chore(deps): update dependency video.js to v7 [security]

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
video.js (source)	6.9.0 -> 7.14.3

GitHub Vulnerability Alerts

CVE-2021-23414

This affects the package video.js before 7.14.3.
The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

---

Release Notes

videojs/video.js (video.js)

v7.14.3

Compare Source

Features

• hooks: Error hooks (#​7349) (774f9e7)
• lang: add Hindi Language translation (#​7327) (e90ae32)
• lang: add Romanian language and update translations doc. (#​7300) (5c2a45b)
• package: update to @​videojs/xhr@​2.6 to add httpHandler helper (#​7348) (c699140)
• time-ranges: make TimeRanges iterable if Symbol.iterator exists (#​7330) (ad9546c)

Bug Fixes

• package: update to VHS 2.10.0 (#​7351) (8afde12)
• evented should cleanup dom data (#​7350) (ada25c4)
• prevent control bar clicks/taps with while user inactive (#​7329) (2ad4d60)
• use click event for tech click event (#​7302) (956379c)

Code Refactoring

• remove most usage of innerHTML (#​7337) (eb8f802)

7.14.3 (2021-07-26)

Bug Fixes

• don't add anchor to DOM for getAbsoluteURL (#​7336) (b483a76)
• remove IE8 url parsing workaround (#​7334) (b3acf66)

7.14.2 (2021-07-19)

Bug Fixes

• dom: in removeClass, check element for null in case of a disposed player (#​6701) (2990cc7)

7.14.1 (2021-07-14)

Bug Fixes

• package: update to VHS 2.9.2 (#​7320) (fff0611)
• all !important properties of vjs-lock-showing (#​7312) (508a424)
• properly return promise from requestFullscreen and exitFullscreen (#​7299) (3921b7f), closes #​7298
• remove loading spinner on ended (#​7311) (14da28d), closes videojs/http-streaming#1156

Chores

• use setup-node cache and remove individual cache step (#​7310) (fab6e87)

Documentation

• react: Added a functional React component using React.useEffect (#​7203) (2360236)

v7.14.2

Compare Source

Features

• hooks: Error hooks (#​7349) (774f9e7)
• lang: add Hindi Language translation (#​7327) (e90ae32)
• lang: add Romanian language and update translations doc. (#​7300) (5c2a45b)
• package: update to @​videojs/xhr@​2.6 to add httpHandler helper (#​7348) (c699140)
• time-ranges: make TimeRanges iterable if Symbol.iterator exists (#​7330) (ad9546c)

Bug Fixes

• package: update to VHS 2.10.0 (#​7351) (8afde12)
• evented should cleanup dom data (#​7350) (ada25c4)
• prevent control bar clicks/taps with while user inactive (#​7329) (2ad4d60)
• use click event for tech click event (#​7302) (956379c)

Code Refactoring

• remove most usage of innerHTML (#​7337) (eb8f802)

7.14.3 (2021-07-26)

Bug Fixes

• don't add anchor to DOM for getAbsoluteURL (#​7336) (b483a76)
• remove IE8 url parsing workaround (#​7334) (b3acf66)

7.14.2 (2021-07-19)

Bug Fixes

• dom: in removeClass, check element for null in case of a disposed player (#​6701) (2990cc7)

7.14.1 (2021-07-14)

Bug Fixes

• package: update to VHS 2.9.2 (#​7320) (fff0611)
• all !important properties of vjs-lock-showing (#​7312) (508a424)
• properly return promise from requestFullscreen and exitFullscreen (#​7299) (3921b7f), closes #​7298
• remove loading spinner on ended (#​7311) (14da28d), closes videojs/http-streaming#1156

Chores

• use setup-node cache and remove individual cache step (#​7310) (fab6e87)

Documentation

• react: Added a functional React component using React.useEffect (#​7203) (2360236)

v7.14.1

Compare Source

Features

• hooks: Error hooks (#​7349) (774f9e7)
• lang: add Hindi Language translation (#​7327) (e90ae32)
• lang: add Romanian language and update translations doc. (#​7300) (5c2a45b)
• package: update to @​videojs/xhr@​2.6 to add httpHandler helper (#​7348) (c699140)
• time-ranges: make TimeRanges iterable if Symbol.iterator exists (#​7330) (ad9546c)

Bug Fixes

• package: update to VHS 2.10.0 (#​7351) (8afde12)
• evented should cleanup dom data (#​7350) (ada25c4)
• prevent control bar clicks/taps with while user inactive (#​7329) (2ad4d60)
• use click event for tech click event (#​7302) (956379c)

Code Refactoring

• remove most usage of innerHTML (#​7337) (eb8f802)

7.14.3 (2021-07-26)

Bug Fixes

• don't add anchor to DOM for getAbsoluteURL (#​7336) (b483a76)
• remove IE8 url parsing workaround (#​7334) (b3acf66)

7.14.2 (2021-07-19)

Bug Fixes

• dom: in removeClass, check element for null in case of a disposed player (#​6701) (2990cc7)

7.14.1 (2021-07-14)

Bug Fixes

• package: update to VHS 2.9.2 (#​7320) (fff0611)
• all !important properties of vjs-lock-showing (#​7312) (508a424)
• properly return promise from requestFullscreen and exitFullscreen (#​7299) (3921b7f), closes #​7298
• remove loading spinner on ended (#​7311) (14da28d), closes videojs/http-streaming#1156

Chores

• use setup-node cache and remove individual cache step (#​7310) (fab6e87)

Documentation

• react: Added a functional React component using React.useEffect (#​7203) (2360236)

v7.14.0

Compare Source

Features

• hooks: Error hooks (#​7349) (774f9e7)
• lang: add Hindi Language translation (#​7327) (e90ae32)
• lang: add Romanian language and update translations doc. (#​7300) (5c2a45b)
• package: update to @​videojs/xhr@​2.6 to add httpHandler helper (#​7348) (c699140)
• time-ranges: make TimeRanges iterable if Symbol.iterator exists (#​7330) (ad9546c)

Bug Fixes

• package: update to VHS 2.10.0 (#​7351) (8afde12)
• evented should cleanup dom data (#​7350) (ada25c4)
• prevent control bar clicks/taps with while user inactive (#​7329) (2ad4d60)
• use click event for tech click event (#​7302) (956379c)

Code Refactoring

• remove most usage of innerHTML (#​7337) (eb8f802)

7.14.3 (2021-07-26)

Bug Fixes

• don't add anchor to DOM for getAbsoluteURL (#​7336) (b483a76)
• remove IE8 url parsing workaround (#​7334) (b3acf66)

7.14.2 (2021-07-19)

Bug Fixes

• dom: in removeClass, check element for null in case of a disposed player (#​6701) (2990cc7)

7.14.1 (2021-07-14)

Bug Fixes

• package: update to VHS 2.9.2 (#​7320) (fff0611)
• all !important properties of vjs-lock-showing (#​7312) (508a424)
• properly return promise from requestFullscreen and exitFullscreen (#​7299) (3921b7f), closes #​7298
• remove loading spinner on ended (#​7311) (14da28d), closes videojs/http-streaming#1156

Chores

• use setup-node cache and remove individual cache step (#​7310) (fab6e87)

Documentation

• react: Added a functional React component using React.useEffect (#​7203) (2360236)

v7.13.4

Compare Source

Features

• add ended getter middleware (#​7287) (c74c27d)

7.13.4 (2021-06-30)

Bug Fixes

• lang: add some translations to es.json (#​6822) (fbcfb7b)
• throw error on muted resolution rejection during autoplay (#​7293) (f9fb1d3)
• event: event polyfill detection compatibility with react-native-web (#​7286) (a221be1), closes #​7259
• lang: improve Hungarian translation (#​7289) (0f70787)

Chores

• add a code coverage ci workflow (#​7282) (4cecbda)

7.13.3 (2021-06-23)

Chores

• republish with VHS 2.9.1 (4b50f82)

7.13.2 (2021-06-22)

Bug Fixes

• package: update to VHS 2.9.1 (#​7284) (cee5fa3), closes #​7230

7.13.1 (2021-06-14)

Bug Fixes

• do a null check on playbackRates player method (#​7273) (6888798)

v7.13.3

Compare Source

Features

• add ended getter middleware (#​7287) (c74c27d)

7.13.4 (2021-06-30)

Bug Fixes

• lang: add some translations to es.json (#​6822) (fbcfb7b)
• throw error on muted resolution rejection during autoplay (#​7293) (f9fb1d3)
• event: event polyfill detection compatibility with react-native-web (#​7286) (a221be1), closes #​7259
• lang: improve Hungarian translation (#​7289) (0f70787)

Chores

• add a code coverage ci workflow (#​7282) (4cecbda)

7.13.3 (2021-06-23)

Chores

• republish with VHS 2.9.1 (4b50f82)

7.13.2 (2021-06-22)

Bug Fixes

• package: update to VHS 2.9.1 (#​7284) (cee5fa3), closes #​7230

7.13.1 (2021-06-14)

Bug Fixes

• do a null check on playbackRates player method (#​7273) (6888798)

v7.13.2

Compare Source

Features

• add ended getter middleware (#​7287) (c74c27d)

7.13.4 (2021-06-30)

Bug Fixes

• lang: add some translations to es.json (#​6822) (fbcfb7b)
• throw error on muted resolution rejection during autoplay (#​7293) (f9fb1d3)
• event: event polyfill detection compatibility with react-native-web (#​7286) (a221be1), closes #​7259
• lang: improve Hungarian translation (#​7289) (0f70787)

Chores

• add a code coverage ci workflow (#​7282) (4cecbda)

7.13.3 (2021-06-23)

Chores

• republish with VHS 2.9.1 (4b50f82)

7.13.2 (2021-06-22)

Bug Fixes

• package: update to VHS 2.9.1 (#​7284) (cee5fa3), closes #​7230

7.13.1 (2021-06-14)

Bug Fixes

• do a null check on playbackRates player method (#​7273) (6888798)

v7.13.1

Compare Source

Features

• add ended getter middleware (#​7287) (c74c27d)

7.13.4 (2021-06-30)

Bug Fixes

• lang: add some translations to es.json (#​6822) (fbcfb7b)
• throw error on muted resolution rejection during autoplay (#​7293) (f9fb1d3)
• event: event polyfill detection compatibility with react-native-web (#​7286) (a221be1), closes #​7259
• lang: improve Hungarian translation (#​7289) (0f70787)

Chores

• add a code coverage ci workflow (#​7282) (4cecbda)

7.13.3 (2021-06-23)

Chores

• republish with VHS 2.9.1 (4b50f82)

7.13.2 (2021-06-22)

Bug Fixes

• package: update to VHS 2.9.1 (#​7284) (cee5fa3), closes #​7230

7.13.1 (2021-06-14)

Bug Fixes

• do a null check on playbackRates player method (#​7273) (6888798)

v7.13.0

Compare Source

Features

• add ended getter middleware (#​7287) (c74c27d)

7.13.4 (2021-06-30)

Bug Fixes

• lang: add some translations to es.json (#​6822) (fbcfb7b)
• throw error on muted resolution rejection during autoplay (#​7293) (f9fb1d3)
• event: event polyfill detection compatibility with react-native-web (#​7286) (a221be1), closes #​7259
• lang: improve Hungarian translation (#​7289) (0f70787)

Chores

• add a code coverage ci workflow (#​7282) (4cecbda)

7.13.3 (2021-06-23)

Chores

• republish with VHS 2.9.1 (4b50f82)

7.13.2 (2021-06-22)

Bug Fixes

• package: update to VHS 2.9.1 (#​7284) (cee5fa3), closes #​7230

7.13.1 (2021-06-14)

Bug Fixes

• do a null check on playbackRates player method (#​7273) (6888798)

v7.12.4

Compare Source

Features

• Add helper classes for 9:16 and 1:1 (#​7219) (35ad17a)
• Add normalizeAutoplay option to treat autoplay: true as autoplay: "play" (#​7190) (b4ad93a)
• Add option to use full window mode instead of using tech's fullscreen (#​7218) (b86f083)
• update to VHS@​2.9.0 and mpd-parser@​0.17.0 (#​7269) (2ea05b4)
• package: add VHS deps as Video.js deps (#​7263) (39de502), closes #​7091 #​7209 #​7144 #​7109
• player: Add playbackRates() method (#​7228) (6259ef7), closes #​7198

Documentation

• Fix typo in CONTRIBUTING.md (#​7260) (380a9b5)

7.12.4 (2021-06-02)

Bug Fixes

• allow Video.js to be required in an env without setTimeout (#​7247) (8082c5a)
• player: accept data for fullscreenchange and error events from the tech (#​7254) (41d5eb3)
• seek-bar: remove event listener on dispose (#​7258) (c70c298)

Chores

• component: update comment around triggering ready in component (#​7256) (11ac0b9)
• Update sass and remove now deprecated / for division. (#​7253) (b3503c9), closes #​7244

7.12.3 (2021-05-20)

Bug Fixes

• update to VHS 2.8.2 (#​7242) (f528767), closes #​7240

Chores

• revert back to gh-release@​3.5.0 for now (#​7241) (a4c9b12)

7.12.2 (2021-05-19)

Bug Fixes

• update to VHS 2.8.1 (#​7238) (c4cfa55)
• utils: add try and catch for computedStyle (#​7214) (90ce2d7)
• Better text for exit fullscreen (#​7183) (0e46624)
• Don't hide menus with one item and a title (#​7215) (d4a08de)
• exit full window mode with Esc key (#​7224) (e9953e5)
• incorrect focus styles on selected MenuItem (#​7202) (06cdb6f), closes #​7200
• make Playback Rate control work better with screen readers (#​7193) (17919ce), closes #​7121
• silence play promise in the play toggle. (#​7189) (2c6e439), closes #​6998
• user and programmatic seeks with live streams (#​7210) (39485fc)

Chores

• update 'global' package in dependencies (#​7213) (cb1d29b)
• update node/nvmrc and various dependencies (#​7221) (90f3e39), closes #​7216 #​6933 #​6924 #​7179

7.12.1 (2021-04-13)

Bug Fixes

• package: remove remove (#​7177) (9abba58), closes #​7176
• package: update vtt.js to allow server-side-rendering (#​7178) (a3bfeb7)
• package: upgrade VHS to 2.7.1 (#​7174) (f0d69cd)

v7.12.3

Compare Source

Features

• Add helper classes for 9:16 and 1:1 (#​7219) (35ad17a)
• Add normalizeAutoplay option to treat autoplay: true as autoplay: "play" (#​7190) (b4ad93a)
• Add option to use full window mode instead of using tech's fullscreen (#​7218) (b86f083)
• update to VHS@​2.9.0 and mpd-parser@​0.17.0 (#​7269) (2ea05b4)
• package: add VHS deps as Video.js deps (#​7263) (39de502), closes #​7091 #​7209 #​7144 #​7109
• player: Add playbackRates() method (#​7228) (6259ef7), closes #​7198

Documentation

• Fix typo in CONTRIBUTING.md (#​7260) (380a9b5)

7.12.4 (2021-06-02)

Bug Fixes

• allow Video.js to be required in an env without setTimeout (#​7247) (8082c5a)
• player: accept data for fullscreenchange and error events from the tech (#​7254) (41d5eb3)
• seek-bar: remove event listener on dispose (#​7258) (c70c298)

Chores

• component: update comment around triggering ready in component (#​7256) (11ac0b9)
• Update sass and remove now deprecated / for division. (#​7253) (b3503c9), closes #​7244

7.12.3 (2021-05-20)

Bug Fixes

• update to VHS 2.8.2 (#​7242) (f528767), closes #​7240

Chores

• revert back to gh-release@​3.5.0 for now (#​7241) (a4c9b12)

7.12.2 (2021-05-19)

Bug Fixes

• update to VHS 2.8.1 (#​7238) (c4cfa55)
• utils: add try and catch for computedStyle (#​7214) (90ce2d7)
• Better text for exit fullscreen (#​7183) (0e46624)
• Don't hide menus with one item and a title (#​7215) (d4a08de)
• exit full window mode with Esc key (#​7224) (e9953e5)
• incorrect focus styles on selected MenuItem (#​7202) (06cdb6f), closes #​7200
• make Playback Rate control work better with screen readers (#​7193) (17919ce), closes #​7121
• silence play promise in the play toggle. (#​7189) (2c6e439), closes #​6998
• user and programmatic seeks with live streams (#​7210) (39485fc)

Chores

• update 'global' package in dependencies (#​7213) (cb1d29b)
• update node/nvmrc and various dependencies (#​7221) (90f3e39), closes #​7216 #​6933 #​6924 #​7179

7.12.1 (2021-04-13)

Bug Fixes

• package: remove remove (#​7177) (9abba58), closes #​7176
• package: update vtt.js to allow server-side-rendering (#​7178) (a3bfeb7)
• package: upgrade VHS to 2.7.1 (#​7174) (f0d69cd)

v7.12.2

Compare Source

Features

• Add helper classes for 9:16 and 1:1 (#​7219) (35ad17a)
• Add normalizeAutoplay option to treat autoplay: true as autoplay: "play" (#​7190) (b4ad93a)
• Add option to use full window mode instead of using tech's fullscreen (#​7218) (b86f083)
• update to VHS@​2.9.0 and mpd-parser@​0.17.0 (#​7269) (2ea05b4)
• package: add VHS deps as Video.js deps (#​7263) (39de502), closes #​7091 #​7209 #​7144 #​7109
• player: Add playbackRates() method (#​7228) (6259ef7), closes #​7198

Documentation

• Fix typo in CONTRIBUTING.md (#​7260) (380a9b5)

7.12.4 (2021-06-02)

Bug Fixes

• allow Video.js to be required in an env without setTimeout (#​7247) (8082c5a)
• player: accept data for fullscreenchange and error events from the tech (#​7254) (41d5eb3)
• seek-bar: remove event listener on dispose (#​7258) (c70c298)

Chores

• component: update comment around triggering ready in component (#​7256) (11ac0b9)
• Update sass and remove now deprecated / for division. (#​7253) (b3503c9), closes #​7244

7.12.3 (2021-05-20)

Bug Fixes

• update to VHS 2.8.2 (#​7242) (f528767), closes #​7240

Chores

• revert back to gh-release@​3.5.0 for now (#​7241) (a4c9b12)

7.12.2 (2021-05-19)

Bug Fixes

• update to VHS 2.8.1 (#​7238) (c4cfa55)
• utils: add try and catch for computedStyle (#​7214) (90ce2d7)
• Better text for exit fullscreen (#​7183) (0e46624)
• Don't hide menus with one item and a title (#​7215) (d4a08de)
• exit full window mode with Esc key (#​7224) (e9953e5)
• incorrect focus styles on selected MenuItem (#​7202) (06cdb6f), closes #​7200
• make Playback Rate control work better with screen readers (#​7193) (17919ce), closes #​7121
• silence play promise in the play toggle. (#​7189) (2c6e439), closes #​6998
• user and programmatic seeks with live streams (#​7210) (39485fc)

Chores

• update 'global' package in dependencies (#​7213) (cb1d29b)
• update node/nvmrc and various dependencies (#​7221) (90f3e39), closes #​7216 #​6933 #​6924 #​7179

7.12.1 (2021-04-13)

Bug Fixes

• package: remove remove (#​7177) (9abba58), closes #​7176
• package: update vtt.js to allow server-side-rendering (#​7178) (a3bfeb7)
• package: upgrade VHS to 2.7.1 (#​7174) (f0d69cd)

v7.12.1

Compare Source

Features

• Add helper classes for 9:16 and 1:1 (#​7219) (35ad17a)
• Add normalizeAutoplay option to treat autoplay: true as autoplay: "play" (#​7190) (b4ad93a)
• Add option to use full window mode instead of using tech's fullscreen (#​7218) (b86f083)
• update to VHS@​2.9.0 and mpd-parser@​0.17.0 (#​7269) (2ea05b4)
• package: add VHS deps as Video.js deps (#​7263) (39de502), closes #​7091 #​7209 #​7144 #​7109
• player: Add playbackRates() method (#​7228) (6259ef7), closes #​7198

Documentation

• Fix typo in CONTRIBUTING.md (#​7260) (380a9b5)

7.12.4 (2021-06-02)

Bug Fixes

• allow Video.js to be required in an env without setTimeout (#​7247) (8082c5a)
• player: accept data for fullscreenchange and error events from the tech (#​7254) ([41d5eb3](https://redirect.github.com/videoj

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: npm-shrinkwrap.json