Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade video.js from 7.7.5 to 7.15.3 #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade video.js from 7.7.5 to 7.15.3 #3

wants to merge 1 commit into from

Conversation

CR-Snyk
Copy link

@CR-Snyk CR-Snyk commented Nov 27, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Improper Input Validation
SNYK-JS-XMLDOM-1534562		 No No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Prototype Pollution
SNYK-JS-XMLDOM-3042242		 No No Known Exploit
critical severity 811/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.8		 Improper Input Validation
SNYK-JS-XMLDOM-3092935		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: video.js The new version differs by 222 commits.
  • 87d4dce 7.15.3
  • 1ddcfde fix: update VHS to fix xmldom warning (#7395)
  • 97b7a2e 7.15.2
  • af484ec chore: specify bucket for CDN push (#7393)
  • 5acf619 7.15.1
  • d07a9de docs(react): update react functional component tutorial (#7377)
  • 957c6fa chore: add a release and deploy Github Action (#7385)
  • 1f4d95b fix: prevent cached inactivityTimeout from being overwritten with 0 (#7383)
  • 9e82035 fix(lang): fix typo in de locale for progress bar (#7380)
  • 05083bb docs(react): Fix typo (#7375)
  • ef1fce6 7.15.0
  • 8afde12 fix(package): update to VHS 2.10.0 (#7351)
  • 5c2a45b feat(lang): add Romanian language and update translations doc. (#7300)
  • eb8f802 refactor: remove most usage of innerHTML (#7337)
  • ada25c4 fix: evented should cleanup dom data (#7350)
  • 774f9e7 feat(hooks): Error hooks (#7349)
  • ad9546c feat(time-ranges): make TimeRanges iteratable if Symbol.iterator exists (#7330)
  • 2ad4d60 fix: prevent control bar clicks/taps with while user inactive (#7329)
  • e90ae32 feat(lang): add Hindi Language translation (#7327)
  • 956379c fix: use click event for tech click event (#7302)
  • c699140 feat(package): update to @ videojs/xhr@2.6 to add httpHandler helper (#7348)
  • 3777f94 7.14.3
  • b483a76 fix: don't add anchor to DOM for getAbsoluteURL (#7336)
  • b3acf66 fix: remove IE8 url parsing workaround (#7334)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Improper Input Validation

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@CR-Snyk @snyk-bot