Update snowflake to v2.12.1 (#5218)

snowflake/docker-compose.yml

@@ -7,7 +7,7 @@ services:
       APP_PORT: 3800
 
   proxy:
-    image: thetorproject/snowflake-proxy:v2.11.0@sha256:1ddc5069d35489a87257b90ccd6a93444e59a2dd3b9b240dbee75a578d6c92ca
+    image: thetorproject/snowflake-proxy:v2.12.1@sha256:53658adcf8183ed387a8abce383536f45d72b4688638e078d6c1686970199feb
     restart: on-failure
     stop_grace_period: 1m
     command: "-log /data/snowflake.log -verbose"

snowflake/umbrel-app.yml

@@ -2,7 +2,7 @@ manifestVersion: 1.1
 id: snowflake
 category: networking
 name: Tor Snowflake Proxy
-version: "v2.11.0"
+version: "v2.12.1"
 tagline: Help defeat internet censorship
 description: >-
   Snowflake is a system to defeat internet censorship. People who are
@@ -26,42 +26,26 @@ deterministicPassword: false
 torOnly: false
 releaseNotes: >-
   Various bugfixes and enhancements:
-    - Fix data race warnings for tokens_t
-    - Fix race condition in proxy connection count stats
-    - Make NATPolicy thread-safe
-    - Fix race conditions with error scope
-    - Fix race condition with proxy isClosing variable
-    - Issue 40454: Update broker metrics to count matches, denials, and timeouts
-    - Add proxy event and metrics for failed connections
-    - Issue 40377: Create CI artifact if shadow fails
-    - Issue 40438: Copy base client config for each SOCKS connection
-    - Fix minor data race in Snowflake broker metrics
-    - Issue 40363: Process and read broker SQS messages more quickly
-    - Issue 40419: delay before calling dc.Close() to improve NAT test on proxy
-    - Add country stats to proxy prometheus metrics
-    - Issue 40381: Avoid snowflake client dependency in proxy
-    - Issue 40446: Lower broker ClientTimeout to 5 seconds in line with CDN77 defaults
-    - Refactor out utls library into ptutil/utls
-    - Issue 40414: Use /etc/localtime for CI
-    - Issue 40440: Add LE self-signed ISRG Root X1 to cert pool
-    - Proxy refactor to simplify tokens.ret() on error
-    - Clarify ephemeral-ports-range proxy option
-    - Issue 40417: Fixes and updates to CI containers
-    - Issue 40178: Handle unknown client type better
-    - Issue 40304: Update STUN server list
-    - Issue 40210: Remove proxy log when offer is nil
-    - Issue 40413: Log EventOnCurrentNATTypeDetermined for proxy
-    - Use named return for some functions to improve readability
-    - Issue 40271: Use pion SetIPFilter rather than our own StripLocalAddress
-    - Issue 40413: Suppress logs of proxy events by default
-    - Add IsLinkLocalUnicast in IsLocal
-    - Fix comments
-    - Bump versions of dependencies
+    - Fix release pipeline issue from v2.12.0
+    - Disable periodic proxy stats when summary interval is set to zero
+    - Set country code to unknown when geolocation lookup fails
+    - Add support for covert DTLS transport in proxy and client
+    - Update pion WebRTC stack with security fix and performance improvements
+    - Have proxy poll only if the default relay is reachable
+    - Add support for multiple SQS channels
+    - Add back proxy churn measurement option at broker
+    - Add Prometheus metric for proxy answer counts
+    - Fix race condition in safe Prometheus metrics helper
+    - Clear map of seen proxy IP addresses to prevent unbounded growth
+    - Pull client IP from SDP for AMP cache rendezvous
+    - Fix missing labels in Docker image
+    - Simplify broker metrics and remove mutexes
+    - Update STUN server list and dependencies
 
 
   Release information: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/releases
 
 
-  Compare to v2.7.0: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/compare/v2.7.0...v2.11.0
+  Compare to v2.11.0: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/compare/v2.11.0...v2.12.1
 submitter: Umbrel
 submission: https://github.com/getumbrel/umbrel/pull/1284