Firezone

firezone.dev
Firezone Icon

Open-source self-hosted VPN and firewall built on WireGuard®.

Open Source

Firezone Source Code

Author

firezone

Description

Enterprise-ready zero-trust access platform built on WireGuard®.

#cloud#devsecops#elixir#elixir-lang#firewall#liveview#network#network-security#networking#phoenix#privacy#rust-lang#security#self-hosted#virtual-network#vpn#vpn-server#wireguard#wireguard-ui#wireguard-vpn

Homepage

https://www.firezone.dev

License

Apache-2.0

Created

22 Apr 20

Last Updated

05 Oct 24

Latest version

headless-client-1.3.4

Primary Language

Elixir

Size

171,542 KB

Stars

6,750

Forks

282

Watchers

6,750

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • dependabot[bot] (04 Oct 24)

    build(deps): Bump micromatch from 4.0.5 to 4.0.8 in /rust/gui-client in the npm_and_yarn group (#6933) Bumps the npm_and_yarn group in /rust/gui-client with 1 update: [micromatch](https://github.com/micromatch/micromatch). Updates `micromatch` from 4.0.5 to 4.0.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/micromatch/releases">micromatch's releases</a>.</em></p> <blockquote> <h2>4.0.8</h2> <p>Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md">micromatch's changelog</a>.</em></p> <blockquote> <h2>[4.0.8] - 2024-08-22</h2> <ul> <li>backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch</li> </ul> <h2>[4.0.7] - 2024-05-22</h2> <ul> <li>this is basically v4.0.5, with some README updates</li> <li><strong>it is vulnerable to CVE-2024-4067</strong></li> <li>Updated braces to v3.0.3 to avoid CVE-2024-4068</li> <li>does NOT break API compatibility</li> </ul> <h2>[4.0.6] - 2024-05-21</h2> <ul> <li>Added <code>hasBraces</code> to check if a pattern contains braces.</li> <li>Fixes CVE-2024-4067</li> <li><strong>BREAKS API COMPATIBILITY</strong></li> <li>Should be labeled as a major release, but it's not.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/micromatch/commit/8bd704ec0d9894693d35da425d827819916be920"><code>8bd704e</code></a> 4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/a0e68416a44da10f3e4e30845ab95af4fd286d5a"><code>a0e6841</code></a> run verb to generate README documentation</li> <li><a href="https://github.com/micromatch/micromatch/commit/4ec288484f6e8cccf597ad3d43529c31d0f7a02a"><code>4ec2884</code></a> Merge branch 'v4' into hauserkristof-feature/v4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade"><code>03aa805</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/micromatch/issues/266">#266</a> from hauserkristof/feature/v4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/814f5f70efcd100ca9d29198867812a3d6ab91a8"><code>814f5f7</code></a> lint</li> <li><a href="https://github.com/micromatch/micromatch/commit/67fcce6a1077c2faf5ad0c5f998fa70202cc5dae"><code>67fcce6</code></a> fix: CHANGELOG about braces &amp; CVE-2024-4068, v4.0.5</li> <li><a href="https://github.com/micromatch/micromatch/commit/113f2e3fa7cb30b429eda7c4c38475a8e8ba1b30"><code>113f2e3</code></a> fix: CVE numbers in CHANGELOG</li> <li><a href="https://github.com/micromatch/micromatch/commit/d9dbd9a266686f44afb38da26fe016f96d1ec04f"><code>d9dbd9a</code></a> feat: updated CHANGELOG</li> <li><a href="https://github.com/micromatch/micromatch/commit/2ab13157f416679f54e3a32b1425e184bd16749e"><code>2ab1315</code></a> fix: use actions/setup-node@v4</li> <li><a href="https://github.com/micromatch/micromatch/commit/1406ea38f3e24b29f4d4f46908d5cffcb3e6c4ce"><code>1406ea3</code></a> feat: rework test to work on macos with node 10,12 and 14</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=micromatch&package-manager=npm_and_yarn&previous-version=4.0.5&new-version=4.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/firezone/firezone/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • Reactor Scram (04 Oct 24)

    chore(rust/headless-client): deactivate DNS control sooner (#6932) This matches roughly when the IPC service deactivates DNS control. I did this because while debugging #6777 I've accidentally trashed my DNS and then Windows says it has no Internet and so the headless Client can't connect to the portal until I run the IPC service to deactivate DNS control.

  • Andrew Dryga (04 Oct 24)

    feat(portal): Accept hardware identifier fields and reset verification when they are changed (#6914) If previous value is **null then** a new value is persisted and verification is **not removed**. If previous value is **not null** then a new value is persisted and verification is **removed**. <img width="957" alt="Screenshot 2024-10-02 at 4 59 58 PM" src="https://github.com/user-attachments/assets/302208ca-3693-40f7-a08a-4521b7c0df05"> --------- Signed-off-by: Andrew Dryga <[email protected]> Co-authored-by: Jamil <[email protected]>

  • Thomas Eizinger (03 Oct 24)

    refactor(connlib): introduce dedicated `Resource` model (#6920) Following up from #6919, this PR introduces a dedicated, internal model for resources as to how the client uses them. This separation serves several purposes: 1. It allows us to introduce an `Unknown` resource type, ensuring forwards-compatibility with future resource types. 2. It allows us to remove trait implementations like `PartialEq` or `PartialOrd` from the message types. With #6732, the messages will include types like `SecretKey`s which cannot be compared. 3. A decoupling of serialisation and domain models is good practice in general and has long been overdue.

  • Reactor Scram (03 Oct 24)

    docs(rust/client/windows): known issue, DNS Resources don't work inside WSL (#6930) #6777 includes a workaround that isn't quite good enough to publish, and some theory on how we can fix it.

  • Reactor Scram (03 Oct 24)

    refactor(rust/gui-client): refactor system tray to work with the GTK prototype (#6917) Extracted from #6838 `tray-icon` as used by the GTK prototype handles checkboxes a little different than the older `tray-icon` as exposed by Tauri v1, this accounts for that difference. --------- Signed-off-by: Reactor Scram <[email protected]>

  • dependabot[bot] (03 Oct 24)

    build(deps): Bump tonic from 0.12.2 to 0.12.3 in /rust in the cargo group (#6908) Bumps the cargo group in /rust with 1 update: [tonic](https://github.com/hyperium/tonic). Updates `tonic` from 0.12.2 to 0.12.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hyperium/tonic/releases">tonic's releases</a>.</em></p> <blockquote> <h2>v0.12.3</h2> <h1><a href="https://github.com/hyperium/tonic/compare/v0.12.2...v0.12.3">0.12.3</a> (2024-08-29)</h1> <h3>Features</h3> <ul> <li><strong>server:</strong> Added support for grpc max_connection_age (<a href="https://redirect.github.com/hyperium/tonic/issues/1865">#1865</a>)</li> <li><strong>build:</strong> Add <code>#[deprecated]</code> to deprecated client methods (<a href="https://redirect.github.com/hyperium/tonic/issues/1879">#1879</a>)</li> <li><strong>build:</strong> plumb skip_debug through prost Builder and add test (<a href="https://redirect.github.com/hyperium/tonic/issues/1900">#1900</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>build:</strong> Revert &quot;fix tonic-build cargo build script outputs (<a href="https://redirect.github.com/hyperium/tonic/issues/1821">#1821</a>)&quot; which accidentally increases MSRV (<a href="https://redirect.github.com/hyperium/tonic/issues/1898">#1898</a>)</li> <li><strong>server:</strong> ignore more error kinds in incoming socket stream (<a href="https://redirect.github.com/hyperium/tonic/issues/1885">#1885</a>)</li> <li><strong>transport</strong>: do not shutdown server on broken connections (<a href="https://redirect.github.com/hyperium/tonic/issues/1948">#1948</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hyperium/tonic/blob/master/CHANGELOG.md">tonic's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/hyperium/tonic/compare/v0.12.2...v0.12.3">0.12.3</a> (2024-08-29)</h1> <h3>Features</h3> <ul> <li><strong>server:</strong> Added support for grpc max_connection_age (<a href="https://redirect.github.com/hyperium/tonic/issues/1865">#1865</a>)</li> <li><strong>build:</strong> Add <code>#[deprecated]</code> to deprecated client methods (<a href="https://redirect.github.com/hyperium/tonic/issues/1879">#1879</a>)</li> <li><strong>build:</strong> plumb skip_debug through prost Builder and add test (<a href="https://redirect.github.com/hyperium/tonic/issues/1900">#1900</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>build:</strong> Revert &quot;fix tonic-build cargo build script outputs (<a href="https://redirect.github.com/hyperium/tonic/issues/1821">#1821</a>)&quot; which accidentally increases MSRV (<a href="https://redirect.github.com/hyperium/tonic/issues/1898">#1898</a>)</li> <li><strong>server:</strong> ignore more error kinds in incoming socket stream (<a href="https://redirect.github.com/hyperium/tonic/issues/1885">#1885</a>)</li> <li><strong>transport</strong>: do not shutdown server on broken connections (<a href="https://redirect.github.com/hyperium/tonic/issues/1948">#1948</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hyperium/tonic/commit/4b8d2c46aa57e40b1e80077f4f7b7d4679027bb5"><code>4b8d2c4</code></a> chore: prepare 0.12.3 release (<a href="https://redirect.github.com/hyperium/tonic/issues/1899">#1899</a>)</li> <li><a href="https://github.com/hyperium/tonic/commit/517b7fc9370b58df5eed4ceffeff405d3df40389"><code>517b7fc</code></a> Use constants for header names (<a href="https://redirect.github.com/hyperium/tonic/issues/1933">#1933</a>)</li> <li><a href="https://github.com/hyperium/tonic/commit/3c900ebd0bca00e2bae211e4f04e24512d29f5e7"><code>3c900eb</code></a> Clean up EncodeBody API (<a href="https://redirect.github.com/hyperium/tonic/issues/1924">#1924</a>)</li> <li><a href="https://github.com/hyperium/tonic/commit/e6782fe5f987960e96e48671bbaacc802dfddab9"><code>e6782fe</code></a> fix: add <code>tower?/util</code> dep for <code>channel</code> feature only builds (<a href="https://redirect.github.com/hyperium/tonic/issues/1954">#1954</a>)</li> <li><a href="https://github.com/hyperium/tonic/commit/6d93c1d0c1a593a5e5476d9c47a1016748acbb5f"><code>6d93c1d</code></a> chore: Make codegen independent from protoc (<a href="https://redirect.github.com/hyperium/tonic/issues/1953">#1953</a>)</li> <li><a href="https://github.com/hyperium/tonic/commit/f074f134687391cc1df73e98db2c07c812e0a495"><code>f074f13</code></a> chore(health): Update generated code (<a href="https://redirect.github.com/hyperium/tonic/issues/1951">#1951</a>)</li> <li><a href="https://github.com/hyperium/tonic/commit/474390bdd06ca3f0be007250b1afbfec6a655873"><code>474390b</code></a> fix(tls): do not shutdown server on broken connections (<a href="https://redirect.github.com/hyperium/tonic/issues/1948">#1948</a>)</li> <li><a href="https://github.com/hyperium/tonic/commit/ec410141173077baba02527618097b406e47b7fa"><code>ec41014</code></a> chore: update releasing documentation (<a href="https://redirect.github.com/hyperium/tonic/issues/1807">#1807</a>)</li> <li><a href="https://github.com/hyperium/tonic/commit/a09d45347e6815d0c35db4c30154db92a40d1d9c"><code>a09d453</code></a> optimize header name handling in <code>Grpc::map_response</code> (<a href="https://redirect.github.com/hyperium/tonic/issues/1359">#1359</a>)</li> <li><a href="https://github.com/hyperium/tonic/commit/99b663e3a7becf007f9d06471496b8814fd67d77"><code>99b663e</code></a> chore(test): Move integration test for tonic-web to tests directory (<a href="https://redirect.github.com/hyperium/tonic/issues/1927">#1927</a>)</li> <li>Additional commits viewable in <a href="https://github.com/hyperium/tonic/compare/v0.12.2...v0.12.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tonic&package-manager=cargo&previous-version=0.12.2&new-version=0.12.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/firezone/firezone/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: _ <[email protected]>

  • Thomas Eizinger (03 Oct 24)

    refactor(connlib): repurpose `connlib-shared` as `connlib-model` (#6919) The `connlib-shared` crate has become a bit of a dependency magnet without a clear purpose. It hosts utilities like `get_user_agent`, messages for the client and gateway to communicate with the portal and domain types like `ResourceId`. To create a better dependency structure in our workspace, we repurpose `connlib-shared` as a `connlib-model` crate. Its purpose is to host domain-specific model types that multiple crates may want to use. For that purpose, we rename the `callbacks::ResourceDescription` type to `ResourceView`, designating that this is a _view_ onto a resource as seen by `connlib`. The message types which currently double up as connlib-internal model thus become an implementation detail of `firezone-tunnel` and shouldn't be used for anything else. --------- Signed-off-by: Reactor Scram <[email protected]> Co-authored-by: Reactor Scram <[email protected]>

  • Reactor Scram (03 Oct 24)

    refactor(rust/gui-client): remove borrows from part of the system tray code (#6916) Extracted from #6838 This leads to extra cloning of strings, but if there's less than 1,000 Resources and the tray doesn't update often, it should be fine. We can sample performance with sentry.io if we're worried.

  • Jamil (03 Oct 24)

    ci: Bump all clients and gateway (#6923) Main fix: idle connection timing. These have already been released. --------- Signed-off-by: Jamil <[email protected]>

  • Jamil (03 Oct 24)

    fix(connlib): also read `device_uuid` for PC systems (#6921) Addresses the comment here: https://github.com/firezone/firezone/pull/6857#issuecomment-2390457560

  • Thomas Eizinger (02 Oct 24)

    fix(connlib): reintroduce device-ID hashing (#6918) As part of iterating on the correct approach in #6857, we at some point removed the hashing of the Firezone-generated device ID. This will break customers because all of the device IDs as seen by the portal are changing. We've since settled on a different approach for device verification. To not break anyone, we are re-introducing hashing of the device ID. Related: #6857.

  • Thomas Eizinger (02 Oct 24)

    feat(connlib): implement TRACE logging for DNS (#6907) When debugging DNS-related issues, it is useful to see all DNS queries that go into `connlib` and the responses that we generate. Analogous to the `wire::net` and `wire::dev` TRACE logs, we introduce `wire::dns` which logs incoming queries and the responses on TRACE. The output looks like this: ``` 2024-10-02T00:16:47.522847Z TRACE wire::dns::qry: A caldav.fastmail.com qid=55845 2024-10-02T00:16:47.522926Z TRACE wire::dns::qry: AAAA caldav.fastmail.com qid=56277 2024-10-02T00:16:47.531347Z TRACE wire::dns::res: AAAA caldav.fastmail.com => [] qid=56277 rcode=NOERROR 2024-10-02T00:16:47.538984Z TRACE wire::dns::res: A caldav.fastmail.com => [103.168.172.46 | 103.168.172.61] qid=55845 rcode=NOERROR 2024-10-02T00:16:47.580237Z TRACE wire::dns::qry: HTTPS cloudflare-dns.com qid=21518 2024-10-02T00:16:47.580338Z TRACE wire::dns::qry: A example.org qid=35459 2024-10-02T00:16:47.580364Z TRACE wire::dns::qry: AAAA example.org qid=60073 2024-10-02T00:16:47.580699Z TRACE wire::dns::qry: AAAA ipv4only.arpa qid=17280 2024-10-02T00:16:47.580782Z TRACE wire::dns::qry: A ipv4only.arpa qid=47215 2024-10-02T00:16:47.581134Z TRACE wire::dns::qry: A detectportal.firefox.com qid=34970 2024-10-02T00:16:47.581261Z TRACE wire::dns::qry: AAAA detectportal.firefox.com qid=39505 2024-10-02T00:16:47.609502Z TRACE wire::dns::res: AAAA example.org => [2606:2800:21f:cb07:6820:80da:af6b:8b2c] qid=60073 rcode=NOERROR 2024-10-02T00:16:47.609640Z TRACE wire::dns::res: AAAA ipv4only.arpa => [] qid=17280 rcode=NOERROR 2024-10-02T00:16:47.610407Z TRACE wire::dns::res: A ipv4only.arpa => [192.0.0.170 | 192.0.0.171] qid=47215 rcode=NOERROR 2024-10-02T00:16:47.617952Z TRACE wire::dns::res: HTTPS cloudflare-dns.com => [1 alpn=h3,h2 ipv4hint=104.16.248.249,104.16.249.249 ipv6hint=2606:4700::6810:f8f9,2606:4700::6810:f9f9] qid=21518 rcode=NOERROR 2024-10-02T00:16:47.631124Z TRACE wire::dns::res: A example.org => [93.184.215.14] qid=35459 rcode=NOERROR 2024-10-02T00:16:47.640286Z TRACE wire::dns::res: AAAA detectportal.firefox.com => [detectportal.prod.mozaws.net. | prod.detectportal.prod.cloudops.mozgcp.net. | 2600:1901:0:38d7::] qid=39505 rcode=NOERROR 2024-10-02T00:16:47.641332Z TRACE wire::dns::res: A detectportal.firefox.com => [detectportal.prod.mozaws.net. | prod.detectportal.prod.cloudops.mozgcp.net. | 34.107.221.82] qid=34970 rcode=NOERROR 2024-10-02T00:16:48.737608Z TRACE wire::dns::qry: AAAA myfiles.fastmail.com qid=52965 2024-10-02T00:16:48.737710Z TRACE wire::dns::qry: A myfiles.fastmail.com qid=5114 2024-10-02T00:16:48.745282Z TRACE wire::dns::res: AAAA myfiles.fastmail.com => [] qid=52965 rcode=NOERROR 2024-10-02T00:16:49.027932Z TRACE wire::dns::res: A myfiles.fastmail.com => [103.168.172.46 | 103.168.172.61] qid=5114 rcode=NOERROR 2024-10-02T00:16:49.190054Z TRACE wire::dns::qry: HTTPS github.com qid=64696 2024-10-02T00:16:49.190171Z TRACE wire::dns::qry: A github.com qid=11912 2024-10-02T00:16:49.190502Z TRACE wire::dns::res: A github.com => [100.96.0.1 | 100.96.0.2 | 100.96.0.3 | 100.96.0.4] qid=11912 rcode=NOERROR 2024-10-02T00:16:49.190619Z TRACE wire::dns::qry: A github.com qid=63366 2024-10-02T00:16:49.190730Z TRACE wire::dns::res: A github.com => [100.96.0.1 | 100.96.0.2 | 100.96.0.3 | 100.96.0.4] qid=63366 rcode=NOERROR ``` As with the other filters, seeing both queries and responses can be achieved with `RUST_LOG=wire::dns=trace`. If you are only interested in the responses, you can activate a more specific log filter using `RUST_LOG=wire::dns::res=trace`. All responses also print the original query that they are answering. Resolves: #6862.

  • Thomas Eizinger (02 Oct 24)

    fix(connlib): handle silently rebooted / disconnected relays (#6666) Our relays are essential for connectivity because they also perform STUN for us through which we learn our server-reflexive address. Thus, we must at all times have at least one relay that we can reach in order to establish a connection. The portal tracks the connectivity to the relays for us and in case any of them go down, sends us a `relays_presence` message, meaning we can stop using that relay and migrate any relayed connections to a new one. This works well for as long as we are connected to the portal while the relay is rebooting / going-down. If we are not currently connected to the portal and a relay we are using reboots, we don't learn about it. At least if we are actively using it, the connection will fail and further attempted communication with the relay will time-out and we will stop using it. In case we aren't currently using the relay, this gets a bit trickier. If we aren't using the relay but it rebooted while we were partitioned from the portal, logging in again might return the same relay to us in the `init` message, but this time with different credentials. The first bug that we are fixing in this PR is that we previously ignored those credentials because we already knew about the relay, thinking that we can still use our existing credentials. The fix here is to also compare the credentials and ditch the local state if they differ. The second bug identified during fixing the first one is that we need to pro-actively probe whether all other relays that we know about are actually still responsive. For that, we issue a `REFRESH` message to them. If that one times-out or fails otherwise, we will remove that one from our list of `Allocation`s too. To fix the 2nd bug, several changes were necessary: 1. We lower the log-level of `Disconnecting from relay` from ERROR to WARN. Any ERROR emitted during a test-run fails our test-suite which is what partially motivated this. The test suite builds on the assumption that ERRORs are fatal and thus should never happen during our tests. This change surfaces that disconnecting from a relay can indeed happen during normal operation, which justifies lowering this to WARN. Users should at the minimum monitor on WARN to be alerted about problems. 2. We reduce the total backoff duration for requests to relays from 60s to 10s. The current 60s result in total of 8 retries. UDP is unreliable but it isn't THAT unreliable to justify retrying everything for 60s. We also use a 10s timeout for ICE, which means these are now aligned to better match each other. We had to change the max backoff duration because we only idle-spin for at most 10s in the tests and thus the current 60s were too long to detect that a relay actually disappeared. 3. We had to shuffle around some function calls to make sure all intermediary event buffers are emptied at the right point in time to make the test deterministic. Fixes: #6648.

  • Reactor Scram (02 Oct 24)

    docs(rust/gui-client/linux): clarify supported Ubuntu versions (#6904) Ubuntu 20.04 ARM doesn't work because we're building on 22.04 in CI against a newer glibc --------- Signed-off-by: Reactor Scram <[email protected]>

  • Andrew Dryga (02 Oct 24)

    feat(portal): Refresh browser session token expirations using OIDC (#6786) Closes [#2042](https://github.com/firezone/firezone/issues/2042)

  • dependabot[bot] (02 Oct 24)

    build(deps): Bump flowbite from 2.5.1 to 2.5.2 in /elixir/apps/web/assets (#6885) Bumps [flowbite](https://github.com/themesberg/flowbite) from 2.5.1 to 2.5.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/themesberg/flowbite/releases">flowbite's releases</a>.</em></p> <blockquote> <h2>v2.5.2</h2> <ul> <li>release new <a href="https://flowbite.com/docs/plugins/wysiwyg/">WYSIWYG text editor</a> component</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/themesberg/flowbite/commit/5c8df35e2b01e2e83f9ab1702a06c3c9d4e8a872"><code>5c8df35</code></a> docs(readme): add wysiwyg to readme</li> <li><a href="https://github.com/themesberg/flowbite/commit/26cb313102ec7eb9109c21f346d023432ee6d488"><code>26cb313</code></a> Merge pull request <a href="https://redirect.github.com/themesberg/flowbite/issues/971">#971</a> from themesberg/wysiwyg</li> <li><a href="https://github.com/themesberg/flowbite/commit/933b112fef90abd14d68bc0b0dfc353b4920d06b"><code>933b112</code></a> chore(wysiwyg) update to <code>v2.5.2</code></li> <li><a href="https://github.com/themesberg/flowbite/commit/7aa2a6b366f9fdecab53a6daa22456b5e098a323"><code>7aa2a6b</code></a> feat(wysiwyg): finish the component</li> <li><a href="https://github.com/themesberg/flowbite/commit/e799dc286ee3547f0e3d7b51f452228a2e28324e"><code>e799dc2</code></a> feat(wysiwyg): add toggle buttons</li> <li><a href="https://github.com/themesberg/flowbite/commit/30f5133ec36a2eec06ad7a10d52d7c9802d5f9cc"><code>30f5133</code></a> feat(wysiwyg): add next and prev cell navigation butoons</li> <li><a href="https://github.com/themesberg/flowbite/commit/6e4cb24cf84b3bf3e87d04fc7eac9f03e21f1672"><code>6e4cb24</code></a> feat(wysiwyg): set styles for currently selected cells</li> <li><a href="https://github.com/themesberg/flowbite/commit/3d3261d3afc82e3ed6e8b2e90d8ee441c3ad9b72"><code>3d3261d</code></a> feat(wysiwyg): delete table feature and organise buttons</li> <li><a href="https://github.com/themesberg/flowbite/commit/8270c058989455afc6d26b4a026e0f72ac8dd43a"><code>8270c05</code></a> feat(wysiwyg): add column and row behaviour actions</li> <li><a href="https://github.com/themesberg/flowbite/commit/145f5617fb656a68d65b0bc8e2e03e5c060f5223"><code>145f561</code></a> docs(wysiwyg): write js behaviour docs</li> <li>Additional commits viewable in <a href="https://github.com/themesberg/flowbite/compare/v2.5.1...v2.5.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=flowbite&package-manager=npm_and_yarn&previous-version=2.5.1&new-version=2.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • Jamil (02 Oct 24)

    docs: add note on how to rotate client secret for windows code signing (#6900) Moved the code signing to our US-based Azure account (firezoneprod.onmicrosoft.com) --------- Signed-off-by: Jamil <[email protected]> Co-authored-by: Reactor Scram <[email protected]> Co-authored-by: Brian Manifold <[email protected]> Co-authored-by: Thomas Eizinger <[email protected]>

  • Reactor Scram (02 Oct 24)

    chore(ci): remove unused env var (#6903) `SENTRY_ENVIRONMENT` is only read at run time, not at build time, and we override the environment in our code anyway, so this env var was doing nothing.

  • Thomas Eizinger (02 Oct 24)

    ci(rust): increase number of proptest runs (#6910) Our tests are pretty fast now, meaning we can afford running more permutations. This makes it less likely to encounter flakes in the "coverage" tests where we grep for certain log lines to ensure that the tests hit certain code paths. Signed-off-by: Thomas Eizinger <[email protected]>

  • Gabi (02 Oct 24)

    feat(clients): use hardware id for device verification (#6857) We want to associate additional device information for the device verification, these are all parameters that tries to uniquely identify the hardware. For that reason we read system information and send it as part of the query params to the portal, that way the portal can store this when device is verified and match against that later on. These are the parameters according to each platform: |Platform|Query Field|Field Meaning| |-----|----|-----| |MacOS|`device_serial`|Hardware's Serial| |MacOS| `device_uuid`|Hardware's UUID| |iOS|`identifier_for_vendor`| Identifier for vendor, resets only on uninstall/install| |Android|`firebase_installation_id`| Firebase installation ID, resets only on uninstall/install| |Windows|`device_serial`|Motherboard's Serial| |Linux|`device_serial`|Motherboard's Serial| Fixes #6837

  • Thomas Eizinger (02 Oct 24)

    fix(connlib): don't add new relays after nomination (#6876) When relays reboot or get redeployed, the portal sends us new relays to use and or relays we should discontinue using. To be more efficient with battery and network usage, `connlib` only ever samples a single relay out of all existing ones for a particular connection. In case of a network topology where we need to use relays, there are situations we can end up in: - The client connects to the gateway's relay, i.e. to the port the gateway allocated on the relay. - The gateway connects to the client's relay, i.e to the port the client allocated on the relay. When we detect that a relay is down, the party that allocated the port will now immediately (once #6666 is merged). The other party needs to wait until it receives the invalidated candidates from its peer. Invalidating that candidate will also invalidate the currently nominated socket and fail the connection. In theory at least. That only works if there are no other candidates available to try. This is where this patch becomes important. Say we have the following setup: - Client samples relay A. - Gateway samples relay B. - The nominated candidate pair is "client server-reflexive <=> relay B", i.e. the client talks to the allocated port on the gateway. Next: 1. Client and portal get network-partitioned. 2. Relay B disappears. 3. Relay C appears. 4. Relay A reboots. 5. Client reconnects. At this point, the client is told by the portal to use relays A & C. Note that relay A rebooted and thus the allocation previously present on the client is no longer valid. With #6666, we will detect this by comparing credentials & IPs. The gateway is being told about the same relays and as part of that, tests that relay B is still there. It learns that it isn't, invalidates the candidates which fails the connection to the client (but only locally!). Meanwhile, as part of the regular `init` procedure, the client made a new allocation with relays A & C. Because it had previously selected relay A for the connection with the gateway, the new candidates are added to the agent, forming new pairs. The gateway has already given up on this connection however so it won't ever answer these STUN requests. Concurrently, the gateway's invalidated candidates arrive the client. They however don't fail the connection because the client is probing the newly added candidates. This creates a state mismatch between the client and gateway that is only resolved after the candidates start timing out, adding an additional delay during which the connection isn't working. With this PR, we prevent this from happening by only ever adding new candidates while we are still in the nomination process of a socket. In theory, there exists a race condition in which we nominate a relay candidate first and then miss out on a server-reflexive candidate not being added. In practice, this won't happen because: - Our host candidates are always available first. - We learn server-reflexive candidates already as part of the initial BINDING, before creating the allocation. - We learn server-reflexive candidates from all relays, not just the one that has been assigned. Related: #6666.

  • Andrew Dryga (01 Oct 24)

    feat(portal): Allow connection-time conditions for internet resources (#6899) Closes #6848

  • Andrew Dryga (01 Oct 24)

    fix(portal): Change provider_identifier type to citext (#6901) Closes #6872

  • dependabot[bot] (01 Oct 24)

    build(deps): Bump androidx.navigation:navigation-safe-args-gradle-plugin from 2.7.7 to 2.8.1 in /kotlin/android (#6892) Bumps androidx.navigation:navigation-safe-args-gradle-plugin from 2.7.7 to 2.8.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=androidx.navigation:navigation-safe-args-gradle-plugin&package-manager=gradle&previous-version=2.7.7&new-version=2.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • dependabot[bot] (01 Oct 24)

    build(deps-dev): Bump typescript from 5.5.4 to 5.6.2 in /rust/gui-client (#6881) Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.5.4 to 5.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/TypeScript/releases">typescript's releases</a>.</em></p> <blockquote> <h2>TypeScript 5.6</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-6/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.6.0%22+is%3Aclosed+">fixed issues query for Typescript 5.6.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.6.1%22+is%3Aclosed+">fixed issues query for Typescript 5.6.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.6.2%22+is%3Aclosed+">fixed issues query for Typescript 5.6.2 (Stable)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> <h2>TypeScript 5.6 RC</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-6-rc/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;milestone%3A%22TypeScript+5.6.1%22+is%3Aclosed+">fixed issues query for TypeScript v5.6.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;milestone%3A%22TypeScript+5.6.0%22+is%3Aclosed+">fixed issues query for TypeScript v5.6.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> <h2>TypeScript 5.6 Beta</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-6-beta/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.6.0%22+is%3Aclosed+">fixed issues query for Typescript 5.6.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/TypeScript/commit/a7e3374f13327483fbe94e32806d65785b0b6cda"><code>a7e3374</code></a> Bump version to 5.6.2 and LKG</li> <li><a href="https://github.com/microsoft/TypeScript/commit/20633579fcf88f6b61774349740de4841d2b8b5c"><code>2063357</code></a> 🤖 Pick PR <a href="https://redirect.github.com/microsoft/TypeScript/issues/59708">#59708</a> (LEGO: Pull request from lego/hb_537...) into release-5.6 (#...</li> <li><a href="https://github.com/microsoft/TypeScript/commit/4fe7e41ea1a92ecbd59119666be2d60164785391"><code>4fe7e41</code></a> 🤖 Pick PR <a href="https://redirect.github.com/microsoft/TypeScript/issues/59670">#59670</a> (fix(59649): ts Move to a new file d...) into release-5.6 (#...</li> <li><a href="https://github.com/microsoft/TypeScript/commit/1a03e5340ae0b83ce1b1f743763625f89e92ca91"><code>1a03e53</code></a> 🤖 Pick PR <a href="https://redirect.github.com/microsoft/TypeScript/issues/59761">#59761</a> (<code>this</code> can be nullish) into release-5.6 (<a href="https://redirect.github.com/microsoft/TypeScript/issues/59762">#59762</a>)</li> <li><a href="https://github.com/microsoft/TypeScript/commit/6212132b835145b1a8fd49982680ac668caf3ddc"><code>6212132</code></a> Update LKG</li> <li><a href="https://github.com/microsoft/TypeScript/commit/bbb5faf7e749df52adafdcd37c09ac7fff30ddaf"><code>bbb5faf</code></a> 🤖 Pick PR <a href="https://redirect.github.com/microsoft/TypeScript/issues/59542">#59542</a> (Fixing delay caused in vscode due t...) into release-5.6 (#...</li> <li><a href="https://github.com/microsoft/TypeScript/commit/e6914a558775bd3ba3dc5567877604a0864b9338"><code>e6914a5</code></a> Bump version to 5.6.1-rc and LKG</li> <li><a href="https://github.com/microsoft/TypeScript/commit/34121c42b638e973f28b438b0513796a37585448"><code>34121c4</code></a> Update LKG</li> <li><a href="https://github.com/microsoft/TypeScript/commit/2a30c2a8f0408b32c8c7ff88f0bf1c6a32e67704"><code>2a30c2a</code></a> Merge remote-tracking branch 'origin/main' into release-5.6</li> <li><a href="https://github.com/microsoft/TypeScript/commit/936a79bbb58f82b173f6b644974995851b9b479e"><code>936a79b</code></a> Expose TypeChecker. getAwaitedType to public (<a href="https://redirect.github.com/microsoft/TypeScript/issues/59268">#59268</a>)</li> <li>Additional commits viewable in <a href="https://github.com/microsoft/TypeScript/compare/v5.5.4...v5.6.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript&package-manager=npm_and_yarn&previous-version=5.5.4&new-version=5.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • dependabot[bot] (01 Oct 24)

    build(deps): Bump fast-xml-parser from 4.4.1 to 4.5.0 in /website (#6894) Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.4.1 to 4.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p><strong>4.5.0 / 2024-09-03</strong></p> <ul> <li>feat <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/666">#666</a>: ignoreAttributes support function, and array of string or regex (By <a href="https://github.com/mav-rik">ArtemM</a>)</li> </ul> <p><strong>4.4.1 / 2024-07-28</strong></p> <ul> <li>v5 fix: maximum length limit to currency value</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/634">#634</a>: build attributes with oneListGroup and attributesGroupName (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/653">#653</a>)(By <a href="https://github.com/a-rasin">Andreas Naziris</a>)</li> <li>fix: get oneListGroup to work as expected for array of strings (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/662">#662</a>)(By <a href="https://github.com/a-rasin">Andreas Naziris</a>)</li> </ul> <p><strong>4.4.0 / 2024-05-18</strong></p> <ul> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/654">#654</a>: parse attribute list correctly for self closing stop node.</li> <li>fix: validator bug when closing tag is not opened. (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/647">#647</a>) (By <a href="https://github.com/RyosukeFukatani">Ryosuke Fukatani</a>)</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/581">#581</a>: typings; return type of <code>tagValueProcessor</code> &amp; <code>attributeValueProcessor</code> (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/582">#582</a>) (By <a href="">monholm</a>)</li> </ul> <p><strong>4.3.6 / 2024-03-16</strong></p> <ul> <li>Add support for parsing HTML numeric entities (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/645">#645</a>) (By <a href="https://github.com/DerZade">Jonas Schade </a>)</li> </ul> <p><strong>4.3.5 / 2024-02-24</strong></p> <ul> <li>code for v5 is added for experimental use</li> </ul> <p><strong>4.3.4 / 2024-01-10</strong></p> <ul> <li>fix: Don't escape entities in CDATA sections (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/633">#633</a>) (By <a href="https://github.com/wackbyte">wackbyte</a>)</li> </ul> <p><strong>4.3.3 / 2024-01-10</strong></p> <ul> <li>Remove unnecessary regex</li> </ul> <p><strong>4.3.2 / 2023-10-02</strong></p> <ul> <li>fix <code>jObj.hasOwnProperty</code> when give input is null (By <a href="https://github.com/ardatan">Arda TANRIKULU</a>)</li> </ul> <p><strong>4.3.1 / 2023-09-24</strong></p> <ul> <li>revert back &quot;Fix typings for builder and parser to make return type generic&quot; to avoid failure of existing projects. Need to decide a common approach.</li> </ul> <p><strong>4.3.0 / 2023-09-20</strong></p> <ul> <li>Fix stopNodes to work with removeNSPrefix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/607">#607</a>) (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/608">#608</a>) (By [Craig Andrews]<a href="https://github.com/candrews">https://github.com/candrews</a>))</li> <li>Fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/610">#610</a> ignore properties set to Object.prototype</li> <li>Fix typings for builder and parser to make return type generic (By <a href="https://github.com/sarahdayan">Sarah Dayan</a>)</li> </ul> <p><strong>4.2.7 / 2023-07-30</strong></p> <ul> <li>Fix: builder should set text node correctly when only textnode is present (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/589">#589</a>) (By <a href="https://github.com/joneqian">qianqing</a>)</li> <li>Fix: Fix for null and undefined attributes when building xml (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/585">#585</a>) (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/598">#598</a>). A null or undefined value should be ignored. (By <a href="https://github.com/cecia234">Eugenio Ceschia</a>)</li> </ul> <p><strong>4.2.6 / 2023-07-17</strong></p> <ul> <li>Fix: Remove trailing slash from jPath for self-closing tags (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/595">#595</a>) (By <a href="https://github.com/m-radzikowski">Maciej Radzikowski</a>)</li> </ul> <p><strong>4.2.5 / 2023-06-22</strong></p> <ul> <li>change code implementation</li> </ul> <p><strong>4.2.4 / 2023-06-06</strong></p> <ul> <li>fix security bug</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/7ed4606dd5c3a8b298fa648a7ead2bfc7dc6bfda"><code>7ed4606</code></a> update package detail</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/98d8f4705688ec53c93df245589b008b97090351"><code>98d8f47</code></a> feat <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/666">#666</a>: add selective ignoreAttributes by pattern or callback (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/668">#668</a>)</li> <li>See full diff in <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.4.1...v4.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=fast-xml-parser&package-manager=npm_and_yarn&previous-version=4.4.1&new-version=4.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • dependabot[bot] (01 Oct 24)

    build(deps): Bump framer-motion from 11.3.31 to 11.9.0 in /website (#6896) Bumps [framer-motion](https://github.com/framer/motion) from 11.3.31 to 11.9.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/framer/motion/blob/main/CHANGELOG.md">framer-motion's changelog</a>.</em></p> <blockquote> <h2>[11.9.0] 2024-09-27</h2> <h3>Added</h3> <ul> <li>Mini <code>animate</code> and <code>useAnimate</code> functions.</li> </ul> <h2>[11.8.0] 2024-09-25</h2> <h3>Added</h3> <ul> <li>Easing functions now get compiled into <code>linear()</code> easings when animating via WAAPI.</li> </ul> <h2>[11.7.0] 2024-09-25</h2> <h3>Added</h3> <ul> <li>Added support for custom animation generators via <code>type</code>.</li> </ul> <h2>[11.6.0] 2024-09-24</h2> <h3>Added</h3> <ul> <li>Added <code>info</code> and element tracking to <code>scroll</code>.</li> <li>Added <code>steps</code> easing.</li> </ul> <h3>Changed</h3> <ul> <li>Values added to <code>will-change</code> now stay there for their lifespan to prevent GPU thrashing and weird Safari subpixel jitters.</li> </ul> <h2>[11.5.6] 2024-09-20</h2> <h3>Fixed</h3> <ul> <li>Ensuring updating motion values during <code>render</code> doesn't lock rendering for an element.</li> </ul> <h2>[11.5.5] 2024-09-19</h2> <h3>Fixed</h3> <ul> <li>Changed values of child variants now animate even when the parent variant name hasn't changed.</li> </ul> <h2>[11.5.4] 2024-09-05</h2> <h3>Fixed</h3> <ul> <li>Improving tree-shakability.</li> </ul> <h2>[11.5.3] 2024-09-05</h2> <h3>Fixed</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/framer/motion/commit/33fbeb904cf7419b0159149792cc220140eb1e95"><code>33fbeb9</code></a> v11.9.0</li> <li><a href="https://github.com/framer/motion/commit/77077d10f2c352921af291b530093c36d637d582"><code>77077d1</code></a> Updating changelog</li> <li><a href="https://github.com/framer/motion/commit/c3d7fd4703927a1a8407823d0d55da3305ea021b"><code>c3d7fd4</code></a> Featherweight API (<a href="https://redirect.github.com/framer/motion/issues/2814">#2814</a>)</li> <li><a href="https://github.com/framer/motion/commit/b544cce137f3ae21176771bf3225293f6b22579b"><code>b544cce</code></a> Enlarging bundlesize</li> <li><a href="https://github.com/framer/motion/commit/bff50291f7a5e6bbb3746ec57ffeff02bfd13bc3"><code>bff5029</code></a> v11.8.0</li> <li><a href="https://github.com/framer/motion/commit/94f4d7c09ddc462cc09689b1892f5e2da31cf77b"><code>94f4d7c</code></a> Updating changelog</li> <li><a href="https://github.com/framer/motion/commit/c14c9dac149359f5a21261aee055f876b781b9ed"><code>c14c9da</code></a> Support for <code>linear()</code> easing function (<a href="https://redirect.github.com/framer/motion/issues/2812">#2812</a>)</li> <li><a href="https://github.com/framer/motion/commit/bc91591aada42708b4ab80379fc5320f7e1dfcd2"><code>bc91591</code></a> Updating filesize</li> <li><a href="https://github.com/framer/motion/commit/aa6f494dfb50343b3b765ed2057f605967c9f3c0"><code>aa6f494</code></a> v11.7.0</li> <li><a href="https://github.com/framer/motion/commit/b716a433d1915059169ba4c00559268204e8dae8"><code>b716a43</code></a> Updating changelog</li> <li>Additional commits viewable in <a href="https://github.com/framer/motion/compare/v11.3.31...v11.9.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=framer-motion&package-manager=npm_and_yarn&previous-version=11.3.31&new-version=11.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • dependabot[bot] (01 Oct 24)

    build(deps): Bump @types/react from 18.3.3 to 18.3.10 in /website (#6897) Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 18.3.3 to 18.3.10. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/react&package-manager=npm_and_yarn&previous-version=18.3.3&new-version=18.3.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • dependabot[bot] (01 Oct 24)

    build(deps): Bump @tauri-apps/cli from 1.6.1 to 1.6.2 in /rust/gui-client (#6880) Bumps [@tauri-apps/cli](https://github.com/tauri-apps/tauri) from 1.6.1 to 1.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/cli</code>'s releases</a>.</em></p> <blockquote> <h2><code>@​tauri-apps/cli</code> v1.6.2</h2> <h2>[1.6.2]</h2> <h3>Dependencies</h3> <ul> <li>Upgraded to <code>[email protected]</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/tauri/commit/bd3c1531456eda953b4d76bcea9ec0c6d4385651"><code>bd3c153</code></a> Apply Version Updates From Current Changes (v1) (<a href="https://redirect.github.com/tauri-apps/tauri/issues/11012">#11012</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/328b11f2cdd19380ec58151650b976c7de1a2e2c"><code>328b11f</code></a> fix(ci): increase timeout, cache updater fixtures</li> <li><a href="https://github.com/tauri-apps/tauri/commit/649e01f4e07a862223a11faef55cc8ba4f3a122e"><code>649e01f</code></a> fix(tests): start updater server once</li> <li><a href="https://github.com/tauri-apps/tauri/commit/02dfb0302fb1c8e5fa08b922f742bbf382c7a8bb"><code>02dfb03</code></a> fix(tests): use hyper instead of tiny-http to serve updates</li> <li><a href="https://github.com/tauri-apps/tauri/commit/963411a86a22f3107fcf46cc47ad591ef53f075c"><code>963411a</code></a> chore(tests): enhance e2e test logs and delay for CI</li> <li><a href="https://github.com/tauri-apps/tauri/commit/70b852595a1d5be8e59aa89af5931ce5e1df2fc9"><code>70b8525</code></a> fix(ci): install webkit2gtk-4.1 for e2e tests</li> <li><a href="https://github.com/tauri-apps/tauri/commit/6d629cbf93ea7ed380d4c1fd1b0d2f9ee2d6d3dc"><code>6d629cb</code></a> fix: integration tests</li> <li><a href="https://github.com/tauri-apps/tauri/commit/5f5c7c7a3247110549b3638632fdf0030c7dce05"><code>5f5c7c7</code></a> fix(ci): downgrade mac-notification-sys to 0.6.1</li> <li><a href="https://github.com/tauri-apps/tauri/commit/26d243f43a8528194689834dce0101bcba78196a"><code>26d243f</code></a> fix(core): <code>restart</code> cannot handle binary name change on macOS (<a href="https://redirect.github.com/tauri-apps/tauri/issues/10991">#10991</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/8a0e93b5d80d04520296013c6df1fd370540630d"><code>8a0e93b</code></a> fixes iframes in windows causes window.<strong>TAURI_INVOKE</strong> is not a function err...</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v1.6.1...@tauri-apps/cli-v1.6.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@tauri-apps/cli&package-manager=npm_and_yarn&previous-version=1.6.1&new-version=1.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Firezone Website

Website

Redirects

Does not redirect

Security Checks

2 security checks failed (64 passed)

  • Robots Noindex
  • Empty Page Title

Server Details

  • IP Address 76.76.21.93
  • Location Walnut, California, United States of America, NA
  • ISP Vercel Inc
  • ASN AS16509

Associated Countries

  • US

Saftey Score

Website marked as moderately safe

90%

Blacklist Check

www.firezone.dev was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Firezone Reviews

More Self-Hosted Network Security

About the Data: Firezone

API

You can access Firezone's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/self-hosted-network-security/firezone

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Firezone

Help your friends compare Self-Hosted Network Security, and pick privacy-respecting software and services.
Share Firezone and Awesome Privacy with your network!

View Self-Hosted Network Security (8)