fix: bump castable-video from 1.1.13 to 1.1.16 in the prod-dependencies group across 1 directory#1329
Conversation
dependabot
Bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/prod-dependencies-7315b6fb57
branch
from
792ce91 to
1db2b0b
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 1db2b0b. Configure here.
| "@mux/playback-core": "0.35.0", | ||
| "@types/google_interactive_media_ads_types": "^3.697.0", | ||
| "castable-video": "~1.1.13", | ||
| "castable-video": "^1.1.16", |
There was a problem hiding this comment.
Version specifier mismatch between package.json and lock file
Medium Severity
The castable-video specifier in packages/mux-video/package.json uses tilde (~1.1.16, patch-only updates) but the corresponding entry in package-lock.json uses caret (^1.1.16, minor+patch updates). This mismatch can cause npm install to report the lockfile as out of sync or resolve a different version range than intended.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 1db2b0b. Configure here.
Bumps the prod-dependencies group with 1 update in the / directory: [castable-video](https://github.com/muxinc/media-elements/tree/HEAD/packages/castable-video). Updates `castable-video` from 1.1.13 to 1.1.16 - [Release notes](https://github.com/muxinc/media-elements/releases) - [Changelog](https://github.com/muxinc/media-elements/blob/main/packages/castable-video/CHANGELOG.md) - [Commits](https://github.com/muxinc/media-elements/commits/castable-video@1.1.16/packages/castable-video) --- updated-dependencies: - dependency-name: castable-video dependency-version: 1.1.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/prod-dependencies-7315b6fb57
branch
from
1db2b0b to
41dca1f
Compare
Bumps the prod-dependencies group with 1 update in the / directory: castable-video.
Updates
castable-videofrom 1.1.13 to 1.1.16Release notes
Sourced from castable-video's releases.
Changelog
Sourced from castable-video's changelog.
Commits
a88988cchore: release main (#245)d27f204fix: use private field in #castPlayer getter to avoid side effects (#244)5bd38f0chore: release main (#240)7271ee3fix: format castable mixin2dc069bchore: release main (#231)a547dc2fix: correct hlsSegmentFormat for HLS streams with AAC audio in castable-vide...502bf40Revert castable video fix for convention commit (#233)039b0cffix correct hlsSegmentFormat for HLS streams with AAC audio in castable-video...Note
Low Risk
Low risk dependency bump limited to
castable-video; behavior changes are confined to the underlying cast integration and should mainly affect Chromecast-related playback.Overview
Updates the
castable-videoproduction dependency from1.1.13to1.1.16for@mux/mux-video, and refreshespackage-lock.jsonto resolve the new version.Also adjusts the lockfile’s
@mux/mux-videodependency spec to allow^1.1.16(whilepackages/mux-video/package.jsonpins~1.1.16).Reviewed by Cursor Bugbot for commit 41dca1f. Bugbot is set up for automated code reviews on this repo. Configure here.