This was originally supposed to help resolve "too many open file"
errors in the test runner, but we could not prove that this made any
difference. Still, it doesn't seem to hurt. Tests start up ~6%
faster (several seconds difference on my workstation).
This adds 3 new methods to FairPlayUtils:
- isFairPlaySupported --> Closes PR #3562
- spcFairPlayRequest --> This method adds basic spc FairPlay request filter
- commonFairPlayResponse --> This method adds a basic FairPlay response filter that supports a lot of DRM providers.
In #3991, I changed the syntax of our colors to a modern rgba syntax.
For example, rgba(255, 255, 255, 0.85) would become rgba(255 255 255 /
85%). However, less v3 seems not to understand that properly, and
performs division on the last two parts, resulting in output of
rgba(255 255 3%), which is indeed invalid.
This fixes the issue by upgrading to less v4, which understands the
new rgba syntax and leaves it alone. The output for that will now
match the input.
To work around an issue with less v4, this uses a prerelease version
with a fix for https://github.com/less/less.js/issues/3693 . See also
https://github.com/tomas/needle/issues/391
This doesn't affect any release branches, since #3991 hasn't been
cherry-picked.
Closes#4027
HLS now appends segments in sequence mode. In order to handle seeks,
we set the timestampOffset property on SourceBuffer to the startTime of
the segment. This is done after every seek, or on startup.
For non-sequence-mode content (DASH), we normally set timestampOffset
based on the Period structure. This should be suppressed in sequence
mode, though, where only the reference startTime matters.
The buffering issue was caused by two things in combination:
1. The HLS parser set meaningless timestampOffset values that would
change when a playlist was updated
2. We would use those timestampOffset values in setStreamProperties,
even though this should be skipped in sequence mode
These two things in combination would lead MediaSourceEngine to start
inserting segments near the start of the presentation, rather than at
the live edge.
This changes MediaSourceEngine so that in sequence mode, timestampOffset
is ignored in setStreamProperties. This also cleans up the HLS parser
to set each reference's timestampOffset to 0, since they should be
ignored anyway.
These projects have vulnerable dependencies, but are not being
properly maintained. This replaces both with forks that have upgraded
their deps.
This brings the NPM audit vulnerability count from 6 to 0.
Now that we are building tools to keep common workflows in sync across
repos, we should use the same names across repos. This brings Shaka
Player workflow names in line with everything else.
See https://github.com/joeyparrish/shaka-github-tools/pull/5
This updates the jsdoc fork to one based on the latest jsdoc. (The
fork adds features for tutorial sorting.)
We also have an in-repo fork of the default jsdoc template from 2019.
The newer default template no longer includes the same dependencies,
so three deps we used to get transitively from jsdoc are now explicit
at the shaka-player level: open-sans-fonts, code-prettify, and
color-themes-for-google-code-prettify. This is appropriate, since the
dependency comes from our in-repo fork of the default template.
This upgrade brings our NPM audit vulnerabilities from 10 to 6.
1. When release-please creates release PRs, it removes the -uncompiled
tag in the version number in lib/player.js. This adds a step to the
workflow to maintain the player.js version manually.
2. This also adds a new job that tags the master branch after a
release PR is merged. We maintain the -master tags on the master
branch corresponding to each release so that it is easier to manage
the range of commits for cherry-picks.
3. The "npm ci" step was failing because our package-lock.json was not
compatible with v12 of NodeJS. This updates our workflow to use v16.
The npm release workflow has now been tested in a fork up until the
publish step.
4. The tagging and GitHub release publication parts of the workflow
were previously failing due to an issue with release-please parsing
the branch name. This has now been fixed, and is awaiting an upstream
merge. For now, we can use my forked version.
Closes#3968 (branch parsing failure)
Issue #3969 (npm release is now tested up to the publish step)
Closes#3971 (master branch tags)
Closes#3974 (missing -uncompiled in lib/player.js)
The new version requires additional configuration for less syntax, and
has new default rules we were out of compliance with.
I disabled rules about avoiding explicit vendor prefixes (such as
"-webkit") because we are not using any auto-prefixer tools. Other
violations have been fixed:
- kebab-case for element ids
- quotes around URLs
- double quotes instead of single quotes
- disable class selector pattern matching for MDL (external)
- use modern rgb/rgba syntax
- no quotes on font families
- no long-hand when short-hand will do
This brings our NPM audit vulnerabilities from 20 down to 10.
The old template is bulky and does not reflect the new workflows we
have on GitHub. All that is really critical is that users start using
Conventional Commits syntax and tag issue numbers.
Downgrade less to v3. v4 is failing on macOS for some reason. See
less/less.js#3693
This also makes some less/CSS changes that are useful for future
upgrades:
- wrap all calculations in calc(), which is required in less v4
- remove unneeded @transparent variable
Finally, this fixes an erroneous error message that said "extern
generation failed" instead of "CSS compilation failed".
Closes#3981
Fixes#3079
When running custom asset tests with the custom license server parameter, it is easy to make mistakes on the argument value. The `--test-custom-license-server` option expects the user to pass in a key-value pair of `KEYSYSTEM_ID=LICENSE_SERVER_URL`. This change checks if the provided value has `KEYSYSTEM_ID` as its key through a custom argparse type.
In Tizen 2/3 and WebOS 3.x there is no support for SourceBuffer.mode=sequence so as a result of change #2337, it necessary disable support for the HLS parser so that the user can at least use the native one with src= .
This updates the compiler and closure library to the latest releases.
This required a few small tweaks:
- Drop custom extern for WebCrypto (now built into the compiler)
- Remove require() in cea parser, only used in `throws` annotations
- Hack around a typing issue in a fake version of TextTrack in tests
If a manifest lists 2 audio streams, select the first acceptable stream instead of the last one. For example below, previously the 2nd stream was selected, and now the first stream will be selected. Other players like roku, video.js and exoplayer select the first one.
```
#EXT-X-MEDIA:TYPE=AUDIO,URI="stream_1.m3u8",GROUP-ID="default-audio-group",NAME="128k",AUTOSELECT=YES,CHANNELS="2"
#EXT-X-MEDIA:TYPE=AUDIO,URI="stream_2.m3u8",GROUP-ID="default-audio-group",NAME="64k",CHANNELS="2"
(video streams snipped)
```
Most dependencies are not used in Shaka Player itself, but in our
build and test infra or in our demo app. Still, GitHub reported 29
potential vulnerabilities in these deps, and NPM reported 37.
The changes below being NPM's audit report from 37 down to 24
vulnerabilities.
Detailed updates:
- Dropped explicit deps for transitive dependencies that we no longer
need to update for ourselves:
- ua-parser-js (via karma)
- Dropped because we no longer need them:
- karma-ie-launcher
- Updated to latest versions:
- awesomplete
- core-js
- dialog-polyfill
- htmlhint
- jimp
- karma*
- less
- pwacompat
- rimraf
- tippy.js
- which
- Updated as far as possible without code or config changes in Shaka:
- mux.js
- stylelint*
- Still needs an update:
- *babel*
- eslint
- eslint-config-google
- google-closure-compiler
- google-closure-library
Some of the vulnerabilities stem from stylelint, babel, and others
that haven't been updated yet, so follow-up work is needed to address
those with breaking updates.
mux.js is actually used at runtime (optional), so it was only updated
to the latest non-breaking release.
We double-check the version in the changelog to make sure it matches
the npm and player versions. But with our new release automation, we
have a new changelog format. This updates the parsing so that release
checks can succeed.
EventStreams in DASH generate TimelineRegionInfo objects, which are
then stored in the RegionTimeline and RegionObserver classes. But
DashParser would add all regions to RegionTimeline, even if they would
be quickly removed again, and RegionObserver would cache some regions
from the timeline without ever removing them.
This fixes the issue from both of those directions. DashParser will
now ignore regions that are outside the DVR window (and therefore
would soon be removed from RegionTimeline), and RegionObserver listens
to an event on RegionTimeline to clean up its own storage when regions
fall outside the DVR window during playback.
Closes#3949 (memory leak in DASH live streams with inband EventStream)
When running in sequence mode, we ignore the normal timestamps
of video and audio segments. This lead to problems in some Apple-
encoded webvtt content, which used the X-TIMESTAMP-MAP tag to account
for the timestamp offsets in their video. Thus, those subtitles would
end up 10 seconds offset.
This changes the webvtt parser to ignore the X-TIMESTAMP-MAP when in
sequence mode.
Issue #2337
Three classes (RegionTimeline, RegionObserver, and QualityObserver)
were all designed with callbacks instead of events. A single callback
is inflexible compared to events, which allow multiple listeners. We
already have a long-standing and robust event system, so why not use
it?
Issue #3949 (memory leak in DASH live streams with inband EventStream)
Before, we would count on all event listeners for FakeEventTargets to
be cleaned up by the object that listens. Now, FakeEventTarget
implements IReleasable, so that all listeners are removed when owners
call release().
For objects extending FakeEventTarget and also implementing
IDestroyable, the destroy() methods will call out to super.release()
to clean up listeners then. The owner should use destroy() in those
cases.
Issue #3949 (memory leak in DASH live streams with inband EventStream)
Force-pushes from automated PRs (like release-please) do not seem to
trigger any of the normal PR triggers (opened, edited, synchronize).
In fact, even an exhaustive list of types will not work. So here we
add triggers for reviews, so that the validation will run after
someone approves such a PR. This is critical since this is a required
status check in most of our repos. If the workflow doesn't run, the
release PR can't be merged.
This includes a temporary config file to bootstrap the workflow for
the master branch, whose commit and branch history is too confusing
for the tool to handle with defaults. After v3.4.0 is released from
the master branch, these configs can be deleted.
CI for Firefox on Linux is failing because of (I suspect) an outdated
package index in Ubuntu. This addresses it by updating the package
list before installing ffmpeg.
Instead of waiting for the playhead to reach a specific time that we
know to be the end, then expecting ended to be true, we can use the
purpose-built waiter that waits for the ended event.
We also need to set the timeout explicitly, so that we have enough
time to play through to the end.
This updates the roadmap for v3.2 and v3.3 (out) and v3.4 (upcoming).
This also trims down our current priorities to what the team at Google
will be addressing in the near term.
Joey Parrish
Álvaro Velad Galván
Dulmandakh
Shaka Bot
theodab
JH
wjywbs
Patrick Cruikshank