summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)AuthorFilesLines
2026-02-02Fix workspace lints on androidfix-android-workspace-lintsSebastian Holmin10-684/+768
2026-02-02Merge branch 'update-osv-scanner-ignores'Jonatan Rhodin1-16/+16
2026-02-02Bump osv scanner ignoresJonatan Rhodin1-16/+16
2026-02-02Merge branch 'port-android-app-2026.1-beta2-to-main'Jonatan Rhodin3-2/+13
2026-02-02Update android app version to 2026.1-beta2Jonatan Rhodin2-2/+2
2026-02-02Update changelog for android/2026.1-beta2Jonatan Rhodin1-0/+11
2026-02-02Merge branch 'fix-snackbar-dismiss-button-color'Jonatan Rhodin1-0/+1
2026-02-02Fix snackbar dismiss action colorJonatan Rhodin1-0/+1
2026-02-02Merge branch 'fix-tile-long-press-not-working'Jonatan Rhodin1-3/+0
2026-02-02Remove QS_TILE_PREFERENCES from activityDavid Göransson1-3/+0
2026-01-30Merge branch 'update-manage-devices-list-items-droid-2294'Kalle Lindström5-51/+66
2026-01-30Update Manage/Too many devices list item styleKalle Lindström5-51/+66
2026-01-29Merge branch 'fix-reset-settings-edge-case'David Lönnhager1-3/+5
2026-01-29Fix 'reset-settings' failing if settings.json does not existDavid Lönnhager1-3/+5
2026-01-29Merge branch 'test-fw-fix-lingering-blocking-thread'David Lönnhager2-26/+73
2026-01-29Add timeout for stopping tokio runtime to test frameworkDavid Lönnhager1-3/+27
2026-01-29Fix test-manager getting stuck due to blocking threadDavid Lönnhager1-23/+46
2026-01-29Merge branch 'fix-CVE-2026-24842'Tobias Järvelöv2-98/+323
2026-01-29Update electron builderOliver2-98/+323
2026-01-29Merge branch 'remove-wggo-workaround-during-tunnel-setup'Markus Pettersson1-11/+1
2026-01-29Revert wggo workaround in connectivity monitorMarkus Pettersson1-11/+1
2026-01-29Merge branch 'silence-go-cves'Markus Pettersson1-0/+21
2026-01-29Ignore CVE GO-2026-4342Markus Pettersson1-0/+7
2026-01-29Ignore CVE GO-2026-4341Markus Pettersson1-0/+7
2026-01-29Ignore CVE GO-2026-4340Markus Pettersson1-0/+7
2026-01-28Merge branch 'add-tombi-config'Markus Pettersson1-0/+9
2026-01-28Add tombi config fileMarkus Pettersson1-0/+9
Exclude toml files in submodules by default
2026-01-28Merge branch 'conditionally-build-stagemole-droid-2254'Jonatan Rhodin1-5/+10
2026-01-27Avoid building stagemole and e2e apks when e2e test runs are set to 0Jonatan Rhodin1-5/+10
2026-01-27Merge branch 'gotatun-0.2'Joakim Hulthe6-192/+202
2026-01-27Move gotatun conversion functions to conversions.rsJoakim Hulthe2-84/+99
2026-01-27Replace unwrap with panic only in dev buildsJoakim Hulthe1-4/+7
2026-01-27Refactor large closureJoakim Hulthe1-22/+31
2026-01-27Fix desktop e2e workflow when testing GotaTunJoakim Hulthe1-3/+3
2026-01-27Update gotatun to 0.2Joakim Hulthe4-187/+170
Co-authored-by: Sebastian Holmin <sebastian.holmin@mullvad.net> Co-authored-by: David Lönnhager <david.l@mullvad.net>
2026-01-27Merge branch 'improve-relay-selection-perf-ios'Emīls16-128/+312
2026-01-27Initialize the observable infra earlyEmīls1-0/+7
2026-01-27Create views for only visible locationsEmīls1-13/+15
2026-01-27Use CachedRelays instead of StoredRelaysEmīls7-30/+38
This change removes lots of overhad from having to recreate a StoredRelays which contains a serialized version of the relay list response. This enables IPOverrideWrapper to be significantly faster. Whilst there still are some performance issues with the select location view, this does help.
2026-01-27Cache content in FileCacheEmīls1-11/+83
2026-01-27Optimize location data source creationEmīls4-78/+95
2026-01-27Add benchmarkEmīls3-0/+78
2026-01-27Merge branch 'ios-fix-offline-state'Emīls21-340/+341
2026-01-27Merge branch 'partially-address-tar-vuln'Tobias Järvelöv3-1245/+2217
2026-01-27Notify actor of peer exchange failure alwaysEmīls1-11/+3
2026-01-27Use constant for IPs in tunnel settingsEmīls7-14/+19
2026-01-27Fix TunnelManager offline state handlingEmīls8-265/+228
2026-01-27Fix offline state handling in PacketTunnelEmīls7-53/+94
2026-01-27Ignore tar CVEs for about 1 weekTobias Järvelöv1-0/+12
We have investigated the uses of the tar dependency and found two use cases of it in our code base's supply chain: - electron-builder - grpc-tools (from their use of @mapbox-node-pre-gyp) Currently the tar dependency update has not traversed all through the supply chain in the packages we depend on. electron-builder and their supply chain was very fast to bump the dependency, but it seems like @mapbox/node-pre-gyp do not currently have an update available, currently. A draft PR does exist though. When this has been patched we should update immediately. --- Extended reasoning on ignoring the vulnerable dependency: The vulnerable tar dependency does not handle arbitrary tar files, as it is only used by grpc-tools. Unless the specific tar file, corresponding to the version of grpc-tools we depend on, is compromised then an attack is not possible. The tar file is hosted on Github's package repository and for an attack to be possibe either the grpc-tools team or Github's package repostitory must be compromised, which currently seems unlikely. However, even if unlikely we still want to ensure that we can protect against this attack and if a patch hasn't been made available at the end of this ignore period we will want to investigate other forms of mitigation.
2026-01-27Update package-lock.jsonTobias Järvelöv1-1244/+2204
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.