You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ npm audit
# npm audit report
@xmldom/xmldom <0.8.3
Severity: moderate
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom - https://github.com/advisories/GHSA-9pgh-qqpf-7wqj
fix available via `npm audit fix --force`
Will install video.js@7.15.2, which is a breaking change
node_modules/@xmldom/xmldom
mpd-parser 0.19.0 - 0.22.0 || 1.0.0
Depends on vulnerable versions of @xmldom/xmldom
node_modules/mpd-parser
@videojs/http-streaming >=2.10.2
Depends on vulnerable versions of mpd-parser
node_modules/@videojs/http-streaming
video.js >=7.15.3
Depends on vulnerable versions of @videojs/http-streaming
Depends on vulnerable versions of mpd-parser
node_modules/video.js
4 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
What version of Video.js are you using?
7.20.3
Video.js plugins used.
videojs-http-streaming 2.14.3
What browser(s) including version(s) does this occur with?
all
What OS(es) and version(s) does this occur with?
all
The text was updated successfully, but these errors were encountered:
If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.
To help make it easier for us to investigate your issue, please follow the contributing guidelines.
Thanks, there's already an issue about this - #7958 - so closing this as a duplicate. mpd-parser itself is already updated, http-streaming and video.js will be too in due course.
Description
Using the latest version of video.js causes a security advisory on GitHub because of an outdated xmldom dependency
GHSA-9pgh-qqpf-7wqj
Reduced test case
No response
Steps to reproduce
Errors
What version of Video.js are you using?
7.20.3
Video.js plugins used.
videojs-http-streaming 2.14.3
What browser(s) including version(s) does this occur with?
all
What OS(es) and version(s) does this occur with?
all
The text was updated successfully, but these errors were encountered: