mirror of
https://github.com/ZoneMinder/zoneminder.git
synced 2026-06-22 20:50:06 -04:00
54c8f38e85
Primary change: remove web/js/hls-1.6.13/hls-demo.js (+ its source map), the upstream demo bundle. It is referenced nowhere in the web interface and is the source of four CodeQL alerts (js/xss-through-dom, js/incomplete-sanitization, js/redos: #262-#265). Optional cleanup (can be dropped from this PR if maintainers prefer to keep the full dist): the directory also shipped alternate builds that the web interface never loads. The interface only loads hls.min.js (watch.php, cycle.php, montage.php). Also removed: - hls.js, hls.light.*, hls.mjs, hls.light.mjs (+ maps): alternate full/light/ESM builds; we use the full minified UMD build - hls.worker.js (+ map): standalone transmuxer worker. hls.min.js inlines the worker via a Blob URL and only loads an external worker when config.workerPath is set; ZM never sets it, so it is never fetched - hls.d.mts, hls.d.ts, hls.js.d.ts: TypeScript declarations, dev-only Keeps hls.min.js and its source map. The demo removal alone clears #262-#265; trimming the unused builds additionally clears the js/insecure-randomness alerts in them (#258-#261). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>