Closed renovate[bot] closed 2 months ago
This PR contains the following updates:
7.15.0
7.15.1
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
📅 Schedule: Branch creation - "" in timezone US/Eastern, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
This PR contains the following updates:
7.15.0->7.15.1GitHub Vulnerability Alerts
CVE-2021-23414
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
Release Notes
videojs/video.js (video.js)
### [`v7.15.1`](https://redirect.github.com/videojs/video.js/blob/HEAD/CHANGELOG.md#7151-2021-08-23) [Compare Source](https://redirect.github.com/videojs/video.js/compare/v7.15.0...v7.15.1) ##### Bug Fixes - prevent cached inactivityTimeout from being overwritten with 0 ([#7383](https://redirect.github.com/videojs/video.js/issues/7383)) ([1f4d95b](https://redirect.github.com/videojs/video.js/commit/1f4d95b)), closes [#7313](https://redirect.github.com/videojs/video.js/issues/7313) - **lang:** fix typo in de locale for progress bar ([#7380](https://redirect.github.com/videojs/video.js/issues/7380)) ([9e82035](https://redirect.github.com/videojs/video.js/commit/9e82035)) ##### Chores - add a release and deploy Github Action ([#7385](https://redirect.github.com/videojs/video.js/issues/7385)) ([957c6fa](https://redirect.github.com/videojs/video.js/commit/957c6fa)) ##### Documentation - **react:** Fix typo ([#7375](https://redirect.github.com/videojs/video.js/issues/7375)) ([05083bb](https://redirect.github.com/videojs/video.js/commit/05083bb)) - **react:** update react functional component tutorial ([#7377](https://redirect.github.com/videojs/video.js/issues/7377)) ([d07a9de](https://redirect.github.com/videojs/video.js/commit/d07a9de))Configuration
📅 Schedule: Branch creation - "" in timezone US/Eastern, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.