This project is a web video player that complies with the WCAG and RGAA accessibility guidelines and implements the WAI-ARIA specification. It is driven by MFP's determination to adapt France Télévisions's video accessibility requirements to the web.
Other
19
stars
1
forks
source link
Bump json5, babel-loader, webpack, copy-webpack-plugin and html-webpack-plugin #92
Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)
v2.2.2
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
v2.2.1
Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
removed cjs wrapper and generated types in commonjs format (export = and namespaces used in types), now you can directly use exported types (#654) (5901006)
removed cjs wrapper and generated types in commonjs format (export = and namespaces used in types), now you can directly use exported types (#654) (5901006)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mfpaccessibilite/MFP_AccessPlayer/network/alerts).
Bumps json5 to 2.2.3 and updates ancestor dependencies json5, babel-loader, webpack, copy-webpack-plugin and html-webpack-plugin. These dependencies need to be updated together.
Updates
json5from 2.2.0 to 2.2.3Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
Commits
c3a75242.2.394fd06ddocs: update CHANGELOG for v2.2.33b8cebfdocs(security): use GitHub security advisoriesf0fd9e1docs: publish a security policy6a91a05docs(template): bug -> bug report14f8cb12.2.210cc7cadocs: update CHANGELOG for v2.2.27774c10fix: add proto to objects and arraysedde30aReadme: slight tweak to intro97286f8Improve example in readmeUpdates
babel-loaderfrom 8.2.2 to 8.3.0Release notes
Sourced from babel-loader's releases.
Commits
9bf56528.3.080ab7d0Update@babel/dependencies493ac6cPass external dependencies from Babel to Webpack (#971)df28fe3Fix broken main test (#950)0b338e4update hash method so it doesn't fail on a fips enabled machine (#939)1f98d3c8.2.5c622868fix: respectinputSourceMaploader option (#896)f7982c18.2.44bb9e21Use md5 hashing for OpenSSL 3 (#924)247c94bBump loader-utils to 2.x (#931)Updates
webpackfrom 4.46.0 to 5.75.0Release notes
Sourced from webpack's releases.
... (truncated)
Commits
8241da75.75.0a91d923Merge pull request #16458 from webpack/bugfix/semi4608b11Merge pull request #16457 from webpack/tooling/updatedfdd0b0Merge pull request #16122 from AnmolBansalDEV/bug/compilationCallback23b9a1cMerge pull request #16167 from exposir/fixts6f2c5e8Merge pull request #16257 from alexzhang1030/calc_deterministic_verbosef7f36adMerge pull request #16339 from Liamolucko/wasm-i64761a542fix semicolon position2403a36Merge pull request #16345 from ahabhgk/fix-eval-nosourcesc18203cupdate toolingUpdates
copy-webpack-pluginfrom 5.1.2 to 11.0.0Release notes
Sourced from copy-webpack-plugin's releases.
... (truncated)
Changelog
Sourced from copy-webpack-plugin's changelog.
... (truncated)
Commits
f3b2c24chore(release): 11.0.08424ca8chore(deps): regenerate lock file (#693)675c676build: drop node v12 (#691)a2b1f19chore: update gitub actions (#692)238c062chore: upgrade dependencies to the latest version (#688)e27006eci: remove node v17 (#687)e50d708chore: add node 18 to workflow (#686)f1a91e6ci: don't install webpack again (#680)64cf06fdocs: add path string to options signature (#683)4b18a6bdocs: improve readmeUpdates
html-webpack-pluginfrom 4.5.2 to 5.5.0Changelog
Sourced from html-webpack-plugin's changelog.
... (truncated)
Commits
873d75bchore(release): 5.5.0ddeb774chore: update examples1e42625feat: Support type=module via scriptLoading option7d3645bBump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-380779be779[chore] changes actions to run on pull_requestsb7e5859[chore] fixes CI to avoid race conditions48131d3chore(release): 5.4.016a841a[chore] rebuild examples3bb7c17Update index.jse38ac97Update index.jsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mfpaccessibilite/MFP_AccessPlayer/network/alerts).