fix: bump media-chrome from 4.17.2 to 4.18.3 in the prod-dependencies group across 1 directory#1301
Conversation
dependabot
bot
added
dependencies
dependabot
bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Bumps the prod-dependencies group with 1 update in the / directory: [media-chrome](https://github.com/muxinc/media-chrome). Updates `media-chrome` from 4.17.2 to 4.18.3 - [Release notes](https://github.com/muxinc/media-chrome/releases) - [Changelog](https://github.com/muxinc/media-chrome/blob/main/CHANGELOG.md) - [Commits](muxinc/media-chrome@v4.17.2...v4.18.3) --- updated-dependencies: - dependency-name: media-chrome dependency-version: 4.18.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/prod-dependencies-fc5ef09929
branch
from
fe4f602 to
a3efbbb
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit a3efbbb. Configure here.
| "@mux/mux-video": "0.30.5", | ||
| "@mux/playback-core": "0.33.3", | ||
| "media-chrome": "~4.18.3", | ||
| "media-chrome": "^4.18.3", |
There was a problem hiding this comment.
Tilde to caret version range widens dependency scope
Medium Severity
The media-chrome version range in packages/mux-player/package.json changed from ~4.18.3 (tilde) to ^4.18.3 (caret). The tilde restricts to patch updates (>=4.18.3 <4.19.0), while the caret allows all minor updates (>=4.18.3 <5.0.0). Since mux-player is a published package, this widens the versions consumers may resolve, risking compatibility issues with future minor releases. Other packages in the ecosystem (e.g., player.style) also use ~ for media-chrome, suggesting the tighter constraint was intentional.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit a3efbbb. Configure here.
Bumps the prod-dependencies group with 1 update in the / directory: media-chrome.
Updates
media-chromefrom 4.17.2 to 4.18.3Release notes
Sourced from media-chrome's releases.
Changelog
Sourced from media-chrome's changelog.
Commits
3a0d581chore(release): 4.18.3efb3721docs(CHANGELOG): 4.18.380a4cd6fix: Re associate element on reconnect (#1277)31130f6chore(release): 4.18.2b5731cadocs(CHANGELOG): 4.18.2b380873fix: Patch Memory Leaks (#1273)8a5835bchore(release): 4.18.15ad6254docs(CHANGELOG): 4.18.1897f4e9fix: Add observed attributes for live (#1272)6227c5ffix: hotkeys properties support (#1266)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for media-chrome since your current version.
Note
Low Risk
Low risk dependency-only change; main impact is pulling a newer
media-chromeversion and allowing compatible minor/patch updates via the updated semver range.Overview
Updates
media-chrometo4.18.3in the Next.js TypeScript example and inpackages/mux-player.Also changes
@mux/mux-player’smedia-chromedependency from~4.18.3to^4.18.3, and refreshespackage-lock.jsonto reflect the new resolved version/integrity.Reviewed by Cursor Bugbot for commit a3efbbb. Bugbot is set up for automated code reviews on this repo. Configure here.