Tags: EpicGames/PixelStreamingInfrastructure
Tags
build(react): drop experiments.futureDefaults from webpack config webpack 5.10x enables a native TypeScript experiment and changes html-loader/asset resolution under futureDefaults, breaking the .tsx/JSX build. ts-loader already handles .tsx, so the flag is unnecessary.
Updated NPM changelogs (#928) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
build(react): drop experiments.futureDefaults from webpack config webpack 5.10x enables a native TypeScript experiment and changes html-loader/asset resolution under futureDefaults, breaking the .tsx/JSX build. ts-loader already handles .tsx, so the flag is unnecessary.
chore: update org references from EpicGamesExt to EpicGames (#901) (#904 ) * chore(ci): update org references from EpicGamesExt to EpicGames The repo moved from the EpicGamesExt org to EpicGames. Workflow guards (github.repository ==) and the backport repoOwner are runtime string comparisons that the URL redirect does not cover, so they were silently skipping jobs / targeting the old org. Update them to the new org slug. * chore: update org references in scripts and source comments Swap EpicGamesExt -> EpicGames in the coturn download URLs (bash/cmd scripts) and two source-code comment links. URL redirects cover these, but updating keeps them pointing at the canonical org. * chore: update package.json repository urls to EpicGames org Point each package's repository.url at the EpicGames org. Beyond metadata accuracy, npm OIDC trusted publishing matches on repository.url, so these should reflect the canonical org. * docs: update org references from EpicGamesExt to EpicGames Point repository links in READMEs and other prose docs at the canonical EpicGames org. Excludes auto-generated API docs (regenerated on build) and historical CHANGELOG entries. (cherry picked from commit 5240e2f) # Conflicts: # README.md
fix(deps): resolve dependabot security alerts (#905) (#906) Address the open dependabot advisories manually: - shell-quote (CRITICAL, GHSA-w7jw-789q-3m8p) -> override ^1.8.4 - ws in SFU (HIGH, GHSA-96hv-2xvq-fx4p) -> SFU dep ^7.5.10 -> ^7.5.11 - tar (GHSA-vmf3-w455-68vh) -> override 7.5.11 -> 7.5.16 - launch-editor (GHSA-v6wh-96g9-6wx3) -> override ^2.14.1 - js-yaml (GHSA-h67p-54hq-rp68) -> scoped override js-yaml@^4 -> ^4.2.0, plus refresh of the standalone Extras/eslint/plugin-check-copyright lock - @babel/core (GHSA-4x5r-pxfx-6jf8) -> override ^7.29.6 The ws advisory only affects the 7.x line, so Common/Signalling/SS_Test stay on v8 (already forced to ^8.20.1 by the existing ws@^8 override); only SFU needed bumping. This avoids the broken dependabot PR #902, which downgraded the v8 packages to v7 and crashed the signalling server. The js-yaml override is deliberately scoped to js-yaml@^4 (not a blanket js-yaml). express-openapi -> openapi-framework depends on js-yaml ^3 and calls the v3-only jsYaml.safeLoad to parse the OpenAPI spec; a blanket ^4.2.0 override force-upgrades it to v4 (safeLoad removed), so OpenAPI route registration throws and /api/status 404s -- which is exactly what broke streaming-test-win. Scoping to ^4 patches the genuinely vulnerable v4 instance while leaving the three v3 consumers (openapi-framework, @istanbuljs/load-nyc-config, read-yaml-file) intact. Those v3 instances remain flagged by the advisory but are not exploitable: all parse trusted local files (the app's own OpenAPI spec, nyc config), never untrusted network input, and no v3 fix exists. (cherry picked from commit d0572cf)
Updated NPM changelogs (#811) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Updated NPM changelogs (#824) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
PreviousNext