fix(deps): update npm - website - website/package.json

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Change	Age	Confidence
axios (source)	^1.11.0 -> ^1.12.2
eslint (source)	^9.35.0 -> ^9.36.0
react-player	^3.3.2 -> ^3.3.3

---

Release Notes

axios/axios (axios)

v1.12.2

Compare Source

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

v1.12.1

Compare Source

Bug Fixes

• types: fixed env config types; (#​7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

v1.12.0

Compare Source

Bug Fixes

• adding build artifacts (9ec86de)
• dont add dist on release (a2edc36)
• fetch-adapter: set correct Content-Type for Node FormData (#​6998) (a9f47af)
• node: enforce maxContentLength for data: URLs (#​7011) (945435f)
• package exports (#​5627) (aa78ac2)
• params: removing '[' and ']' from URL encode exclude characters (#​3316) (#​5715) (6d84189)
• release pr run (fd7f404)
• types: change the type guard on isCancel (#​5595) (0dbb7fd)

Features

• adapter: surface low‑level network error details; attach original error via cause (#​6982) (78b290c)
• fetch: add fetch, Request, Response env config variables for the adapter; (#​7003) (c959ff2)
• support reviver on JSON.parse (#​5926) (2a97634), closes #​5924
• types: extend AxiosResponse interface to include custom headers type (#​6782) (7960d34)

Contributors to this release

• Willian Agostini
• Dmitriy Mozgovoy
• khani
• Ameer Assadi
• Emiedonmokumo Dick-Boro
• Zeroday BYTE
• Jason Saayman
• 최예찬
• Gligor Kotushevski
• Aleksandar Dimitrov

eslint/eslint (eslint)

v9.36.0

Compare Source

cookpete/react-player (react-player)

v3.3.3

Compare Source

• fix: upgrade deps + fix hls config bug #1977

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	5440c80
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/68d3ba96856b770008f84199

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

website/yarn.lock

Package	Version	License	Issue Type
dash-video-element	0.2.0	Null	Unknown License
hls-video-element	1.5.8	Null	Unknown License

Allowed Licenses: MIT, MIT-0, Apache-2.0, BSD-3-Clause, BSD-3-Clause-Clear, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0, OFL-1.1, Zlib

Excluded from license check: pkg:npm/caniuse-lite

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/axios	^1.12.2	🟢 5.7	Details Check Score Reason Maintained 🟢 10 24 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 4 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 19/22 approved changesets -- score normalized to 8 License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 46 existing vulnerabilities detected
npm/eslint	^9.36.0	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/react-player	^3.3.3	🟢 4.4	Details Check Score Reason Maintained 🟢 10 20 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@eslint/js	9.36.0	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/@mux/mux-player	3.6.0	🟢 5	Details Check Score Reason Code-Review 🟢 6 Found 16/23 approved changesets -- score normalized to 6 Maintained 🟢 10 28 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 18 existing vulnerabilities detected
npm/@mux/mux-player-react	3.6.0	🟢 5	Details Check Score Reason Code-Review 🟢 6 Found 16/23 approved changesets -- score normalized to 6 Maintained 🟢 10 28 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 18 existing vulnerabilities detected
npm/@mux/mux-video	0.27.0	🟢 5	Details Check Score Reason Code-Review 🟢 6 Found 16/23 approved changesets -- score normalized to 6 Maintained 🟢 10 28 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 18 existing vulnerabilities detected
npm/@mux/playback-core	0.31.0	🟢 5	Details Check Score Reason Code-Review 🟢 6 Found 16/23 approved changesets -- score normalized to 6 Maintained 🟢 10 28 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 18 existing vulnerabilities detected
npm/axios	1.12.2	🟢 5.7	Details Check Score Reason Maintained 🟢 10 24 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 4 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 19/22 approved changesets -- score normalized to 8 License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 46 existing vulnerabilities detected
npm/dash-video-element	0.2.0	Unknown	Unknown
npm/eslint	9.36.0	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/hls-video-element	1.5.8	Unknown	Unknown
npm/media-chrome	4.13.1	🟢 4.4	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 4 Found 14/30 approved changesets -- score normalized to 4 Maintained 🟢 10 18 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected
npm/player.style	0.2.0	Unknown	Unknown
npm/react-player	3.3.3	🟢 4.4	Details Check Score Reason Maintained 🟢 10 20 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 6 4 existing vulnerabilities detected

Scanned Files

• website/package.json
• website/yarn.lock

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.87%. Comparing base (f8e7ffa) to head (5440c80).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1208   +/-   ##
=======================================
  Coverage   83.87%   83.87%           
=======================================
  Files          68       68           
  Lines        2908     2908           
  Branches      367      367           
=======================================
  Hits         2439     2439           
  Misses        409      409           
  Partials       60       60           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.