Now that configuration is persisted in a more reasonable fashion, we can
expose a new `General` section to the Settings, allowing the user to
configure an account slug.
This field will automatically be populated upon the first sign in, so
that subsequent sign-ins will take the user directly to the account sign
in page.
Fixes#5119
Related #8919
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
As part of going through the changes since the last Client and Gateway
relies, I noticed that for several of the things we fixed, it might be
worth adding changelog entries.
As part of launching the Tauri GUI client, we need to observe a specific
initialisation order. In particular, we need to wait until Tauri sends
us a `RunEvent::Ready` before we can initialise things like the tray
menu.
To make this more convenient, Tauri offers a so-called "setup hook" that
can be set on the app builder. Unfortunately, Tauri internally panics if
this provided setup-hook returns an `Err`. Removing this is tracked
upstream: https://github.com/tauri-apps/tauri/issues/12815.
Until this is fixed, we stop using this "setup hook" and instead spawn
our own task that performs this work. This task needs to wait until
Tauri is ready. To achieve that, we introduce an additional mpsc channel
that sends a notification every time we receive a `RunEvent::Ready`.
That should only happen once. We only read from the receiver once, which
is why we ignore the error on the sending side in case the receiver has
already been dropped.
Resolves: #9101
Currently, the Gateway reads all nameservers from `/etc/resolv.conf` on
startup and evaluates the fastest one to use for SRV and TXT DNS queries
that are forwarded by the Client. If the machine just booted and we do
not have Internet connectivity just yet, this fails which leaves the
Gateway in state where it cannot fulfill those queries.
In order to ensure we always use the fastest one and to self-heal from
such situations, we add a 60s timer that refreshes this state.
Currently, this will **not** re-read the nameservers from
`/etc/resolv.conf` but still use the same IPs read on startup.
When the Gateway is handed an IP packet for a DNS resource that it
cannot route, it sends back an ICMP unreachable error. According to RFC
792 [0] (for ICMPv4) and RFC 4443 [1] (for ICMPv6), parts of the
original packet should be included in the ICMP error payload to allow
the sending party to correlate, what could not be sent.
For ICMPv4, the RFC says:
```
Internet Header + 64 bits of Data Datagram
The internet header plus the first 64 bits of the original
datagram's data. This data is used by the host to match the
message to the appropriate process. If a higher level protocol
uses port numbers, they are assumed to be in the first 64 data
bits of the original datagram's data.
```
For ICMPv6, the RFC says:
```
As much of invoking packet as possible without the ICMPv6 packet exceeding the minimum IPv6 MTU
```
[0]: https://datatracker.ietf.org/doc/html/rfc792
[1]: https://datatracker.ietf.org/doc/html/rfc4443#section-3.1
Presently, the network change detection on Windows is very naive and
simply emits a change event everytime _anything_ changes. We can
optimise this and therefore improve the start-up time of Firezone by:
- Filtering out duplicate events
- Filtering out network change events for our own network adapter
This reduces the number of network change events to 1 during startup. As
far as I can tell from the code comments in this area, we explicitly
send this one to ensure we don't run into a race condition whilst we are
starting up.
Resolves: #8905
ECN information is helpful to allow the congestion controllers to more
easily fine-tune their send and receive windows. When a Firezone Client
receives an IP packet where the ECN bits signal an ECN capable
transport, we mirror this bit on the UDP datagram that carries the
encrypted IP packet.
When receiving a datagram with ECN bits set, the Gateway will then apply
these bits to the decrypted IP packet and pass it along towards its
destination.
This implementation is unfortunately a bit too naive. Not all devices on
the Internet support ECN and therefore, we may receive a datagram that
has its ECN bits cleared when the ECN bits on the inner IP packet still
signal an ECN capable transport. In this case, we should _not_ override
the ECN bits and instead pass the IP packet along as is. Network devices
along the path between Gateway and Resource may still use these ECN bits
to signal congestion.
We fix this by making the `with_ecn` function on `IpPacket` private. It
is not meant to be used outside of the module. We supersede it with a
`with_ecn_from_transport` function that implements the above logic.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Bumps [framer-motion](https://github.com/motiondivision/motion) from
12.7.4 to 12.9.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's
changelog</a>.</em></p>
<blockquote>
<h2>[12.9.4] 2025-05-01</h2>
<h3>Fixed</h3>
<ul>
<li>Remove version check for <code>MotionValue</code>.</li>
</ul>
<h2>[12.9.3] 2025-05-01</h2>
<h3>Fixed</h3>
<ul>
<li>Fixed memory leak when unmounting <code>motion</code>
components.</li>
</ul>
<h2>[12.9.2] 2025-04-25</h2>
<h3>Fixed</h3>
<ul>
<li>Fixed scroll timeline cache when defining <code>offset</code>.</li>
<li>Detect when page scroll is attached to <code>document.body</code>
and use this instead of <code>document.documentElement</code>.</li>
</ul>
<h2>[12.9.1] 2025-04-24</h2>
<h3>Fixed</h3>
<ul>
<li>Restarting a finished main thread animation with a negative
<code>.speed</code> now works as expected.</li>
</ul>
<h2>[12.9.0] 2025-04-24</h2>
<h3>Added</h3>
<ul>
<li><code>styleEffect</code></li>
</ul>
<h2>[12.8.3] 2025-04-24</h2>
<h3>Changed</h3>
<ul>
<li>Animating a <code>MotionValue</code> to its current value will skip
creating the animation.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Ensure <code>.then()</code> fires when <code>.stop()</code> or
<code>.cancel()</code> are called. This is undesired but reverts the
behaviour to before <code>12.7.5</code>.</li>
</ul>
<h2>[12.8.2] 2025-04-24</h2>
<h3>Changed</h3>
<ul>
<li>Unifying <code>transform</code> behaviour for SVG and CSS switched
from element measurements for <code>transform-box: fill-box</code>.</li>
</ul>
<h2>[12.8.1] 2025-04-23</h2>
<h3>Fixed</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3edb39e9d4"><code>3edb39e</code></a>
v12.9.4</li>
<li><a
href="4efee1e8b8"><code>4efee1e</code></a>
Removing version check for motion values</li>
<li><a
href="0b38e02fad"><code>0b38e02</code></a>
v12.9.3</li>
<li><a
href="3d2c631d90"><code>3d2c631</code></a>
Updating changelog</li>
<li><a
href="5e7d5b5db3"><code>5e7d5b5</code></a>
Merge pull request <a
href="https://redirect.github.com/motiondivision/motion/issues/3178">#3178</a>
from motiondivision/fix/release-visual-element</li>
<li><a
href="3eb2de69e4"><code>3eb2de6</code></a>
Fixing memory leak</li>
<li><a
href="0de2c3e9ba"><code>0de2c3e</code></a>
Updating</li>
<li><a
href="02fcf86f80"><code>02fcf86</code></a>
Updating changelog</li>
<li><a
href="af6e9feffd"><code>af6e9fe</code></a>
Updating default scroll element</li>
<li><a
href="15befa76f6"><code>15befa7</code></a>
Updating funding address</li>
<li>Additional commits viewable in <a
href="https://github.com/motiondivision/motion/compare/v12.7.4...v12.9.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser)
from 5.2.0 to 5.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's
changelog</a>.</em></p>
<blockquote>
<p><!-- raw HTML omitted -->Note: If you find missing information about
particular minor version, that version must have been changed without
any functional change in this library.<!-- raw HTML omitted --></p>
<p><strong>5.2.1 / 2025-04-22</strong></p>
<ul>
<li>fix: read DOCTYPE entity value correctly</li>
<li>read DOCTYPE NOTATION, ELEMENT exp but not using read values</li>
</ul>
<p><strong>5.2.0 / 2025-04-03</strong></p>
<ul>
<li>feat: support metadata on nodes (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/593">#593</a>)
(By <a href="https://github.com/srl295">Steven R. Loomis</a>)</li>
</ul>
<p><strong>5.1.0 / 2025-04-02</strong></p>
<ul>
<li>feat: declare package as side-effect free (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/738">#738</a>)
(By <a href="https://github.com/tbouffard">Thomas Bouffard</a>)</li>
<li>fix cjs build mode</li>
<li>fix builder return type to string</li>
<li></li>
</ul>
<p><strong>5.0.9 / 2025-03-14</strong></p>
<ul>
<li>fix: support numeric entities with values over 0xFFFF (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/726">#726</a>)
(By <a href="https://github.com/mcdurdin">Marc Durdin</a>)</li>
<li>fix: update strnum to fix parsing 0 if skiplike option is used</li>
</ul>
<p><strong>5.0.8 / 2025-02-27</strong></p>
<ul>
<li>fix parsing 0 if skiplike option is used.
<ul>
<li>updating strnum dependency</li>
</ul>
</li>
</ul>
<p><strong>5.0.7 / 2025-02-25</strong></p>
<ul>
<li>fix (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/724">#724</a>)
typings for cjs.</li>
</ul>
<p><strong>5.0.6 / 2025-02-20</strong></p>
<ul>
<li>fix cli output (By <a href="https://github.com/angeld7">Angel
Delgado</a>)
<ul>
<li>remove multiple JSON parsing</li>
</ul>
</li>
</ul>
<p><strong>5.0.5 / 2025-02-20</strong></p>
<ul>
<li>fix parsing of string starting with 'e' or 'E' by updating
strnum</li>
</ul>
<p><strong>5.0.4 / 2025-02-20</strong></p>
<ul>
<li>fix CLI to support all the versions of node js when displaying
library version.</li>
<li>fix CJS import in v5
<ul>
<li>by fixing webpack config</li>
</ul>
</li>
</ul>
<p><strong>5.0.3 / 2025-02-20</strong></p>
<ul>
<li>Using strnum ESM module
<ul>
<li>new fixes in strum may break your experience</li>
</ul>
</li>
</ul>
<p><strong>5.0.2 / 2025-02-20</strong></p>
<ul>
<li>fix: include CommonJS resources in the npm package <a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/714">#714</a>
(By <a href="https://github.com/tbouffard">Thomas Bouffard</a>)</li>
<li>fix: move babel deps to dev deps</li>
</ul>
<p><strong>5.0.1 / 2025-02-19</strong></p>
<ul>
<li>fix syntax error for CLI command</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="62365df401"><code>62365df</code></a>
update docs and package info</li>
<li><a
href="0c0b3673bf"><code>0c0b367</code></a>
feat: read DOCTYPE ELEMENT exp</li>
<li><a
href="38d023473f"><code>38d0234</code></a>
refactored code of DOCTYPE</li>
<li><a
href="7c6cba497c"><code>7c6cba4</code></a>
feat read DOCTYPE NOTATION exp</li>
<li><a
href="7589705052"><code>7589705</code></a>
fix: DOCTYPE entity value should be read correctly</li>
<li><a
href="02eb4a7539"><code>02eb4a7</code></a>
Update SECURITY.md</li>
<li><a
href="bfeb50432e"><code>bfeb504</code></a>
fix typo in CHANGELOG.md (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/743">#743</a>)</li>
<li>See full diff in <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.2.0...v5.2.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 22.14.0 to 22.15.3.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rehype-highlight](https://github.com/rehypejs/rehype-highlight)
from 7.0.1 to 7.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rehypejs/rehype-highlight/releases">rehype-highlight's
releases</a>.</em></p>
<blockquote>
<h2>7.0.2</h2>
<h4>Fix</h4>
<ul>
<li>5c3b277 Fix multiple <code>code</code>s in a <code>pre</code></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rehypejs/rehype-highlight/compare/7.0.1...7.0.2">https://github.com/rehypejs/rehype-highlight/compare/7.0.1...7.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="86a5e9b1a5"><code>86a5e9b</code></a>
7.0.2</li>
<li><a
href="ff5d9df3ca"><code>ff5d9df</code></a>
Refactor tests</li>
<li><a
href="5c3b27763d"><code>5c3b277</code></a>
Fix multiple <code>code</code>s in a <code>pre</code></li>
<li><a
href="093fed2853"><code>093fed2</code></a>
Refactor example</li>
<li><a
href="62755288fa"><code>6275528</code></a>
Refactor <code>package.json</code></li>
<li><a
href="6a63f71624"><code>6a63f71</code></a>
Update tests for changes in <code>lowlight</code></li>
<li><a
href="36727b6df4"><code>36727b6</code></a>
Update dev-dependencies</li>
<li><a
href="241ced97b2"><code>241ced9</code></a>
Update Actions</li>
<li>See full diff in <a
href="https://github.com/rehypejs/rehype-highlight/compare/7.0.1...7.0.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Whenever the Gateway is instructed to (re)create the NAT for a DNS
resource, it performs a DNS query and then overwrite the existing
entries in the NAT table. Depending on how the DNS records are defined,
this may lead to a very bad user experience where connections are cut
regularly.
In particular, if a service utilises round-robin DNS where a DNS query
only ever returns a single entry yet that entry may change as soon as
the TTL expires, all connections for this particular DNS resource for a
Client get cut.
To fix this, we now first check for active NAT sessions for a given
proxy IP and only replace it if we don't have an open NAT session. The
NAT sessions have a TTL of 1 minute, meaning there needs to be at least
1 outgoing packet from the Client every minute to keep it open.
In order to detect changes to DNS records of DNS resources, `connlib`
will recreate the DNS resource NAT whenever it receives a query for a
DNS resource. The way we implemented this was by clearing the local
state of the DNS resource NAT, which triggered us to perform the
handshake with the Gateway again upon the next packet for this resource.
The Gateway would then perform the DNS query and respond back when this
was finished.
In order to not drop any packets, `connlib` has a buffer where it keeps
the packets that are arriving in the meantime. This works reasonably
well when the connection is first set up because we are only buffering a
TCP SYN or equivalent handshake packet. Yet, when the connection is full
use, and the application just so happens to make another DNS query, we
halt the entire flow of packets until this is confirmed again. To
prevent high memory use, the buffer for this packets is constrained to
32 packets which is nowhere near enough when a connection is actively
transferring data (like a file upload).
In most cases, the DNS query on the Gateway will yield the exact same
results as because the records haven't changed. Thus, there is no reason
for us to actually halt the flow of these packets when we are
_recreating_ the DNS resource NAT. That way, this handshake happens in
parallel to the actual packet flow and does not interrupt anything in
the happy path case.
Currently, when `connlib`'s log file gets deleted, we write logs into
nirvana until the corresponding process gets restarted. This is painful
for users to do because they need to restart the IPC service or Network
Extension. Instead, we can simply check if the log file exists prior to
writing to it and re-create it if it doesn't.
Resolves: #6850
Related: #7569
Having multiple threads for reading and writing the TUN device can cause
packet re-orderings on the client. All other clients only use a single
TUN thread, so aligning this value means a more consistent behaviour of
Firezone across all platforms.
Sufficiently large receive buffers are important to sustain
high-throughput as latency increases. If the receive buffer in the
kernel is too small, packets need to be dropped on arrival.
Firefox uses 1MB in its QUIC stack [0]. `quic-go` recommends to set send
and receive buffers to 7.5 MB [1]. Power users of Firezone are likely
receiving a lot more traffic than the average Firefox user (especially
with Internet Resource activated) so setting it to 10 MB seems
reasonable. Sending packets is likely not as critical because we have
back-pressure through our system such that we will stop reading IP
packets when we cannot write to our UDP socket. The UDP socket is
sitting in a separate thread and those threads are connected with
dedicated queues which act as another buffer. However, as the data below
shows, some systems have really small send buffers which are currently
likely a speed bottleneck because we need to suspend writing so
frequently.
Assuming a 50ms latency, the bandwidth-delay product tells us that we
can (in theory) saturate a 1.6 Gbps link with a 10MB receive buffer
(assuming the OS also has large enough buffer sizes in its TCP or QUIC
stack):
```
80 Mb / 0.05s = 1600Mbps
```
Experiments and research [2] show the following:
|OS|Receive buffer (default)|Receive buffer (this PR)|Send buffer
(default)|Send buffer (this PR)|
|---|---|---|---|---|
|Windows|65KB|10MB|65KB|1MB|
|MacOS|786KB|8MB|9KB|1MB|
|Linux|212KB|212KB|212KB|212KB|
With the exception of Linux, the OSes appear to be quite generous with
how big they allow receive buffers to be. On Linux, these limit can be
changed by setting the `core.net.rmem_max` and `core.net.wmem_max`
parameters using `sysctl`.
Most of our users are on Windows and MacOS, meaning they immediately
benefit from this without having to change any system settings. Larger
client-side UDP receive buffers are critical for any "download" scenario
which is likely the majority of usecases that Firezone is used for.
On Windows, increasing this receive buffer almost doubles the throughput
in an iperf3 download test.
[0]: https://github.com/mozilla/neqo/pull/2470
[1]: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
[2]: https://unix.stackexchange.com/a/424381
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
When calculating preferences for candidates, `str0m` currently always
prefer IPv6 over IPv4. This is as per the ICE spec. Howver, this can
lead to sub-optimal situations when a connection ends up using a TURN
server.
TURN allows a client to allocate an IPv4 and an IPv6 address in the same
allocation. This makes it possible for e.g. an IPv4-only client to
connect to an IPv6-only peer as long as the TURN server runs in
dual-stack AND the client requests an IPv6 address in addition to an
IPv4 address with the `ADDITIONAL-ADDRESS-FAMILY` attribute.
Assume that a client sits behind symmetric NAT and therefore needs to
rely on a TURN server to communicate with its peers. The TURN server as
well as all the peers operate in dual-stack mode.
The current priority calculation will yield a communication path that
uses IPv4 to talk to the TURN server (as that is the only one available)
but due to the preference ordering of IPv6 over IPv4, will use an IPv6
path to the peer, despite the peer also supporting IPv4.
This isn't a problem per-se but makes our life unnecessarily difficult.
Our TURN servers use eBPF to efficiently deal with TURN's channel-data
messages. This however is at present only implemented for the IPv4 <>
IPv4 and IPv6 <> IPv6 path. Implementing the other paths is possible but
complicates the eBPF code because we need to also translate IP headers
between versions and not just update the source and destination IPs.
We have since patched `str0m` to extend the `Candidate::relayed`
constructor to also take a `base` address which is - similar to the
other candidate types - the address the client is sending from in order
to use this candidate. In the context of relayed candidates, this is the
address the client is using to talk to the TURN server. We can use this
information in the candidate's priority calculation to prefer candidates
that allow traffic to remain within one IP version, i.e. if the client
talks to the TURN server over IPv4, the candidate with an allocated IPv4
address will have a higher priority than the one with the IPv6 address
because we are applying a "punishment" factor as part of the
local-preference component in the priority formula.
Staying within the same IP version whilst relaying traffic allows our
TURN servers to use their eBPF kernel which results in a better UX due
to lower latency and higher throughput.
The final candidate ordering is ultimately decided by the controlling
ICE agent which in our case is the Firezone Client. Thus, we don't
necessarily need to update Gateways in order to test / benefit from
this. Building a Client with this patch included should be enough to
benefit from this change.
Related: https://github.com/algesten/str0m/pull/640
Related: https://github.com/algesten/str0m/pull/644
Bumps [framer-motion](https://github.com/motiondivision/motion) from
11.15.0 to 12.7.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's
changelog</a>.</em></p>
<blockquote>
<h2>[12.7.4] 2025-04-17</h2>
<h3>Fixed</h3>
<ul>
<li>Removed non-deterministic behaviour from
<code>AnimatePresence</code>.</li>
</ul>
<h2>[12.7.3] 2025-04-15</h2>
<h3>Fixed</h3>
<ul>
<li>Fixing <code>duration</code> for <code>animateView</code>
transitions.</li>
<li>Prevent <code>.commitStyles()</code> on <code>pseudoElement</code>
animations.</li>
</ul>
<h2>[12.7.2] 2025-04-14</h2>
<h3>Fixed</h3>
<ul>
<li>Adding <code>"sideEffects": false</code> to
<code>motion-dom</code> and <code>motion-utils</code> packages.</li>
</ul>
<h2>[12.7.1] 2025-04-14</h2>
<h3>Fixed</h3>
<ul>
<li>Skip <code>.commitStyles</code> on <code>psuedoElement</code>
animations.</li>
</ul>
<h2>[12.7.0] 2025-04-14</h2>
<h3>Added</h3>
<ul>
<li>Private <code>layoutCrossfade</code> allows disabling crossfade of
shared layout elements.</li>
</ul>
<h2>[12.6.5] 2025-04-11</h2>
<h3>Fixed</h3>
<ul>
<li>Polyfilled <code>sync</code> and <code>cancelSync</code>
exports.</li>
</ul>
<h2>[12.6.4] 2025-04-11</h2>
<h3>Added</h3>
<ul>
<li>Global injection of <code>WillChangeMotionValue</code> for internal
Framer use.</li>
</ul>
<h2>[12.6.3] 2025-04-01</h2>
<h3>Changed</h3>
<ul>
<li>Refactored mini <code>animate</code> and <code>animateView</code> to
share the same <code>NativeAnimation</code>. Mini <code>animate</code>
down to <code>2.3kb</code>.</li>
</ul>
<h3>Fixed</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2e0e241222"><code>2e0e241</code></a>
v12.7.4</li>
<li><a
href="2adb8a327b"><code>2adb8a3</code></a>
Updating changelog</li>
<li><a
href="672bb0a7ff"><code>672bb0a</code></a>
Merge pull request <a
href="https://redirect.github.com/motiondivision/motion/issues/3149">#3149</a>
from gnoff/remove-random</li>
<li><a
href="6ab8045676"><code>6ab8045</code></a>
Merge branch 'main' into remove-random</li>
<li><a
href="7446d2c33c"><code>7446d2c</code></a>
Adding force measure</li>
<li><a
href="b9f31f1429"><code>b9f31f1</code></a>
Latest</li>
<li><a
href="c226d1a775"><code>c226d1a</code></a>
v12.7.3</li>
<li><a
href="7b7a2b8441"><code>7b7a2b8</code></a>
Fixing animateView durations</li>
<li><a
href="522ba09f3b"><code>522ba09</code></a>
v12.7.2</li>
<li><a
href="2697f145d8"><code>2697f14</code></a>
Latest</li>
<li>Additional commits viewable in <a
href="https://github.com/motiondivision/motion/compare/v11.15.0...v12.7.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [mixpanel-browser](https://github.com/mixpanel/mixpanel-js) and
[@types/mixpanel-browser](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/mixpanel-browser).
These dependencies needed to be updated together.
Updates `mixpanel-browser` from 2.59.0 to 2.64.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/mixpanel/mixpanel-js/releases">mixpanel-browser's
releases</a>.</em></p>
<blockquote>
<h2>Dependency and build upgrades</h2>
<p>This release upgrades session-recording library rrweb to the latest
alpha version. In conjunction, the SDK's build process has been
refactored and Closure Compiler updated.</p>
<h2>Native UUID and JSON serialization</h2>
<ul>
<li>UUIDs are now generated as UUIDv4. When available, the native <a
href="https://developer.mozilla.org/en-US/docs/Web/API/Crypto/randomUUID">randomUUID()</a>
from the Crypto API is used; otherwise the library falls back to a
simple custom UUIDv4 implementation.</li>
<li>When available, the library now consistently uses native
<code>JSON.stringify()</code> for serializing request data, only falling
back to the older custom JSON encoding implementation if the environment
doesn't have native JSON APIs.</li>
<li>Fixes a Session Recording race condition where sometimes the idle
timeout is reset past when it should have fired due to a backgrounded
tab.</li>
</ul>
<h2>Revert event/user queue throttling</h2>
<ul>
<li>Removes 10ms throttle of event / user data queueing that was added
in 2.61.0. The additional 10ms regressed the reliability of firing
tracking updates when a page is about to unload.</li>
</ul>
<h2>Session Recording Fixes & Reliability</h2>
<ul>
<li>Stops recording when the initial full snapshot of the DOM fails to
generate, preventing the ingestion of blank recordings</li>
<li>Try/catch rrweb's <code>record</code> to prevent any user facing
errors</li>
<li>Fix broken opt-out check that was spamming error messages when
<code>debug</code> mode is on (introduced in 2.61.0)</li>
</ul>
<h2>Session recording continuation across page loads</h2>
<p>This release focuses on continuing an active session recording across
HTML page loads (different mixpanel.init() calls)</p>
<ul>
<li>Session recordings are now persisted and continue recording across
HTML page loads in a single tab</li>
<li>Session recording now uses IndexedDB when available to queue and
persist data for reliability under poor network conditions etc.</li>
</ul>
<h2>v2.60.0</h2>
<ul>
<li>Autocapture support. See: <a
href="https://docs.mixpanel.com/docs/tracking-methods/autocapture">https://docs.mixpanel.com/docs/tracking-methods/autocapture</a></li>
<li>prevent duplicate values in cookie storage when using union <a
href="https://redirect.github.com/mixpanel/mixpanel-js/issues/354">#354</a>
by <a href="https://github.com/chrisdeely"><code>@chrisdeely</code></a>
in <a
href="https://redirect.github.com/mixpanel/mixpanel-js/pull/459">mixpanel/mixpanel-js#459</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/chrisdeely"><code>@chrisdeely</code></a> made
their first contribution in <a
href="https://redirect.github.com/mixpanel/mixpanel-js/pull/459">mixpanel/mixpanel-js#459</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/mixpanel/mixpanel-js/compare/v2.59.0...v2.60.0">https://github.com/mixpanel/mixpanel-js/compare/v2.59.0...v2.60.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/mixpanel/mixpanel-js/blob/master/CHANGELOG.md">mixpanel-browser's
changelog</a>.</em></p>
<blockquote>
<p><strong>2.64.0</strong> (15 Apr 2025)</p>
<ul>
<li>Add <code>record_heatmap_data</code> init option for Session
Recording to ensure click events are captured for Heat Maps</li>
<li>Initial support for feature flagging</li>
</ul>
<p><strong>2.63.0</strong> (1 Apr 2025)</p>
<ul>
<li>Update rrweb to latest alpha version</li>
<li>Refactor SDK build process to rely mainly on Rollup</li>
</ul>
<p><strong>2.62.0</strong> (26 Mar 2025)</p>
<ul>
<li>Replace UUID generator with UUIDv4 (using native API when
available)</li>
<li>Consistently use native JSON serialization when available</li>
<li>Fix for session recording idle timeout race condition</li>
</ul>
<p><strong>2.61.2</strong> (14 Mar 2025)</p>
<ul>
<li>Revert 10ms throttle on enqueueing events to improve tracking
reliability on page unload</li>
</ul>
<p><strong>2.61.1</strong> (11 Mar 2025)</p>
<ul>
<li>Session recording stops if initial DOM snapshot fails</li>
<li>Errors triggered by rrweb's record function are now caught</li>
<li>Fix for issue causing opt-out check error messages in
<code>debug</code> mode</li>
</ul>
<p><strong>2.61.0</strong> (6 Mar 2025)</p>
<ul>
<li>Session recordings now continue across page loads within the same
tab, using IndexedDB for persistence</li>
</ul>
<p><strong>2.60.0</strong> (31 Jan 2025)</p>
<ul>
<li>Expanded Autocapture configs</li>
<li>Prevent duplicate values in persistence when using people.union
(thanks <a
href="https://github.com/chrisdeely"><code>@chrisdeely</code></a>)</li>
</ul>
<p><strong>2.59.0</strong> (21 Jan 2025)</p>
<ul>
<li>Initial Autocapture support</li>
<li>Block more crawlers (AmazonBot, more Yandex bots)</li>
</ul>
<p><strong>2.58.0</strong> (16 Dec 2024)</p>
<ul>
<li>Added canvas recording option</li>
<li>Session Replay checkpoint events now include a starting URL</li>
</ul>
<p><strong>2.57.1</strong> (12 Dec 2024)</p>
<ul>
<li>Asynchronous abstractions (primarily Promise support) introduced in
internal refactor of batch/queue/retry system</li>
</ul>
<p><strong>2.57.0</strong> (Dec 2024)
REDACTED</p>
<p><strong>2.56.0</strong> (4 Nov 2024)</p>
<ul>
<li>Recording payloads now include additional metadata: the current URL,
library type, and library version.</li>
<li>Sourcemaps are now generated for the recorder module.</li>
<li>Added debugging method
<code>mixpanel.get_session_replay_url()</code> which will return a
Mixpanel UI link to the session replay if there is an active recording
taking place.</li>
<li>Refactored session recording module to encapsulate each active
recording and its metadata. Added a unit test suite for the new
<code>session-recording.js</code>.</li>
<li>Added some additional error handling for when
<code>stopRecording</code> fails or rrweb silently fails to start
recording.</li>
<li>Removed <code>record_inline_images</code> option due to buggy
behavior in rrweb.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a8db32cbde"><code>a8db32c</code></a>
2.64.0</li>
<li><a
href="90d87c4879"><code>90d87c4</code></a>
changelog for 2.46.0</li>
<li><a
href="a1b0dc3c13"><code>a1b0dc3</code></a>
build 2.64.0</li>
<li><a
href="7670f8efb4"><code>7670f8e</code></a>
rebuild</li>
<li><a
href="3155b9273a"><code>3155b92</code></a>
Merge remote-tracking branch 'private/jg-fix-cache' into v2.64.0-rc</li>
<li><a
href="e278746933"><code>e278746</code></a>
Merge remote-tracking branch 'carlos-heat-maps-sdk-changes' into
v2.64.0-rc</li>
<li><a
href="c945e4370e"><code>c945e43</code></a>
lint</li>
<li><a
href="61b9504927"><code>61b9504</code></a>
Code review</li>
<li><a
href="3088ad6931"><code>3088ad6</code></a>
Code review</li>
<li><a
href="379f0794d0"><code>379f079</code></a>
Code review</li>
<li>Additional commits viewable in <a
href="https://github.com/mixpanel/mixpanel-js/compare/v2.59.0...v2.64.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `@types/mixpanel-browser` from 2.51.0 to 2.54.0
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/mixpanel-browser">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
If another VPN has been activated on the system while Firezone is
active, Apple OSes will deactivate our configuration, and never
reactivate it.
We knew this already, and always activated the configuration when
starting during the sign in flow, but failed to also do this when
autoStarting on launch.
This PR updates ensures that during autoStart, we re-enable the
configuration as well.
Fixes#8813
Microsoft Intune's DMG provisioner currently fails unexpectedly when
trying to provision our published DMG file with the error:
> The DMG file couldn't be mounted for installation. Check the DMG file
if the error persists. (0x87D30139)
I ran the following verification commands locally, which all passed:
```
hdiutil verify -verbose <dmg>
hdiutil imageinfo -verbose <dmg>
hdiutil hfsanalyze -verbose <dmg>
hdiutil checksum -type SHA256 -verbose <dmg>
hdiutil info -verbose
hdiutil pmap -verbose <dmg>
```
So the issue appears to be most likely that Intune doens't like the
`/Applications` shortcut in the DMG. This is a UX feature to make it
easy to drag the application the /Applications folder upon opening the
DMG.
So we're publishing an PKG in addition to the DMG, which should be a
more reliable artifact for MDMs to use.
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
In #8480, we changed the location that `firezone-gateway` gets
downloaded to but forgot to update the knowledgebase with the new path.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Correctly implementing asynchronous IO is notoriously hard. In order to
not drop packets in the process, one has to ensure a given socket is
ready to accept packets, buffer them if it is not case, suspend
everything else until the socket is ready and then continue.
Until now, we did this because it was the only option to run the UDP
sockets on the same thread as the actual packet processing. That in turn
was motivated by wanting to pass around references of the received
packets for processing. Rust's borrow-checker does not allow to pass
references between threads which forced us to have the sockets on the
same thread as the packet processing.
Like we already did in other places in `connlib`, this can be solved
through the use of buffer pools. Using a buffer pool, we can use heap
allocations to store the received packets without having to make a new
allocation every time we read new packets. Instead, we can have a
dedicated thread that is connected to `connlib`'s packet processing
thread via two channels (one for inbound and one for outbound packets).
These channels are bounded, which ensures backpressure is maintained in
case one of the two threads lags behind. These bounds also mean that we
have at most N buffers from the buffer pool in-flight (where N is the
capacity of the channel).
Within those dedicated threads, we can then use `async/await` notation
to suspend the entire task when a socket isn't ready for sending.
Resolves: #8000
We are currently naively chunking our buffer into `segment_size *
max_gso_segments()`. `max_gso_segments` is by default 64. Assuming we
processed several IP packets, this would quickly balloon to a size that
the kernel cannot handle. For example, during an `iperf3` run, we
receive _a lot_ of packets at maximum MTU size (1280). With the overhead
that we are adding to the packet, this results in a UDP payload size of
1320.
```
1320 x 64 = 84480
```
That is way too large for the kernel to handle and it will fail the
`sendmsg` call with `EMSGSIZE`. Unfortunately, this error wasn't
surfaced because `quinn_udp` handles it internally because it can also
happen as a result of MTU probes.
We've already patched `quinn_udp` in the past to move the handling of
more quinn-specific errors to the infallible `send` function. The same
is being done for this error in
https://github.com/quinn-rs/quinn/pull/2199.
Resolves: #8699
Bumps [hastscript](https://github.com/syntax-tree/hastscript) from 9.0.0
to 9.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/syntax-tree/hastscript/releases">hastscript's
releases</a>.</em></p>
<blockquote>
<h2>9.0.1</h2>
<ul>
<li>91f71e3 Update <code>property-information</code></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syntax-tree/hastscript/compare/9.0.0...9.0.1">https://github.com/syntax-tree/hastscript/compare/9.0.0...9.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1284c85bfa"><code>1284c85</code></a>
9.0.1</li>
<li><a
href="fd7f68e80c"><code>fd7f68e</code></a>
Refactor docs</li>
<li><a
href="05c2b84dd8"><code>05c2b84</code></a>
Fix TypeScript generating broken types</li>
<li><a
href="f7503e337c"><code>f7503e3</code></a>
Refactor code-style</li>
<li><a
href="d121b05c95"><code>d121b05</code></a>
Refactor <code>package.json</code></li>
<li><a
href="0a4cac8c23"><code>0a4cac8</code></a>
Remove license year</li>
<li><a
href="7a365c2d9e"><code>7a365c2</code></a>
Refactor <code>.prettierignore</code></li>
<li><a
href="7406377f7f"><code>7406377</code></a>
Refactor <code>.editorconfig</code></li>
<li><a
href="61d871f02b"><code>61d871f</code></a>
Add <code>.tsbuildinfo</code> to <code>.gitignore</code></li>
<li><a
href="9fbfca7a6f"><code>9fbfca7</code></a>
Update actions</li>
<li>Additional commits viewable in <a
href="https://github.com/syntax-tree/hastscript/compare/9.0.0...9.0.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [asciinema-player](https://github.com/asciinema/asciinema-player)
from 3.8.2 to 3.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/asciinema/asciinema-player/releases">asciinema-player's
releases</a>.</em></p>
<blockquote>
<h2>3.9.0</h2>
<p>Notable changes:</p>
<ul>
<li>keyboard shortcuts are now easily discoverable via help popup
triggered with <code>?</code> key or the keyboard icon in the control
bar</li>
<li>added "step back", triggered with <code>,</code> (comma)
key, a complementary feature for existing "step forward"
(<code>.</code> key)</li>
<li>refactored websocket driver, and upgraded it for recent changes in
ALiS protocol (uses WS subprotocol negotiation, supports both 8 and 16
color palettes, partially supports input and marker events, and
more)</li>
<li>player's core can now be run in a split mode, which greatly improves
UI responsiveness in certain cases (see below)</li>
</ul>
<p>The split mode, runs player's UI and player's core (parsing, terminal
emulation) in separate OS threads, which improves UI's responsiveness
during playback. In this setup the UI code runs in the window context,
while the processing code runs in a <a
href="https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API">WebWorker</a>.
The benefit of this configuration is typically observed only for high
frame-rate / high bandwidth recordings. The player hosted on
asciinema.org runs in the split mode. For typical demos/sessions it's
not worth the setup hassle. This is advanced setup and in 99% of the
cases you don't need it.</p>
<h2>3.9.0-rc.2</h2>
<p>No release notes provided.</p>
<h2>3.9.0-rc.1</h2>
<p>No release notes provided.</p>
<h2>3.8.3-rc.1</h2>
<p>No release notes provided.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3ac2da689e"><code>3ac2da6</code></a>
Bump version</li>
<li><a
href="5621174a9d"><code>5621174</code></a>
Bump version</li>
<li><a
href="fe6691de48"><code>fe6691d</code></a>
Fix control bar layout for live streams</li>
<li><a
href="6b454d61cd"><code>6b454d6</code></a>
Fix logging in worker</li>
<li><a
href="ac1095c940"><code>ac1095c</code></a>
Remove ESM export for the worker as it's not usable</li>
<li><a
href="eb248c7471"><code>eb248c7</code></a>
Bump version</li>
<li><a
href="808ff27acf"><code>808ff27</code></a>
Add step back with the comma (,) key</li>
<li><a
href="148b92797f"><code>148b927</code></a>
Add keyboard icon to control bar for keyboard shortcuts
discoverability</li>
<li><a
href="22dc53b02a"><code>22dc53b</code></a>
Improve log messages in the view</li>
<li><a
href="d142aec742"><code>d142aec</code></a>
Improve UI responsiveness by moving all processing (terminal emulation,
etc) ...</li>
<li>Additional commits viewable in <a
href="https://github.com/asciinema/asciinema-player/compare/v3.8.2...v3.9.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
