypes to check
for any formatting / style inconsistencies. Previously, it was only run
for files in the website/ directory using a deprecated pre-commit
plugin.
The benefit to keeping this in our pre-commit config is that devs can
optionally run these checks locally with `pre-commit run --config
.github/pre-commit-config.yaml`.
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Within `connlib`, we have many nested state machines. Many of them have
internal timers by means of timestamps with which they indicate, when
they'd like to be "woken" to perform time-related processing. For
example, the `Allocation` state machine would indicate with a timestamp
5 minutes from the time an allocation is created that it needs to be
woken again in order to send the refresh message to the relay.
When we reset our network connections, we pretty much discard all state
within connlib and together with that, all of these timers. Thus the
`poll_timeout` function would return `None`, indicating that our state
machines are not waiting for anything.
Within the eventloop, the most outer state machine, i.e. `ClientState`
is paired with an `Io` component that actually implements the timer by
scheduling a wake-up aggregated as the earliest point of all state
machines.
In order to not fire the same timer multiple times in a row, we already
intended to reset the timer once it fired. It turns out that this never
worked and the timer still lingered around.
When we call `reset`, `poll_timeout` - which feeds this timer - returns
`None` and the timer doesn't get updated until it will finally return
`Some` with an `Instant`. Because the previous timer didn't get cleared
when it fired, this caused `connlib` to busy loop and prevent some(?)
other parts of it from progressing, resulting in us never being able to
reconnect to the portal. Yet, because the event loop itself was still
operating, we could still resolve DNS queries and such.
Resolves: #7254.
---------
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
When waiting on multiple futures concurrently within a loop, it is
important that they all get re-created whenever one of them resolves.
Currently, due to the `.fuse` call, the SIGHUP signal can only be sent
once and future signals get ignored.
As a more general fix, I swapped the `futures::select!` macro to the
`tokio::select!` macro which allows referencing these futures without
pinning and fusing. Ideally, we'd not use any of these macros here and
write our own eventloop but that is a larger refactoring.
The issue in #7254 and #7200 appears to be that eventually, we fail to
connect to the portal because we stop re-trying, i.e. the socket connect
appears to hang forever. Perhaps there is race condition somewhere in
how we resolve DNS / flush DNS servers etc. Regardless of that,
connecting to the portal should never take more than 5s so timing out
after that ensures we retry the connection.
Resolves: #7254.
Resolves: #7200.
When encrypting packets, we need to reserve a buffer within which
boringtun will encrypt the IP packet. Unfortunately, `boringtun` panics
if that buffer is not big enough which essentially brings all of
`connlib` down.
Really, we should never see a packet that is too large and ideally, we
enforce this at compile-time by creating different variants of
`IpPacket` that are sized accordingly. That is a large refactoring so
until then, we simply discard them instead of panicking.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Why:
Reduces the number of edge functions that need to run, and thus reducing
the likelihood this endpoint will timeout due to slow edge function
startup.
Bumps
[@mdx-js/loader](https://github.com/mdx-js/mdx/tree/HEAD/packages/loader)
from 3.0.1 to 3.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/mdx-js/mdx/releases"><code>@mdx-js/loader</code>'s
releases</a>.</em></p>
<blockquote>
<h2>3.1.0</h2>
<h4>Add</h4>
<ul>
<li>715ddd96 <strong><code>@mdx-js/esbuild</code></strong>: add source
maps
by <a
href="https://github.com/remcohaszing"><code>@remcohaszing</code></a>
in <a
href="https://redirect.github.com/mdx-js/mdx/pull/2464">mdx-js/mdx#2464</a></li>
<li>d5867203 <strong><code>@mdx-js/node-loader</code></strong>: add
support for options w/ <code>initialize</code></li>
<li>cd2907dd <strong><code>@mdx-js/node-loader</code></strong>: add
support showing messages</li>
<li>ceea80dd <strong><code>@mdx-js/node-loader</code></strong>: add
source maps
by <a
href="https://github.com/remcohaszing"><code>@remcohaszing</code></a>
in <a
href="https://redirect.github.com/mdx-js/mdx/pull/2458">mdx-js/mdx#2458</a></li>
</ul>
<h4>Fix</h4>
<ul>
<li>d306f870 <strong><code>@mdx-js/core</code></strong>: replace
<code>periscopic</code> with <code>estree-util-scope</code></li>
<li>c7479905 <strong><code>@mdx-js/core</code></strong>: fix injecting
providers for jsx in esm, expressions</li>
<li>3a794ab5 <strong><code>@mdx-js/loader</code></strong>: fix ESM type
import
by <a
href="https://github.com/remcohaszing"><code>@remcohaszing</code></a>
in <a
href="https://redirect.github.com/mdx-js/mdx/pull/2452">mdx-js/mdx#2452</a></li>
<li>be79212a <strong><code>@mdx-js/loader</code></strong>: change
webpack peer dependency to optional
by <a href="https://github.com/chenjiahan"><code>@chenjiahan</code></a>
in <a
href="https://redirect.github.com/mdx-js/mdx/pull/2440">mdx-js/mdx#2440</a></li>
</ul>
<h4>Types</h4>
<ul>
<li>f12afda2 Refactor to use <code>@import</code> JSDoc tags
by <a
href="https://github.com/remcohaszing"><code>@remcohaszing</code></a>
in <a
href="https://redirect.github.com/mdx-js/mdx/pull/2498">mdx-js/mdx#2498</a></li>
</ul>
<h4>Miscellaneous</h4>
<ul>
<li>77158cdb Refactor to externalize recma packages</li>
</ul>
<h4>Site</h4>
<ul>
<li>67500792 Add link to <code>parcel-transformer-mdx</code> in
docs</li>
<li>3f8344b3 Add search to site</li>
<li>05ecf65f Fix example</li>
<li>f8648861 Fix types, lints in example
by <a href="https://github.com/karlhorky"><code>@karlhorky</code></a>
in <a
href="https://redirect.github.com/mdx-js/mdx/pull/2518">mdx-js/mdx#2518</a></li>
<li>37318def Add Bun section to Getting started
by <a href="https://github.com/karlhorky"><code>@karlhorky</code></a>
in <a
href="https://redirect.github.com/mdx-js/mdx/pull/2517">mdx-js/mdx#2517</a></li>
<li>07d5e2fc Refactor to improve wording
by <a
href="https://github.com/filippovd20"><code>@filippovd20</code></a> in
<a
href="https://redirect.github.com/mdx-js/mdx/pull/2513">mdx-js/mdx#2513</a></li>
<li>95ba33e1 Add notes on how to type props and components
by <a href="https://github.com/karlhorky"><code>@karlhorky</code></a>
in <a
href="https://redirect.github.com/mdx-js/mdx/pull/2510">mdx-js/mdx#2510</a></li>
<li>044e8b2a Add example illustrating JSX literals, references</li>
<li>1d0a9b68 Add more links across docs</li>
<li>716ab3c8 Fix link for MDX Analyzer
by <a href="https://github.com/karlhorky"><code>@karlhorky</code></a>
in <a
href="https://redirect.github.com/mdx-js/mdx/pull/2509">mdx-js/mdx#2509</a></li>
<li>f1ca4b2f Fix link
by <a href="https://github.com/artola"><code>@artola</code></a> in <a
href="https://redirect.github.com/mdx-js/mdx/pull/2508">mdx-js/mdx#2508</a></li>
<li>11ac939b Add <code>rehype-twoslash</code></li>
<li>b749d38f Add <code>rehype-starry-night</code> to website</li>
<li>dfdcb502 Fix to recommend <code>rehype-mdx-code-props</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eee85d5415"><code>eee85d5</code></a>
3.1.0</li>
<li><a
href="2cb07288ed"><code>2cb0728</code></a>
Refactor code-style</li>
<li><a
href="7b3f558c11"><code>7b3f558</code></a>
Fix tests for Node 23</li>
<li><a
href="11ac939bc3"><code>11ac939</code></a>
Add <code>rehype-twoslash</code></li>
<li><a
href="f12afda243"><code>f12afda</code></a>
Refactor to use TypeScript <code>@import</code> JSDoc tags</li>
<li><a
href="3a794ab5d1"><code>3a794ab</code></a>
Fix ESM type import in Webpack loader</li>
<li><a
href="be79212a20"><code>be79212</code></a>
Change webpack peer dependency to optional in loader</li>
<li>See full diff in <a
href="https://github.com/mdx-js/mdx/commits/3.1.0/packages/loader">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [framer-motion](https://github.com/framer/motion) from 11.11.8 to
11.11.11.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/framer/motion/blob/main/CHANGELOG.md">framer-motion's
changelog</a>.</em></p>
<blockquote>
<h2>[11.11.11] 2024-10-31</h2>
<h3>Fixed</h3>
<ul>
<li>Fixing double <code>update()</code> call on mount.</li>
</ul>
<h2>[11.11.10] 2024-10-25</h2>
<h3>Fixed</h3>
<ul>
<li>Removing <code>will-change</code> from SSR.</li>
</ul>
<h2>[11.11.9] 2024-10-15</h2>
<h3>Changed</h3>
<ul>
<li><code>will-change</code> is now no longer automatically managed
without <code>useWillChange</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1ed83979a8"><code>1ed8397</code></a>
v11.11.11</li>
<li><a
href="4cd15270fb"><code>4cd1527</code></a>
Updating changelog</li>
<li><a
href="f3468b3111"><code>f3468b3</code></a>
Merge pull request <a
href="https://redirect.github.com/framer/motion/issues/2852">#2852</a>
from framer/fix/double-mount-update</li>
<li><a
href="c3593da562"><code>c3593da</code></a>
Fixing</li>
<li><a
href="1e7f9df3c8"><code>1e7f9df</code></a>
Fix double .update() call on mount</li>
<li><a
href="c02ec5a89f"><code>c02ec5a</code></a>
v11.11.10</li>
<li><a
href="1232e7c544"><code>1232e7c</code></a>
Updating changelog</li>
<li><a
href="1cf39c75ee"><code>1cf39c7</code></a>
Merge pull request <a
href="https://redirect.github.com/framer/motion/issues/2845">#2845</a>
from framer/fix/ssr-will-change</li>
<li><a
href="0325534927"><code>0325534</code></a>
Updating test</li>
<li><a
href="5507ae346a"><code>5507ae3</code></a>
Refactor</li>
<li>Additional commits viewable in <a
href="https://github.com/framer/motion/compare/v11.11.8...v11.11.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from
10.4.19 to 10.4.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/autoprefixer/releases">autoprefixer's
releases</a>.</em></p>
<blockquote>
<h2>10.4.20</h2>
<ul>
<li>Fixed <code>fit-content</code> prefix for Firefox.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md">autoprefixer's
changelog</a>.</em></p>
<blockquote>
<h2>10.4.20</h2>
<ul>
<li>Fixed <code>fit-content</code> prefix for Firefox.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dae6eb465d"><code>dae6eb4</code></a>
Release 10.4.20 version</li>
<li><a
href="ee43652953"><code>ee43652</code></a>
Fix fit-content for Firefox</li>
<li><a
href="cf808243ce"><code>cf80824</code></a>
Update dependencies</li>
<li><a
href="49d5ec656a"><code>49d5ec6</code></a>
Move to pnpm 9</li>
<li>See full diff in <a
href="https://github.com/postcss/autoprefixer/compare/10.4.19...10.4.20">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
During normal operation, we should never lose connectivity to the set of
assigned relays in a client or gateway. In the presence of odd network
conditions and partitions however, it is possible that we disconnect
from a relay that is in fact only temporarily unavailable. Without an
explicit mechanism to retrieve new relays, this means that both clients
and gateways can end up with no relays at all. For clients, this can be
fixed by either roaming or signing out and in again. For gateways, this
can only be fixed by a restart!
Without connected relays, no connections can be established. With #7163,
we will at least be able to still establish direct connections. Yet,
that isn't good enough and we need a mechanism for restoring full
connectivity in such a case.
We creating a new connection, we already sample one of our relays and
assign it to this particular connection. This ensures that we don't
create an excessive amount of candidates for each individual connection.
Currently, this selection is allowed to be silently fallible. With this
PR, we make this a hard-error and bubble up the error that all the way
to the client's and gateway's event-loop. There, we initiate a reconnect
to the portal as a compensating action. Reconnecting to the portal means
we will receive another `init` message that allows us to reconnect the
relays.
Due to the nature of this implementation, this fix may only apply with a
certain delay from when we actually lost connectivity to the last relay.
However, this design has the advantage that we don't have to introduce
an additional state within `snownet`: Connections now simply fail to
establish and the next one soon after _should_ succeed again because we
will have received a new `init` message.
Resolves: #7162.
As a first step for integration Sentry into the Android app, we launch
the Sentry Rust agent as soon as a `connlib` session starts up. At a
later point, we can also integrate Sentry into the Android app itself
using the Java / Kotlin SDK.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
This starts up telemetry together with each `connlib` session. At a
later point, we can also integrate the native Swift SDK into the MacOS /
iOS app to catch non-connlib specific problems.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Closes#4883
Refs #7005
Adds support for Ubuntu 24.04, drops support for Ubuntu 20.04
Known issues:
- On Ubuntu 22.04, sometimes GNOME shows the wrong tray icon
- On Ubuntu 24.04, the first time you open the tray menu, GNOME takes a
long time to open the menu.
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Turns out that when using a custom event trigger, the event name doesn't
match what's sent for `sendGTMEvent`. Google tag manager expects
`gtm.formSubmission` instead. 🙃
- Cache responses for `/api/releases` for minimum 60s, preventing Edge
function from firing up if cache is hit
- Fix font-manrope redundancy - was causing issues on local dev
Similar to the GUI and headless clients, adding error reporting via
Sentry should give us much better insight into how well gateways are
performing.
Resolves: #7099.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Bumps
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)
from 18.3.10 to 18.3.11.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This PR implements the new idempotent control protocol for the gateway.
We retain backwards-compatibility with old clients to allow admins to
perform a disruption-free update to the latest version.
With this new control protocol, we are moving the responsibility of
exchanging the proxy IPs we assigned to DNS resources to a p2p protocol
between client and gateway. As a result, wildcard DNS resources only get
authorized on the first access. Accessing a new domain within the same
resource will thus no longer require a roundtrip to the portal.
Overall, users will see a greatly decreased connection setup latency. On
top of that, the new protocol will allow us to more easily implement
packet buffering which will be another UX boost for Firezone.
At present, `connlib` only supports DNS over UDP on port 53. Responses
over UDP are size-constrained on the IP MTU and thus, not all DNS
responses fit into a UDP packet. RFC9210 therefore mandates that all DNS
resolvers must also support DNS over TCP to overcome this limitation
[0].
Handling UDP packets is easy, handling TCP streams is more difficult
because we need to effectively implement a valid TCP state machine.
Building on top of a lot of earlier work (linked in issue), this is
relatively easy because we can now simply import
`dns_over_tcp::{Client,Server}` which do the heavy lifting of sending
and receiving the correct packets for us.
The main aspects of the integration that are worth pointing out are:
- We can handle at most 10 concurrent DNS TCP connections _per defined
resolver_. The assumption here is that most applications will first
query for DNS records over UDP and only fall back to TCP if the response
is truncated. Additionally, we assume that clients will close the TCP
connections once they no longer need it.
- Errors on the TCP stream to an upstream resolver result in `SERVFAIL`
responses to the client.
- All TCP connections to upstream resolvers get reset when we roam, all
currently ongoing queries will be answered with `SERVFAIL`.
- Upon network reset (i.e. roaming), we also re-allocate new local ports
for all TCP sockets, similar to our UDP sockets.
Resolves: #6140.
[0]: https://www.ietf.org/rfc/rfc9210.html#section-3-5
Bumps [postcss](https://github.com/postcss/postcss) from 8.4.39 to
8.4.47.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.4.47</h2>
<ul>
<li>Removed debug code.</li>
</ul>
<h2>8.4.46</h2>
<ul>
<li>Fixed <code>Cannot read properties of undefined (reading
'before')</code>.</li>
</ul>
<h2>8.4.45</h2>
<ul>
<li>Removed unnecessary fix which could lead to infinite loop.</li>
</ul>
<h2>8.4.44</h2>
<ul>
<li>Another way to fix <code>markClean is not a function</code>
error.</li>
</ul>
<h2>8.4.43</h2>
<ul>
<li>Fixed <code>markClean is not a function</code> error.</li>
</ul>
<h2>8.4.42</h2>
<ul>
<li>Fixed CSS syntax error on long minified files (by <a
href="https://github.com/varpstar"><code>@varpstar</code></a>).</li>
</ul>
<h2>8.4.41</h2>
<ul>
<li>Fixed types (by <a
href="https://github.com/nex3"><code>@nex3</code></a> and <a
href="https://github.com/querkmachine"><code>@querkmachine</code></a>).</li>
<li>Cleaned up RegExps (by <a
href="https://github.com/bluwy"><code>@bluwy</code></a>).</li>
</ul>
<h2>8.4.40</h2>
<ul>
<li>Moved to getter/setter in nodes types to help Sass team (by <a
href="https://github.com/nex3"><code>@nex3</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.4.47</h2>
<ul>
<li>Removed debug code.</li>
</ul>
<h2>8.4.46</h2>
<ul>
<li>Fixed <code>Cannot read properties of undefined (reading
'before')</code>.</li>
</ul>
<h2>8.4.45</h2>
<ul>
<li>Removed unnecessary fix which could lead to infinite loop.</li>
</ul>
<h2>8.4.44</h2>
<ul>
<li>Another way to fix <code>markClean is not a function</code>
error.</li>
</ul>
<h2>8.4.43</h2>
<ul>
<li>Fixed <code>markClean is not a function</code> error.</li>
</ul>
<h2>8.4.42</h2>
<ul>
<li>Fixed CSS syntax error on long minified files (by <a
href="https://github.com/varpstar"><code>@varpstar</code></a>).</li>
</ul>
<h2>8.4.41</h2>
<ul>
<li>Fixed types (by <a
href="https://github.com/nex3"><code>@nex3</code></a> and <a
href="https://github.com/querkmachine"><code>@querkmachine</code></a>).</li>
<li>Cleaned up RegExps (by <a
href="https://github.com/bluwy"><code>@bluwy</code></a>).</li>
</ul>
<h2>8.4.40</h2>
<ul>
<li>Moved to getter/setter in nodes types to help Sass team (by <a
href="https://github.com/nex3"><code>@nex3</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e6fd1302d"><code>5e6fd13</code></a>
Release 8.4.47 version</li>
<li><a
href="714bc10258"><code>714bc10</code></a>
Typo</li>
<li><a
href="439d20e651"><code>439d20e</code></a>
Release 8.4.46 version</li>
<li><a
href="b93582f68e"><code>b93582f</code></a>
Update dependencies</li>
<li><a
href="c51e46767d"><code>c51e467</code></a>
Fix error on inserting node without raws in some cases</li>
<li><a
href="829ae47d6b"><code>829ae47</code></a>
Update dependencies</li>
<li><a
href="5aaaec2214"><code>5aaaec2</code></a>
Update remaining workflow jobs to use latest version of actions (<a
href="https://redirect.github.com/postcss/postcss/issues/1968">#1968</a>)</li>
<li><a
href="448c4f34d6"><code>448c4f3</code></a>
Release 8.4.45 version</li>
<li><a
href="1c77d2e333"><code>1c77d2e</code></a>
Update unnecessary check</li>
<li><a
href="f38b329323"><code>f38b329</code></a>
Try to fix CI</li>
<li>Additional commits viewable in <a
href="https://github.com/postcss/postcss/compare/8.4.39...8.4.47">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom)
from 18.3.0 to 18.3.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from
3.4.10 to 3.4.14.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.14</h2>
<h3>Fixed</h3>
<ul>
<li>Don't set <code>display: none</code> on elements that use
<code>hidden="until-found"</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14625">#14625</a>)</li>
</ul>
<h2>v3.4.13</h2>
<h3>Fixed</h3>
<ul>
<li>Improve source glob verification performance (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14481">#14481</a>)</li>
</ul>
<h2>v3.4.12</h2>
<h3>Fixed</h3>
<ul>
<li>Ensure using <code>@apply</code> with utilities that use
<code>@defaults</code> works with rules defined in the base layer when
using <code>optimizeUniversalDefaults</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14427">#14427</a>)</li>
</ul>
<h2>v3.4.11</h2>
<h3>Fixed</h3>
<ul>
<li>Allow <code>anchor-size(…)</code> in arbitrary values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14393">#14393</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/v3.4.14/CHANGELOG.md">tailwindcss's
changelog</a>.</em></p>
<blockquote>
<h2>[3.4.14] - 2024-10-15</h2>
<h3>Fixed</h3>
<ul>
<li>Don't set <code>display: none</code> on elements that use
<code>hidden="until-found"</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14625">#14625</a>)</li>
</ul>
<h2>[3.4.13] - 2024-09-23</h2>
<h3>Fixed</h3>
<ul>
<li>Improve source glob verification performance (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14481">#14481</a>)</li>
</ul>
<h2>[3.4.12] - 2024-09-17</h2>
<h3>Fixed</h3>
<ul>
<li>Ensure using <code>@apply</code> with utilities that use
<code>@defaults</code> works with rules defined in the base layer when
using <code>optimizeUniversalDefaults</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14427">#14427</a>)</li>
</ul>
<h2>[3.4.11] - 2024-09-11</h2>
<h3>Fixed</h3>
<ul>
<li>Allow <code>anchor-size(…)</code> in arbitrary values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14393">#14393</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c616fb9562"><code>c616fb9</code></a>
3.4.14</li>
<li><a
href="b570e2b887"><code>b570e2b</code></a>
Don't set <code>display: none</code> on elements that use
<code>hidden="until-found"</code> (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14625">#14625</a>)</li>
<li><a
href="ed3c5356b7"><code>ed3c535</code></a>
3.4.13</li>
<li><a
href="066ccf8894"><code>066ccf8</code></a>
Improve the performance when checking broad glob patterns. (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14481">#14481</a>)</li>
<li><a
href="e8614a268d"><code>e8614a2</code></a>
3.4.12</li>
<li><a
href="fe48ca83d8"><code>fe48ca8</code></a>
Insert <code>@defaults</code> at start of stylesheet (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14427">#14427</a>)</li>
<li><a
href="818d10ab84"><code>818d10a</code></a>
3.4.11</li>
<li><a
href="8dd9246a87"><code>8dd9246</code></a>
update changelog</li>
<li><a
href="6d9ae82ba3"><code>6d9ae82</code></a>
Allow <code>anchor-size(…)</code> in arbitrary values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14393">#14393</a>)</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/compare/v3.4.10...v3.4.14">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
