Skip to content

chore(package): bump rollup to ^2.80.0 to fix DOM clobbering vulnerability#90

Open
Jerricho93 wants to merge 2 commits into
videojs:mainfrom
Jerricho93:fix/security-vulnerabilities
Open

chore(package): bump rollup to ^2.80.0 to fix DOM clobbering vulnerability#90
Jerricho93 wants to merge 2 commits into
videojs:mainfrom
Jerricho93:fix/security-vulnerabilities

Conversation

@Jerricho93

Copy link
Copy Markdown

Description

Fix security vulnerability in npm dependencies.

rollup was on a range that included versions <=2.79.2, which are affected by a DOM clobbering vulnerability (high severity). Bumped to ^2.80.0.

Specific Changes proposed

  • Bump rollup from ^2.38.0 to ^2.80.0 in devDependencies

Requirements Checklist

  • Feature implemented / Bug fixed
  • Unit Tests updated or fixed
  • Docs/guides updated
  • Reviewed by Two Core Contributors

…ility

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@mister-ben

Copy link
Copy Markdown
Contributor

In other repos, disabling apparmor resolved the issue with Chrome headless in tests. e.g. videojs/vhs-utils/pull/46

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Jerricho93

Copy link
Copy Markdown
Author

Addressed it, let me know if I missed any repo!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants